[rab/gsab] Fix API functions to handle RAB / GSAB correctly

Bug: v8:11111 Change-Id: Ibc95e34c807b8e9d7ba2c7ffb2d7c7bffc6829e4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4081129 Auto-Submit: Marja Hölttä <marja@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#84675}
2022-12-06 09:26:38 +01:00 · 2022-12-06 09:26:38 +01:00 · 4b565358d6
commit 4b565358d6
parent 2d51120a9d
4 changed files with 29 additions and 6 deletions
--- a/src/api/api.cc
+++ b/src/api/api.cc
@ -8260,7 +8260,7 @@ void v8::ArrayBuffer::SetDetachKey(v8::Local<v8::Value> key) {

 size_t v8::ArrayBuffer::ByteLength() const {
  i::Handle<i::JSArrayBuffer> obj = Utils::OpenHandle(this);
-  return obj->byte_length();
+  return obj->GetByteLength();
 }

 Local<ArrayBuffer> v8::ArrayBuffer::New(Isolate* v8_isolate,
@ -8386,13 +8386,21 @@ size_t v8::ArrayBufferView::ByteOffset() {
 }

 size_t v8::ArrayBufferView::ByteLength() {
-  i::Handle<i::JSArrayBufferView> obj = Utils::OpenHandle(this);
-  return obj->WasDetached() ? 0 : obj->byte_length();
+  i::DisallowGarbageCollection no_gc;
+  i::JSArrayBufferView obj = *Utils::OpenHandle(this);
+  if (obj.WasDetached()) {
+    return 0;
+  }
+  if (obj.IsJSTypedArray()) {
+    return i::JSTypedArray::cast(obj).GetByteLength();
+  }
+  return i::JSDataView::cast(obj).GetByteLength();
 }

 size_t v8::TypedArray::Length() {
-  i::Handle<i::JSTypedArray> obj = Utils::OpenHandle(this);
-  return obj->WasDetached() ? 0 : obj->length();
+  i::DisallowGarbageCollection no_gc;
+  i::JSTypedArray obj = *Utils::OpenHandle(this);
+  return obj.WasDetached() ? 0 : obj.GetLength();
 }

 static_assert(
@ -8467,7 +8475,7 @@ Local<DataView> DataView::New(Local<SharedArrayBuffer> shared_array_buffer,

 size_t v8::SharedArrayBuffer::ByteLength() const {
  i::Handle<i::JSArrayBuffer> obj = Utils::OpenHandle(this);
-  return obj->byte_length();
+  return obj->GetByteLength();
 }

 Local<SharedArrayBuffer> v8::SharedArrayBuffer::New(Isolate* v8_isolate,
--- a/src/diagnostics/objects-printer.cc
+++ b/src/diagnostics/objects-printer.cc
@ -1597,6 +1597,8 @@ void JSDataView::JSDataViewPrint(std::ostream& os) {
  os << "\n - buffer =" << Brief(buffer());
  os << "\n - byte_offset: " << byte_offset();
  os << "\n - byte_length: " << byte_length();
+  if (is_length_tracking()) os << "\n - length-tracking";
+  if (is_backed_by_rab()) os << "\n - backed-by-rab";
  if (!buffer().IsJSArrayBuffer()) {
    os << "\n <invalid buffer>";
    return;
--- a/src/objects/js-array-buffer-inl.h
+++ b/src/objects/js-array-buffer-inl.h
@ -395,6 +395,18 @@ void JSDataView::set_data_pointer(Isolate* isolate, void* ptr) {
  WriteSandboxedPointerField(kDataPointerOffset, isolate, value);
 }

+size_t JSDataView::GetByteLength() const {
+  if (IsOutOfBounds()) {
+    return 0;
+  }
+  if (is_length_tracking()) {
+    // Invariant: byte_length of length tracking DataViews is 0.
+    DCHECK_EQ(0, byte_length());
+    return buffer().GetByteLength() - byte_offset();
+  }
+  return byte_length();
+}
+
 bool JSDataView::IsOutOfBounds() const {
  if (!is_backed_by_rab()) {
    return false;
--- a/src/objects/js-array-buffer.h
+++ b/src/objects/js-array-buffer.h
@ -419,6 +419,7 @@ class JSDataView
  DECL_PRINTER(JSDataView)
  DECL_VERIFIER(JSDataView)

+  inline size_t GetByteLength() const;
  inline bool IsOutOfBounds() const;

  // TODO(v8:9287): Re-enable when GCMole stops mixing 32/64 bit configs.