Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(198)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/elements.cc

Issue 1107843002: Reland "Remove the weak list of views from array buffers" (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: use bounds check Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/elements.h ('k') | src/factory.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/elements.cc
diff --git a/src/elements.cc b/src/elements.cc
index a00cd249e76279b256d29bbbe1084574190fc03c..ac63b75888b26bc45cc88d0bbf926a9cecb39a55 100644
--- a/src/elements.cc
+++ b/src/elements.cc
@@ -620,7 +620,7 @@ class ElementsAccessorBase : public ElementsAccessor {
Handle<JSObject> obj,
uint32_t key,
Handle<FixedArrayBase> backing_store) {
- if (key < ElementsAccessorSubclass::GetCapacityImpl(backing_store)) {
+ if (key < ElementsAccessorSubclass::GetCapacityImpl(obj, backing_store)) {
return BackingStore::get(Handle<BackingStore>::cast(backing_store), key);
} else {
return backing_store->GetIsolate()->factory()->the_hole_value();
@@ -638,7 +638,7 @@ class ElementsAccessorBase : public ElementsAccessor {
Handle<JSObject> obj,
uint32_t key,
Handle<FixedArrayBase> backing_store) {
- if (key >= ElementsAccessorSubclass::GetCapacityImpl(backing_store)) {
+ if (key >= ElementsAccessorSubclass::GetCapacityImpl(obj, backing_store)) {
return ABSENT;
}
return
@@ -751,7 +751,7 @@ class ElementsAccessorBase : public ElementsAccessor {
// Optimize if 'other' is empty.
// We cannot optimize if 'this' is empty, as other may have holes.
- uint32_t len1 = ElementsAccessorSubclass::GetCapacityImpl(from);
+ uint32_t len1 = ElementsAccessorSubclass::GetCapacityImpl(holder, from);
if (len1 == 0) return to;
Isolate* isolate = from->GetIsolate();
@@ -817,12 +817,14 @@ class ElementsAccessorBase : public ElementsAccessor {
}
protected:
- static uint32_t GetCapacityImpl(Handle<FixedArrayBase> backing_store) {
+ static uint32_t GetCapacityImpl(Handle<JSObject> holder,
+ Handle<FixedArrayBase> backing_store) {
return backing_store->length();
}
- uint32_t GetCapacity(Handle<FixedArrayBase> backing_store) final {
- return ElementsAccessorSubclass::GetCapacityImpl(backing_store);
+ uint32_t GetCapacity(Handle<JSObject> holder,
+ Handle<FixedArrayBase> backing_store) final {
+ return ElementsAccessorSubclass::GetCapacityImpl(holder, backing_store);
}
static uint32_t GetKeyForIndexImpl(Handle<FixedArrayBase> backing_store,
@@ -1260,7 +1262,7 @@ class TypedElementsAccessor
Handle<JSObject> obj,
uint32_t key,
Handle<FixedArrayBase> backing_store) {
- if (key < AccessorClass::GetCapacityImpl(backing_store)) {
+ if (key < AccessorClass::GetCapacityImpl(obj, backing_store)) {
return BackingStore::get(Handle<BackingStore>::cast(backing_store), key);
} else {
return backing_store->GetIsolate()->factory()->undefined_value();
@@ -1271,9 +1273,8 @@ class TypedElementsAccessor
Handle<JSObject> obj,
uint32_t key,
Handle<FixedArrayBase> backing_store) {
- return
- key < AccessorClass::GetCapacityImpl(backing_store)
- ? NONE : ABSENT;
+ return key < AccessorClass::GetCapacityImpl(obj, backing_store) ? NONE
+ : ABSENT;
}
MUST_USE_RESULT static MaybeHandle<Object> SetLengthImpl(
@@ -1293,10 +1294,16 @@ class TypedElementsAccessor
static bool HasElementImpl(Handle<JSObject> holder, uint32_t key,
Handle<FixedArrayBase> backing_store) {
- uint32_t capacity =
- AccessorClass::GetCapacityImpl(backing_store);
+ uint32_t capacity = AccessorClass::GetCapacityImpl(holder, backing_store);
return key < capacity;
}
+
+ static uint32_t GetCapacityImpl(Handle<JSObject> holder,
+ Handle<FixedArrayBase> backing_store) {
+ Handle<JSArrayBufferView> view = Handle<JSArrayBufferView>::cast(holder);
+ if (view->WasNeutered()) return 0;
+ return backing_store->length();
+ }
};
@@ -1632,12 +1639,13 @@ class SloppyArgumentsElementsAccessor : public ElementsAccessorBase<
UNREACHABLE();
}
- static uint32_t GetCapacityImpl(Handle<FixedArrayBase> backing_store) {
+ static uint32_t GetCapacityImpl(Handle<JSObject> holder,
+ Handle<FixedArrayBase> backing_store) {
Handle<FixedArray> parameter_map = Handle<FixedArray>::cast(backing_store);
Handle<FixedArrayBase> arguments(
FixedArrayBase::cast(parameter_map->get(1)));
return Max(static_cast<uint32_t>(parameter_map->length() - 2),
- ForArray(arguments)->GetCapacity(arguments));
+ ForArray(arguments)->GetCapacity(holder, arguments));
}
static uint32_t GetKeyForIndexImpl(Handle<FixedArrayBase> dict,
« no previous file with comments | « src/elements.h ('k') | src/factory.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698