test · a738ad33b33249f170cf7e0985d5c678f0ad6b4b · Linshizhi / V8

[SAB] Validate index before value conversion using ToIndex · 7b300ba2

binji authored Apr 12, 2017

It's required by the spec -- and observable -- that the index be validated
before the conversion of the value(s) via ToInteger.

The previous implementation also had an old test for validating the atomic
index, which has now been switched to ToIndex.

This also exposed an issue in the ia32 code generator: cmpxchg_b requires a
byte register, but the ia32 instruction selector was ensuring that the
new_value was a byte register, not the TempRegister. This change forces the
temp register to use edx, which always can be used as a byte register (dl).
This is the same behavior as currently used in UseByteRegister.

BUG=v8:4614
R=jarin@chromium.org,jkummerow@chromium.org

Review-Url: https://codereview.chromium.org/2814753003
Cr-Commit-Position: refs/heads/master@{#44626}

7b300ba2

Name	Last commit	Last update
..
benchmarks		Loading commit data...
cctest		Loading commit data...
common		Loading commit data...
debugger		Loading commit data...
fuzzer		Loading commit data...
inspector		Loading commit data...
intl		Loading commit data...
js-perf-test		Loading commit data...
memory		Loading commit data...
message		Loading commit data...
mjsunit		Loading commit data...
mozilla		Loading commit data...
preparser		Loading commit data...
promises-aplus		Loading commit data...
simdjs		Loading commit data...
test262		Loading commit data...
unittests		Loading commit data...
webkit		Loading commit data...
BUILD.gn		Loading commit data...
bot_default.gyp		Loading commit data...
bot_default.isolate		Loading commit data...
default.gyp		Loading commit data...
default.isolate		Loading commit data...
optimize_for_size.gyp		Loading commit data...
optimize_for_size.isolate		Loading commit data...
perf.gyp		Loading commit data...
perf.isolate		Loading commit data...