Commit 85bc1b0c authored by Tobias Tebbi's avatar Tobias Tebbi Committed by Commit Bot

[torque] check FixedArray length

Bug: chromium:1086890
Change-Id: I8345f209d8f4e40a57df166664f403a6cf6c6652
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2222346
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68085}
parent 82c3aa45
...@@ -354,6 +354,8 @@ const kStringMaxLengthUintptr: ...@@ -354,6 +354,8 @@ const kStringMaxLengthUintptr:
constexpr uintptr generates 'String::kMaxLength'; constexpr uintptr generates 'String::kMaxLength';
const kFixedArrayMaxLength: const kFixedArrayMaxLength:
constexpr int31 generates 'FixedArray::kMaxLength'; constexpr int31 generates 'FixedArray::kMaxLength';
const kFixedDoubleArrayMaxLength:
constexpr int31 generates 'FixedDoubleArray::kMaxLength';
const kObjectAlignmentMask: constexpr intptr const kObjectAlignmentMask: constexpr intptr
generates 'kObjectAlignmentMask'; generates 'kObjectAlignmentMask';
const kMinAddedElementsCapacity: const kMinAddedElementsCapacity:
......
...@@ -205,7 +205,7 @@ TNode<Smi> CodeStubAssembler::SelectSmiConstant(SloppyTNode<BoolT> condition, ...@@ -205,7 +205,7 @@ TNode<Smi> CodeStubAssembler::SelectSmiConstant(SloppyTNode<BoolT> condition,
SmiConstant(false_value)); SmiConstant(false_value));
} }
TNode<Object> CodeStubAssembler::NoContextConstant() { TNode<Smi> CodeStubAssembler::NoContextConstant() {
return SmiConstant(Context::kNoContext); return SmiConstant(Context::kNoContext);
} }
......
...@@ -616,7 +616,7 @@ class V8_EXPORT_PRIVATE CodeStubAssembler ...@@ -616,7 +616,7 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
return Word32BinaryNot(TaggedEqual(a, b)); return Word32BinaryNot(TaggedEqual(a, b));
} }
TNode<Object> NoContextConstant(); TNode<Smi> NoContextConstant();
#define HEAP_CONSTANT_ACCESSOR(rootIndexName, rootAccessorName, name) \ #define HEAP_CONSTANT_ACCESSOR(rootIndexName, rootAccessorName, name) \
TNode<std::remove_pointer<std::remove_reference<decltype( \ TNode<std::remove_pointer<std::remove_reference<decltype( \
......
...@@ -74,3 +74,9 @@ extern operator '[]=' macro StoreContextElement( ...@@ -74,3 +74,9 @@ extern operator '[]=' macro StoreContextElement(
extern operator '[]' macro LoadContextElement(Context, intptr): Object; extern operator '[]' macro LoadContextElement(Context, intptr): Object;
extern operator '[]' macro LoadContextElement(Context, Smi): Object; extern operator '[]' macro LoadContextElement(Context, Smi): Object;
// A dummy used instead of a context constant for runtime calls that don't need
// a context.
type NoContext extends Smi;
extern macro NoContextConstant(): NoContext;
const kNoContext: NoContext = NoContextConstant();
...@@ -141,8 +141,15 @@ macro ExtractFixedDoubleArray( ...@@ -141,8 +141,15 @@ macro ExtractFixedDoubleArray(
ConstantIterator(kDoubleHole))); ConstantIterator(kDoubleHole)));
} }
namespace runtime {
extern runtime FatalProcessOutOfMemoryInvalidArrayLength(NoContext): never;
}
macro NewFixedArray<Iterator: type>(length: intptr, it: Iterator): FixedArray { macro NewFixedArray<Iterator: type>(length: intptr, it: Iterator): FixedArray {
if (length == 0) return kEmptyFixedArray; if (length == 0) return kEmptyFixedArray;
if (length > kFixedArrayMaxLength) deferred {
runtime::FatalProcessOutOfMemoryInvalidArrayLength(kNoContext);
}
return new return new
FixedArray{map: kFixedArrayMap, length: Convert<Smi>(length), objects: ...it}; FixedArray{map: kFixedArrayMap, length: Convert<Smi>(length), objects: ...it};
} }
...@@ -150,6 +157,9 @@ macro NewFixedArray<Iterator: type>(length: intptr, it: Iterator): FixedArray { ...@@ -150,6 +157,9 @@ macro NewFixedArray<Iterator: type>(length: intptr, it: Iterator): FixedArray {
macro NewFixedDoubleArray<Iterator: type>( macro NewFixedDoubleArray<Iterator: type>(
length: intptr, it: Iterator): FixedDoubleArray|EmptyFixedArray { length: intptr, it: Iterator): FixedDoubleArray|EmptyFixedArray {
if (length == 0) return kEmptyFixedArray; if (length == 0) return kEmptyFixedArray;
if (length > kFixedDoubleArrayMaxLength) deferred {
runtime::FatalProcessOutOfMemoryInvalidArrayLength(kNoContext);
}
return new FixedDoubleArray{ return new FixedDoubleArray{
map: kFixedDoubleArrayMap, map: kFixedDoubleArrayMap,
length: Convert<Smi>(length), length: Convert<Smi>(length),
......
...@@ -24,6 +24,7 @@ static const char* const BOOL_TYPE_STRING = "bool"; ...@@ -24,6 +24,7 @@ static const char* const BOOL_TYPE_STRING = "bool";
static const char* const VOID_TYPE_STRING = "void"; static const char* const VOID_TYPE_STRING = "void";
static const char* const ARGUMENTS_TYPE_STRING = "Arguments"; static const char* const ARGUMENTS_TYPE_STRING = "Arguments";
static const char* const CONTEXT_TYPE_STRING = "Context"; static const char* const CONTEXT_TYPE_STRING = "Context";
static const char* const NO_CONTEXT_TYPE_STRING = "NoContext";
static const char* const NATIVE_CONTEXT_TYPE_STRING = "NativeContext"; static const char* const NATIVE_CONTEXT_TYPE_STRING = "NativeContext";
static const char* const JS_FUNCTION_TYPE_STRING = "JSFunction"; static const char* const JS_FUNCTION_TYPE_STRING = "JSFunction";
static const char* const MAP_TYPE_STRING = "Map"; static const char* const MAP_TYPE_STRING = "Map";
......
...@@ -126,11 +126,12 @@ void DeclarationVisitor::Visit(ExternalRuntimeDeclaration* decl) { ...@@ -126,11 +126,12 @@ void DeclarationVisitor::Visit(ExternalRuntimeDeclaration* decl) {
"Missing parameters for runtime function, at least the context " "Missing parameters for runtime function, at least the context "
"parameter is required."); "parameter is required.");
} }
if (!(signature.parameter_types.types[0] == TypeOracle::GetContextType())) { if (!(signature.parameter_types.types[0] == TypeOracle::GetContextType() ||
signature.parameter_types.types[0] == TypeOracle::GetNoContextType())) {
ReportError( ReportError(
"first parameter to runtime functions has to be the context and have " "first parameter to runtime functions has to be the context and have "
"type Context, but found type ", "type Context or NoContext, but found type ",
signature.parameter_types.types[0]); *signature.parameter_types.types[0]);
} }
if (!(signature.return_type->IsSubtypeOf(TypeOracle::GetObjectType()) || if (!(signature.return_type->IsSubtypeOf(TypeOracle::GetObjectType()) ||
signature.return_type == TypeOracle::GetVoidType() || signature.return_type == TypeOracle::GetVoidType() ||
......
...@@ -304,6 +304,10 @@ class TypeOracle : public ContextualClass<TypeOracle> { ...@@ -304,6 +304,10 @@ class TypeOracle : public ContextualClass<TypeOracle> {
return Get().GetBuiltinType(CONTEXT_TYPE_STRING); return Get().GetBuiltinType(CONTEXT_TYPE_STRING);
} }
static const Type* GetNoContextType() {
return Get().GetBuiltinType(NO_CONTEXT_TYPE_STRING);
}
static const Type* GetNativeContextType() { static const Type* GetNativeContextType() {
return Get().GetBuiltinType(NATIVE_CONTEXT_TYPE_STRING); return Get().GetBuiltinType(NATIVE_CONTEXT_TYPE_STRING);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment