Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/js/harmony-atomics.js

Issue 1676613002: [Atomics] Fix atomic access index validation (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: merge master Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | src/js/prologue.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 the V8 project authors. All rights reserved. 1 // Copyright 2015 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 (function(global, utils) { 5 (function(global, utils) {
6 6
7 "use strict"; 7 "use strict";
8 8
9 %CheckIsBootstrapping(); 9 %CheckIsBootstrapping();
10 10
11 // ------------------------------------------------------------------- 11 // -------------------------------------------------------------------
12 // Imports 12 // Imports
13 13
14 var GlobalObject = global.Object; 14 var GlobalObject = global.Object;
15 var MakeRangeError;
15 var MakeTypeError; 16 var MakeTypeError;
16 var MaxSimple; 17 var MaxSimple;
17 var toStringTagSymbol = utils.ImportNow("to_string_tag_symbol"); 18 var toStringTagSymbol = utils.ImportNow("to_string_tag_symbol");
18 19
19 utils.Import(function(from) { 20 utils.Import(function(from) {
20 MakeTypeError = from.MakeTypeError; 21 MakeTypeError = from.MakeTypeError;
22 MakeRangeError = from.MakeRangeError;
21 MaxSimple = from.MaxSimple; 23 MaxSimple = from.MaxSimple;
22 }); 24 });
23 25
24 // ------------------------------------------------------------------- 26 // -------------------------------------------------------------------
25 27
26 28
27 function CheckSharedIntegerTypedArray(ia) { 29 function CheckSharedIntegerTypedArray(ia) {
28 if (!%IsSharedIntegerTypedArray(ia)) { 30 if (!%IsSharedIntegerTypedArray(ia)) {
29 throw MakeTypeError(kNotIntegerSharedTypedArray, ia); 31 throw MakeTypeError(kNotIntegerSharedTypedArray, ia);
30 } 32 }
31 } 33 }
32 34
33 function CheckSharedInteger32TypedArray(ia) { 35 function CheckSharedInteger32TypedArray(ia) {
34 CheckSharedIntegerTypedArray(ia); 36 CheckSharedIntegerTypedArray(ia);
35 if (!%IsSharedInteger32TypedArray(ia)) { 37 if (!%IsSharedInteger32TypedArray(ia)) {
36 throw MakeTypeError(kNotInt32SharedTypedArray, ia); 38 throw MakeTypeError(kNotInt32SharedTypedArray, ia);
37 } 39 }
38 } 40 }
39 41
42 // https://tc39.github.io/ecmascript_sharedmem/shmem.html#Atomics.ValidateAtomic Access
43 function ValidateIndex(index, length) {
44 var numberIndex = TO_NUMBER(index);
45 var accessIndex = TO_INTEGER(numberIndex);
46 if (numberIndex !== accessIndex) {
47 throw MakeRangeError(kInvalidAtomicAccessIndex);
48 }
49 if (accessIndex < 0 || accessIndex >= length) {
50 throw MakeRangeError(kInvalidAtomicAccessIndex);
51 }
52 return accessIndex;
53 }
54
40 //------------------------------------------------------------------- 55 //-------------------------------------------------------------------
41 56
42 function AtomicsCompareExchangeJS(sta, index, oldValue, newValue) { 57 function AtomicsCompareExchangeJS(sta, index, oldValue, newValue) {
43 CheckSharedIntegerTypedArray(sta); 58 CheckSharedIntegerTypedArray(sta);
44 index = TO_INTEGER(index); 59 index = ValidateIndex(index, %_TypedArrayGetLength(sta));
45 if (index < 0 || index >= %_TypedArrayGetLength(sta)) {
46 return UNDEFINED;
47 }
48 oldValue = TO_NUMBER(oldValue); 60 oldValue = TO_NUMBER(oldValue);
49 newValue = TO_NUMBER(newValue); 61 newValue = TO_NUMBER(newValue);
50 return %_AtomicsCompareExchange(sta, index, oldValue, newValue); 62 return %_AtomicsCompareExchange(sta, index, oldValue, newValue);
51 } 63 }
52 64
53 function AtomicsLoadJS(sta, index) { 65 function AtomicsLoadJS(sta, index) {
54 CheckSharedIntegerTypedArray(sta); 66 CheckSharedIntegerTypedArray(sta);
55 index = TO_INTEGER(index); 67 index = ValidateIndex(index, %_TypedArrayGetLength(sta));
56 if (index < 0 || index >= %_TypedArrayGetLength(sta)) {
57 return UNDEFINED;
58 }
59 return %_AtomicsLoad(sta, index); 68 return %_AtomicsLoad(sta, index);
60 } 69 }
61 70
62 function AtomicsStoreJS(sta, index, value) { 71 function AtomicsStoreJS(sta, index, value) {
63 CheckSharedIntegerTypedArray(sta); 72 CheckSharedIntegerTypedArray(sta);
64 index = TO_INTEGER(index); 73 index = ValidateIndex(index, %_TypedArrayGetLength(sta));
65 if (index < 0 || index >= %_TypedArrayGetLength(sta)) {
66 return UNDEFINED;
67 }
68 value = TO_NUMBER(value); 74 value = TO_NUMBER(value);
69 return %_AtomicsStore(sta, index, value); 75 return %_AtomicsStore(sta, index, value);
70 } 76 }
71 77
72 function AtomicsAddJS(ia, index, value) { 78 function AtomicsAddJS(ia, index, value) {
73 CheckSharedIntegerTypedArray(ia); 79 CheckSharedIntegerTypedArray(ia);
74 index = TO_INTEGER(index); 80 index = ValidateIndex(index, %_TypedArrayGetLength(ia));
75 if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
76 return UNDEFINED;
77 }
78 value = TO_NUMBER(value); 81 value = TO_NUMBER(value);
79 return %_AtomicsAdd(ia, index, value); 82 return %_AtomicsAdd(ia, index, value);
80 } 83 }
81 84
82 function AtomicsSubJS(ia, index, value) { 85 function AtomicsSubJS(ia, index, value) {
83 CheckSharedIntegerTypedArray(ia); 86 CheckSharedIntegerTypedArray(ia);
84 index = TO_INTEGER(index); 87 index = ValidateIndex(index, %_TypedArrayGetLength(ia));
85 if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
86 return UNDEFINED;
87 }
88 value = TO_NUMBER(value); 88 value = TO_NUMBER(value);
89 return %_AtomicsSub(ia, index, value); 89 return %_AtomicsSub(ia, index, value);
90 } 90 }
91 91
92 function AtomicsAndJS(ia, index, value) { 92 function AtomicsAndJS(ia, index, value) {
93 CheckSharedIntegerTypedArray(ia); 93 CheckSharedIntegerTypedArray(ia);
94 index = TO_INTEGER(index); 94 index = ValidateIndex(index, %_TypedArrayGetLength(ia));
95 if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
96 return UNDEFINED;
97 }
98 value = TO_NUMBER(value); 95 value = TO_NUMBER(value);
99 return %_AtomicsAnd(ia, index, value); 96 return %_AtomicsAnd(ia, index, value);
100 } 97 }
101 98
102 function AtomicsOrJS(ia, index, value) { 99 function AtomicsOrJS(ia, index, value) {
103 CheckSharedIntegerTypedArray(ia); 100 CheckSharedIntegerTypedArray(ia);
104 index = TO_INTEGER(index); 101 index = ValidateIndex(index, %_TypedArrayGetLength(ia));
105 if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
106 return UNDEFINED;
107 }
108 value = TO_NUMBER(value); 102 value = TO_NUMBER(value);
109 return %_AtomicsOr(ia, index, value); 103 return %_AtomicsOr(ia, index, value);
110 } 104 }
111 105
112 function AtomicsXorJS(ia, index, value) { 106 function AtomicsXorJS(ia, index, value) {
113 CheckSharedIntegerTypedArray(ia); 107 CheckSharedIntegerTypedArray(ia);
114 index = TO_INTEGER(index); 108 index = ValidateIndex(index, %_TypedArrayGetLength(ia));
115 if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
116 return UNDEFINED;
117 }
118 value = TO_NUMBER(value); 109 value = TO_NUMBER(value);
119 return %_AtomicsXor(ia, index, value); 110 return %_AtomicsXor(ia, index, value);
120 } 111 }
121 112
122 function AtomicsExchangeJS(ia, index, value) { 113 function AtomicsExchangeJS(ia, index, value) {
123 CheckSharedIntegerTypedArray(ia); 114 CheckSharedIntegerTypedArray(ia);
124 index = TO_INTEGER(index); 115 index = ValidateIndex(index, %_TypedArrayGetLength(ia));
125 if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
126 return UNDEFINED;
127 }
128 value = TO_NUMBER(value); 116 value = TO_NUMBER(value);
129 return %_AtomicsExchange(ia, index, value); 117 return %_AtomicsExchange(ia, index, value);
130 } 118 }
131 119
132 function AtomicsIsLockFreeJS(size) { 120 function AtomicsIsLockFreeJS(size) {
133 return %_AtomicsIsLockFree(size); 121 return %_AtomicsIsLockFree(size);
134 } 122 }
135 123
136 // Futexes 124 // Futexes
137 125
138 function AtomicsFutexWaitJS(ia, index, value, timeout) { 126 function AtomicsFutexWaitJS(ia, index, value, timeout) {
139 CheckSharedInteger32TypedArray(ia); 127 CheckSharedInteger32TypedArray(ia);
140 index = TO_INTEGER(index); 128 index = ValidateIndex(index, %_TypedArrayGetLength(ia));
141 if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
142 return UNDEFINED;
143 }
144 if (IS_UNDEFINED(timeout)) { 129 if (IS_UNDEFINED(timeout)) {
145 timeout = INFINITY; 130 timeout = INFINITY;
146 } else { 131 } else {
147 timeout = TO_NUMBER(timeout); 132 timeout = TO_NUMBER(timeout);
148 if (NUMBER_IS_NAN(timeout)) { 133 if (NUMBER_IS_NAN(timeout)) {
149 timeout = INFINITY; 134 timeout = INFINITY;
150 } else { 135 } else {
151 timeout = MaxSimple(0, timeout); 136 timeout = MaxSimple(0, timeout);
152 } 137 }
153 } 138 }
154 return %AtomicsFutexWait(ia, index, value, timeout); 139 return %AtomicsFutexWait(ia, index, value, timeout);
155 } 140 }
156 141
157 function AtomicsFutexWakeJS(ia, index, count) { 142 function AtomicsFutexWakeJS(ia, index, count) {
158 CheckSharedInteger32TypedArray(ia); 143 CheckSharedInteger32TypedArray(ia);
159 index = TO_INTEGER(index); 144 index = ValidateIndex(index, %_TypedArrayGetLength(ia));
160 if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
161 return UNDEFINED;
162 }
163 count = MaxSimple(0, TO_INTEGER(count)); 145 count = MaxSimple(0, TO_INTEGER(count));
164 return %AtomicsFutexWake(ia, index, count); 146 return %AtomicsFutexWake(ia, index, count);
165 } 147 }
166 148
167 function AtomicsFutexWakeOrRequeueJS(ia, index1, count, value, index2) { 149 function AtomicsFutexWakeOrRequeueJS(ia, index1, count, value, index2) {
168 CheckSharedInteger32TypedArray(ia); 150 CheckSharedInteger32TypedArray(ia);
169 index1 = TO_INTEGER(index1); 151 index1 = ValidateIndex(index1, %_TypedArrayGetLength(ia));
170 count = MaxSimple(0, TO_INTEGER(count)); 152 count = MaxSimple(0, TO_INTEGER(count));
171 value = TO_INT32(value); 153 value = TO_INT32(value);
172 index2 = TO_INTEGER(index2); 154 index2 = ValidateIndex(index2, %_TypedArrayGetLength(ia));
173 if (index1 < 0 || index1 >= %_TypedArrayGetLength(ia) || 155 if (index1 < 0 || index1 >= %_TypedArrayGetLength(ia) ||
174 index2 < 0 || index2 >= %_TypedArrayGetLength(ia)) { 156 index2 < 0 || index2 >= %_TypedArrayGetLength(ia)) {
175 return UNDEFINED; 157 return UNDEFINED;
176 } 158 }
177 return %AtomicsFutexWakeOrRequeue(ia, index1, count, value, index2); 159 return %AtomicsFutexWakeOrRequeue(ia, index1, count, value, index2);
178 } 160 }
179 161
180 // ------------------------------------------------------------------- 162 // -------------------------------------------------------------------
181 163
182 function AtomicsConstructor() {} 164 function AtomicsConstructor() {}
(...skipping 23 matching lines...) Expand all
206 "or", AtomicsOrJS, 188 "or", AtomicsOrJS,
207 "xor", AtomicsXorJS, 189 "xor", AtomicsXorJS,
208 "exchange", AtomicsExchangeJS, 190 "exchange", AtomicsExchangeJS,
209 "isLockFree", AtomicsIsLockFreeJS, 191 "isLockFree", AtomicsIsLockFreeJS,
210 "futexWait", AtomicsFutexWaitJS, 192 "futexWait", AtomicsFutexWaitJS,
211 "futexWake", AtomicsFutexWakeJS, 193 "futexWake", AtomicsFutexWakeJS,
212 "futexWakeOrRequeue", AtomicsFutexWakeOrRequeueJS, 194 "futexWakeOrRequeue", AtomicsFutexWakeOrRequeueJS,
213 ]); 195 ]);
214 196
215 }) 197 })
OLDNEW
« no previous file with comments | « no previous file | src/js/prologue.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698