[builtins] Fix Array.p.join overflow detection

Additionally, introduce IntPtrDiv to CodeAssembler. Change-Id: I9396f77b90a2fadb0179028d44475e616be3d081 Reviewed-on: https://chromium-review.googlesource.com/c/1285400 Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#56776}

[builtins] Fix Array.p.join overflow detection
Additionally, introduce IntPtrDiv to CodeAssembler. Change-Id: I9396f77b90a2fadb0179028d44475e616be3d081 Reviewed-on: https://chromium-review.googlesource.com/c/1285400 Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#56776}
350af13c · peterwmwong · Commit Bot · 4d0a85ee · 350af13c · 350af13c
Commit 350af13c authored Oct 18, 2018 by peterwmwong Committed by Commit Bot Oct 18, 2018
7 changed files
--- a/src/builtins/array-join.tq
+++ b/src/builtins/array-join.tq
@@ -159,7 +159,7 @@ module array {
  }
  macro BufferAdd(implicit context: Context)(
-      initialBuffer: Buffer, str: String, nofSeparators: uintptr,
+      initialBuffer: Buffer, str: String, nofSeparators: intptr,
      separatorLength: intptr): Buffer {
    let buffer: Buffer = initialBuffer;
    // Add separators if necessary (at the beginning or more than one)
@@ -178,14 +178,15 @@ module array {
  }
  macro BufferAddSeparators(implicit context: Context)(
-      buffer: Buffer, nofSeparators: uintptr, separatorLength: intptr,
+      buffer: Buffer, nofSeparators: intptr, separatorLength: intptr,
      write: bool): Buffer {
    if (nofSeparators == 0 || separatorLength == 0) return buffer;
-    const nofSeparatorsInt: intptr = Signed(nofSeparators);
+    const nofSeparatorsInt: intptr = nofSeparators;
    const sepsLen: intptr = separatorLength * nofSeparatorsInt;
    // Detect integer overflow
-    if (nofSeparatorsInt <= 0 || sepsLen <= 0) deferred {
+    // TODO(tebbi): Replace with overflow-checked multiplication.
+    if (sepsLen / separatorLength != nofSeparatorsInt) deferred {
        ThrowRangeError(context, kInvalidStringLength);
      }
@@ -225,14 +226,14 @@ module array {
    const initialMap: Map = receiver.map;
    const len: uintptr = Convert<uintptr>(lengthNumber);
    const separatorLength: intptr = sep.length;
-    let nofSeparators: uintptr = 0;
+    let nofSeparators: intptr = 0;
    let loadJoinElements: LoadJoinElementFn = initialLoadJoinElement;
    let buffer: Buffer = BufferInit(estimatedNonHoleyElements, sep);
-    // 6. Let k be 0.
-    let k: uintptr = 0;
    if (estimatedNonHoleyElements != 0) {
+      // 6. Let k be 0.
+      let k: uintptr = 0;
      // 7. Repeat, while k < len
      while (k < len) {
        if (k > 0) {
@@ -288,8 +289,7 @@ module array {
        nofSeparators = 0;
      }
    } else {
-      assert(len > k);
+      nofSeparators = Signed(len - 1);
-      nofSeparators = len - k - 1;
    }
    // Add any separators at the end.

--- a/src/builtins/base.tq
+++ b/src/builtins/base.tq
@@ -355,6 +355,7 @@ extern operator '<<' macro SmiShl(Smi, constexpr int31): Smi;
 extern operator '+' macro IntPtrAdd(intptr, intptr): intptr;
 extern operator '-' macro IntPtrSub(intptr, intptr): intptr;
 extern operator '*' macro IntPtrMul(intptr, intptr): intptr;
+extern operator '/' macro IntPtrDiv(intptr, intptr): intptr;
 extern operator '<<' macro WordShl(intptr, intptr): intptr;
 extern operator '&' macro WordAnd(intptr, intptr): intptr;
 extern operator '|' macro WordOr(intptr, intptr): intptr;

--- a/src/compiler/code-assembler.cc
+++ b/src/compiler/code-assembler.cc
@@ -514,6 +514,23 @@ TNode<WordT> CodeAssembler::IntPtrAdd(SloppyTNode<WordT> left,
  return UncheckedCast<WordT>(raw_assembler()->IntPtrAdd(left, right));
 }
+TNode<IntPtrT> CodeAssembler::IntPtrDiv(TNode<IntPtrT> left,
+                                        TNode<IntPtrT> right) {
+  intptr_t left_constant;
+  bool is_left_constant = ToIntPtrConstant(left, left_constant);
+  intptr_t right_constant;
+  bool is_right_constant = ToIntPtrConstant(right, right_constant);
+  if (is_right_constant) {
+    if (is_left_constant) {
+      return IntPtrConstant(left_constant / right_constant);
+    }
+    if (base::bits::IsPowerOfTwo(right_constant)) {
+      return WordSar(left, WhichPowerOf2(right_constant));
+    }
+  }
+  return UncheckedCast<IntPtrT>(raw_assembler()->IntPtrDiv(left, right));
+}
 TNode<WordT> CodeAssembler::IntPtrSub(SloppyTNode<WordT> left,
                                      SloppyTNode<WordT> right) {
  intptr_t left_constant;

--- a/src/compiler/code-assembler.h
+++ b/src/compiler/code-assembler.h
@@ -884,6 +884,10 @@ class V8_EXPORT_PRIVATE CodeAssembler {
    return UncheckedCast<IntPtrT>(
        WordShr(static_cast<Node*>(left), static_cast<Node*>(right)));
  }
+  TNode<IntPtrT> WordSar(TNode<IntPtrT> left, TNode<IntegralT> right) {
+    return UncheckedCast<IntPtrT>(
+        WordSar(static_cast<Node*>(left), static_cast<Node*>(right)));
+  }
  TNode<IntPtrT> WordAnd(TNode<IntPtrT> left, TNode<IntPtrT> right) {
    return UncheckedCast<IntPtrT>(
@@ -946,6 +950,7 @@ class V8_EXPORT_PRIVATE CodeAssembler {
  }
  TNode<WordT> IntPtrAdd(SloppyTNode<WordT> left, SloppyTNode<WordT> right);
+  TNode<IntPtrT> IntPtrDiv(TNode<IntPtrT> left, TNode<IntPtrT> right);
  TNode<WordT> IntPtrSub(SloppyTNode<WordT> left, SloppyTNode<WordT> right);
  TNode<WordT> IntPtrMul(SloppyTNode<WordT> left, SloppyTNode<WordT> right);
  TNode<IntPtrT> IntPtrAdd(TNode<IntPtrT> left, TNode<IntPtrT> right) {
@@ -975,6 +980,9 @@ class V8_EXPORT_PRIVATE CodeAssembler {
  TNode<IntPtrT> WordShr(TNode<IntPtrT> value, int shift) {
    return UncheckedCast<IntPtrT>(WordShr(static_cast<Node*>(value), shift));
  }
+  TNode<IntPtrT> WordSar(TNode<IntPtrT> value, int shift) {
+    return UncheckedCast<IntPtrT>(WordSar(static_cast<Node*>(value), shift));
+  }
  TNode<Word32T> Word32Shr(SloppyTNode<Word32T> value, int shift);
  TNode<WordT> WordOr(SloppyTNode<WordT> left, SloppyTNode<WordT> right);

--- a/test/unittests/compiler/code-assembler-unittest.cc
+++ b/test/unittests/compiler/code-assembler-unittest.cc
@@ -126,6 +126,44 @@ TARGET_TEST_F(CodeAssemblerTest, IntPtrMul) {
  }
 }
+TARGET_TEST_F(CodeAssemblerTest, IntPtrDiv) {
+  CodeAssemblerTestState state(this);
+  CodeAssemblerForTest m(&state);
+  {
+    TNode<IntPtrT> a = m.UncheckedCast<IntPtrT>(m.Parameter(0));
+    TNode<IntPtrT> b = m.IntPtrConstant(100);
+    TNode<IntPtrT> div = m.IntPtrDiv(a, b);
+    EXPECT_THAT(div, IsIntPtrDiv(Matcher<Node*>(a), Matcher<Node*>(b)));
+  }
+  // x / 1  => x
+  {
+    TNode<IntPtrT> a = m.UncheckedCast<IntPtrT>(m.Parameter(0));
+    TNode<IntPtrT> b = m.IntPtrConstant(1);
+    TNode<IntPtrT> div = m.IntPtrDiv(a, b);
+    EXPECT_THAT(div, a);
+  }
+  // CONST_a / CONST_b  => CONST_c
+  {
+    TNode<IntPtrT> a = m.IntPtrConstant(100);
+    TNode<IntPtrT> b = m.IntPtrConstant(5);
+    TNode<IntPtrT> div = m.IntPtrDiv(a, b);
+    EXPECT_THAT(div, IsIntPtrConstant(20));
+  }
+  {
+    TNode<IntPtrT> a = m.IntPtrConstant(100);
+    TNode<IntPtrT> b = m.IntPtrConstant(5);
+    TNode<IntPtrT> div = m.IntPtrDiv(a, b);
+    EXPECT_THAT(div, IsIntPtrConstant(20));
+  }
+  // x / 2^CONST  => x >> CONST
+  {
+    TNode<IntPtrT> a = m.UncheckedCast<IntPtrT>(m.Parameter(0));
+    TNode<IntPtrT> b = m.IntPtrConstant(1 << 3);
+    TNode<IntPtrT> div = m.IntPtrDiv(a, b);
+    EXPECT_THAT(div, IsWordSar(Matcher<Node*>(a), IsIntPtrConstant(3)));
+  }
+}
 TARGET_TEST_F(CodeAssemblerTest, WordShl) {
  CodeAssemblerTestState state(this);
  CodeAssemblerForTest m(&state);

--- a/test/unittests/compiler/node-test-utils.cc
+++ b/test/unittests/compiler/node-test-utils.cc
@@ -2152,6 +2152,7 @@ IS_BINOP_MATCHER(Word64Equal)
 IS_BINOP_MATCHER(Int32AddWithOverflow)
 IS_BINOP_MATCHER(Int32SubWithOverflow)
 IS_BINOP_MATCHER(Int32Add)
+IS_BINOP_MATCHER(Int32Div)
 IS_BINOP_MATCHER(Int32Sub)
 IS_BINOP_MATCHER(Int32Mul)
 IS_BINOP_MATCHER(Int32MulHigh)
@@ -2159,6 +2160,7 @@ IS_BINOP_MATCHER(Int32LessThan)
 IS_BINOP_MATCHER(Uint32LessThan)
 IS_BINOP_MATCHER(Uint32LessThanOrEqual)
 IS_BINOP_MATCHER(Int64Add)
+IS_BINOP_MATCHER(Int64Div)
 IS_BINOP_MATCHER(Int64Sub)
 IS_BINOP_MATCHER(Int64Mul)
 IS_BINOP_MATCHER(JSAdd)

--- a/test/unittests/compiler/node-test-utils.h
+++ b/test/unittests/compiler/node-test-utils.h
@@ -387,6 +387,8 @@ Matcher<Node*> IsInt32Add(const Matcher<Node*>& lhs_matcher,
                          const Matcher<Node*>& rhs_matcher);
 Matcher<Node*> IsInt32Sub(const Matcher<Node*>& lhs_matcher,
                          const Matcher<Node*>& rhs_matcher);
+Matcher<Node*> IsInt32Div(const Matcher<Node*>& lhs_matcher,
+                          const Matcher<Node*>& rhs_matcher);
 Matcher<Node*> IsInt32Mul(const Matcher<Node*>& lhs_matcher,
                          const Matcher<Node*>& rhs_matcher);
 Matcher<Node*> IsInt32MulHigh(const Matcher<Node*>& lhs_matcher,
@@ -403,6 +405,8 @@ Matcher<Node*> IsInt64Sub(const Matcher<Node*>& lhs_matcher,
                          const Matcher<Node*>& rhs_matcher);
 Matcher<Node*> IsInt64Mul(const Matcher<Node*>& lhs_matcher,
                          const Matcher<Node*>& rhs_matcher);
+Matcher<Node*> IsInt64Div(const Matcher<Node*>& lhs_matcher,
+                          const Matcher<Node*>& rhs_matcher);
 Matcher<Node*> IsJSAdd(const Matcher<Node*>& lhs_matcher,
                       const Matcher<Node*>& rhs_matcher);
 Matcher<Node*> IsJSParseInt(const Matcher<Node*>& lhs_matcher,
@@ -517,6 +521,12 @@ static inline Matcher<Node*> IsIntPtrMul(const Matcher<Node*>& lhs_matcher,
                           : IsInt32Mul(lhs_matcher, rhs_matcher);
 }
+static inline Matcher<Node*> IsIntPtrDiv(const Matcher<Node*>& lhs_matcher,
+                                         const Matcher<Node*>& rhs_matcher) {
+  return kPointerSize == 8 ? IsInt64Div(lhs_matcher, rhs_matcher)
+                           : IsInt32Div(lhs_matcher, rhs_matcher);
+}
 static inline Matcher<Node*> IsWordShl(const Matcher<Node*>& lhs_matcher,
                                       const Matcher<Node*>& rhs_matcher) {
  return kPointerSize == 8 ? IsWord64Shl(lhs_matcher, rhs_matcher)