[CSA] Temporarily disable bounds check in CSA::LoadArrayElement

Loading the length from a PropertyArray is currently broken. Bug: v8:7732 Change-Id: Ia05f314f2f4822a8821801889b7a58f75b3f198c Reviewed-on: https://chromium-review.googlesource.com/1049610Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#53067}

[CSA] Temporarily disable bounds check in CSA::LoadArrayElement
Loading the length from a PropertyArray is currently broken. Bug: v8:7732 Change-Id: Ia05f314f2f4822a8821801889b7a58f75b3f198c Reviewed-on: https://chromium-review.googlesource.com/1049610Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#53067}
61af2762 · Camillo Bruni · Commit Bot · 369b4476 · 61af2762
Commit 61af2762 authored May 08, 2018 by Camillo Bruni Committed by Commit Bot May 08, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 5 deletions

code-stub-assembler.cc src/code-stub-assembler.cc +1 -5

No files found.
--- a/src/code-stub-assembler.cc
+++ b/src/code-stub-assembler.cc
@@ -1773,11 +1773,7 @@ TNode<MaybeObject> CodeStubAssembler::LoadArrayElement(
  STATIC_ASSERT(FixedArrayBase::kLengthOffset == WeakFixedArray::kLengthOffset);
  // Check that index_node + additional_offset <= object.length.
  // TODO(cbruni): Use proper LoadXXLength helpers
-  CSA_SLOW_ASSERT(
-      this,
-      IsOffsetInBounds(
-          offset, LoadAndUntagObjectField(array, FixedArrayBase::kLengthOffset),
-          FixedArray::kHeaderSize));
+  // TODO(cbruni): Re-add bounds check here.
  return UncheckedCast<MaybeObject>(
      Load(MachineType::AnyTagged(), array, offset, needs_poisoning));
 }