mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-05-26 05:11:03 +00:00
roytam1
dcf4178212
- Bug 1218706 - Make 'unicode-bidi: isolate' the default for elements with a dir attribute. r=dbaron,jfkthame (037a5aaf57) - Bug 743198 part 7 - Add :fullscreen pseudo class. r=heycam (05eb82ccc9) - missing bits of Bug 1242904 - Update Brotli t (f4f569d859) - Bug 1235298 - Annotate intentional switch fallthroughs to suppress -Wimplicit-fallthrough warnings in netwerk/. r=mcmanus (c4ae414769) - Bug 1244841 - Don't measure SharedArrayBuffer objects multiple times. r=lth. (e9b665dc82) - Bug 234031 - broken parsing of xlen in gzip rfc 1952 r=mcmanus (c905b50417) - Bug 1239605 - filter insertions into the global object. r=jandem (35520bc5c8) - Bug 1248681 - Warn if the result of putWrapper goes unused; r=sfink (8051888ef8) - Bug 1246293 - Fix a typo in DefineSelfHostedProperty; r=till (5e05a76b2a) - Bug 1243808 - Allow modules to be compiled off main thread r=shu (51e5adca0a) - Bug 1241767 - avoid default-only switch to placate MSVC. r=bbouvier (392aa8eda0) - Bug 1239710 - Use CountingSort for Uint8Array and Int8Array; r=mrrrgn (6f394ab442) - Bug 1246860 - Preserve holes when sorting arrays with a custom comparator. r=till (725b091e55) - Bug 1247283 - Improve self-hosted Array.sort performance; r=till (ab1f3ddb74) - Bug 1248717 - Don't initialize variables in a for head with var, then use them later. r=jorendorff (87a77f9623) - Bug 1242196 - Use RadixSort for typed arrays. r=mrrrgn (a280ea097d) - Bug 1246927 - Fix OOM handling in usages of GlobalObject::maybeGetIntrinsicValue. r=arai (f7f3761c45) - Bug 1248405 - Recover from JSObject::getGroup OOM in CanOptimizeForDenseStorage. r=jandem (68ea32c044) - Bug 1225905 - create a mozharness script that manages each beet mover task logic, NPOTB DONTBUILD r=rail (076f25536f) - Bug 1246074 - add partials template config for mozharness beetmover, DONTBUILD r=rail (2e42c78d92) - Bug 1246074 - add partials mozharness beetmover, custom tc artifact location, DONTBUILD NPOTB r=rail (c74fe0755a) - Bug 1210538 - Add antivirus checks to release promotion graph a=rail (56de774389) - Bug 1238610 - Restore compartment debug mode flags if adding a debuggee global fails r=jimb (f8a9a1fa85) - Bug 1243851 - Treat enter as shift+enter if input is valid but incomplete; r=fitzgen, bgrins (f27c959bc0) - Bug 1238610 - Fix implicit constructor errors r=me (6f26f92763) - Bug 1242111 - Handle OOM in UpdateExecutionObservabilityOfScriptsInZone. (r=jimb) (91b125725f) - Bug 1240503 - Skip the initial block scope when unwinding scopes due to an exception that's thrown in the prologue before the scope chain is properly initialized for a script that starts with a block scope. (r=jorendorff) (0247fc8848) - Bug 1242111 - Fix references to oomTest. (r=me) (a9dc13a648) - Bug 1240546 - Handle OOM in updateObservesAllExecutionOnDebuggees. (r=jimb) (5d7e3a49f4) - Bug 1245961 - Throw a TypeError if less than one argument is supplied to isCompilableUnit;r=fitzgen (f896abb042) - Bug 1240803 - Handle OOM in replaceFrameGuts. (r=jimb) (2d43384c72) - Bug 1248094 - Simplify PCLocationMap with GCHashMap; r=fitzgen (b28d983bbd) - we don't care much abut 68k sadly (51c50300c5) - Bug 1233786 - JSScript::initScriptCounts should report OOMs. r=bhackett (eb42f7b8c1) - Bug 1233178 - Move ScriptCounts allocation outside the HashMap. r=bhackett (c3fa6d487c) - Bug 1141579 - Synchronize access to warmUpCount; r=jandem (a5b72cdf94) - Bug 1203696: Improve comments about lazily-initialized member of js::LazyScript. r=shu (caa895612d) - Bug 1221992 - Fix test using GetMostRecentWindow from the child process. r=smaug (07affe8195) - Bug 1235636 - rewrite PCToLineNumber; r=fitzgen (9dc9ff013e) - Bug 1232100 - "Check charsWritten in non-debug builds.". r=jcoppeard (fc5a64e621) - last bit of Bug 1197932 (86277af34e) - Bug 1067049 - Implement arguments[@@iterator]. r=evilpie (543e513269) - Bug 1248930 - Use Int32Value in ArrayBufferObject::BYTE_LENGTH_SLOT. r=lth (71e3a9ee51) - Bug 1113685 - Report the right name when calling selfhosted functions on incompatible objects. r=till (51f68d4f8d) - some symbol cleanup (83fca10034) - Bug 1165011 - Remove Symbol_isRegExp. r=jorendorff (46a2d293cc) - Bug 1122900: Make libyuv compile with MSVC 2015, r=rjesup. (9e147c7ba7) - bug 1241453 - clean up GetAccessibleWrap() r=davidb (01e37c5012) - Bug 1243331 - Prevent G_DEFINE_TYPE_EXTENDED macro from producing a fatal warning, r=tbsaunde (8bf031c4b9) - Bug 1232527 - Call into WMF PDM to determine if WMF can decode instead of using GMPVideoDecoderTrialCreator. r=jwwang (7d2b1f16f1) - Bug 1229475 - Fix gen-sources for libopus 1.1.1. r=cpearce (1e5a768d94) - Bug 1229475 - Update libopus to 1.1.1 release. r=jmspeex (0b73488ab3) - Bug 1139087 - Add moz.build bugzilla metadata for codecs. r=kinetik,gps (3d906f8f5a) - Bug 1229475 - libopus: Patch out asm flags for run_analysis. r=jmspeex (bfa15edac1) - Bug 1229475 - Fix unified build. r=cpearce (bbeda94cfc) - Bug 1239078 - Update libopus to 1.1.2 release. r=kinetik (9990b00867) - Bug 1239078 - Bump libopus update script for 1.1.2. r=kinetik (eecd46d3d3) - bug 1230377 - part 1/2: ensure nsKeyObject releases NSS resources on shutdown r=jcj (9ceefecbea) - bug 1230377 - part 2/2: simplify nsIKeyObject and nsIKeyObjectFactory r=jcj (1297d168b7) - bug 1239609 - audit nsNSSShutDownObject destructors for correctness r=Cykesiopka,sworkman (c78404e52a) - Bug 1246263 - fix unified build pollution r=valentin (f8db2c45cf) - Bug 1214981 - Disable output stream buffering. r=keeler (d9e7a1b863) - bug 1240173 - improve nsIX509Cert.dbKey r=Cykesiopka (0c0fc8e8a3) - Bug 1238042 - Extract a helper function to check if a JSObject is a global with a particular about: URI. r=ehsan (d065854725) - Bug 1244118 - Shutdown threadpool when xpcom-shutdown-threads happened. r=roc (e6ef2768b6) - Bug 1201685 - Limit the number of indexedDB open() calls in IndexedDBHelper r=gwagner (a4fc80fca2) - Bug 1244049 - Part 3: Replace the type of nsCSSSelector::mPseudoType. r=dbaron (c817ee6145) - Bug 1244049 - Part 4: Define CSSPseudoElementTypeBase. r=dbaron (94dab59375) - Bug 1246846 (part 1) - Avoid nsTHashtable::RawRemoveEntry() in dom/. r=bz. (5371e478da) - Bug 1246846 (part 2) - Avoid nsTHashtable::RawRemoveEntry() in nsPermissionManager. r=mconnor. (d7a1143ed1) - Bug 1246846 (part 3) - Avoid nsTHashtable::RawRemoveEntry() in gfxFontconfigUtils. r=jfkthame. (d23259ca8e) - Bug 1246846 (part 4) - Avoid nsTHashtable::RawRemoveEntry() in FramePropertyTable. r=roc. (7de416abfa) - Bug 1238404 - Use 'using' directive instead of having separate Dispatch impl in subclasses of nsIEventTarget. r=froydnj (43028ed3b3) - Bug 938699 - Remove FindElementWithViewId from nsIDOMWindowUtils.idl and nsDOMWindowUtils.cpp. r=kats (b49d2b5e6a) - missing bit of Bug 1210294 - Remove the release-mode IsCallerChrome assertions (a555243280)
723 lines
24 KiB
C++
723 lines
24 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
|
|
* vim: set ts=8 sts=4 et sw=4 tw=99:
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "vm/ArgumentsObject-inl.h"
|
|
|
|
#include "mozilla/PodOperations.h"
|
|
|
|
#include "jit/JitFrames.h"
|
|
#include "vm/GlobalObject.h"
|
|
#include "vm/Stack.h"
|
|
|
|
#include "jsobjinlines.h"
|
|
|
|
#include "gc/Nursery-inl.h"
|
|
#include "vm/Stack-inl.h"
|
|
|
|
using namespace js;
|
|
using namespace js::gc;
|
|
|
|
static void
|
|
CopyStackFrameArguments(const AbstractFramePtr frame, HeapValue* dst, unsigned totalArgs)
|
|
{
|
|
MOZ_ASSERT_IF(frame.isInterpreterFrame(), !frame.asInterpreterFrame()->runningInJit());
|
|
|
|
MOZ_ASSERT(Max(frame.numActualArgs(), frame.numFormalArgs()) == totalArgs);
|
|
|
|
/* Copy arguments. */
|
|
Value* src = frame.argv();
|
|
Value* end = src + totalArgs;
|
|
while (src != end)
|
|
(dst++)->init(*src++);
|
|
}
|
|
|
|
/* static */ void
|
|
ArgumentsObject::MaybeForwardToCallObject(AbstractFramePtr frame, ArgumentsObject* obj,
|
|
ArgumentsData* data)
|
|
{
|
|
JSScript* script = frame.script();
|
|
if (frame.callee()->needsCallObject() && script->argumentsAliasesFormals()) {
|
|
obj->initFixedSlot(MAYBE_CALL_SLOT, ObjectValue(frame.callObj()));
|
|
for (AliasedFormalIter fi(script); fi; fi++)
|
|
data->args[fi.frameIndex()] = MagicScopeSlotValue(fi.scopeSlot());
|
|
}
|
|
}
|
|
|
|
/* static */ void
|
|
ArgumentsObject::MaybeForwardToCallObject(jit::JitFrameLayout* frame, HandleObject callObj,
|
|
ArgumentsObject* obj, ArgumentsData* data)
|
|
{
|
|
JSFunction* callee = jit::CalleeTokenToFunction(frame->calleeToken());
|
|
JSScript* script = callee->nonLazyScript();
|
|
if (callee->needsCallObject() && script->argumentsAliasesFormals()) {
|
|
MOZ_ASSERT(callObj && callObj->is<CallObject>());
|
|
obj->initFixedSlot(MAYBE_CALL_SLOT, ObjectValue(*callObj.get()));
|
|
for (AliasedFormalIter fi(script); fi; fi++)
|
|
data->args[fi.frameIndex()] = MagicScopeSlotValue(fi.scopeSlot());
|
|
}
|
|
}
|
|
|
|
struct CopyFrameArgs
|
|
{
|
|
AbstractFramePtr frame_;
|
|
|
|
explicit CopyFrameArgs(AbstractFramePtr frame)
|
|
: frame_(frame)
|
|
{ }
|
|
|
|
void copyArgs(JSContext*, HeapValue* dst, unsigned totalArgs) const {
|
|
CopyStackFrameArguments(frame_, dst, totalArgs);
|
|
}
|
|
|
|
/*
|
|
* If a call object exists and the arguments object aliases formals, the
|
|
* call object is the canonical location for formals.
|
|
*/
|
|
void maybeForwardToCallObject(ArgumentsObject* obj, ArgumentsData* data) {
|
|
ArgumentsObject::MaybeForwardToCallObject(frame_, obj, data);
|
|
}
|
|
};
|
|
|
|
struct CopyJitFrameArgs
|
|
{
|
|
jit::JitFrameLayout* frame_;
|
|
HandleObject callObj_;
|
|
|
|
CopyJitFrameArgs(jit::JitFrameLayout* frame, HandleObject callObj)
|
|
: frame_(frame), callObj_(callObj)
|
|
{ }
|
|
|
|
void copyArgs(JSContext*, HeapValue* dstBase, unsigned totalArgs) const {
|
|
unsigned numActuals = frame_->numActualArgs();
|
|
unsigned numFormals = jit::CalleeTokenToFunction(frame_->calleeToken())->nargs();
|
|
MOZ_ASSERT(numActuals <= totalArgs);
|
|
MOZ_ASSERT(numFormals <= totalArgs);
|
|
MOZ_ASSERT(Max(numActuals, numFormals) == totalArgs);
|
|
|
|
/* Copy all arguments. */
|
|
Value* src = frame_->argv() + 1; /* +1 to skip this. */
|
|
Value* end = src + numActuals;
|
|
HeapValue* dst = dstBase;
|
|
while (src != end)
|
|
(dst++)->init(*src++);
|
|
|
|
if (numActuals < numFormals) {
|
|
HeapValue* dstEnd = dstBase + totalArgs;
|
|
while (dst != dstEnd)
|
|
(dst++)->init(UndefinedValue());
|
|
}
|
|
}
|
|
|
|
/*
|
|
* If a call object exists and the arguments object aliases formals, the
|
|
* call object is the canonical location for formals.
|
|
*/
|
|
void maybeForwardToCallObject(ArgumentsObject* obj, ArgumentsData* data) {
|
|
ArgumentsObject::MaybeForwardToCallObject(frame_, callObj_, obj, data);
|
|
}
|
|
};
|
|
|
|
struct CopyScriptFrameIterArgs
|
|
{
|
|
ScriptFrameIter& iter_;
|
|
|
|
explicit CopyScriptFrameIterArgs(ScriptFrameIter& iter)
|
|
: iter_(iter)
|
|
{ }
|
|
|
|
void copyArgs(JSContext* cx, HeapValue* dstBase, unsigned totalArgs) const {
|
|
/* Copy actual arguments. */
|
|
iter_.unaliasedForEachActual(cx, CopyToHeap(dstBase));
|
|
|
|
/* Define formals which are not part of the actuals. */
|
|
unsigned numActuals = iter_.numActualArgs();
|
|
unsigned numFormals = iter_.calleeTemplate()->nargs();
|
|
MOZ_ASSERT(numActuals <= totalArgs);
|
|
MOZ_ASSERT(numFormals <= totalArgs);
|
|
MOZ_ASSERT(Max(numActuals, numFormals) == totalArgs);
|
|
|
|
if (numActuals < numFormals) {
|
|
HeapValue* dst = dstBase + numActuals;
|
|
HeapValue* dstEnd = dstBase + totalArgs;
|
|
while (dst != dstEnd)
|
|
(dst++)->init(UndefinedValue());
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Ion frames are copying every argument onto the stack, other locations are
|
|
* invalid.
|
|
*/
|
|
void maybeForwardToCallObject(ArgumentsObject* obj, ArgumentsData* data) {
|
|
if (!iter_.isIon())
|
|
ArgumentsObject::MaybeForwardToCallObject(iter_.abstractFramePtr(), obj, data);
|
|
}
|
|
};
|
|
|
|
ArgumentsObject*
|
|
ArgumentsObject::createTemplateObject(JSContext* cx, bool mapped)
|
|
{
|
|
const Class* clasp = mapped
|
|
? &MappedArgumentsObject::class_
|
|
: &UnmappedArgumentsObject::class_;
|
|
|
|
RootedObject proto(cx, cx->global()->getOrCreateObjectPrototype(cx));
|
|
if (!proto)
|
|
return nullptr;
|
|
|
|
RootedObjectGroup group(cx, ObjectGroup::defaultNewGroup(cx, clasp, TaggedProto(proto.get())));
|
|
if (!group)
|
|
return nullptr;
|
|
|
|
RootedShape shape(cx, EmptyShape::getInitialShape(cx, clasp, TaggedProto(proto),
|
|
FINALIZE_KIND, BaseShape::INDEXED));
|
|
if (!shape)
|
|
return nullptr;
|
|
|
|
AutoSetNewObjectMetadata metadata(cx);
|
|
JSObject* base = JSObject::create(cx, FINALIZE_KIND, gc::TenuredHeap, shape, group);
|
|
if (!base)
|
|
return nullptr;
|
|
|
|
ArgumentsObject* obj = &base->as<js::ArgumentsObject>();
|
|
obj->initFixedSlot(ArgumentsObject::DATA_SLOT, PrivateValue(nullptr));
|
|
return obj;
|
|
}
|
|
|
|
ArgumentsObject*
|
|
JSCompartment::getOrCreateArgumentsTemplateObject(JSContext* cx, bool mapped)
|
|
{
|
|
ReadBarriered<ArgumentsObject*>& obj =
|
|
mapped ? mappedArgumentsTemplate_ : unmappedArgumentsTemplate_;
|
|
|
|
ArgumentsObject* templateObj = obj;
|
|
if (templateObj)
|
|
return templateObj;
|
|
|
|
templateObj = ArgumentsObject::createTemplateObject(cx, mapped);
|
|
if (!templateObj)
|
|
return nullptr;
|
|
|
|
obj.set(templateObj);
|
|
return templateObj;
|
|
}
|
|
|
|
template <typename CopyArgs>
|
|
/* static */ ArgumentsObject*
|
|
ArgumentsObject::create(JSContext* cx, HandleFunction callee, unsigned numActuals, CopyArgs& copy)
|
|
{
|
|
bool mapped = callee->nonLazyScript()->hasMappedArgsObj();
|
|
ArgumentsObject* templateObj = cx->compartment()->getOrCreateArgumentsTemplateObject(cx, mapped);
|
|
if (!templateObj)
|
|
return nullptr;
|
|
|
|
RootedShape shape(cx, templateObj->lastProperty());
|
|
RootedObjectGroup group(cx, templateObj->group());
|
|
|
|
unsigned numFormals = callee->nargs();
|
|
unsigned numDeletedWords = NumWordsForBitArrayOfLength(numActuals);
|
|
unsigned numArgs = Max(numActuals, numFormals);
|
|
unsigned numBytes = offsetof(ArgumentsData, args) +
|
|
numDeletedWords * sizeof(size_t) +
|
|
numArgs * sizeof(Value);
|
|
|
|
Rooted<ArgumentsObject*> obj(cx);
|
|
ArgumentsData* data = nullptr;
|
|
{
|
|
// The copyArgs call below can allocate objects, so add this block scope
|
|
// to make sure we set the metadata for this arguments object first.
|
|
AutoSetNewObjectMetadata metadata(cx);
|
|
|
|
JSObject* base = JSObject::create(cx, FINALIZE_KIND, gc::DefaultHeap, shape, group);
|
|
if (!base)
|
|
return nullptr;
|
|
obj = &base->as<ArgumentsObject>();
|
|
|
|
data =
|
|
reinterpret_cast<ArgumentsData*>(AllocateObjectBuffer<uint8_t>(cx, obj, numBytes));
|
|
if (!data) {
|
|
// Make the object safe for GC.
|
|
obj->initFixedSlot(DATA_SLOT, PrivateValue(nullptr));
|
|
return nullptr;
|
|
}
|
|
|
|
data->numArgs = numArgs;
|
|
data->dataBytes = numBytes;
|
|
data->callee.init(ObjectValue(*callee.get()));
|
|
data->script = callee->nonLazyScript();
|
|
|
|
// Zero the argument Values. This sets each value to DoubleValue(0), which
|
|
// is safe for GC tracing.
|
|
memset(data->args, 0, numArgs * sizeof(Value));
|
|
MOZ_ASSERT(DoubleValue(0).asRawBits() == 0x0);
|
|
MOZ_ASSERT_IF(numArgs > 0, data->args[0].asRawBits() == 0x0);
|
|
|
|
obj->initFixedSlot(DATA_SLOT, PrivateValue(data));
|
|
}
|
|
MOZ_ASSERT(data != nullptr);
|
|
|
|
/* Copy [0, numArgs) into data->slots. */
|
|
copy.copyArgs(cx, data->args, numArgs);
|
|
|
|
data->deletedBits = reinterpret_cast<size_t*>(data->args + numArgs);
|
|
ClearAllBitArrayElements(data->deletedBits, numDeletedWords);
|
|
|
|
obj->initFixedSlot(INITIAL_LENGTH_SLOT, Int32Value(numActuals << PACKED_BITS_COUNT));
|
|
|
|
copy.maybeForwardToCallObject(obj, data);
|
|
|
|
MOZ_ASSERT(obj->initialLength() == numActuals);
|
|
MOZ_ASSERT(!obj->hasOverriddenLength());
|
|
return obj;
|
|
}
|
|
|
|
ArgumentsObject*
|
|
ArgumentsObject::createExpected(JSContext* cx, AbstractFramePtr frame)
|
|
{
|
|
MOZ_ASSERT(frame.script()->needsArgsObj());
|
|
RootedFunction callee(cx, frame.callee());
|
|
CopyFrameArgs copy(frame);
|
|
ArgumentsObject* argsobj = create(cx, callee, frame.numActualArgs(), copy);
|
|
if (!argsobj)
|
|
return nullptr;
|
|
|
|
frame.initArgsObj(*argsobj);
|
|
return argsobj;
|
|
}
|
|
|
|
ArgumentsObject*
|
|
ArgumentsObject::createUnexpected(JSContext* cx, ScriptFrameIter& iter)
|
|
{
|
|
RootedFunction callee(cx, iter.callee(cx));
|
|
CopyScriptFrameIterArgs copy(iter);
|
|
return create(cx, callee, iter.numActualArgs(), copy);
|
|
}
|
|
|
|
ArgumentsObject*
|
|
ArgumentsObject::createUnexpected(JSContext* cx, AbstractFramePtr frame)
|
|
{
|
|
RootedFunction callee(cx, frame.callee());
|
|
CopyFrameArgs copy(frame);
|
|
return create(cx, callee, frame.numActualArgs(), copy);
|
|
}
|
|
|
|
ArgumentsObject*
|
|
ArgumentsObject::createForIon(JSContext* cx, jit::JitFrameLayout* frame, HandleObject scopeChain)
|
|
{
|
|
jit::CalleeToken token = frame->calleeToken();
|
|
MOZ_ASSERT(jit::CalleeTokenIsFunction(token));
|
|
RootedFunction callee(cx, jit::CalleeTokenToFunction(token));
|
|
RootedObject callObj(cx, scopeChain->is<CallObject>() ? scopeChain.get() : nullptr);
|
|
CopyJitFrameArgs copy(frame, callObj);
|
|
return create(cx, callee, frame->numActualArgs(), copy);
|
|
}
|
|
|
|
/* static */ bool
|
|
ArgumentsObject::obj_delProperty(JSContext* cx, HandleObject obj, HandleId id,
|
|
ObjectOpResult& result)
|
|
{
|
|
ArgumentsObject& argsobj = obj->as<ArgumentsObject>();
|
|
if (JSID_IS_INT(id)) {
|
|
unsigned arg = unsigned(JSID_TO_INT(id));
|
|
if (arg < argsobj.initialLength() && !argsobj.isElementDeleted(arg))
|
|
argsobj.markElementDeleted(arg);
|
|
} else if (JSID_IS_ATOM(id, cx->names().length)) {
|
|
argsobj.markLengthOverridden();
|
|
} else if (JSID_IS_ATOM(id, cx->names().callee)) {
|
|
argsobj.as<MappedArgumentsObject>().clearCallee();
|
|
} else if (JSID_IS_SYMBOL(id) && JSID_TO_SYMBOL(id) == cx->wellKnownSymbols().iterator) {
|
|
argsobj.markIteratorOverridden();
|
|
}
|
|
return result.succeed();
|
|
}
|
|
|
|
static bool
|
|
MappedArgGetter(JSContext* cx, HandleObject obj, HandleId id, MutableHandleValue vp)
|
|
{
|
|
MappedArgumentsObject& argsobj = obj->as<MappedArgumentsObject>();
|
|
if (JSID_IS_INT(id)) {
|
|
/*
|
|
* arg can exceed the number of arguments if a script changed the
|
|
* prototype to point to another Arguments object with a bigger argc.
|
|
*/
|
|
unsigned arg = unsigned(JSID_TO_INT(id));
|
|
if (arg < argsobj.initialLength() && !argsobj.isElementDeleted(arg))
|
|
vp.set(argsobj.element(arg));
|
|
} else if (JSID_IS_ATOM(id, cx->names().length)) {
|
|
if (!argsobj.hasOverriddenLength())
|
|
vp.setInt32(argsobj.initialLength());
|
|
} else {
|
|
MOZ_ASSERT(JSID_IS_ATOM(id, cx->names().callee));
|
|
if (!argsobj.callee().isMagic(JS_OVERWRITTEN_CALLEE))
|
|
vp.set(argsobj.callee());
|
|
}
|
|
return true;
|
|
}
|
|
|
|
static bool
|
|
MappedArgSetter(JSContext* cx, HandleObject obj, HandleId id, MutableHandleValue vp,
|
|
ObjectOpResult& result)
|
|
{
|
|
if (!obj->is<MappedArgumentsObject>())
|
|
return result.succeed();
|
|
Handle<MappedArgumentsObject*> argsobj = obj.as<MappedArgumentsObject>();
|
|
|
|
Rooted<PropertyDescriptor> desc(cx);
|
|
if (!GetOwnPropertyDescriptor(cx, argsobj, id, &desc))
|
|
return false;
|
|
MOZ_ASSERT(desc.object());
|
|
unsigned attrs = desc.attributes();
|
|
MOZ_ASSERT(!(attrs & JSPROP_READONLY));
|
|
attrs &= (JSPROP_ENUMERATE | JSPROP_PERMANENT); /* only valid attributes */
|
|
|
|
RootedScript script(cx, argsobj->containingScript());
|
|
|
|
if (JSID_IS_INT(id)) {
|
|
unsigned arg = unsigned(JSID_TO_INT(id));
|
|
if (arg < argsobj->initialLength() && !argsobj->isElementDeleted(arg)) {
|
|
argsobj->setElement(cx, arg, vp);
|
|
if (arg < script->functionNonDelazifying()->nargs())
|
|
TypeScript::SetArgument(cx, script, arg, vp);
|
|
return result.succeed();
|
|
}
|
|
} else {
|
|
MOZ_ASSERT(JSID_IS_ATOM(id, cx->names().length) || JSID_IS_ATOM(id, cx->names().callee));
|
|
}
|
|
|
|
/*
|
|
* For simplicity we use delete/define to replace the property with a
|
|
* simple data property. Note that we rely on ArgumentsObject::obj_delProperty
|
|
* to clear the corresponding reserved slot so the GC can collect its value.
|
|
* Note also that we must define the property instead of setting it in case
|
|
* the user has changed the prototype to an object that has a setter for
|
|
* this id.
|
|
*/
|
|
ObjectOpResult ignored;
|
|
return NativeDeleteProperty(cx, argsobj, id, ignored) &&
|
|
NativeDefineProperty(cx, argsobj, id, vp, nullptr, nullptr, attrs, result);
|
|
}
|
|
|
|
static bool
|
|
DefineArgumentsIterator(JSContext* cx, Handle<ArgumentsObject*> argsobj)
|
|
{
|
|
RootedId iteratorId(cx, SYMBOL_TO_JSID(cx->wellKnownSymbols().iterator));
|
|
HandlePropertyName shName = cx->names().ArrayValues;
|
|
RootedAtom name(cx, cx->names().values);
|
|
RootedValue val(cx);
|
|
if (!GlobalObject::getSelfHostedFunction(cx, cx->global(), shName, name, 0, &val))
|
|
return false;
|
|
|
|
return NativeDefineProperty(cx, argsobj, iteratorId, val, nullptr, nullptr, JSPROP_RESOLVING);
|
|
}
|
|
|
|
/* static */ bool
|
|
MappedArgumentsObject::obj_resolve(JSContext* cx, HandleObject obj, HandleId id, bool* resolvedp)
|
|
{
|
|
Rooted<MappedArgumentsObject*> argsobj(cx, &obj->as<MappedArgumentsObject>());
|
|
|
|
if (JSID_IS_SYMBOL(id) && JSID_TO_SYMBOL(id) == cx->wellKnownSymbols().iterator) {
|
|
if (argsobj->hasOverriddenIterator())
|
|
return true;
|
|
|
|
if (!DefineArgumentsIterator(cx, argsobj))
|
|
return false;
|
|
*resolvedp = true;
|
|
return true;
|
|
}
|
|
|
|
unsigned attrs = JSPROP_SHARED | JSPROP_SHADOWABLE | JSPROP_RESOLVING;
|
|
if (JSID_IS_INT(id)) {
|
|
uint32_t arg = uint32_t(JSID_TO_INT(id));
|
|
if (arg >= argsobj->initialLength() || argsobj->isElementDeleted(arg))
|
|
return true;
|
|
|
|
attrs |= JSPROP_ENUMERATE;
|
|
} else if (JSID_IS_ATOM(id, cx->names().length)) {
|
|
if (argsobj->hasOverriddenLength())
|
|
return true;
|
|
} else {
|
|
if (!JSID_IS_ATOM(id, cx->names().callee))
|
|
return true;
|
|
|
|
if (argsobj->callee().isMagic(JS_OVERWRITTEN_CALLEE))
|
|
return true;
|
|
}
|
|
|
|
if (!NativeDefineProperty(cx, argsobj, id, UndefinedHandleValue,
|
|
MappedArgGetter, MappedArgSetter, attrs))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
*resolvedp = true;
|
|
return true;
|
|
}
|
|
|
|
/* static */ bool
|
|
MappedArgumentsObject::obj_enumerate(JSContext* cx, HandleObject obj)
|
|
{
|
|
Rooted<MappedArgumentsObject*> argsobj(cx, &obj->as<MappedArgumentsObject>());
|
|
|
|
RootedId id(cx);
|
|
bool found;
|
|
|
|
// Trigger reflection.
|
|
id = NameToId(cx->names().length);
|
|
if (!HasProperty(cx, argsobj, id, &found))
|
|
return false;
|
|
|
|
id = NameToId(cx->names().callee);
|
|
if (!HasProperty(cx, argsobj, id, &found))
|
|
return false;
|
|
|
|
id = SYMBOL_TO_JSID(cx->wellKnownSymbols().iterator);
|
|
if (!HasProperty(cx, argsobj, id, &found))
|
|
return false;
|
|
|
|
for (unsigned i = 0; i < argsobj->initialLength(); i++) {
|
|
id = INT_TO_JSID(i);
|
|
if (!HasProperty(cx, argsobj, id, &found))
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
static bool
|
|
UnmappedArgGetter(JSContext* cx, HandleObject obj, HandleId id, MutableHandleValue vp)
|
|
{
|
|
UnmappedArgumentsObject& argsobj = obj->as<UnmappedArgumentsObject>();
|
|
|
|
if (JSID_IS_INT(id)) {
|
|
/*
|
|
* arg can exceed the number of arguments if a script changed the
|
|
* prototype to point to another Arguments object with a bigger argc.
|
|
*/
|
|
unsigned arg = unsigned(JSID_TO_INT(id));
|
|
if (arg < argsobj.initialLength() && !argsobj.isElementDeleted(arg))
|
|
vp.set(argsobj.element(arg));
|
|
} else {
|
|
MOZ_ASSERT(JSID_IS_ATOM(id, cx->names().length));
|
|
if (!argsobj.hasOverriddenLength())
|
|
vp.setInt32(argsobj.initialLength());
|
|
}
|
|
return true;
|
|
}
|
|
|
|
static bool
|
|
UnmappedArgSetter(JSContext* cx, HandleObject obj, HandleId id, MutableHandleValue vp,
|
|
ObjectOpResult& result)
|
|
{
|
|
if (!obj->is<UnmappedArgumentsObject>())
|
|
return result.succeed();
|
|
Handle<UnmappedArgumentsObject*> argsobj = obj.as<UnmappedArgumentsObject>();
|
|
|
|
Rooted<PropertyDescriptor> desc(cx);
|
|
if (!GetOwnPropertyDescriptor(cx, argsobj, id, &desc))
|
|
return false;
|
|
MOZ_ASSERT(desc.object());
|
|
unsigned attrs = desc.attributes();
|
|
MOZ_ASSERT(!(attrs & JSPROP_READONLY));
|
|
attrs &= (JSPROP_ENUMERATE | JSPROP_PERMANENT); /* only valid attributes */
|
|
|
|
if (JSID_IS_INT(id)) {
|
|
unsigned arg = unsigned(JSID_TO_INT(id));
|
|
if (arg < argsobj->initialLength()) {
|
|
argsobj->setElement(cx, arg, vp);
|
|
return result.succeed();
|
|
}
|
|
} else {
|
|
MOZ_ASSERT(JSID_IS_ATOM(id, cx->names().length));
|
|
}
|
|
|
|
/*
|
|
* For simplicity we use delete/define to replace the property with a
|
|
* simple data property. Note that we rely on ArgumentsObject::obj_delProperty
|
|
* to clear the corresponding reserved slot so the GC can collect its value.
|
|
*/
|
|
ObjectOpResult ignored;
|
|
return NativeDeleteProperty(cx, argsobj, id, ignored) &&
|
|
NativeDefineProperty(cx, argsobj, id, vp, nullptr, nullptr, attrs, result);
|
|
}
|
|
|
|
/* static */ bool
|
|
UnmappedArgumentsObject::obj_resolve(JSContext* cx, HandleObject obj, HandleId id, bool* resolvedp)
|
|
{
|
|
Rooted<UnmappedArgumentsObject*> argsobj(cx, &obj->as<UnmappedArgumentsObject>());
|
|
|
|
if (JSID_IS_SYMBOL(id) && JSID_TO_SYMBOL(id) == cx->wellKnownSymbols().iterator) {
|
|
if (argsobj->hasOverriddenIterator())
|
|
return true;
|
|
|
|
if (!DefineArgumentsIterator(cx, argsobj))
|
|
return false;
|
|
*resolvedp = true;
|
|
return true;
|
|
}
|
|
|
|
unsigned attrs = JSPROP_SHARED | JSPROP_SHADOWABLE;
|
|
GetterOp getter = UnmappedArgGetter;
|
|
SetterOp setter = UnmappedArgSetter;
|
|
|
|
if (JSID_IS_INT(id)) {
|
|
uint32_t arg = uint32_t(JSID_TO_INT(id));
|
|
if (arg >= argsobj->initialLength() || argsobj->isElementDeleted(arg))
|
|
return true;
|
|
|
|
attrs |= JSPROP_ENUMERATE;
|
|
} else if (JSID_IS_ATOM(id, cx->names().length)) {
|
|
if (argsobj->hasOverriddenLength())
|
|
return true;
|
|
} else {
|
|
if (!JSID_IS_ATOM(id, cx->names().callee) && !JSID_IS_ATOM(id, cx->names().caller))
|
|
return true;
|
|
|
|
attrs = JSPROP_PERMANENT | JSPROP_GETTER | JSPROP_SETTER | JSPROP_SHARED;
|
|
getter = CastAsGetterOp(argsobj->global().getThrowTypeError());
|
|
setter = CastAsSetterOp(argsobj->global().getThrowTypeError());
|
|
}
|
|
|
|
attrs |= JSPROP_RESOLVING;
|
|
if (!NativeDefineProperty(cx, argsobj, id, UndefinedHandleValue, getter, setter, attrs))
|
|
return false;
|
|
|
|
*resolvedp = true;
|
|
return true;
|
|
}
|
|
|
|
/* static */ bool
|
|
UnmappedArgumentsObject::obj_enumerate(JSContext* cx, HandleObject obj)
|
|
{
|
|
Rooted<UnmappedArgumentsObject*> argsobj(cx, &obj->as<UnmappedArgumentsObject>());
|
|
|
|
RootedId id(cx);
|
|
bool found;
|
|
|
|
// Trigger reflection.
|
|
id = NameToId(cx->names().length);
|
|
if (!HasProperty(cx, argsobj, id, &found))
|
|
return false;
|
|
|
|
id = NameToId(cx->names().callee);
|
|
if (!HasProperty(cx, argsobj, id, &found))
|
|
return false;
|
|
|
|
id = NameToId(cx->names().caller);
|
|
if (!HasProperty(cx, argsobj, id, &found))
|
|
return false;
|
|
|
|
id = SYMBOL_TO_JSID(cx->wellKnownSymbols().iterator);
|
|
if (!HasProperty(cx, argsobj, id, &found))
|
|
return false;
|
|
|
|
for (unsigned i = 0; i < argsobj->initialLength(); i++) {
|
|
id = INT_TO_JSID(i);
|
|
if (!HasProperty(cx, argsobj, id, &found))
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
void
|
|
ArgumentsObject::finalize(FreeOp* fop, JSObject* obj)
|
|
{
|
|
MOZ_ASSERT(!IsInsideNursery(obj));
|
|
fop->free_(reinterpret_cast<void*>(obj->as<ArgumentsObject>().data()));
|
|
}
|
|
|
|
void
|
|
ArgumentsObject::trace(JSTracer* trc, JSObject* obj)
|
|
{
|
|
ArgumentsObject& argsobj = obj->as<ArgumentsObject>();
|
|
if (ArgumentsData* data = argsobj.data()) { // Template objects have no ArgumentsData.
|
|
TraceEdge(trc, &data->callee, js_callee_str);
|
|
TraceRange(trc, data->numArgs, data->begin(), js_arguments_str);
|
|
TraceManuallyBarrieredEdge(trc, &data->script, "script");
|
|
}
|
|
}
|
|
|
|
/* static */ size_t
|
|
ArgumentsObject::objectMovedDuringMinorGC(JSTracer* trc, JSObject* dst, JSObject* src)
|
|
{
|
|
ArgumentsObject* ndst = &dst->as<ArgumentsObject>();
|
|
ArgumentsObject* nsrc = &src->as<ArgumentsObject>();
|
|
MOZ_ASSERT(ndst->data() == nsrc->data());
|
|
|
|
Nursery& nursery = trc->runtime()->gc.nursery;
|
|
|
|
if (!nursery.isInside(nsrc->data())) {
|
|
nursery.removeMallocedBuffer(nsrc->data());
|
|
return 0;
|
|
}
|
|
|
|
AutoEnterOOMUnsafeRegion oomUnsafe;
|
|
uint32_t nbytes = nsrc->data()->dataBytes;
|
|
uint8_t* data = nsrc->zone()->pod_malloc<uint8_t>(nbytes);
|
|
if (!data)
|
|
oomUnsafe.crash("Failed to allocate ArgumentsObject data while tenuring.");
|
|
ndst->initFixedSlot(DATA_SLOT, PrivateValue(data));
|
|
|
|
mozilla::PodCopy(data, reinterpret_cast<uint8_t*>(nsrc->data()), nbytes);
|
|
|
|
ArgumentsData* dstData = ndst->data();
|
|
dstData->deletedBits = reinterpret_cast<size_t*>(dstData->args + dstData->numArgs);
|
|
|
|
return nbytes;
|
|
}
|
|
|
|
/*
|
|
* The classes below collaborate to lazily reflect and synchronize actual
|
|
* argument values, argument count, and callee function object stored in a
|
|
* stack frame with their corresponding property values in the frame's
|
|
* arguments object.
|
|
*/
|
|
const Class MappedArgumentsObject::class_ = {
|
|
"Arguments",
|
|
JSCLASS_DELAY_METADATA_CALLBACK |
|
|
JSCLASS_HAS_RESERVED_SLOTS(MappedArgumentsObject::RESERVED_SLOTS) |
|
|
JSCLASS_HAS_CACHED_PROTO(JSProto_Object) |
|
|
JSCLASS_SKIP_NURSERY_FINALIZE |
|
|
JSCLASS_BACKGROUND_FINALIZE,
|
|
nullptr, /* addProperty */
|
|
ArgumentsObject::obj_delProperty,
|
|
nullptr, /* getProperty */
|
|
nullptr, /* setProperty */
|
|
MappedArgumentsObject::obj_enumerate,
|
|
MappedArgumentsObject::obj_resolve,
|
|
nullptr, /* mayResolve */
|
|
ArgumentsObject::finalize,
|
|
nullptr, /* call */
|
|
nullptr, /* hasInstance */
|
|
nullptr, /* construct */
|
|
ArgumentsObject::trace
|
|
};
|
|
|
|
/*
|
|
* Unmapped arguments is significantly less magical than mapped arguments, so
|
|
* it is represented by a different class while sharing some functionality.
|
|
*/
|
|
const Class UnmappedArgumentsObject::class_ = {
|
|
"Arguments",
|
|
JSCLASS_DELAY_METADATA_CALLBACK |
|
|
JSCLASS_HAS_RESERVED_SLOTS(UnmappedArgumentsObject::RESERVED_SLOTS) |
|
|
JSCLASS_HAS_CACHED_PROTO(JSProto_Object) |
|
|
JSCLASS_SKIP_NURSERY_FINALIZE |
|
|
JSCLASS_BACKGROUND_FINALIZE,
|
|
nullptr, /* addProperty */
|
|
ArgumentsObject::obj_delProperty,
|
|
nullptr, /* getProperty */
|
|
nullptr, /* setProperty */
|
|
UnmappedArgumentsObject::obj_enumerate,
|
|
UnmappedArgumentsObject::obj_resolve,
|
|
nullptr, /* mayResolve */
|
|
ArgumentsObject::finalize,
|
|
nullptr, /* call */
|
|
nullptr, /* hasInstance */
|
|
nullptr, /* construct */
|
|
ArgumentsObject::trace
|
|
};
|