Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(75)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/crankshaft/hydrogen.cc

Issue 2371963002: [crankshaft] TypedArrayInitialize: force length to be a Smi (Closed)
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-650404.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 the V8 project authors. All rights reserved. 1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/crankshaft/hydrogen.h" 5 #include "src/crankshaft/hydrogen.h"
6 6
7 #include <memory> 7 #include <memory>
8 #include <sstream> 8 #include <sstream>
9 9
10 #include "src/allocation-site-scopes.h" 10 #include "src/allocation-site-scopes.h"
(...skipping 10255 matching lines...) Expand 10 before | Expand all | Expand 10 after
10266 HValue* allocated_buffer = buffer; 10266 HValue* allocated_buffer = buffer;
10267 if (buffer == NULL) { 10267 if (buffer == NULL) {
10268 allocated_buffer = BuildAllocateEmptyArrayBuffer(byte_length); 10268 allocated_buffer = BuildAllocateEmptyArrayBuffer(byte_length);
10269 } 10269 }
10270 BuildArrayBufferViewInitialization<JSTypedArray>(obj, allocated_buffer, 10270 BuildArrayBufferViewInitialization<JSTypedArray>(obj, allocated_buffer,
10271 byte_offset, byte_length); 10271 byte_offset, byte_length);
10272 10272
10273 10273
10274 HInstruction* length = AddUncasted<HDiv>(byte_length, 10274 HInstruction* length = AddUncasted<HDiv>(byte_length,
10275 Add<HConstant>(static_cast<int32_t>(element_size))); 10275 Add<HConstant>(static_cast<int32_t>(element_size)));
10276 // Callers (in typedarray.js) ensure that length <= %_MaxSmi().
10277 length = AddUncasted<HForceRepresentation>(length, Representation::Smi());
10276 10278
10277 Add<HStoreNamedField>(obj, 10279 Add<HStoreNamedField>(obj,
10278 HObjectAccess::ForJSTypedArrayLength(), 10280 HObjectAccess::ForJSTypedArrayLength(),
10279 length); 10281 length);
10280 10282
10281 HValue* elements; 10283 HValue* elements;
10282 if (buffer != NULL) { 10284 if (buffer != NULL) {
10283 elements = BuildAllocateExternalElements( 10285 elements = BuildAllocateExternalElements(
10284 array_type, is_zero_byte_offset, buffer, byte_offset, length); 10286 array_type, is_zero_byte_offset, buffer, byte_offset, length);
10285 } else { 10287 } else {
(...skipping 3008 matching lines...) Expand 10 before | Expand all | Expand 10 after
13294 isolate()->GetHTracer()->TraceHydrogen(name(), graph_); 13296 isolate()->GetHTracer()->TraceHydrogen(name(), graph_);
13295 } 13297 }
13296 13298
13297 #ifdef DEBUG 13299 #ifdef DEBUG
13298 graph_->Verify(false); // No full verify. 13300 graph_->Verify(false); // No full verify.
13299 #endif 13301 #endif
13300 } 13302 }
13301 13303
13302 } // namespace internal 13304 } // namespace internal
13303 } // namespace v8 13305 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-650404.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698