v8
diff --git a/‎include/v8-typed-array.h‎
Lines changed: 97 additions & 7 deletions b/‎include/v8-typed-array.h‎
Lines changed: 97 additions & 7 deletions
diff --git a/‎src/api/api.cc‎
Lines changed: 3 additions & 5 deletions b/‎src/api/api.cc‎
Lines changed: 3 additions & 5 deletions
diff --git a/‎src/builtins/base.tq‎
Lines changed: 0 additions & 2 deletions b/‎src/builtins/base.tq‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎src/builtins/builtins-arraybuffer.cc‎
Lines changed: 3 additions & 8 deletions b/‎src/builtins/builtins-arraybuffer.cc‎
Lines changed: 3 additions & 8 deletions
diff --git a/‎src/builtins/typed-array-createtypedarray.tq‎
Lines changed: 1 addition & 2 deletions b/‎src/builtins/typed-array-createtypedarray.tq‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎src/builtins/typed-array.tq‎
Lines changed: 2 additions & 5 deletions b/‎src/builtins/typed-array.tq‎
Lines changed: 2 additions & 5 deletions
diff --git a/‎src/codegen/code-stub-assembler.cc‎
Lines changed: 1 addition & 1 deletion b/‎src/codegen/code-stub-assembler.cc‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/common/globals.h‎
Lines changed: 1 addition & 0 deletions b/‎src/common/globals.h‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/compiler/type-cache.h‎
Lines changed: 2 additions & 2 deletions b/‎src/compiler/type-cache.h‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/diagnostics/objects-debug.cc‎
Lines changed: 1 addition & 1 deletion b/‎src/diagnostics/objects-debug.cc‎
Lines changed: 1 addition & 1 deletion
@@ -5,27 +5,40 @@
 #ifndef INCLUDE_V8_TYPED_ARRAY_H_
 #define INCLUDE_V8_TYPED_ARRAY_H_
 
+#include <limits>
+
 #include "v8-array-buffer.h"  // NOLINT(build/include_directory)
 #include "v8-local-handle.h"  // NOLINT(build/include_directory)
 #include "v8config.h"         // NOLINT(build/include_directory)
 
 namespace v8 {
 
-class SharedArrayBuffer;
-
 /**
  * A base class for an instance of TypedArray series of constructors
  * (ES6 draft 15.13.6).
  */
 class V8_EXPORT TypedArray : public ArrayBufferView {
  public:
   /*
-   * The largest typed array size that can be constructed using New.
+   * The largest supported typed array byte size. Each subclass defines a
+   * type-specific kMaxLength for the maximum length that can be passed to New.
    */
-  static constexpr size_t kMaxLength =
-      internal::kApiSystemPointerSize == 4
-          ? internal::kSmiMaxValue
-          : static_cast<size_t>(uint64_t{1} << 32);
+#if V8_ENABLE_SANDBOX
+  static constexpr size_t kMaxByteLength =
+      internal::kMaxSafeBufferSizeForSandbox;
+#elif V8_HOST_ARCH_32_BIT
+  static constexpr size_t kMaxByteLength = std::numeric_limits<int>::max();
+#else
+  // The maximum safe integer (2^53 - 1).
+  static constexpr size_t kMaxByteLength =
+      static_cast<size_t>((uint64_t{1} << 53) - 1);
+#endif
+
+  /*
+   * Deprecated: Use |kMaxByteLength| or the type-specific |kMaxLength| fields.
+   */
+  V8_DEPRECATE_SOON("Use kMaxByteLength")
+  static constexpr size_t kMaxLength = kMaxByteLength;
 
   /**
    * Number of elements in this typed array
@@ -50,6 +63,13 @@ class V8_EXPORT TypedArray : public ArrayBufferView {
  */
 class V8_EXPORT Uint8Array : public TypedArray {
  public:
+  /*
+   * The largest Uint8Array size that can be constructed using New.
+   */
+  static constexpr size_t kMaxLength =
+      TypedArray::kMaxByteLength / sizeof(uint8_t);
+  static_assert(sizeof(uint8_t) == 1);
+
   static Local<Uint8Array> New(Local<ArrayBuffer> array_buffer,
                                size_t byte_offset, size_t length);
   static Local<Uint8Array> New(Local<SharedArrayBuffer> shared_array_buffer,
@@ -71,6 +91,13 @@ class V8_EXPORT Uint8Array : public TypedArray {
  */
 class V8_EXPORT Uint8ClampedArray : public TypedArray {
  public:
+  /*
+   * The largest Uint8ClampedArray size that can be constructed using New.
+   */
+  static constexpr size_t kMaxLength =
+      TypedArray::kMaxByteLength / sizeof(uint8_t);
+  static_assert(sizeof(uint8_t) == 1);
+
   static Local<Uint8ClampedArray> New(Local<ArrayBuffer> array_buffer,
                                       size_t byte_offset, size_t length);
   static Local<Uint8ClampedArray> New(
@@ -93,6 +120,13 @@ class V8_EXPORT Uint8ClampedArray : public TypedArray {
  */
 class V8_EXPORT Int8Array : public TypedArray {
  public:
+  /*
+   * The largest Int8Array size that can be constructed using New.
+   */
+  static constexpr size_t kMaxLength =
+      TypedArray::kMaxByteLength / sizeof(int8_t);
+  static_assert(sizeof(int8_t) == 1);
+
   static Local<Int8Array> New(Local<ArrayBuffer> array_buffer,
                               size_t byte_offset, size_t length);
   static Local<Int8Array> New(Local<SharedArrayBuffer> shared_array_buffer,
@@ -114,6 +148,13 @@ class V8_EXPORT Int8Array : public TypedArray {
  */
 class V8_EXPORT Uint16Array : public TypedArray {
  public:
+  /*
+   * The largest Uint16Array size that can be constructed using New.
+   */
+  static constexpr size_t kMaxLength =
+      TypedArray::kMaxByteLength / sizeof(uint16_t);
+  static_assert(sizeof(uint16_t) == 2);
+
   static Local<Uint16Array> New(Local<ArrayBuffer> array_buffer,
                                 size_t byte_offset, size_t length);
   static Local<Uint16Array> New(Local<SharedArrayBuffer> shared_array_buffer,
@@ -135,6 +176,13 @@ class V8_EXPORT Uint16Array : public TypedArray {
  */
 class V8_EXPORT Int16Array : public TypedArray {
  public:
+  /*
+   * The largest Int16Array size that can be constructed using New.
+   */
+  static constexpr size_t kMaxLength =
+      TypedArray::kMaxByteLength / sizeof(int16_t);
+  static_assert(sizeof(int16_t) == 2);
+
   static Local<Int16Array> New(Local<ArrayBuffer> array_buffer,
                                size_t byte_offset, size_t length);
   static Local<Int16Array> New(Local<SharedArrayBuffer> shared_array_buffer,
@@ -156,6 +204,13 @@ class V8_EXPORT Int16Array : public TypedArray {
  */
 class V8_EXPORT Uint32Array : public TypedArray {
  public:
+  /*
+   * The largest Uint32Array size that can be constructed using New.
+   */
+  static constexpr size_t kMaxLength =
+      TypedArray::kMaxByteLength / sizeof(uint32_t);
+  static_assert(sizeof(uint32_t) == 4);
+
   static Local<Uint32Array> New(Local<ArrayBuffer> array_buffer,
                                 size_t byte_offset, size_t length);
   static Local<Uint32Array> New(Local<SharedArrayBuffer> shared_array_buffer,
@@ -177,6 +232,13 @@ class V8_EXPORT Uint32Array : public TypedArray {
  */
 class V8_EXPORT Int32Array : public TypedArray {
  public:
+  /*
+   * The largest Int32Array size that can be constructed using New.
+   */
+  static constexpr size_t kMaxLength =
+      TypedArray::kMaxByteLength / sizeof(int32_t);
+  static_assert(sizeof(int32_t) == 4);
+
   static Local<Int32Array> New(Local<ArrayBuffer> array_buffer,
                                size_t byte_offset, size_t length);
   static Local<Int32Array> New(Local<SharedArrayBuffer> shared_array_buffer,
@@ -198,6 +260,13 @@ class V8_EXPORT Int32Array : public TypedArray {
  */
 class V8_EXPORT Float32Array : public TypedArray {
  public:
+  /*
+   * The largest Float32Array size that can be constructed using New.
+   */
+  static constexpr size_t kMaxLength =
+      TypedArray::kMaxByteLength / sizeof(float);
+  static_assert(sizeof(float) == 4);
+
   static Local<Float32Array> New(Local<ArrayBuffer> array_buffer,
                                  size_t byte_offset, size_t length);
   static Local<Float32Array> New(Local<SharedArrayBuffer> shared_array_buffer,
@@ -219,6 +288,13 @@ class V8_EXPORT Float32Array : public TypedArray {
  */
 class V8_EXPORT Float64Array : public TypedArray {
  public:
+  /*
+   * The largest Float64Array size that can be constructed using New.
+   */
+  static constexpr size_t kMaxLength =
+      TypedArray::kMaxByteLength / sizeof(double);
+  static_assert(sizeof(double) == 8);
+
   static Local<Float64Array> New(Local<ArrayBuffer> array_buffer,
                                  size_t byte_offset, size_t length);
   static Local<Float64Array> New(Local<SharedArrayBuffer> shared_array_buffer,
@@ -240,6 +316,13 @@ class V8_EXPORT Float64Array : public TypedArray {
  */
 class V8_EXPORT BigInt64Array : public TypedArray {
  public:
+  /*
+   * The largest BigInt64Array size that can be constructed using New.
+   */
+  static constexpr size_t kMaxLength =
+      TypedArray::kMaxByteLength / sizeof(int64_t);
+  static_assert(sizeof(int64_t) == 8);
+
   static Local<BigInt64Array> New(Local<ArrayBuffer> array_buffer,
                                   size_t byte_offset, size_t length);
   static Local<BigInt64Array> New(Local<SharedArrayBuffer> shared_array_buffer,
@@ -261,6 +344,13 @@ class V8_EXPORT BigInt64Array : public TypedArray {
  */
 class V8_EXPORT BigUint64Array : public TypedArray {
  public:
+  /*
+   * The largest BigUint64Array size that can be constructed using New.
+   */
+  static constexpr size_t kMaxLength =
+      TypedArray::kMaxByteLength / sizeof(uint64_t);
+  static_assert(sizeof(uint64_t) == 8);
+
   static Local<BigUint64Array> New(Local<ArrayBuffer> array_buffer,
                                    size_t byte_offset, size_t length);
   static Local<BigUint64Array> New(Local<SharedArrayBuffer> shared_array_buffer,
 
@@ -4238,8 +4238,6 @@ void v8::ArrayBufferView::CheckCast(Value* that) {
                   "Value is not an ArrayBufferView");
 }
 
-constexpr size_t v8::TypedArray::kMaxLength;
-
 void v8::TypedArray::CheckCast(Value* that) {
   i::Handle<i::Object> obj = Utils::OpenHandle(that);
   Utils::ApiCheck(i::IsJSTypedArray(*obj), "v8::TypedArray::Cast()",
@@ -8990,9 +8988,9 @@ size_t v8::TypedArray::Length() {
   return obj->WasDetached() ? 0 : obj->GetLength();
 }
 
-static_assert(
-    v8::TypedArray::kMaxLength == i::JSTypedArray::kMaxLength,
-    "v8::TypedArray::kMaxLength must match i::JSTypedArray::kMaxLength");
+static_assert(v8::TypedArray::kMaxByteLength == i::JSTypedArray::kMaxByteLength,
+              "v8::TypedArray::kMaxByteLength must match "
+              "i::JSTypedArray::kMaxByteLength");
 
 #define TYPED_ARRAY_NEW(Type, type, TYPE, ctype)                            \
   Local<Type##Array> Type##Array::New(Local<ArrayBuffer> array_buffer,      \
 
@@ -487,8 +487,6 @@ extern enum PropertyAttributes extends int31 {
 
 const kArrayBufferMaxByteLength:
     constexpr uintptr generates 'JSArrayBuffer::kMaxByteLength';
-const kTypedArrayMaxLength:
-    constexpr uintptr generates 'JSTypedArray::kMaxLength';
 const kMaxTypedArrayInHeap:
     constexpr int31 generates 'JSTypedArray::kMaxSizeInHeap';
 // CSA does not support 64-bit types on 32-bit platforms so as a workaround the
 
@@ -73,15 +73,10 @@ Tagged<Object> ConstructBuffer(Isolate* isolate, Handle<JSFunction> target,
         BackingStore::Allocate(isolate, byte_length, shared, initialized);
     max_byte_length = byte_length;
   } else {
-    // We need to check the max length against both
-    // JSArrayBuffer::kMaxByteLength and JSTypedArray::kMaxLength, since it's
-    // possible to create length-tracking TypedArrays and resize the underlying
-    // buffer. If the max byte length was larger than JSTypedArray::kMaxLength,
-    // that'd result in having a TypedArray with length larger than
-    // JSTypedArray::kMaxLength.
+    static_assert(JSArrayBuffer::kMaxByteLength ==
+                  JSTypedArray::kMaxByteLength);
     if (!TryNumberToSize(*max_length, &max_byte_length) ||
-        max_byte_length > JSArrayBuffer::kMaxByteLength ||
-        max_byte_length > JSTypedArray::kMaxLength) {
+        max_byte_length > JSArrayBuffer::kMaxByteLength) {
       THROW_NEW_ERROR_RETURN_FAILURE(
           isolate,
           NewRangeError(MessageTemplate::kInvalidArrayBufferMaxLength));
 
@@ -297,8 +297,7 @@ transitioning macro ConstructByArrayBuffer(
         if (bufferByteLength < offset) goto IfInvalidOffset;
 
         newByteLength = bufferByteLength - offset;
-        newLength = elementsInfo.CalculateLength(newByteLength)
-            otherwise IfInvalidLength;
+        newLength = elementsInfo.CalculateLength(newByteLength);
       } else {
         // b. Else,
         //   i. Let newByteLength be newLength × elementSize.
 
@@ -25,7 +25,6 @@ type RabGsabUint8Elements extends ElementsKind;
 struct TypedArrayElementsInfo {
   // Calculates the number of bytes required for specified number of elements.
   macro CalculateByteLength(length: uintptr): uintptr labels IfInvalid {
-    if (length > kTypedArrayMaxLength) goto IfInvalid;
     const maxArrayLength = kArrayBufferMaxByteLength >>> this.sizeLog2;
     if (length > maxArrayLength) goto IfInvalid;
     const byteLength = length << this.sizeLog2;
@@ -34,10 +33,8 @@ struct TypedArrayElementsInfo {
 
   // Calculates the maximum number of elements supported by a specified number
   // of bytes.
-  macro CalculateLength(byteLength: uintptr): uintptr labels IfInvalid {
-    const length = byteLength >>> this.sizeLog2;
-    if (length > kTypedArrayMaxLength) goto IfInvalid;
-    return length;
+  macro CalculateLength(byteLength: uintptr): uintptr {
+    return byteLength >>> this.sizeLog2;
   }
 
   // Determines if `bytes` (byte offset or length) cannot be evenly divided by
 
@@ -1720,7 +1720,7 @@ void CodeStubAssembler::StoreBoundedSizeToObject(TNode<HeapObject> object,
                                                  TNode<IntPtrT> offset,
                                                  TNode<UintPtrT> value) {
 #ifdef V8_ENABLE_SANDBOX
-  CSA_DCHECK(this, UintPtrLessThan(
+  CSA_DCHECK(this, UintPtrLessThanOrEqual(
                        value, IntPtrConstant(kMaxSafeBufferSizeForSandbox)));
   TNode<Uint64T> raw_value = ReinterpretCast<Uint64T>(value);
   TNode<Uint64T> shift_amount = Uint64Constant(kBoundedSizeShift);
 
@@ -1695,6 +1695,7 @@ constexpr uint64_t kHoleNanInt64 =
 
 // ES6 section 20.1.2.6 Number.MAX_SAFE_INTEGER
 constexpr uint64_t kMaxSafeIntegerUint64 = 9007199254740991;  // 2^53-1
+static_assert(kMaxSafeIntegerUint64 == (uint64_t{1} << 53) - 1);
 constexpr double kMaxSafeInteger = static_cast<double>(kMaxSafeIntegerUint64);
 // ES6 section 21.1.2.8 Number.MIN_SAFE_INTEGER
 constexpr double kMinSafeInteger = -kMaxSafeInteger;
 
@@ -124,9 +124,9 @@ class V8_EXPORT_PRIVATE TypeCache final {
   Type const kJSArrayBufferViewByteOffsetType = kJSArrayBufferByteLengthType;
 
   // The JSTypedArray::length property always contains an untagged number in
-  // the range [0, JSTypedArray::kMaxLength].
+  // the range [0, JSTypedArray::kMaxByteLength].
   Type const kJSTypedArrayLengthType =
-      CreateRange(0.0, JSTypedArray::kMaxLength);
+      CreateRange(0.0, JSTypedArray::kMaxByteLength);
 
   // The String::length property always contains a smi in the range
   // [0, String::kMaxLength].
 
@@ -1817,7 +1817,7 @@ void JSArrayBufferView::JSArrayBufferViewVerify(Isolate* isolate) {
 
 void JSTypedArray::JSTypedArrayVerify(Isolate* isolate) {
   TorqueGeneratedClassVerifiers::JSTypedArrayVerify(*this, isolate);
-  CHECK_LE(GetLength(), JSTypedArray::kMaxLength);
+  CHECK_LE(GetLength(), JSTypedArray::kMaxByteLength / element_size());
 }
 
 void JSDataView::JSDataViewVerify(Isolate* isolate) {
Original file line number	Diff line number	Diff line change
`@@ -1817,7 +1817,7 @@ void JSArrayBufferView::JSArrayBufferViewVerify(Isolate* isolate) {`
`1817`	`1817`
`1818`	`1818`	`void JSTypedArray::JSTypedArrayVerify(Isolate* isolate) {`
`1819`	`1819`	`TorqueGeneratedClassVerifiers::JSTypedArrayVerify(*this, isolate);`
`1820`		`- CHECK_LE(GetLength(), JSTypedArray::kMaxLength);`
	`1820`	`+ CHECK_LE(GetLength(), JSTypedArray::kMaxByteLength / element_size());`
`1821`	`1821`	`}`
`1822`	`1822`
`1823`	`1823`	`void JSDataView::JSDataViewVerify(Isolate* isolate) {`