Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1245)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/runtime.cc

Issue 279593004: Harden runtime functions (part 6). (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/runtime.h ('k') | test/mjsunit/runtime-gen/debuggetloadedscripts.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index 130afadc1bf7594a71204e4ddd74eaae3b0188a4..9853f2de540203e1cd5de3bb424fb27ada06225d 100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -882,6 +882,7 @@ RUNTIME_FUNCTION(Runtime_ArrayBufferSliceImpl) {
CONVERT_ARG_HANDLE_CHECKED(JSArrayBuffer, source, 0);
CONVERT_ARG_HANDLE_CHECKED(JSArrayBuffer, target, 1);
CONVERT_NUMBER_ARG_HANDLE_CHECKED(first, 2);
+ RUNTIME_ASSERT(!source.is_identical_to(target));
size_t start = 0;
RUNTIME_ASSERT(TryNumberToSize(isolate, *first, &start));
size_t target_length = NumberToSize(isolate, target->byte_length());
@@ -2800,10 +2801,10 @@ RUNTIME_FUNCTION(Runtime_FinishArrayPrototypeSetup) {
}
-static Handle<JSFunction> InstallBuiltin(Isolate* isolate,
- Handle<JSObject> holder,
- const char* name,
- Builtins::Name builtin_name) {
+static void InstallBuiltin(Isolate* isolate,
+ Handle<JSObject> holder,
+ const char* name,
+ Builtins::Name builtin_name) {
Handle<String> key = isolate->factory()->InternalizeUtf8String(name);
Handle<Code> code(isolate->builtins()->builtin(builtin_name));
Handle<JSFunction> optimized =
@@ -2815,14 +2816,14 @@ static Handle<JSFunction> InstallBuiltin(Isolate* isolate,
false);
optimized->shared()->DontAdaptArguments();
JSReceiver::SetProperty(holder, key, optimized, NONE, STRICT).Assert();
- return optimized;
}
RUNTIME_FUNCTION(Runtime_SpecialArrayFunctions) {
HandleScope scope(isolate);
- ASSERT(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, holder, 0);
+ ASSERT(args.length() == 0);
+ Handle<JSObject> holder =
+ isolate->factory()->NewJSObject(isolate->object_function());
InstallBuiltin(isolate, holder, "pop", Builtins::kArrayPop);
InstallBuiltin(isolate, holder, "push", Builtins::kArrayPush);
« no previous file with comments | « src/runtime.h ('k') | test/mjsunit/runtime-gen/debuggetloadedscripts.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698