Chromium Code Reviews Chromium Code Reviews
Issue 73943004:
Limit the size for typed arrays to MaxSmi. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge| OLD | NEW |
|---|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 899 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 910 | 910 |
| 911 holder->set_buffer(*buffer); | 911 holder->set_buffer(*buffer); |
| 912 holder->set_byte_offset(*byte_offset_object); | 912 holder->set_byte_offset(*byte_offset_object); |
| 913 holder->set_byte_length(*byte_length_object); | 913 holder->set_byte_length(*byte_length_object); |
| 914 | 914 |
| 915 size_t byte_offset = NumberToSize(isolate, *byte_offset_object); | 915 size_t byte_offset = NumberToSize(isolate, *byte_offset_object); |
| 916 size_t byte_length = NumberToSize(isolate, *byte_length_object); | 916 size_t byte_length = NumberToSize(isolate, *byte_length_object); |
| 917 ASSERT(byte_length % element_size == 0); | 917 ASSERT(byte_length % element_size == 0); |
| 918 size_t length = byte_length / element_size; | 918 size_t length = byte_length / element_size; |
| 919 | 919 |
| 920 if (length > static_cast<unsigned>(Smi::kMaxValue)) { | |
| 921 return isolate->Throw(*isolate->factory()-> | |
| 922 NewRangeError("invalid_array_buffer_length", | |
| 923 HandleVector<Object>(NULL, 0))); | |
| 924 } | |
| 925 | |
| 920 Handle<Object> length_obj = isolate->factory()->NewNumberFromSize(length); | 926 Handle<Object> length_obj = isolate->factory()->NewNumberFromSize(length); |
| 921 holder->set_length(*length_obj); | 927 holder->set_length(*length_obj); |
| 922 holder->set_weak_next(buffer->weak_first_view()); | 928 holder->set_weak_next(buffer->weak_first_view()); |
| 923 buffer->set_weak_first_view(*holder); | 929 buffer->set_weak_first_view(*holder); |
| 924 | 930 |
| 925 Handle<ExternalArray> elements = | 931 Handle<ExternalArray> elements = |
| 926 isolate->factory()->NewExternalArray( | 932 isolate->factory()->NewExternalArray( |
| 927 static_cast<int>(length), array_type, | 933 static_cast<int>(length), array_type, |
| 928 static_cast<uint8_t*>(buffer->backing_store()) + byte_offset); | 934 static_cast<uint8_t*>(buffer->backing_store()) + byte_offset); |
| 929 holder->set_elements(*elements); | 935 holder->set_elements(*elements); |
| 930 return isolate->heap()->undefined_value(); | 936 return isolate->heap()->undefined_value(); |
| 931 } | 937 } |
| 932 | 938 |
| 933 | 939 |
| 934 // Initializes a typed array from an array-like object. | 940 // Initializes a typed array from an array-like object. |
| 935 // If an array-like object happens to be a typed array of the same type, | 941 // If an array-like object happens to be a typed array of the same type, |
| 936 // initializes backing store using memove. | 942 // initializes backing store using memove. |
| 937 // | 943 // |
| 938 // Returns true if backing store was initialized or false otherwise. | 944 // Returns true if backing stor e was initialized or false otherwise. |
|
Jakob Kummerow
2013/11/15 15:13:08
nit: accidental edit
Dmitry Lomov (no reviews)
2013/11/15 16:03:07
Done.
| |
| 939 RUNTIME_FUNCTION(MaybeObject*, Runtime_TypedArrayInitializeFromArrayLike) { | 945 RUNTIME_FUNCTION(MaybeObject*, Runtime_TypedArrayInitializeFromArrayLike) { |
| 940 HandleScope scope(isolate); | 946 HandleScope scope(isolate); |
| 941 ASSERT(args.length() == 4); | 947 ASSERT(args.length() == 4); |
| 942 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, holder, 0); | 948 CONVERT_ARG_HANDLE_CHECKED(JSTypedArray, holder, 0); |
| 943 CONVERT_SMI_ARG_CHECKED(arrayId, 1); | 949 CONVERT_SMI_ARG_CHECKED(arrayId, 1); |
| 944 CONVERT_ARG_HANDLE_CHECKED(Object, source, 2); | 950 CONVERT_ARG_HANDLE_CHECKED(Object, source, 2); |
| 945 CONVERT_ARG_HANDLE_CHECKED(Object, length_obj, 3); | 951 CONVERT_ARG_HANDLE_CHECKED(Object, length_obj, 3); |
| 946 | 952 |
| 947 ASSERT(holder->GetInternalFieldCount() == | 953 ASSERT(holder->GetInternalFieldCount() == |
| 948 v8::ArrayBufferView::kInternalFieldCount); | 954 v8::ArrayBufferView::kInternalFieldCount); |
| 949 for (int i = 0; i < v8::ArrayBufferView::kInternalFieldCount; i++) { | 955 for (int i = 0; i < v8::ArrayBufferView::kInternalFieldCount; i++) { |
| 950 holder->SetInternalField(i, Smi::FromInt(0)); | 956 holder->SetInternalField(i, Smi::FromInt(0)); |
| 951 } | 957 } |
| 952 | 958 |
| 953 ExternalArrayType array_type = kExternalByteArray; // Bogus initialization. | 959 ExternalArrayType array_type = kExternalByteArray; // Bogus initialization. |
| 954 size_t element_size = 1; // Bogus initialization. | 960 size_t element_size = 1; // Bogus initialization. |
| 955 ArrayIdToTypeAndSize(arrayId, &array_type, &element_size); | 961 ArrayIdToTypeAndSize(arrayId, &array_type, &element_size); |
| 956 | 962 |
| 957 Handle<JSArrayBuffer> buffer = isolate->factory()->NewJSArrayBuffer(); | 963 Handle<JSArrayBuffer> buffer = isolate->factory()->NewJSArrayBuffer(); |
| 958 size_t length = NumberToSize(isolate, *length_obj); | 964 size_t length = NumberToSize(isolate, *length_obj); |
| 959 if (length > (kMaxInt / element_size)) { | 965 |
| 966 if ((length > static_cast<unsigned>(Smi::kMaxValue)) || | |
| 967 (length > (kMaxInt / element_size))) { | |
| 960 return isolate->Throw(*isolate->factory()-> | 968 return isolate->Throw(*isolate->factory()-> |
| 961 NewRangeError("invalid_array_buffer_length", | 969 NewRangeError("invalid_array_buffer_length", |
| 962 HandleVector<Object>(NULL, 0))); | 970 HandleVector<Object>(NULL, 0))); |
| 963 } | 971 } |
| 964 size_t byte_length = length * element_size; | 972 size_t byte_length = length * element_size; |
| 965 | 973 |
| 966 // NOTE: not initializing backing store. | 974 // NOTE: not initializing backing store. |
| 967 // We assume that the caller of this function will initialize holder | 975 // We assume that the caller of this function will initialize holder |
| 968 // with the loop | 976 // with the loop |
| 969 // for(i = 0; i < length; i++) { holder[i] = source[i]; } | 977 // for(i = 0; i < length; i++) { holder[i] = source[i]; } |
| (...skipping 13836 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 14806 ASSERT(arg_count == caller_args->length()); | 14814 ASSERT(arg_count == caller_args->length()); |
| 14807 } | 14815 } |
| 14808 #endif | 14816 #endif |
| 14809 return ArrayConstructorCommon(isolate, | 14817 return ArrayConstructorCommon(isolate, |
| 14810 constructor, | 14818 constructor, |
| 14811 Handle<AllocationSite>::null(), | 14819 Handle<AllocationSite>::null(), |
| 14812 caller_args); | 14820 caller_args); |
| 14813 } | 14821 } |
| 14814 | 14822 |
| 14815 | 14823 |
| 14824 RUNTIME_FUNCTION(MaybeObject*, Runtime_MaxSmi) { | |
| 14825 return Smi::FromInt(Smi::kMaxValue); | |
| 14826 } | |
| 14827 | |
| 14828 | |
| 14816 // ---------------------------------------------------------------------------- | 14829 // ---------------------------------------------------------------------------- |
| 14817 // Implementation of Runtime | 14830 // Implementation of Runtime |
| 14818 | 14831 |
| 14819 #define F(name, number_of_args, result_size) \ | 14832 #define F(name, number_of_args, result_size) \ |
| 14820 { Runtime::k##name, Runtime::RUNTIME, #name, \ | 14833 { Runtime::k##name, Runtime::RUNTIME, #name, \ |
| 14821 FUNCTION_ADDR(Runtime_##name), number_of_args, result_size }, | 14834 FUNCTION_ADDR(Runtime_##name), number_of_args, result_size }, |
| 14822 | 14835 |
| 14823 | 14836 |
| 14824 #define I(name, number_of_args, result_size) \ | 14837 #define I(name, number_of_args, result_size) \ |
| 14825 { Runtime::kInline##name, Runtime::INLINE, \ | 14838 { Runtime::kInline##name, Runtime::INLINE, \ |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 14890 // Handle last resort GC and make sure to allow future allocations | 14903 // Handle last resort GC and make sure to allow future allocations |
| 14891 // to grow the heap without causing GCs (if possible). | 14904 // to grow the heap without causing GCs (if possible). |
| 14892 isolate->counters()->gc_last_resort_from_js()->Increment(); | 14905 isolate->counters()->gc_last_resort_from_js()->Increment(); |
| 14893 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags, | 14906 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags, |
| 14894 "Runtime::PerformGC"); | 14907 "Runtime::PerformGC"); |
| 14895 } | 14908 } |
| 14896 } | 14909 } |
| 14897 | 14910 |
| 14898 | 14911 |
| 14899 } } // namespace v8::internal | 14912 } } // namespace v8::internal |
| OLD | NEW |
