[turbofan] Check bounds in node input accessors

... even in release builds.

Bug: chromium:1029576
Change-Id: Iefc6b267c9db09f68742152a302726fcfe4c75b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948714
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65346}

src/compiler/node-properties.cc

@@ -54,35 +54,38 @@ int NodeProperties::PastControlIndex(Node* node) {
 
 // static
 Node* NodeProperties::GetValueInput(Node* node, int index) {
-  DCHECK(0 <= index && index < node->op()->ValueInputCount());
+  CHECK_LE(0, index);
+  CHECK_LT(index, node->op()->ValueInputCount());
   return node->InputAt(FirstValueIndex(node) + index);
 }
 
 
 // static
 Node* NodeProperties::GetContextInput(Node* node) {
-  DCHECK(OperatorProperties::HasContextInput(node->op()));
+  CHECK(OperatorProperties::HasContextInput(node->op()));
   return node->InputAt(FirstContextIndex(node));
 }
 
 
 // static
 Node* NodeProperties::GetFrameStateInput(Node* node) {
-  DCHECK_EQ(1, OperatorProperties::GetFrameStateInputCount(node->op()));
+  CHECK(OperatorProperties::HasFrameStateInput(node->op()));
   return node->InputAt(FirstFrameStateIndex(node));
 }
 
 
 // static
 Node* NodeProperties::GetEffectInput(Node* node, int index) {
-  DCHECK(0 <= index && index < node->op()->EffectInputCount());
+  CHECK_LE(0, index);
+  CHECK_LT(index, node->op()->EffectInputCount());
   return node->InputAt(FirstEffectIndex(node) + index);
 }
 
 
 // static
 Node* NodeProperties::GetControlInput(Node* node, int index) {
-  DCHECK(0 <= index && index < node->op()->ControlInputCount());
+  CHECK_LE(0, index);
+  CHECK_LT(index, node->op()->ControlInputCount());
   return node->InputAt(FirstControlIndex(node) + index);
 }
 
@@ -142,7 +145,7 @@ bool NodeProperties::IsExceptionalCall(Node* node, Node** out_exception) {
 
 // static
 Node* NodeProperties::FindSuccessfulControlProjection(Node* node) {
-  DCHECK_GT(node->op()->ControlOutputCount(), 0);
+  CHECK_GT(node->op()->ControlOutputCount(), 0);
   if (node->op()->HasProperty(Operator::kNoThrow)) return node;
   for (Edge const edge : node->use_edges()) {
     if (!NodeProperties::IsControlEdge(edge)) continue;
@@ -155,7 +158,8 @@ Node* NodeProperties::FindSuccessfulControlProjection(Node* node) {
 
 // static
 void NodeProperties::ReplaceValueInput(Node* node, Node* value, int index) {
-  DCHECK(index < node->op()->ValueInputCount());
+  CHECK_LE(0, index);
+  CHECK_LT(index, node->op()->ValueInputCount());
   node->ReplaceInput(FirstValueIndex(node) + index, value);
 }
 
@@ -163,7 +167,7 @@ void NodeProperties::ReplaceValueInput(Node* node, Node* value, int index) {
 // static
 void NodeProperties::ReplaceValueInputs(Node* node, Node* value) {
   int value_input_count = node->op()->ValueInputCount();
-  DCHECK_LE(1, value_input_count);
+  CHECK_GT(value_input_count, 0);
   node->ReplaceInput(0, value);
   while (--value_input_count > 0) {
     node->RemoveInput(value_input_count);
@@ -173,31 +177,33 @@ void NodeProperties::ReplaceValueInputs(Node* node, Node* value) {
 
 // static
 void NodeProperties::ReplaceContextInput(Node* node, Node* context) {
+  CHECK(OperatorProperties::HasContextInput(node->op()));
   node->ReplaceInput(FirstContextIndex(node), context);
 }
 
 
 // static
 void NodeProperties::ReplaceControlInput(Node* node, Node* control, int index) {
-  DCHECK(index < node->op()->ControlInputCount());
+  CHECK_LE(0, index);
+  CHECK_LT(index, node->op()->ControlInputCount());
   node->ReplaceInput(FirstControlIndex(node) + index, control);
 }
 
 
 // static
 void NodeProperties::ReplaceEffectInput(Node* node, Node* effect, int index) {
-  DCHECK(index < node->op()->EffectInputCount());
+  CHECK_LE(0, index);
+  CHECK_LT(index, node->op()->EffectInputCount());
   return node->ReplaceInput(FirstEffectIndex(node) + index, effect);
 }
 
 
 // static
 void NodeProperties::ReplaceFrameStateInput(Node* node, Node* frame_state) {
-  DCHECK_EQ(1, OperatorProperties::GetFrameStateInputCount(node->op()));
+  CHECK(OperatorProperties::HasFrameStateInput(node->op()));
   node->ReplaceInput(FirstFrameStateIndex(node), frame_state);
 }
 
-
 // static
 void NodeProperties::RemoveNonValueInputs(Node* node) {
   node->TrimInputCount(node->op()->ValueInputCount());

src/compiler/node.h

@@ -63,28 +63,19 @@ class V8_EXPORT_PRIVATE Node final {
 
 #ifdef DEBUG
   void Verify();
-#define BOUNDS_CHECK(index)                                                   \
-  do {                                                                        \
-    if (index < 0 || index >= InputCount()) {                                 \
-      FATAL("Node #%d:%s->InputAt(%d) out of bounds", id(), op()->mnemonic(), \
-            index);                                                           \
-    }                                                                         \
-  } while (false)
 #else
-  // No bounds checks or verification in release mode.
   inline void Verify() {}
-#define BOUNDS_CHECK(index) \
-  do {                      \
-  } while (false)
 #endif
 
   Node* InputAt(int index) const {
-    BOUNDS_CHECK(index);
+    CHECK_LE(0, index);
+    CHECK_LT(index, InputCount());
     return *GetInputPtrConst(index);
   }
 
   void ReplaceInput(int index, Node* new_to) {
-    BOUNDS_CHECK(index);
+    CHECK_LE(0, index);
+    CHECK_LT(index, InputCount());
     Node** input_ptr = GetInputPtr(index);
     Node* old_to = *input_ptr;
     if (old_to != new_to) {
@@ -95,8 +86,6 @@ class V8_EXPORT_PRIVATE Node final {
     }
   }
 
-#undef BOUNDS_CHECK
-
   void AppendInput(Zone* zone, Node* new_to);
   void InsertInput(Zone* zone, int index, Node* new_to);
   void InsertInputs(Zone* zone, int index, int count);