Bug 210865 - [JSC] Add JSBigInt::validate to ensure produced JSBigInt meets its invariant
Summary: [JSC] Add JSBigInt::validate to ensure produced JSBigInt meets its invariant
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Yusuke Suzuki
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-22 10:53 PDT by Yusuke Suzuki
Modified: 2020-04-22 20:49 PDT (History)
6 users (show)

See Also:

Attachments
Patch (32.00 KB, patch)
2020-04-22 17:12 PDT, Yusuke Suzuki 		keith_miller: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yusuke Suzuki 2020-04-22 10:53:32 PDT 
...
Comment 1 Yusuke Suzuki 2020-04-22 17:12:14 PDT 
Created attachment 397292 [details]
Patch
Comment 2 Keith Miller 2020-04-22 20:49:17 PDT 
Comment on attachment 397292 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=397292&action=review

r=me.

> Source/JavaScriptCore/ChangeLog:9
> +        Wrap public facing JSBigInt functions with `validate([&] { })` to validate the generated JSBigInt meets the invariant
> +        to catch bugs like r260522.

Can't say I'm a huge fan of this style... Is there any way we can do it with a ScopeExit type thing? I can't think of anything right now but I could be missing something.

> Source/JavaScriptCore/runtime/JSBigInt.h:302
> +    if (bigInt) {
> +        if (bigInt->length() == 0)
> +            ASSERT(!bigInt->sign());
> +        else
> +            ASSERT(bigInt->digit(bigInt->length() - 1));
> +    }
> +    return bigInt;

Is it possible to vend HeapBigInts for 32-bit values? If not, should we assert that here?