From 4d3fea5738b5858918def0f932cefd9dac5c755b Mon Sep 17 00:00:00 2001
From: mingyix <13926077+mingyix@user.noreply.gitee.com>
Date: Thu, 21 Mar 2024 11:13:19 +0800
Subject: [PATCH 1/2] [fixbug][harmony/atomics-on-arraybuffer-detach.js]If
 IsDetachedBuffer expected typedError.

---
 ecmascript/base/atomic_helper.cpp        |  6 +-
 ecmascript/builtins/builtins_atomics.cpp | 93 +++++++++++++++++++++++-
 2 files changed, 96 insertions(+), 3 deletions(-)

diff --git a/ecmascript/base/atomic_helper.cpp b/ecmascript/base/atomic_helper.cpp
index 9e94fd2236..2a98330785 100644
--- a/ecmascript/base/atomic_helper.cpp
+++ b/ecmascript/base/atomic_helper.cpp
@@ -113,7 +113,8 @@ JSTaggedValue AtomicHelper::AtomicStore(JSThread *thread, const JSHandle<JSTagge
         RETURN_EXCEPTION_IF_ABRUPT_COMPLETION(thread);
         bufferTag = JSHandle<JSTaggedValue>(thread, integerValue);
     }
-    if (BuiltinsArrayBuffer::IsDetachedBuffer(buffer.GetTaggedValue())) {
+    JSTaggedValue detachedBuffer = JSHandle<JSTypedArray>::Cast(typedArray)->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
         THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
                                     JSTaggedValue::Exception());
     }
@@ -129,7 +130,8 @@ JSTaggedValue AtomicHelper::AtomicLoad(JSThread *thread, const JSHandle<JSTagged
     RETURN_EXCEPTION_IF_ABRUPT_COMPLETION(thread);
     uint32_t indexedPosition = ValidateAtomicAccess(thread, typedArray, index);
     RETURN_EXCEPTION_IF_ABRUPT_COMPLETION(thread);
-    if (BuiltinsArrayBuffer::IsDetachedBuffer(buffer.GetTaggedValue())) {
+    JSTaggedValue detachedBuffer = JSHandle<JSTypedArray>::Cast(typedArray)->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
         THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
                                     JSTaggedValue::Exception());
     }
diff --git a/ecmascript/builtins/builtins_atomics.cpp b/ecmascript/builtins/builtins_atomics.cpp
index 20ccca3a73..ea732e1393 100644
--- a/ecmascript/builtins/builtins_atomics.cpp
+++ b/ecmascript/builtins/builtins_atomics.cpp
@@ -291,7 +291,8 @@ JSTaggedValue BuiltinsAtomics::AtomicReadModifyWrite(JSThread *thread, const JSH
     // 3. Let arrayTypeName be typedArray.[[TypedArrayName]].
     JSHandle<JSTaggedValue> arrayTypeName(thread,
                                           JSTypedArray::Cast(typedArray->GetTaggedObject())->GetTypedArrayName());
-    if (BuiltinsArrayBuffer::IsDetachedBuffer(buffer.GetTaggedValue())) {
+    JSTaggedValue detachedBuffer = JSHandle<JSTypedArray>::Cast(typedArray)->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
         THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
                                     JSTaggedValue::Exception());
     }
@@ -345,12 +346,23 @@ JSTaggedValue BuiltinsAtomics::HandleWithUint8(JSThread *thread, uint32_t size,
     BUILTINS_API_TRACE(thread, Atomics, HandleWithUint8);
     JSHandle<JSTaggedValue> value = BuiltinsBase::GetCallArg(argv, BuiltinsBase::ArgsPosition::THIRD);
     uint8_t tag = JSTaggedValue::ToUint8(thread, value);
+    JSTaggedValue detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
     if (size == 3) { // the number of parameters is 3
         auto result = op((block + indexedPosition), &tag);
         return BuiltinsBase::GetTaggedInt(result);
     }
+
     JSHandle<JSTaggedValue> newValue = BuiltinsBase::GetCallArg(argv, BuiltinsBase::ArgsPosition::FOURTH);
     uint8_t newTag = JSTaggedValue::ToUint8(thread, newValue);
+    detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
     uint8_t arg[ARGS_NUMBER] = {0};
     arg[0] = tag;
     arg[1] = newTag;
@@ -366,12 +378,23 @@ JSTaggedValue BuiltinsAtomics::HandleWithInt8(JSThread *thread, uint32_t size, u
     BUILTINS_API_TRACE(thread, Atomics, HandleWithInt8);
     JSHandle<JSTaggedValue> value = BuiltinsBase::GetCallArg(argv, BuiltinsBase::ArgsPosition::THIRD);
     int8_t tag = JSTaggedValue::ToInt8(thread, value);
+    JSTaggedValue detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
     if (size == 3) { // the number of parameters is 3
         auto result = op(reinterpret_cast<int8_t *>(block + indexedPosition), &tag);
         return BuiltinsBase::GetTaggedInt(result);
     }
+
     JSHandle<JSTaggedValue> newValue = BuiltinsBase::GetCallArg(argv, BuiltinsBase::ArgsPosition::FOURTH);
     int8_t newTag = JSTaggedValue::ToInt8(thread, newValue);
+    detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
     int8_t arg[ARGS_NUMBER] = {0};
     arg[0] = tag;
     arg[1] = newTag;
@@ -387,12 +410,23 @@ JSTaggedValue BuiltinsAtomics::HandleWithUint16(JSThread *thread, uint32_t size,
     BUILTINS_API_TRACE(thread, Atomics, HandleWithUint16);
     JSHandle<JSTaggedValue> value = BuiltinsBase::GetCallArg(argv, BuiltinsBase::ArgsPosition::THIRD);
     uint16_t tag = JSTaggedValue::ToUint16(thread, value);
+    JSTaggedValue detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
     if (size == 3) { // the number of parameters is 3
         auto result = op(reinterpret_cast<uint16_t *>(block + indexedPosition), &tag);
         return BuiltinsBase::GetTaggedInt(result);
     }
+
     JSHandle<JSTaggedValue> newValue = BuiltinsBase::GetCallArg(argv, BuiltinsBase::ArgsPosition::FOURTH);
     uint16_t newTag = JSTaggedValue::ToUint16(thread, newValue);
+    detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
     uint16_t arg[ARGS_NUMBER] = {0};
     arg[0] = tag;
     arg[1] = newTag;
@@ -408,12 +442,23 @@ JSTaggedValue BuiltinsAtomics::HandleWithInt16(JSThread *thread, uint32_t size,
     BUILTINS_API_TRACE(thread, Atomics, HandleWithInt16);
     JSHandle<JSTaggedValue> value = BuiltinsBase::GetCallArg(argv, BuiltinsBase::ArgsPosition::THIRD);
     int16_t tag = JSTaggedValue::ToInt16(thread, value);
+    JSTaggedValue detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
     if (size == 3) { // the number of parameters is 3
         auto result = op(reinterpret_cast<int16_t *>(block + indexedPosition), &tag);
         return BuiltinsBase::GetTaggedInt(result);
     }
+
     JSHandle<JSTaggedValue> newValue = BuiltinsBase::GetCallArg(argv, BuiltinsBase::ArgsPosition::FOURTH);
     int16_t newTag = JSTaggedValue::ToInt16(thread, newValue);
+    detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
     int16_t arg[ARGS_NUMBER] = {0};
     arg[0] = tag;
     arg[1] = newTag;
@@ -429,12 +474,23 @@ JSTaggedValue BuiltinsAtomics::HandleWithUint32(JSThread *thread, uint32_t size,
     BUILTINS_API_TRACE(thread, Atomics, HandleWithUint32);
     JSHandle<JSTaggedValue> value = BuiltinsBase::GetCallArg(argv, BuiltinsBase::ArgsPosition::THIRD);
     uint32_t tag = JSTaggedValue::ToUint32(thread, value);
+    JSTaggedValue detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
     if (size == 3) { // the number of parameters is 3
         auto result = op(reinterpret_cast<uint32_t *>(block + indexedPosition), &tag);
         return JSTaggedValue(result);
     }
+
     JSHandle<JSTaggedValue> newValue = BuiltinsBase::GetCallArg(argv, BuiltinsBase::ArgsPosition::FOURTH);
     uint32_t newTag = JSTaggedValue::ToUint32(thread, newValue);
+    detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
     uint32_t arg[ARGS_NUMBER] = {0};
     arg[0] = tag;
     arg[1] = newTag;
@@ -450,12 +506,23 @@ JSTaggedValue BuiltinsAtomics::HandleWithInt32(JSThread *thread, uint32_t size,
     BUILTINS_API_TRACE(thread, Atomics, HandleWithInt32);
     JSHandle<JSTaggedValue> value = BuiltinsBase::GetCallArg(argv, BuiltinsBase::ArgsPosition::THIRD);
     int32_t tag = JSTaggedValue::ToInt32(thread, value);
+    JSTaggedValue detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
     if (size == 3) { // the number of parameters is 3
         auto result = op(reinterpret_cast<int32_t *>(block + indexedPosition), &tag);
         return BuiltinsBase::GetTaggedInt(result);
     }
+
     JSHandle<JSTaggedValue> newValue = BuiltinsBase::GetCallArg(argv, BuiltinsBase::ArgsPosition::FOURTH);
     int32_t newTag = JSTaggedValue::ToInt32(thread, newValue);
+    detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
     int32_t arg[ARGS_NUMBER] = {0};
     arg[0] = tag;
     arg[1] = newTag;
@@ -473,14 +540,25 @@ JSTaggedValue BuiltinsAtomics::HandleWithBigInt64(JSThread *thread, uint32_t siz
     int64_t val = 0;
     bool lossless = true;
     BigInt::BigIntToInt64(thread, value, &val, &lossless);
+    JSTaggedValue detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
     RETURN_EXCEPTION_IF_ABRUPT_COMPLETION(thread);
     if (size == 3) { // the number of parameters is 3
         auto result = op(reinterpret_cast<int64_t *>(block + indexedPosition), &val);
         return BigInt::Int64ToBigInt(thread, result).GetTaggedValue();
     }
+
     JSHandle<JSTaggedValue> newValue = BuiltinsBase::GetCallArg(argv, BuiltinsBase::ArgsPosition::FOURTH);
     int64_t newVal = 0;
     BigInt::BigIntToInt64(thread, newValue, &newVal, &lossless);
+    detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
     RETURN_EXCEPTION_IF_ABRUPT_COMPLETION(thread);
     int64_t arg[ARGS_NUMBER] = {0};
     arg[0] = val;
@@ -499,13 +577,26 @@ JSTaggedValue BuiltinsAtomics::HandleWithBigUint64(JSThread *thread, uint32_t si
     uint64_t val = 0;
     bool lossless = true;
     BigInt::BigIntToUint64(thread, value, &val, &lossless);
+    JSTaggedValue detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
+    RETURN_EXCEPTION_IF_ABRUPT_COMPLETION(thread);
     if (size == 3) { // the number of parameters is 3
         auto result = op(reinterpret_cast<uint64_t *>(block + indexedPosition), &val);
         return BigInt::Uint64ToBigInt(thread, result).GetTaggedValue();
     }
+
     JSHandle<JSTaggedValue> newValue = BuiltinsBase::GetCallArg(argv, BuiltinsBase::ArgsPosition::FOURTH);
     uint64_t newVal = 0;
     BigInt::BigIntToUint64(thread, newValue, &newVal, &lossless);
+    detachedBuffer = JSHandle<JSTypedArray>::Cast(GetCallArg(argv, 0))->GetViewedArrayBufferOrByteArray();
+    if (BuiltinsArrayBuffer::IsDetachedBuffer(detachedBuffer)) {
+        THROW_TYPE_ERROR_AND_RETURN(thread, "The ArrayBuffer of this value is detached buffer.",
+                                    JSTaggedValue::Exception());
+    }
+    RETURN_EXCEPTION_IF_ABRUPT_COMPLETION(thread);
     uint64_t arg[ARGS_NUMBER] = {0};
     arg[0] = val;
     arg[1] = newVal;
-- 
Gitee


From 2852de69e56ad2bac7ca7391fc9ab329f77d570c Mon Sep 17 00:00:00 2001
From: mingyix <13926077+mingyix@user.noreply.gitee.com>
Date: Thu, 21 Mar 2024 15:27:00 +0800
Subject: [PATCH 2/2] [fixbug][harmony/atomics-on-arraybuffer-detach.js]If
 JSHandle<JSTaggedValue> is not bigint, can not Equal

---
 ecmascript/js_bigint.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ecmascript/js_bigint.cpp b/ecmascript/js_bigint.cpp
index 1f9342fcc2..aedc550369 100644
--- a/ecmascript/js_bigint.cpp
+++ b/ecmascript/js_bigint.cpp
@@ -608,7 +608,13 @@ void BigInt::BigIntToInt64(JSThread *thread, JSHandle<JSTaggedValue> bigint, int
     if (bigint->IsBoolean()) {
         bigint = JSHandle<JSTaggedValue>(thread, JSTaggedValue::ToBigInt(thread, bigint));
         RETURN_IF_ABRUPT_COMPLETION(thread);
+    } else if (!bigint->IsBigInt()) {
+        JSHandle<BigInt> bigInt64(thread, JSTaggedValue::ToBigInt64(thread, bigint));
+        RETURN_IF_ABRUPT_COMPLETION(thread);
+        *cValue = bigInt64->ToInt64();
+        return;
     }
+
     JSHandle<BigInt> bigInt64(thread, JSTaggedValue::ToBigInt64(thread, bigint));
     RETURN_IF_ABRUPT_COMPLETION(thread);
     if (Equal(bigInt64.GetTaggedValue(), bigint.GetTaggedValue())) {
@@ -626,7 +632,13 @@ void BigInt::BigIntToUint64(JSThread *thread, JSHandle<JSTaggedValue> bigint, ui
     if (bigint->IsBoolean()) {
         bigint = JSHandle<JSTaggedValue>(thread, JSTaggedValue::ToBigInt(thread, bigint));
         RETURN_IF_ABRUPT_COMPLETION(thread);
+    } else if (!bigint->IsBigInt()) {
+        JSHandle<BigInt> bigInt64(thread, JSTaggedValue::ToBigUint64(thread, bigint));
+        RETURN_IF_ABRUPT_COMPLETION(thread);
+        *cValue = bigInt64->ToInt64();
+        return;
     }
+
     JSHandle<BigInt> bigUint64(thread, JSTaggedValue::ToBigUint64(thread, bigint));
     RETURN_IF_ABRUPT_COMPLETION(thread);
     if (Equal(bigUint64.GetTaggedValue(), bigint.GetTaggedValue())) {
-- 
Gitee