Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(296)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/builtins/builtins-typedarray.cc

Issue 2778623003: [typedarrays] Check detached buffer at start of typed array methods (Closed)
Patch Set: pass test262 for subarray Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | src/compiler/js-intrinsic-lowering.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 the V8 project authors. All rights reserved. 1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/builtins/builtins-utils.h" 5 #include "src/builtins/builtins-utils.h"
6 #include "src/builtins/builtins.h" 6 #include "src/builtins/builtins.h"
7 #include "src/counters.h" 7 #include "src/counters.h"
8 #include "src/elements.h" 8 #include "src/elements.h"
9 #include "src/objects-inl.h" 9 #include "src/objects-inl.h"
10 10
11 namespace v8 { 11 namespace v8 {
12 namespace internal { 12 namespace internal {
13 13
14 // ----------------------------------------------------------------------------- 14 // -----------------------------------------------------------------------------
15 // ES6 section 22.2 TypedArray Objects 15 // ES6 section 22.2 TypedArray Objects
16 16
17 // ES6 section 22.2.3.1 get %TypedArray%.prototype.buffer 17 // ES6 section 22.2.3.1 get %TypedArray%.prototype.buffer
18 BUILTIN(TypedArrayPrototypeBuffer) { 18 BUILTIN(TypedArrayPrototypeBuffer) {
19 HandleScope scope(isolate); 19 HandleScope scope(isolate);
20 CHECK_RECEIVER(JSTypedArray, typed_array, "get TypedArray.prototype.buffer"); 20 CHECK_RECEIVER(JSTypedArray, typed_array,
21 "get %TypedArray%.prototype.buffer");
21 return *typed_array->GetBuffer(); 22 return *typed_array->GetBuffer();
22 } 23 }
23 24
24 namespace { 25 namespace {
25 26
26 int64_t CapRelativeIndex(Handle<Object> num, int64_t minimum, int64_t maximum) { 27 int64_t CapRelativeIndex(Handle<Object> num, int64_t minimum, int64_t maximum) {
27 int64_t relative; 28 int64_t relative;
28 if (V8_LIKELY(num->IsSmi())) { 29 if (V8_LIKELY(num->IsSmi())) {
29 relative = Smi::cast(*num)->value(); 30 relative = Smi::cast(*num)->value();
30 } else { 31 } else {
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after
121 } // namespace 122 } // namespace
122 123
123 BUILTIN(TypedArrayPrototypeCopyWithin) { 124 BUILTIN(TypedArrayPrototypeCopyWithin) {
124 HandleScope scope(isolate); 125 HandleScope scope(isolate);
125 126
126 Handle<JSTypedArray> array; 127 Handle<JSTypedArray> array;
127 const char* method = "%TypedArray%.prototype.copyWithin"; 128 const char* method = "%TypedArray%.prototype.copyWithin";
128 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 129 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
129 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method)); 130 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method));
130 131
131 if (V8_UNLIKELY(array->WasNeutered())) return *array;
132
133 int64_t len = array->length_value(); 132 int64_t len = array->length_value();
134 int64_t to = 0; 133 int64_t to = 0;
135 int64_t from = 0; 134 int64_t from = 0;
136 int64_t final = len; 135 int64_t final = len;
137 136
138 if (V8_LIKELY(args.length() > 1)) { 137 if (V8_LIKELY(args.length() > 1)) {
139 Handle<Object> num; 138 Handle<Object> num;
140 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 139 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
141 isolate, num, Object::ToInteger(isolate, args.at<Object>(1))); 140 isolate, num, Object::ToInteger(isolate, args.at<Object>(1)));
142 to = CapRelativeIndex(num, 0, len); 141 to = CapRelativeIndex(num, 0, len);
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
186 } 185 }
187 186
188 BUILTIN(TypedArrayPrototypeFill) { 187 BUILTIN(TypedArrayPrototypeFill) {
189 HandleScope scope(isolate); 188 HandleScope scope(isolate);
190 189
191 Handle<JSTypedArray> array; 190 Handle<JSTypedArray> array;
192 const char* method = "%TypedArray%.prototype.fill"; 191 const char* method = "%TypedArray%.prototype.fill";
193 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 192 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
194 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method)); 193 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method));
195 194
196 if (V8_UNLIKELY(array->WasNeutered())) return *array;
197
198 int64_t len = array->length_value(); 195 int64_t len = array->length_value();
199 int64_t start = 0; 196 int64_t start = 0;
200 int64_t end = len; 197 int64_t end = len;
201 198
202 if (args.length() > 2) { 199 if (args.length() > 2) {
203 Handle<Object> num = args.atOrUndefined(isolate, 2); 200 Handle<Object> num = args.atOrUndefined(isolate, 2);
204 if (!num->IsUndefined(isolate)) { 201 if (!num->IsUndefined(isolate)) {
205 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 202 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
206 isolate, num, Object::ToInteger(isolate, num)); 203 isolate, num, Object::ToInteger(isolate, num));
207 start = CapRelativeIndex(num, 0, len); 204 start = CapRelativeIndex(num, 0, len);
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after
333 } 330 }
334 331
335 BUILTIN(TypedArrayPrototypeReverse) { 332 BUILTIN(TypedArrayPrototypeReverse) {
336 HandleScope scope(isolate); 333 HandleScope scope(isolate);
337 334
338 Handle<JSTypedArray> array; 335 Handle<JSTypedArray> array;
339 const char* method = "%TypedArray%.prototype.reverse"; 336 const char* method = "%TypedArray%.prototype.reverse";
340 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 337 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
341 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method)); 338 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method));
342 339
343 if (V8_UNLIKELY(array->WasNeutered())) return *array;
344
345 ElementsAccessor* elements = array->GetElementsAccessor(); 340 ElementsAccessor* elements = array->GetElementsAccessor();
346 elements->Reverse(*array); 341 elements->Reverse(*array);
347 return *array; 342 return *array;
348 } 343 }
349 344
350 BUILTIN(TypedArrayPrototypeSlice) { 345 BUILTIN(TypedArrayPrototypeSlice) {
351 HandleScope scope(isolate); 346 HandleScope scope(isolate);
352 347
353 Handle<JSTypedArray> array; 348 Handle<JSTypedArray> array;
354 const char* method = "%TypedArray%.prototype.slice"; 349 const char* method = "%TypedArray%.prototype.slice";
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
392 387
393 if (count == 0) return *result_array; 388 if (count == 0) return *result_array;
394 389
395 ElementsAccessor* accessor = array->GetElementsAccessor(); 390 ElementsAccessor* accessor = array->GetElementsAccessor();
396 return *accessor->Slice(array, static_cast<uint32_t>(start), 391 return *accessor->Slice(array, static_cast<uint32_t>(start),
397 static_cast<uint32_t>(end), result_array); 392 static_cast<uint32_t>(end), result_array);
398 } 393 }
399 394
400 } // namespace internal 395 } // namespace internal
401 } // namespace v8 396 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | src/compiler/js-intrinsic-lowering.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698