Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(171)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime.cc

Issue 279593004: Harden runtime functions (part 6). (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/runtime.h ('k') | test/mjsunit/runtime-gen/debuggetloadedscripts.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <stdlib.h> 5 #include <stdlib.h>
6 #include <limits> 6 #include <limits>
7 7
8 #include "v8.h" 8 #include "v8.h"
9 9
10 #include "accessors.h" 10 #include "accessors.h"
(...skipping 864 matching lines...) Expand 10 before | Expand all | Expand 10 after
875 return holder->byte_length(); 875 return holder->byte_length();
876 } 876 }
877 877
878 878
879 RUNTIME_FUNCTION(Runtime_ArrayBufferSliceImpl) { 879 RUNTIME_FUNCTION(Runtime_ArrayBufferSliceImpl) {
880 HandleScope scope(isolate); 880 HandleScope scope(isolate);
881 ASSERT(args.length() == 3); 881 ASSERT(args.length() == 3);
882 CONVERT_ARG_HANDLE_CHECKED(JSArrayBuffer, source, 0); 882 CONVERT_ARG_HANDLE_CHECKED(JSArrayBuffer, source, 0);
883 CONVERT_ARG_HANDLE_CHECKED(JSArrayBuffer, target, 1); 883 CONVERT_ARG_HANDLE_CHECKED(JSArrayBuffer, target, 1);
884 CONVERT_NUMBER_ARG_HANDLE_CHECKED(first, 2); 884 CONVERT_NUMBER_ARG_HANDLE_CHECKED(first, 2);
885 RUNTIME_ASSERT(!source.is_identical_to(target));
885 size_t start = 0; 886 size_t start = 0;
886 RUNTIME_ASSERT(TryNumberToSize(isolate, *first, &start)); 887 RUNTIME_ASSERT(TryNumberToSize(isolate, *first, &start));
887 size_t target_length = NumberToSize(isolate, target->byte_length()); 888 size_t target_length = NumberToSize(isolate, target->byte_length());
888 889
889 if (target_length == 0) return isolate->heap()->undefined_value(); 890 if (target_length == 0) return isolate->heap()->undefined_value();
890 891
891 size_t source_byte_length = NumberToSize(isolate, source->byte_length()); 892 size_t source_byte_length = NumberToSize(isolate, source->byte_length());
892 RUNTIME_ASSERT(start <= source_byte_length); 893 RUNTIME_ASSERT(start <= source_byte_length);
893 RUNTIME_ASSERT(source_byte_length - start >= target_length); 894 RUNTIME_ASSERT(source_byte_length - start >= target_length);
894 uint8_t* source_data = reinterpret_cast<uint8_t*>(source->backing_store()); 895 uint8_t* source_data = reinterpret_cast<uint8_t*>(source->backing_store());
(...skipping 1898 matching lines...) Expand 10 before | Expand all | Expand 10 after
2793 Object* length = prototype->length(); 2794 Object* length = prototype->length();
2794 RUNTIME_ASSERT(length->IsSmi() && Smi::cast(length)->value() == 0); 2795 RUNTIME_ASSERT(length->IsSmi() && Smi::cast(length)->value() == 0);
2795 RUNTIME_ASSERT(prototype->HasFastSmiOrObjectElements()); 2796 RUNTIME_ASSERT(prototype->HasFastSmiOrObjectElements());
2796 // This is necessary to enable fast checks for absence of elements 2797 // This is necessary to enable fast checks for absence of elements
2797 // on Array.prototype and below. 2798 // on Array.prototype and below.
2798 prototype->set_elements(isolate->heap()->empty_fixed_array()); 2799 prototype->set_elements(isolate->heap()->empty_fixed_array());
2799 return Smi::FromInt(0); 2800 return Smi::FromInt(0);
2800 } 2801 }
2801 2802
2802 2803
2803 static Handle<JSFunction> InstallBuiltin(Isolate* isolate, 2804 static void InstallBuiltin(Isolate* isolate,
2804 Handle<JSObject> holder, 2805 Handle<JSObject> holder,
2805 const char* name, 2806 const char* name,
2806 Builtins::Name builtin_name) { 2807 Builtins::Name builtin_name) {
2807 Handle<String> key = isolate->factory()->InternalizeUtf8String(name); 2808 Handle<String> key = isolate->factory()->InternalizeUtf8String(name);
2808 Handle<Code> code(isolate->builtins()->builtin(builtin_name)); 2809 Handle<Code> code(isolate->builtins()->builtin(builtin_name));
2809 Handle<JSFunction> optimized = 2810 Handle<JSFunction> optimized =
2810 isolate->factory()->NewFunction(MaybeHandle<Object>(), 2811 isolate->factory()->NewFunction(MaybeHandle<Object>(),
2811 key, 2812 key,
2812 JS_OBJECT_TYPE, 2813 JS_OBJECT_TYPE,
2813 JSObject::kHeaderSize, 2814 JSObject::kHeaderSize,
2814 code, 2815 code,
2815 false); 2816 false);
2816 optimized->shared()->DontAdaptArguments(); 2817 optimized->shared()->DontAdaptArguments();
2817 JSReceiver::SetProperty(holder, key, optimized, NONE, STRICT).Assert(); 2818 JSReceiver::SetProperty(holder, key, optimized, NONE, STRICT).Assert();
2818 return optimized;
2819 } 2819 }
2820 2820
2821 2821
2822 RUNTIME_FUNCTION(Runtime_SpecialArrayFunctions) { 2822 RUNTIME_FUNCTION(Runtime_SpecialArrayFunctions) {
2823 HandleScope scope(isolate); 2823 HandleScope scope(isolate);
2824 ASSERT(args.length() == 1); 2824 ASSERT(args.length() == 0);
2825 CONVERT_ARG_HANDLE_CHECKED(JSObject, holder, 0); 2825 Handle<JSObject> holder =
2826 isolate->factory()->NewJSObject(isolate->object_function());
2826 2827
2827 InstallBuiltin(isolate, holder, "pop", Builtins::kArrayPop); 2828 InstallBuiltin(isolate, holder, "pop", Builtins::kArrayPop);
2828 InstallBuiltin(isolate, holder, "push", Builtins::kArrayPush); 2829 InstallBuiltin(isolate, holder, "push", Builtins::kArrayPush);
2829 InstallBuiltin(isolate, holder, "shift", Builtins::kArrayShift); 2830 InstallBuiltin(isolate, holder, "shift", Builtins::kArrayShift);
2830 InstallBuiltin(isolate, holder, "unshift", Builtins::kArrayUnshift); 2831 InstallBuiltin(isolate, holder, "unshift", Builtins::kArrayUnshift);
2831 InstallBuiltin(isolate, holder, "slice", Builtins::kArraySlice); 2832 InstallBuiltin(isolate, holder, "slice", Builtins::kArraySlice);
2832 InstallBuiltin(isolate, holder, "splice", Builtins::kArraySplice); 2833 InstallBuiltin(isolate, holder, "splice", Builtins::kArraySplice);
2833 InstallBuiltin(isolate, holder, "concat", Builtins::kArrayConcat); 2834 InstallBuiltin(isolate, holder, "concat", Builtins::kArrayConcat);
2834 2835
2835 return *holder; 2836 return *holder;
(...skipping 12428 matching lines...) Expand 10 before | Expand all | Expand 10 after
15264 } 15265 }
15265 return NULL; 15266 return NULL;
15266 } 15267 }
15267 15268
15268 15269
15269 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) { 15270 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) {
15270 return &(kIntrinsicFunctions[static_cast<int>(id)]); 15271 return &(kIntrinsicFunctions[static_cast<int>(id)]);
15271 } 15272 }
15272 15273
15273 } } // namespace v8::internal 15274 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/runtime.h ('k') | test/mjsunit/runtime-gen/debuggetloadedscripts.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698