From f4d82d2600d4ddefa71433baccae90ddb501757d Mon Sep 17 00:00:00 2001
From: Ningxin Hu <ningxin.hu@intel.com>
Date: Sun, 23 Mar 2014 10:25:52 +0800
Subject: [PATCH] [SIMD] Fix d8 crashes when constructing simd128 typed array
 without simd flag

The simd128 typed array constructors should be guarded by simd-object
runtime flag.

BUG=https://crosswalk-project.org/jira/browse/XWALK-1250
(cherry picked from commit 3f182b6c275433eada3970f28bd8b42d9b15c5b0)
---
 src/bootstrapper.cc |  2 +-
 src/objects.h       | 13 ++++++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/bootstrapper.cc b/src/bootstrapper.cc
index 6744cb099db..b31ad513c89 100644
--- a/src/bootstrapper.cc
+++ b/src/bootstrapper.cc
@@ -1101,7 +1101,7 @@ void Genesis::InitializeGlobal(Handle<GlobalObject> inner_global,
           EXTERNAL_##TYPE##_ELEMENTS);                                        \
       native_context()->set_##type##_array_fun(*fun);                         \
     }
-    TYPED_ARRAYS(INSTALL_TYPED_ARRAY)
+    BUILTIN_TYPED_ARRAY(INSTALL_TYPED_ARRAY)
 #undef INSTALL_TYPED_ARRAY
 
     Handle<JSFunction> data_view_fun =
diff --git a/src/objects.h b/src/objects.h
index a41e10a06b9..4f65328c5eb 100644
--- a/src/objects.h
+++ b/src/objects.h
@@ -4670,7 +4670,7 @@ class FreeSpace: public HeapObject {
 
 
 // V has parameters (Type, type, TYPE, C type, element_size)
-#define TYPED_ARRAYS(V) \
+#define BUILTIN_TYPED_ARRAY(V) \
   V(Uint8, uint8, UINT8, uint8_t, 1)                                           \
   V(Int8, int8, INT8, int8_t, 1)                                               \
   V(Uint16, uint16, UINT16, uint16_t, 2)                                       \
@@ -4679,11 +4679,18 @@ class FreeSpace: public HeapObject {
   V(Int32, int32, INT32, int32_t, 4)                                           \
   V(Float32, float32, FLOAT32, float, 4)                                       \
   V(Float64, float64, FLOAT64, double, 8)                                      \
-  V(Float32x4, float32x4, FLOAT32x4, v8::internal::float32x4_value_t, 16)      \
-  V(Int32x4, int32x4, INT32x4, v8::internal::int32x4_value_t, 16)              \
   V(Uint8Clamped, uint8_clamped, UINT8_CLAMPED, uint8_t, 1)
 
 
+#define SIMD128_TYPED_ARRAY(V) \
+  V(Float32x4, float32x4, FLOAT32x4, v8::internal::float32x4_value_t, 16)      \
+  V(Int32x4, int32x4, INT32x4, v8::internal::int32x4_value_t, 16)
+
+
+#define TYPED_ARRAYS(V) \
+  BUILTIN_TYPED_ARRAY(V) \
+  SIMD128_TYPED_ARRAY(V)
+
 
 // An ExternalArray represents a fixed-size array of primitive values
 // which live outside the JavaScript heap. Its subclasses are used to