1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
* vim: set ts=8 sts=2 et sw=2 tw=80:
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* JS Array interface. */
#ifndef builtin_Array_h
#define builtin_Array_h
#include "mozilla/Attributes.h"
#include "mozilla/TextUtils.h"
#include "jspubtd.h"
#include "vm/JSObject.h"
#include "vm/NativeObject.h" // js::ShouldUpdateTypes
namespace js {
class ArrayObject;
/* 2^32-2, inclusive */
const uint32_t MAX_ARRAY_INDEX = 4294967294u;
MOZ_ALWAYS_INLINE bool IdIsIndex(jsid id, uint32_t* indexp) {
if (JSID_IS_INT(id)) {
int32_t i = JSID_TO_INT(id);
MOZ_ASSERT(i >= 0);
*indexp = (uint32_t)i;
return true;
}
if (MOZ_UNLIKELY(!JSID_IS_STRING(id))) {
return false;
}
JSAtom* atom = JSID_TO_ATOM(id);
if (atom->length() == 0 ||
!mozilla::IsAsciiDigit(atom->latin1OrTwoByteChar(0))) {
return false;
}
return js::StringIsArrayIndex(atom, indexp);
}
// The methods below only create dense boxed arrays.
// Create a dense array with no capacity allocated, length set to 0, in the
// normal (i.e. non-tenured) heap.
extern ArrayObject* JS_FASTCALL
NewDenseEmptyArray(JSContext* cx, HandleObject proto = nullptr);
// Create a dense array with no capacity allocated, length set to 0, in the
// tenured heap.
extern ArrayObject* JS_FASTCALL
NewTenuredDenseEmptyArray(JSContext* cx, HandleObject proto = nullptr);
// Create a dense array with a set length, but without allocating space for the
// contents. This is useful, e.g., when accepting length from the user.
extern ArrayObject* JS_FASTCALL NewDenseUnallocatedArray(
JSContext* cx, uint32_t length, HandleObject proto = nullptr,
NewObjectKind newKind = GenericObject);
// Create a dense array with length and capacity == 'length', initialized length
// set to 0.
extern ArrayObject* JS_FASTCALL NewDenseFullyAllocatedArray(
JSContext* cx, uint32_t length, HandleObject proto = nullptr,
NewObjectKind newKind = GenericObject);
// Create a dense array with length == 'length', initialized length set to 0,
// and capacity == 'length' clamped to EagerAllocationMaxLength.
extern ArrayObject* NewDensePartlyAllocatedArray(
JSContext* cx, uint32_t length, HandleObject proto = nullptr,
NewObjectKind newKind = GenericObject);
// Create a dense array from the given array values, which must be rooted.
extern ArrayObject* NewDenseCopiedArray(JSContext* cx, uint32_t length,
const Value* values,
HandleObject proto = nullptr,
NewObjectKind newKind = GenericObject);
// Create a dense array based on templateObject with the given length.
extern ArrayObject* NewDenseFullyAllocatedArrayWithTemplate(
JSContext* cx, uint32_t length, ArrayObject* templateObject);
extern ArrayObject* NewArrayWithGroup(JSContext* cx, uint32_t length,
HandleObjectGroup group);
extern bool ToLength(JSContext* cx, HandleValue v, uint64_t* out);
extern bool GetLengthProperty(JSContext* cx, HandleObject obj,
uint32_t* lengthp);
extern bool SetLengthProperty(JSContext* cx, HandleObject obj, uint32_t length);
/*
* Copy 'length' elements from aobj to vp.
*
* This function assumes 'length' is effectively the result of calling
* GetLengthProperty on aobj. vp must point to rooted memory.
*/
extern bool GetElements(JSContext* cx, HandleObject aobj, uint32_t length,
js::Value* vp);
/* Natives exposed for optimization by the interpreter and JITs. */
extern bool intrinsic_ArrayNativeSort(JSContext* cx, unsigned argc,
js::Value* vp);
extern bool array_push(JSContext* cx, unsigned argc, js::Value* vp);
extern bool array_pop(JSContext* cx, unsigned argc, js::Value* vp);
extern bool array_join(JSContext* cx, unsigned argc, js::Value* vp);
extern void ArrayShiftMoveElements(ArrayObject* arr);
extern bool array_shift(JSContext* cx, unsigned argc, js::Value* vp);
extern bool array_slice(JSContext* cx, unsigned argc, js::Value* vp);
extern JSObject* ArraySliceDense(JSContext* cx, HandleObject obj, int32_t begin,
int32_t end, HandleObject result);
/*
* Append the given (non-hole) value to the end of an array. The array must be
* a newborn array -- that is, one which has not been exposed to script for
* arbitrary manipulation. (This method optimizes on the assumption that
* extending the array to accommodate the element will never make the array
* sparse, which requires that the array be completely filled.)
*/
extern bool NewbornArrayPush(JSContext* cx, HandleObject obj, const Value& v);
extern ArrayObject* ArrayConstructorOneArg(JSContext* cx,
HandleArrayObject templateObject,
int32_t lengthInt);
#ifdef DEBUG
extern bool ArrayInfo(JSContext* cx, unsigned argc, Value* vp);
#endif
/* Array constructor native. Exposed only so the JIT can know its address. */
extern bool ArrayConstructor(JSContext* cx, unsigned argc, Value* vp);
// Like Array constructor, but doesn't perform GetPrototypeFromConstructor.
extern bool array_construct(JSContext* cx, unsigned argc, Value* vp);
extern JSString* ArrayToSource(JSContext* cx, HandleObject obj);
extern bool IsCrossRealmArrayConstructor(JSContext* cx, JSObject* obj,
bool* result);
extern bool ObjectMayHaveExtraIndexedProperties(JSObject* obj);
// JS::IsArray has multiple overloads, use js::IsArrayFromJit to disambiguate.
extern bool IsArrayFromJit(JSContext* cx, HandleObject obj, bool* isArray);
class MOZ_NON_TEMPORARY_CLASS ArraySpeciesLookup final {
/*
* An ArraySpeciesLookup holds the following:
*
* Array.prototype (arrayProto_)
* To ensure that the incoming array has the standard proto.
*
* Array.prototype's shape (arrayProtoShape_)
* To ensure that Array.prototype has not been modified.
*
* Array (arrayConstructor_)
* Array's shape (arrayConstructorShape_)
* To ensure that Array has not been modified.
*
* Array.prototype's slot number for constructor (arrayProtoConstructorSlot_)
* To quickly retrieve and ensure that the Array constructor
* stored in the slot has not changed.
*
* Array's shape for the @@species getter. (arraySpeciesShape_)
* Array's canonical value for @@species (canonicalSpeciesFunc_)
* To quickly retrieve and ensure that the @@species getter for Array
* has not changed.
*
* MOZ_INIT_OUTSIDE_CTOR fields below are set in |initialize()|. The
* constructor only initializes a |state_| field, that defines whether the
* other fields are accessible.
*/
// Pointer to canonical Array.prototype and Array.
MOZ_INIT_OUTSIDE_CTOR NativeObject* arrayProto_;
MOZ_INIT_OUTSIDE_CTOR NativeObject* arrayConstructor_;
// Shape of matching Array, and slot containing the @@species
// property, and the canonical value.
MOZ_INIT_OUTSIDE_CTOR Shape* arrayConstructorShape_;
#ifdef DEBUG
MOZ_INIT_OUTSIDE_CTOR Shape* arraySpeciesShape_;
MOZ_INIT_OUTSIDE_CTOR JSFunction* canonicalSpeciesFunc_;
#endif
// Shape of matching Array.prototype object, and slot containing the
// constructor for it.
MOZ_INIT_OUTSIDE_CTOR Shape* arrayProtoShape_;
MOZ_INIT_OUTSIDE_CTOR uint32_t arrayProtoConstructorSlot_;
enum class State : uint8_t {
// Flags marking the lazy initialization of the above fields.
Uninitialized,
Initialized,
// The disabled flag is set when we don't want to try optimizing
// anymore because core objects were changed.
Disabled
};
State state_ = State::Uninitialized;
// Initialize the internal fields.
void initialize(JSContext* cx);
// Reset the cache.
void reset();
// Check if the global array-related objects have not been messed with
// in a way that would disable this cache.
bool isArrayStateStillSane();
public:
/** Construct an |ArraySpeciesLookup| in the uninitialized state. */
ArraySpeciesLookup() { reset(); }
// Try to optimize the @@species lookup for an array.
bool tryOptimizeArray(JSContext* cx, ArrayObject* array);
// Purge the cache and all info associated with it.
void purge() {
if (state_ == State::Initialized) {
reset();
}
}
};
} /* namespace js */
#endif /* builtin_Array_h */
|
