From 4e9adf7cd9e89d6fdb727cf5860f32b4a44098e2 Mon Sep 17 00:00:00 2001 From: Ross McIlroy Date: Mon, 10 Apr 2017 14:23:32 +0100 Subject: [PATCH] Merged: [Interpreter] Add check that local registers are valid. Revision: a4c6126a836bae6af70220ce90386d322885e958 BUG=chromium:706234 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true Change-Id: I7bcdc5788373be211c5c563dd974627eedd06719 Reviewed-on: https://chromium-review.googlesource.com/472629 Reviewed-by: Leszek Swirski Cr-Commit-Position: refs/branch-heads/5.8@{#53} Cr-Branched-From: eda659cc5e307f20ac1ad542ba12ab32eaf4c7ef-refs/heads/5.8.283@{#1} Cr-Branched-From: 4310cd02d2160b1457baed81a2f40063eb264a21-refs/heads/master@{#43429} --- src/interpreter/bytecode-array-builder.cc | 6 ++++++ src/interpreter/bytecode-array-builder.h | 1 + src/interpreter/bytecode-generator.cc | 8 ++++---- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/interpreter/bytecode-array-builder.cc b/src/interpreter/bytecode-array-builder.cc index 5e58f9613d3..c327fb7cd82 100644 --- a/src/interpreter/bytecode-array-builder.cc +++ b/src/interpreter/bytecode-array-builder.cc @@ -71,6 +71,12 @@ Register BytecodeArrayBuilder::Parameter(int parameter_index) const { return Register::FromParameterIndex(parameter_index, parameter_count()); } +Register BytecodeArrayBuilder::Local(int index) const { + // TODO(marja): Make a DCHECK once crbug.com/706234 is fixed. + CHECK_LT(index, locals_count()); + return Register(index); +} + Handle BytecodeArrayBuilder::ToBytecodeArray(Isolate* isolate) { DCHECK(return_seen_in_block_); DCHECK(!bytecode_generated_); diff --git a/src/interpreter/bytecode-array-builder.h b/src/interpreter/bytecode-array-builder.h index 6c09f5cdf40..0a10c1f485c 100644 --- a/src/interpreter/bytecode-array-builder.h +++ b/src/interpreter/bytecode-array-builder.h @@ -71,6 +71,7 @@ class V8_EXPORT_PRIVATE BytecodeArrayBuilder final return register_allocator()->maximum_register_count(); } + Register Local(int index) const; Register Parameter(int parameter_index) const; // Constant loads to accumulator. diff --git a/src/interpreter/bytecode-generator.cc b/src/interpreter/bytecode-generator.cc index 038c031ab27..0310509fde6 100644 --- a/src/interpreter/bytecode-generator.cc +++ b/src/interpreter/bytecode-generator.cc @@ -892,7 +892,7 @@ void BytecodeGenerator::VisitVariableDeclaration(VariableDeclaration* decl) { } case VariableLocation::LOCAL: if (variable->binding_needs_init()) { - Register destination(variable->index()); + Register destination(builder()->Local(variable->index())); builder()->LoadTheHole().StoreAccumulatorInRegister(destination); } break; @@ -1918,7 +1918,7 @@ void BytecodeGenerator::BuildVariableLoad(Variable* variable, FeedbackSlot slot, TypeofMode typeof_mode) { switch (variable->location()) { case VariableLocation::LOCAL: { - Register source(Register(variable->index())); + Register source(builder()->Local(variable->index())); // We need to load the variable into the accumulator, even when in a // VisitForRegisterScope, in order to avoid register aliasing if // subsequent expressions assign to the same variable. @@ -2112,9 +2112,9 @@ void BytecodeGenerator::BuildVariableAssignment(Variable* variable, case VariableLocation::LOCAL: { Register destination; if (VariableLocation::PARAMETER == variable->location()) { - destination = Register(builder()->Parameter(variable->index() + 1)); + destination = builder()->Parameter(variable->index() + 1); } else { - destination = Register(variable->index()); + destination = builder()->Local(variable->index()); } if (hole_check_mode == HoleCheckMode::kRequired) {