| OLD | NEW |
|---|
| 1 // Copyright 2016 the V8 project authors. All rights reserved. | 1 // Copyright 2016 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/builtins/builtins-utils.h" | 5 #include "src/builtins/builtins-utils.h" |
| 6 #include "src/builtins/builtins.h" | 6 #include "src/builtins/builtins.h" |
| 7 #include "src/code-stub-assembler.h" | 7 #include "src/code-stub-assembler.h" |
| 8 | 8 |
| 9 namespace v8 { | 9 namespace v8 { |
| 10 namespace internal { | 10 namespace internal { |
| (...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 160 Generate_TypedArrayPrototypeIterationMethod<IterationKind::kEntries>( | 160 Generate_TypedArrayPrototypeIterationMethod<IterationKind::kEntries>( |
| 161 state, "%TypedArray%.prototype.entries()"); | 161 state, "%TypedArray%.prototype.entries()"); |
| 162 } | 162 } |
| 163 | 163 |
| 164 void Builtins::Generate_TypedArrayPrototypeKeys( | 164 void Builtins::Generate_TypedArrayPrototypeKeys( |
| 165 compiler::CodeAssemblerState* state) { | 165 compiler::CodeAssemblerState* state) { |
| 166 Generate_TypedArrayPrototypeIterationMethod<IterationKind::kKeys>( | 166 Generate_TypedArrayPrototypeIterationMethod<IterationKind::kKeys>( |
| 167 state, "%TypedArray%.prototype.keys()"); | 167 state, "%TypedArray%.prototype.keys()"); |
| 168 } | 168 } |
| 169 | 169 |
| 170 namespace { |
| 171 |
| 172 MaybeHandle<JSTypedArray> ValidateTypedArray(Isolate* isolate, |
| 173 Handle<Object> receiver, |
| 174 const char* method_name) { |
| 175 if (V8_UNLIKELY(!receiver->IsJSTypedArray())) { |
| 176 const MessageTemplate::Template message = MessageTemplate::kNotTypedArray; |
| 177 THROW_NEW_ERROR(isolate, NewTypeError(message), JSTypedArray); |
| 178 } |
| 179 |
| 180 // TODO(caitp): throw if array.[[ViewedArrayBuffer]] is neutered (per v8:4648) |
| 181 return Handle<JSTypedArray>::cast(receiver); |
| 182 } |
| 183 |
| 184 int64_t CapRelativeIndex(Handle<Object> num, int64_t minimum, int64_t maximum) { |
| 185 int64_t relative; |
| 186 if (V8_LIKELY(num->IsSmi())) { |
| 187 relative = Smi::cast(*num)->value(); |
| 188 } else { |
| 189 DCHECK(num->IsHeapNumber()); |
| 190 double fp = HeapNumber::cast(*num)->value(); |
| 191 if (V8_UNLIKELY(!std::isfinite(fp))) { |
| 192 // +Infinity / -Infinity |
| 193 DCHECK(!std::isnan(fp)); |
| 194 return fp < 0 ? minimum : maximum; |
| 195 } |
| 196 relative = static_cast<int64_t>(fp); |
| 197 } |
| 198 return relative < 0 ? std::max<int64_t>(relative + maximum, minimum) |
| 199 : std::min<int64_t>(relative, maximum); |
| 200 } |
| 201 |
| 202 } // namespace |
| 203 |
| 204 BUILTIN(TypedArrayPrototypeCopyWithin) { |
| 205 HandleScope scope(isolate); |
| 206 |
| 207 Handle<JSTypedArray> array; |
| 208 const char* method = "%TypedArray%.prototype.copyWithin"; |
| 209 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( |
| 210 isolate, array, ValidateTypedArray(isolate, args.receiver(), method)); |
| 211 |
| 212 if (V8_UNLIKELY(array->WasNeutered())) return *array; |
| 213 |
| 214 int64_t len = array->length_value(); |
| 215 int64_t to = 0; |
| 216 int64_t from = 0; |
| 217 int64_t final = len; |
| 218 |
| 219 if (V8_LIKELY(args.length() > 1)) { |
| 220 Handle<Object> num; |
| 221 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( |
| 222 isolate, num, Object::ToInteger(isolate, args.at<Object>(1))); |
| 223 to = CapRelativeIndex(num, 0, len); |
| 224 |
| 225 if (args.length() > 2) { |
| 226 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( |
| 227 isolate, num, Object::ToInteger(isolate, args.at<Object>(2))); |
| 228 from = CapRelativeIndex(num, 0, len); |
| 229 |
| 230 Handle<Object> end = args.atOrUndefined(isolate, 3); |
| 231 if (!end->IsUndefined(isolate)) { |
| 232 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, num, |
| 233 Object::ToInteger(isolate, end)); |
| 234 final = CapRelativeIndex(num, 0, len); |
| 235 } |
| 236 } |
| 237 } |
| 238 |
| 239 int64_t count = std::min<int64_t>(final - from, len - to); |
| 240 if (count <= 0) return *array; |
| 241 |
| 242 // TypedArray buffer may have been transferred/detached during parameter |
| 243 // processing above. Return early in this case, to prevent potential UAF error |
| 244 // TODO(caitp): throw here, as though the full algorithm were performed (the |
| 245 // throw would have come from ecma262/#sec-integerindexedelementget) |
| 246 // (see ) |
| 247 if (V8_UNLIKELY(array->WasNeutered())) return *array; |
| 248 |
| 249 // Ensure processed indexes are within array bounds |
| 250 DCHECK_GE(from, 0); |
| 251 DCHECK_LT(from, len); |
| 252 DCHECK_GE(to, 0); |
| 253 DCHECK_LT(to, len); |
| 254 DCHECK_GE(len - count, 0); |
| 255 |
| 256 Handle<FixedTypedArrayBase> elements( |
| 257 FixedTypedArrayBase::cast(array->elements())); |
| 258 size_t element_size = array->element_size(); |
| 259 to = to * element_size; |
| 260 from = from * element_size; |
| 261 count = count * element_size; |
| 262 |
| 263 uint8_t* data = static_cast<uint8_t*>(elements->DataPtr()); |
| 264 std::memmove(data + to, data + from, count); |
| 265 |
| 266 return *array; |
| 267 } |
| 268 |
| 170 } // namespace internal | 269 } // namespace internal |
| 171 } // namespace v8 | 270 } // namespace v8 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2697593002:
Reland [typedarrays] move %TypedArray%.prototype.copyWithin to C++ (Closed)
