[builtins] Use uintptr in TypedArray's size computation functions

The size/length limits are still at kSmiMaxValue.

Bug: v8:4153
Change-Id: I6ffda50a3b9f235b97a3718e86df7deadce9f6f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1874346
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64514}

src/builtins/base.tq

@@ -1855,9 +1855,6 @@ extern transitioning macro ToInteger_Inline(
     Context, JSAny, constexpr ToIntegerTruncationMode): Number;
 extern transitioning macro ToLength_Inline(Context, JSAny): Number;
 extern transitioning macro ToNumber_Inline(Context, JSAny): Number;
-// TODO(v8:4153): Use ToIndex() instead.
-extern transitioning macro ToSmiIndex(implicit context: Context)(JSAny):
-    PositiveSmi labels IfRangeError;
 extern transitioning macro ToSmiLength(implicit context: Context)(JSAny):
     PositiveSmi labels IfRangeError;
 extern transitioning macro ToString_Inline(Context, JSAny): String;

src/builtins/typed-array-createtypedarray.tq

@@ -70,7 +70,7 @@ namespace typed_array {
   }
 
   transitioning macro TypedArrayInitialize(implicit context: Context)(
-      initialize: constexpr bool, map: Map, length: PositiveSmi,
+      initialize: constexpr bool, map: Map, length: uintptr,
       elementsInfo: typed_array::TypedArrayElementsInfo,
       bufferConstructor: JSReceiver): JSTypedArray {
     const byteLength = elementsInfo.CalculateByteLength(length)
@@ -91,8 +91,7 @@ namespace typed_array {
 
       const isOnHeap: constexpr bool = true;
       const typedArray = AllocateTypedArray(
-          isOnHeap, map, buffer, byteOffset, byteLength,
-          Convert<uintptr>(length));
+          isOnHeap, map, buffer, byteOffset, byteLength, length);
 
       if constexpr (initialize) {
         const backingStore = typedArray.data_ptr;
@@ -113,8 +112,7 @@ namespace typed_array {
       const buffer = Cast<JSArrayBuffer>(bufferObj) otherwise unreachable;
       const isOnHeap: constexpr bool = false;
       return AllocateTypedArray(
-          isOnHeap, map, buffer, byteOffset, byteLength,
-          Convert<uintptr>(length));
+          isOnHeap, map, buffer, byteOffset, byteLength, length);
     }
   }
 
@@ -134,7 +132,8 @@ namespace typed_array {
     const defaultConstructor: Constructor = GetArrayBufferFunction();
     const initialize: constexpr bool = true;
     return TypedArrayInitialize(
-        initialize, map, positiveLength, elementsInfo, defaultConstructor);
+        initialize, map, Convert<uintptr>(positiveLength), elementsInfo,
+        defaultConstructor);
   }
 
   // 22.2.4.4 TypedArray ( object )
@@ -148,7 +147,8 @@ namespace typed_array {
         otherwise ThrowRangeError(kInvalidTypedArrayLength, initialLength);
     const initialize: constexpr bool = false;
     const typedArray = TypedArrayInitialize(
-        initialize, map, length, elementsInfo, bufferConstructor);
+        initialize, map, Convert<uintptr>(length), elementsInfo,
+        bufferConstructor);
 
     try {
       const src: JSTypedArray = Cast<JSTypedArray>(arrayLike) otherwise IfSlow;
@@ -220,13 +220,10 @@ namespace typed_array {
         goto IfInvalidAlignment('start offset');
       }
 
-      let newLength: PositiveSmi = 0;
-      let newByteLength: uintptr;
       // 8. If length is present and length is not undefined, then
-      if (length != Undefined) {
-        // a. Let newLength be ? ToIndex(length).
-        newLength = ToSmiIndex(length) otherwise IfInvalidLength;
-      }
+      // a. Let newLength be ? ToIndex(length).
+      let newLength: uintptr = ToIndex(length) otherwise IfInvalidLength;
+      let newByteLength: uintptr;
 
       // 9. If IsDetachedBuffer(buffer) is true, throw a TypeError exception.
       if (IsDetachedBuffer(buffer)) {
@@ -269,8 +266,7 @@ namespace typed_array {
 
       const isOnHeap: constexpr bool = false;
       return AllocateTypedArray(
-          isOnHeap, map, buffer, offset, newByteLength,
-          Convert<uintptr>(newLength));
+          isOnHeap, map, buffer, offset, newByteLength, newLength);
     }
     label IfInvalidAlignment(problemString: String) deferred {
       ThrowInvalidTypedArrayAlignment(map, problemString);
@@ -407,4 +403,17 @@ namespace typed_array {
       }
     return typedArray;
   }
+
+  transitioning macro TypedArraySpeciesCreateByBuffer(implicit context:
+                                                          Context)(
+      methodName: constexpr string, exemplar: JSTypedArray,
+      buffer: JSArrayBuffer, beginByteOffset: uintptr,
+      newLength: uintptr): JSTypedArray {
+    const numArgs: constexpr int31 = 3;
+    // TODO(v8:4153): pass length further as uintptr.
+    const typedArray: JSTypedArray = TypedArraySpeciesCreate(
+        methodName, numArgs, exemplar, buffer, Convert<Number>(beginByteOffset),
+        Convert<Number>(newLength));
+    return typedArray;
+  }
 }

src/builtins/typed-array-slice.tq

@@ -12,7 +12,7 @@ namespace typed_array {
 
   macro FastCopy(
       src: typed_array::AttachedJSTypedArray, dest: JSTypedArray, k: uintptr,
-      count: PositiveSmi) labels IfSlow {
+      count: uintptr) labels IfSlow {
     if (IsForceSlowPath()) goto IfSlow;
 
     const srcKind: ElementsKind = src.elements_kind;
@@ -27,10 +27,9 @@ namespace typed_array {
       goto IfSlow;
     }
 
-    const countBytes: uintptr =
-        destInfo.CalculateByteLength(count) otherwise unreachable;
-    const startOffset: uintptr =
-        destInfo.CalculateByteLength(Convert<PositiveSmi>(Signed(k)))
+    const countBytes: uintptr = destInfo.CalculateByteLength(count)
+        otherwise unreachable;
+    const startOffset: uintptr = destInfo.CalculateByteLength(k)
         otherwise unreachable;
     const srcPtr: RawPtr = src.data_ptr + Convert<intptr>(startOffset);
 
@@ -81,11 +80,11 @@ namespace typed_array {
         end != Undefined ? ConvertToRelativeIndex(end, len) : len;
 
     // 8. Let count be max(final - k, 0).
-    const count = Convert<PositiveSmi>(IntPtrMax(Signed(final - k), 0));
+    const count: uintptr = Unsigned(IntPtrMax(Signed(final - k), 0));
 
     // 9. Let A be ? TypedArraySpeciesCreate(O, « count »).
-    const dest: JSTypedArray = TypedArraySpeciesCreateByLength(
-        kBuiltinNameSlice, src, Convert<uintptr>(count));
+    const dest: JSTypedArray =
+        TypedArraySpeciesCreateByLength(kBuiltinNameSlice, src, count);
 
     if (count > 0) {
       try {

src/builtins/typed-array-subarray.tq

@@ -38,7 +38,7 @@ namespace typed_array {
         arg1 != Undefined ? ConvertToRelativeIndex(arg1, srcLength) : srcLength;
 
     // 11. Let newLength be max(endIndex - beginIndex, 0).
-    const newLength = Convert<PositiveSmi>(IntPtrMax(Signed(end - begin), 0));
+    const newLength: uintptr = Unsigned(IntPtrMax(Signed(end - begin), 0));
 
     // 12. Let constructorName be the String value of O.[[TypedArrayName]].
     // 13. Let elementSize be the Number value of the Element Size value
@@ -49,16 +49,13 @@ namespace typed_array {
     const srcByteOffset: uintptr = source.byte_offset;
 
     // 15. Let beginByteOffset be srcByteOffset + beginIndex × elementSize.
-    const beginByteOffset = srcByteOffset +
-        elementsInfo.CalculateByteLength(Convert<PositiveSmi>(Signed(begin)))
+    const beginByteOffset =
+        srcByteOffset + elementsInfo.CalculateByteLength(begin)
         otherwise ThrowRangeError(kInvalidArrayBufferLength);
 
     // 16. Let argumentsList be « buffer, beginByteOffset, newLength ».
-    const beginByteOffsetNum = Convert<Number>(beginByteOffset);
-
     // 17. Return ? TypedArraySpeciesCreate(O, argumentsList).
-    const numArgs: constexpr int31 = 3;
-    return TypedArraySpeciesCreate(
-        methodName, numArgs, source, buffer, beginByteOffsetNum, newLength);
+    return TypedArraySpeciesCreateByBuffer(
+        methodName, source, buffer, beginByteOffset, newLength);
   }
 }

src/builtins/typed-array.tq

@@ -23,20 +23,23 @@ namespace typed_array {
   @export
   struct TypedArrayElementsInfo {
     // Calculates the number of bytes required for specified number of elements.
-    CalculateByteLength(lengthSmi: PositiveSmi): uintptr labels IfInvalid {
-      const length = Convert<uintptr>(lengthSmi);
+    CalculateByteLength(length: uintptr): uintptr labels IfInvalid {
+      // TODO(v8:4153): use kArrayBufferMaxByteLength instead of kSmiMaxValue
+      // to allow creation of huge TypedArrays.
+      const maxArrayLength = kSmiMaxValue >>> this.sizeLog2;
+      if (length > maxArrayLength) goto IfInvalid;
       const byteLength = length << this.sizeLog2;
-      // If an overflow ocurred, the byte length exceeds
-      // JSArrayBuffer::kMaxByteLength and is invalid.
-      if (byteLength >>> this.sizeLog2 != length) goto IfInvalid;
       return byteLength;
     }
 
     // Calculates the maximum number of elements supported by a specified number
     // of bytes.
-    CalculateLength(byteLength: uintptr): PositiveSmi labels IfInvalid {
-      return Convert<PositiveSmi>(byteLength >>> this.sizeLog2)
-          otherwise IfInvalid;
+    CalculateLength(byteLength: uintptr): uintptr labels IfInvalid {
+      const length = byteLength >>> this.sizeLog2;
+      // TODO(v8:4153): use kArrayBufferMaxByteLength instead of kSmiMaxValue
+      // to allow creation of huge TypedArrays.
+      if (length > kSmiMaxValue) goto IfInvalid;
+      return length;
     }
 
     // Determines if `bytes` (byte offset or length) cannot be evenly divided by