JS: fix bounds checking (Issue 23123)
* For ByteArray-based bounds-checking, the JavaScript backend must use the `len` field, instead of the inbuild JavaScript `length` field. * Range-based operations must also check both the start and end of the range for bounds * All indicies are valid for ranges of size zero, since they are essentially no-ops * For cases of ByteArray accesses (e.g. read as Int), the end index is (i * sizeof(type) + sizeof(type) - 1), while the previous implementation uses (i + sizeof(type) - 1). In the Int32 example, this is (i * 4 + 3) * IndexByteArrayOp_Word8As* primitives use byte array indicies (unlike the previous point), but now check both start and end indicies * Byte array copies now check if the arrays are the same by identity and then if the ranges overlap.
Showing
- compiler/GHC/StgToJS/Prim.hs 170 additions, 110 deletionscompiler/GHC/StgToJS/Prim.hs
- rts/js/mem.js 12 additions, 0 deletionsrts/js/mem.js
- testsuite/tests/codeGen/should_fail/all.T 0 additions, 1 deletiontestsuite/tests/codeGen/should_fail/all.T
- testsuite/tests/codeGen/should_run/all.T 1 addition, 1 deletiontestsuite/tests/codeGen/should_run/all.T
Loading
Please register or sign in to comment