Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(953)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/builtins/builtins-typedarray.cc

Issue 2827443002: Reland [typedarrays] Check detached buffer at start of typed array methods (Closed)
Patch Set: rebase Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | src/compiler/js-intrinsic-lowering.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 the V8 project authors. All rights reserved. 1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/builtins/builtins-utils.h" 5 #include "src/builtins/builtins-utils.h"
6 #include "src/builtins/builtins.h" 6 #include "src/builtins/builtins.h"
7 #include "src/counters.h" 7 #include "src/counters.h"
8 #include "src/elements.h" 8 #include "src/elements.h"
9 #include "src/objects-inl.h" 9 #include "src/objects-inl.h"
10 10
11 namespace v8 { 11 namespace v8 {
12 namespace internal { 12 namespace internal {
13 13
14 // ----------------------------------------------------------------------------- 14 // -----------------------------------------------------------------------------
15 // ES6 section 22.2 TypedArray Objects 15 // ES6 section 22.2 TypedArray Objects
16 16
17 // ES6 section 22.2.3.1 get %TypedArray%.prototype.buffer 17 // ES6 section 22.2.3.1 get %TypedArray%.prototype.buffer
18 BUILTIN(TypedArrayPrototypeBuffer) { 18 BUILTIN(TypedArrayPrototypeBuffer) {
19 HandleScope scope(isolate); 19 HandleScope scope(isolate);
20 CHECK_RECEIVER(JSTypedArray, typed_array, "get TypedArray.prototype.buffer"); 20 CHECK_RECEIVER(JSTypedArray, typed_array,
21 "get %TypedArray%.prototype.buffer");
21 return *typed_array->GetBuffer(); 22 return *typed_array->GetBuffer();
22 } 23 }
23 24
24 namespace { 25 namespace {
25 26
26 int64_t CapRelativeIndex(Handle<Object> num, int64_t minimum, int64_t maximum) { 27 int64_t CapRelativeIndex(Handle<Object> num, int64_t minimum, int64_t maximum) {
27 int64_t relative; 28 int64_t relative;
28 if (V8_LIKELY(num->IsSmi())) { 29 if (V8_LIKELY(num->IsSmi())) {
29 relative = Smi::cast(*num)->value(); 30 relative = Smi::cast(*num)->value();
30 } else { 31 } else {
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after
121 } // namespace 122 } // namespace
122 123
123 BUILTIN(TypedArrayPrototypeCopyWithin) { 124 BUILTIN(TypedArrayPrototypeCopyWithin) {
124 HandleScope scope(isolate); 125 HandleScope scope(isolate);
125 126
126 Handle<JSTypedArray> array; 127 Handle<JSTypedArray> array;
127 const char* method = "%TypedArray%.prototype.copyWithin"; 128 const char* method = "%TypedArray%.prototype.copyWithin";
128 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 129 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
129 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method)); 130 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method));
130 131
131 if (V8_UNLIKELY(array->WasNeutered())) return *array;
132
133 int64_t len = array->length_value(); 132 int64_t len = array->length_value();
134 int64_t to = 0; 133 int64_t to = 0;
135 int64_t from = 0; 134 int64_t from = 0;
136 int64_t final = len; 135 int64_t final = len;
137 136
138 if (V8_LIKELY(args.length() > 1)) { 137 if (V8_LIKELY(args.length() > 1)) {
139 Handle<Object> num; 138 Handle<Object> num;
140 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 139 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
141 isolate, num, Object::ToInteger(isolate, args.at<Object>(1))); 140 isolate, num, Object::ToInteger(isolate, args.at<Object>(1)));
142 to = CapRelativeIndex(num, 0, len); 141 to = CapRelativeIndex(num, 0, len);
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
186 } 185 }
187 186
188 BUILTIN(TypedArrayPrototypeFill) { 187 BUILTIN(TypedArrayPrototypeFill) {
189 HandleScope scope(isolate); 188 HandleScope scope(isolate);
190 189
191 Handle<JSTypedArray> array; 190 Handle<JSTypedArray> array;
192 const char* method = "%TypedArray%.prototype.fill"; 191 const char* method = "%TypedArray%.prototype.fill";
193 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 192 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
194 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method)); 193 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method));
195 194
196 if (V8_UNLIKELY(array->WasNeutered())) return *array;
197
198 Handle<Object> obj_value = args.atOrUndefined(isolate, 1); 195 Handle<Object> obj_value = args.atOrUndefined(isolate, 1);
199 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 196 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
200 isolate, obj_value, Object::ToNumber(obj_value)); 197 isolate, obj_value, Object::ToNumber(obj_value));
201 198
202 int64_t len = array->length_value(); 199 int64_t len = array->length_value();
203 int64_t start = 0; 200 int64_t start = 0;
204 int64_t end = len; 201 int64_t end = len;
205 202
206 if (args.length() > 2) { 203 if (args.length() > 2) {
207 Handle<Object> num = args.atOrUndefined(isolate, 2); 204 Handle<Object> num = args.atOrUndefined(isolate, 2);
(...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after
335 } 332 }
336 333
337 BUILTIN(TypedArrayPrototypeReverse) { 334 BUILTIN(TypedArrayPrototypeReverse) {
338 HandleScope scope(isolate); 335 HandleScope scope(isolate);
339 336
340 Handle<JSTypedArray> array; 337 Handle<JSTypedArray> array;
341 const char* method = "%TypedArray%.prototype.reverse"; 338 const char* method = "%TypedArray%.prototype.reverse";
342 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 339 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
343 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method)); 340 isolate, array, JSTypedArray::Validate(isolate, args.receiver(), method));
344 341
345 if (V8_UNLIKELY(array->WasNeutered())) return *array;
346
347 ElementsAccessor* elements = array->GetElementsAccessor(); 342 ElementsAccessor* elements = array->GetElementsAccessor();
348 elements->Reverse(*array); 343 elements->Reverse(*array);
349 return *array; 344 return *array;
350 } 345 }
351 346
352 BUILTIN(TypedArrayPrototypeSlice) { 347 BUILTIN(TypedArrayPrototypeSlice) {
353 HandleScope scope(isolate); 348 HandleScope scope(isolate);
354 349
355 Handle<JSTypedArray> array; 350 Handle<JSTypedArray> array;
356 const char* method = "%TypedArray%.prototype.slice"; 351 const char* method = "%TypedArray%.prototype.slice";
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
394 389
395 if (count == 0) return *result_array; 390 if (count == 0) return *result_array;
396 391
397 ElementsAccessor* accessor = array->GetElementsAccessor(); 392 ElementsAccessor* accessor = array->GetElementsAccessor();
398 return *accessor->Slice(array, static_cast<uint32_t>(start), 393 return *accessor->Slice(array, static_cast<uint32_t>(start),
399 static_cast<uint32_t>(end), result_array); 394 static_cast<uint32_t>(end), result_array);
400 } 395 }
401 396
402 } // namespace internal 397 } // namespace internal
403 } // namespace v8 398 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | src/compiler/js-intrinsic-lowering.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698