Update elements.cc to use size_t for index/length

Bug: v8:4153 Change-Id: I036b3f464a635414e050972cee2dffbf3b44cafd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918250 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#65164}

Update elements.cc to use size_t for index/length
Bug: v8:4153 Change-Id: I036b3f464a635414e050972cee2dffbf3b44cafd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918250 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#65164}
5d29947d · Jakob Kummerow · Commit Bot · 3fdfcb82 · 5d29947d · 5d29947d
Commit 5d29947d authored Nov 25, 2019 by Jakob Kummerow Committed by Commit Bot Nov 26, 2019
11 changed files
--- a/src/builtins/builtins-typed-array.cc
+++ b/src/builtins/builtins-typed-array.cc
@@ -154,9 +154,7 @@ BUILTIN(TypedArrayPrototypeFill) {
  DCHECK_LE(end, len);
  DCHECK_LE(count, len);

-  return ElementsAccessor::ForKind(kind)->Fill(array, obj_value,
-                                               static_cast<uint32_t>(start),
-                                               static_cast<uint32_t>(end));
+  return ElementsAccessor::ForKind(kind)->Fill(array, obj_value, start, end);
 }

 BUILTIN(TypedArrayPrototypeIncludes) {
@@ -186,9 +184,8 @@ BUILTIN(TypedArrayPrototypeIncludes) {

  Handle<Object> search_element = args.atOrUndefined(isolate, 1);
  ElementsAccessor* elements = array->GetElementsAccessor();
-  Maybe<bool> result = elements->IncludesValue(isolate, array, search_element,
-                                               static_cast<uint32_t>(index),
-                                               static_cast<uint32_t>(len));
+  Maybe<bool> result =
+      elements->IncludesValue(isolate, array, search_element, index, len);
  MAYBE_RETURN(result, ReadOnlyRoots(isolate).exception());
  return *isolate->factory()->ToBoolean(result.FromJust());
 }
@@ -217,9 +214,8 @@ BUILTIN(TypedArrayPrototypeIndexOf) {

  Handle<Object> search_element = args.atOrUndefined(isolate, 1);
  ElementsAccessor* elements = array->GetElementsAccessor();
-  Maybe<int64_t> result = elements->IndexOfValue(isolate, array, search_element,
-                                                 static_cast<uint32_t>(index),
-                                                 static_cast<uint32_t>(len));
+  Maybe<int64_t> result =
+      elements->IndexOfValue(isolate, array, search_element, index, len);
  MAYBE_RETURN(result, ReadOnlyRoots(isolate).exception());
  return *isolate->factory()->NewNumberFromInt64(result.FromJust());
 }
@@ -252,8 +248,8 @@ BUILTIN(TypedArrayPrototypeLastIndexOf) {

  Handle<Object> search_element = args.atOrUndefined(isolate, 1);
  ElementsAccessor* elements = array->GetElementsAccessor();
-  Maybe<int64_t> result = elements->LastIndexOfValue(
-      array, search_element, static_cast<uint32_t>(index));
+  Maybe<int64_t> result =
+      elements->LastIndexOfValue(array, search_element, index);
  MAYBE_RETURN(result, ReadOnlyRoots(isolate).exception());
  return *isolate->factory()->NewNumberFromInt64(result.FromJust());
 }

--- a/src/objects/elements.cc
+++ b/src/objects/elements.cc
--- a/src/objects/elements.h
+++ b/src/objects/elements.h
@@ -33,13 +33,13 @@ class ElementsAccessor {
  virtual void Validate(JSObject obj) = 0;

  // Returns true if a holder contains an element with the specified index
-  // without iterating up the prototype chain.  The caller can optionally pass
-  // in the backing store to use for the check, which must be compatible with
-  // the ElementsKind of the ElementsAccessor. If backing_store is nullptr, the
-  // holder->elements() is used as the backing store. If a |filter| is
-  // specified the PropertyAttributes of the element at the given index
-  // are compared to the given |filter|. If they match/overlap the given
-  // index is ignored. Note that only Dictionary elements have custom
+  // without iterating up the prototype chain. The first version takes the
+  // backing store to use for the check, which must be compatible with the
+  // ElementsKind of the ElementsAccessor; the second version uses
+  // holder->elements() as the backing store. If a |filter| is specified,
+  // the PropertyAttributes of the element at the given index are compared
+  // to the given |filter|. If they match/overlap, the given index is ignored.
+  // Note that only Dictionary elements have custom
  // PropertyAttributes associated, hence the |filter| argument is ignored for
  // all but DICTIONARY_ELEMENTS and SLOW_SLOPPY_ARGUMENTS_ELEMENTS.
  virtual bool HasElement(JSObject holder, uint32_t index,
@@ -56,7 +56,7 @@ class ElementsAccessor {
  virtual Handle<Object> Get(Handle<JSObject> holder, InternalIndex entry) = 0;

  virtual bool HasAccessors(JSObject holder) = 0;
-  virtual uint32_t NumberOfElements(JSObject holder) = 0;
+  virtual size_t NumberOfElements(JSObject holder) = 0;

  // Modifies the length data property as specified for JSArrays and resizes the
  // underlying backing store accordingly. The method honors the semantics of
@@ -126,28 +126,27 @@ class ElementsAccessor {

  virtual Handle<NumberDictionary> Normalize(Handle<JSObject> object) = 0;

-  virtual uint32_t GetCapacity(JSObject holder,
-                               FixedArrayBase backing_store) = 0;
+  virtual size_t GetCapacity(JSObject holder, FixedArrayBase backing_store) = 0;

  virtual Object Fill(Handle<JSObject> receiver, Handle<Object> obj_value,
-                      uint32_t start, uint32_t end) = 0;
+                      size_t start, size_t end) = 0;

  // Check an Object's own elements for an element (using SameValueZero
  // semantics)
  virtual Maybe<bool> IncludesValue(Isolate* isolate, Handle<JSObject> receiver,
-                                    Handle<Object> value, uint32_t start,
-                                    uint32_t length) = 0;
+                                    Handle<Object> value, size_t start,
+                                    size_t length) = 0;

  // Check an Object's own elements for the index of an element (using SameValue
  // semantics)
  virtual Maybe<int64_t> IndexOfValue(Isolate* isolate,
                                      Handle<JSObject> receiver,
-                                      Handle<Object> value, uint32_t start,
-                                      uint32_t length) = 0;
+                                      Handle<Object> value, size_t start,
+                                      size_t length) = 0;

  virtual Maybe<int64_t> LastIndexOfValue(Handle<JSObject> receiver,
                                          Handle<Object> value,
-                                          uint32_t start) = 0;
+                                          size_t start) = 0;

  virtual void Reverse(JSObject receiver) = 0;

@@ -157,7 +156,7 @@ class ElementsAccessor {

  virtual Object CopyElements(Handle<Object> source,
                              Handle<JSObject> destination, size_t length,
-                              uint32_t offset) = 0;
+                              size_t offset) = 0;

  virtual Handle<FixedArray> CreateListFromArrayLike(Isolate* isolate,
                                                     Handle<JSObject> object,
@@ -180,7 +179,7 @@ class ElementsAccessor {
  // the NumberDictionary.
  virtual InternalIndex GetEntryForIndex(Isolate* isolate, JSObject holder,
                                         FixedArrayBase backing_store,
-                                         uint32_t index) = 0;
+                                         size_t index) = 0;

  virtual PropertyDetails GetDetails(JSObject holder, InternalIndex entry) = 0;
  virtual void Reconfigure(Handle<JSObject> object,

--- a/src/objects/js-list-format.cc
+++ b/src/objects/js-list-format.cc
@@ -256,11 +256,10 @@ Maybe<std::vector<icu::UnicodeString>> ToUnicodeStringArray(
  // arrays here, so the loop below can construct an entry from the index.
  DCHECK(array->HasFastElements(isolate));
  auto* accessor = array->GetElementsAccessor();
-  uint32_t length = accessor->NumberOfElements(*array);
+  size_t length = accessor->NumberOfElements(*array);

  std::vector<icu::UnicodeString> result;
-  for (uint32_t i = 0; i < length; i++) {
-    InternalIndex entry(i);
+  for (InternalIndex entry : InternalIndex::Range(length)) {
    DCHECK(accessor->HasEntry(*array, entry));
    Handle<Object> item = accessor->Get(array, entry);
    DCHECK(item->IsString());

--- a/src/objects/js-objects.cc
+++ b/src/objects/js-objects.cc
@@ -1847,17 +1847,18 @@ V8_WARN_UNUSED_RESULT Maybe<bool> FastGetOwnValuesOrEntries(
  Handle<DescriptorArray> descriptors(map->instance_descriptors(), isolate);

  int number_of_own_descriptors = map->NumberOfOwnDescriptors();
-  int number_of_own_elements =
+  size_t number_of_own_elements =
      object->GetElementsAccessor()->GetCapacity(*object, object->elements());

  if (number_of_own_elements >
-      FixedArray::kMaxLength - number_of_own_descriptors) {
+      static_cast<size_t>(FixedArray::kMaxLength - number_of_own_descriptors)) {
    isolate->Throw(*isolate->factory()->NewRangeError(
        MessageTemplate::kInvalidArrayLength));
    return Nothing<bool>();
  }
+  // The static cast is safe after the range check right above.
  Handle<FixedArray> values_or_entries = isolate->factory()->NewFixedArray(
-      number_of_own_descriptors + number_of_own_elements);
+      static_cast<int>(number_of_own_descriptors + number_of_own_elements));
  int count = 0;

  if (object->elements() != ReadOnlyRoots(isolate).empty_fixed_array()) {
@@ -3667,8 +3668,9 @@ bool TestElementsIntegrityLevel(JSObject object, PropertyAttributes level) {
        level);
  }
  if (IsTypedArrayElementsKind(kind)) {
-    if (level == FROZEN && JSArrayBufferView::cast(object).byte_length() > 0)
+    if (level == FROZEN && JSArrayBufferView::cast(object).byte_length() > 0) {
      return false;  // TypedArrays with elements can't be frozen.
+    }
    return TestPropertiesIntegrityLevel(object, level);
  }
  if (IsFrozenElementsKind(kind)) return true;

--- a/src/objects/keys.cc
+++ b/src/objects/keys.cc
@@ -528,9 +528,8 @@ V8_WARN_UNUSED_RESULT ExceptionStatus FilterForEnumerableProperties(
  DCHECK(result->IsJSArray() || result->HasSloppyArgumentsElements());
  ElementsAccessor* accessor = result->GetElementsAccessor();

-  uint32_t length = accessor->GetCapacity(*result, result->elements());
-  for (uint32_t i = 0; i < length; i++) {
-    InternalIndex entry(i);
+  size_t length = accessor->GetCapacity(*result, result->elements());
+  for (InternalIndex entry : InternalIndex::Range(length)) {
    if (!accessor->HasEntry(*result, entry)) continue;

    // args are invalid after args.Call(), create a new one in every iteration.

--- a/src/objects/lookup.cc
+++ b/src/objects/lookup.cc
@@ -1165,12 +1165,8 @@ LookupIterator::State LookupIterator::LookupInRegularHolder(
    JSObject js_object = JSObject::cast(holder);
    ElementsAccessor* accessor = js_object.GetElementsAccessor(isolate_);
    FixedArrayBase backing_store = js_object.elements(isolate_);
-    // TODO(4153): Update elements.cc and drop the cast to uint32_t.
-    uint32_t index = index_ > std::numeric_limits<uint32_t>::max()
-                         ? std::numeric_limits<uint32_t>::max()
-                         : static_cast<uint32_t>(index_);
    number_ =
-        accessor->GetEntryForIndex(isolate_, js_object, backing_store, index);
+        accessor->GetEntryForIndex(isolate_, js_object, backing_store, index_);
    if (number_.is_not_found()) {
      return holder.IsJSTypedArray(isolate_) ? INTEGER_INDEXED_EXOTIC
                                             : NOT_FOUND;

--- a/src/objects/objects-inl.h
+++ b/src/objects/objects-inl.h
@@ -1071,9 +1071,9 @@ static inline uint32_t ObjectAddressForHashing(Address object) {
  return value & kPageAlignmentMask;
 }

-static inline Handle<Object> MakeEntryPair(Isolate* isolate, uint32_t index,
+static inline Handle<Object> MakeEntryPair(Isolate* isolate, size_t index,
                                           Handle<Object> value) {
-  Handle<Object> key = isolate->factory()->Uint32ToString(index);
+  Handle<Object> key = isolate->factory()->SizeToString(index);
  Handle<FixedArray> entry_storage =
      isolate->factory()->NewUninitializedFixedArray(2);
  {

--- a/src/objects/objects.cc
+++ b/src/objects/objects.cc
@@ -966,6 +966,8 @@ MaybeHandle<FixedArray> CreateListFromArrayLikeFastPath(
          length > static_cast<size_t>(FixedArray::kMaxLength)) {
        return MaybeHandle<FixedArray>();
      }
+      STATIC_ASSERT(FixedArray::kMaxLength <=
+                    std::numeric_limits<uint32_t>::max());
      return array->GetElementsAccessor()->CreateListFromArrayLike(
          isolate, array, static_cast<uint32_t>(length));
    }

--- a/src/runtime/runtime-array.cc
+++ b/src/runtime/runtime-array.cc
@@ -288,9 +288,8 @@ RUNTIME_FUNCTION(Runtime_ArrayIncludes_Slow) {
      JSObject::PrototypeHasNoElements(isolate, JSObject::cast(*object))) {
    Handle<JSObject> obj = Handle<JSObject>::cast(object);
    ElementsAccessor* elements = obj->GetElementsAccessor();
-    Maybe<bool> result = elements->IncludesValue(isolate, obj, search_element,
-                                                 static_cast<uint32_t>(index),
-                                                 static_cast<uint32_t>(len));
+    Maybe<bool> result =
+        elements->IncludesValue(isolate, obj, search_element, index, len);
    MAYBE_RETURN(result, ReadOnlyRoots(isolate).exception());
    return *isolate->factory()->ToBoolean(result.FromJust());
  }

--- a/src/runtime/runtime-typedarray.cc
+++ b/src/runtime/runtime-typedarray.cc
@@ -166,12 +166,9 @@ RUNTIME_FUNCTION(Runtime_TypedArraySet) {

  size_t offset;
  CHECK(TryNumberToSize(*offset_obj, &offset));
-  DCHECK_LE(offset, kMaxUInt32);

  ElementsAccessor* accessor = target->GetElementsAccessor();
-  // TODO(v8:4153): Support huge TypedArrays.
-  return accessor->CopyElements(source, target, length,
-                                static_cast<uint32_t>(offset));
+  return accessor->CopyElements(source, target, length, offset);
 }

 }  // namespace internal