Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime/runtime-typedarray.cc

Issue 2778623003: [typedarrays] Check detached buffer at start of typed array methods (Closed)
Patch Set: crankshaft inline Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« src/js/typedarray.js ('K') | « src/runtime/runtime.h ('k') | test/mjsunit/es6/typedarray-copywithin.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/runtime/runtime-utils.h" 5 #include "src/runtime/runtime-utils.h"
6 6
7 #include "src/arguments.h" 7 #include "src/arguments.h"
8 #include "src/elements.h" 8 #include "src/elements.h"
9 #include "src/factory.h" 9 #include "src/factory.h"
10 #include "src/messages.h" 10 #include "src/messages.h"
(...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after
195 CONVERT_ARG_HANDLE_CHECKED(JS##Type, holder, 0); \ 195 CONVERT_ARG_HANDLE_CHECKED(JS##Type, holder, 0); \
196 return holder->accessor(); \ 196 return holder->accessor(); \
197 } 197 }
198 198
199 BUFFER_VIEW_GETTER(ArrayBufferView, ByteLength, byte_length) 199 BUFFER_VIEW_GETTER(ArrayBufferView, ByteLength, byte_length)
200 BUFFER_VIEW_GETTER(ArrayBufferView, ByteOffset, byte_offset) 200 BUFFER_VIEW_GETTER(ArrayBufferView, ByteOffset, byte_offset)
201 BUFFER_VIEW_GETTER(TypedArray, Length, length) 201 BUFFER_VIEW_GETTER(TypedArray, Length, length)
202 202
203 #undef BUFFER_VIEW_GETTER 203 #undef BUFFER_VIEW_GETTER
204 204
205 RUNTIME_FUNCTION(Runtime_ArrayBufferViewWasNeutered) {
206 HandleScope scope(isolate);
207 DCHECK_EQ(1, args.length());
208 return isolate->heap()->ToBoolean(JSTypedArray::cast(args[0])->WasNeutered());
209 }
210
205 RUNTIME_FUNCTION(Runtime_TypedArrayGetBuffer) { 211 RUNTIME_FUNCTION(Runtime_TypedArrayGetBuffer) {
206 HandleScope scope(isolate); 212 HandleScope scope(isolate);
207 DCHECK_EQ(1, args.length()); 213 DCHECK_EQ(1, args.length());
208 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, holder, 0); 214 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, holder, 0);
209 return *holder->GetBuffer(); 215 return *holder->GetBuffer();
210 } 216 }
211 217
212 218
213 // Return codes for Runtime_TypedArraySetFastCases. 219 // Return codes for Runtime_TypedArraySetFastCases.
214 // Should be synchronized with typedarray.js natives. 220 // Should be synchronized with typedarray.js natives.
(...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after
353 return Smi::FromInt(FLAG_typed_array_max_size_in_heap); 359 return Smi::FromInt(FLAG_typed_array_max_size_in_heap);
354 } 360 }
355 361
356 362
357 RUNTIME_FUNCTION(Runtime_IsTypedArray) { 363 RUNTIME_FUNCTION(Runtime_IsTypedArray) {
358 HandleScope scope(isolate); 364 HandleScope scope(isolate);
359 DCHECK_EQ(1, args.length()); 365 DCHECK_EQ(1, args.length());
360 return isolate->heap()->ToBoolean(args[0]->IsJSTypedArray()); 366 return isolate->heap()->ToBoolean(args[0]->IsJSTypedArray());
361 } 367 }
362 368
363
364 RUNTIME_FUNCTION(Runtime_IsSharedTypedArray) { 369 RUNTIME_FUNCTION(Runtime_IsSharedTypedArray) {
365 HandleScope scope(isolate); 370 HandleScope scope(isolate);
366 DCHECK_EQ(1, args.length()); 371 DCHECK_EQ(1, args.length());
367 return isolate->heap()->ToBoolean( 372 return isolate->heap()->ToBoolean(
368 args[0]->IsJSTypedArray() && 373 args[0]->IsJSTypedArray() &&
369 JSTypedArray::cast(args[0])->GetBuffer()->is_shared()); 374 JSTypedArray::cast(args[0])->GetBuffer()->is_shared());
370 } 375 }
371 376
372 377
373 RUNTIME_FUNCTION(Runtime_IsSharedIntegerTypedArray) { 378 RUNTIME_FUNCTION(Runtime_IsSharedIntegerTypedArray) {
(...skipping 18 matching lines...) Expand all
392 return isolate->heap()->false_value(); 397 return isolate->heap()->false_value();
393 } 398 }
394 399
395 Handle<JSTypedArray> obj(JSTypedArray::cast(args[0])); 400 Handle<JSTypedArray> obj(JSTypedArray::cast(args[0]));
396 return isolate->heap()->ToBoolean(obj->GetBuffer()->is_shared() && 401 return isolate->heap()->ToBoolean(obj->GetBuffer()->is_shared() &&
397 obj->type() == kExternalInt32Array); 402 obj->type() == kExternalInt32Array);
398 } 403 }
399 404
400 } // namespace internal 405 } // namespace internal
401 } // namespace v8 406 } // namespace v8
OLDNEW
« src/js/typedarray.js ('K') | « src/runtime/runtime.h ('k') | test/mjsunit/es6/typedarray-copywithin.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698