| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 915 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 926 | 926 |
| 927 Handle<JSArrayBuffer> buffer = isolate->factory()->NewJSArrayBuffer(); | 927 Handle<JSArrayBuffer> buffer = isolate->factory()->NewJSArrayBuffer(); |
| 928 size_t length = NumberToSize(isolate, *length_obj); | 928 size_t length = NumberToSize(isolate, *length_obj); |
| 929 size_t byte_length = length * element_size; | 929 size_t byte_length = length * element_size; |
| 930 if (byte_length < length) { // Overflow | 930 if (byte_length < length) { // Overflow |
| 931 return isolate->Throw(*isolate->factory()-> | 931 return isolate->Throw(*isolate->factory()-> |
| 932 NewRangeError("invalid_array_buffer_length", | 932 NewRangeError("invalid_array_buffer_length", |
| 933 HandleVector<Object>(NULL, 0))); | 933 HandleVector<Object>(NULL, 0))); |
| 934 } | 934 } |
| 935 | 935 |
| 936 // NOTE: not initializing backing store. |
| 936 // We assume that the caller of this function will initialize holder | 937 // We assume that the caller of this function will initialize holder |
| 937 // with the loop | 938 // with the loop |
| 938 // for(i = 0; i < length; i++) { holder[i] = source[i]; } | 939 // for(i = 0; i < length; i++) { holder[i] = source[i]; } |
| 940 // We assume that the caller of this function is always a typed array |
| 941 // constructor. |
| 939 // If source is a typed array, this loop will always run to completion, | 942 // If source is a typed array, this loop will always run to completion, |
| 940 // so we are sure that the backing store will be initialized. | 943 // so we are sure that the backing store will be initialized. |
| 941 // Otherwise, we do not know (the indexing operation might throw). | 944 // Otherwise, the indexing operation might throw, so the loop will not |
| 942 // Hence we require zero initialization unless our source is a typed array. | 945 // run to completion and the typed array might remain partly initialized. |
| 943 bool should_zero_initialize = !source->IsJSTypedArray(); | 946 // However we further assume that the caller of this function is a typed array |
| 947 // constructor, and the exception will propagate out of the constructor, |
| 948 // therefore uninitialized memory will not be accessible by a user program. |
| 949 // |
| 950 // TODO(dslomov): revise this once we support subclassing. |
| 944 | 951 |
| 945 if (!Runtime::SetupArrayBufferAllocatingData( | 952 if (!Runtime::SetupArrayBufferAllocatingData( |
| 946 isolate, buffer, byte_length, should_zero_initialize)) { | 953 isolate, buffer, byte_length, false)) { |
| 947 return isolate->Throw(*isolate->factory()-> | 954 return isolate->Throw(*isolate->factory()-> |
| 948 NewRangeError("invalid_array_buffer_length", | 955 NewRangeError("invalid_array_buffer_length", |
| 949 HandleVector<Object>(NULL, 0))); | 956 HandleVector<Object>(NULL, 0))); |
| 950 } | 957 } |
| 951 | 958 |
| 952 holder->set_buffer(*buffer); | 959 holder->set_buffer(*buffer); |
| 953 holder->set_byte_offset(Smi::FromInt(0)); | 960 holder->set_byte_offset(Smi::FromInt(0)); |
| 954 Handle<Object> byte_length_obj( | 961 Handle<Object> byte_length_obj( |
| 955 isolate->factory()->NewNumberFromSize(byte_length)); | 962 isolate->factory()->NewNumberFromSize(byte_length)); |
| 956 holder->set_byte_length(*byte_length_obj); | 963 holder->set_byte_length(*byte_length_obj); |
| (...skipping 13844 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 14801 // Handle last resort GC and make sure to allow future allocations | 14808 // Handle last resort GC and make sure to allow future allocations |
| 14802 // to grow the heap without causing GCs (if possible). | 14809 // to grow the heap without causing GCs (if possible). |
| 14803 isolate->counters()->gc_last_resort_from_js()->Increment(); | 14810 isolate->counters()->gc_last_resort_from_js()->Increment(); |
| 14804 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags, | 14811 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags, |
| 14805 "Runtime::PerformGC"); | 14812 "Runtime::PerformGC"); |
| 14806 } | 14813 } |
| 14807 } | 14814 } |
| 14808 | 14815 |
| 14809 | 14816 |
| 14810 } } // namespace v8::internal | 14817 } } // namespace v8::internal |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 23463050:
Allocate typed arrays uninitialized when constructing from array-like. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge