languages/dart-sdk
languages/dart-sdk
1
0
Fork 0
mirror of https://github.com/dart-lang/sdk synced 2024-11-05 18:22:09 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix for issue 37429

Browse source 
Fix by not tracking very large or negative sizes.

TBR=johnniwinther@google.com

Bug: 37429
Change-Id: Ibb3c7499f0afaec8cbb9398f780294ad0befeab2
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/108202
Reviewed-by: Stephen Adams <sra@google.com>
Commit-Queue: Stephen Adams <sra@google.com>
This commit is contained in:
Stephen Adams 2019-07-03 22:24:57 +00:00 committed by commit-bot@chromium.org
parent 43891316ca
commit 327f5eb826
2 changed files with 45 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
pkg/compiler/lib/src/inferrer/builder_kernel.dart
View file

@ -1125,6 +1125,14 @@ class KernelTypeGraphBuilder extends ir.Visitor<TypeInformation> {
/// Try to find the length given to a fixed array constructor call.
int _findLength(ir.Arguments arguments) {
int finish(int length) {
// Filter out lengths that should not be tracked.
if (length < 0) return null;
// Serialization limit.
if (length >= (1 << 30)) return null;
return length;
}
ir.Expression firstArgument = arguments.positional.first;
if (firstArgument is ir.ConstantExpression &&
firstArgument.constant is ir.DoubleConstant) {
@ -1132,10 +1140,10 @@ class KernelTypeGraphBuilder extends ir.Visitor<TypeInformation> {
double doubleValue = constant.value;
int truncatedValue = doubleValue.truncate();
if (doubleValue == truncatedValue) {
return truncatedValue;
return finish(truncatedValue);
}
} else if (firstArgument is ir.IntLiteral) {
return firstArgument.value;
return finish(firstArgument.value);
} else if (firstArgument is ir.StaticGet) {
MemberEntity member = _elementMap.getMember(firstArgument.target);
if (member.isField) {
@ -1143,7 +1151,9 @@ class KernelTypeGraphBuilder extends ir.Visitor<TypeInformation> {
_closedWorld.fieldAnalysis.getFieldData(member);
if (fieldData.isEffectivelyConstant && fieldData.constantValue.isInt) {
IntConstantValue intValue = fieldData.constantValue;
return intValue.intValue.toInt();
if (intValue.intValue.isValidInt) {
return finish(intValue.intValue.toInt());
}
}
}
}

36
tests/compiler/dart2js/inference/data/list_huge.dart
View file

@ -2,23 +2,27 @@
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.
// Test for Container type for Lists with huge or negative sizes.
/*element: main:[null]*/
main() {
hugeList1();
hugeList2();
hugeList3();
hugeList4();
}
/*element: _huge1:[subclass=JSPositiveInt]*/
final _huge1 = 5000000000;
/*element: hugeList1:Container([exact=JSFixedArray], element: [null], length: 5000000000)*/
/*element: hugeList1:Container([exact=JSFixedArray], element: [null], length: null)*/
hugeList1() => List(_huge1);
/*strong.element: _huge2a:[subclass=JSPositiveInt]*/
/*omit.element: _huge2a:[subclass=JSPositiveInt]*/
const _huge2a = 10000000000
/*strong.invoke: [subclass=JSPositiveInt]*/
/*omit.invoke: [subclass=JSPositiveInt]*/
/*strong.invoke: [subclass=JSPositiveInt]*/
/*omit.invoke: [subclass=JSPositiveInt]*/
*
10000000000;
@ -28,5 +32,29 @@ const _huge2a = 10000000000
/*omitConst.element: _huge2b:[subclass=JSPositiveInt]*/
final _huge2b = _huge2a;
/*element: hugeList2:Container([exact=JSFixedArray], element: [null], length: 9223372036854775807)*/
/*element: hugeList2:Container([exact=JSFixedArray], element: [null], length: null)*/
hugeList2() => List(_huge2b);
/*strong.element: _huge3a:[subclass=JSInt]*/
/*omit.element: _huge3a:[subclass=JSInt]*/
const _huge3a =
/*strong.invoke: [exact=JSUInt31]*/
/*omit.invoke: [exact=JSUInt31]*/
-10000000;
/*strong.element: _huge3b:[null|subclass=JSInt]*/
/*omit.element: _huge3b:[null|subclass=JSInt]*/
/*strongConst.element: _huge3b:[subclass=JSInt]*/
/*omitConst.element: _huge3b:[subclass=JSInt]*/
final _huge3b = _huge3a;
/*element: hugeList3:Container([exact=JSFixedArray], element: [null], length: null)*/
hugeList3() => List(_huge3b);
// 'Small' limits are still tracked.
/*element: _huge4:[exact=JSUInt31]*/
final _huge4 = 10000000;
/*element: hugeList4:Container([exact=JSFixedArray], element: [null], length: 10000000)*/
hugeList4() => List(_huge4);