Commit 6fc00b4d authored by vegorov@chromium.org's avatar vegorov@chromium.org

Fix out-of-bounds read in SourcePositionToScriptPosition with --hydrogen-track-positions.

We were indexing into the list of inlined functions with inlining ID, which is incorrect.

There can be multiple inlinining IDs corresponding to the same inlined function, because inlining ID is inlining path sensitive unique id for an inlining attempt.

Additionally allow HAbnormalExit to have unknown source position even if we are tracking source positions. No code is generated from abnormal exits anyways.

R=svenpanne@chromium.org
BUG=v8:3184
LOG=N

Review URL: https://codereview.chromium.org/653993005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent 458db603
...@@ -144,7 +144,7 @@ void HBasicBlock::AddInstruction(HInstruction* instr, ...@@ -144,7 +144,7 @@ void HBasicBlock::AddInstruction(HInstruction* instr,
entry->set_position(position); entry->set_position(position);
} else { } else {
DCHECK(!FLAG_hydrogen_track_positions || DCHECK(!FLAG_hydrogen_track_positions ||
!graph()->info()->IsOptimizing()); !graph()->info()->IsOptimizing() || instr->IsAbnormalExit());
} }
first_ = last_ = entry; first_ = last_ = entry;
} }
...@@ -3446,8 +3446,9 @@ HGraph::HGraph(CompilationInfo* info) ...@@ -3446,8 +3446,9 @@ HGraph::HGraph(CompilationInfo* info)
maximum_environment_size_(0), maximum_environment_size_(0),
no_side_effects_scope_count_(0), no_side_effects_scope_count_(0),
disallow_adding_new_values_(false), disallow_adding_new_values_(false),
next_inline_id_(0), inlined_functions_(FLAG_hydrogen_track_positions ? 5 : 0, info->zone()),
inlined_functions_(5, info->zone()) { inlining_id_to_function_id_(FLAG_hydrogen_track_positions ? 5 : 0,
info->zone()) {
if (info->IsStub()) { if (info->IsStub()) {
CallInterfaceDescriptor descriptor = CallInterfaceDescriptor descriptor =
info->code_stub()->GetCallInterfaceDescriptor(); info->code_stub()->GetCallInterfaceDescriptor();
...@@ -3527,7 +3528,8 @@ int HGraph::TraceInlinedFunction( ...@@ -3527,7 +3528,8 @@ int HGraph::TraceInlinedFunction(
} }
} }
int inline_id = next_inline_id_++; int inline_id = inlining_id_to_function_id_.length();
inlining_id_to_function_id_.Add(id, zone());
if (inline_id != 0) { if (inline_id != 0) {
CodeTracer::Scope tracing_scope(isolate()->GetCodeTracer()); CodeTracer::Scope tracing_scope(isolate()->GetCodeTracer());
...@@ -3546,8 +3548,8 @@ int HGraph::SourcePositionToScriptPosition(HSourcePosition pos) { ...@@ -3546,8 +3548,8 @@ int HGraph::SourcePositionToScriptPosition(HSourcePosition pos) {
return pos.raw(); return pos.raw();
} }
return inlined_functions_[pos.inlining_id()].start_position() + const int id = inlining_id_to_function_id_[pos.inlining_id()];
pos.position(); return inlined_functions_[id].start_position() + pos.position();
} }
......
...@@ -524,8 +524,8 @@ class HGraph FINAL : public ZoneObject { ...@@ -524,8 +524,8 @@ class HGraph FINAL : public ZoneObject {
int start_position_; int start_position_;
}; };
int next_inline_id_;
ZoneList<InlinedFunctionInfo> inlined_functions_; ZoneList<InlinedFunctionInfo> inlined_functions_;
ZoneList<int> inlining_id_to_function_id_;
DISALLOW_COPY_AND_ASSIGN(HGraph); DISALLOW_COPY_AND_ASSIGN(HGraph);
}; };
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment