Chromium Code Reviews Chromium Code Reviews
Issue 270273005:
Harden yet more runtime functions (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge| Index: src/runtime.cc |
| diff --git a/src/runtime.cc b/src/runtime.cc |
| index b82d377f71fda4040cdcb5784c0f14744a64f42b..cf5d62872470cff7e2c170bb1031a907e0350789 100644 |
| --- a/src/runtime.cc |
| +++ b/src/runtime.cc |
| @@ -978,6 +978,8 @@ RUNTIME_FUNCTION(Runtime_TypedArrayInitialize) { |
| &fixed_elements_kind, |
| &element_size); |
| + RUNTIME_ASSERT(holder->map()->elements_kind() == fixed_elements_kind); |
| + |
| size_t byte_offset = 0; |
| size_t byte_length = 0; |
| RUNTIME_ASSERT(TryNumberToSize(isolate, *byte_offset_object, &byte_offset)); |
| @@ -986,7 +988,7 @@ RUNTIME_FUNCTION(Runtime_TypedArrayInitialize) { |
| holder->set_byte_offset(*byte_offset_object); |
| holder->set_byte_length(*byte_length_object); |
| - CHECK_EQ(0, static_cast<int>(byte_length % element_size)); |
| + RUNTIME_ASSERT(0 == static_cast<int>(byte_length % element_size)); |
|
Dmitry Lomov (no reviews)
2014/05/07 14:47:18
nit: static_cast<int> no longer needed here
Jakob Kummerow
2014/05/08 09:32:57
Done.
|
| size_t length = byte_length / element_size; |
| if (length > static_cast<unsigned>(Smi::kMaxValue)) { |
| @@ -1062,6 +1064,8 @@ RUNTIME_FUNCTION(Runtime_TypedArrayInitializeFromArrayLike) { |
| &fixed_elements_kind, |
| &element_size); |
| + RUNTIME_ASSERT(holder->map()->elements_kind() == fixed_elements_kind); |
| + |
| Handle<JSArrayBuffer> buffer = isolate->factory()->NewJSArrayBuffer(); |
| if (source->IsJSTypedArray() && |
| JSTypedArray::cast(*source)->type() == array_type) { |
| @@ -1739,6 +1743,7 @@ RUNTIME_FUNCTION(Runtime_WeakCollectionGet) { |
| CONVERT_ARG_HANDLE_CHECKED(Object, key, 1); |
| Handle<ObjectHashTable> table( |
| ObjectHashTable::cast(weak_collection->table())); |
| + RUNTIME_ASSERT(table->IsKey(*key)); |
| Handle<Object> lookup(table->Lookup(key), isolate); |
| return lookup->IsTheHole() ? isolate->heap()->undefined_value() : *lookup; |
| } |
| @@ -1751,6 +1756,7 @@ RUNTIME_FUNCTION(Runtime_WeakCollectionHas) { |
| CONVERT_ARG_HANDLE_CHECKED(Object, key, 1); |
| Handle<ObjectHashTable> table( |
| ObjectHashTable::cast(weak_collection->table())); |
| + RUNTIME_ASSERT(table->IsKey(*key)); |
| Handle<Object> lookup(table->Lookup(key), isolate); |
| return isolate->heap()->ToBoolean(!lookup->IsTheHole()); |
| } |
| @@ -1763,6 +1769,7 @@ RUNTIME_FUNCTION(Runtime_WeakCollectionDelete) { |
| CONVERT_ARG_HANDLE_CHECKED(Object, key, 1); |
| Handle<ObjectHashTable> table(ObjectHashTable::cast( |
| weak_collection->table())); |
| + RUNTIME_ASSERT(table->IsKey(*key)); |
| Handle<Object> lookup(table->Lookup(key), isolate); |
| Handle<ObjectHashTable> new_table = |
| ObjectHashTable::Put(table, key, isolate->factory()->the_hole_value()); |
| @@ -1779,6 +1786,7 @@ RUNTIME_FUNCTION(Runtime_WeakCollectionSet) { |
| CONVERT_ARG_HANDLE_CHECKED(Object, value, 2); |
| Handle<ObjectHashTable> table( |
| ObjectHashTable::cast(weak_collection->table())); |
| + RUNTIME_ASSERT(table->IsKey(*key)); |
| Handle<ObjectHashTable> new_table = ObjectHashTable::Put(table, key, value); |
| weak_collection->set_table(*new_table); |
| return isolate->heap()->undefined_value(); |
| @@ -4305,6 +4313,7 @@ RUNTIME_FUNCTION(Runtime_StringReplaceGlobalRegExpWithString) { |
| CONVERT_ARG_HANDLE_CHECKED(JSArray, last_match_info, 3); |
| RUNTIME_ASSERT(regexp->GetFlags().is_global()); |
| + RUNTIME_ASSERT(last_match_info->HasFastObjectElements()); |
| subject = String::Flatten(subject); |
| @@ -4735,12 +4744,11 @@ static Object* SearchRegExpMultiple( |
| RegExpImpl::GlobalCache global_cache(regexp, subject, true, isolate); |
| if (global_cache.HasException()) return isolate->heap()->exception(); |
| - Handle<FixedArray> result_elements; |
| - if (result_array->HasFastObjectElements()) { |
| - result_elements = |
| - Handle<FixedArray>(FixedArray::cast(result_array->elements())); |
| - } |
| - if (result_elements.is_null() || result_elements->length() < 16) { |
| + // Ensured in Runtime_RegExpExecMultiple. |
| + ASSERT(result_array->HasFastObjectElements()); |
| + Handle<FixedArray> result_elements( |
| + FixedArray::cast(result_array->elements())); |
| + if (result_elements->length() < 16) { |
| result_elements = isolate->factory()->NewFixedArrayWithHoles(16); |
| } |
| @@ -4854,9 +4862,11 @@ RUNTIME_FUNCTION(Runtime_RegExpExecMultiple) { |
| CONVERT_ARG_HANDLE_CHECKED(JSRegExp, regexp, 0); |
| CONVERT_ARG_HANDLE_CHECKED(JSArray, last_match_info, 2); |
| CONVERT_ARG_HANDLE_CHECKED(JSArray, result_array, 3); |
| + RUNTIME_ASSERT(last_match_info->HasFastObjectElements()); |
| + RUNTIME_ASSERT(result_array->HasFastObjectElements()); |
| subject = String::Flatten(subject); |
| - ASSERT(regexp->GetFlags().is_global()); |
| + RUNTIME_ASSERT(regexp->GetFlags().is_global()); |
| if (regexp->CaptureCount() == 0) { |
| return SearchRegExpMultiple<false>( |
| @@ -5504,6 +5514,7 @@ RUNTIME_FUNCTION(Runtime_SetHiddenProperty) { |
| CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0); |
| CONVERT_ARG_HANDLE_CHECKED(String, key, 1); |
| CONVERT_ARG_HANDLE_CHECKED(Object, value, 2); |
| + RUNTIME_ASSERT(key->IsUniqueName()); |
| return *JSObject::SetHiddenProperty(object, key, value); |
| } |
| @@ -7338,6 +7349,7 @@ RUNTIME_FUNCTION(Runtime_StringBuilderJoin) { |
| CONVERT_SMI_ARG_CHECKED(array_length, 1); |
| CONVERT_ARG_HANDLE_CHECKED(String, separator, 2); |
| RUNTIME_ASSERT(array->HasFastObjectElements()); |
| + RUNTIME_ASSERT(array_length >= 0); |
| Handle<FixedArray> fixed_array(FixedArray::cast(array->elements())); |
| if (fixed_array->length() < array_length) { |
| @@ -7385,17 +7397,19 @@ RUNTIME_FUNCTION(Runtime_StringBuilderJoin) { |
| uc16* end = sink + length; |
| #endif |
| + RUNTIME_ASSERT(fixed_array->get(0)->IsString()); |
| String* first = String::cast(fixed_array->get(0)); |
| - String* seperator_raw = *separator; |
| + String* separator_raw = *separator; |
| int first_length = first->length(); |
| String::WriteToFlat(first, sink, 0, first_length); |
| sink += first_length; |
| for (int i = 1; i < array_length; i++) { |
| ASSERT(sink + separator_length <= end); |
| - String::WriteToFlat(seperator_raw, sink, 0, separator_length); |
| + String::WriteToFlat(separator_raw, sink, 0, separator_length); |
| sink += separator_length; |
| + RUNTIME_ASSERT(fixed_array->get(i)->IsString()); |
| String* element = String::cast(fixed_array->get(i)); |
| int element_length = element->length(); |
| ASSERT(sink + element_length <= end); |
| @@ -7474,6 +7488,8 @@ RUNTIME_FUNCTION(Runtime_SparseJoinWithSeparator) { |
| FixedArray* elements = FixedArray::cast(elements_array->elements()); |
| for (int i = 0; i < elements_length; i += 2) { |
| RUNTIME_ASSERT(elements->get(i)->IsNumber()); |
| + CONVERT_NUMBER_CHECKED(uint32_t, position, Uint32, elements->get(i)); |
| + RUNTIME_ASSERT(position < array_length); |
| RUNTIME_ASSERT(elements->get(i + 1)->IsString()); |
| } |
| @@ -9752,6 +9768,8 @@ RUNTIME_FUNCTION(Runtime_DateLocalTimezone) { |
| ASSERT(args.length() == 1); |
| CONVERT_DOUBLE_ARG_CHECKED(x, 0); |
| + RUNTIME_ASSERT(x >= -DateCache::kMaxTimeBeforeUTCInMs && |
| + x <= DateCache::kMaxTimeBeforeUTCInMs); |
| const char* zone = |
| isolate->date_cache()->LocalTimezone(static_cast<int64_t>(x)); |
| Handle<String> result = isolate->factory()->NewStringFromUtf8( |
| @@ -9765,6 +9783,8 @@ RUNTIME_FUNCTION(Runtime_DateToUTC) { |
| ASSERT(args.length() == 1); |
| CONVERT_DOUBLE_ARG_CHECKED(x, 0); |
| + RUNTIME_ASSERT(x >= -DateCache::kMaxTimeBeforeUTCInMs && |
| + x <= DateCache::kMaxTimeBeforeUTCInMs); |
| int64_t time = isolate->date_cache()->ToUTC(static_cast<int64_t>(x)); |
| return *isolate->factory()->NewNumber(static_cast<double>(time)); |
| @@ -10356,6 +10376,10 @@ static bool IterateElements(Isolate* isolate, |
| if (length == 0) break; |
| // Run through the elements FixedArray and use HasElement and GetElement |
| // to check the prototype for missing elements. |
| + if (receiver->elements()->IsFixedArray()) { |
| + ASSERT(receiver->elements()->length() == 0); |
| + break; |
| + } |
| Handle<FixedDoubleArray> elements( |
| FixedDoubleArray::cast(receiver->elements())); |
| int fast_length = static_cast<int>(length); |
| @@ -10706,15 +10730,13 @@ RUNTIME_FUNCTION(Runtime_MoveArrayContents) { |
| RUNTIME_FUNCTION(Runtime_EstimateNumberOfElements) { |
| SealHandleScope shs(isolate); |
| ASSERT(args.length() == 1); |
| - CONVERT_ARG_CHECKED(JSObject, object, 0); |
| + CONVERT_ARG_CHECKED(JSArray, object, 0); |
| HeapObject* elements = object->elements(); |
| if (elements->IsDictionary()) { |
| int result = SeededNumberDictionary::cast(elements)->NumberOfElements(); |
| return Smi::FromInt(result); |
| - } else if (object->IsJSArray()) { |
| - return JSArray::cast(object)->length(); |
| } else { |
| - return Smi::FromInt(FixedArray::cast(elements)->length()); |
| + return object->length(); |
| } |
| } |
| @@ -10755,8 +10777,8 @@ RUNTIME_FUNCTION(Runtime_GetArrayKeys) { |
| } |
| return *isolate->factory()->NewJSArrayWithElements(keys); |
| } else { |
| - ASSERT(array->HasFastSmiOrObjectElements() || |
| - array->HasFastDoubleElements()); |
| + RUNTIME_ASSERT(array->HasFastSmiOrObjectElements() || |
| + array->HasFastDoubleElements()); |
| uint32_t actual_length = static_cast<uint32_t>(array->elements()->length()); |
| return *isolate->factory()->NewNumberFromUint(Min(actual_length, length)); |
| } |
| @@ -10859,8 +10881,8 @@ static Handle<Object> DebugLookupResultValue(Isolate* isolate, |
| break; |
| } |
| case INTERCEPTOR: |
| - break; |
| case HANDLER: |
| + break; |
| case NONEXISTENT: |
| UNREACHABLE(); |
| break; |
| @@ -12697,12 +12719,13 @@ RUNTIME_FUNCTION(Runtime_SetFunctionBreakPoint) { |
| ASSERT(args.length() == 3); |
| CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0); |
| CONVERT_NUMBER_CHECKED(int32_t, source_position, Int32, args[1]); |
| - RUNTIME_ASSERT(source_position >= 0); |
| + RUNTIME_ASSERT(source_position >= function->shared()->start_position() && |
| + source_position <= function->shared()->end_position()); |
| CONVERT_ARG_HANDLE_CHECKED(Object, break_point_object_arg, 2); |
| // Set break point. |
| - isolate->debug()->SetBreakPoint(function, break_point_object_arg, |
| - &source_position); |
| + RUNTIME_ASSERT(isolate->debug()->SetBreakPoint( |
| + function, break_point_object_arg, &source_position)); |
| return Smi::FromInt(source_position); |
| } |
| @@ -13504,7 +13527,7 @@ RUNTIME_FUNCTION(Runtime_LiveEditFunctionSetScript) { |
| Script* script = Script::cast(JSValue::cast(*script_object)->value()); |
| script_object = Handle<Object>(script, isolate); |
| } |
| - |
| + RUNTIME_ASSERT(function_wrapper->value()->IsSharedFunctionInfo()); |
| LiveEdit::SetFunctionScript(function_wrapper, script_object); |
| } else { |
| // Just ignore this. We may not have a SharedFunctionInfo for some functions |
