Chromium Code Reviews Chromium Code Reviews
Issue 2697593002:
Reland [typedarrays] move %TypedArray%.prototype.copyWithin to C++ (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 the V8 project authors. All rights reserved. | 1 // Copyright 2016 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/builtins/builtins-utils.h" | 5 #include "src/builtins/builtins-utils.h" |
| 6 #include "src/builtins/builtins.h" | 6 #include "src/builtins/builtins.h" |
| 7 #include "src/code-stub-assembler.h" | 7 #include "src/code-stub-assembler.h" |
| 8 | 8 |
| 9 namespace v8 { | 9 namespace v8 { |
| 10 namespace internal { | 10 namespace internal { |
| (...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 160 Generate_TypedArrayPrototypeIterationMethod<IterationKind::kEntries>( | 160 Generate_TypedArrayPrototypeIterationMethod<IterationKind::kEntries>( |
| 161 state, "%TypedArray%.prototype.entries()"); | 161 state, "%TypedArray%.prototype.entries()"); |
| 162 } | 162 } |
| 163 | 163 |
| 164 void Builtins::Generate_TypedArrayPrototypeKeys( | 164 void Builtins::Generate_TypedArrayPrototypeKeys( |
| 165 compiler::CodeAssemblerState* state) { | 165 compiler::CodeAssemblerState* state) { |
| 166 Generate_TypedArrayPrototypeIterationMethod<IterationKind::kKeys>( | 166 Generate_TypedArrayPrototypeIterationMethod<IterationKind::kKeys>( |
| 167 state, "%TypedArray%.prototype.keys()"); | 167 state, "%TypedArray%.prototype.keys()"); |
| 168 } | 168 } |
| 169 | 169 |
| 170 namespace { | |
| 171 | |
| 172 MaybeHandle<JSTypedArray> ValidateTypedArray(Isolate* isolate, | |
| 173 Handle<Object> receiver, | |
| 174 const char* method_name) { | |
| 175 if (V8_UNLIKELY(!receiver->IsJSTypedArray())) { | |
| 176 const MessageTemplate::Template message = MessageTemplate::kNotTypedArray; | |
| 177 THROW_NEW_ERROR(isolate, NewTypeError(message), JSTypedArray); | |
| 178 } | |
| 179 | |
| 180 // TODO(caitp): throw if array.[[ViewedArrayBuffer]] is neutered (per v8:4648) | |
| 181 return Handle<JSTypedArray>::cast(receiver); | |
| 182 } | |
| 183 | |
| 184 int64_t CapRelativeIndex(Handle<Object> num, int64_t minimum, int64_t maximum) { | |
| 185 int64_t relative; | |
| 186 if (V8_LIKELY(num->IsSmi())) { | |
| 187 relative = Smi::cast(*num)->value(); | |
| 188 } else { | |
| 189 DCHECK(num->IsHeapNumber()); | |
| 190 double fp = HeapNumber::cast(*num)->value(); | |
| 191 if (V8_UNLIKELY(!std::isfinite(fp))) { | |
| 192 // +Infinity / -Infinity | |
| 193 DCHECK(!std::isnan(fp)); | |
| 194 return fp < 0 ? minimum : maximum; | |
| 195 } | |
| 196 relative = static_cast<int64_t>(fp); | |
| 197 } | |
| 198 return relative < 0 ? std::max<int64_t>(relative + maximum, minimum) | |
| 199 : std::min<int64_t>(relative, maximum); | |
| 200 } | |
| 201 | |
| 202 } // namespace | |
| 203 | |
| 204 BUILTIN(TypedArrayPrototypeCopyWithin) { | |
| 205 HandleScope scope(isolate); | |
| 206 | |
| 207 Handle<JSTypedArray> array; | |
| 208 const char* method = "%TypedArray%.prototype.copyWithin"; | |
| 209 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( | |
| 210 isolate, array, ValidateTypedArray(isolate, args.receiver(), method)); | |
| 211 | |
| 212 if (V8_UNLIKELY(array->WasNeutered())) return *array; | |
|
Dan Ehrenberg
2017/02/14 18:11:45
Do you have a test which hits this condition?
caitp
2017/02/14 18:12:43
The regression test hits this
caitp
2017/02/14 18:20:39
Wait, I thought this was the other early return ca
| |
| 213 | |
| 214 int64_t len = array->length_value(); | |
| 215 int64_t to = 0; | |
| 216 int64_t from = 0; | |
| 217 int64_t final = len; | |
| 218 | |
| 219 if (V8_LIKELY(args.length() > 1)) { | |
| 220 Handle<Object> num; | |
| 221 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( | |
| 222 isolate, num, Object::ToInteger(isolate, args.at<Object>(1))); | |
| 223 to = CapRelativeIndex(num, 0, len); | |
| 224 | |
| 225 if (args.length() > 2) { | |
| 226 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( | |
| 227 isolate, num, Object::ToInteger(isolate, args.at<Object>(2))); | |
| 228 from = CapRelativeIndex(num, 0, len); | |
| 229 | |
| 230 Handle<Object> end = args.atOrUndefined(isolate, 3); | |
| 231 if (!end->IsUndefined(isolate)) { | |
| 232 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, num, | |
| 233 Object::ToInteger(isolate, end)); | |
| 234 final = CapRelativeIndex(num, 0, len); | |
| 235 } | |
| 236 } | |
| 237 } | |
| 238 | |
| 239 int64_t count = std::min<int64_t>(final - from, len - to); | |
| 240 if (count <= 0) return *array; | |
| 241 | |
| 242 // TypedArray buffer may have been transferred/detached during parameter | |
| 243 // processing above. Return early in this case, to prevent potential UAF error | |
| 244 // TODO(caitp): throw here, as though the full algorithm were performed (the | |
| 245 // throw would have come from ecma262/#sec-integerindexedelementget) | |
| 246 // (see ) | |
| 247 if (V8_UNLIKELY(array->WasNeutered())) return *array; | |
| 248 | |
| 249 Handle<FixedTypedArrayBase> elements( | |
| 250 FixedTypedArrayBase::cast(array->elements())); | |
| 251 size_t element_size = array->element_size(); | |
| 252 to = to * element_size; | |
| 253 from = from * element_size; | |
| 254 count = count * element_size; | |
| 255 | |
| 256 uint8_t* data = static_cast<uint8_t*>(elements->DataPtr()); | |
| 257 std::memmove(data + to, data + from, count); | |
| 258 | |
| 259 return *array; | |
| 260 } | |
| 261 | |
| 170 } // namespace internal | 262 } // namespace internal |
| 171 } // namespace v8 | 263 } // namespace v8 |
| OLD | NEW |
