From 40ab2888f57d11bda4820f871836118d8fec4d22 Mon Sep 17 00:00:00 2001 From: Ray Wang Date: Fri, 19 Nov 2021 21:14:47 +0800 Subject: [PATCH] deps: V8: cherry-pick 7ae0b77628f6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Original commit message: [interpreter] Stop jump-table optimizing switch stms when spread overflows Bug: v8:12389 Change-Id: I53c728ab0c8ba38c7dd96c7e1089f771ba44b9f0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289227 Reviewed-by: Leszek Swirski Commit-Queue: Leszek Swirski Cr-Commit-Position: refs/heads/main@{#77995} Refs: /~https://github.com/v8/v8/commit/7ae0b77628f6b7ef5b38658bec82fd57115dfaf3 PR-URL: /~https://github.com/nodejs/node/pull/40882 Reviewed-By: Michaƫl Zasso Reviewed-By: James M Snell --- common.gypi | 2 +- deps/v8/src/interpreter/bytecode-generator.cc | 33 ++++++++++++------- 2 files changed, 23 insertions(+), 12 deletions(-) diff --git a/common.gypi b/common.gypi index 6699826d269568..c77038c3cee21b 100644 --- a/common.gypi +++ b/common.gypi @@ -36,7 +36,7 @@ # Reset this number to 0 on major V8 upgrades. # Increment by one for each non-official patch applied to deps/v8. - 'v8_embedder_string': '-node.13', + 'v8_embedder_string': '-node.14', ##### V8 defaults for Node.js ##### diff --git a/deps/v8/src/interpreter/bytecode-generator.cc b/deps/v8/src/interpreter/bytecode-generator.cc index 001ebfd0cf5b86..750ce0e0a22141 100644 --- a/deps/v8/src/interpreter/bytecode-generator.cc +++ b/deps/v8/src/interpreter/bytecode-generator.cc @@ -1889,17 +1889,28 @@ bool IsSwitchOptimizable(SwitchStatement* stmt, SwitchInfo* info) { } // GCC also jump-table optimizes switch statements with 6 cases or more. - if (!(static_cast(info->covered_cases.size()) >= - FLAG_switch_table_min_cases && - IsSpreadAcceptable(info->MaxCase() - info->MinCase(), - cases->length()))) { - // Invariant- covered_cases has all cases and only cases that will go in the - // jump table. - info->covered_cases.clear(); - return false; - } else { - return true; - } + if (static_cast(info->covered_cases.size()) >= + FLAG_switch_table_min_cases) { + // Due to case spread will be used as the size of jump-table, + // we need to check if it doesn't overflow by casting its + // min and max bounds to int64_t, and calculate if the difference is less + // than or equal to INT_MAX. + int64_t min = static_cast(info->MinCase()); + int64_t max = static_cast(info->MaxCase()); + int64_t spread = max - min + 1; + + DCHECK_GT(spread, 0); + + // Check if casted spread is acceptable and doesn't overflow. + if (spread <= INT_MAX && + IsSpreadAcceptable(static_cast(spread), cases->length())) { + return true; + } + } + // Invariant- covered_cases has all cases and only cases that will go in the + // jump table. + info->covered_cases.clear(); + return false; } } // namespace