[torque] fix dangling pointer into std::vector for index fields

Bug: v8:7793 Change-Id: Id2e03e7d42aeab155572fa9cc3093dcff16f5668 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859622Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#64274}

[torque] fix dangling pointer into std::vector for index fields
Bug: v8:7793 Change-Id: Id2e03e7d42aeab155572fa9cc3093dcff16f5668 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859622Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#64274}
164d0d3a · Tobias Tebbi · Commit Bot · def681de · 164d0d3a · 164d0d3a
Commit 164d0d3a authored Oct 14, 2019 by Tobias Tebbi Committed by Commit Bot Oct 14, 2019
4 changed files
--- a/src/torque/class-debug-reader-generator.cc
+++ b/src/torque/class-debug-reader-generator.cc
@@ -124,7 +124,7 @@ void GenerateClassDebugReader(const ClassType& type, std::ostream& h_contents,
    std::string index_param;
    std::string index_offset;
    if (field.index) {
-      const Type* index_type = (*field.index)->name_and_type.type;
+      const Type* index_type = field.index->type;
      std::string index_type_name;
      std::string index_value;
      if (index_type == TypeOracle::GetSmiType()) {
@@ -146,7 +146,7 @@ void GenerateClassDebugReader(const ClassType& type, std::ostream& h_contents,
      }
      get_props_impl << "  Value<" << index_type_name
                     << "> indexed_field_count = Get"
-                     << CamelifyString((*field.index)->name_and_type.name)
+                     << CamelifyString(field.index->name)
                     << "Value(accessor);\n";
      indexed_field_info =
          ", " + index_value + ", GetArrayKind(indexed_field_count.validity)";

--- a/src/torque/implementation-visitor.cc
+++ b/src/torque/implementation-visitor.cc
@@ -1205,16 +1205,16 @@ InitializerResults ImplementationVisitor::VisitInitializerResults(
    result.names.push_back(initializer.name);
    Expression* e = initializer.expression;
    const Field& field = class_type->LookupField(initializer.name->value);
-    auto field_index = field.index;
+    bool has_index = field.index.has_value();
    if (SpreadExpression* s = SpreadExpression::DynamicCast(e)) {
-      if (!field_index) {
+      if (!has_index) {
        ReportError(
            "spread expressions can only be used to initialize indexed class "
            "fields ('",
            initializer.name->value, "' is not)");
      }
      e = s->spreadee;
-    } else if (field_index) {
+    } else if (has_index) {
      ReportError("the indexed class field '", initializer.name->value,
                  "' must be initialized with a spread operator");
    }
@@ -1252,7 +1252,7 @@ void ImplementationVisitor::InitializeClass(
 void ImplementationVisitor::InitializeFieldFromSpread(
    VisitResult object, const Field& field,
    const InitializerResults& initializer_results) {
-  NameAndType index = (*field.index)->name_and_type;
+  const NameAndType& index = *field.index;
  VisitResult iterator =
      initializer_results.field_value_map.at(field.name_and_type.name);
  VisitResult length = initializer_results.field_value_map.at(index.name);
@@ -1280,15 +1280,14 @@ VisitResult ImplementationVisitor::AddVariableObjectSize(
        }
        VisitResult index_field_size =
            VisitResult(TypeOracle::GetConstInt31Type(), "kTaggedSize");
-        VisitResult initializer_value = initializer_results.field_value_map.at(
+        VisitResult initializer_value =
-            (*current_field->index)->name_and_type.name);
+            initializer_results.field_value_map.at(current_field->index->name);
        Arguments args;
        args.parameters.push_back(object_size);
        args.parameters.push_back(initializer_value);
        args.parameters.push_back(index_field_size);
-        object_size =
+        object_size = GenerateCall("%AddIndexedFieldSizeToObjectSize", args,
-            GenerateCall("%AddIndexedFieldSizeToObjectSize", args,
+                                   {current_field->index->type}, false);
-                         {(*current_field->index)->name_and_type.type}, false);
      }
      ++current_field;
    }
@@ -1851,12 +1850,12 @@ LocationReference ImplementationVisitor::GetLocationReference(
        {
          StackScope length_scope(this);
          // Get a reference to the length
-          const Field* index_field = field.index.value();
+          const NameAndType& index_field = field.index.value();
          GenerateCopy(object_result);
-          assembler().Emit(CreateFieldReferenceInstruction{
+          assembler().Emit(CreateFieldReferenceInstruction{object_result.type(),
-              object_result.type(), index_field->name_and_type.name});
+                                                           index_field.name});
          VisitResult length_reference(
-              TypeOracle::GetReferenceType(index_field->name_and_type.type),
+              TypeOracle::GetReferenceType(index_field.type),
              assembler().TopRange(2));
          // Load the length from the reference and convert it to intptr
@@ -3451,13 +3450,13 @@ void GenerateClassFieldVerifier(const std::string& class_name,
  if (!field_type->IsSubtypeOf(TypeOracle::GetObjectType())) return;
  if (f.index) {
-    if ((*f.index)->name_and_type.type != TypeOracle::GetSmiType()) {
+    if (f.index->type != TypeOracle::GetSmiType()) {
      ReportError("Non-SMI values are not (yet) supported as indexes.");
    }
    // We already verified the index field because it was listed earlier, so we
    // can assume it's safe to read here.
    cc_contents << "  for (int i = 0; i < TaggedField<Smi, " << class_name
-                << "::k" << CamelifyString((*f.index)->name_and_type.name)
+                << "::k" << CamelifyString(f.index->name)
                << "Offset>::load(o).value(); ++i) {\n";
  } else {
    cc_contents << "  {\n";

--- a/src/torque/type-visitor.cc
+++ b/src/torque/type-visitor.cc
@@ -288,8 +288,9 @@ void TypeVisitor::VisitClassFieldsAndMethods(
            "only one indexable field is currently supported per class");
      }
      seen_indexed_field = true;
-      const Field* index_field =
+      const NameAndType& index_field =
-          &(class_type->LookupFieldInternal(*field_expression.index));
+          class_type->LookupFieldInternal(*field_expression.index)
+              .name_and_type;
      class_type->RegisterField(
          {field_expression.name_and_type.name->pos,
           class_type,

--- a/src/torque/types.h
+++ b/src/torque/types.h
@@ -156,7 +156,7 @@ struct Field {
  SourcePosition pos;
  const AggregateType* aggregate;
-  base::Optional<const Field*> index;
+  base::Optional<NameAndType> index;
  NameAndType name_and_type;
  size_t offset;
  bool is_weak;