Skip to content

V
V8
Commit 164d0d3a authored by Tobias Tebbi's avatar Tobias Tebbi Committed by Commit Bot
Browse files
Options

[torque] fix dangling pointer into std::vector for index fields 

Bug: v8:7793

Change-Id: Id2e03e7d42aeab155572fa9cc3093dcff16f5668
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859622Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64274}
parent def681de
Hide whitespace changes
Inline Side-by-side
Showing with 20 additions and 20 deletions
src/torque/class-debug-reader-generator.cc
View file @ 164d0d3a
......@@ -124,7 +124,7 @@ void GenerateClassDebugReader(const ClassType& type, std::ostream& h_contents,
std::string index_param;
std::string index_offset;
if (field.index) {
const Type* index_type = (*field.index)->name_and_type.type;
const Type* index_type = field.index->type;
std::string index_type_name;
std::string index_value;
if (index_type == TypeOracle::GetSmiType()) {
......@@ -146,7 +146,7 @@ void GenerateClassDebugReader(const ClassType& type, std::ostream& h_contents,
}
get_props_impl << " Value<" << index_type_name
<< "> indexed_field_count = Get"
<< CamelifyString((*field.index)->name_and_type.name)
<< CamelifyString(field.index->name)
<< "Value(accessor);\n";
indexed_field_info =
", " + index_value + ", GetArrayKind(indexed_field_count.validity)";
......
src/torque/implementation-visitor.cc
View file @ 164d0d3a
......@@ -1205,16 +1205,16 @@ InitializerResults ImplementationVisitor::VisitInitializerResults(
result.names.push_back(initializer.name);
Expression* e = initializer.expression;
const Field& field = class_type->LookupField(initializer.name->value);
auto field_index = field.index;
bool has_index = field.index.has_value();
if (SpreadExpression* s = SpreadExpression::DynamicCast(e)) {
if (!field_index) {
if (!has_index) {
ReportError(
"spread expressions can only be used to initialize indexed class "
"fields ('",
initializer.name->value, "' is not)");
}
e = s->spreadee;
} else if (field_index) {
} else if (has_index) {
ReportError("the indexed class field '", initializer.name->value,
"' must be initialized with a spread operator");
}
......@@ -1252,7 +1252,7 @@ void ImplementationVisitor::InitializeClass(
void ImplementationVisitor::InitializeFieldFromSpread(
VisitResult object, const Field& field,
const InitializerResults& initializer_results) {
NameAndType index = (*field.index)->name_and_type;
const NameAndType& index = *field.index;
VisitResult iterator =
initializer_results.field_value_map.at(field.name_and_type.name);
VisitResult length = initializer_results.field_value_map.at(index.name);
......@@ -1280,15 +1280,14 @@ VisitResult ImplementationVisitor::AddVariableObjectSize(
}
VisitResult index_field_size =
VisitResult(TypeOracle::GetConstInt31Type(), "kTaggedSize");
VisitResult initializer_value = initializer_results.field_value_map.at(
(*current_field->index)->name_and_type.name);
VisitResult initializer_value =
initializer_results.field_value_map.at(current_field->index->name);
Arguments args;
args.parameters.push_back(object_size);
args.parameters.push_back(initializer_value);
args.parameters.push_back(index_field_size);
object_size =
GenerateCall("%AddIndexedFieldSizeToObjectSize", args,
{(*current_field->index)->name_and_type.type}, false);
object_size = GenerateCall("%AddIndexedFieldSizeToObjectSize", args,
{current_field->index->type}, false);
}
++current_field;
}
......@@ -1851,12 +1850,12 @@ LocationReference ImplementationVisitor::GetLocationReference(
{
StackScope length_scope(this);
// Get a reference to the length
const Field* index_field = field.index.value();
const NameAndType& index_field = field.index.value();
GenerateCopy(object_result);
assembler().Emit(CreateFieldReferenceInstruction{
object_result.type(), index_field->name_and_type.name});
assembler().Emit(CreateFieldReferenceInstruction{object_result.type(),
index_field.name});
VisitResult length_reference(
TypeOracle::GetReferenceType(index_field->name_and_type.type),
TypeOracle::GetReferenceType(index_field.type),
assembler().TopRange(2));
// Load the length from the reference and convert it to intptr
......@@ -3451,13 +3450,13 @@ void GenerateClassFieldVerifier(const std::string& class_name,
if (!field_type->IsSubtypeOf(TypeOracle::GetObjectType())) return;
if (f.index) {
if ((*f.index)->name_and_type.type != TypeOracle::GetSmiType()) {
if (f.index->type != TypeOracle::GetSmiType()) {
ReportError("Non-SMI values are not (yet) supported as indexes.");
}
// We already verified the index field because it was listed earlier, so we
// can assume it's safe to read here.
cc_contents << " for (int i = 0; i < TaggedField<Smi, " << class_name
<< "::k" << CamelifyString((*f.index)->name_and_type.name)
<< "::k" << CamelifyString(f.index->name)
<< "Offset>::load(o).value(); ++i) {\n";
} else {
cc_contents << " {\n";
......
src/torque/type-visitor.cc
View file @ 164d0d3a
......@@ -288,8 +288,9 @@ void TypeVisitor::VisitClassFieldsAndMethods(
"only one indexable field is currently supported per class");
}
seen_indexed_field = true;
const Field* index_field =
&(class_type->LookupFieldInternal(*field_expression.index));
const NameAndType& index_field =
class_type->LookupFieldInternal(*field_expression.index)
.name_and_type;
class_type->RegisterField(
{field_expression.name_and_type.name->pos,
class_type,
......
src/torque/types.h
View file @ 164d0d3a
......@@ -156,7 +156,7 @@ struct Field {
SourcePosition pos;
const AggregateType* aggregate;
base::Optional<const Field*> index;
base::Optional<NameAndType> index;
NameAndType name_and_type;
size_t offset;
bool is_weak;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment