| OLD | NEW |
|---|
| 1 // Copyright 2016 the V8 project authors. All rights reserved. | 1 // Copyright 2016 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/builtins/builtins.h" | 5 #include "src/builtins/builtins.h" |
| 6 #include "src/builtins/builtins-utils.h" | 6 #include "src/builtins/builtins-utils.h" |
| 7 | 7 |
| 8 #include "src/code-factory.h" | 8 #include "src/code-factory.h" |
| 9 #include "src/code-stub-assembler.h" | 9 #include "src/code-stub-assembler.h" |
| 10 #include "src/contexts.h" | 10 #include "src/contexts.h" |
| (...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 232 assembler.Comment( | 232 assembler.Comment( |
| 233 "Disallow pushing onto arrays in dictionary named property mode"); | 233 "Disallow pushing onto arrays in dictionary named property mode"); |
| 234 assembler.GotoIf(assembler.IsDictionaryMap(map), &runtime); | 234 assembler.GotoIf(assembler.IsDictionaryMap(map), &runtime); |
| 235 | 235 |
| 236 // Check whether the length property is writable. The length property is the | 236 // Check whether the length property is writable. The length property is the |
| 237 // only default named property on arrays. It's nonconfigurable, hence is | 237 // only default named property on arrays. It's nonconfigurable, hence is |
| 238 // guaranteed to stay the first property. | 238 // guaranteed to stay the first property. |
| 239 Node* descriptors = assembler.LoadMapDescriptors(map); | 239 Node* descriptors = assembler.LoadMapDescriptors(map); |
| 240 Node* details = assembler.LoadFixedArrayElement( | 240 Node* details = assembler.LoadFixedArrayElement( |
| 241 descriptors, DescriptorArray::ToDetailsIndex(0)); | 241 descriptors, DescriptorArray::ToDetailsIndex(0)); |
| 242 mask = READ_ONLY << PropertyDetails::AttributesField::kShift; | 242 mask = PropertyDetails::kAttributesReadOnlyMask; |
| 243 Node* mask_node = assembler.SmiConstant(mask); | 243 Node* mask_node = assembler.SmiConstant(mask); |
| 244 test = assembler.SmiAnd(details, mask_node); | 244 test = assembler.SmiAnd(details, mask_node); |
| 245 assembler.GotoIf(assembler.WordEqual(test, mask_node), &runtime); | 245 assembler.GotoIf(assembler.WordEqual(test, mask_node), &runtime); |
| 246 | 246 |
| 247 arg_index.Bind(assembler.IntPtrConstant(0)); | 247 arg_index.Bind(assembler.IntPtrConstant(0)); |
| 248 kind = assembler.DecodeWord32<Map::ElementsKindBits>(bit_field2); | 248 kind = assembler.DecodeWord32<Map::ElementsKindBits>(bit_field2); |
| 249 | 249 |
| 250 assembler.GotoIf( | 250 assembler.GotoIf( |
| 251 assembler.Int32GreaterThan( | 251 assembler.Int32GreaterThan( |
| 252 kind, assembler.Int32Constant(FAST_HOLEY_SMI_ELEMENTS)), | 252 kind, assembler.Int32Constant(FAST_HOLEY_SMI_ELEMENTS)), |
| (...skipping 2493 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2746 Node* message = assembler.SmiConstant(MessageTemplate::kDetachedOperation); | 2746 Node* message = assembler.SmiConstant(MessageTemplate::kDetachedOperation); |
| 2747 Node* result = | 2747 Node* result = |
| 2748 assembler.CallRuntime(Runtime::kThrowTypeError, context, message, | 2748 assembler.CallRuntime(Runtime::kThrowTypeError, context, message, |
| 2749 assembler.HeapConstant(operation)); | 2749 assembler.HeapConstant(operation)); |
| 2750 assembler.Return(result); | 2750 assembler.Return(result); |
| 2751 } | 2751 } |
| 2752 } | 2752 } |
| 2753 | 2753 |
| 2754 } // namespace internal | 2754 } // namespace internal |
| 2755 } // namespace v8 | 2755 } // namespace v8 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2610343002:
Fix: KeyedStoreGeneric must check for writable array length (Closed)
