Commit ee1e1fa5 authored by Jakob Gruber's avatar Jakob Gruber Committed by V8 LUCI CQ

[compiler] Fix invalid MakeRef uses in context specialization

Bug: v8:7790,v8:12282
Change-Id: Id6a129c21648bb7919b1d162b47bb24c5d6b432a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200077
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77207}
parent bb93f266
...@@ -103,7 +103,16 @@ base::Optional<ContextRef> GetSpecializationContext( ...@@ -103,7 +103,16 @@ base::Optional<ContextRef> GetSpecializationContext(
Maybe<OuterContext> maybe_outer) { Maybe<OuterContext> maybe_outer) {
switch (node->opcode()) { switch (node->opcode()) {
case IrOpcode::kHeapConstant: { case IrOpcode::kHeapConstant: {
HeapObjectRef object = MakeRef(broker, HeapConstantOf(node->op())); // TODO(jgruber,chromium:1209798): Using kAssumeMemoryFence works around
// the fact that the graph stores handles (and not refs). The assumption
// is that any handle inserted into the graph is safe to read; but we
// don't preserve the reason why it is safe to read. Thus we must
// over-approximate here and assume the existence of a memory fence. In
// the future, we should consider having the graph store ObjectRefs or
// ObjectData pointer instead, which would make new ref construction here
// unnecessary.
HeapObjectRef object =
MakeRefAssumeMemoryFence(broker, HeapConstantOf(node->op()));
if (object.IsContext()) return object.AsContext(); if (object.IsContext()) return object.AsContext();
break; break;
} }
...@@ -231,7 +240,16 @@ base::Optional<ContextRef> GetModuleContext(JSHeapBroker* broker, Node* node, ...@@ -231,7 +240,16 @@ base::Optional<ContextRef> GetModuleContext(JSHeapBroker* broker, Node* node,
switch (context->opcode()) { switch (context->opcode()) {
case IrOpcode::kHeapConstant: { case IrOpcode::kHeapConstant: {
HeapObjectRef object = MakeRef(broker, HeapConstantOf(context->op())); // TODO(jgruber,chromium:1209798): Using kAssumeMemoryFence works around
// the fact that the graph stores handles (and not refs). The assumption
// is that any handle inserted into the graph is safe to read; but we
// don't preserve the reason why it is safe to read. Thus we must
// over-approximate here and assume the existence of a memory fence. In
// the future, we should consider having the graph store ObjectRefs or
// ObjectData pointer instead, which would make new ref construction here
// unnecessary.
HeapObjectRef object =
MakeRefAssumeMemoryFence(broker, HeapConstantOf(context->op()));
if (object.IsContext()) { if (object.IsContext()) {
return find_context(object.AsContext()); return find_context(object.AsContext());
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment