Reviewers: Dmitry Lomov (chromium),
Message:
PTAL.
Description:
Harden yet more runtime functions
Please review this at https://codereview.chromium.org/270273005/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+54, -28 lines):
M src/debug.h
M src/debug.cc
M src/liveedit.h
M src/runtime.cc
Index: src/debug.cc
diff --git a/src/debug.cc b/src/debug.cc
index
3ecf8bada73ee24de75b07fadabd801c075b0299..6ec7ad695bb3a6cd1836dfa4bef742d34bd31049
100644
--- a/src/debug.cc
+++ b/src/debug.cc
@@ -1108,7 +1108,7 @@ Handle<DebugInfo>
Debug::GetDebugInfo(Handle<SharedFunctionInfo> shared) {
}
-void Debug::SetBreakPoint(Handle<JSFunction> function,
+bool Debug::SetBreakPoint(Handle<JSFunction> function,
Handle<Object> break_point_object,
int* source_position) {
HandleScope scope(isolate_);
@@ -1119,7 +1119,7 @@ void Debug::SetBreakPoint(Handle<JSFunction> function,
Handle<SharedFunctionInfo> shared(function->shared());
if (!EnsureDebugInfo(shared, function)) {
// Return if retrieving debug info failed.
- return;
+ return true;
}
Handle<DebugInfo> debug_info = GetDebugInfo(shared);
@@ -1134,7 +1134,7 @@ void Debug::SetBreakPoint(Handle<JSFunction> function,
*source_position = it.position();
// At least one active break point now.
- ASSERT(debug_info->GetBreakPointCount() > 0);
+ return debug_info->GetBreakPointCount() > 0;
}
Index: src/debug.h
diff --git a/src/debug.h b/src/debug.h
index
457a5fad84bdde552813d7b30ee00b0e64795031..4d7b5c3c55b1b8915a229bc4d13a318077b5e0f9
100644
--- a/src/debug.h
+++ b/src/debug.h
@@ -219,7 +219,7 @@ class Debug {
void PreemptionWhileInDebugger();
Object* Break(Arguments args);
- void SetBreakPoint(Handle<JSFunction> function,
+ bool SetBreakPoint(Handle<JSFunction> function,
Handle<Object> break_point_object,
int* source_position);
bool SetBreakPointForScript(Handle<Script> script,
Index: src/liveedit.h
diff --git a/src/liveedit.h b/src/liveedit.h
index
5be63ac0a12618039fc1b2a68544a78481c064d8..f0b9dbfe45ae8717e89f3386747a2ce687384ea9
100644
--- a/src/liveedit.h
+++ b/src/liveedit.h
@@ -278,9 +278,12 @@ class FunctionInfoWrapper : public
JSArrayBasedStruct<FunctionInfoWrapper> {
class SharedInfoWrapper : public JSArrayBasedStruct<SharedInfoWrapper> {
public:
static bool IsInstance(Handle<JSArray> array) {
- return array->length() == Smi::FromInt(kSize_) &&
- Object::GetElement(array->GetIsolate(), array, kSharedInfoOffset_)
- .ToHandleChecked()->IsJSValue();
+ if (array->length() != Smi::FromInt(kSize_)) return false;
+ Isolate* iso = array->GetIsolate();
+ Handle<Object> element(
+ Object::GetElement(iso, array,
kSharedInfoOffset_).ToHandleChecked());
+ if (!element->IsJSValue()) return false;
+ return Handle<JSValue>::cast(element)->value()->IsSharedFunctionInfo();
}
explicit SharedInfoWrapper(Handle<JSArray> array)
Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index
b82d377f71fda4040cdcb5784c0f14744a64f42b..cf5d62872470cff7e2c170bb1031a907e0350789
100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -978,6 +978,8 @@ RUNTIME_FUNCTION(Runtime_TypedArrayInitialize) {
&fixed_elements_kind,
&element_size);
+ RUNTIME_ASSERT(holder->map()->elements_kind() == fixed_elements_kind);
+
size_t byte_offset = 0;
size_t byte_length = 0;
RUNTIME_ASSERT(TryNumberToSize(isolate, *byte_offset_object,
&byte_offset));
@@ -986,7 +988,7 @@ RUNTIME_FUNCTION(Runtime_TypedArrayInitialize) {
holder->set_byte_offset(*byte_offset_object);
holder->set_byte_length(*byte_length_object);
- CHECK_EQ(0, static_cast<int>(byte_length % element_size));
+ RUNTIME_ASSERT(0 == static_cast<int>(byte_length % element_size));
size_t length = byte_length / element_size;
if (length > static_cast<unsigned>(Smi::kMaxValue)) {
@@ -1062,6 +1064,8 @@
RUNTIME_FUNCTION(Runtime_TypedArrayInitializeFromArrayLike) {
&fixed_elements_kind,
&element_size);
+ RUNTIME_ASSERT(holder->map()->elements_kind() == fixed_elements_kind);
+
Handle<JSArrayBuffer> buffer = isolate->factory()->NewJSArrayBuffer();
if (source->IsJSTypedArray() &&
JSTypedArray::cast(*source)->type() == array_type) {
@@ -1739,6 +1743,7 @@ RUNTIME_FUNCTION(Runtime_WeakCollectionGet) {
CONVERT_ARG_HANDLE_CHECKED(Object, key, 1);
Handle<ObjectHashTable> table(
ObjectHashTable::cast(weak_collection->table()));
+ RUNTIME_ASSERT(table->IsKey(*key));
Handle<Object> lookup(table->Lookup(key), isolate);
return lookup->IsTheHole() ? isolate->heap()->undefined_value() :
*lookup;
}
@@ -1751,6 +1756,7 @@ RUNTIME_FUNCTION(Runtime_WeakCollectionHas) {
CONVERT_ARG_HANDLE_CHECKED(Object, key, 1);
Handle<ObjectHashTable> table(
ObjectHashTable::cast(weak_collection->table()));
+ RUNTIME_ASSERT(table->IsKey(*key));
Handle<Object> lookup(table->Lookup(key), isolate);
return isolate->heap()->ToBoolean(!lookup->IsTheHole());
}
@@ -1763,6 +1769,7 @@ RUNTIME_FUNCTION(Runtime_WeakCollectionDelete) {
CONVERT_ARG_HANDLE_CHECKED(Object, key, 1);
Handle<ObjectHashTable> table(ObjectHashTable::cast(
weak_collection->table()));
+ RUNTIME_ASSERT(table->IsKey(*key));
Handle<Object> lookup(table->Lookup(key), isolate);
Handle<ObjectHashTable> new_table =
ObjectHashTable::Put(table, key,
isolate->factory()->the_hole_value());
@@ -1779,6 +1786,7 @@ RUNTIME_FUNCTION(Runtime_WeakCollectionSet) {
CONVERT_ARG_HANDLE_CHECKED(Object, value, 2);
Handle<ObjectHashTable> table(
ObjectHashTable::cast(weak_collection->table()));
+ RUNTIME_ASSERT(table->IsKey(*key));
Handle<ObjectHashTable> new_table = ObjectHashTable::Put(table, key,
value);
weak_collection->set_table(*new_table);
return isolate->heap()->undefined_value();
@@ -4305,6 +4313,7 @@
RUNTIME_FUNCTION(Runtime_StringReplaceGlobalRegExpWithString) {
CONVERT_ARG_HANDLE_CHECKED(JSArray, last_match_info, 3);
RUNTIME_ASSERT(regexp->GetFlags().is_global());
+ RUNTIME_ASSERT(last_match_info->HasFastObjectElements());
subject = String::Flatten(subject);
@@ -4735,12 +4744,11 @@ static Object* SearchRegExpMultiple(
RegExpImpl::GlobalCache global_cache(regexp, subject, true, isolate);
if (global_cache.HasException()) return isolate->heap()->exception();
- Handle<FixedArray> result_elements;
- if (result_array->HasFastObjectElements()) {
- result_elements =
- Handle<FixedArray>(FixedArray::cast(result_array->elements()));
- }
- if (result_elements.is_null() || result_elements->length() < 16) {
+ // Ensured in Runtime_RegExpExecMultiple.
+ ASSERT(result_array->HasFastObjectElements());
+ Handle<FixedArray> result_elements(
+ FixedArray::cast(result_array->elements()));
+ if (result_elements->length() < 16) {
result_elements = isolate->factory()->NewFixedArrayWithHoles(16);
}
@@ -4854,9 +4862,11 @@ RUNTIME_FUNCTION(Runtime_RegExpExecMultiple) {
CONVERT_ARG_HANDLE_CHECKED(JSRegExp, regexp, 0);
CONVERT_ARG_HANDLE_CHECKED(JSArray, last_match_info, 2);
CONVERT_ARG_HANDLE_CHECKED(JSArray, result_array, 3);
+ RUNTIME_ASSERT(last_match_info->HasFastObjectElements());
+ RUNTIME_ASSERT(result_array->HasFastObjectElements());
subject = String::Flatten(subject);
- ASSERT(regexp->GetFlags().is_global());
+ RUNTIME_ASSERT(regexp->GetFlags().is_global());
if (regexp->CaptureCount() == 0) {
return SearchRegExpMultiple<false>(
@@ -5504,6 +5514,7 @@ RUNTIME_FUNCTION(Runtime_SetHiddenProperty) {
CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
CONVERT_ARG_HANDLE_CHECKED(String, key, 1);
CONVERT_ARG_HANDLE_CHECKED(Object, value, 2);
+ RUNTIME_ASSERT(key->IsUniqueName());
return *JSObject::SetHiddenProperty(object, key, value);
}
@@ -7338,6 +7349,7 @@ RUNTIME_FUNCTION(Runtime_StringBuilderJoin) {
CONVERT_SMI_ARG_CHECKED(array_length, 1);
CONVERT_ARG_HANDLE_CHECKED(String, separator, 2);
RUNTIME_ASSERT(array->HasFastObjectElements());
+ RUNTIME_ASSERT(array_length >= 0);
Handle<FixedArray> fixed_array(FixedArray::cast(array->elements()));
if (fixed_array->length() < array_length) {
@@ -7385,17 +7397,19 @@ RUNTIME_FUNCTION(Runtime_StringBuilderJoin) {
uc16* end = sink + length;
#endif
+ RUNTIME_ASSERT(fixed_array->get(0)->IsString());
String* first = String::cast(fixed_array->get(0));
- String* seperator_raw = *separator;
+ String* separator_raw = *separator;
int first_length = first->length();
String::WriteToFlat(first, sink, 0, first_length);
sink += first_length;
for (int i = 1; i < array_length; i++) {
ASSERT(sink + separator_length <= end);
- String::WriteToFlat(seperator_raw, sink, 0, separator_length);
+ String::WriteToFlat(separator_raw, sink, 0, separator_length);
sink += separator_length;
+ RUNTIME_ASSERT(fixed_array->get(i)->IsString());
String* element = String::cast(fixed_array->get(i));
int element_length = element->length();
ASSERT(sink + element_length <= end);
@@ -7474,6 +7488,8 @@ RUNTIME_FUNCTION(Runtime_SparseJoinWithSeparator) {
FixedArray* elements = FixedArray::cast(elements_array->elements());
for (int i = 0; i < elements_length; i += 2) {
RUNTIME_ASSERT(elements->get(i)->IsNumber());
+ CONVERT_NUMBER_CHECKED(uint32_t, position, Uint32, elements->get(i));
+ RUNTIME_ASSERT(position < array_length);
RUNTIME_ASSERT(elements->get(i + 1)->IsString());
}
@@ -9752,6 +9768,8 @@ RUNTIME_FUNCTION(Runtime_DateLocalTimezone) {
ASSERT(args.length() == 1);
CONVERT_DOUBLE_ARG_CHECKED(x, 0);
+ RUNTIME_ASSERT(x >= -DateCache::kMaxTimeBeforeUTCInMs &&
+ x <= DateCache::kMaxTimeBeforeUTCInMs);
const char* zone =
isolate->date_cache()->LocalTimezone(static_cast<int64_t>(x));
Handle<String> result = isolate->factory()->NewStringFromUtf8(
@@ -9765,6 +9783,8 @@ RUNTIME_FUNCTION(Runtime_DateToUTC) {
ASSERT(args.length() == 1);
CONVERT_DOUBLE_ARG_CHECKED(x, 0);
+ RUNTIME_ASSERT(x >= -DateCache::kMaxTimeBeforeUTCInMs &&
+ x <= DateCache::kMaxTimeBeforeUTCInMs);
int64_t time = isolate->date_cache()->ToUTC(static_cast<int64_t>(x));
return *isolate->factory()->NewNumber(static_cast<double>(time));
@@ -10356,6 +10376,10 @@ static bool IterateElements(Isolate* isolate,
if (length == 0) break;
// Run through the elements FixedArray and use HasElement and
GetElement
// to check the prototype for missing elements.
+ if (receiver->elements()->IsFixedArray()) {
+ ASSERT(receiver->elements()->length() == 0);
+ break;
+ }
Handle<FixedDoubleArray> elements(
FixedDoubleArray::cast(receiver->elements()));
int fast_length = static_cast<int>(length);
@@ -10706,15 +10730,13 @@ RUNTIME_FUNCTION(Runtime_MoveArrayContents) {
RUNTIME_FUNCTION(Runtime_EstimateNumberOfElements) {
SealHandleScope shs(isolate);
ASSERT(args.length() == 1);
- CONVERT_ARG_CHECKED(JSObject, object, 0);
+ CONVERT_ARG_CHECKED(JSArray, object, 0);
HeapObject* elements = object->elements();
if (elements->IsDictionary()) {
int result =
SeededNumberDictionary::cast(elements)->NumberOfElements();
return Smi::FromInt(result);
- } else if (object->IsJSArray()) {
- return JSArray::cast(object)->length();
} else {
- return Smi::FromInt(FixedArray::cast(elements)->length());
+ return object->length();
}
}
@@ -10755,8 +10777,8 @@ RUNTIME_FUNCTION(Runtime_GetArrayKeys) {
}
return *isolate->factory()->NewJSArrayWithElements(keys);
} else {
- ASSERT(array->HasFastSmiOrObjectElements() ||
- array->HasFastDoubleElements());
+ RUNTIME_ASSERT(array->HasFastSmiOrObjectElements() ||
+ array->HasFastDoubleElements());
uint32_t actual_length =
static_cast<uint32_t>(array->elements()->length());
return *isolate->factory()->NewNumberFromUint(Min(actual_length,
length));
}
@@ -10859,8 +10881,8 @@ static Handle<Object>
DebugLookupResultValue(Isolate* isolate,
break;
}
case INTERCEPTOR:
- break;
case HANDLER:
+ break;
case NONEXISTENT:
UNREACHABLE();
break;
@@ -12697,12 +12719,13 @@ RUNTIME_FUNCTION(Runtime_SetFunctionBreakPoint) {
ASSERT(args.length() == 3);
CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0);
CONVERT_NUMBER_CHECKED(int32_t, source_position, Int32, args[1]);
- RUNTIME_ASSERT(source_position >= 0);
+ RUNTIME_ASSERT(source_position >= function->shared()->start_position() &&
+ source_position <= function->shared()->end_position());
CONVERT_ARG_HANDLE_CHECKED(Object, break_point_object_arg, 2);
// Set break point.
- isolate->debug()->SetBreakPoint(function, break_point_object_arg,
- &source_position);
+ RUNTIME_ASSERT(isolate->debug()->SetBreakPoint(
+ function, break_point_object_arg, &source_position));
return Smi::FromInt(source_position);
}
@@ -13504,7 +13527,7 @@ RUNTIME_FUNCTION(Runtime_LiveEditFunctionSetScript)
{
Script* script =
Script::cast(JSValue::cast(*script_object)->value());
script_object = Handle<Object>(script, isolate);
}
-
+ RUNTIME_ASSERT(function_wrapper->value()->IsSharedFunctionInfo());
LiveEdit::SetFunctionScript(function_wrapper, script_object);
} else {
// Just ignore this. We may not have a SharedFunctionInfo for some
functions
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
