test/mjsunit/harmony/atomics.js - Issue 2814753003: [SAB] Validate index before value conversion

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: test/mjsunit/harmony/atomics.js

Issue 2814753003: [SAB] Validate index before value conversion (Closed)

Patch Set: feedback Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: test/mjsunit/harmony/atomics.js

diff --git a/test/mjsunit/harmony/atomics.js b/test/mjsunit/harmony/atomics.js

index 840d00e78b12691ad77343f3323a4c984b013f8e..ef900761032bb9a3d0b775ffaeae138897d02cd1 100644

--- a/test/mjsunit/harmony/atomics.js

+++ b/test/mjsunit/harmony/atomics.js

@@ -62,9 +62,9 @@ var IntegerTypedArrayConstructors = [

var si32a = new Int32Array(sab);

var si32a2 = new Int32Array(sab, 4);

- // Non-integer indexes should throw RangeError.

- var nonInteger = [1.4, '1.4', NaN, -Infinity, Infinity, undefined, 'hi', {}];

- nonInteger.forEach(function(i) {

+ // Indexes that are out of bounds when coerced via ToIndex should throw

+ // RangeError.

+ [-Infinity, Infinity].forEach(function(i) {

assertThrows(function() { Atomics.compareExchange(si32a, i, 0); },

RangeError);

assertThrows(function() { Atomics.load(si32a, i, 0); }, RangeError);

@@ -140,7 +140,8 @@ var IntegerTypedArrayConstructors = [

};

// These values all map to index 0

- [-0, 0, 0.0, null, false].forEach(function(i) {

+ [-0, 0, 0.0, null, false, NaN, {}, '0.2', 'hi', undefined].forEach(

+ function(i) {

var name = String(i);

[si32a, si32a2].forEach(function(array) {

testOp(Atomics.compareExchange, array, i, 0, name);

@@ -564,3 +565,33 @@ function clearArray(sab) {

});

})();

+(function TestValidateIndexBeforeValue() {

+ var testOp = function(op, sta, name) {

+ var valueof_has_been_called = 0;

+ var value = {valueOf: function() { valueof_has_been_called = 1; return 0;}};

+ var index = -1;

+ // The index should be checked before calling ToInteger on the value, so

+ // valueof_has_been_called should not be modified.

+ sta[0] = 0;

+ assertThrows(function() { op(sta, index, value, value); }, RangeError);

+ assertEquals(0, valueof_has_been_called);

+ };

+ IntegerTypedArrayConstructors.forEach(function(t) {

+ var sab = new SharedArrayBuffer(10 * t.constr.BYTES_PER_ELEMENT);

+ var sta = new t.constr(sab);

+ var name = Object.prototype.toString.call(sta);

+ testOp(Atomics.compareExchange, sta, name);

+ testOp(Atomics.load, sta, name);

+ testOp(Atomics.store, sta, name);

+ testOp(Atomics.add, sta, name);

+ testOp(Atomics.sub, sta, name);

+ testOp(Atomics.and, sta, name);

+ testOp(Atomics.or, sta, name);

+ testOp(Atomics.xor, sta, name);

+ testOp(Atomics.exchange, sta, name);

+ });

+})();

« no previous file with comments | « src/compiler/ia32/instruction-selector-ia32.cc ('k') | test/test262/test262.status » ('j') | no next file with comments »