Chromium Code Reviews Chromium Code Reviews
Issue 255333004:
Harden more runtime functions (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge| OLD | NEW |
|---|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stdlib.h> | 5 #include <stdlib.h> |
| 6 #include <limits> | 6 #include <limits> |
| 7 | 7 |
| 8 #include "v8.h" | 8 #include "v8.h" |
| 9 | 9 |
| 10 #include "accessors.h" | 10 #include "accessors.h" |
| (...skipping 939 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 950 | 950 |
| 951 RUNTIME_FUNCTION(Runtime_TypedArrayInitialize) { | 951 RUNTIME_FUNCTION(Runtime_TypedArrayInitialize) { |
| 952 HandleScope scope(isolate); | 952 HandleScope scope(isolate); |
| 953 ASSERT(args.length() == 5); | 953 ASSERT(args.length() == 5); |
| 954 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, holder, 0); | 954 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, holder, 0); |
| 955 CONVERT_SMI_ARG_CHECKED(arrayId, 1); | 955 CONVERT_SMI_ARG_CHECKED(arrayId, 1); |
| 956 CONVERT_ARG_HANDLE_CHECKED(Object, maybe_buffer, 2); | 956 CONVERT_ARG_HANDLE_CHECKED(Object, maybe_buffer, 2); |
| 957 CONVERT_NUMBER_ARG_HANDLE_CHECKED(byte_offset_object, 3); | 957 CONVERT_NUMBER_ARG_HANDLE_CHECKED(byte_offset_object, 3); |
| 958 CONVERT_NUMBER_ARG_HANDLE_CHECKED(byte_length_object, 4); | 958 CONVERT_NUMBER_ARG_HANDLE_CHECKED(byte_length_object, 4); |
| 959 | 959 |
| 960 // See enum TypedArrayId in runtime.h. | |
| 961 RUNTIME_ASSERT(arrayId >= 1 && arrayId <= 9); | |
|
Dmitry Lomov (no reviews)
2014/04/30 13:09:15
Add FIRST_ and LAST_ to TypedArrayId enum instead
Jakob Kummerow
2014/04/30 13:15:35
Done.
| |
| 962 RUNTIME_ASSERT(maybe_buffer->IsNull() || maybe_buffer->IsJSArrayBuffer()); | |
| 963 | |
| 960 ASSERT(holder->GetInternalFieldCount() == | 964 ASSERT(holder->GetInternalFieldCount() == |
| 961 v8::ArrayBufferView::kInternalFieldCount); | 965 v8::ArrayBufferView::kInternalFieldCount); |
| 962 for (int i = 0; i < v8::ArrayBufferView::kInternalFieldCount; i++) { | 966 for (int i = 0; i < v8::ArrayBufferView::kInternalFieldCount; i++) { |
| 963 holder->SetInternalField(i, Smi::FromInt(0)); | 967 holder->SetInternalField(i, Smi::FromInt(0)); |
| 964 } | 968 } |
| 965 | 969 |
| 966 ExternalArrayType array_type = kExternalInt8Array; // Bogus initialization. | 970 ExternalArrayType array_type = kExternalInt8Array; // Bogus initialization. |
| 967 size_t element_size = 1; // Bogus initialization. | 971 size_t element_size = 1; // Bogus initialization. |
| 968 ElementsKind external_elements_kind = | 972 ElementsKind external_elements_kind = |
| 969 EXTERNAL_INT8_ELEMENTS; // Bogus initialization. | 973 EXTERNAL_INT8_ELEMENTS; // Bogus initialization. |
| (...skipping 21 matching lines...) Expand all Loading... | |
| 991 HandleVector<Object>(NULL, 0))); | 995 HandleVector<Object>(NULL, 0))); |
| 992 } | 996 } |
| 993 | 997 |
| 994 Handle<Object> length_obj = isolate->factory()->NewNumberFromSize(length); | 998 Handle<Object> length_obj = isolate->factory()->NewNumberFromSize(length); |
| 995 holder->set_length(*length_obj); | 999 holder->set_length(*length_obj); |
| 996 if (!maybe_buffer->IsNull()) { | 1000 if (!maybe_buffer->IsNull()) { |
| 997 Handle<JSArrayBuffer> buffer(JSArrayBuffer::cast(*maybe_buffer)); | 1001 Handle<JSArrayBuffer> buffer(JSArrayBuffer::cast(*maybe_buffer)); |
| 998 | 1002 |
| 999 size_t array_buffer_byte_length = | 1003 size_t array_buffer_byte_length = |
| 1000 NumberToSize(isolate, buffer->byte_length()); | 1004 NumberToSize(isolate, buffer->byte_length()); |
| 1001 CHECK(byte_offset <= array_buffer_byte_length); | 1005 RUNTIME_ASSERT(byte_offset <= array_buffer_byte_length); |
| 1002 CHECK(array_buffer_byte_length - byte_offset >= byte_length); | 1006 RUNTIME_ASSERT(array_buffer_byte_length - byte_offset >= byte_length); |
| 1003 | 1007 |
| 1004 holder->set_buffer(*buffer); | 1008 holder->set_buffer(*buffer); |
| 1005 holder->set_weak_next(buffer->weak_first_view()); | 1009 holder->set_weak_next(buffer->weak_first_view()); |
| 1006 buffer->set_weak_first_view(*holder); | 1010 buffer->set_weak_first_view(*holder); |
| 1007 | 1011 |
| 1008 Handle<ExternalArray> elements = | 1012 Handle<ExternalArray> elements = |
| 1009 isolate->factory()->NewExternalArray( | 1013 isolate->factory()->NewExternalArray( |
| 1010 static_cast<int>(length), array_type, | 1014 static_cast<int>(length), array_type, |
| 1011 static_cast<uint8_t*>(buffer->backing_store()) + byte_offset); | 1015 static_cast<uint8_t*>(buffer->backing_store()) + byte_offset); |
| 1012 Handle<Map> map = | 1016 Handle<Map> map = |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 1031 // | 1035 // |
| 1032 // Returns true if backing store was initialized or false otherwise. | 1036 // Returns true if backing store was initialized or false otherwise. |
| 1033 RUNTIME_FUNCTION(Runtime_TypedArrayInitializeFromArrayLike) { | 1037 RUNTIME_FUNCTION(Runtime_TypedArrayInitializeFromArrayLike) { |
| 1034 HandleScope scope(isolate); | 1038 HandleScope scope(isolate); |
| 1035 ASSERT(args.length() == 4); | 1039 ASSERT(args.length() == 4); |
| 1036 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, holder, 0); | 1040 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, holder, 0); |
| 1037 CONVERT_SMI_ARG_CHECKED(arrayId, 1); | 1041 CONVERT_SMI_ARG_CHECKED(arrayId, 1); |
| 1038 CONVERT_ARG_HANDLE_CHECKED(Object, source, 2); | 1042 CONVERT_ARG_HANDLE_CHECKED(Object, source, 2); |
| 1039 CONVERT_NUMBER_ARG_HANDLE_CHECKED(length_obj, 3); | 1043 CONVERT_NUMBER_ARG_HANDLE_CHECKED(length_obj, 3); |
| 1040 | 1044 |
| 1045 // See enum TypedArrayId in runtime.h. | |
| 1046 RUNTIME_ASSERT(arrayId >= 1 && arrayId <= 9); | |
|
Dmitry Lomov (no reviews)
2014/04/30 13:09:15
Ditto.
Jakob Kummerow
2014/04/30 13:15:35
Done.
| |
| 1047 | |
| 1041 ASSERT(holder->GetInternalFieldCount() == | 1048 ASSERT(holder->GetInternalFieldCount() == |
| 1042 v8::ArrayBufferView::kInternalFieldCount); | 1049 v8::ArrayBufferView::kInternalFieldCount); |
| 1043 for (int i = 0; i < v8::ArrayBufferView::kInternalFieldCount; i++) { | 1050 for (int i = 0; i < v8::ArrayBufferView::kInternalFieldCount; i++) { |
| 1044 holder->SetInternalField(i, Smi::FromInt(0)); | 1051 holder->SetInternalField(i, Smi::FromInt(0)); |
| 1045 } | 1052 } |
| 1046 | 1053 |
| 1047 ExternalArrayType array_type = kExternalInt8Array; // Bogus initialization. | 1054 ExternalArrayType array_type = kExternalInt8Array; // Bogus initialization. |
| 1048 size_t element_size = 1; // Bogus initialization. | 1055 size_t element_size = 1; // Bogus initialization. |
| 1049 ElementsKind external_elements_kind = | 1056 ElementsKind external_elements_kind = |
| 1050 EXTERNAL_INT8_ELEMENTS; // Bogus intialization. | 1057 EXTERNAL_INT8_ELEMENTS; // Bogus intialization. |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1179 | 1186 |
| 1180 if (!args[1]->IsJSTypedArray()) | 1187 if (!args[1]->IsJSTypedArray()) |
| 1181 return Smi::FromInt(TYPED_ARRAY_SET_NON_TYPED_ARRAY); | 1188 return Smi::FromInt(TYPED_ARRAY_SET_NON_TYPED_ARRAY); |
| 1182 | 1189 |
| 1183 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, target_obj, 0); | 1190 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, target_obj, 0); |
| 1184 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, source_obj, 1); | 1191 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, source_obj, 1); |
| 1185 CONVERT_NUMBER_ARG_HANDLE_CHECKED(offset_obj, 2); | 1192 CONVERT_NUMBER_ARG_HANDLE_CHECKED(offset_obj, 2); |
| 1186 | 1193 |
| 1187 Handle<JSTypedArray> target(JSTypedArray::cast(*target_obj)); | 1194 Handle<JSTypedArray> target(JSTypedArray::cast(*target_obj)); |
| 1188 Handle<JSTypedArray> source(JSTypedArray::cast(*source_obj)); | 1195 Handle<JSTypedArray> source(JSTypedArray::cast(*source_obj)); |
| 1189 size_t offset = NumberToSize(isolate, *offset_obj); | 1196 size_t offset = 0; |
| 1197 RUNTIME_ASSERT(TryNumberToSize(isolate, *offset_obj, &offset)); | |
| 1190 size_t target_length = NumberToSize(isolate, target->length()); | 1198 size_t target_length = NumberToSize(isolate, target->length()); |
| 1191 size_t source_length = NumberToSize(isolate, source->length()); | 1199 size_t source_length = NumberToSize(isolate, source->length()); |
| 1192 size_t target_byte_length = NumberToSize(isolate, target->byte_length()); | 1200 size_t target_byte_length = NumberToSize(isolate, target->byte_length()); |
| 1193 size_t source_byte_length = NumberToSize(isolate, source->byte_length()); | 1201 size_t source_byte_length = NumberToSize(isolate, source->byte_length()); |
| 1194 if (offset > target_length || | 1202 if (offset > target_length || |
| 1195 offset + source_length > target_length || | 1203 offset + source_length > target_length || |
| 1196 offset + source_length < offset) // overflow | 1204 offset + source_length < offset) // overflow |
| 1197 return isolate->Throw(*isolate->factory()->NewRangeError( | 1205 return isolate->Throw(*isolate->factory()->NewRangeError( |
| 1198 "typed_array_set_source_too_large", HandleVector<Object>(NULL, 0))); | 1206 "typed_array_set_source_too_large", HandleVector<Object>(NULL, 0))); |
| 1199 | 1207 |
| (...skipping 473 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1673 Handle<OrderedHashMap> table(OrderedHashMap::cast(holder->table())); | 1681 Handle<OrderedHashMap> table(OrderedHashMap::cast(holder->table())); |
| 1674 return Smi::FromInt(table->NumberOfElements()); | 1682 return Smi::FromInt(table->NumberOfElements()); |
| 1675 } | 1683 } |
| 1676 | 1684 |
| 1677 | 1685 |
| 1678 RUNTIME_FUNCTION(Runtime_MapCreateIterator) { | 1686 RUNTIME_FUNCTION(Runtime_MapCreateIterator) { |
| 1679 HandleScope scope(isolate); | 1687 HandleScope scope(isolate); |
| 1680 ASSERT(args.length() == 2); | 1688 ASSERT(args.length() == 2); |
| 1681 CONVERT_ARG_HANDLE_CHECKED(JSMap, holder, 0); | 1689 CONVERT_ARG_HANDLE_CHECKED(JSMap, holder, 0); |
| 1682 CONVERT_SMI_ARG_CHECKED(kind, 1) | 1690 CONVERT_SMI_ARG_CHECKED(kind, 1) |
| 1683 ASSERT(kind == JSMapIterator::kKindKeys | 1691 RUNTIME_ASSERT(kind == JSMapIterator::kKindKeys |
| 1684 || kind == JSMapIterator::kKindValues | 1692 || kind == JSMapIterator::kKindValues |
| 1685 || kind == JSMapIterator::kKindEntries); | 1693 || kind == JSMapIterator::kKindEntries); |
| 1686 Handle<OrderedHashMap> table(OrderedHashMap::cast(holder->table())); | 1694 Handle<OrderedHashMap> table(OrderedHashMap::cast(holder->table())); |
| 1687 return *JSMapIterator::Create(table, kind); | 1695 return *JSMapIterator::Create(table, kind); |
| 1688 } | 1696 } |
| 1689 | 1697 |
| 1690 | 1698 |
| 1691 RUNTIME_FUNCTION(Runtime_MapIteratorNext) { | 1699 RUNTIME_FUNCTION(Runtime_MapIteratorNext) { |
| 1692 HandleScope scope(isolate); | 1700 HandleScope scope(isolate); |
| 1693 ASSERT(args.length() == 1); | 1701 ASSERT(args.length() == 1); |
| (...skipping 506 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2200 HandleScope scope(isolate); | 2208 HandleScope scope(isolate); |
| 2201 ASSERT(args.length() == 6); | 2209 ASSERT(args.length() == 6); |
| 2202 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0); | 2210 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0); |
| 2203 CONVERT_ARG_HANDLE_CHECKED(Name, name, 1); | 2211 CONVERT_ARG_HANDLE_CHECKED(Name, name, 1); |
| 2204 CONVERT_ARG_HANDLE_CHECKED(Object, getter, 2); | 2212 CONVERT_ARG_HANDLE_CHECKED(Object, getter, 2); |
| 2205 CONVERT_ARG_HANDLE_CHECKED(Object, setter, 3); | 2213 CONVERT_ARG_HANDLE_CHECKED(Object, setter, 3); |
| 2206 CONVERT_SMI_ARG_CHECKED(attribute, 4); | 2214 CONVERT_SMI_ARG_CHECKED(attribute, 4); |
| 2207 CONVERT_SMI_ARG_CHECKED(access_control, 5); | 2215 CONVERT_SMI_ARG_CHECKED(access_control, 5); |
| 2208 RUNTIME_ASSERT(getter->IsUndefined() || getter->IsFunctionTemplateInfo()); | 2216 RUNTIME_ASSERT(getter->IsUndefined() || getter->IsFunctionTemplateInfo()); |
| 2209 RUNTIME_ASSERT(setter->IsUndefined() || setter->IsFunctionTemplateInfo()); | 2217 RUNTIME_ASSERT(setter->IsUndefined() || setter->IsFunctionTemplateInfo()); |
| 2218 RUNTIME_ASSERT(PropertyDetails::AttributesField::is_valid( | |
| 2219 static_cast<PropertyAttributes>(attribute))); | |
| 2210 JSObject::DefineAccessor(object, | 2220 JSObject::DefineAccessor(object, |
| 2211 name, | 2221 name, |
| 2212 InstantiateAccessorComponent(isolate, getter), | 2222 InstantiateAccessorComponent(isolate, getter), |
| 2213 InstantiateAccessorComponent(isolate, setter), | 2223 InstantiateAccessorComponent(isolate, setter), |
| 2214 static_cast<PropertyAttributes>(attribute), | 2224 static_cast<PropertyAttributes>(attribute), |
| 2215 static_cast<v8::AccessControl>(access_control)); | 2225 static_cast<v8::AccessControl>(access_control)); |
| 2216 return isolate->heap()->undefined_value(); | 2226 return isolate->heap()->undefined_value(); |
| 2217 } | 2227 } |
| 2218 | 2228 |
| 2219 | 2229 |
| (...skipping 433 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2653 | 2663 |
| 2654 return *value; | 2664 return *value; |
| 2655 } | 2665 } |
| 2656 | 2666 |
| 2657 | 2667 |
| 2658 RUNTIME_FUNCTION(Runtime_OptimizeObjectForAddingMultipleProperties) { | 2668 RUNTIME_FUNCTION(Runtime_OptimizeObjectForAddingMultipleProperties) { |
| 2659 HandleScope scope(isolate); | 2669 HandleScope scope(isolate); |
| 2660 ASSERT(args.length() == 2); | 2670 ASSERT(args.length() == 2); |
| 2661 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0); | 2671 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0); |
| 2662 CONVERT_SMI_ARG_CHECKED(properties, 1); | 2672 CONVERT_SMI_ARG_CHECKED(properties, 1); |
| 2673 // Conservative upper limit to prevent fuzz tests from going OOM. | |
| 2674 RUNTIME_ASSERT(properties <= 100000); | |
| 2663 if (object->HasFastProperties() && !object->IsJSGlobalProxy()) { | 2675 if (object->HasFastProperties() && !object->IsJSGlobalProxy()) { |
| 2664 JSObject::NormalizeProperties(object, KEEP_INOBJECT_PROPERTIES, properties); | 2676 JSObject::NormalizeProperties(object, KEEP_INOBJECT_PROPERTIES, properties); |
| 2665 } | 2677 } |
| 2666 return *object; | 2678 return *object; |
| 2667 } | 2679 } |
| 2668 | 2680 |
| 2669 | 2681 |
| 2670 RUNTIME_FUNCTION(RuntimeHidden_RegExpExec) { | 2682 RUNTIME_FUNCTION(RuntimeHidden_RegExpExec) { |
| 2671 HandleScope scope(isolate); | 2683 HandleScope scope(isolate); |
| 2672 ASSERT(args.length() == 4); | 2684 ASSERT(args.length() == 4); |
| (...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2934 CONVERT_ARG_CHECKED(JSFunction, f, 0); | 2946 CONVERT_ARG_CHECKED(JSFunction, f, 0); |
| 2935 return isolate->heap()->ToBoolean(f->shared()->is_generator()); | 2947 return isolate->heap()->ToBoolean(f->shared()->is_generator()); |
| 2936 } | 2948 } |
| 2937 | 2949 |
| 2938 | 2950 |
| 2939 RUNTIME_FUNCTION(Runtime_FunctionRemovePrototype) { | 2951 RUNTIME_FUNCTION(Runtime_FunctionRemovePrototype) { |
| 2940 SealHandleScope shs(isolate); | 2952 SealHandleScope shs(isolate); |
| 2941 ASSERT(args.length() == 1); | 2953 ASSERT(args.length() == 1); |
| 2942 | 2954 |
| 2943 CONVERT_ARG_CHECKED(JSFunction, f, 0); | 2955 CONVERT_ARG_CHECKED(JSFunction, f, 0); |
| 2944 f->RemovePrototype(); | 2956 RUNTIME_ASSERT(f->RemovePrototype()); |
| 2945 | 2957 |
| 2946 return isolate->heap()->undefined_value(); | 2958 return isolate->heap()->undefined_value(); |
| 2947 } | 2959 } |
| 2948 | 2960 |
| 2949 | 2961 |
| 2950 RUNTIME_FUNCTION(Runtime_FunctionGetScript) { | 2962 RUNTIME_FUNCTION(Runtime_FunctionGetScript) { |
| 2951 HandleScope scope(isolate); | 2963 HandleScope scope(isolate); |
| 2952 ASSERT(args.length() == 1); | 2964 ASSERT(args.length() == 1); |
| 2953 | 2965 |
| 2954 CONVERT_ARG_CHECKED(JSFunction, fun, 0); | 2966 CONVERT_ARG_CHECKED(JSFunction, fun, 0); |
| (...skipping 1670 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 4625 | 4637 |
| 4626 | 4638 |
| 4627 RUNTIME_FUNCTION(Runtime_StringMatch) { | 4639 RUNTIME_FUNCTION(Runtime_StringMatch) { |
| 4628 HandleScope handles(isolate); | 4640 HandleScope handles(isolate); |
| 4629 ASSERT(args.length() == 3); | 4641 ASSERT(args.length() == 3); |
| 4630 | 4642 |
| 4631 CONVERT_ARG_HANDLE_CHECKED(String, subject, 0); | 4643 CONVERT_ARG_HANDLE_CHECKED(String, subject, 0); |
| 4632 CONVERT_ARG_HANDLE_CHECKED(JSRegExp, regexp, 1); | 4644 CONVERT_ARG_HANDLE_CHECKED(JSRegExp, regexp, 1); |
| 4633 CONVERT_ARG_HANDLE_CHECKED(JSArray, regexp_info, 2); | 4645 CONVERT_ARG_HANDLE_CHECKED(JSArray, regexp_info, 2); |
| 4634 | 4646 |
| 4647 RUNTIME_ASSERT(regexp_info->HasFastObjectElements()); | |
| 4648 | |
| 4635 RegExpImpl::GlobalCache global_cache(regexp, subject, true, isolate); | 4649 RegExpImpl::GlobalCache global_cache(regexp, subject, true, isolate); |
| 4636 if (global_cache.HasException()) return isolate->heap()->exception(); | 4650 if (global_cache.HasException()) return isolate->heap()->exception(); |
| 4637 | 4651 |
| 4638 int capture_count = regexp->CaptureCount(); | 4652 int capture_count = regexp->CaptureCount(); |
| 4639 | 4653 |
| 4640 ZoneScope zone_scope(isolate->runtime_zone()); | 4654 ZoneScope zone_scope(isolate->runtime_zone()); |
| 4641 ZoneList<int> offsets(8, zone_scope.zone()); | 4655 ZoneList<int> offsets(8, zone_scope.zone()); |
| 4642 | 4656 |
| 4643 while (true) { | 4657 while (true) { |
| 4644 int32_t* match = global_cache.FetchNext(); | 4658 int32_t* match = global_cache.FetchNext(); |
| (...skipping 244 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 4889 } | 4903 } |
| 4890 | 4904 |
| 4891 | 4905 |
| 4892 RUNTIME_FUNCTION(Runtime_NumberToFixed) { | 4906 RUNTIME_FUNCTION(Runtime_NumberToFixed) { |
| 4893 HandleScope scope(isolate); | 4907 HandleScope scope(isolate); |
| 4894 ASSERT(args.length() == 2); | 4908 ASSERT(args.length() == 2); |
| 4895 | 4909 |
| 4896 CONVERT_DOUBLE_ARG_CHECKED(value, 0); | 4910 CONVERT_DOUBLE_ARG_CHECKED(value, 0); |
| 4897 CONVERT_DOUBLE_ARG_CHECKED(f_number, 1); | 4911 CONVERT_DOUBLE_ARG_CHECKED(f_number, 1); |
| 4898 int f = FastD2IChecked(f_number); | 4912 int f = FastD2IChecked(f_number); |
| 4899 RUNTIME_ASSERT(f >= 0); | 4913 // See DoubleToFixedCString for these constants: |
| 4914 RUNTIME_ASSERT(f >= 0 && f <= 20); | |
| 4900 char* str = DoubleToFixedCString(value, f); | 4915 char* str = DoubleToFixedCString(value, f); |
| 4901 Handle<String> result = isolate->factory()->NewStringFromAsciiChecked(str); | 4916 Handle<String> result = isolate->factory()->NewStringFromAsciiChecked(str); |
| 4902 DeleteArray(str); | 4917 DeleteArray(str); |
| 4903 return *result; | 4918 return *result; |
| 4904 } | 4919 } |
| 4905 | 4920 |
| 4906 | 4921 |
| 4907 RUNTIME_FUNCTION(Runtime_NumberToExponential) { | 4922 RUNTIME_FUNCTION(Runtime_NumberToExponential) { |
| 4908 HandleScope scope(isolate); | 4923 HandleScope scope(isolate); |
| 4909 ASSERT(args.length() == 2); | 4924 ASSERT(args.length() == 2); |
| (...skipping 2404 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 7314 | 7329 |
| 7315 if (array_length == 0) { | 7330 if (array_length == 0) { |
| 7316 return isolate->heap()->empty_string(); | 7331 return isolate->heap()->empty_string(); |
| 7317 } else if (array_length == 1) { | 7332 } else if (array_length == 1) { |
| 7318 Object* first = fixed_array->get(0); | 7333 Object* first = fixed_array->get(0); |
| 7319 RUNTIME_ASSERT(first->IsString()); | 7334 RUNTIME_ASSERT(first->IsString()); |
| 7320 return first; | 7335 return first; |
| 7321 } | 7336 } |
| 7322 | 7337 |
| 7323 int separator_length = separator->length(); | 7338 int separator_length = separator->length(); |
| 7339 RUNTIME_ASSERT(separator_length > 0); | |
| 7324 int max_nof_separators = | 7340 int max_nof_separators = |
| 7325 (String::kMaxLength + separator_length - 1) / separator_length; | 7341 (String::kMaxLength + separator_length - 1) / separator_length; |
| 7326 if (max_nof_separators < (array_length - 1)) { | 7342 if (max_nof_separators < (array_length - 1)) { |
| 7327 return isolate->ThrowInvalidStringLength(); | 7343 return isolate->ThrowInvalidStringLength(); |
| 7328 } | 7344 } |
| 7329 int length = (array_length - 1) * separator_length; | 7345 int length = (array_length - 1) * separator_length; |
| 7330 for (int i = 0; i < array_length; i++) { | 7346 for (int i = 0; i < array_length; i++) { |
| 7331 Object* element_obj = fixed_array->get(i); | 7347 Object* element_obj = fixed_array->get(i); |
| 7332 RUNTIME_ASSERT(element_obj->IsString()); | 7348 RUNTIME_ASSERT(element_obj->IsString()); |
| 7333 String* element = String::cast(element_obj); | 7349 String* element = String::cast(element_obj); |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 7415 } | 7431 } |
| 7416 } | 7432 } |
| 7417 ASSERT(cursor <= buffer.length()); | 7433 ASSERT(cursor <= buffer.length()); |
| 7418 } | 7434 } |
| 7419 | 7435 |
| 7420 | 7436 |
| 7421 RUNTIME_FUNCTION(Runtime_SparseJoinWithSeparator) { | 7437 RUNTIME_FUNCTION(Runtime_SparseJoinWithSeparator) { |
| 7422 HandleScope scope(isolate); | 7438 HandleScope scope(isolate); |
| 7423 ASSERT(args.length() == 3); | 7439 ASSERT(args.length() == 3); |
| 7424 CONVERT_ARG_HANDLE_CHECKED(JSArray, elements_array, 0); | 7440 CONVERT_ARG_HANDLE_CHECKED(JSArray, elements_array, 0); |
| 7425 RUNTIME_ASSERT(elements_array->HasFastSmiOrObjectElements()); | |
| 7426 CONVERT_NUMBER_CHECKED(uint32_t, array_length, Uint32, args[1]); | 7441 CONVERT_NUMBER_CHECKED(uint32_t, array_length, Uint32, args[1]); |
| 7427 CONVERT_ARG_HANDLE_CHECKED(String, separator, 2); | 7442 CONVERT_ARG_HANDLE_CHECKED(String, separator, 2); |
| 7428 // elements_array is fast-mode JSarray of alternating positions | 7443 // elements_array is fast-mode JSarray of alternating positions |
| 7429 // (increasing order) and strings. | 7444 // (increasing order) and strings. |
| 7445 RUNTIME_ASSERT(elements_array->HasFastSmiOrObjectElements()); | |
| 7430 // array_length is length of original array (used to add separators); | 7446 // array_length is length of original array (used to add separators); |
| 7431 // separator is string to put between elements. Assumed to be non-empty. | 7447 // separator is string to put between elements. Assumed to be non-empty. |
| 7448 RUNTIME_ASSERT(array_length > 0); | |
| 7432 | 7449 |
| 7433 // Find total length of join result. | 7450 // Find total length of join result. |
| 7434 int string_length = 0; | 7451 int string_length = 0; |
| 7435 bool is_ascii = separator->IsOneByteRepresentation(); | 7452 bool is_ascii = separator->IsOneByteRepresentation(); |
| 7436 bool overflow = false; | 7453 bool overflow = false; |
| 7437 CONVERT_NUMBER_CHECKED(int, elements_length, Int32, elements_array->length()); | 7454 CONVERT_NUMBER_CHECKED(int, elements_length, Int32, elements_array->length()); |
| 7455 RUNTIME_ASSERT(elements_length <= elements_array->elements()->length()); | |
| 7438 RUNTIME_ASSERT((elements_length & 1) == 0); // Even length. | 7456 RUNTIME_ASSERT((elements_length & 1) == 0); // Even length. |
| 7457 FixedArray* elements = FixedArray::cast(elements_array->elements()); | |
| 7458 for (int i = 0; i < elements_length; i += 2) { | |
| 7459 RUNTIME_ASSERT(elements->get(i)->IsNumber()); | |
| 7460 RUNTIME_ASSERT(elements->get(i + 1)->IsString()); | |
| 7461 } | |
| 7439 | 7462 |
| 7440 { DisallowHeapAllocation no_gc; | 7463 { DisallowHeapAllocation no_gc; |
| 7441 FixedArray* elements = FixedArray::cast(elements_array->elements()); | |
| 7442 for (int i = 0; i < elements_length; i += 2) { | 7464 for (int i = 0; i < elements_length; i += 2) { |
| 7443 RUNTIME_ASSERT(elements->get(i)->IsNumber()); | |
| 7444 RUNTIME_ASSERT(elements->get(i + 1)->IsString()); | |
| 7445 String* string = String::cast(elements->get(i + 1)); | 7465 String* string = String::cast(elements->get(i + 1)); |
| 7446 int length = string->length(); | 7466 int length = string->length(); |
| 7447 if (is_ascii && !string->IsOneByteRepresentation()) { | 7467 if (is_ascii && !string->IsOneByteRepresentation()) { |
| 7448 is_ascii = false; | 7468 is_ascii = false; |
| 7449 } | 7469 } |
| 7450 if (length > String::kMaxLength || | 7470 if (length > String::kMaxLength || |
| 7451 String::kMaxLength - length < string_length) { | 7471 String::kMaxLength - length < string_length) { |
| 7452 overflow = true; | 7472 overflow = true; |
| 7453 break; | 7473 break; |
| 7454 } | 7474 } |
| (...skipping 503 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 7958 } | 7978 } |
| 7959 | 7979 |
| 7960 | 7980 |
| 7961 RUNTIME_FUNCTION(Runtime_DateMakeDay) { | 7981 RUNTIME_FUNCTION(Runtime_DateMakeDay) { |
| 7962 SealHandleScope shs(isolate); | 7982 SealHandleScope shs(isolate); |
| 7963 ASSERT(args.length() == 2); | 7983 ASSERT(args.length() == 2); |
| 7964 | 7984 |
| 7965 CONVERT_SMI_ARG_CHECKED(year, 0); | 7985 CONVERT_SMI_ARG_CHECKED(year, 0); |
| 7966 CONVERT_SMI_ARG_CHECKED(month, 1); | 7986 CONVERT_SMI_ARG_CHECKED(month, 1); |
| 7967 | 7987 |
| 7968 return Smi::FromInt(isolate->date_cache()->DaysFromYearMonth(year, month)); | 7988 int days = isolate->date_cache()->DaysFromYearMonth(year, month); |
| 7989 RUNTIME_ASSERT(Smi::IsValid(days)); | |
| 7990 return Smi::FromInt(days); | |
| 7969 } | 7991 } |
| 7970 | 7992 |
| 7971 | 7993 |
| 7972 RUNTIME_FUNCTION(Runtime_DateSetValue) { | 7994 RUNTIME_FUNCTION(Runtime_DateSetValue) { |
| 7973 HandleScope scope(isolate); | 7995 HandleScope scope(isolate); |
| 7974 ASSERT(args.length() == 3); | 7996 ASSERT(args.length() == 3); |
| 7975 | 7997 |
| 7976 CONVERT_ARG_HANDLE_CHECKED(JSDate, date, 0); | 7998 CONVERT_ARG_HANDLE_CHECKED(JSDate, date, 0); |
| 7977 CONVERT_DOUBLE_ARG_CHECKED(time, 1); | 7999 CONVERT_DOUBLE_ARG_CHECKED(time, 1); |
| 7978 CONVERT_SMI_ARG_CHECKED(is_utc, 2); | 8000 CONVERT_SMI_ARG_CHECKED(is_utc, 2); |
| (...skipping 957 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 8936 | 8958 |
| 8937 RUNTIME_FUNCTION(Runtime_Apply) { | 8959 RUNTIME_FUNCTION(Runtime_Apply) { |
| 8938 HandleScope scope(isolate); | 8960 HandleScope scope(isolate); |
| 8939 ASSERT(args.length() == 5); | 8961 ASSERT(args.length() == 5); |
| 8940 CONVERT_ARG_HANDLE_CHECKED(JSReceiver, fun, 0); | 8962 CONVERT_ARG_HANDLE_CHECKED(JSReceiver, fun, 0); |
| 8941 CONVERT_ARG_HANDLE_CHECKED(Object, receiver, 1); | 8963 CONVERT_ARG_HANDLE_CHECKED(Object, receiver, 1); |
| 8942 CONVERT_ARG_HANDLE_CHECKED(JSObject, arguments, 2); | 8964 CONVERT_ARG_HANDLE_CHECKED(JSObject, arguments, 2); |
| 8943 CONVERT_SMI_ARG_CHECKED(offset, 3); | 8965 CONVERT_SMI_ARG_CHECKED(offset, 3); |
| 8944 CONVERT_SMI_ARG_CHECKED(argc, 4); | 8966 CONVERT_SMI_ARG_CHECKED(argc, 4); |
| 8945 RUNTIME_ASSERT(offset >= 0); | 8967 RUNTIME_ASSERT(offset >= 0); |
| 8946 RUNTIME_ASSERT(argc >= 0); | 8968 // Loose upper bound to allow fuzzing. We'll most likely run out of |
| 8969 // stack space before hitting this limit. | |
| 8970 static int kMaxArgc = 1000000; | |
| 8971 RUNTIME_ASSERT(argc >= 0 && argc <= kMaxArgc); | |
| 8947 | 8972 |
| 8948 // If there are too many arguments, allocate argv via malloc. | 8973 // If there are too many arguments, allocate argv via malloc. |
| 8949 const int argv_small_size = 10; | 8974 const int argv_small_size = 10; |
| 8950 Handle<Object> argv_small_buffer[argv_small_size]; | 8975 Handle<Object> argv_small_buffer[argv_small_size]; |
| 8951 SmartArrayPointer<Handle<Object> > argv_large_buffer; | 8976 SmartArrayPointer<Handle<Object> > argv_large_buffer; |
| 8952 Handle<Object>* argv = argv_small_buffer; | 8977 Handle<Object>* argv = argv_small_buffer; |
| 8953 if (argc > argv_small_size) { | 8978 if (argc > argv_small_size) { |
| 8954 argv = new Handle<Object>[argc]; | 8979 argv = new Handle<Object>[argc]; |
| 8955 if (argv == NULL) return isolate->StackOverflow(); | 8980 if (argv == NULL) return isolate->StackOverflow(); |
| 8956 argv_large_buffer = SmartArrayPointer<Handle<Object> >(argv); | 8981 argv_large_buffer = SmartArrayPointer<Handle<Object> >(argv); |
| (...skipping 4558 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 13515 // For array of SharedFunctionInfo's (each wrapped in JSValue) | 13540 // For array of SharedFunctionInfo's (each wrapped in JSValue) |
| 13516 // checks that none of them have activations on stacks (of any thread). | 13541 // checks that none of them have activations on stacks (of any thread). |
| 13517 // Returns array of the same length with corresponding results of | 13542 // Returns array of the same length with corresponding results of |
| 13518 // LiveEdit::FunctionPatchabilityStatus type. | 13543 // LiveEdit::FunctionPatchabilityStatus type. |
| 13519 RUNTIME_FUNCTION(Runtime_LiveEditCheckAndDropActivations) { | 13544 RUNTIME_FUNCTION(Runtime_LiveEditCheckAndDropActivations) { |
| 13520 HandleScope scope(isolate); | 13545 HandleScope scope(isolate); |
| 13521 CHECK(isolate->debugger()->live_edit_enabled()); | 13546 CHECK(isolate->debugger()->live_edit_enabled()); |
| 13522 ASSERT(args.length() == 2); | 13547 ASSERT(args.length() == 2); |
| 13523 CONVERT_ARG_HANDLE_CHECKED(JSArray, shared_array, 0); | 13548 CONVERT_ARG_HANDLE_CHECKED(JSArray, shared_array, 0); |
| 13524 CONVERT_BOOLEAN_ARG_CHECKED(do_drop, 1); | 13549 CONVERT_BOOLEAN_ARG_CHECKED(do_drop, 1); |
| 13550 RUNTIME_ASSERT(shared_array->length()->IsSmi()); | |
| 13551 int array_length = Smi::cast(shared_array->length())->value(); | |
| 13552 for (int i = 0; i < array_length; i++) { | |
| 13553 Handle<Object> element = | |
| 13554 Object::GetElement(isolate, shared_array, i).ToHandleChecked(); | |
| 13555 RUNTIME_ASSERT( | |
| 13556 element->IsJSValue() && | |
| 13557 Handle<JSValue>::cast(element)->value()->IsSharedFunctionInfo()); | |
| 13558 } | |
| 13525 | 13559 |
| 13526 return *LiveEdit::CheckAndDropActivations(shared_array, do_drop); | 13560 return *LiveEdit::CheckAndDropActivations(shared_array, do_drop); |
| 13527 } | 13561 } |
| 13528 | 13562 |
| 13529 | 13563 |
| 13530 // Compares 2 strings line-by-line, then token-wise and returns diff in form | 13564 // Compares 2 strings line-by-line, then token-wise and returns diff in form |
| 13531 // of JSArray of triplets (pos1, pos1_end, pos2_end) describing list | 13565 // of JSArray of triplets (pos1, pos1_end, pos2_end) describing list |
| 13532 // of diff chunks. | 13566 // of diff chunks. |
| 13533 RUNTIME_FUNCTION(Runtime_LiveEditCompareStrings) { | 13567 RUNTIME_FUNCTION(Runtime_LiveEditCompareStrings) { |
| 13534 HandleScope scope(isolate); | 13568 HandleScope scope(isolate); |
| (...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 13784 | 13818 |
| 13785 RUNTIME_FUNCTION(Runtime_GetLanguageTagVariants) { | 13819 RUNTIME_FUNCTION(Runtime_GetLanguageTagVariants) { |
| 13786 HandleScope scope(isolate); | 13820 HandleScope scope(isolate); |
| 13787 Factory* factory = isolate->factory(); | 13821 Factory* factory = isolate->factory(); |
| 13788 | 13822 |
| 13789 ASSERT(args.length() == 1); | 13823 ASSERT(args.length() == 1); |
| 13790 | 13824 |
| 13791 CONVERT_ARG_HANDLE_CHECKED(JSArray, input, 0); | 13825 CONVERT_ARG_HANDLE_CHECKED(JSArray, input, 0); |
| 13792 | 13826 |
| 13793 uint32_t length = static_cast<uint32_t>(input->length()->Number()); | 13827 uint32_t length = static_cast<uint32_t>(input->length()->Number()); |
| 13828 // Set some limit to prevent fuzz tests from going OOM. | |
| 13829 // Can be bumped when callers' requirements change. | |
| 13830 RUNTIME_ASSERT(length < 100); | |
| 13794 Handle<FixedArray> output = factory->NewFixedArray(length); | 13831 Handle<FixedArray> output = factory->NewFixedArray(length); |
| 13795 Handle<Name> maximized = factory->NewStringFromStaticAscii("maximized"); | 13832 Handle<Name> maximized = factory->NewStringFromStaticAscii("maximized"); |
| 13796 Handle<Name> base = factory->NewStringFromStaticAscii("base"); | 13833 Handle<Name> base = factory->NewStringFromStaticAscii("base"); |
| 13797 for (unsigned int i = 0; i < length; ++i) { | 13834 for (unsigned int i = 0; i < length; ++i) { |
| 13798 Handle<Object> locale_id; | 13835 Handle<Object> locale_id; |
| 13799 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( | 13836 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( |
| 13800 isolate, locale_id, Object::GetElement(isolate, input, i)); | 13837 isolate, locale_id, Object::GetElement(isolate, input, i)); |
| 13801 if (!locale_id->IsString()) { | 13838 if (!locale_id->IsString()) { |
| 13802 return isolate->Throw(*factory->illegal_argument_string()); | 13839 return isolate->Throw(*factory->illegal_argument_string()); |
| 13803 } | 13840 } |
| (...skipping 427 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 14231 | 14268 |
| 14232 RUNTIME_FUNCTION(Runtime_StringNormalize) { | 14269 RUNTIME_FUNCTION(Runtime_StringNormalize) { |
| 14233 HandleScope scope(isolate); | 14270 HandleScope scope(isolate); |
| 14234 static const UNormalizationMode normalizationForms[] = | 14271 static const UNormalizationMode normalizationForms[] = |
| 14235 { UNORM_NFC, UNORM_NFD, UNORM_NFKC, UNORM_NFKD }; | 14272 { UNORM_NFC, UNORM_NFD, UNORM_NFKC, UNORM_NFKD }; |
| 14236 | 14273 |
| 14237 ASSERT(args.length() == 2); | 14274 ASSERT(args.length() == 2); |
| 14238 | 14275 |
| 14239 CONVERT_ARG_HANDLE_CHECKED(String, stringValue, 0); | 14276 CONVERT_ARG_HANDLE_CHECKED(String, stringValue, 0); |
| 14240 CONVERT_NUMBER_CHECKED(int, form_id, Int32, args[1]); | 14277 CONVERT_NUMBER_CHECKED(int, form_id, Int32, args[1]); |
| 14278 RUNTIME_ASSERT(form_id >= 0 && | |
| 14279 static_cast<size_t>(form_id) < ARRAY_SIZE(normalizationForms)); | |
| 14241 | 14280 |
| 14242 v8::String::Value string_value(v8::Utils::ToLocal(stringValue)); | 14281 v8::String::Value string_value(v8::Utils::ToLocal(stringValue)); |
| 14243 const UChar* u_value = reinterpret_cast<const UChar*>(*string_value); | 14282 const UChar* u_value = reinterpret_cast<const UChar*>(*string_value); |
| 14244 | 14283 |
| 14245 // TODO(mnita): check Normalizer2 (not available in ICU 46) | 14284 // TODO(mnita): check Normalizer2 (not available in ICU 46) |
| 14246 UErrorCode status = U_ZERO_ERROR; | 14285 UErrorCode status = U_ZERO_ERROR; |
| 14247 icu::UnicodeString result; | 14286 icu::UnicodeString result; |
| 14248 icu::Normalizer::normalize(u_value, normalizationForms[form_id], 0, | 14287 icu::Normalizer::normalize(u_value, normalizationForms[form_id], 0, |
| 14249 result, status); | 14288 result, status); |
| 14250 if (U_FAILURE(status)) { | 14289 if (U_FAILURE(status)) { |
| (...skipping 889 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 15140 } | 15179 } |
| 15141 return NULL; | 15180 return NULL; |
| 15142 } | 15181 } |
| 15143 | 15182 |
| 15144 | 15183 |
| 15145 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) { | 15184 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) { |
| 15146 return &(kIntrinsicFunctions[static_cast<int>(id)]); | 15185 return &(kIntrinsicFunctions[static_cast<int>(id)]); |
| 15147 } | 15186 } |
| 15148 | 15187 |
| 15149 } } // namespace v8::internal | 15188 } } // namespace v8::internal |
| OLD | NEW |
