[runtime] Add Arguments::positive_smi_value_at(int index) helper
Drive-by-fix: - Use explicit casts to HeapNumber in NumberToXXX methods Bug: v8:11263 Change-Id: If99af3ccee33a299d9f42cd39b87b6935a555f83 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3512618 Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#79438}
This commit is contained in:
Camillo Bruni
V8 LUCI CQ
parent
5912d63ad9
commit
d876064c79
@ -31,6 +31,13 @@ int Arguments<T>::smi_value_at(int index) const {
|
||||
return value;
|
||||
}
|
||||
|
||||
template <ArgumentsType T>
|
||||
uint32_t Arguments<T>::positive_smi_value_at(int index) const {
|
||||
int value = smi_value_at(index);
|
||||
DCHECK_LE(0, value);
|
||||
return value;
|
||||
}
|
||||
|
||||
template <ArgumentsType T>
|
||||
int Arguments<T>::tagged_index_value_at(int index) const {
|
||||
return static_cast<int>(TaggedIndex::cast((*this)[index]).value());
|
||||
|
||||
@ -59,6 +59,7 @@ class Arguments {
|
||||
V8_INLINE Handle<S> at(int index) const;
|
||||
|
||||
V8_INLINE int smi_value_at(int index) const;
|
||||
V8_INLINE uint32_t positive_smi_value_at(int index) const;
|
||||
|
||||
V8_INLINE int tagged_index_value_at(int index) const;
|
||||
|
||||
|
||||
@ -193,12 +193,12 @@ bool DoubleToUint32IfEqualToSelf(double value, uint32_t* uint32_value) {
|
||||
|
||||
int32_t NumberToInt32(Object number) {
|
||||
if (number.IsSmi()) return Smi::ToInt(number);
|
||||
return DoubleToInt32(number.Number());
|
||||
return DoubleToInt32(HeapNumber::cast(number).value());
|
||||
}
|
||||
|
||||
uint32_t NumberToUint32(Object number) {
|
||||
if (number.IsSmi()) return Smi::ToInt(number);
|
||||
return DoubleToUint32(number.Number());
|
||||
return DoubleToUint32(HeapNumber::cast(number).value());
|
||||
}
|
||||
|
||||
uint32_t PositiveNumberToUint32(Object number) {
|
||||
@ -207,8 +207,7 @@ uint32_t PositiveNumberToUint32(Object number) {
|
||||
if (value <= 0) return 0;
|
||||
return value;
|
||||
}
|
||||
DCHECK(number.IsHeapNumber());
|
||||
double value = number.Number();
|
||||
double value = HeapNumber::cast(number).value();
|
||||
// Catch all values smaller than 1 and use the double-negation trick for NANs.
|
||||
if (!(value >= 1)) return 0;
|
||||
uint32_t max = std::numeric_limits<uint32_t>::max();
|
||||
@ -218,7 +217,7 @@ uint32_t PositiveNumberToUint32(Object number) {
|
||||
|
||||
int64_t NumberToInt64(Object number) {
|
||||
if (number.IsSmi()) return Smi::ToInt(number);
|
||||
double d = number.Number();
|
||||
double d = HeapNumber::cast(number).value();
|
||||
if (std::isnan(d)) return 0;
|
||||
if (d >= static_cast<double>(std::numeric_limits<int64_t>::max())) {
|
||||
return std::numeric_limits<int64_t>::max();
|
||||
@ -235,8 +234,7 @@ uint64_t PositiveNumberToUint64(Object number) {
|
||||
if (value <= 0) return 0;
|
||||
return value;
|
||||
}
|
||||
DCHECK(number.IsHeapNumber());
|
||||
double value = number.Number();
|
||||
double value = HeapNumber::cast(number).value();
|
||||
// Catch all values smaller than 1 and use the double-negation trick for NANs.
|
||||
if (!(value >= 1)) return 0;
|
||||
uint64_t max = std::numeric_limits<uint64_t>::max();
|
||||
@ -257,7 +255,6 @@ bool TryNumberToSize(Object number, size_t* result) {
|
||||
}
|
||||
return false;
|
||||
} else {
|
||||
DCHECK(number.IsHeapNumber());
|
||||
double value = HeapNumber::cast(number).value();
|
||||
// If value is compared directly to the limit, the limit will be
|
||||
// casted to a double and could end up as limit + 1,
|
||||
|
||||
@ -330,8 +330,7 @@ RUNTIME_FUNCTION(Runtime_StackGuard) {
|
||||
RUNTIME_FUNCTION(Runtime_StackGuardWithGap) {
|
||||
SealHandleScope shs(isolate);
|
||||
DCHECK_EQ(args.length(), 1);
|
||||
uint32_t gap = 0;
|
||||
CHECK(args[0].ToUint32(&gap));
|
||||
uint32_t gap = args.positive_smi_value_at(0);
|
||||
TRACE_EVENT0("v8.execute", "V8.StackGuard");
|
||||
|
||||
// First check if this is a real stack overflow.
|
||||
|
||||
@ -1508,8 +1508,7 @@ RUNTIME_FUNCTION(Runtime_NewRegExpWithBacktrackLimit) {
|
||||
|
||||
Handle<String> pattern = args.at<String>(0);
|
||||
Handle<String> flags_string = args.at<String>(1);
|
||||
uint32_t backtrack_limit = 0;
|
||||
CHECK(args[2].ToUint32(&backtrack_limit));
|
||||
uint32_t backtrack_limit = args.positive_smi_value_at(2);
|
||||
|
||||
JSRegExp::Flags flags =
|
||||
JSRegExp::FlagsFromString(isolate, flags_string).value();
|
||||
|
||||
@ -133,8 +133,7 @@ RUNTIME_FUNCTION(Runtime_WasmMemoryGrow) {
|
||||
Handle<WasmInstanceObject> instance = args.at<WasmInstanceObject>(0);
|
||||
// {delta_pages} is checked to be a positive smi in the WasmMemoryGrow builtin
|
||||
// which calls this runtime function.
|
||||
uint32_t delta_pages = 0;
|
||||
CHECK(args[1].ToUint32(&delta_pages));
|
||||
uint32_t delta_pages = args.positive_smi_value_at(1);
|
||||
|
||||
int ret = WasmMemoryObject::Grow(
|
||||
isolate, handle(instance->memory_object(), isolate), delta_pages);
|
||||
@ -405,8 +404,7 @@ RUNTIME_FUNCTION(Runtime_WasmRefFunc) {
|
||||
HandleScope scope(isolate);
|
||||
DCHECK_EQ(2, args.length());
|
||||
Handle<WasmInstanceObject> instance = args.at<WasmInstanceObject>(0);
|
||||
uint32_t function_index = 0;
|
||||
CHECK(args[1].ToUint32(&function_index));
|
||||
uint32_t function_index = args.positive_smi_value_at(1);
|
||||
|
||||
return *WasmInstanceObject::GetOrCreateWasmInternalFunction(isolate, instance,
|
||||
function_index);
|
||||
@ -417,10 +415,8 @@ RUNTIME_FUNCTION(Runtime_WasmFunctionTableGet) {
|
||||
HandleScope scope(isolate);
|
||||
DCHECK_EQ(3, args.length());
|
||||
Handle<WasmInstanceObject> instance = args.at<WasmInstanceObject>(0);
|
||||
uint32_t table_index = 0;
|
||||
CHECK(args[1].ToUint32(&table_index));
|
||||
uint32_t entry_index = 0;
|
||||
CHECK(args[2].ToUint32(&entry_index));
|
||||
uint32_t table_index = args.positive_smi_value_at(1);
|
||||
uint32_t entry_index = args.positive_smi_value_at(2);
|
||||
DCHECK_LT(table_index, instance->tables().length());
|
||||
auto table = handle(
|
||||
WasmTableObject::cast(instance->tables().get(table_index)), isolate);
|
||||
@ -443,10 +439,8 @@ RUNTIME_FUNCTION(Runtime_WasmFunctionTableSet) {
|
||||
HandleScope scope(isolate);
|
||||
DCHECK_EQ(4, args.length());
|
||||
Handle<WasmInstanceObject> instance = args.at<WasmInstanceObject>(0);
|
||||
uint32_t table_index = 0;
|
||||
CHECK(args[1].ToUint32(&table_index));
|
||||
uint32_t entry_index = 0;
|
||||
CHECK(args[2].ToUint32(&entry_index));
|
||||
uint32_t table_index = args.positive_smi_value_at(1);
|
||||
uint32_t entry_index = args.positive_smi_value_at(2);
|
||||
Object element_raw = args[3];
|
||||
// TODO(wasm): Manually box because parameters are not visited yet.
|
||||
Handle<Object> element(element_raw, isolate);
|
||||
@ -472,19 +466,14 @@ RUNTIME_FUNCTION(Runtime_WasmTableInit) {
|
||||
HandleScope scope(isolate);
|
||||
DCHECK_EQ(6, args.length());
|
||||
Handle<WasmInstanceObject> instance = args.at<WasmInstanceObject>(0);
|
||||
uint32_t table_index = 0;
|
||||
CHECK(args[1].ToUint32(&table_index));
|
||||
uint32_t elem_segment_index = 0;
|
||||
CHECK(args[2].ToUint32(&elem_segment_index));
|
||||
uint32_t table_index = args.positive_smi_value_at(1);
|
||||
uint32_t elem_segment_index = args.positive_smi_value_at(2);
|
||||
static_assert(
|
||||
wasm::kV8MaxWasmTableSize < kSmiMaxValue,
|
||||
"Make sure clamping to Smi range doesn't make an invalid call valid");
|
||||
uint32_t dst = 0;
|
||||
CHECK(args[3].ToUint32(&dst));
|
||||
uint32_t src = 0;
|
||||
CHECK(args[4].ToUint32(&src));
|
||||
uint32_t count = 0;
|
||||
CHECK(args[5].ToUint32(&count));
|
||||
uint32_t dst = args.positive_smi_value_at(3);
|
||||
uint32_t src = args.positive_smi_value_at(4);
|
||||
uint32_t count = args.positive_smi_value_at(5);
|
||||
|
||||
DCHECK(!isolate->context().is_null());
|
||||
|
||||
@ -499,19 +488,14 @@ RUNTIME_FUNCTION(Runtime_WasmTableCopy) {
|
||||
HandleScope scope(isolate);
|
||||
DCHECK_EQ(6, args.length());
|
||||
Handle<WasmInstanceObject> instance = args.at<WasmInstanceObject>(0);
|
||||
uint32_t table_dst_index = 0;
|
||||
CHECK(args[1].ToUint32(&table_dst_index));
|
||||
uint32_t table_src_index = 0;
|
||||
CHECK(args[2].ToUint32(&table_src_index));
|
||||
uint32_t table_dst_index = args.positive_smi_value_at(1);
|
||||
uint32_t table_src_index = args.positive_smi_value_at(2);
|
||||
static_assert(
|
||||
wasm::kV8MaxWasmTableSize < kSmiMaxValue,
|
||||
"Make sure clamping to Smi range doesn't make an invalid call valid");
|
||||
uint32_t dst = 0;
|
||||
CHECK(args[3].ToUint32(&dst));
|
||||
uint32_t src = 0;
|
||||
CHECK(args[4].ToUint32(&src));
|
||||
uint32_t count = 0;
|
||||
CHECK(args[5].ToUint32(&count));
|
||||
uint32_t dst = args.positive_smi_value_at(3);
|
||||
uint32_t src = args.positive_smi_value_at(4);
|
||||
uint32_t count = args.positive_smi_value_at(5);
|
||||
|
||||
DCHECK(!isolate->context().is_null());
|
||||
|
||||
@ -526,13 +510,11 @@ RUNTIME_FUNCTION(Runtime_WasmTableGrow) {
|
||||
HandleScope scope(isolate);
|
||||
DCHECK_EQ(4, args.length());
|
||||
Handle<WasmInstanceObject> instance = args.at<WasmInstanceObject>(0);
|
||||
uint32_t table_index = 0;
|
||||
CHECK(args[1].ToUint32(&table_index));
|
||||
uint32_t table_index = args.positive_smi_value_at(1);
|
||||
Object value_raw = args[2];
|
||||
// TODO(wasm): Manually box because parameters are not visited yet.
|
||||
Handle<Object> value(value_raw, isolate);
|
||||
uint32_t delta = 0;
|
||||
CHECK(args[3].ToUint32(&delta));
|
||||
uint32_t delta = args.positive_smi_value_at(3);
|
||||
|
||||
Handle<WasmTableObject> table(
|
||||
WasmTableObject::cast(instance->tables().get(table_index)), isolate);
|
||||
@ -546,15 +528,12 @@ RUNTIME_FUNCTION(Runtime_WasmTableFill) {
|
||||
HandleScope scope(isolate);
|
||||
DCHECK_EQ(5, args.length());
|
||||
Handle<WasmInstanceObject> instance = args.at<WasmInstanceObject>(0);
|
||||
uint32_t table_index = 0;
|
||||
CHECK(args[1].ToUint32(&table_index));
|
||||
uint32_t start = 0;
|
||||
CHECK(args[2].ToUint32(&start));
|
||||
uint32_t table_index = args.positive_smi_value_at(1);
|
||||
uint32_t start = args.positive_smi_value_at(2);
|
||||
Object value_raw = args[3];
|
||||
// TODO(wasm): Manually box because parameters are not visited yet.
|
||||
Handle<Object> value(value_raw, isolate);
|
||||
uint32_t count = 0;
|
||||
CHECK(args[4].ToUint32(&count));
|
||||
uint32_t count = args.positive_smi_value_at(4);
|
||||
|
||||
Handle<WasmTableObject> table(
|
||||
WasmTableObject::cast(instance->tables().get(table_index)), isolate);
|
||||
@ -676,13 +655,10 @@ RUNTIME_FUNCTION(Runtime_WasmArrayCopy) {
|
||||
HandleScope scope(isolate);
|
||||
DCHECK_EQ(5, args.length());
|
||||
Handle<WasmArray> dst_array = args.at<WasmArray>(0);
|
||||
uint32_t dst_index = 0;
|
||||
CHECK(args[1].ToUint32(&dst_index));
|
||||
uint32_t dst_index = args.positive_smi_value_at(1);
|
||||
Handle<WasmArray> src_array = args.at<WasmArray>(2);
|
||||
uint32_t src_index = 0;
|
||||
CHECK(args[3].ToUint32(&src_index));
|
||||
uint32_t length = 0;
|
||||
CHECK(args[4].ToUint32(&length));
|
||||
uint32_t src_index = args.positive_smi_value_at(3);
|
||||
uint32_t length = args.positive_smi_value_at(4);
|
||||
DCHECK_GT(length, 0);
|
||||
bool overlapping_ranges =
|
||||
dst_array->ptr() == src_array->ptr() &&
|
||||
@ -722,12 +698,9 @@ RUNTIME_FUNCTION(Runtime_WasmArrayInitFromData) {
|
||||
HandleScope scope(isolate);
|
||||
DCHECK_EQ(5, args.length());
|
||||
Handle<WasmInstanceObject> instance = args.at<WasmInstanceObject>(0);
|
||||
uint32_t data_segment = 0;
|
||||
CHECK(args[1].ToUint32(&data_segment));
|
||||
uint32_t offset = 0;
|
||||
CHECK(args[2].ToUint32(&offset));
|
||||
uint32_t length = 0;
|
||||
CHECK(args[3].ToUint32(&length));
|
||||
uint32_t data_segment = args.positive_smi_value_at(1);
|
||||
uint32_t offset = args.positive_smi_value_at(2);
|
||||
uint32_t length = args.positive_smi_value_at(3);
|
||||
Handle<Map> rtt = args.at<Map>(4);
|
||||
uint32_t element_size = WasmArray::DecodeElementSizeFromMap(*rtt);
|
||||
uint32_t length_in_bytes = length * element_size;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user