Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(136)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/builtins/builtins-typedarray.cc

Issue 2778623003: [typedarrays] Check detached buffer at start of typed array methods (Closed)
Patch Set: Use inline IS_TYPEDARRAY Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | src/js/typedarray.js » ('j') | src/objects-inl.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 the V8 project authors. All rights reserved. 1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/builtins/builtins-utils.h" 5 #include "src/builtins/builtins-utils.h"
6 #include "src/builtins/builtins.h" 6 #include "src/builtins/builtins.h"
7 #include "src/counters.h" 7 #include "src/counters.h"
8 #include "src/elements.h" 8 #include "src/elements.h"
9 #include "src/objects-inl.h" 9 #include "src/objects-inl.h"
10 10
11 namespace v8 { 11 namespace v8 {
12 namespace internal { 12 namespace internal {
13 13
14 // ----------------------------------------------------------------------------- 14 // -----------------------------------------------------------------------------
15 // ES6 section 22.2 TypedArray Objects 15 // ES6 section 22.2 TypedArray Objects
16 16
17 // ES6 section 22.2.3.1 get %TypedArray%.prototype.buffer 17 // ES6 section 22.2.3.1 get %TypedArray%.prototype.buffer
18 BUILTIN(TypedArrayPrototypeBuffer) { 18 BUILTIN(TypedArrayPrototypeBuffer) {
19 HandleScope scope(isolate); 19 HandleScope scope(isolate);
20 CHECK_RECEIVER(JSTypedArray, typed_array, "get TypedArray.prototype.buffer"); 20 CHECK_RECEIVER(JSTypedArray, typed_array,
21 "get %TypedArray%.prototype.buffer");
21 return *typed_array->GetBuffer(); 22 return *typed_array->GetBuffer();
22 } 23 }
23 24
24 namespace { 25 namespace {
25 26
26 int64_t CapRelativeIndex(Handle<Object> num, int64_t minimum, int64_t maximum) { 27 int64_t CapRelativeIndex(Handle<Object> num, int64_t minimum, int64_t maximum) {
27 int64_t relative; 28 int64_t relative;
28 if (V8_LIKELY(num->IsSmi())) { 29 if (V8_LIKELY(num->IsSmi())) {
29 relative = Smi::cast(*num)->value(); 30 relative = Smi::cast(*num)->value();
30 } else { 31 } else {
(...skipping 13 matching lines...) Expand all
44 } // namespace 45 } // namespace
45 46
46 BUILTIN(TypedArrayPrototypeCopyWithin) { 47 BUILTIN(TypedArrayPrototypeCopyWithin) {
47 HandleScope scope(isolate); 48 HandleScope scope(isolate);
48 49
49 Handle<JSTypedArray> array; 50 Handle<JSTypedArray> array;
50 const char* method = "%TypedArray%.prototype.copyWithin"; 51 const char* method = "%TypedArray%.prototype.copyWithin";
51 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 52 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
52 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method)); 53 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method));
53 54
54 if (V8_UNLIKELY(array->WasNeutered())) return *array;
55
56 int64_t len = array->length_value(); 55 int64_t len = array->length_value();
57 int64_t to = 0; 56 int64_t to = 0;
58 int64_t from = 0; 57 int64_t from = 0;
59 int64_t final = len; 58 int64_t final = len;
60 59
61 if (V8_LIKELY(args.length() > 1)) { 60 if (V8_LIKELY(args.length() > 1)) {
62 Handle<Object> num; 61 Handle<Object> num;
63 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 62 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
64 isolate, num, Object::ToInteger(isolate, args.at<Object>(1))); 63 isolate, num, Object::ToInteger(isolate, args.at<Object>(1)));
65 to = CapRelativeIndex(num, 0, len); 64 to = CapRelativeIndex(num, 0, len);
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
109 } 108 }
110 109
111 BUILTIN(TypedArrayPrototypeFill) { 110 BUILTIN(TypedArrayPrototypeFill) {
112 HandleScope scope(isolate); 111 HandleScope scope(isolate);
113 112
114 Handle<JSTypedArray> array; 113 Handle<JSTypedArray> array;
115 const char* method = "%TypedArray%.prototype.fill"; 114 const char* method = "%TypedArray%.prototype.fill";
116 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 115 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
117 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method)); 116 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method));
118 117
119 if (V8_UNLIKELY(array->WasNeutered())) return *array;
120
121 int64_t len = array->length_value(); 118 int64_t len = array->length_value();
122 int64_t start = 0; 119 int64_t start = 0;
123 int64_t end = len; 120 int64_t end = len;
124 121
125 if (args.length() > 2) { 122 if (args.length() > 2) {
126 Handle<Object> num = args.atOrUndefined(isolate, 2); 123 Handle<Object> num = args.atOrUndefined(isolate, 2);
127 if (!num->IsUndefined(isolate)) { 124 if (!num->IsUndefined(isolate)) {
128 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 125 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
129 isolate, num, Object::ToInteger(isolate, num)); 126 isolate, num, Object::ToInteger(isolate, num));
130 start = CapRelativeIndex(num, 0, len); 127 start = CapRelativeIndex(num, 0, len);
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after
256 } 253 }
257 254
258 BUILTIN(TypedArrayPrototypeReverse) { 255 BUILTIN(TypedArrayPrototypeReverse) {
259 HandleScope scope(isolate); 256 HandleScope scope(isolate);
260 257
261 Handle<JSTypedArray> array; 258 Handle<JSTypedArray> array;
262 const char* method = "%TypedArray%.prototype.reverse"; 259 const char* method = "%TypedArray%.prototype.reverse";
263 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 260 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
264 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method)); 261 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method));
265 262
266 if (V8_UNLIKELY(array->WasNeutered())) return *array;
267
268 ElementsAccessor* elements = array->GetElementsAccessor(); 263 ElementsAccessor* elements = array->GetElementsAccessor();
269 elements->Reverse(*array); 264 elements->Reverse(*array);
270 return *array; 265 return *array;
271 } 266 }
272 267
273 } // namespace internal 268 } // namespace internal
274 } // namespace v8 269 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | src/js/typedarray.js » ('j') | src/objects-inl.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698