• Caitlin Potter's avatar
    [runtime] perform type conversion earlier in IntegerIndexedElementSet · 6c585ef0
    Caitlin Potter authored
    When storing an indexed property in a typed array, it's necessary to
    convert the value to a Number (or to a Bigint) before performing the
    bounds check, per
    https://tc39.github.io/ecma262/#sec-integerindexedelementset.
    
    This CL adds appropriate type conversions in
    Object::SetPropertyInternal (which technically is reached after the
    bounds check has already occurred, but this isn't observable yet ---
    In the future, once OOB accesses on TypedArrays actually throw, this
    will need to be refactored again), and in StoreFastElementStub, and
    ElementsTransitionAndStoreStub (via CSA::EmitElementStore).
    
    The change was not necessary in TurboFan, as
    JSNativeContextSpecialization already performs the value conversion
    before the boundscheck.
    
    The result is some fixed test262 tests, and some new test coverage
    for this behaviour in mjsunit.
    
    BUG=v8:7896, v8:5327
    R=neis@chromium.org, jkummerow@chromium.org, gsathya@chromium.org
    
    Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
    Change-Id: Ibe6bec24c72ef6a4fd3e77d5bcafa03737f4c5e3
    Reviewed-on: https://chromium-review.googlesource.com/1117372
    Commit-Queue: Caitlin Potter <caitp@igalia.com>
    Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
    Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#54096}
    6c585ef0
Name
Last commit
Last update
..
benchmarks Loading commit data...
cctest Loading commit data...
common Loading commit data...
debugger Loading commit data...
fuzzer Loading commit data...
inspector Loading commit data...
intl Loading commit data...
js-perf-test Loading commit data...
memory Loading commit data...
message Loading commit data...
mjsunit Loading commit data...
mkgrokdump Loading commit data...
mozilla Loading commit data...
preparser Loading commit data...
test262 Loading commit data...
torque Loading commit data...
unittests Loading commit data...
wasm-spec-tests Loading commit data...
webkit Loading commit data...
BUILD.gn Loading commit data...