[typedarrays] Check detached buffer at start of typed array methods

src/builtins/builtins-typedarray.cc

 // Copyright 2016 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/builtins/builtins-utils.h"
 #include "src/builtins/builtins.h"
 #include "src/counters.h"
 #include "src/elements.h"
 #include "src/objects-inl.h"
 
@@ skipping 29 matching lines @@
   return relative < 0 ? std::max<int64_t>(relative + maximum, minimum)
                       : std::min<int64_t>(relative, maximum);
 }
 
 }  // namespace
 
 BUILTIN(TypedArrayPrototypeCopyWithin) {
   HandleScope scope(isolate);
 
   Handle<JSTypedArray> array;
-  const char* method = "%TypedArray%.prototype.copyWithin";

[adamk, 2017/03/27 19:48:20]

Why did this change? "%TypedArray%" is the spec name, and there's nothing called
"TypedArray" attached to the global object.

[Choongwoo Han, 2017/03/28 09:50:58]

Done.

+  const char* method = "TypedArray.prototype.copyWithin";
   ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
       isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method));
 
-  if (V8_UNLIKELY(array->WasNeutered())) return *array;
-
   int64_t len = array->length_value();
   int64_t to = 0;
   int64_t from = 0;
   int64_t final = len;
 
   if (V8_LIKELY(args.length() > 1)) {
     Handle<Object> num;
     ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
         isolate, num, Object::ToInteger(isolate, args.at<Object>(1)));
     to = CapRelativeIndex(num, 0, len);
@@ skipping 39 matching lines @@
   uint8_t* data = static_cast<uint8_t*>(elements->DataPtr());
   std::memmove(data + to, data + from, count);
 
   return *array;
 }
 
 BUILTIN(TypedArrayPrototypeFill) {
   HandleScope scope(isolate);
 
   Handle<JSTypedArray> array;
-  const char* method = "%TypedArray%.prototype.fill";
+  const char* method = "TypedArray.prototype.fill";
   ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
       isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method));
 
-  if (V8_UNLIKELY(array->WasNeutered())) return *array;
-
   int64_t len = array->length_value();
   int64_t start = 0;
   int64_t end = len;
 
   if (args.length() > 2) {
     Handle<Object> num = args.atOrUndefined(isolate, 2);
     if (!num->IsUndefined(isolate)) {
       ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
           isolate, num, Object::ToInteger(isolate, num));
       start = CapRelativeIndex(num, 0, len);
@@ skipping 23 matching lines @@
 
   return array->GetElementsAccessor()->Fill(isolate, array, obj_value,
                                             static_cast<uint32_t>(start),
                                             static_cast<uint32_t>(end));
 }
 
 BUILTIN(TypedArrayPrototypeIncludes) {
   HandleScope scope(isolate);
 
   Handle<JSTypedArray> array;
-  const char* method = "%TypedArray%.prototype.includes";
+  const char* method = "TypedArray.prototype.includes";
   ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
       isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method));
 
   if (args.length() < 2) return isolate->heap()->false_value();
 
   int64_t len = array->length_value();
   if (len == 0) return isolate->heap()->false_value();
 
   int64_t index = 0;
   if (args.length() > 2) {
@@ skipping 12 matching lines @@
                                                static_cast<uint32_t>(index),
                                                static_cast<uint32_t>(len));
   MAYBE_RETURN(result, isolate->heap()->exception());
   return *isolate->factory()->ToBoolean(result.FromJust());
 }
 
 BUILTIN(TypedArrayPrototypeIndexOf) {
   HandleScope scope(isolate);
 
   Handle<JSTypedArray> array;
-  const char* method = "%TypedArray%.prototype.indexOf";
+  const char* method = "TypedArray.prototype.indexOf";
   ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
       isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method));
 
   int64_t len = array->length_value();
   if (len == 0) return Smi::FromInt(-1);
 
   int64_t index = 0;
   if (args.length() > 2) {
     Handle<Object> num;
     ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
@@ skipping 10 matching lines @@
                                                  static_cast<uint32_t>(index),
                                                  static_cast<uint32_t>(len));
   MAYBE_RETURN(result, isolate->heap()->exception());
   return *isolate->factory()->NewNumberFromInt64(result.FromJust());
 }
 
 BUILTIN(TypedArrayPrototypeLastIndexOf) {
   HandleScope scope(isolate);
 
   Handle<JSTypedArray> array;
-  const char* method = "%TypedArray%.prototype.lastIndexOf";
+  const char* method = "TypedArray.prototype.lastIndexOf";
   ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
       isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method));
 
   int64_t len = array->length_value();
   if (len == 0) return Smi::FromInt(-1);
 
   int64_t index = len - 1;
   if (args.length() > 2) {
     Handle<Object> num;
     ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
@@ skipping 13 matching lines @@
   Maybe<int64_t> result = elements->LastIndexOfValue(
       isolate, array, search_element, static_cast<uint32_t>(index));
   MAYBE_RETURN(result, isolate->heap()->exception());
   return *isolate->factory()->NewNumberFromInt64(result.FromJust());
 }
 
 BUILTIN(TypedArrayPrototypeReverse) {
   HandleScope scope(isolate);
 
   Handle<JSTypedArray> array;
-  const char* method = "%TypedArray%.prototype.reverse";
+  const char* method = "TypedArray.prototype.reverse";
   ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
       isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method));
 
-  if (V8_UNLIKELY(array->WasNeutered())) return *array;
-
   ElementsAccessor* elements = array->GetElementsAccessor();
   elements->Reverse(*array);
   return *array;
 }
 
 }  // namespace internal
 }  // namespace v8