Reland [typedarrays] move %TypedArray%.prototype.copyWithin to C++

src/builtins/builtins-typedarray.cc

Index: src/builtins/builtins-typedarray.cc
diff --git a/src/builtins/builtins-typedarray.cc b/src/builtins/builtins-typedarray.cc
index e394df4e7abfe2d357dc6dc2fbeb649010996243..4c80efb7cf33a9171bad2f3df0c89b7871b75096 100644
--- a/src/builtins/builtins-typedarray.cc
+++ b/src/builtins/builtins-typedarray.cc
@@ -167,5 +167,104 @@ void Builtins::Generate_TypedArrayPrototypeKeys(
       state, "%TypedArray%.prototype.keys()");
 }
 
+namespace {
+
+MaybeHandle<JSTypedArray> ValidateTypedArray(Isolate* isolate,
+                                             Handle<Object> receiver,
+                                             const char* method_name) {
+  if (V8_UNLIKELY(!receiver->IsJSTypedArray())) {
+    const MessageTemplate::Template message = MessageTemplate::kNotTypedArray;
+    THROW_NEW_ERROR(isolate, NewTypeError(message), JSTypedArray);
+  }
+
+  // TODO(caitp): throw if array.[[ViewedArrayBuffer]] is neutered (per v8:4648)
+  return Handle<JSTypedArray>::cast(receiver);
+}
+
+int64_t CapRelativeIndex(Handle<Object> num, int64_t minimum, int64_t maximum) {
+  int64_t relative;
+  if (V8_LIKELY(num->IsSmi())) {
+    relative = Smi::cast(*num)->value();
+  } else {
+    DCHECK(num->IsHeapNumber());
+    double fp = HeapNumber::cast(*num)->value();
+    if (V8_UNLIKELY(!std::isfinite(fp))) {
+      // +Infinity / -Infinity
+      DCHECK(!std::isnan(fp));
+      return fp < 0 ? minimum : maximum;
+    }
+    relative = static_cast<int64_t>(fp);
+  }
+  return relative < 0 ? std::max<int64_t>(relative + maximum, minimum)
+                      : std::min<int64_t>(relative, maximum);
+}
+
+}  // namespace
+
+BUILTIN(TypedArrayPrototypeCopyWithin) {
+  HandleScope scope(isolate);
+
+  Handle<JSTypedArray> array;
+  const char* method = "%TypedArray%.prototype.copyWithin";
+  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
+      isolate, array, ValidateTypedArray(isolate, args.receiver(), method));
+
+  if (V8_UNLIKELY(array->WasNeutered())) return *array;
+
+  int64_t len = array->length_value();
+  int64_t to = 0;
+  int64_t from = 0;
+  int64_t final = len;
+
+  if (V8_LIKELY(args.length() > 1)) {
+    Handle<Object> num;
+    ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
+        isolate, num, Object::ToInteger(isolate, args.at<Object>(1)));
+    to = CapRelativeIndex(num, 0, len);
+
+    if (args.length() > 2) {
+      ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
+          isolate, num, Object::ToInteger(isolate, args.at<Object>(2)));
+      from = CapRelativeIndex(num, 0, len);
+
+      Handle<Object> end = args.atOrUndefined(isolate, 3);
+      if (!end->IsUndefined(isolate)) {
+        ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, num,
+                                           Object::ToInteger(isolate, end));
+        final = CapRelativeIndex(num, 0, len);
+      }
+    }
+  }
+
+  int64_t count = std::min<int64_t>(final - from, len - to);
+  if (count <= 0) return *array;
+
+  // TypedArray buffer may have been transferred/detached during parameter
+  // processing above. Return early in this case, to prevent potential UAF error
+  // TODO(caitp): throw here, as though the full algorithm were performed (the
+  // throw would have come from ecma262/#sec-integerindexedelementget)
+  // (see )
+  if (V8_UNLIKELY(array->WasNeutered())) return *array;
+
+  // Ensure processed indexes are within array bounds
+  DCHECK_GE(from, 0);
+  DCHECK_LT(from, len);
+  DCHECK_GE(to, 0);
+  DCHECK_LT(to, len);
+  DCHECK_GE(len - count, 0);
+
+  Handle<FixedTypedArrayBase> elements(
+      FixedTypedArrayBase::cast(array->elements()));
+  size_t element_size = array->element_size();
+  to = to * element_size;
+  from = from * element_size;
+  count = count * element_size;
+
+  uint8_t* data = static_cast<uint8_t*>(elements->DataPtr());
+  std::memmove(data + to, data + from, count);
+
+  return *array;
+}
+
 }  // namespace internal
 }  // namespace v8