AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
cfd32bee74
v8/src/compiler/graph.cc
Georg Neis 35d8b9a548 [turbofan] Protect against overflow of node id and input index field 
- Check validity of node id in Node constructor.
- Turn overflow check in NextNodeId() into debug check only, since that
  is not checking the interesting overflow anyway.
- Increase width of Use::InlineCountField to use all available bits.

Bug: chromium:1003286
Change-Id: I59af68e29a466e151f7048e1f15bd56d3fa58e5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813019
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63897}
2019-09-19 16:02:36 +00:00

82 lines
2.1 KiB
C++
Raw Blame History

// Copyright 2013 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "src/compiler/graph.h"
#include <algorithm>
#include "src/base/bits.h"
#include "src/compiler/graph-visualizer.h"
#include "src/compiler/node-properties.h"
#include "src/compiler/node.h"
#include "src/compiler/verifier.h"
namespace v8 {
namespace internal {
namespace compiler {
Graph::Graph(Zone* zone)
: zone_(zone),
start_(nullptr),
end_(nullptr),
mark_max_(0),
next_node_id_(0),
decorators_(zone) {}
void Graph::Decorate(Node* node) {
for (GraphDecorator* const decorator : decorators_) {
decorator->Decorate(node);
}
}
void Graph::AddDecorator(GraphDecorator* decorator) {
decorators_.push_back(decorator);
}
void Graph::RemoveDecorator(GraphDecorator* decorator) {
auto const it = std::find(decorators_.begin(), decorators_.end(), decorator);
DCHECK(it != decorators_.end());
decorators_.erase(it);
}
Node* Graph::NewNode(const Operator* op, int input_count, Node* const* inputs,
bool incomplete) {
Node* node = NewNodeUnchecked(op, input_count, inputs, incomplete);
Verifier::VerifyNode(node);
return node;
}
Node* Graph::NewNodeUnchecked(const Operator* op, int input_count,
Node* const* inputs, bool incomplete) {
Node* const node =
Node::New(zone(), NextNodeId(), op, input_count, inputs, incomplete);
Decorate(node);
return node;
}
Node* Graph::CloneNode(const Node* node) {
DCHECK_NOT_NULL(node);
Node* const clone = Node::Clone(zone(), NextNodeId(), node);
Decorate(clone);
return clone;
}
NodeId Graph::NextNodeId() {
// A node's id is internally stored in a bit field using fewer bits than
// NodeId (see Node::IdField). Hence the addition below won't ever overflow.
DCHECK_LT(next_node_id_, std::numeric_limits<NodeId>::max());
return next_node_id_++;
}
void Graph::Print() const { StdoutStream{} << AsRPO(*this); }
} // namespace compiler
} // namespace internal
} // namespace v8
Reference in New Issue View Git Blame Copy Permalink