[Atomics] Fix atomic access index validation

src/js/harmony-atomics.js

Index: src/js/harmony-atomics.js
diff --git a/src/js/harmony-atomics.js b/src/js/harmony-atomics.js
index b861a2a47188c498fa202ef085c1013fa49bc17f..9f80227426b41f106d34bf1604702be0ad2ae377 100644
--- a/src/js/harmony-atomics.js
+++ b/src/js/harmony-atomics.js
@@ -12,12 +12,14 @@
 // Imports
 
 var GlobalObject = global.Object;
+var MakeRangeError;
 var MakeTypeError;
 var MaxSimple;
 var toStringTagSymbol = utils.ImportNow("to_string_tag_symbol");
 
 utils.Import(function(from) {
   MakeTypeError = from.MakeTypeError;
+  MakeRangeError = from.MakeRangeError;
   MaxSimple = from.MaxSimple;
 });
 
@@ -37,14 +39,24 @@ function CheckSharedInteger32TypedArray(ia) {
   }
 }
 
+// https://tc39.github.io/ecmascript_sharedmem/shmem.html#Atomics.ValidateAtomicAccess
+function ValidateIndex(index, length) {
+  var numberIndex = TO_NUMBER(index);
+  var accessIndex = TO_INTEGER(numberIndex);
+  if (numberIndex !== accessIndex) {
+    throw MakeRangeError(kInvalidAtomicAccessIndex);
+  }
+  if (accessIndex < 0 || accessIndex >= length) {
+    throw MakeRangeError(kInvalidAtomicAccessIndex);
+  }
+  return accessIndex;
+}
+
 //-------------------------------------------------------------------
 
 function AtomicsCompareExchangeJS(sta, index, oldValue, newValue) {
   CheckSharedIntegerTypedArray(sta);
-  index = TO_INTEGER(index);
-  if (index < 0 || index >= %_TypedArrayGetLength(sta)) {
-    return UNDEFINED;
-  }
+  index = ValidateIndex(index, %_TypedArrayGetLength(sta));
   oldValue = TO_NUMBER(oldValue);
   newValue = TO_NUMBER(newValue);
   return %_AtomicsCompareExchange(sta, index, oldValue, newValue);
@@ -52,79 +64,55 @@ function AtomicsCompareExchangeJS(sta, index, oldValue, newValue) {
 
 function AtomicsLoadJS(sta, index) {
   CheckSharedIntegerTypedArray(sta);
-  index = TO_INTEGER(index);
-  if (index < 0 || index >= %_TypedArrayGetLength(sta)) {
-    return UNDEFINED;
-  }
+  index = ValidateIndex(index, %_TypedArrayGetLength(sta));
   return %_AtomicsLoad(sta, index);
 }
 
 function AtomicsStoreJS(sta, index, value) {
   CheckSharedIntegerTypedArray(sta);
-  index = TO_INTEGER(index);
-  if (index < 0 || index >= %_TypedArrayGetLength(sta)) {
-    return UNDEFINED;
-  }
+  index = ValidateIndex(index, %_TypedArrayGetLength(sta));
   value = TO_NUMBER(value);
   return %_AtomicsStore(sta, index, value);
 }
 
 function AtomicsAddJS(ia, index, value) {
   CheckSharedIntegerTypedArray(ia);
-  index = TO_INTEGER(index);
-  if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
-    return UNDEFINED;
-  }
+  index = ValidateIndex(index, %_TypedArrayGetLength(ia));
   value = TO_NUMBER(value);
   return %_AtomicsAdd(ia, index, value);
 }
 
 function AtomicsSubJS(ia, index, value) {
   CheckSharedIntegerTypedArray(ia);
-  index = TO_INTEGER(index);
-  if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
-    return UNDEFINED;
-  }
+  index = ValidateIndex(index, %_TypedArrayGetLength(ia));
   value = TO_NUMBER(value);
   return %_AtomicsSub(ia, index, value);
 }
 
 function AtomicsAndJS(ia, index, value) {
   CheckSharedIntegerTypedArray(ia);
-  index = TO_INTEGER(index);
-  if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
-    return UNDEFINED;
-  }
+  index = ValidateIndex(index, %_TypedArrayGetLength(ia));
   value = TO_NUMBER(value);
   return %_AtomicsAnd(ia, index, value);
 }
 
 function AtomicsOrJS(ia, index, value) {
   CheckSharedIntegerTypedArray(ia);
-  index = TO_INTEGER(index);
-  if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
-    return UNDEFINED;
-  }
+  index = ValidateIndex(index, %_TypedArrayGetLength(ia));
   value = TO_NUMBER(value);
   return %_AtomicsOr(ia, index, value);
 }
 
 function AtomicsXorJS(ia, index, value) {
   CheckSharedIntegerTypedArray(ia);
-  index = TO_INTEGER(index);
-  if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
-    return UNDEFINED;
-  }
+  index = ValidateIndex(index, %_TypedArrayGetLength(ia));
   value = TO_NUMBER(value);
   return %_AtomicsXor(ia, index, value);
 }
 
 function AtomicsExchangeJS(ia, index, value) {
   CheckSharedIntegerTypedArray(ia);
-  index = TO_INTEGER(index);
-  if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
-    return UNDEFINED;
-  }
+  index = ValidateIndex(index, %_TypedArrayGetLength(ia));
   value = TO_NUMBER(value);
   return %_AtomicsExchange(ia, index, value);
 }
@@ -137,10 +125,7 @@ function AtomicsIsLockFreeJS(size) {
 
 function AtomicsFutexWaitJS(ia, index, value, timeout) {
   CheckSharedInteger32TypedArray(ia);
-  index = TO_INTEGER(index);
-  if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
-    return UNDEFINED;
-  }
+  index = ValidateIndex(index, %_TypedArrayGetLength(ia));
   if (IS_UNDEFINED(timeout)) {
     timeout = INFINITY;
   } else {
@@ -156,20 +141,17 @@ function AtomicsFutexWaitJS(ia, index, value, timeout) {
 
 function AtomicsFutexWakeJS(ia, index, count) {
   CheckSharedInteger32TypedArray(ia);
-  index = TO_INTEGER(index);
-  if (index < 0 || index >= %_TypedArrayGetLength(ia)) {
-    return UNDEFINED;
-  }
+  index = ValidateIndex(index, %_TypedArrayGetLength(ia));
   count = MaxSimple(0, TO_INTEGER(count));
   return %AtomicsFutexWake(ia, index, count);
 }
 
 function AtomicsFutexWakeOrRequeueJS(ia, index1, count, value, index2) {
   CheckSharedInteger32TypedArray(ia);
-  index1 = TO_INTEGER(index1);
+  index1 = ValidateIndex(index1, %_TypedArrayGetLength(ia));
   count = MaxSimple(0, TO_INTEGER(count));
   value = TO_INT32(value);
-  index2 = TO_INTEGER(index2);
+  index2 = ValidateIndex(index2, %_TypedArrayGetLength(ia));
   if (index1 < 0 || index1 >= %_TypedArrayGetLength(ia) ||
       index2 < 0 || index2 >= %_TypedArrayGetLength(ia)) {
     return UNDEFINED;