Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(35)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime.cc

Issue 534243002: Add %LoadMutableDouble index check. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/field-index-inl.h ('k') | test/mjsunit/regress/regress-410262.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <stdlib.h> 5 #include <stdlib.h>
6 #include <limits> 6 #include <limits>
7 7
8 #include "src/v8.h" 8 #include "src/v8.h"
9 9
10 #include "src/accessors.h" 10 #include "src/accessors.h"
(...skipping 14623 matching lines...) Expand 10 before | Expand all | Expand 10 after
14634 return isolate->heap()->undefined_value(); 14634 return isolate->heap()->undefined_value();
14635 } 14635 }
14636 14636
14637 14637
14638 RUNTIME_FUNCTION(Runtime_LoadMutableDouble) { 14638 RUNTIME_FUNCTION(Runtime_LoadMutableDouble) {
14639 HandleScope scope(isolate); 14639 HandleScope scope(isolate);
14640 DCHECK(args.length() == 2); 14640 DCHECK(args.length() == 2);
14641 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0); 14641 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
14642 CONVERT_ARG_HANDLE_CHECKED(Smi, index, 1); 14642 CONVERT_ARG_HANDLE_CHECKED(Smi, index, 1);
14643 RUNTIME_ASSERT((index->value() & 1) == 1); 14643 RUNTIME_ASSERT((index->value() & 1) == 1);
14644 RUNTIME_ASSERT(FieldIndex::LoadByFieldIndexValid(index->value()));
14644 FieldIndex field_index = 14645 FieldIndex field_index =
14645 FieldIndex::ForLoadByFieldIndex(object->map(), index->value()); 14646 FieldIndex::ForLoadByFieldIndex(object->map(), index->value());
14646 if (field_index.is_inobject()) { 14647 if (field_index.is_inobject()) {
14647 RUNTIME_ASSERT(field_index.property_index() < 14648 RUNTIME_ASSERT(field_index.property_index() <
14648 object->map()->inobject_properties()); 14649 object->map()->inobject_properties());
14649 } else { 14650 } else {
14650 RUNTIME_ASSERT(field_index.outobject_array_index() < 14651 RUNTIME_ASSERT(field_index.outobject_array_index() <
14651 object->properties()->length()); 14652 object->properties()->length());
14652 } 14653 }
14653 Handle<Object> raw_value(object->RawFastPropertyAt(field_index), isolate); 14654 Handle<Object> raw_value(object->RawFastPropertyAt(field_index), isolate);
(...skipping 1003 matching lines...) Expand 10 before | Expand all | Expand 10 after
15657 } 15658 }
15658 return NULL; 15659 return NULL;
15659 } 15660 }
15660 15661
15661 15662
15662 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) { 15663 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) {
15663 return &(kIntrinsicFunctions[static_cast<int>(id)]); 15664 return &(kIntrinsicFunctions[static_cast<int>(id)]);
15664 } 15665 }
15665 15666
15666 } } // namespace v8::internal 15667 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/field-index-inl.h ('k') | test/mjsunit/regress/regress-410262.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698