Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(716)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/builtins/builtins-typedarray.cc

Issue 2697593002: Reland [typedarrays] move %TypedArray%.prototype.copyWithin to C++ (Closed)
Patch Set: Back to an early return to match web reality Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/builtins/builtins.h ('k') | src/js/array.js » ('j') | test/mjsunit/es6/regress/regress-5929-1.js » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/builtins/builtins-typedarray.cc
diff --git a/src/builtins/builtins-typedarray.cc b/src/builtins/builtins-typedarray.cc
index e394df4e7abfe2d357dc6dc2fbeb649010996243..20d27459f3b08fd1abf920b97549506ff8f91a55 100644
--- a/src/builtins/builtins-typedarray.cc
+++ b/src/builtins/builtins-typedarray.cc
@@ -167,5 +167,99 @@ void Builtins::Generate_TypedArrayPrototypeKeys(
state, "%TypedArray%.prototype.keys()");
}
+namespace {
+
+MaybeHandle<JSTypedArray> ValidateTypedArray(Isolate* isolate,
+ Handle<Object> receiver,
+ const char* method_name) {
+ if (V8_UNLIKELY(!receiver->IsJSTypedArray())) {
+ const MessageTemplate::Template message = MessageTemplate::kNotTypedArray;
+ THROW_NEW_ERROR(isolate, NewTypeError(message), JSTypedArray);
+ }
+
+ Handle<JSTypedArray> array = Handle<JSTypedArray>::cast(receiver);
+ if (V8_UNLIKELY(array->WasNeutered())) {
+ const MessageTemplate::Template message = MessageTemplate::kNotTypedArray;
+ Handle<String> operation =
+ isolate->factory()->NewStringFromAsciiChecked(method_name);
+ THROW_NEW_ERROR(isolate, NewTypeError(message, operation), JSTypedArray);
Dan Ehrenberg 2017/02/13 19:56:44 This is also a change vs current behavior.
Camillo Bruni 2017/02/13 20:18:56 I fear that we have quite a few other places where
+ }
+
+ return array;
+}
+
+int64_t CapRelativeIndex(Handle<Object> num, int64_t minimum, int64_t maximum) {
+ int64_t relative;
+ if (V8_LIKELY(num->IsSmi())) {
+ relative = Smi::cast(*num)->value();
+ } else {
+ DCHECK(num->IsHeapNumber());
+ double fp = HeapNumber::cast(*num)->value();
+ if (V8_UNLIKELY(!std::isfinite(fp))) {
+ // +Infinity / -Infinity
+ DCHECK(!std::isnan(fp));
+ return fp < 0 ? minimum : maximum;
+ }
+ relative = static_cast<int64_t>(fp);
+ }
+ return relative < 0 ? std::max<int64_t>(relative + maximum, minimum)
+ : std::min<int64_t>(relative, maximum);
+}
+
+} // namespace
+
+BUILTIN(TypedArrayPrototypeCopyWithin) {
+ HandleScope scope(isolate);
+
+ Handle<JSTypedArray> array;
+ const char* method = "%TypedArray%.prototype.copyWithin";
+ ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
+ isolate, array, ValidateTypedArray(isolate, args.receiver(), method));
+
+ int64_t len = array->length_value();
+ int64_t to = 0;
+ int64_t from = 0;
+ int64_t final = len;
+
+ if (V8_LIKELY(args.length() > 1)) {
+ Handle<Object> num;
+ ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
+ isolate, num, Object::ToInteger(isolate, args.at<Object>(1)));
+ to = CapRelativeIndex(num, 0, len);
+
+ if (args.length() > 2) {
+ ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
+ isolate, num, Object::ToInteger(isolate, args.at<Object>(2)));
+ from = CapRelativeIndex(num, 0, len);
+
+ Handle<Object> end = args.atOrUndefined(isolate, 3);
+ if (!end->IsUndefined(isolate)) {
+ ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, num,
+ Object::ToInteger(isolate, end));
+ final = CapRelativeIndex(num, 0, len);
+ }
+ }
+ }
+
+ int64_t count = std::min<int64_t>(final - from, len - to);
+ if (count <= 0) return *array;
+
+ // TypedArray buffer may have been transferred/detached during parameter
+ // processing above. Return early in this case, to prevent potential UAF error
+ if (V8_UNLIKELY(array->WasNeutered())) return *array;
Camillo Bruni 2017/02/13 20:18:56 I think you have to throw here according to the sp
+
+ Handle<FixedTypedArrayBase> elements(
+ FixedTypedArrayBase::cast(array->elements()));
+ size_t element_size = array->element_size();
+ to = to * element_size;
+ from = from * element_size;
+ count = count * element_size;
+
+ uint8_t* data = static_cast<uint8_t*>(elements->DataPtr());
+ std::memmove(data + to, data + from, count);
+
+ return *array;
+}
+
} // namespace internal
} // namespace v8
« no previous file with comments | « src/builtins/builtins.h ('k') | src/js/array.js » ('j') | test/mjsunit/es6/regress/regress-5929-1.js » ('J')

Powered by Google App Engine
This is Rietveld 408576698