On 2015/01/30 12:36:57, dougc wrote:
On 2015/01/30 12:15:03, Benedikt Meurer wrote:
> > The index is constrained to be a 31-bit unsigned integer because: it
is an
> array buffer index, and the maximum array buffer size is 2GB, and at
this
point
> in the code the index is known to be within bounds?
>
> That's only true for asm.js heap access, not for Load/Store in general.
Could you help me understand what aspect of asm.js this is limited to?
This code path is only taken for typed arrays, when
IsExternalArrayElementsKind() is true? E.g. See the logic in
JSTypedLowering::ReduceJSLoadProperty().
As said, that is the current implementation, which only considers asm.js.
But we
will be targeting regular JavaScript soon(ish), and that means you can have
abitrary Loads/Stores, i.e. even Loads/Stores for Blink DOM objects or other
arrays/objects/whatever. You cannot make any assumptions about the index in
that
case.
https://codereview.chromium.org/860283004/
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
