| OLD | NEW |
|---|
| 1 // Copyright 2016 the V8 project authors. All rights reserved. | 1 // Copyright 2016 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/builtins/builtins.h" | 5 #include "src/builtins/builtins.h" |
| 6 #include "src/builtins/builtins-utils.h" | 6 #include "src/builtins/builtins-utils.h" |
| 7 | 7 |
| 8 #include "src/code-factory.h" | 8 #include "src/code-factory.h" |
| 9 #include "src/code-stub-assembler.h" | 9 #include "src/code-stub-assembler.h" |
| 10 #include "src/contexts.h" | 10 #include "src/contexts.h" |
| (...skipping 2259 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2270 Generate_ArrayPrototypeIterationMethod<IterationKind::kKeys>(state); | 2270 Generate_ArrayPrototypeIterationMethod<IterationKind::kKeys>(state); |
| 2271 } | 2271 } |
| 2272 | 2272 |
| 2273 void Builtins::Generate_ArrayIteratorPrototypeNext( | 2273 void Builtins::Generate_ArrayIteratorPrototypeNext( |
| 2274 compiler::CodeAssemblerState* state) { | 2274 compiler::CodeAssemblerState* state) { |
| 2275 typedef compiler::Node Node; | 2275 typedef compiler::Node Node; |
| 2276 typedef CodeStubAssembler::Label Label; | 2276 typedef CodeStubAssembler::Label Label; |
| 2277 typedef CodeStubAssembler::Variable Variable; | 2277 typedef CodeStubAssembler::Variable Variable; |
| 2278 CodeStubAssembler assembler(state); | 2278 CodeStubAssembler assembler(state); |
| 2279 | 2279 |
| 2280 Handle<String> operation = assembler.factory()->NewStringFromAsciiChecked( |
| 2281 "Array Iterator.prototype.next", TENURED); |
| 2282 |
| 2280 Node* iterator = assembler.Parameter(0); | 2283 Node* iterator = assembler.Parameter(0); |
| 2281 Node* context = assembler.Parameter(3); | 2284 Node* context = assembler.Parameter(3); |
| 2282 | 2285 |
| 2283 Variable var_value(&assembler, MachineRepresentation::kTagged); | 2286 Variable var_value(&assembler, MachineRepresentation::kTagged); |
| 2284 Variable var_done(&assembler, MachineRepresentation::kTagged); | 2287 Variable var_done(&assembler, MachineRepresentation::kTagged); |
| 2285 | 2288 |
| 2286 // Required, or else `throw_bad_receiver` fails a DCHECK due to these | 2289 // Required, or else `throw_bad_receiver` fails a DCHECK due to these |
| 2287 // variables not being bound along all paths, despite not being used. | 2290 // variables not being bound along all paths, despite not being used. |
| 2288 var_done.Bind(assembler.TrueConstant()); | 2291 var_done.Bind(assembler.TrueConstant()); |
| 2289 var_value.Bind(assembler.UndefinedConstant()); | 2292 var_value.Bind(assembler.UndefinedConstant()); |
| (...skipping 21 matching lines...) Expand all Loading... |
| 2311 Node* array = assembler.LoadObjectField( | 2314 Node* array = assembler.LoadObjectField( |
| 2312 iterator, JSArrayIterator::kIteratedObjectOffset); | 2315 iterator, JSArrayIterator::kIteratedObjectOffset); |
| 2313 | 2316 |
| 2314 // Let index be O.[[ArrayIteratorNextIndex]]. | 2317 // Let index be O.[[ArrayIteratorNextIndex]]. |
| 2315 Node* index = | 2318 Node* index = |
| 2316 assembler.LoadObjectField(iterator, JSArrayIterator::kNextIndexOffset); | 2319 assembler.LoadObjectField(iterator, JSArrayIterator::kNextIndexOffset); |
| 2317 Node* orig_map = assembler.LoadObjectField( | 2320 Node* orig_map = assembler.LoadObjectField( |
| 2318 iterator, JSArrayIterator::kIteratedObjectMapOffset); | 2321 iterator, JSArrayIterator::kIteratedObjectMapOffset); |
| 2319 Node* array_map = assembler.LoadMap(array); | 2322 Node* array_map = assembler.LoadMap(array); |
| 2320 | 2323 |
| 2321 Label if_isfastarray(&assembler), if_isnotfastarray(&assembler); | 2324 Label if_isfastarray(&assembler), if_isnotfastarray(&assembler), |
| 2325 if_isdetached(&assembler, Label::kDeferred); |
| 2322 | 2326 |
| 2323 assembler.Branch(assembler.WordEqual(orig_map, array_map), &if_isfastarray, | 2327 assembler.Branch(assembler.WordEqual(orig_map, array_map), &if_isfastarray, |
| 2324 &if_isnotfastarray); | 2328 &if_isnotfastarray); |
| 2325 | 2329 |
| 2326 assembler.Bind(&if_isfastarray); | 2330 assembler.Bind(&if_isfastarray); |
| 2327 { | 2331 { |
| 2328 CSA_ASSERT(&assembler, | 2332 CSA_ASSERT(&assembler, |
| 2329 assembler.Word32Equal(assembler.LoadMapInstanceType(array_map), | 2333 assembler.Word32Equal(assembler.LoadMapInstanceType(array_map), |
| 2330 assembler.Int32Constant(JS_ARRAY_TYPE))); | 2334 assembler.Int32Constant(JS_ARRAY_TYPE))); |
| 2331 | 2335 |
| (...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2522 assembler.Bind(&generic_values); | 2526 assembler.Bind(&generic_values); |
| 2523 { | 2527 { |
| 2524 Callable get_property = CodeFactory::GetProperty(assembler.isolate()); | 2528 Callable get_property = CodeFactory::GetProperty(assembler.isolate()); |
| 2525 var_value.Bind(assembler.CallStub(get_property, context, array, index)); | 2529 var_value.Bind(assembler.CallStub(get_property, context, array, index)); |
| 2526 assembler.Goto(&allocate_entry_if_needed); | 2530 assembler.Goto(&allocate_entry_if_needed); |
| 2527 } | 2531 } |
| 2528 } | 2532 } |
| 2529 | 2533 |
| 2530 assembler.Bind(&if_istypedarray); | 2534 assembler.Bind(&if_istypedarray); |
| 2531 { | 2535 { |
| 2532 Node* length = nullptr; | 2536 Node* buffer = |
| 2533 { | 2537 assembler.LoadObjectField(array, JSTypedArray::kBufferOffset); |
| 2534 Variable var_length(&assembler, MachineRepresentation::kTagged); | 2538 assembler.GotoIf(assembler.IsDetachedBuffer(buffer), &if_isdetached); |
| 2535 Label if_isdetached(&assembler, Label::kDeferred), | |
| 2536 if_isnotdetached(&assembler), done(&assembler); | |
| 2537 | 2539 |
| 2538 Node* buffer = | 2540 Node* length = |
| 2539 assembler.LoadObjectField(array, JSTypedArray::kBufferOffset); | 2541 assembler.LoadObjectField(array, JSTypedArray::kLengthOffset); |
| 2540 assembler.Branch(assembler.IsDetachedBuffer(buffer), &if_isdetached, | |
| 2541 &if_isnotdetached); | |
| 2542 | 2542 |
| 2543 assembler.Bind(&if_isnotdetached); | |
| 2544 { | |
| 2545 var_length.Bind( | |
| 2546 assembler.LoadObjectField(array, JSTypedArray::kLengthOffset)); | |
| 2547 assembler.Goto(&done); | |
| 2548 } | |
| 2549 | |
| 2550 assembler.Bind(&if_isdetached); | |
| 2551 { | |
| 2552 // TODO(caitp): If IsDetached(buffer) is true, throw a TypeError, per | |
| 2553 // https://github.com/tc39/ecma262/issues/713 | |
| 2554 var_length.Bind(assembler.SmiConstant(Smi::kZero)); | |
| 2555 assembler.Goto(&done); | |
| 2556 } | |
| 2557 | |
| 2558 assembler.Bind(&done); | |
| 2559 length = var_length.value(); | |
| 2560 } | |
| 2561 CSA_ASSERT(&assembler, assembler.TaggedIsSmi(length)); | 2543 CSA_ASSERT(&assembler, assembler.TaggedIsSmi(length)); |
| 2562 CSA_ASSERT(&assembler, assembler.TaggedIsSmi(index)); | 2544 CSA_ASSERT(&assembler, assembler.TaggedIsSmi(index)); |
| 2563 | 2545 |
| 2564 assembler.GotoUnless(assembler.SmiBelow(index, length), &set_done); | 2546 assembler.GotoUnless(assembler.SmiBelow(index, length), &set_done); |
| 2565 | 2547 |
| 2566 Node* one = assembler.SmiConstant(1); | 2548 Node* one = assembler.SmiConstant(1); |
| 2567 assembler.StoreObjectFieldNoWriteBarrier( | 2549 assembler.StoreObjectFieldNoWriteBarrier( |
| 2568 iterator, JSArrayIterator::kNextIndexOffset, | 2550 iterator, JSArrayIterator::kNextIndexOffset, |
| 2569 assembler.SmiAdd(index, one)); | 2551 assembler.SmiAdd(index, one)); |
| 2570 var_done.Bind(assembler.FalseConstant()); | 2552 var_done.Bind(assembler.FalseConstant()); |
| (...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2748 assembler.StoreObjectFieldNoWriteBarrier( | 2730 assembler.StoreObjectFieldNoWriteBarrier( |
| 2749 result, JSIteratorResult::kDoneOffset, var_done.value()); | 2731 result, JSIteratorResult::kDoneOffset, var_done.value()); |
| 2750 assembler.Return(result); | 2732 assembler.Return(result); |
| 2751 } | 2733 } |
| 2752 | 2734 |
| 2753 assembler.Bind(&throw_bad_receiver); | 2735 assembler.Bind(&throw_bad_receiver); |
| 2754 { | 2736 { |
| 2755 // The {receiver} is not a valid JSArrayIterator. | 2737 // The {receiver} is not a valid JSArrayIterator. |
| 2756 Node* result = assembler.CallRuntime( | 2738 Node* result = assembler.CallRuntime( |
| 2757 Runtime::kThrowIncompatibleMethodReceiver, context, | 2739 Runtime::kThrowIncompatibleMethodReceiver, context, |
| 2758 assembler.HeapConstant(assembler.factory()->NewStringFromAsciiChecked( | 2740 assembler.HeapConstant(operation), iterator); |
| 2759 "Array Iterator.prototype.next", TENURED)), | 2741 assembler.Return(result); |
| 2760 iterator); | 2742 } |
| 2743 |
| 2744 assembler.Bind(&if_isdetached); |
| 2745 { |
| 2746 Node* message = assembler.SmiConstant(MessageTemplate::kDetachedOperation); |
| 2747 Node* result = |
| 2748 assembler.CallRuntime(Runtime::kThrowTypeError, context, message, |
| 2749 assembler.HeapConstant(operation)); |
| 2761 assembler.Return(result); | 2750 assembler.Return(result); |
| 2762 } | 2751 } |
| 2763 } | 2752 } |
| 2764 | 2753 |
| 2765 } // namespace internal | 2754 } // namespace internal |
| 2766 } // namespace v8 | 2755 } // namespace v8 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2609913002:
[builtins] throw if TypedArray buffer is detached during iteration (Closed)
