Revision: 19862
Author: [email protected]
Date: Wed Mar 12 19:25:40 2014 UTC
Log: Use intrinsics for builtin ArrayBuffer property accesses
BUG=chromium:351787
LOG=y
[email protected]
Review URL: https://codereview.chromium.org/197793003
http://code.google.com/p/v8/source/detail?r=19862
Added:
/branches/bleeding_edge/test/mjsunit/regress/regress-crbug-351787.js
Modified:
/branches/bleeding_edge/src/arraybuffer.js
/branches/bleeding_edge/src/runtime.cc
/branches/bleeding_edge/src/typedarray.js
=======================================
--- /dev/null
+++ /branches/bleeding_edge/test/mjsunit/regress/regress-crbug-351787.js
Wed Mar 12 19:25:40 2014 UTC
@@ -0,0 +1,42 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+var ab1 = new ArrayBuffer(8);
+ab1.__defineGetter__("byteLength", function() { return 1000000; });
+var ab2 = ab1.slice(800000, 900000);
+var array = new Uint8Array(ab2);
+for (var i = 0; i < array.length; i++) {
+ assertEquals(0, array[i]);
+}
+assertEquals(0, array.length);
+
+
+var ab3 = new ArrayBuffer(8);
+ab3.__defineGetter__("byteLength", function() { return 0xFFFFFFFC; });
+var aaa = new DataView(ab3);
+
+for (var i = 10; i < aaa.length; i++) {
+ aaa.setInt8(i, 0xcc);
+}
+assertEquals(8, aaa.byteLength);
+
+
+var a = new Int8Array(4);
+a.__defineGetter__("length", function() { return 0xFFFF; });
+var b = new Int8Array(a);
+for (var i = 0; i < b.length; i++) {
+ assertEquals(0, b[i]);
+}
+
+
+var ab4 = new ArrayBuffer(8);
+ab4.__defineGetter__("byteLength", function() { return 0xFFFFFFFC; });
+var aaaa = new Uint32Array(ab4);
+
+for (var i = 10; i < aaaa.length; i++) {
+ aaaa[i] = 0xcccccccc;
+}
+assertEquals(2, aaaa.length);
=======================================
--- /branches/bleeding_edge/src/arraybuffer.js Fri Nov 22 13:50:39 2013 UTC
+++ /branches/bleeding_edge/src/arraybuffer.js Wed Mar 12 19:25:40 2014 UTC
@@ -57,17 +57,18 @@
var relativeStart = TO_INTEGER(start);
var first;
+ var byte_length = %ArrayBufferGetByteLength(this);
if (relativeStart < 0) {
- first = MathMax(this.byteLength + relativeStart, 0);
+ first = MathMax(byte_length + relativeStart, 0);
} else {
- first = MathMin(relativeStart, this.byteLength);
+ first = MathMin(relativeStart, byte_length);
}
- var relativeEnd = IS_UNDEFINED(end) ? this.byteLength : TO_INTEGER(end);
+ var relativeEnd = IS_UNDEFINED(end) ? byte_length : TO_INTEGER(end);
var fin;
if (relativeEnd < 0) {
- fin = MathMax(this.byteLength + relativeEnd, 0);
+ fin = MathMax(byte_length + relativeEnd, 0);
} else {
- fin = MathMin(relativeEnd, this.byteLength);
+ fin = MathMin(relativeEnd, byte_length);
}
if (fin < first) {
=======================================
--- /branches/bleeding_edge/src/runtime.cc Wed Mar 12 13:42:18 2014 UTC
+++ /branches/bleeding_edge/src/runtime.cc Wed Mar 12 19:25:40 2014 UTC
@@ -952,6 +952,10 @@
Runtime::ArrayIdToTypeAndSize(arrayId, &array_type, &element_size);
Handle<JSArrayBuffer> buffer = isolate->factory()->NewJSArrayBuffer();
+ if (source->IsJSTypedArray() &&
+ JSTypedArray::cast(*source)->type() == array_type) {
+ length_obj = Handle<Object>(JSTypedArray::cast(*source)->length(),
isolate);
+ }
size_t length = NumberToSize(isolate, *length_obj);
if ((length > static_cast<unsigned>(Smi::kMaxValue)) ||
=======================================
--- /branches/bleeding_edge/src/typedarray.js Fri Feb 14 09:33:03 2014 UTC
+++ /branches/bleeding_edge/src/typedarray.js Wed Mar 12 19:25:40 2014 UTC
@@ -49,7 +49,7 @@
macro TYPED_ARRAY_CONSTRUCTOR(ARRAY_ID, NAME, ELEMENT_SIZE)
function NAMEConstructByArrayBuffer(obj, buffer, byteOffset, length) {
- var bufferByteLength = buffer.byteLength;
+ var bufferByteLength = %ArrayBufferGetByteLength(buffer);
var offset;
if (IS_UNDEFINED(byteOffset)) {
offset = 0;
@@ -317,7 +317,7 @@
if (!IS_ARRAYBUFFER(buffer)) {
throw MakeTypeError('data_view_not_array_buffer', []);
}
- var bufferByteLength = buffer.byteLength;
+ var bufferByteLength = %ArrayBufferGetByteLength(buffer);
var offset = IS_UNDEFINED(byteOffset) ?
0 : ToPositiveInteger(byteOffset, 'invalid_data_view_offset');
if (offset > bufferByteLength) {
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
