src/isolate.cc - Issue 2348293002: [crankshaft] Protect against deopt loops from string length overflows. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(302)

My Issues | Starred Open | Closed | All

Unified Diff: src/isolate.cc

Issue 2348293002: [crankshaft] Protect against deopt loops from string length overflows. (Closed)

Patch Set: Fix MSAN Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « src/isolate.h ('k') | src/isolate-inl.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: src/isolate.cc

diff --git a/src/isolate.cc b/src/isolate.cc

index 02e0877117e87678938a67f307cbc7daeec53864..cf319454d39ea1ef53b0fa9cd8c3d5331883ac1f 100644

--- a/src/isolate.cc

+++ b/src/isolate.cc

@@ -2818,6 +2818,15 @@ void Isolate::InvalidateArraySpeciesProtector() {

DCHECK(!IsArraySpeciesLookupChainIntact());

}

+void Isolate::InvalidateStringLengthOverflowProtector() {

+ DCHECK(factory()->string_length_protector()->value()->IsSmi());

+ DCHECK(IsStringLengthOverflowIntact());

+ PropertyCell::SetValueWithInvalidation(

+ factory()->string_length_protector(),

+ handle(Smi::FromInt(kArrayProtectorInvalid), this));

+ DCHECK(!IsStringLengthOverflowIntact());

+}

+

bool Isolate::IsAnyInitialArrayPrototype(Handle<JSArray> array) {

DisallowHeapAllocation no_gc;

return IsInAnyContext(*array, Context::INITIAL_ARRAY_PROTOTYPE_INDEX);

« no previous file with comments | « src/isolate.h ('k') | src/isolate-inl.h » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698