On 2015/06/26 15:26:07, adamk wrote:
On 2015/06/26 15:19:58, arv wrote:
> On 2015/06/26 15:15:35, adamk wrote:
> > Thinking about this a bit more, I'm not sure how useful this is.
> Bounds-checking
> > here only solves the first-order problem. If the object pulled out
of the
> > FixedArray isn't either a JS primitive or some kind of JSObject, all
bets
are
> > off after this point.
>
> Yeah, it is not clear that we need to do this? Do we generally guard
runtime
> functions from invalid input?
Historically, yes (that's what the "CHECKED" in all the
CONVERT_.*_CHECKED()
macros are about). But I'm thinking it makes little sense here.
This already CHECK-fails in debug mode. I'll push back on the bug.
Yes, I totally see your point here. And with these low-level intrinsics we
will
have a hard time of turning all invariants into RUNTIME_CHECKS, instead of
DCHECKS somewhere deep within V8. I don't have an answer on how to solve
that,
but I agree that our current strategy might probably need to change.
https://codereview.chromium.org/1218503002/
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
