mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-05-26 13:23:07 +00:00
roytam1
dcf4178212
- Bug 1218706 - Make 'unicode-bidi: isolate' the default for elements with a dir attribute. r=dbaron,jfkthame (037a5aaf57) - Bug 743198 part 7 - Add :fullscreen pseudo class. r=heycam (05eb82ccc9) - missing bits of Bug 1242904 - Update Brotli t (f4f569d859) - Bug 1235298 - Annotate intentional switch fallthroughs to suppress -Wimplicit-fallthrough warnings in netwerk/. r=mcmanus (c4ae414769) - Bug 1244841 - Don't measure SharedArrayBuffer objects multiple times. r=lth. (e9b665dc82) - Bug 234031 - broken parsing of xlen in gzip rfc 1952 r=mcmanus (c905b50417) - Bug 1239605 - filter insertions into the global object. r=jandem (35520bc5c8) - Bug 1248681 - Warn if the result of putWrapper goes unused; r=sfink (8051888ef8) - Bug 1246293 - Fix a typo in DefineSelfHostedProperty; r=till (5e05a76b2a) - Bug 1243808 - Allow modules to be compiled off main thread r=shu (51e5adca0a) - Bug 1241767 - avoid default-only switch to placate MSVC. r=bbouvier (392aa8eda0) - Bug 1239710 - Use CountingSort for Uint8Array and Int8Array; r=mrrrgn (6f394ab442) - Bug 1246860 - Preserve holes when sorting arrays with a custom comparator. r=till (725b091e55) - Bug 1247283 - Improve self-hosted Array.sort performance; r=till (ab1f3ddb74) - Bug 1248717 - Don't initialize variables in a for head with var, then use them later. r=jorendorff (87a77f9623) - Bug 1242196 - Use RadixSort for typed arrays. r=mrrrgn (a280ea097d) - Bug 1246927 - Fix OOM handling in usages of GlobalObject::maybeGetIntrinsicValue. r=arai (f7f3761c45) - Bug 1248405 - Recover from JSObject::getGroup OOM in CanOptimizeForDenseStorage. r=jandem (68ea32c044) - Bug 1225905 - create a mozharness script that manages each beet mover task logic, NPOTB DONTBUILD r=rail (076f25536f) - Bug 1246074 - add partials template config for mozharness beetmover, DONTBUILD r=rail (2e42c78d92) - Bug 1246074 - add partials mozharness beetmover, custom tc artifact location, DONTBUILD NPOTB r=rail (c74fe0755a) - Bug 1210538 - Add antivirus checks to release promotion graph a=rail (56de774389) - Bug 1238610 - Restore compartment debug mode flags if adding a debuggee global fails r=jimb (f8a9a1fa85) - Bug 1243851 - Treat enter as shift+enter if input is valid but incomplete; r=fitzgen, bgrins (f27c959bc0) - Bug 1238610 - Fix implicit constructor errors r=me (6f26f92763) - Bug 1242111 - Handle OOM in UpdateExecutionObservabilityOfScriptsInZone. (r=jimb) (91b125725f) - Bug 1240503 - Skip the initial block scope when unwinding scopes due to an exception that's thrown in the prologue before the scope chain is properly initialized for a script that starts with a block scope. (r=jorendorff) (0247fc8848) - Bug 1242111 - Fix references to oomTest. (r=me) (a9dc13a648) - Bug 1240546 - Handle OOM in updateObservesAllExecutionOnDebuggees. (r=jimb) (5d7e3a49f4) - Bug 1245961 - Throw a TypeError if less than one argument is supplied to isCompilableUnit;r=fitzgen (f896abb042) - Bug 1240803 - Handle OOM in replaceFrameGuts. (r=jimb) (2d43384c72) - Bug 1248094 - Simplify PCLocationMap with GCHashMap; r=fitzgen (b28d983bbd) - we don't care much abut 68k sadly (51c50300c5) - Bug 1233786 - JSScript::initScriptCounts should report OOMs. r=bhackett (eb42f7b8c1) - Bug 1233178 - Move ScriptCounts allocation outside the HashMap. r=bhackett (c3fa6d487c) - Bug 1141579 - Synchronize access to warmUpCount; r=jandem (a5b72cdf94) - Bug 1203696: Improve comments about lazily-initialized member of js::LazyScript. r=shu (caa895612d) - Bug 1221992 - Fix test using GetMostRecentWindow from the child process. r=smaug (07affe8195) - Bug 1235636 - rewrite PCToLineNumber; r=fitzgen (9dc9ff013e) - Bug 1232100 - "Check charsWritten in non-debug builds.". r=jcoppeard (fc5a64e621) - last bit of Bug 1197932 (86277af34e) - Bug 1067049 - Implement arguments[@@iterator]. r=evilpie (543e513269) - Bug 1248930 - Use Int32Value in ArrayBufferObject::BYTE_LENGTH_SLOT. r=lth (71e3a9ee51) - Bug 1113685 - Report the right name when calling selfhosted functions on incompatible objects. r=till (51f68d4f8d) - some symbol cleanup (83fca10034) - Bug 1165011 - Remove Symbol_isRegExp. r=jorendorff (46a2d293cc) - Bug 1122900: Make libyuv compile with MSVC 2015, r=rjesup. (9e147c7ba7) - bug 1241453 - clean up GetAccessibleWrap() r=davidb (01e37c5012) - Bug 1243331 - Prevent G_DEFINE_TYPE_EXTENDED macro from producing a fatal warning, r=tbsaunde (8bf031c4b9) - Bug 1232527 - Call into WMF PDM to determine if WMF can decode instead of using GMPVideoDecoderTrialCreator. r=jwwang (7d2b1f16f1) - Bug 1229475 - Fix gen-sources for libopus 1.1.1. r=cpearce (1e5a768d94) - Bug 1229475 - Update libopus to 1.1.1 release. r=jmspeex (0b73488ab3) - Bug 1139087 - Add moz.build bugzilla metadata for codecs. r=kinetik,gps (3d906f8f5a) - Bug 1229475 - libopus: Patch out asm flags for run_analysis. r=jmspeex (bfa15edac1) - Bug 1229475 - Fix unified build. r=cpearce (bbeda94cfc) - Bug 1239078 - Update libopus to 1.1.2 release. r=kinetik (9990b00867) - Bug 1239078 - Bump libopus update script for 1.1.2. r=kinetik (eecd46d3d3) - bug 1230377 - part 1/2: ensure nsKeyObject releases NSS resources on shutdown r=jcj (9ceefecbea) - bug 1230377 - part 2/2: simplify nsIKeyObject and nsIKeyObjectFactory r=jcj (1297d168b7) - bug 1239609 - audit nsNSSShutDownObject destructors for correctness r=Cykesiopka,sworkman (c78404e52a) - Bug 1246263 - fix unified build pollution r=valentin (f8db2c45cf) - Bug 1214981 - Disable output stream buffering. r=keeler (d9e7a1b863) - bug 1240173 - improve nsIX509Cert.dbKey r=Cykesiopka (0c0fc8e8a3) - Bug 1238042 - Extract a helper function to check if a JSObject is a global with a particular about: URI. r=ehsan (d065854725) - Bug 1244118 - Shutdown threadpool when xpcom-shutdown-threads happened. r=roc (e6ef2768b6) - Bug 1201685 - Limit the number of indexedDB open() calls in IndexedDBHelper r=gwagner (a4fc80fca2) - Bug 1244049 - Part 3: Replace the type of nsCSSSelector::mPseudoType. r=dbaron (c817ee6145) - Bug 1244049 - Part 4: Define CSSPseudoElementTypeBase. r=dbaron (94dab59375) - Bug 1246846 (part 1) - Avoid nsTHashtable::RawRemoveEntry() in dom/. r=bz. (5371e478da) - Bug 1246846 (part 2) - Avoid nsTHashtable::RawRemoveEntry() in nsPermissionManager. r=mconnor. (d7a1143ed1) - Bug 1246846 (part 3) - Avoid nsTHashtable::RawRemoveEntry() in gfxFontconfigUtils. r=jfkthame. (d23259ca8e) - Bug 1246846 (part 4) - Avoid nsTHashtable::RawRemoveEntry() in FramePropertyTable. r=roc. (7de416abfa) - Bug 1238404 - Use 'using' directive instead of having separate Dispatch impl in subclasses of nsIEventTarget. r=froydnj (43028ed3b3) - Bug 938699 - Remove FindElementWithViewId from nsIDOMWindowUtils.idl and nsDOMWindowUtils.cpp. r=kats (b49d2b5e6a) - missing bit of Bug 1210294 - Remove the release-mode IsCallerChrome assertions (a555243280)
570 lines
19 KiB
C++
570 lines
19 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
|
|
* vim: set ts=8 sts=4 et sw=4 tw=99:
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef vm_ArrayBufferObject_h
|
|
#define vm_ArrayBufferObject_h
|
|
|
|
#include "jsobj.h"
|
|
|
|
#include "builtin/TypedObjectConstants.h"
|
|
#include "js/GCHashTable.h"
|
|
#include "vm/Runtime.h"
|
|
#include "vm/SharedMem.h"
|
|
|
|
typedef struct JSProperty JSProperty;
|
|
|
|
namespace js {
|
|
|
|
class ArrayBufferViewObject;
|
|
|
|
// The inheritance hierarchy for the various classes relating to typed arrays
|
|
// is as follows.
|
|
//
|
|
// - NativeObject
|
|
// - ArrayBufferObjectMaybeShared
|
|
// - ArrayBufferObject
|
|
// - SharedArrayBufferObject
|
|
// - DataViewObject
|
|
// - TypedArrayObject (declared in vm/TypedArrayObject.h)
|
|
// - TypedArrayObjectTemplate
|
|
// - Int8ArrayObject
|
|
// - Uint8ArrayObject
|
|
// - ...
|
|
// - JSObject
|
|
// - ArrayBufferViewObject
|
|
// - TypedObject (declared in builtin/TypedObject.h)
|
|
//
|
|
// Note that |TypedArrayObjectTemplate| is just an implementation
|
|
// detail that makes implementing its various subclasses easier.
|
|
//
|
|
// ArrayBufferObject and SharedArrayBufferObject are unrelated data types:
|
|
// the racy memory of the latter cannot substitute for the non-racy memory of
|
|
// the former; the non-racy memory of the former cannot be used with the atomics;
|
|
// the former can be detached and the latter not. Hence they have been
|
|
// separated completely.
|
|
//
|
|
// Most APIs will only accept ArrayBufferObject. ArrayBufferObjectMaybeShared
|
|
// exists as a join point to allow APIs that can take or use either, notably AsmJS.
|
|
//
|
|
// In contrast with the separation of ArrayBufferObject and
|
|
// SharedArrayBufferObject, the TypedArray types can map either.
|
|
//
|
|
// The possible data ownership and reference relationships with ArrayBuffers
|
|
// and related classes are enumerated below. These are the possible locations
|
|
// for typed data:
|
|
//
|
|
// (1) malloc'ed or mmap'ed data owned by an ArrayBufferObject.
|
|
// (2) Data allocated inline with an ArrayBufferObject.
|
|
// (3) Data allocated inline with a TypedArrayObject.
|
|
// (4) Data allocated inline with an InlineTypedObject.
|
|
//
|
|
// An ArrayBufferObject may point to any of these sources of data, except (3).
|
|
// All array buffer views may point to any of these sources of data, except
|
|
// that (3) may only be pointed to by the typed array the data is inline with.
|
|
//
|
|
// During a minor GC, (3) and (4) may move. During a compacting GC, (2), (3),
|
|
// and (4) may move.
|
|
|
|
class ArrayBufferObjectMaybeShared;
|
|
|
|
uint32_t AnyArrayBufferByteLength(const ArrayBufferObjectMaybeShared* buf);
|
|
ArrayBufferObjectMaybeShared& AsAnyArrayBuffer(HandleValue val);
|
|
|
|
class ArrayBufferObjectMaybeShared : public NativeObject
|
|
{
|
|
public:
|
|
uint32_t byteLength() {
|
|
return AnyArrayBufferByteLength(this);
|
|
}
|
|
|
|
inline SharedMem<uint8_t*> dataPointerEither();
|
|
};
|
|
|
|
/*
|
|
* ArrayBufferObject
|
|
*
|
|
* This class holds the underlying raw buffer that the various ArrayBufferViews
|
|
* (eg DataViewObject, the TypedArrays, TypedObjects) access. It can be created
|
|
* explicitly and used to construct an ArrayBufferView, or can be created
|
|
* lazily when it is first accessed for a TypedArrayObject or TypedObject that
|
|
* doesn't have an explicit buffer.
|
|
*
|
|
* ArrayBufferObject (or really the underlying memory) /is not racy/: the
|
|
* memory is private to a single worker.
|
|
*/
|
|
class ArrayBufferObject : public ArrayBufferObjectMaybeShared
|
|
{
|
|
static bool byteLengthGetterImpl(JSContext* cx, const CallArgs& args);
|
|
static bool fun_slice_impl(JSContext* cx, const CallArgs& args);
|
|
|
|
public:
|
|
static const uint8_t DATA_SLOT = 0;
|
|
static const uint8_t BYTE_LENGTH_SLOT = 1;
|
|
static const uint8_t FIRST_VIEW_SLOT = 2;
|
|
static const uint8_t FLAGS_SLOT = 3;
|
|
|
|
static const uint8_t RESERVED_SLOTS = 4;
|
|
|
|
static const size_t ARRAY_BUFFER_ALIGNMENT = 8;
|
|
|
|
static_assert(FLAGS_SLOT == JS_ARRAYBUFFER_FLAGS_SLOT,
|
|
"self-hosted code with burned-in constants must get the "
|
|
"right flags slot");
|
|
|
|
public:
|
|
|
|
enum OwnsState {
|
|
DoesntOwnData = 0,
|
|
OwnsData = 1,
|
|
};
|
|
|
|
enum BufferKind {
|
|
PLAIN = 0, // malloced or inline data
|
|
WASM_MALLOCED = 1,
|
|
WASM_MAPPED = 2,
|
|
MAPPED = 3,
|
|
|
|
KIND_MASK = 0x3
|
|
};
|
|
|
|
protected:
|
|
|
|
enum ArrayBufferFlags {
|
|
// The flags also store the BufferKind
|
|
BUFFER_KIND_MASK = BufferKind::KIND_MASK,
|
|
|
|
DETACHED = 0x4,
|
|
|
|
// The dataPointer() is owned by this buffer and should be released
|
|
// when no longer in use. Releasing the pointer may be done by either
|
|
// freeing or unmapping it, and how to do this is determined by the
|
|
// buffer's other flags.
|
|
//
|
|
// Array buffers which do not own their data include buffers that
|
|
// allocate their data inline, and buffers that are created lazily for
|
|
// typed objects with inline storage, in which case the buffer points
|
|
// directly to the typed object's storage.
|
|
OWNS_DATA = 0x8,
|
|
|
|
// This array buffer was created lazily for a typed object with inline
|
|
// data. This implies both that the typed object owns the buffer's data
|
|
// and that the list of views sharing this buffer's data might be
|
|
// incomplete. Any missing views will be typed objects.
|
|
FOR_INLINE_TYPED_OBJECT = 0x10,
|
|
|
|
// Views of this buffer might include typed objects.
|
|
TYPED_OBJECT_VIEWS = 0x20
|
|
};
|
|
|
|
static_assert(JS_ARRAYBUFFER_DETACHED_FLAG == DETACHED,
|
|
"self-hosted code with burned-in constants must use the "
|
|
"correct DETACHED bit value");
|
|
public:
|
|
|
|
class BufferContents {
|
|
uint8_t* data_;
|
|
BufferKind kind_;
|
|
|
|
friend class ArrayBufferObject;
|
|
|
|
BufferContents(uint8_t* data, BufferKind kind) : data_(data), kind_(kind) {
|
|
MOZ_ASSERT((kind_ & ~KIND_MASK) == 0);
|
|
}
|
|
|
|
public:
|
|
|
|
template<BufferKind Kind>
|
|
static BufferContents create(void* data)
|
|
{
|
|
return BufferContents(static_cast<uint8_t*>(data), Kind);
|
|
}
|
|
|
|
static BufferContents createPlain(void* data)
|
|
{
|
|
return BufferContents(static_cast<uint8_t*>(data), PLAIN);
|
|
}
|
|
|
|
uint8_t* data() const { return data_; }
|
|
BufferKind kind() const { return kind_; }
|
|
|
|
explicit operator bool() const { return data_ != nullptr; }
|
|
};
|
|
|
|
static const Class class_;
|
|
|
|
static const Class protoClass;
|
|
static const JSFunctionSpec jsfuncs[];
|
|
static const JSFunctionSpec jsstaticfuncs[];
|
|
|
|
static bool byteLengthGetter(JSContext* cx, unsigned argc, Value* vp);
|
|
|
|
static bool fun_slice(JSContext* cx, unsigned argc, Value* vp);
|
|
|
|
static bool fun_isView(JSContext* cx, unsigned argc, Value* vp);
|
|
#ifdef NIGHTLY_BUILD
|
|
static bool fun_transfer(JSContext* cx, unsigned argc, Value* vp);
|
|
#endif
|
|
|
|
static bool class_constructor(JSContext* cx, unsigned argc, Value* vp);
|
|
|
|
static ArrayBufferObject* create(JSContext* cx, uint32_t nbytes,
|
|
BufferContents contents,
|
|
OwnsState ownsState = OwnsData,
|
|
HandleObject proto = nullptr,
|
|
NewObjectKind newKind = GenericObject);
|
|
static ArrayBufferObject* create(JSContext* cx, uint32_t nbytes,
|
|
HandleObject proto = nullptr,
|
|
NewObjectKind newKind = GenericObject);
|
|
|
|
static bool createDataViewForThisImpl(JSContext* cx, const CallArgs& args);
|
|
static bool createDataViewForThis(JSContext* cx, unsigned argc, Value* vp);
|
|
|
|
template<typename T>
|
|
static bool createTypedArrayFromBufferImpl(JSContext* cx, const CallArgs& args);
|
|
|
|
template<typename T>
|
|
static bool createTypedArrayFromBuffer(JSContext* cx, unsigned argc, Value* vp);
|
|
|
|
static void copyData(Handle<ArrayBufferObject*> toBuffer,
|
|
Handle<ArrayBufferObject*> fromBuffer,
|
|
uint32_t fromIndex, uint32_t count);
|
|
|
|
static void trace(JSTracer* trc, JSObject* obj);
|
|
static void objectMoved(JSObject* obj, const JSObject* old);
|
|
|
|
static BufferContents stealContents(JSContext* cx,
|
|
Handle<ArrayBufferObject*> buffer,
|
|
bool hasStealableContents);
|
|
|
|
bool hasStealableContents() const {
|
|
// Inline elements strictly adhere to the corresponding buffer.
|
|
if (!ownsData())
|
|
return false;
|
|
|
|
// Detached contents aren't transferrable because we want a detached
|
|
// buffer's contents to be backed by zeroed memory equal in length to
|
|
// the original buffer contents. Transferring these contents would
|
|
// allocate new ones based on the current byteLength, which is 0 for a
|
|
// detached buffer -- not the original byteLength.
|
|
return !isDetached();
|
|
}
|
|
|
|
// Return whether the buffer is allocated by js_malloc and should be freed
|
|
// with js_free.
|
|
bool hasMallocedContents() const {
|
|
return (ownsData() && isPlain()) || isWasmMalloced();
|
|
}
|
|
|
|
static void addSizeOfExcludingThis(JSObject* obj, mozilla::MallocSizeOf mallocSizeOf,
|
|
JS::ClassInfo* info);
|
|
|
|
// ArrayBufferObjects (strongly) store the first view added to them, while
|
|
// later views are (weakly) stored in the compartment's InnerViewTable
|
|
// below. Buffers usually only have one view, so this slot optimizes for
|
|
// the common case. Avoiding entries in the InnerViewTable saves memory and
|
|
// non-incrementalized sweep time.
|
|
ArrayBufferViewObject* firstView();
|
|
|
|
bool addView(JSContext* cx, JSObject* view);
|
|
|
|
void setNewOwnedData(FreeOp* fop, BufferContents newContents);
|
|
void changeContents(JSContext* cx, BufferContents newContents);
|
|
|
|
// Detach this buffer from its original memory. (This necessarily makes
|
|
// views of this buffer unusable for modifying that original memory.)
|
|
static MOZ_WARN_UNUSED_RESULT bool
|
|
detach(JSContext* cx, Handle<ArrayBufferObject*> buffer, BufferContents newContents);
|
|
|
|
private:
|
|
void changeViewContents(JSContext* cx, ArrayBufferViewObject* view,
|
|
uint8_t* oldDataPointer, BufferContents newContents);
|
|
void setFirstView(ArrayBufferViewObject* view);
|
|
|
|
uint8_t* inlineDataPointer() const;
|
|
|
|
public:
|
|
uint8_t* dataPointer() const;
|
|
SharedMem<uint8_t*> dataPointerShared() const;
|
|
uint32_t byteLength() const;
|
|
BufferContents contents() const {
|
|
return BufferContents(dataPointer(), bufferKind());
|
|
}
|
|
bool hasInlineData() const {
|
|
return dataPointer() == inlineDataPointer();
|
|
}
|
|
|
|
void releaseData(FreeOp* fop);
|
|
|
|
/*
|
|
* Check if the arrayBuffer contains any data. This will return false for
|
|
* ArrayBuffer.prototype and detached ArrayBuffers.
|
|
*/
|
|
bool hasData() const {
|
|
return getClass() == &class_;
|
|
}
|
|
|
|
BufferKind bufferKind() const { return BufferKind(flags() & BUFFER_KIND_MASK); }
|
|
bool isPlain() const { return bufferKind() == PLAIN; }
|
|
bool isWasmMapped() const { return bufferKind() == WASM_MAPPED; }
|
|
bool isWasmMalloced() const { return bufferKind() == WASM_MALLOCED; }
|
|
bool isWasm() const { return isWasmMapped() || isWasmMalloced(); }
|
|
bool isMapped() const { return bufferKind() == MAPPED; }
|
|
bool isDetached() const { return flags() & DETACHED; }
|
|
|
|
static ArrayBufferObject* createForWasm(JSContext* cx, uint32_t numBytes, bool signalsForOOB);
|
|
static bool prepareForAsmJS(JSContext* cx, Handle<ArrayBufferObject*> buffer, bool signalsForOOB);
|
|
|
|
static void finalize(FreeOp* fop, JSObject* obj);
|
|
|
|
static BufferContents createMappedContents(int fd, size_t offset, size_t length);
|
|
|
|
static size_t offsetOfFlagsSlot() {
|
|
return getFixedSlotOffset(FLAGS_SLOT);
|
|
}
|
|
static size_t offsetOfDataSlot() {
|
|
return getFixedSlotOffset(DATA_SLOT);
|
|
}
|
|
|
|
void setForInlineTypedObject() {
|
|
setFlags(flags() | FOR_INLINE_TYPED_OBJECT);
|
|
}
|
|
void setHasTypedObjectViews() {
|
|
setFlags(flags() | TYPED_OBJECT_VIEWS);
|
|
}
|
|
|
|
bool forInlineTypedObject() const { return flags() & FOR_INLINE_TYPED_OBJECT; }
|
|
|
|
protected:
|
|
void setDataPointer(BufferContents contents, OwnsState ownsState);
|
|
void setByteLength(uint32_t length);
|
|
|
|
uint32_t flags() const;
|
|
void setFlags(uint32_t flags);
|
|
|
|
bool ownsData() const { return flags() & OWNS_DATA; }
|
|
void setOwnsData(OwnsState owns) {
|
|
setFlags(owns ? (flags() | OWNS_DATA) : (flags() & ~OWNS_DATA));
|
|
}
|
|
|
|
bool hasTypedObjectViews() const { return flags() & TYPED_OBJECT_VIEWS; }
|
|
|
|
void setIsWasmMalloced() { setFlags((flags() & ~KIND_MASK) | WASM_MALLOCED); }
|
|
void setIsDetached() { setFlags(flags() | DETACHED); }
|
|
|
|
void initialize(size_t byteLength, BufferContents contents, OwnsState ownsState) {
|
|
setByteLength(byteLength);
|
|
setFlags(0);
|
|
setFirstView(nullptr);
|
|
setDataPointer(contents, ownsState);
|
|
}
|
|
};
|
|
|
|
/*
|
|
* ArrayBufferViewObject
|
|
*
|
|
* Common definitions shared by all array buffer views.
|
|
*/
|
|
|
|
class ArrayBufferViewObject : public JSObject
|
|
{
|
|
public:
|
|
static ArrayBufferObjectMaybeShared* bufferObject(JSContext* cx, Handle<ArrayBufferViewObject*> obj);
|
|
|
|
void notifyBufferDetached(void* newData);
|
|
|
|
#ifdef DEBUG
|
|
bool isSharedMemory();
|
|
#endif
|
|
|
|
// By construction we only need unshared variants here. See
|
|
// comments in ArrayBufferObject.cpp.
|
|
uint8_t* dataPointerUnshared();
|
|
void setDataPointerUnshared(uint8_t* data);
|
|
|
|
static void trace(JSTracer* trc, JSObject* obj);
|
|
};
|
|
|
|
bool
|
|
ToClampedIndex(JSContext* cx, HandleValue v, uint32_t length, uint32_t* out);
|
|
|
|
/*
|
|
* Tests for ArrayBufferObject, like obj->is<ArrayBufferObject>().
|
|
*/
|
|
bool IsArrayBuffer(HandleValue v);
|
|
bool IsArrayBuffer(HandleObject obj);
|
|
bool IsArrayBuffer(JSObject* obj);
|
|
ArrayBufferObject& AsArrayBuffer(HandleObject obj);
|
|
ArrayBufferObject& AsArrayBuffer(JSObject* obj);
|
|
|
|
extern uint32_t JS_FASTCALL
|
|
ClampDoubleToUint8(const double x);
|
|
|
|
struct uint8_clamped {
|
|
uint8_t val;
|
|
|
|
uint8_clamped() { }
|
|
uint8_clamped(const uint8_clamped& other) : val(other.val) { }
|
|
|
|
// invoke our assignment helpers for constructor conversion
|
|
explicit uint8_clamped(uint8_t x) { *this = x; }
|
|
explicit uint8_clamped(uint16_t x) { *this = x; }
|
|
explicit uint8_clamped(uint32_t x) { *this = x; }
|
|
explicit uint8_clamped(int8_t x) { *this = x; }
|
|
explicit uint8_clamped(int16_t x) { *this = x; }
|
|
explicit uint8_clamped(int32_t x) { *this = x; }
|
|
explicit uint8_clamped(double x) { *this = x; }
|
|
|
|
uint8_clamped& operator=(const uint8_clamped& x) {
|
|
val = x.val;
|
|
return *this;
|
|
}
|
|
|
|
uint8_clamped& operator=(uint8_t x) {
|
|
val = x;
|
|
return *this;
|
|
}
|
|
|
|
uint8_clamped& operator=(uint16_t x) {
|
|
val = (x > 255) ? 255 : uint8_t(x);
|
|
return *this;
|
|
}
|
|
|
|
uint8_clamped& operator=(uint32_t x) {
|
|
val = (x > 255) ? 255 : uint8_t(x);
|
|
return *this;
|
|
}
|
|
|
|
uint8_clamped& operator=(int8_t x) {
|
|
val = (x >= 0) ? uint8_t(x) : 0;
|
|
return *this;
|
|
}
|
|
|
|
uint8_clamped& operator=(int16_t x) {
|
|
val = (x >= 0)
|
|
? ((x < 255)
|
|
? uint8_t(x)
|
|
: 255)
|
|
: 0;
|
|
return *this;
|
|
}
|
|
|
|
uint8_clamped& operator=(int32_t x) {
|
|
val = (x >= 0)
|
|
? ((x < 255)
|
|
? uint8_t(x)
|
|
: 255)
|
|
: 0;
|
|
return *this;
|
|
}
|
|
|
|
uint8_clamped& operator=(const double x) {
|
|
val = uint8_t(ClampDoubleToUint8(x));
|
|
return *this;
|
|
}
|
|
|
|
operator uint8_t() const {
|
|
return val;
|
|
}
|
|
|
|
void staticAsserts() {
|
|
static_assert(sizeof(uint8_clamped) == 1,
|
|
"uint8_clamped must be layout-compatible with uint8_t");
|
|
}
|
|
};
|
|
|
|
/* Note that we can't use std::numeric_limits here due to uint8_clamped. */
|
|
template<typename T> inline bool TypeIsFloatingPoint() { return false; }
|
|
template<> inline bool TypeIsFloatingPoint<float>() { return true; }
|
|
template<> inline bool TypeIsFloatingPoint<double>() { return true; }
|
|
|
|
template<typename T> inline bool TypeIsUnsigned() { return false; }
|
|
template<> inline bool TypeIsUnsigned<uint8_t>() { return true; }
|
|
template<> inline bool TypeIsUnsigned<uint16_t>() { return true; }
|
|
template<> inline bool TypeIsUnsigned<uint32_t>() { return true; }
|
|
|
|
// Per-compartment table that manages the relationship between array buffers
|
|
// and the views that use their storage.
|
|
class InnerViewTable
|
|
{
|
|
public:
|
|
typedef Vector<ArrayBufferViewObject*, 1, SystemAllocPolicy> ViewVector;
|
|
|
|
friend class ArrayBufferObject;
|
|
|
|
private:
|
|
struct MapGCPolicy {
|
|
static bool needsSweep(JSObject** key, ViewVector* value) {
|
|
return InnerViewTable::sweepEntry(key, *value);
|
|
}
|
|
};
|
|
|
|
// This key is a raw pointer and not a ReadBarriered because the post-
|
|
// barrier would hold nursery-allocated entries live unconditionally. It is
|
|
// a very common pattern in low-level and performance-oriented JavaScript
|
|
// to create hundreds or thousands of very short lived temporary views on a
|
|
// larger buffer; having to tenured all of these would be a catastrophic
|
|
// performance regression. Thus, it is vital that nursery pointers in this
|
|
// map not be held live. Special support is required in the minor GC,
|
|
// implemented in sweepAfterMinorGC.
|
|
typedef GCHashMap<JSObject*,
|
|
ViewVector,
|
|
MovableCellHasher<JSObject*>,
|
|
SystemAllocPolicy,
|
|
MapGCPolicy> Map;
|
|
|
|
// For all objects sharing their storage with some other view, this maps
|
|
// the object to the list of such views. All entries in this map are weak.
|
|
Map map;
|
|
|
|
// List of keys from innerViews where either the source or at least one
|
|
// target is in the nursery. The raw pointer to a JSObject is allowed here
|
|
// because this vector is cleared after every minor collection. Users in
|
|
// sweepAfterMinorCollection must be careful to use MaybeForwarded before
|
|
// touching these pointers.
|
|
Vector<JSObject*, 0, SystemAllocPolicy> nurseryKeys;
|
|
|
|
// Whether nurseryKeys is a complete list.
|
|
bool nurseryKeysValid;
|
|
|
|
// Sweep an entry during GC, returning whether the entry should be removed.
|
|
static bool sweepEntry(JSObject** pkey, ViewVector& views);
|
|
|
|
bool addView(JSContext* cx, ArrayBufferObject* obj, ArrayBufferViewObject* view);
|
|
ViewVector* maybeViewsUnbarriered(ArrayBufferObject* obj);
|
|
void removeViews(ArrayBufferObject* obj);
|
|
|
|
public:
|
|
InnerViewTable()
|
|
: nurseryKeysValid(true)
|
|
{}
|
|
|
|
// Remove references to dead objects in the table and update table entries
|
|
// to reflect moved objects.
|
|
void sweep();
|
|
void sweepAfterMinorGC();
|
|
|
|
bool needsSweepAfterMinorGC() {
|
|
return !nurseryKeys.empty() || !nurseryKeysValid;
|
|
}
|
|
|
|
size_t sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf);
|
|
};
|
|
|
|
extern JSObject*
|
|
InitArrayBufferClass(JSContext* cx, HandleObject obj);
|
|
|
|
} // namespace js
|
|
|
|
template <>
|
|
bool
|
|
JSObject::is<js::ArrayBufferViewObject>() const;
|
|
|
|
template <>
|
|
bool
|
|
JSObject::is<js::ArrayBufferObjectMaybeShared>() const;
|
|
|
|
#endif // vm_ArrayBufferObject_h
|