Revision: 3948
Author: [email protected]
Date: Thu Feb 25 04:28:35 2010
Log: Fix test for overflow in memory allocation Failure payload.
It bailed out too early, and could give a DEBUG assertion failure due
to right shift being artihmetic. Changed values to unsigned to be safe.
Review URL: http://codereview.chromium.org/661076
http://code.google.com/p/v8/source/detail?r=3948
Modified:
/branches/bleeding_edge/src/objects-inl.h
=======================================
--- /branches/bleeding_edge/src/objects-inl.h Thu Feb 18 09:30:32 2010
+++ /branches/bleeding_edge/src/objects-inl.h Thu Feb 25 04:28:35 2010
@@ -840,15 +840,17 @@
intptr_t Failure::value() const {
- return reinterpret_cast<intptr_t>(this) >> kFailureTagSize;
+ return static_cast<intptr_t>(
+ reinterpret_cast<uintptr_t>(this) >> kFailureTagSize);
}
Failure* Failure::RetryAfterGC(int requested_bytes) {
// Assert that the space encoding fits in the three bytes allotted for
it.
ASSERT((LAST_SPACE & ~kSpaceTagMask) == 0);
- intptr_t requested = requested_bytes >> kObjectAlignmentBits;
- int tag_bits = kSpaceTagSize + kFailureTypeTagSize;
+ uintptr_t requested =
+ static_cast<uintptr_t>(requested_bytes >> kObjectAlignmentBits);
+ int tag_bits = kSpaceTagSize + kFailureTypeTagSize + kFailureTagSize;
if (((requested << tag_bits) >> tag_bits) != requested) {
// No room for entire requested size in the bits. Round down to
// maximally representable size.
@@ -861,7 +863,8 @@
Failure* Failure::Construct(Type type, intptr_t value) {
- intptr_t info = (static_cast<intptr_t>(value) << kFailureTypeTagSize) |
type;
+ uintptr_t info =
+ (static_cast<uintptr_t>(value) << kFailureTypeTagSize) | type;
ASSERT(((info << kFailureTagSize) >> kFailureTagSize) == info);
return reinterpret_cast<Failure*>((info << kFailureTagSize) |
kFailureTag);
}
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
