Commit 84cff42c authored by Nico Hartmann's avatar Nico Hartmann Committed by Commit Bot

[turbofan] Fixes incorrect DataView setters

Having no value argument in DataView setters (e.g. setFloat64) caused
wrong behavior in compiled code.

Bug: chromium:1071190
Change-Id: I37ddba8555dafad321f8d4c1352da8a501a98453
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170091Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67451}
parent ed559eae
......@@ -7146,6 +7146,7 @@ uint32_t ExternalArrayElementSize(const ExternalArrayType element_type) {
Reduction JSCallReducer::ReduceDataViewAccess(Node* node, DataViewAccess access,
ExternalArrayType element_type) {
DCHECK_EQ(node->opcode(), IrOpcode::kJSCall);
size_t const element_size = ExternalArrayElementSize(element_type);
CallParameters const& p = CallParametersOf(node->op());
Node* effect = NodeProperties::GetEffectInput(node);
......@@ -7154,17 +7155,16 @@ Reduction JSCallReducer::ReduceDataViewAccess(Node* node, DataViewAccess access,
Node* offset = node->op()->ValueInputCount() > 2
? NodeProperties::GetValueInput(node, 2)
: jsgraph()->ZeroConstant();
Node* value = (access == DataViewAccess::kGet)
? nullptr
: (node->op()->ValueInputCount() > 3
? NodeProperties::GetValueInput(node, 3)
: jsgraph()->ZeroConstant());
Node* is_little_endian = (access == DataViewAccess::kGet)
? (node->op()->ValueInputCount() > 3
Node* value = nullptr;
if (access == DataViewAccess::kSet) {
value = node->op()->ValueInputCount() > 3
? NodeProperties::GetValueInput(node, 3)
: jsgraph()->FalseConstant())
: (node->op()->ValueInputCount() > 4
? NodeProperties::GetValueInput(node, 4)
: jsgraph()->UndefinedConstant();
}
const int endian_index = (access == DataViewAccess::kGet ? 3 : 4);
Node* is_little_endian =
(node->op()->ValueInputCount() > endian_index
? NodeProperties::GetValueInput(node, endian_index)
: jsgraph()->FalseConstant());
if (p.speculation_mode() == SpeculationMode::kDisallowSpeculation) {
......
// Copyright 2020 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax
function test() {
const a = new DataView(new ArrayBuffer(32));
const b = new DataView(new ArrayBuffer(32));
a.setFloat64(0);
b.setFloat64(0, undefined);
for(let i = 0; i < 8; ++i) {
assertEquals(a.getUint8(i), b.getUint8(i));
}
}
%PrepareFunctionForOptimization(test);
test();
test();
%OptimizeFunctionOnNextCall(test);
test();
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment