Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(39)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime/runtime-atomics.cc

Issue 1189223003: Fix cluster-fuzz bug introduced in refs/heads/master@{#28796} (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-501809.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 the V8 project authors. All rights reserved. 1 // Copyright 2015 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/v8.h" 5 #include "src/v8.h"
6 6
7 #include "src/arguments.h" 7 #include "src/arguments.h"
8 #include "src/base/macros.h" 8 #include "src/base/macros.h"
9 #include "src/base/platform/mutex.h" 9 #include "src/base/platform/mutex.h"
10 #include "src/conversions.h" 10 #include "src/conversions.h"
(...skipping 427 matching lines...) Expand 10 before | Expand all | Expand 10 after
438 V(Uint8Clamped, uint8_clamped, UINT8_CLAMPED, uint8_t, 1) 438 V(Uint8Clamped, uint8_clamped, UINT8_CLAMPED, uint8_t, 1)
439 439
440 440
441 RUNTIME_FUNCTION(Runtime_AtomicsCompareExchange) { 441 RUNTIME_FUNCTION(Runtime_AtomicsCompareExchange) {
442 HandleScope scope(isolate); 442 HandleScope scope(isolate);
443 DCHECK(args.length() == 4); 443 DCHECK(args.length() == 4);
444 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0); 444 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0);
445 CONVERT_SIZE_ARG_CHECKED(index, 1); 445 CONVERT_SIZE_ARG_CHECKED(index, 1);
446 CONVERT_NUMBER_ARG_HANDLE_CHECKED(oldobj, 2); 446 CONVERT_NUMBER_ARG_HANDLE_CHECKED(oldobj, 2);
447 CONVERT_NUMBER_ARG_HANDLE_CHECKED(newobj, 3); 447 CONVERT_NUMBER_ARG_HANDLE_CHECKED(newobj, 3);
448 DCHECK(sta->GetBuffer()->is_shared()); 448 RUNTIME_ASSERT(sta->GetBuffer()->is_shared());
449 DCHECK(index < NumberToSize(isolate, sta->length())); 449 RUNTIME_ASSERT(index < NumberToSize(isolate, sta->length()));
450 450
451 void* buffer = sta->GetBuffer()->backing_store(); 451 void* buffer = sta->GetBuffer()->backing_store();
452 452
453 switch (sta->type()) { 453 switch (sta->type()) {
454 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \ 454 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \
455 case kExternal##Type##Array: \ 455 case kExternal##Type##Array: \
456 return DoCompareExchange<ctype>(isolate, buffer, index, oldobj, newobj); 456 return DoCompareExchange<ctype>(isolate, buffer, index, oldobj, newobj);
457 457
458 TYPED_ARRAYS(TYPED_ARRAY_CASE) 458 TYPED_ARRAYS(TYPED_ARRAY_CASE)
459 #undef TYPED_ARRAY_CASE 459 #undef TYPED_ARRAY_CASE
460 460
461 default: 461 default:
462 break; 462 break;
463 } 463 }
464 464
465 UNREACHABLE(); 465 UNREACHABLE();
466 return isolate->heap()->undefined_value(); 466 return isolate->heap()->undefined_value();
467 } 467 }
468 468
469 469
470 RUNTIME_FUNCTION(Runtime_AtomicsLoad) { 470 RUNTIME_FUNCTION(Runtime_AtomicsLoad) {
471 HandleScope scope(isolate); 471 HandleScope scope(isolate);
472 DCHECK(args.length() == 2); 472 DCHECK(args.length() == 2);
473 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0); 473 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0);
474 CONVERT_SIZE_ARG_CHECKED(index, 1); 474 CONVERT_SIZE_ARG_CHECKED(index, 1);
475 DCHECK(sta->GetBuffer()->is_shared()); 475 RUNTIME_ASSERT(sta->GetBuffer()->is_shared());
476 DCHECK(index < NumberToSize(isolate, sta->length())); 476 RUNTIME_ASSERT(index < NumberToSize(isolate, sta->length()));
477 477
478 void* buffer = sta->GetBuffer()->backing_store(); 478 void* buffer = sta->GetBuffer()->backing_store();
479 479
480 switch (sta->type()) { 480 switch (sta->type()) {
481 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \ 481 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \
482 case kExternal##Type##Array: \ 482 case kExternal##Type##Array: \
483 return DoLoad<ctype>(isolate, buffer, index); 483 return DoLoad<ctype>(isolate, buffer, index);
484 484
485 TYPED_ARRAYS(TYPED_ARRAY_CASE) 485 TYPED_ARRAYS(TYPED_ARRAY_CASE)
486 #undef TYPED_ARRAY_CASE 486 #undef TYPED_ARRAY_CASE
487 487
488 default: 488 default:
489 break; 489 break;
490 } 490 }
491 491
492 UNREACHABLE(); 492 UNREACHABLE();
493 return isolate->heap()->undefined_value(); 493 return isolate->heap()->undefined_value();
494 } 494 }
495 495
496 496
497 RUNTIME_FUNCTION(Runtime_AtomicsStore) { 497 RUNTIME_FUNCTION(Runtime_AtomicsStore) {
498 HandleScope scope(isolate); 498 HandleScope scope(isolate);
499 DCHECK(args.length() == 3); 499 DCHECK(args.length() == 3);
500 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0); 500 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0);
501 CONVERT_SIZE_ARG_CHECKED(index, 1); 501 CONVERT_SIZE_ARG_CHECKED(index, 1);
502 CONVERT_NUMBER_ARG_HANDLE_CHECKED(value, 2); 502 CONVERT_NUMBER_ARG_HANDLE_CHECKED(value, 2);
503 DCHECK(sta->GetBuffer()->is_shared()); 503 RUNTIME_ASSERT(sta->GetBuffer()->is_shared());
504 DCHECK(index < NumberToSize(isolate, sta->length())); 504 RUNTIME_ASSERT(index < NumberToSize(isolate, sta->length()));
505 505
506 void* buffer = sta->GetBuffer()->backing_store(); 506 void* buffer = sta->GetBuffer()->backing_store();
507 507
508 switch (sta->type()) { 508 switch (sta->type()) {
509 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \ 509 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \
510 case kExternal##Type##Array: \ 510 case kExternal##Type##Array: \
511 return DoStore<ctype>(isolate, buffer, index, value); 511 return DoStore<ctype>(isolate, buffer, index, value);
512 512
513 TYPED_ARRAYS(TYPED_ARRAY_CASE) 513 TYPED_ARRAYS(TYPED_ARRAY_CASE)
514 #undef TYPED_ARRAY_CASE 514 #undef TYPED_ARRAY_CASE
515 515
516 default: 516 default:
517 break; 517 break;
518 } 518 }
519 519
520 UNREACHABLE(); 520 UNREACHABLE();
521 return isolate->heap()->undefined_value(); 521 return isolate->heap()->undefined_value();
522 } 522 }
523 523
524 524
525 RUNTIME_FUNCTION(Runtime_AtomicsAdd) { 525 RUNTIME_FUNCTION(Runtime_AtomicsAdd) {
526 HandleScope scope(isolate); 526 HandleScope scope(isolate);
527 DCHECK(args.length() == 3); 527 DCHECK(args.length() == 3);
528 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0); 528 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0);
529 CONVERT_SIZE_ARG_CHECKED(index, 1); 529 CONVERT_SIZE_ARG_CHECKED(index, 1);
530 CONVERT_NUMBER_ARG_HANDLE_CHECKED(value, 2); 530 CONVERT_NUMBER_ARG_HANDLE_CHECKED(value, 2);
531 DCHECK(sta->GetBuffer()->is_shared()); 531 RUNTIME_ASSERT(sta->GetBuffer()->is_shared());
532 DCHECK(index < NumberToSize(isolate, sta->length())); 532 RUNTIME_ASSERT(index < NumberToSize(isolate, sta->length()));
533 533
534 void* buffer = sta->GetBuffer()->backing_store(); 534 void* buffer = sta->GetBuffer()->backing_store();
535 535
536 switch (sta->type()) { 536 switch (sta->type()) {
537 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \ 537 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \
538 case kExternal##Type##Array: \ 538 case kExternal##Type##Array: \
539 return DoAdd<ctype>(isolate, buffer, index, value); 539 return DoAdd<ctype>(isolate, buffer, index, value);
540 540
541 INTEGER_TYPED_ARRAYS(TYPED_ARRAY_CASE) 541 INTEGER_TYPED_ARRAYS(TYPED_ARRAY_CASE)
542 #undef TYPED_ARRAY_CASE 542 #undef TYPED_ARRAY_CASE
543 543
544 case kExternalFloat32Array: 544 case kExternalFloat32Array:
545 case kExternalFloat64Array: 545 case kExternalFloat64Array:
546 default: 546 default:
547 break; 547 break;
548 } 548 }
549 549
550 UNREACHABLE(); 550 UNREACHABLE();
551 return isolate->heap()->undefined_value(); 551 return isolate->heap()->undefined_value();
552 } 552 }
553 553
554 554
555 RUNTIME_FUNCTION(Runtime_AtomicsSub) { 555 RUNTIME_FUNCTION(Runtime_AtomicsSub) {
556 HandleScope scope(isolate); 556 HandleScope scope(isolate);
557 DCHECK(args.length() == 3); 557 DCHECK(args.length() == 3);
558 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0); 558 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0);
559 CONVERT_SIZE_ARG_CHECKED(index, 1); 559 CONVERT_SIZE_ARG_CHECKED(index, 1);
560 CONVERT_NUMBER_ARG_HANDLE_CHECKED(value, 2); 560 CONVERT_NUMBER_ARG_HANDLE_CHECKED(value, 2);
561 DCHECK(sta->GetBuffer()->is_shared()); 561 RUNTIME_ASSERT(sta->GetBuffer()->is_shared());
562 DCHECK(index < NumberToSize(isolate, sta->length())); 562 RUNTIME_ASSERT(index < NumberToSize(isolate, sta->length()));
563 563
564 void* buffer = sta->GetBuffer()->backing_store(); 564 void* buffer = sta->GetBuffer()->backing_store();
565 565
566 switch (sta->type()) { 566 switch (sta->type()) {
567 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \ 567 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \
568 case kExternal##Type##Array: \ 568 case kExternal##Type##Array: \
569 return DoSub<ctype>(isolate, buffer, index, value); 569 return DoSub<ctype>(isolate, buffer, index, value);
570 570
571 INTEGER_TYPED_ARRAYS(TYPED_ARRAY_CASE) 571 INTEGER_TYPED_ARRAYS(TYPED_ARRAY_CASE)
572 #undef TYPED_ARRAY_CASE 572 #undef TYPED_ARRAY_CASE
573 573
574 case kExternalFloat32Array: 574 case kExternalFloat32Array:
575 case kExternalFloat64Array: 575 case kExternalFloat64Array:
576 default: 576 default:
577 break; 577 break;
578 } 578 }
579 579
580 UNREACHABLE(); 580 UNREACHABLE();
581 return isolate->heap()->undefined_value(); 581 return isolate->heap()->undefined_value();
582 } 582 }
583 583
584 584
585 RUNTIME_FUNCTION(Runtime_AtomicsAnd) { 585 RUNTIME_FUNCTION(Runtime_AtomicsAnd) {
586 HandleScope scope(isolate); 586 HandleScope scope(isolate);
587 DCHECK(args.length() == 3); 587 DCHECK(args.length() == 3);
588 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0); 588 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0);
589 CONVERT_SIZE_ARG_CHECKED(index, 1); 589 CONVERT_SIZE_ARG_CHECKED(index, 1);
590 CONVERT_NUMBER_ARG_HANDLE_CHECKED(value, 2); 590 CONVERT_NUMBER_ARG_HANDLE_CHECKED(value, 2);
591 DCHECK(sta->GetBuffer()->is_shared()); 591 RUNTIME_ASSERT(sta->GetBuffer()->is_shared());
592 DCHECK(index < NumberToSize(isolate, sta->length())); 592 RUNTIME_ASSERT(index < NumberToSize(isolate, sta->length()));
593 593
594 void* buffer = sta->GetBuffer()->backing_store(); 594 void* buffer = sta->GetBuffer()->backing_store();
595 595
596 switch (sta->type()) { 596 switch (sta->type()) {
597 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \ 597 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \
598 case kExternal##Type##Array: \ 598 case kExternal##Type##Array: \
599 return DoAnd<ctype>(isolate, buffer, index, value); 599 return DoAnd<ctype>(isolate, buffer, index, value);
600 600
601 INTEGER_TYPED_ARRAYS(TYPED_ARRAY_CASE) 601 INTEGER_TYPED_ARRAYS(TYPED_ARRAY_CASE)
602 #undef TYPED_ARRAY_CASE 602 #undef TYPED_ARRAY_CASE
603 603
604 case kExternalFloat32Array: 604 case kExternalFloat32Array:
605 case kExternalFloat64Array: 605 case kExternalFloat64Array:
606 default: 606 default:
607 break; 607 break;
608 } 608 }
609 609
610 UNREACHABLE(); 610 UNREACHABLE();
611 return isolate->heap()->undefined_value(); 611 return isolate->heap()->undefined_value();
612 } 612 }
613 613
614 614
615 RUNTIME_FUNCTION(Runtime_AtomicsOr) { 615 RUNTIME_FUNCTION(Runtime_AtomicsOr) {
616 HandleScope scope(isolate); 616 HandleScope scope(isolate);
617 DCHECK(args.length() == 3); 617 DCHECK(args.length() == 3);
618 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0); 618 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0);
619 CONVERT_SIZE_ARG_CHECKED(index, 1); 619 CONVERT_SIZE_ARG_CHECKED(index, 1);
620 CONVERT_NUMBER_ARG_HANDLE_CHECKED(value, 2); 620 CONVERT_NUMBER_ARG_HANDLE_CHECKED(value, 2);
621 DCHECK(sta->GetBuffer()->is_shared()); 621 RUNTIME_ASSERT(sta->GetBuffer()->is_shared());
622 DCHECK(index < NumberToSize(isolate, sta->length())); 622 RUNTIME_ASSERT(index < NumberToSize(isolate, sta->length()));
623 623
624 void* buffer = sta->GetBuffer()->backing_store(); 624 void* buffer = sta->GetBuffer()->backing_store();
625 625
626 switch (sta->type()) { 626 switch (sta->type()) {
627 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \ 627 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \
628 case kExternal##Type##Array: \ 628 case kExternal##Type##Array: \
629 return DoOr<ctype>(isolate, buffer, index, value); 629 return DoOr<ctype>(isolate, buffer, index, value);
630 630
631 INTEGER_TYPED_ARRAYS(TYPED_ARRAY_CASE) 631 INTEGER_TYPED_ARRAYS(TYPED_ARRAY_CASE)
632 #undef TYPED_ARRAY_CASE 632 #undef TYPED_ARRAY_CASE
633 633
634 case kExternalFloat32Array: 634 case kExternalFloat32Array:
635 case kExternalFloat64Array: 635 case kExternalFloat64Array:
636 default: 636 default:
637 break; 637 break;
638 } 638 }
639 639
640 UNREACHABLE(); 640 UNREACHABLE();
641 return isolate->heap()->undefined_value(); 641 return isolate->heap()->undefined_value();
642 } 642 }
643 643
644 644
645 RUNTIME_FUNCTION(Runtime_AtomicsXor) { 645 RUNTIME_FUNCTION(Runtime_AtomicsXor) {
646 HandleScope scope(isolate); 646 HandleScope scope(isolate);
647 DCHECK(args.length() == 3); 647 DCHECK(args.length() == 3);
648 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0); 648 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0);
649 CONVERT_SIZE_ARG_CHECKED(index, 1); 649 CONVERT_SIZE_ARG_CHECKED(index, 1);
650 CONVERT_NUMBER_ARG_HANDLE_CHECKED(value, 2); 650 CONVERT_NUMBER_ARG_HANDLE_CHECKED(value, 2);
651 DCHECK(sta->GetBuffer()->is_shared()); 651 RUNTIME_ASSERT(sta->GetBuffer()->is_shared());
652 DCHECK(index < NumberToSize(isolate, sta->length())); 652 RUNTIME_ASSERT(index < NumberToSize(isolate, sta->length()));
653 653
654 void* buffer = sta->GetBuffer()->backing_store(); 654 void* buffer = sta->GetBuffer()->backing_store();
655 655
656 switch (sta->type()) { 656 switch (sta->type()) {
657 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \ 657 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \
658 case kExternal##Type##Array: \ 658 case kExternal##Type##Array: \
659 return DoXor<ctype>(isolate, buffer, index, value); 659 return DoXor<ctype>(isolate, buffer, index, value);
660 660
661 INTEGER_TYPED_ARRAYS(TYPED_ARRAY_CASE) 661 INTEGER_TYPED_ARRAYS(TYPED_ARRAY_CASE)
662 #undef TYPED_ARRAY_CASE 662 #undef TYPED_ARRAY_CASE
663 663
664 case kExternalFloat32Array: 664 case kExternalFloat32Array:
665 case kExternalFloat64Array: 665 case kExternalFloat64Array:
666 default: 666 default:
667 break; 667 break;
668 } 668 }
669 669
670 UNREACHABLE(); 670 UNREACHABLE();
671 return isolate->heap()->undefined_value(); 671 return isolate->heap()->undefined_value();
672 } 672 }
673 673
674 674
675 RUNTIME_FUNCTION(Runtime_AtomicsExchange) { 675 RUNTIME_FUNCTION(Runtime_AtomicsExchange) {
676 HandleScope scope(isolate); 676 HandleScope scope(isolate);
677 DCHECK(args.length() == 3); 677 DCHECK(args.length() == 3);
678 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0); 678 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, sta, 0);
679 CONVERT_SIZE_ARG_CHECKED(index, 1); 679 CONVERT_SIZE_ARG_CHECKED(index, 1);
680 CONVERT_NUMBER_ARG_HANDLE_CHECKED(value, 2); 680 CONVERT_NUMBER_ARG_HANDLE_CHECKED(value, 2);
681 DCHECK(sta->GetBuffer()->is_shared()); 681 RUNTIME_ASSERT(sta->GetBuffer()->is_shared());
682 DCHECK(index < NumberToSize(isolate, sta->length())); 682 RUNTIME_ASSERT(index < NumberToSize(isolate, sta->length()));
683 683
684 void* buffer = sta->GetBuffer()->backing_store(); 684 void* buffer = sta->GetBuffer()->backing_store();
685 685
686 switch (sta->type()) { 686 switch (sta->type()) {
687 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \ 687 #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype, size) \
688 case kExternal##Type##Array: \ 688 case kExternal##Type##Array: \
689 return DoExchange<ctype>(isolate, buffer, index, value); 689 return DoExchange<ctype>(isolate, buffer, index, value);
690 690
691 INTEGER_TYPED_ARRAYS(TYPED_ARRAY_CASE) 691 INTEGER_TYPED_ARRAYS(TYPED_ARRAY_CASE)
692 #undef TYPED_ARRAY_CASE 692 #undef TYPED_ARRAY_CASE
(...skipping 13 matching lines...) Expand all
706 HandleScope scope(isolate); 706 HandleScope scope(isolate);
707 DCHECK(args.length() == 1); 707 DCHECK(args.length() == 1);
708 CONVERT_NUMBER_ARG_HANDLE_CHECKED(size, 0); 708 CONVERT_NUMBER_ARG_HANDLE_CHECKED(size, 0);
709 uint32_t usize = NumberToUint32(*size); 709 uint32_t usize = NumberToUint32(*size);
710 710
711 return Runtime::AtomicIsLockFree(usize) ? isolate->heap()->true_value() 711 return Runtime::AtomicIsLockFree(usize) ? isolate->heap()->true_value()
712 : isolate->heap()->false_value(); 712 : isolate->heap()->false_value();
713 } 713 }
714 } 714 }
715 } // namespace v8::internal 715 } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-501809.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698