[v8-dev] Fix double to integer conversions in runtime string indexing. (issue2577001)

Thu, 03 Jun 2010 04:05:31 -0700 

Reviewers: Mads Ager,

Description:
Fix double to integer conversions in runtime string indexing.

Please review this at http://codereview.chromium.org/2577001/show

Affected files:
  M src/runtime.cc
  M test/mjsunit/string-charat.js


Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index 80e67cc87585ce206e5ff200e0ea3a53c1240534..50a29c24f9770d31d8258cda9cf782bf722daada 100644 
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -1665,7 +1665,7 @@ static Object* Runtime_StringCharCodeAt(Arguments args) { 
   } else {
     ASSERT(index->IsHeapNumber());
     double value = HeapNumber::cast(index)->value();
-    i = static_cast<uint32_t>(value);
+    i = static_cast<uint32_t>(DoubleToInteger(value));
   }

   // Flatten the string.  If someone wants to get a char at an index
Index: test/mjsunit/string-charat.js
diff --git a/test/mjsunit/string-charat.js b/test/mjsunit/string-charat.js
index 99afb75c1e62f2b044cb149e616e8123a34e140d..5ce4e89473b52ae3826943c0515e9119e2694cc0 100644 
--- a/test/mjsunit/string-charat.js
+++ b/test/mjsunit/string-charat.js
@@ -48,6 +48,7 @@ function basicTest(s, len) {
   assertEquals("", s().charAt(-1/0));
   assertEquals("t", s().charAt(0));
   assertEquals("t", s().charAt(-0.0));
+  assertEquals("t", s().charAt(-0.1));
   assertEquals("t", s().charAt(0.4));
   assertEquals("e", s().charAt(slowIndex1));
   assertEquals("s", s().charAt(slowIndex2));
@@ -63,6 +64,7 @@ function basicTest(s, len) {
   assertEquals(101, s().charCodeAt(true));
   assertEquals(116, s().charCodeAt(0));
   assertEquals(116, s().charCodeAt(-0.0));
+  assertEquals(116, s().charCodeAt(-0.1));
   assertEquals(116, s().charCodeAt(0.4));
   assertEquals(101, s().charCodeAt(slowIndex1));
   assertEquals(115, s().charCodeAt(slowIndex2));


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to