Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
[BigInt] JSBigInt::createWithLength should throw when length is great…
…er than JSBigInt::maxLength https://bugs.webkit.org/show_bug.cgi?id=190836 Reviewed by Saam Barati and Yusuke Suzuki. JSTests: * stress/big-int-out-of-memory-tests.js: Added. Source/JavaScriptCore: In this patch we are creating a new method called `JSBigInt::createWithLengthUnchecked` where we allocate a BigInt trusting the length received as argument. With this additional method, we now check if length passed to `JSBigInt::tryCreateWithLength` is not greater than JSBigInt::maxLength. When the length is greater than JSBigInt::maxLength, we then throw OOM exception. This required us to change the interface of some JSBigInt operations to receive `ExecState*` instead of `VM&`. We changed only operations that can throw because of OOM. We beleive that this approach of throwing instead of finishing the execution abruptly is better because JS programs can catch such exception and handle this issue properly. * dfg/DFGOperations.cpp: * jit/JITOperations.cpp: * runtime/CommonSlowPaths.cpp: (JSC::SLOW_PATH_DECL): * runtime/JSBigInt.cpp: (JSC::JSBigInt::createZero): (JSC::JSBigInt::tryCreateWithLength): (JSC::JSBigInt::createWithLengthUnchecked): (JSC::JSBigInt::createFrom): (JSC::JSBigInt::multiply): (JSC::JSBigInt::divide): (JSC::JSBigInt::copy): (JSC::JSBigInt::unaryMinus): (JSC::JSBigInt::remainder): (JSC::JSBigInt::add): (JSC::JSBigInt::sub): (JSC::JSBigInt::bitwiseAnd): (JSC::JSBigInt::bitwiseOr): (JSC::JSBigInt::bitwiseXor): (JSC::JSBigInt::absoluteAdd): (JSC::JSBigInt::absoluteSub): (JSC::JSBigInt::absoluteDivWithDigitDivisor): (JSC::JSBigInt::absoluteDivWithBigIntDivisor): (JSC::JSBigInt::absoluteLeftShiftAlwaysCopy): (JSC::JSBigInt::absoluteBitwiseOp): (JSC::JSBigInt::absoluteAddOne): (JSC::JSBigInt::absoluteSubOne): (JSC::JSBigInt::toStringGeneric): (JSC::JSBigInt::rightTrim): (JSC::JSBigInt::allocateFor): (JSC::JSBigInt::createWithLength): Deleted. * runtime/JSBigInt.h: * runtime/Operations.cpp: (JSC::jsAddSlowCase): * runtime/Operations.h: (JSC::jsSub): (JSC::jsMul): Canonical link: https://commits.webkit.org/206597@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@238425 268f45cc-cd09-0410-ab3c-d52691b4dbfc
- Loading branch information
Showing
10 changed files
with
303 additions
and
99 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @@ -0,0 +1,63 @@ | ||
| //@ runDefault("--useBigInt=true", "--useDFGJIT=false") | ||
|
|
||
| function assert(a, message) { | ||
| if (!a) | ||
| throw new Error(message); | ||
| } | ||
|
|
||
| function lshift(y) { | ||
| let out = 1n; | ||
| for (let i = 0; i < y; i++) { | ||
| out *= 340282366920938463463374607431768211456n; | ||
| } | ||
|
|
||
| return out; | ||
| } | ||
|
|
||
| let a = lshift(8064); | ||
| for (let i = 0; i < 256; i++) { | ||
| a *= 18446744073709551615n; | ||
| } | ||
|
|
||
| try { | ||
| let b = a + 1n; | ||
| assert(false, "Should throw OutOfMemoryError, but executed without exception"); | ||
| } catch(e) { | ||
| assert(e.message == "Out of memory", "Expected OutOfMemoryError, but got: " + e); | ||
| } | ||
|
|
||
| try { | ||
| let b = a - (-1n); | ||
| assert(false, "Should throw OutOfMemoryError, but executed without exception"); | ||
| } catch(e) { | ||
| assert(e.message == "Out of memory", "Expected OutOfMemoryError, but got: " + e); | ||
| } | ||
|
|
||
| try { | ||
| let b = a * (-1n); | ||
| assert(false, "Should throw OutOfMemoryError, but executed without exception"); | ||
| } catch(e) { | ||
| assert(e.message == "Out of memory", "Expected OutOfMemoryError, but got: " + e); | ||
| } | ||
|
|
||
| try { | ||
| let b = a / a; | ||
| assert(false, "Should throw OutOfMemoryError, but executed without exception"); | ||
| } catch(e) { | ||
| assert(e.message == "Out of memory", "Expected OutOfMemoryError, but got: " + e); | ||
| } | ||
|
|
||
| try { | ||
| let b = -a & -1n; | ||
| assert(false, "Should throw OutOfMemoryError, but executed without exception"); | ||
| } catch(e) { | ||
| assert(e.message == "Out of memory", "Expected OutOfMemoryError, but got: " + e); | ||
| } | ||
|
|
||
| try { | ||
| let b = a ^ -1n; | ||
| assert(false, "Should throw OutOfMemoryError, but executed without exception"); | ||
| } catch(e) { | ||
| assert(e.message == "Out of memory", "Expected OutOfMemoryError, but got: " + e); | ||
| } | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.