Skip to site navigation (Press enter)

[webkit-changes] [168208] branches/safari-537.76-branch/Source

matthew_hanson Fri, 02 May 2014 16:49:18 -0700

Title: [168208] branches/safari-537.76-branch/Source

Revision: 168208
Author: matthew_han...@apple.com
Date: 2014-05-02 16:48:24 -0700 (Fri, 02 May 2014)

Log Message

Merge r167548.


Modified Paths

branches/safari-537.76-branch/Source/_javascript_Core/ChangeLog
branches/safari-537.76-branch/Source/_javascript_Core/dfg/DFGOperations.cpp
branches/safari-537.76-branch/Source/_javascript_Core/runtime/Operations.h
branches/safari-537.76-branch/Source/WTF/ChangeLog
branches/safari-537.76-branch/Source/WTF/wtf/CheckedArithmetic.h

Diff

Modified: branches/safari-537.76-branch/Source/_javascript_Core/ChangeLog (168207 => 168208)


--- branches/safari-537.76-branch/Source/_javascript_Core/ChangeLog	2014-05-02 23:38:30 UTC (rev 168207)
+++ branches/safari-537.76-branch/Source/_javascript_Core/ChangeLog	2014-05-02 23:48:24 UTC (rev 168208)
@@ -1,5 +1,20 @@
 2014-05-02  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r167548.
+
+    2014-04-19  Filip Pizlo  <fpi...@apple.com>
+    
+            Make it easier to check if an integer sum would overflow
+            https://bugs.webkit.org/show_bug.cgi?id=131900
+    
+            Reviewed by Darin Adler.
+    
+            * dfg/DFGOperations.cpp:
+            * runtime/Operations.h:
+            (JSC::jsString):
+    
+2014-05-02  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r167544.
 
     2014-04-19  Filip Pizlo  <fpi...@apple.com>

Modified: branches/safari-537.76-branch/Source/_javascript_Core/dfg/DFGOperations.cpp (168207 => 168208)


--- branches/safari-537.76-branch/Source/_javascript_Core/dfg/DFGOperations.cpp	2014-05-02 23:38:30 UTC (rev 168207)
+++ branches/safari-537.76-branch/Source/_javascript_Core/dfg/DFGOperations.cpp	2014-05-02 23:48:24 UTC (rev 168208)
@@ -1596,8 +1596,8 @@
 {
     VM& vm = exec->vm();
     NativeCallFrameTracer tracer(&vm, exec);
-    
-    if (static_cast<int32_t>(left->length() + right->length()) < 0) {
+
+    if (sumOverflows<int32_t>(left->length(), right->length())) {
         throwOutOfMemoryError(exec);
         return nullptr;
     }
@@ -1610,10 +1610,7 @@
     VM& vm = exec->vm();
     NativeCallFrameTracer tracer(&vm, exec);
 
-    Checked<int32_t, RecordOverflow> length = a->length();
-    length += b->length();
-    length += c->length();
-    if (length.hasOverflowed()) {
+    if (sumOverflows<int32_t>(a->length(), b->length(), c->length())) {
         throwOutOfMemoryError(exec);
         return nullptr;
     }

Modified: branches/safari-537.76-branch/Source/_javascript_Core/runtime/Operations.h (168207 => 168208)


--- branches/safari-537.76-branch/Source/_javascript_Core/runtime/Operations.h	2014-05-02 23:38:30 UTC (rev 168207)
+++ branches/safari-537.76-branch/Source/_javascript_Core/runtime/Operations.h	2014-05-02 23:48:24 UTC (rev 168208)
@@ -47,7 +47,7 @@
     int32_t length2 = s2->length();
     if (!length2)
         return s1;
-    if ((length1 + length2) < 0)
+    if (sumOverflows<int32_t>(length1, length2))
         return throwOutOfMemoryError(exec);
 
     return JSRopeString::create(vm, s1, s2);
@@ -71,10 +71,8 @@
     if (!length3)
         return jsString(exec, jsString(vm, u1), jsString(vm, u2));
 
-    if ((length1 + length2) < 0)
+    if (sumOverflows<int32_t>(length1, length2, length3))
         return throwOutOfMemoryError(exec);
-    if ((length1 + length2 + length3) < 0)
-        return throwOutOfMemoryError(exec);
 
     return JSRopeString::create(exec->vm(), jsString(vm, u1), jsString(vm, u2), jsString(vm, u3));
 }

Modified: branches/safari-537.76-branch/Source/WTF/ChangeLog (168207 => 168208)


--- branches/safari-537.76-branch/Source/WTF/ChangeLog	2014-05-02 23:38:30 UTC (rev 168207)
+++ branches/safari-537.76-branch/Source/WTF/ChangeLog	2014-05-02 23:48:24 UTC (rev 168208)
@@ -1,3 +1,18 @@
+2014-05-02  Matthew Hanson  <matthew_han...@apple.com>
+
+        Merge r167548.
+
+    2014-04-19  Filip Pizlo  <fpi...@apple.com>
+    
+            Make it easier to check if an integer sum would overflow
+            https://bugs.webkit.org/show_bug.cgi?id=131900
+    
+            Reviewed by Darin Adler.
+    
+            * wtf/CheckedArithmetic.h:
+            (WTF::checkedSum):
+            (WTF::sumOverflows):
+    
 2014-03-18  Jer Noble  <jer.no...@apple.com>
 
         Unreviewed Win64 build fix; explicit operators are not valid in VS2010.

Modified: branches/safari-537.76-branch/Source/WTF/wtf/CheckedArithmetic.h (168207 => 168208)


--- branches/safari-537.76-branch/Source/WTF/wtf/CheckedArithmetic.h	2014-05-02 23:38:30 UTC (rev 168207)
+++ branches/safari-537.76-branch/Source/WTF/wtf/CheckedArithmetic.h	2014-05-02 23:48:24 UTC (rev 168208)
@@ -712,10 +712,31 @@
     return Checked<U, OverflowHandler>(lhs) * rhs;
 }
 
+template<typename T, typename U>
+Checked<T, RecordOverflow> checkedSum(U value)
+{
+    return Checked<T, RecordOverflow>(value);
 }
+template<typename T, typename U, typename... Args>
+Checked<T, RecordOverflow> checkedSum(U value, Args... args)
+{
+    return Checked<T, RecordOverflow>(value) + checkedSum<T>(args...);
+}
 
+// Sometimes, you just want to check if some math would overflow - the code to do the math is
+// already in place, and you want to guard it.
+
+template<typename T, typename... Args> bool sumOverflows(Args... args)
+{
+    return checkedSum<T>(args...).hasOverflowed();
+}
+
+}
+
 using WTF::Checked;
 using WTF::CheckedState;
 using WTF::RecordOverflow;
+using WTF::checkedSum;
+using WTF::sumOverflows;
 
 #endif

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes