[v8-dev] Fix test for overflow in memory allocation Failure payload. (issue661076)

Thu, 25 Feb 2010 04:21:20 -0800 

Reviewers: Søren Gjesse,

Message:
Small review.

Description:
Fix test for overflow in memory allocation Failure payload.
It bailed out too early, and could give a DEBUG assertion failure due
to right shift being artihmetic. Changed values to unsigned to be safe.

Please review this at http://codereview.chromium.org/661076

Affected files:
  M src/objects-inl.h


Index: src/objects-inl.h
diff --git a/src/objects-inl.h b/src/objects-inl.h
index 455a84c8d0747a098841270b4f7db3f4bfb3bf51..274fc76bab5f671927b194270d872d2aac41be1f 100644 
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -840,15 +840,17 @@ Failure* Failure::OutOfMemoryException() {


 intptr_t Failure::value() const {
-  return reinterpret_cast<intptr_t>(this) >> kFailureTagSize;
+  return static_cast<intptr_t>(
+      reinterpret_cast<uintptr_t>(this) >> kFailureTagSize);
 }


 Failure* Failure::RetryAfterGC(int requested_bytes) {
// Assert that the space encoding fits in the three bytes allotted for it. 
   ASSERT((LAST_SPACE & ~kSpaceTagMask) == 0);
-  intptr_t requested = requested_bytes >> kObjectAlignmentBits;
-  int tag_bits = kSpaceTagSize + kFailureTypeTagSize;
+  uintptr_t requested =
+      static_cast<uintptr_t>(requested_bytes >> kObjectAlignmentBits);
+  int tag_bits = kSpaceTagSize + kFailureTypeTagSize + kFailureTagSize;
   if (((requested << tag_bits) >> tag_bits) != requested) {
     // No room for entire requested size in the bits. Round down to
     // maximally representable size.
@@ -861,7 +863,8 @@ Failure* Failure::RetryAfterGC(int requested_bytes) {


 Failure* Failure::Construct(Type type, intptr_t value) {
- intptr_t info = (static_cast<intptr_t>(value) << kFailureTypeTagSize) | type; 
+  uintptr_t info =
+      (static_cast<uintptr_t>(value) << kFailureTypeTagSize) | type;
   ASSERT(((info << kFailureTagSize) >> kFailureTagSize) == info);
return reinterpret_cast<Failure*>((info << kFailureTagSize) | kFailureTag); 
 }


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to