diff options
Diffstat (limited to 'js/src/jsnum.cpp')
-rw-r--r-- | js/src/jsnum.cpp | 2339 |
1 files changed, 2339 insertions, 0 deletions
diff --git a/js/src/jsnum.cpp b/js/src/jsnum.cpp new file mode 100644 index 0000000000..b51bac8390 --- /dev/null +++ b/js/src/jsnum.cpp @@ -0,0 +1,2339 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * JS number type and wrapper class. + */ + +#include "jsnum.h" + +#include "mozilla/Casting.h" +#include "mozilla/FloatingPoint.h" +#include "mozilla/Maybe.h" +#include "mozilla/RangedPtr.h" +#include "mozilla/TextUtils.h" +#include "mozilla/Utf8.h" + +#include <algorithm> +#include <iterator> +#include <limits> +#ifdef HAVE_LOCALECONV +# include <locale.h> +#endif +#include <math.h> +#include <string.h> // memmove +#include <string_view> + +#include "jstypes.h" + +#include "builtin/String.h" +#include "double-conversion/double-conversion.h" +#include "frontend/ParserAtom.h" // frontend::{ParserAtomsTable, TaggedParserAtomIndex} +#include "jit/InlinableNatives.h" +#include "js/CharacterEncoding.h" +#include "js/Conversions.h" +#include "js/friend/ErrorMessages.h" // js::GetErrorMessage, JSMSG_* +#include "js/GCAPI.h" +#if !JS_HAS_INTL_API +# include "js/LocaleSensitive.h" +#endif +#include "js/PropertyAndElement.h" // JS_DefineFunctions +#include "js/PropertySpec.h" +#include "util/DoubleToString.h" +#include "util/Memory.h" +#include "util/StringBuffer.h" +#include "vm/BigIntType.h" +#include "vm/GlobalObject.h" +#include "vm/JSAtomUtils.h" // Atomize, AtomizeString +#include "vm/JSContext.h" +#include "vm/JSObject.h" +#include "vm/StaticStrings.h" + +#include "vm/Compartment-inl.h" // For js::UnwrapAndTypeCheckThis +#include "vm/GeckoProfiler-inl.h" +#include "vm/JSAtomUtils-inl.h" // BackfillIndexInCharBuffer +#include "vm/NativeObject-inl.h" +#include "vm/NumberObject-inl.h" +#include "vm/StringType-inl.h" + +using namespace js; + +using mozilla::Abs; +using mozilla::AsciiAlphanumericToNumber; +using mozilla::IsAsciiAlphanumeric; +using mozilla::IsAsciiDigit; +using mozilla::Maybe; +using mozilla::MinNumberValue; +using mozilla::NegativeInfinity; +using mozilla::NumberEqualsInt32; +using mozilla::PositiveInfinity; +using mozilla::RangedPtr; +using mozilla::Utf8AsUnsignedChars; +using mozilla::Utf8Unit; + +using JS::AutoCheckCannotGC; +using JS::GenericNaN; +using JS::ToInt16; +using JS::ToInt32; +using JS::ToInt64; +using JS::ToInt8; +using JS::ToUint16; +using JS::ToUint32; +using JS::ToUint64; +using JS::ToUint8; + +static bool EnsureDtoaState(JSContext* cx) { + if (!cx->dtoaState) { + cx->dtoaState = NewDtoaState(); + if (!cx->dtoaState) { + return false; + } + } + return true; +} + +template <typename CharT> +static inline void AssertWellPlacedNumericSeparator(const CharT* s, + const CharT* start, + const CharT* end) { + MOZ_ASSERT(start < end, "string is non-empty"); + MOZ_ASSERT(s > start, "number can't start with a separator"); + MOZ_ASSERT(s + 1 < end, + "final character in a numeric literal can't be a separator"); + MOZ_ASSERT(*(s + 1) != '_', + "separator can't be followed by another separator"); + MOZ_ASSERT(*(s - 1) != '_', + "separator can't be preceded by another separator"); +} + +namespace { + +template <typename CharT> +class BinaryDigitReader { + const int base; /* Base of number; must be a power of 2 */ + int digit; /* Current digit value in radix given by base */ + int digitMask; /* Mask to extract the next bit from digit */ + const CharT* cur; /* Pointer to the remaining digits */ + const CharT* start; /* Pointer to the start of the string */ + const CharT* end; /* Pointer to first non-digit */ + + public: + BinaryDigitReader(int base, const CharT* start, const CharT* end) + : base(base), + digit(0), + digitMask(0), + cur(start), + start(start), + end(end) {} + + /* Return the next binary digit from the number, or -1 if done. */ + int nextDigit() { + if (digitMask == 0) { + if (cur == end) { + return -1; + } + + int c = *cur++; + if (c == '_') { + AssertWellPlacedNumericSeparator(cur - 1, start, end); + c = *cur++; + } + + MOZ_ASSERT(IsAsciiAlphanumeric(c)); + digit = AsciiAlphanumericToNumber(c); + digitMask = base >> 1; + } + + int bit = (digit & digitMask) != 0; + digitMask >>= 1; + return bit; + } +}; + +} /* anonymous namespace */ + +/* + * The fast result might also have been inaccurate for power-of-two bases. This + * happens if the addition in value * 2 + digit causes a round-down to an even + * least significant mantissa bit when the first dropped bit is a one. If any + * of the following digits in the number (which haven't been added in yet) are + * nonzero, then the correct action would have been to round up instead of + * down. An example occurs when reading the number 0x1000000000000081, which + * rounds to 0x1000000000000000 instead of 0x1000000000000100. + */ +template <typename CharT> +static double ComputeAccurateBinaryBaseInteger(const CharT* start, + const CharT* end, int base) { + BinaryDigitReader<CharT> bdr(base, start, end); + + /* Skip leading zeroes. */ + int bit; + do { + bit = bdr.nextDigit(); + } while (bit == 0); + + MOZ_ASSERT(bit == 1); // guaranteed by Get{Prefix,Decimal}Integer + + /* Gather the 53 significant bits (including the leading 1). */ + double value = 1.0; + for (int j = 52; j > 0; j--) { + bit = bdr.nextDigit(); + if (bit < 0) { + return value; + } + value = value * 2 + bit; + } + + /* bit2 is the 54th bit (the first dropped from the mantissa). */ + int bit2 = bdr.nextDigit(); + if (bit2 >= 0) { + double factor = 2.0; + int sticky = 0; /* sticky is 1 if any bit beyond the 54th is 1 */ + int bit3; + + while ((bit3 = bdr.nextDigit()) >= 0) { + sticky |= bit3; + factor *= 2; + } + value += bit2 & (bit | sticky); + value *= factor; + } + + return value; +} + +template <typename CharT> +double js::ParseDecimalNumber(const mozilla::Range<const CharT> chars) { + MOZ_ASSERT(chars.length() > 0); + uint64_t dec = 0; + RangedPtr<const CharT> s = chars.begin(), end = chars.end(); + do { + CharT c = *s; + MOZ_ASSERT('0' <= c && c <= '9'); + uint8_t digit = c - '0'; + uint64_t next = dec * 10 + digit; + MOZ_ASSERT(next < DOUBLE_INTEGRAL_PRECISION_LIMIT, + "next value won't be an integrally-precise double"); + dec = next; + } while (++s < end); + return static_cast<double>(dec); +} + +template double js::ParseDecimalNumber( + const mozilla::Range<const Latin1Char> chars); + +template double js::ParseDecimalNumber( + const mozilla::Range<const char16_t> chars); + +template <typename CharT> +static bool GetPrefixIntegerImpl(const CharT* start, const CharT* end, int base, + IntegerSeparatorHandling separatorHandling, + const CharT** endp, double* dp) { + MOZ_ASSERT(start <= end); + MOZ_ASSERT(2 <= base && base <= 36); + + const CharT* s = start; + double d = 0.0; + for (; s < end; s++) { + CharT c = *s; + if (!IsAsciiAlphanumeric(c)) { + if (c == '_' && + separatorHandling == IntegerSeparatorHandling::SkipUnderscore) { + AssertWellPlacedNumericSeparator(s, start, end); + continue; + } + break; + } + + uint8_t digit = AsciiAlphanumericToNumber(c); + if (digit >= base) { + break; + } + + d = d * base + digit; + } + + *endp = s; + *dp = d; + + /* If we haven't reached the limit of integer precision, we're done. */ + if (d < DOUBLE_INTEGRAL_PRECISION_LIMIT) { + return true; + } + + /* + * Otherwise compute the correct integer from the prefix of valid digits + * if we're computing for base ten or a power of two. Don't worry about + * other bases; see ES2018, 18.2.5 `parseInt(string, radix)`, step 13. + */ + if (base == 10) { + return false; + } + + if ((base & (base - 1)) == 0) { + *dp = ComputeAccurateBinaryBaseInteger(start, s, base); + } + + return true; +} + +template <typename CharT> +bool js::GetPrefixInteger(const CharT* start, const CharT* end, int base, + IntegerSeparatorHandling separatorHandling, + const CharT** endp, double* dp) { + if (GetPrefixIntegerImpl(start, end, base, separatorHandling, endp, dp)) { + return true; + } + + // Can only fail for base 10. + MOZ_ASSERT(base == 10); + + // If we're accumulating a decimal number and the number is >= 2^53, then the + // fast result from the loop in GetPrefixIntegerImpl may be inaccurate. Call + // GetDecimal to get the correct answer. + return GetDecimal(start, *endp, dp); +} + +namespace js { + +template bool GetPrefixInteger(const char16_t* start, const char16_t* end, + int base, + IntegerSeparatorHandling separatorHandling, + const char16_t** endp, double* dp); + +template bool GetPrefixInteger(const Latin1Char* start, const Latin1Char* end, + int base, + IntegerSeparatorHandling separatorHandling, + const Latin1Char** endp, double* dp); + +} // namespace js + +template <typename CharT> +bool js::GetDecimalInteger(const CharT* start, const CharT* end, double* dp) { + MOZ_ASSERT(start <= end); + + double d = 0.0; + for (const CharT* s = start; s < end; s++) { + CharT c = *s; + if (c == '_') { + AssertWellPlacedNumericSeparator(s, start, end); + continue; + } + MOZ_ASSERT(IsAsciiDigit(c)); + int digit = c - '0'; + d = d * 10 + digit; + } + + // If we haven't reached the limit of integer precision, we're done. + if (d < DOUBLE_INTEGRAL_PRECISION_LIMIT) { + *dp = d; + return true; + } + + // Otherwise compute the correct integer using GetDecimal. + return GetDecimal(start, end, dp); +} + +namespace js { + +template bool GetDecimalInteger(const char16_t* start, const char16_t* end, + double* dp); + +template bool GetDecimalInteger(const Latin1Char* start, const Latin1Char* end, + double* dp); + +template <> +bool GetDecimalInteger<Utf8Unit>(const Utf8Unit* start, const Utf8Unit* end, + double* dp) { + return GetDecimalInteger(Utf8AsUnsignedChars(start), Utf8AsUnsignedChars(end), + dp); +} + +} // namespace js + +template <typename CharT> +bool js::GetDecimal(const CharT* start, const CharT* end, double* dp) { + MOZ_ASSERT(start <= end); + + size_t length = end - start; + + auto convert = [](auto* chars, size_t length) -> double { + using SToDConverter = double_conversion::StringToDoubleConverter; + SToDConverter converter(/* flags = */ 0, /* empty_string_value = */ 0.0, + /* junk_string_value = */ 0.0, + /* infinity_symbol = */ nullptr, + /* nan_symbol = */ nullptr); + int lengthInt = mozilla::AssertedCast<int>(length); + int processed = 0; + double d = converter.StringToDouble(chars, lengthInt, &processed); + MOZ_ASSERT(processed >= 0); + MOZ_ASSERT(size_t(processed) == length); + return d; + }; + + // If there are no underscores, we don't need to copy the chars. + bool hasUnderscore = std::any_of(start, end, [](auto c) { return c == '_'; }); + if (!hasUnderscore) { + if constexpr (std::is_same_v<CharT, char16_t>) { + *dp = convert(reinterpret_cast<const uc16*>(start), length); + } else { + static_assert(std::is_same_v<CharT, Latin1Char>); + *dp = convert(reinterpret_cast<const char*>(start), length); + } + return true; + } + + Vector<char, 32, SystemAllocPolicy> chars; + if (!chars.growByUninitialized(length)) { + return false; + } + + const CharT* s = start; + size_t i = 0; + for (; s < end; s++) { + CharT c = *s; + if (c == '_') { + AssertWellPlacedNumericSeparator(s, start, end); + continue; + } + MOZ_ASSERT(IsAsciiDigit(c) || c == '.' || c == 'e' || c == 'E' || + c == '+' || c == '-'); + chars[i++] = char(c); + } + + *dp = convert(chars.begin(), i); + return true; +} + +namespace js { + +template bool GetDecimal(const char16_t* start, const char16_t* end, + double* dp); + +template bool GetDecimal(const Latin1Char* start, const Latin1Char* end, + double* dp); + +template <> +bool GetDecimal<Utf8Unit>(const Utf8Unit* start, const Utf8Unit* end, + double* dp) { + return GetDecimal(Utf8AsUnsignedChars(start), Utf8AsUnsignedChars(end), dp); +} + +} // namespace js + +static bool num_parseFloat(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + if (args.length() == 0) { + args.rval().setNaN(); + return true; + } + + if (args[0].isNumber()) { + // ToString(-0) is "0", handle it accordingly. + if (args[0].isDouble() && args[0].toDouble() == 0.0) { + args.rval().setInt32(0); + } else { + args.rval().set(args[0]); + } + return true; + } + + JSString* str = ToString<CanGC>(cx, args[0]); + if (!str) { + return false; + } + + if (str->hasIndexValue()) { + args.rval().setNumber(str->getIndexValue()); + return true; + } + + JSLinearString* linear = str->ensureLinear(cx); + if (!linear) { + return false; + } + + double d; + AutoCheckCannotGC nogc; + if (linear->hasLatin1Chars()) { + const Latin1Char* begin = linear->latin1Chars(nogc); + const Latin1Char* end; + d = js_strtod(begin, begin + linear->length(), &end); + if (end == begin) { + d = GenericNaN(); + } + } else { + const char16_t* begin = linear->twoByteChars(nogc); + const char16_t* end; + d = js_strtod(begin, begin + linear->length(), &end); + if (end == begin) { + d = GenericNaN(); + } + } + + args.rval().setDouble(d); + return true; +} + +// ES2023 draft rev 053d34c87b14d9234d6f7f45bd61074b72ca9d69 +// 19.2.5 parseInt ( string, radix ) +template <typename CharT> +static bool ParseIntImpl(JSContext* cx, const CharT* chars, size_t length, + bool stripPrefix, int32_t radix, double* res) { + // Step 2. + const CharT* end = chars + length; + const CharT* s = SkipSpace(chars, end); + + MOZ_ASSERT(chars <= s); + MOZ_ASSERT(s <= end); + + // Steps 3-4. + bool negative = (s != end && s[0] == '-'); + + // Step 5. */ + if (s != end && (s[0] == '-' || s[0] == '+')) { + s++; + } + + // Step 10. + if (stripPrefix) { + if (end - s >= 2 && s[0] == '0' && (s[1] == 'x' || s[1] == 'X')) { + s += 2; + radix = 16; + } + } + + // Steps 11-15. + const CharT* actualEnd; + double d; + if (!js::GetPrefixInteger(s, end, radix, IntegerSeparatorHandling::None, + &actualEnd, &d)) { + ReportOutOfMemory(cx); + return false; + } + + if (s == actualEnd) { + *res = GenericNaN(); + } else { + *res = negative ? -d : d; + } + return true; +} + +// ES2023 draft rev 053d34c87b14d9234d6f7f45bd61074b72ca9d69 +// 19.2.5 parseInt ( string, radix ) +bool js::NumberParseInt(JSContext* cx, HandleString str, int32_t radix, + MutableHandleValue result) { + // Step 7. + bool stripPrefix = true; + + // Steps 8-9. + if (radix != 0) { + if (radix < 2 || radix > 36) { + result.setNaN(); + return true; + } + + if (radix != 16) { + stripPrefix = false; + } + } else { + radix = 10; + } + MOZ_ASSERT(2 <= radix && radix <= 36); + + JSLinearString* linear = str->ensureLinear(cx); + if (!linear) { + return false; + } + + // Steps 2-5, 10-16. + AutoCheckCannotGC nogc; + size_t length = linear->length(); + double number; + if (linear->hasLatin1Chars()) { + if (!ParseIntImpl(cx, linear->latin1Chars(nogc), length, stripPrefix, radix, + &number)) { + return false; + } + } else { + if (!ParseIntImpl(cx, linear->twoByteChars(nogc), length, stripPrefix, + radix, &number)) { + return false; + } + } + + result.setNumber(number); + return true; +} + +// ES2023 draft rev 053d34c87b14d9234d6f7f45bd61074b72ca9d69 +// 19.2.5 parseInt ( string, radix ) +static bool num_parseInt(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + /* Fast paths and exceptional cases. */ + if (args.length() == 0) { + args.rval().setNaN(); + return true; + } + + if (args.length() == 1 || (args[1].isInt32() && (args[1].toInt32() == 0 || + args[1].toInt32() == 10))) { + if (args[0].isInt32()) { + args.rval().set(args[0]); + return true; + } + + /* + * Step 1 is |inputString = ToString(string)|. When string >= + * 1e21, ToString(string) is in the form "NeM". 'e' marks the end of + * the word, which would mean the result of parseInt(string) should be |N|. + * + * To preserve this behaviour, we can't use the fast-path when string >= + * 1e21, or else the result would be |NeM|. + * + * The same goes for values smaller than 1.0e-6, because the string would be + * in the form of "Ne-M". + */ + if (args[0].isDouble()) { + double d = args[0].toDouble(); + if (DOUBLE_DECIMAL_IN_SHORTEST_LOW <= d && + d < DOUBLE_DECIMAL_IN_SHORTEST_HIGH) { + args.rval().setNumber(floor(d)); + return true; + } + if (-DOUBLE_DECIMAL_IN_SHORTEST_HIGH < d && + d <= -DOUBLE_DECIMAL_IN_SHORTEST_LOW) { + args.rval().setNumber(-floor(-d)); + return true; + } + if (d == 0.0) { + args.rval().setInt32(0); + return true; + } + } + + if (args[0].isString()) { + JSString* str = args[0].toString(); + if (str->hasIndexValue()) { + args.rval().setNumber(str->getIndexValue()); + return true; + } + } + } + + // Step 1. + RootedString inputString(cx, ToString<CanGC>(cx, args[0])); + if (!inputString) { + return false; + } + + // Step 6. + int32_t radix = 0; + if (args.hasDefined(1)) { + if (!ToInt32(cx, args[1], &radix)) { + return false; + } + } + + // Steps 2-5, 7-16. + return NumberParseInt(cx, inputString, radix, args.rval()); +} + +static const JSFunctionSpec number_functions[] = { + JS_SELF_HOSTED_FN("isNaN", "Global_isNaN", 1, JSPROP_RESOLVING), + JS_SELF_HOSTED_FN("isFinite", "Global_isFinite", 1, JSPROP_RESOLVING), + JS_FS_END}; + +const JSClass NumberObject::class_ = { + "Number", + JSCLASS_HAS_RESERVED_SLOTS(1) | JSCLASS_HAS_CACHED_PROTO(JSProto_Number), + JS_NULL_CLASS_OPS, &NumberObject::classSpec_}; + +static bool Number(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + if (args.length() > 0) { + // BigInt proposal section 6.2, steps 2a-c. + if (!ToNumeric(cx, args[0])) { + return false; + } + if (args[0].isBigInt()) { + args[0].setNumber(BigInt::numberValue(args[0].toBigInt())); + } + MOZ_ASSERT(args[0].isNumber()); + } + + if (!args.isConstructing()) { + if (args.length() > 0) { + args.rval().set(args[0]); + } else { + args.rval().setInt32(0); + } + return true; + } + + RootedObject proto(cx); + if (!GetPrototypeFromBuiltinConstructor(cx, args, JSProto_Number, &proto)) { + return false; + } + + double d = args.length() > 0 ? args[0].toNumber() : 0; + JSObject* obj = NumberObject::create(cx, d, proto); + if (!obj) { + return false; + } + args.rval().setObject(*obj); + return true; +} + +// ES2020 draft rev e08b018785606bc6465a0456a79604b149007932 +// 20.1.3 Properties of the Number Prototype Object, thisNumberValue. +MOZ_ALWAYS_INLINE +static bool ThisNumberValue(JSContext* cx, const CallArgs& args, + const char* methodName, double* number) { + HandleValue thisv = args.thisv(); + + // Step 1. + if (thisv.isNumber()) { + *number = thisv.toNumber(); + return true; + } + + // Steps 2-3. + auto* obj = UnwrapAndTypeCheckThis<NumberObject>(cx, args, methodName); + if (!obj) { + return false; + } + + *number = obj->unbox(); + return true; +} + +// On-off helper function for the self-hosted Number_toLocaleString method. +// This only exists to produce an error message with the right method name. +bool js::ThisNumberValueForToLocaleString(JSContext* cx, unsigned argc, + Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + double d; + if (!ThisNumberValue(cx, args, "toLocaleString", &d)) { + return false; + } + + args.rval().setNumber(d); + return true; +} + +static bool num_toSource(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + double d; + if (!ThisNumberValue(cx, args, "toSource", &d)) { + return false; + } + + JSStringBuilder sb(cx); + if (!sb.append("(new Number(") || + !NumberValueToStringBuffer(NumberValue(d), sb) || !sb.append("))")) { + return false; + } + + JSString* str = sb.finishString(); + if (!str) { + return false; + } + args.rval().setString(str); + return true; +} + +// Subtract one from DTOSTR_STANDARD_BUFFER_SIZE to exclude the null-character. +static_assert( + double_conversion::DoubleToStringConverter::kMaxCharsEcmaScriptShortest == + DTOSTR_STANDARD_BUFFER_SIZE - 1, + "double_conversion and dtoa both agree how large the longest string " + "can be"); + +static_assert(DTOSTR_STANDARD_BUFFER_SIZE <= JS::MaximumNumberToStringLength, + "MaximumNumberToStringLength is large enough to hold the longest " + "string produced by a conversion"); + +MOZ_ALWAYS_INLINE +static JSLinearString* LookupDtoaCache(JSContext* cx, double d) { + if (Realm* realm = cx->realm()) { + if (JSLinearString* str = realm->dtoaCache.lookup(10, d)) { + return str; + } + } + + return nullptr; +} + +MOZ_ALWAYS_INLINE +static void CacheNumber(JSContext* cx, double d, JSLinearString* str) { + if (Realm* realm = cx->realm()) { + realm->dtoaCache.cache(10, d, str); + } +} + +MOZ_ALWAYS_INLINE +static JSLinearString* LookupInt32ToString(JSContext* cx, int32_t si) { + if (si >= 0 && StaticStrings::hasInt(si)) { + return cx->staticStrings().getInt(si); + } + + return LookupDtoaCache(cx, si); +} + +template <typename T> +MOZ_ALWAYS_INLINE static T* BackfillInt32InBuffer(int32_t si, T* buffer, + size_t size, size_t* length) { + uint32_t ui = Abs(si); + MOZ_ASSERT_IF(si == INT32_MIN, ui == uint32_t(INT32_MAX) + 1); + + RangedPtr<T> end(buffer + size - 1, buffer, size); + *end = '\0'; + RangedPtr<T> start = BackfillIndexInCharBuffer(ui, end); + if (si < 0) { + *--start = '-'; + } + + *length = end - start; + return start.get(); +} + +template <AllowGC allowGC> +JSLinearString* js::Int32ToString(JSContext* cx, int32_t si) { + return js::Int32ToStringWithHeap<allowGC>(cx, si, gc::Heap::Default); +} +template JSLinearString* js::Int32ToString<CanGC>(JSContext* cx, int32_t si); +template JSLinearString* js::Int32ToString<NoGC>(JSContext* cx, int32_t si); + +template <AllowGC allowGC> +JSLinearString* js::Int32ToStringWithHeap(JSContext* cx, int32_t si, + gc::Heap heap) { + if (JSLinearString* str = LookupInt32ToString(cx, si)) { + return str; + } + + Latin1Char buffer[JSFatInlineString::MAX_LENGTH_LATIN1 + 1]; + size_t length; + Latin1Char* start = + BackfillInt32InBuffer(si, buffer, std::size(buffer), &length); + + mozilla::Range<const Latin1Char> chars(start, length); + JSInlineString* str = NewInlineString<allowGC>(cx, chars, heap); + if (!str) { + return nullptr; + } + if (si >= 0) { + str->maybeInitializeIndexValue(si); + } + + CacheNumber(cx, si, str); + return str; +} +template JSLinearString* js::Int32ToStringWithHeap<CanGC>(JSContext* cx, + int32_t si, + gc::Heap heap); +template JSLinearString* js::Int32ToStringWithHeap<NoGC>(JSContext* cx, + int32_t si, + gc::Heap heap); + +JSLinearString* js::Int32ToStringPure(JSContext* cx, int32_t si) { + AutoUnsafeCallWithABI unsafe; + return Int32ToString<NoGC>(cx, si); +} + +JSAtom* js::Int32ToAtom(JSContext* cx, int32_t si) { + if (JSLinearString* str = LookupInt32ToString(cx, si)) { + return js::AtomizeString(cx, str); + } + + char buffer[JSFatInlineString::MAX_LENGTH_TWO_BYTE + 1]; + size_t length; + char* start = BackfillInt32InBuffer( + si, buffer, JSFatInlineString::MAX_LENGTH_TWO_BYTE + 1, &length); + + Maybe<uint32_t> indexValue; + if (si >= 0) { + indexValue.emplace(si); + } + + JSAtom* atom = Atomize(cx, start, length, indexValue); + if (!atom) { + return nullptr; + } + + CacheNumber(cx, si, atom); + return atom; +} + +frontend::TaggedParserAtomIndex js::Int32ToParserAtom( + FrontendContext* fc, frontend::ParserAtomsTable& parserAtoms, int32_t si) { + char buffer[JSFatInlineString::MAX_LENGTH_TWO_BYTE + 1]; + size_t length; + char* start = BackfillInt32InBuffer( + si, buffer, JSFatInlineString::MAX_LENGTH_TWO_BYTE + 1, &length); + + Maybe<uint32_t> indexValue; + if (si >= 0) { + indexValue.emplace(si); + } + + return parserAtoms.internAscii(fc, start, length); +} + +/* Returns a non-nullptr pointer to inside `buf`. */ +template <typename T> +static char* Int32ToCStringWithBase(mozilla::Range<char> buf, T i, size_t* len, + int base) { + uint32_t u; + if constexpr (std::is_signed_v<T>) { + u = Abs(i); + } else { + u = i; + } + + RangedPtr<char> cp = buf.end() - 1; + + char* end = cp.get(); + *cp = '\0'; + + /* Build the string from behind. */ + switch (base) { + case 10: + cp = BackfillIndexInCharBuffer(u, cp); + break; + case 16: + do { + unsigned newu = u / 16; + *--cp = "0123456789abcdef"[u - newu * 16]; + u = newu; + } while (u != 0); + break; + default: + MOZ_ASSERT(base >= 2 && base <= 36); + do { + unsigned newu = u / base; + *--cp = "0123456789abcdefghijklmnopqrstuvwxyz"[u - newu * base]; + u = newu; + } while (u != 0); + break; + } + if constexpr (std::is_signed_v<T>) { + if (i < 0) { + *--cp = '-'; + } + } + + *len = end - cp.get(); + return cp.get(); +} + +/* Returns a non-nullptr pointer to inside `out`. */ +template <typename T, size_t Length> +static char* Int32ToCStringWithBase(char (&out)[Length], T i, size_t* len, + int base) { + // The buffer needs to be large enough to hold the largest number, including + // the sign and the terminating null-character. + static_assert(std::numeric_limits<T>::digits + (2 * std::is_signed_v<T>) < + Length); + + mozilla::Range<char> buf(out, Length); + return Int32ToCStringWithBase(buf, i, len, base); +} + +/* Returns a non-nullptr pointer to inside `out`. */ +template <typename T, size_t Base, size_t Length> +static char* Int32ToCString(char (&out)[Length], T i, size_t* len) { + // The buffer needs to be large enough to hold the largest number, including + // the sign and the terminating null-character. + if constexpr (Base == 10) { + static_assert(std::numeric_limits<T>::digits10 + 1 + std::is_signed_v<T> < + Length); + } else { + // Compute digits16 analog to std::numeric_limits::digits10, which is + // defined as |std::numeric_limits::digits * std::log10(2)| for integer + // types. + // Note: log16(2) is 1/4. + static_assert(Base == 16); + static_assert(((std::numeric_limits<T>::digits + std::is_signed_v<T>) / 4 + + std::is_signed_v<T>) < Length); + } + + mozilla::Range<char> buf(out, Length); + return Int32ToCStringWithBase(buf, i, len, Base); +} + +/* Returns a non-nullptr pointer to inside `cbuf`. */ +template <typename T, size_t Base = 10> +static char* Int32ToCString(ToCStringBuf* cbuf, T i, size_t* len) { + return Int32ToCString<T, Base>(cbuf->sbuf, i, len); +} + +/* Returns a non-nullptr pointer to inside `cbuf`. */ +template <typename T, size_t Base = 10> +static char* Int32ToCString(Int32ToCStringBuf* cbuf, T i, size_t* len) { + return Int32ToCString<T, Base>(cbuf->sbuf, i, len); +} + +template <AllowGC allowGC> +static JSString* NumberToStringWithBase(JSContext* cx, double d, int base); + +static bool num_toString(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + double d; + if (!ThisNumberValue(cx, args, "toString", &d)) { + return false; + } + + int32_t base = 10; + if (args.hasDefined(0)) { + double d2; + if (!ToInteger(cx, args[0], &d2)) { + return false; + } + + if (d2 < 2 || d2 > 36) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_BAD_RADIX); + return false; + } + + base = int32_t(d2); + } + JSString* str = NumberToStringWithBase<CanGC>(cx, d, base); + if (!str) { + return false; + } + args.rval().setString(str); + return true; +} + +#if !JS_HAS_INTL_API +static bool num_toLocaleString(JSContext* cx, unsigned argc, Value* vp) { + AutoJSMethodProfilerEntry pseudoFrame(cx, "Number.prototype", + "toLocaleString"); + CallArgs args = CallArgsFromVp(argc, vp); + + double d; + if (!ThisNumberValue(cx, args, "toLocaleString", &d)) { + return false; + } + + RootedString str(cx, NumberToStringWithBase<CanGC>(cx, d, 10)); + if (!str) { + return false; + } + + /* + * Create the string, move back to bytes to make string twiddling + * a bit easier and so we can insert platform charset seperators. + */ + UniqueChars numBytes = EncodeAscii(cx, str); + if (!numBytes) { + return false; + } + const char* num = numBytes.get(); + if (!num) { + return false; + } + + /* + * Find the first non-integer value, whether it be a letter as in + * 'Infinity', a decimal point, or an 'e' from exponential notation. + */ + const char* nint = num; + if (*nint == '-') { + nint++; + } + while (*nint >= '0' && *nint <= '9') { + nint++; + } + int digits = nint - num; + const char* end = num + digits; + if (!digits) { + args.rval().setString(str); + return true; + } + + JSRuntime* rt = cx->runtime(); + size_t thousandsLength = strlen(rt->thousandsSeparator); + size_t decimalLength = strlen(rt->decimalSeparator); + + /* Figure out how long resulting string will be. */ + int buflen = strlen(num); + if (*nint == '.') { + buflen += decimalLength - 1; /* -1 to account for existing '.' */ + } + + const char* numGrouping; + const char* tmpGroup; + numGrouping = tmpGroup = rt->numGrouping; + int remainder = digits; + if (*num == '-') { + remainder--; + } + + while (*tmpGroup != CHAR_MAX && *tmpGroup != '\0') { + if (*tmpGroup >= remainder) { + break; + } + buflen += thousandsLength; + remainder -= *tmpGroup; + tmpGroup++; + } + + int nrepeat; + if (*tmpGroup == '\0' && *numGrouping != '\0') { + nrepeat = (remainder - 1) / tmpGroup[-1]; + buflen += thousandsLength * nrepeat; + remainder -= nrepeat * tmpGroup[-1]; + } else { + nrepeat = 0; + } + tmpGroup--; + + char* buf = cx->pod_malloc<char>(buflen + 1); + if (!buf) { + return false; + } + + char* tmpDest = buf; + const char* tmpSrc = num; + + while (*tmpSrc == '-' || remainder--) { + MOZ_ASSERT(tmpDest - buf < buflen); + *tmpDest++ = *tmpSrc++; + } + while (tmpSrc < end) { + MOZ_ASSERT(tmpDest - buf + ptrdiff_t(thousandsLength) <= buflen); + strcpy(tmpDest, rt->thousandsSeparator); + tmpDest += thousandsLength; + MOZ_ASSERT(tmpDest - buf + *tmpGroup <= buflen); + js_memcpy(tmpDest, tmpSrc, *tmpGroup); + tmpDest += *tmpGroup; + tmpSrc += *tmpGroup; + if (--nrepeat < 0) { + tmpGroup--; + } + } + + if (*nint == '.') { + MOZ_ASSERT(tmpDest - buf + ptrdiff_t(decimalLength) <= buflen); + strcpy(tmpDest, rt->decimalSeparator); + tmpDest += decimalLength; + MOZ_ASSERT(tmpDest - buf + ptrdiff_t(strlen(nint + 1)) <= buflen); + strcpy(tmpDest, nint + 1); + } else { + MOZ_ASSERT(tmpDest - buf + ptrdiff_t(strlen(nint)) <= buflen); + strcpy(tmpDest, nint); + } + + if (cx->runtime()->localeCallbacks && + cx->runtime()->localeCallbacks->localeToUnicode) { + Rooted<Value> v(cx, StringValue(str)); + bool ok = !!cx->runtime()->localeCallbacks->localeToUnicode(cx, buf, &v); + if (ok) { + args.rval().set(v); + } + js_free(buf); + return ok; + } + + str = NewStringCopyN<CanGC>(cx, buf, buflen); + js_free(buf); + if (!str) { + return false; + } + + args.rval().setString(str); + return true; +} +#endif /* !JS_HAS_INTL_API */ + +bool js::num_valueOf(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + double d; + if (!ThisNumberValue(cx, args, "valueOf", &d)) { + return false; + } + + args.rval().setNumber(d); + return true; +} + +static const unsigned MAX_PRECISION = 100; + +static bool ComputePrecisionInRange(JSContext* cx, int minPrecision, + int maxPrecision, double prec, + int* precision) { + if (minPrecision <= prec && prec <= maxPrecision) { + *precision = int(prec); + return true; + } + + ToCStringBuf cbuf; + char* numStr = NumberToCString(&cbuf, prec); + MOZ_ASSERT(numStr); + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PRECISION_RANGE, + numStr); + return false; +} + +static constexpr size_t DoubleToStrResultBufSize = 128; + +template <typename Op> +[[nodiscard]] static bool DoubleToStrResult(JSContext* cx, const CallArgs& args, + Op op) { + char buf[DoubleToStrResultBufSize]; + + const auto& converter = + double_conversion::DoubleToStringConverter::EcmaScriptConverter(); + double_conversion::StringBuilder builder(buf, sizeof(buf)); + + bool ok = op(converter, builder); + MOZ_RELEASE_ASSERT(ok); + + size_t numStrLen = builder.position(); + const char* numStr = builder.Finalize(); + MOZ_ASSERT(numStr == buf); + MOZ_ASSERT(numStrLen == strlen(numStr)); + + JSString* str = NewStringCopyN<CanGC>(cx, numStr, numStrLen); + if (!str) { + return false; + } + + args.rval().setString(str); + return true; +} + +// ES 2021 draft 21.1.3.3. +static bool num_toFixed(JSContext* cx, unsigned argc, Value* vp) { + AutoJSMethodProfilerEntry pseudoFrame(cx, "Number.prototype", "toFixed"); + CallArgs args = CallArgsFromVp(argc, vp); + + // Step 1. + double d; + if (!ThisNumberValue(cx, args, "toFixed", &d)) { + return false; + } + + // Steps 2-5. + int precision; + if (args.length() == 0) { + precision = 0; + } else { + double prec = 0; + if (!ToInteger(cx, args[0], &prec)) { + return false; + } + + if (!ComputePrecisionInRange(cx, 0, MAX_PRECISION, prec, &precision)) { + return false; + } + } + + // Step 6. + if (std::isnan(d)) { + args.rval().setString(cx->names().NaN); + return true; + } + if (std::isinf(d)) { + if (d > 0) { + args.rval().setString(cx->names().Infinity); + return true; + } + + args.rval().setString(cx->names().NegativeInfinity_); + return true; + } + + // Steps 7-10 for very large numbers. + if (d <= -1e21 || d >= 1e+21) { + JSString* s = NumberToString<CanGC>(cx, d); + if (!s) { + return false; + } + + args.rval().setString(s); + return true; + } + + // Steps 7-12. + + // DoubleToStringConverter::ToFixed is documented as requiring a buffer size + // of: + // + // 1 + kMaxFixedDigitsBeforePoint + 1 + kMaxFixedDigitsAfterPoint + 1 + // (one additional character for the sign, one for the decimal point, + // and one for the null terminator) + // + // We already ensured there are at most 21 digits before the point, and + // MAX_PRECISION digits after the point. + static_assert(1 + 21 + 1 + MAX_PRECISION + 1 <= DoubleToStrResultBufSize); + + // The double-conversion library by default has a kMaxFixedDigitsAfterPoint of + // 60. Assert our modified version supports at least MAX_PRECISION (100). + using DToSConverter = double_conversion::DoubleToStringConverter; + static_assert(DToSConverter::kMaxFixedDigitsAfterPoint >= MAX_PRECISION); + + return DoubleToStrResult(cx, args, [&](auto& converter, auto& builder) { + return converter.ToFixed(d, precision, &builder); + }); +} + +// ES 2021 draft 21.1.3.2. +static bool num_toExponential(JSContext* cx, unsigned argc, Value* vp) { + AutoJSMethodProfilerEntry pseudoFrame(cx, "Number.prototype", + "toExponential"); + CallArgs args = CallArgsFromVp(argc, vp); + + // Step 1. + double d; + if (!ThisNumberValue(cx, args, "toExponential", &d)) { + return false; + } + + // Step 2. + double prec = 0; + if (args.hasDefined(0)) { + if (!ToInteger(cx, args[0], &prec)) { + return false; + } + } + + // Step 3. + MOZ_ASSERT_IF(!args.hasDefined(0), prec == 0); + + // Step 4. + if (std::isnan(d)) { + args.rval().setString(cx->names().NaN); + return true; + } + if (std::isinf(d)) { + if (d > 0) { + args.rval().setString(cx->names().Infinity); + return true; + } + + args.rval().setString(cx->names().NegativeInfinity_); + return true; + } + + // Step 5. + int precision = 0; + if (!ComputePrecisionInRange(cx, 0, MAX_PRECISION, prec, &precision)) { + return false; + } + + // Steps 6-15. + + // DoubleToStringConverter::ToExponential is documented as adding at most 8 + // characters on top of the requested digits: "the sign, the digit before the + // decimal point, the decimal point, the exponent character, the exponent's + // sign, and at most 3 exponent digits". In addition, the buffer must be able + // to hold the trailing '\0' character. + static_assert(MAX_PRECISION + 8 + 1 <= DoubleToStrResultBufSize); + + return DoubleToStrResult(cx, args, [&](auto& converter, auto& builder) { + int requestedDigits = args.hasDefined(0) ? precision : -1; + return converter.ToExponential(d, requestedDigits, &builder); + }); +} + +// ES 2021 draft 21.1.3.5. +static bool num_toPrecision(JSContext* cx, unsigned argc, Value* vp) { + AutoJSMethodProfilerEntry pseudoFrame(cx, "Number.prototype", "toPrecision"); + CallArgs args = CallArgsFromVp(argc, vp); + + // Step 1. + double d; + if (!ThisNumberValue(cx, args, "toPrecision", &d)) { + return false; + } + + // Step 2. + if (!args.hasDefined(0)) { + JSString* str = NumberToStringWithBase<CanGC>(cx, d, 10); + if (!str) { + return false; + } + args.rval().setString(str); + return true; + } + + // Step 3. + double prec = 0; + if (!ToInteger(cx, args[0], &prec)) { + return false; + } + + // Step 4. + if (std::isnan(d)) { + args.rval().setString(cx->names().NaN); + return true; + } + if (std::isinf(d)) { + if (d > 0) { + args.rval().setString(cx->names().Infinity); + return true; + } + + args.rval().setString(cx->names().NegativeInfinity_); + return true; + } + + // Step 5. + int precision = 0; + if (!ComputePrecisionInRange(cx, 1, MAX_PRECISION, prec, &precision)) { + return false; + } + + // Steps 6-14. + + // DoubleToStringConverter::ToPrecision is documented as adding at most 7 + // characters on top of the requested digits: "the sign, the decimal point, + // the exponent character, the exponent's sign, and at most 3 exponent + // digits". In addition, the buffer must be able to hold the trailing '\0' + // character. + static_assert(MAX_PRECISION + 7 + 1 <= DoubleToStrResultBufSize); + + return DoubleToStrResult(cx, args, [&](auto& converter, auto& builder) { + return converter.ToPrecision(d, precision, &builder); + }); +} + +static const JSFunctionSpec number_methods[] = { + JS_FN("toSource", num_toSource, 0, 0), + JS_INLINABLE_FN("toString", num_toString, 1, 0, NumberToString), +#if JS_HAS_INTL_API + JS_SELF_HOSTED_FN("toLocaleString", "Number_toLocaleString", 0, 0), +#else + JS_FN("toLocaleString", num_toLocaleString, 0, 0), +#endif + JS_FN("valueOf", num_valueOf, 0, 0), + JS_FN("toFixed", num_toFixed, 1, 0), + JS_FN("toExponential", num_toExponential, 1, 0), + JS_FN("toPrecision", num_toPrecision, 1, 0), + JS_FS_END}; + +bool js::IsInteger(double d) { + return std::isfinite(d) && JS::ToInteger(d) == d; +} + +static const JSFunctionSpec number_static_methods[] = { + JS_SELF_HOSTED_FN("isFinite", "Number_isFinite", 1, 0), + JS_SELF_HOSTED_FN("isInteger", "Number_isInteger", 1, 0), + JS_SELF_HOSTED_FN("isNaN", "Number_isNaN", 1, 0), + JS_SELF_HOSTED_FN("isSafeInteger", "Number_isSafeInteger", 1, 0), + JS_FS_END}; + +static const JSPropertySpec number_static_properties[] = { + JS_DOUBLE_PS("POSITIVE_INFINITY", mozilla::PositiveInfinity<double>(), + JSPROP_READONLY | JSPROP_PERMANENT), + JS_DOUBLE_PS("NEGATIVE_INFINITY", mozilla::NegativeInfinity<double>(), + JSPROP_READONLY | JSPROP_PERMANENT), + JS_DOUBLE_PS("MAX_VALUE", 1.7976931348623157E+308, + JSPROP_READONLY | JSPROP_PERMANENT), + JS_DOUBLE_PS("MIN_VALUE", MinNumberValue<double>(), + JSPROP_READONLY | JSPROP_PERMANENT), + /* ES6 (April 2014 draft) 20.1.2.6 */ + JS_DOUBLE_PS("MAX_SAFE_INTEGER", 9007199254740991, + JSPROP_READONLY | JSPROP_PERMANENT), + /* ES6 (April 2014 draft) 20.1.2.10 */ + JS_DOUBLE_PS("MIN_SAFE_INTEGER", -9007199254740991, + JSPROP_READONLY | JSPROP_PERMANENT), + /* ES6 (May 2013 draft) 15.7.3.7 */ + JS_DOUBLE_PS("EPSILON", 2.2204460492503130808472633361816e-16, + JSPROP_READONLY | JSPROP_PERMANENT), + JS_PS_END}; + +bool js::InitRuntimeNumberState(JSRuntime* rt) { + // XXX If JS_HAS_INTL_API becomes true all the time at some point, + // js::InitRuntimeNumberState is no longer fallible, and we should + // change its return type. +#if !JS_HAS_INTL_API + /* Copy locale-specific separators into the runtime strings. */ + const char* thousandsSeparator; + const char* decimalPoint; + const char* grouping; +# ifdef HAVE_LOCALECONV + struct lconv* locale = localeconv(); + thousandsSeparator = locale->thousands_sep; + decimalPoint = locale->decimal_point; + grouping = locale->grouping; +# else + thousandsSeparator = getenv("LOCALE_THOUSANDS_SEP"); + decimalPoint = getenv("LOCALE_DECIMAL_POINT"); + grouping = getenv("LOCALE_GROUPING"); +# endif + if (!thousandsSeparator) { + thousandsSeparator = "'"; + } + if (!decimalPoint) { + decimalPoint = "."; + } + if (!grouping) { + grouping = "\3\0"; + } + + /* + * We use single malloc to get the memory for all separator and grouping + * strings. + */ + size_t thousandsSeparatorSize = strlen(thousandsSeparator) + 1; + size_t decimalPointSize = strlen(decimalPoint) + 1; + size_t groupingSize = strlen(grouping) + 1; + + char* storage = js_pod_malloc<char>(thousandsSeparatorSize + + decimalPointSize + groupingSize); + if (!storage) { + return false; + } + + js_memcpy(storage, thousandsSeparator, thousandsSeparatorSize); + rt->thousandsSeparator = storage; + storage += thousandsSeparatorSize; + + js_memcpy(storage, decimalPoint, decimalPointSize); + rt->decimalSeparator = storage; + storage += decimalPointSize; + + js_memcpy(storage, grouping, groupingSize); + rt->numGrouping = grouping; +#endif /* !JS_HAS_INTL_API */ + return true; +} + +void js::FinishRuntimeNumberState(JSRuntime* rt) { +#if !JS_HAS_INTL_API + /* + * The free also releases the memory for decimalSeparator and numGrouping + * strings. + */ + char* storage = const_cast<char*>(rt->thousandsSeparator.ref()); + js_free(storage); +#endif // !JS_HAS_INTL_API +} + +JSObject* NumberObject::createPrototype(JSContext* cx, JSProtoKey key) { + NumberObject* numberProto = + GlobalObject::createBlankPrototype<NumberObject>(cx, cx->global()); + if (!numberProto) { + return nullptr; + } + numberProto->setPrimitiveValue(0); + return numberProto; +} + +static bool NumberClassFinish(JSContext* cx, HandleObject ctor, + HandleObject proto) { + Handle<GlobalObject*> global = cx->global(); + + if (!JS_DefineFunctions(cx, global, number_functions)) { + return false; + } + + // Number.parseInt should be the same function object as global parseInt. + RootedId parseIntId(cx, NameToId(cx->names().parseInt)); + JSFunction* parseInt = + DefineFunction(cx, global, parseIntId, num_parseInt, 2, JSPROP_RESOLVING); + if (!parseInt) { + return false; + } + parseInt->setJitInfo(&jit::JitInfo_NumberParseInt); + + RootedValue parseIntValue(cx, ObjectValue(*parseInt)); + if (!DefineDataProperty(cx, ctor, parseIntId, parseIntValue, 0)) { + return false; + } + + // Number.parseFloat should be the same function object as global + // parseFloat. + RootedId parseFloatId(cx, NameToId(cx->names().parseFloat)); + JSFunction* parseFloat = DefineFunction(cx, global, parseFloatId, + num_parseFloat, 1, JSPROP_RESOLVING); + if (!parseFloat) { + return false; + } + RootedValue parseFloatValue(cx, ObjectValue(*parseFloat)); + if (!DefineDataProperty(cx, ctor, parseFloatId, parseFloatValue, 0)) { + return false; + } + + RootedValue valueNaN(cx, JS::NaNValue()); + RootedValue valueInfinity(cx, JS::InfinityValue()); + + if (!DefineDataProperty( + cx, ctor, cx->names().NaN, valueNaN, + JSPROP_PERMANENT | JSPROP_READONLY | JSPROP_RESOLVING)) { + return false; + } + + // ES5 15.1.1.1, 15.1.1.2 + if (!NativeDefineDataProperty( + cx, global, cx->names().NaN, valueNaN, + JSPROP_PERMANENT | JSPROP_READONLY | JSPROP_RESOLVING) || + !NativeDefineDataProperty( + cx, global, cx->names().Infinity, valueInfinity, + JSPROP_PERMANENT | JSPROP_READONLY | JSPROP_RESOLVING)) { + return false; + } + + return true; +} + +const ClassSpec NumberObject::classSpec_ = { + GenericCreateConstructor<Number, 1, gc::AllocKind::FUNCTION, + &jit::JitInfo_Number>, + NumberObject::createPrototype, + number_static_methods, + number_static_properties, + number_methods, + nullptr, + NumberClassFinish}; + +static char* FracNumberToCString(ToCStringBuf* cbuf, double d, size_t* len) { +#ifdef DEBUG + { + int32_t _; + MOZ_ASSERT(!NumberEqualsInt32(d, &_)); + } +#endif + + /* + * This is V8's implementation of the algorithm described in the + * following paper: + * + * Printing floating-point numbers quickly and accurately with integers. + * Florian Loitsch, PLDI 2010. + */ + const double_conversion::DoubleToStringConverter& converter = + double_conversion::DoubleToStringConverter::EcmaScriptConverter(); + double_conversion::StringBuilder builder(cbuf->sbuf, std::size(cbuf->sbuf)); + converter.ToShortest(d, &builder); + + *len = builder.position(); + return builder.Finalize(); +} + +void JS::NumberToString(double d, char (&out)[MaximumNumberToStringLength]) { + int32_t i; + if (NumberEqualsInt32(d, &i)) { + Int32ToCStringBuf cbuf; + size_t len; + char* loc = ::Int32ToCString(&cbuf, i, &len); + memmove(out, loc, len); + out[len] = '\0'; + } else { + const double_conversion::DoubleToStringConverter& converter = + double_conversion::DoubleToStringConverter::EcmaScriptConverter(); + + double_conversion::StringBuilder builder(out, sizeof(out)); + converter.ToShortest(d, &builder); + +#ifdef DEBUG + char* result = +#endif + builder.Finalize(); + MOZ_ASSERT(out == result); + } +} + +char* js::NumberToCString(ToCStringBuf* cbuf, double d, size_t* length) { + int32_t i; + size_t len; + char* s = NumberEqualsInt32(d, &i) ? ::Int32ToCString(cbuf, i, &len) + : FracNumberToCString(cbuf, d, &len); + MOZ_ASSERT(s); + if (length) { + *length = len; + } + return s; +} + +char* js::Int32ToCString(Int32ToCStringBuf* cbuf, int32_t value, + size_t* length) { + size_t len; + char* s = ::Int32ToCString(cbuf, value, &len); + MOZ_ASSERT(s); + if (length) { + *length = len; + } + return s; +} + +char* js::Uint32ToCString(Int32ToCStringBuf* cbuf, uint32_t value, + size_t* length) { + size_t len; + char* s = ::Int32ToCString(cbuf, value, &len); + MOZ_ASSERT(s); + if (length) { + *length = len; + } + return s; +} + +char* js::Uint32ToHexCString(Int32ToCStringBuf* cbuf, uint32_t value, + size_t* length) { + size_t len; + char* s = ::Int32ToCString<uint32_t, 16>(cbuf, value, &len); + MOZ_ASSERT(s); + if (length) { + *length = len; + } + return s; +} + +template <AllowGC allowGC> +static JSString* NumberToStringWithBase(JSContext* cx, double d, int base) { + MOZ_ASSERT(2 <= base && base <= 36); + + Realm* realm = cx->realm(); + + int32_t i; + if (NumberEqualsInt32(d, &i)) { + bool isBase10Int = (base == 10); + if (isBase10Int) { + static_assert(StaticStrings::INT_STATIC_LIMIT > 10 * 10); + if (StaticStrings::hasInt(i)) { + return cx->staticStrings().getInt(i); + } + } else if (unsigned(i) < unsigned(base)) { + if (i < 10) { + return cx->staticStrings().getInt(i); + } + char16_t c = 'a' + i - 10; + MOZ_ASSERT(StaticStrings::hasUnit(c)); + return cx->staticStrings().getUnit(c); + } else if (unsigned(i) < unsigned(base * base)) { + static constexpr char digits[] = "0123456789abcdefghijklmnopqrstuvwxyz"; + char chars[] = {digits[i / base], digits[i % base]}; + JSString* str = cx->staticStrings().lookup(chars, 2); + MOZ_ASSERT(str); + return str; + } + + if (JSLinearString* str = realm->dtoaCache.lookup(base, d)) { + return str; + } + + // Plus three to include the largest number, the sign, and the terminating + // null character. + constexpr size_t MaximumLength = std::numeric_limits<int32_t>::digits + 3; + + char buf[MaximumLength] = {}; + size_t numStrLen; + char* numStr = Int32ToCStringWithBase(buf, i, &numStrLen, base); + MOZ_ASSERT(numStrLen == strlen(numStr)); + + JSLinearString* s = NewStringCopyN<allowGC>(cx, numStr, numStrLen); + if (!s) { + return nullptr; + } + + if (isBase10Int && i >= 0) { + s->maybeInitializeIndexValue(i); + } + + realm->dtoaCache.cache(base, d, s); + return s; + } + + if (JSLinearString* str = realm->dtoaCache.lookup(base, d)) { + return str; + } + + JSLinearString* s; + if (base == 10) { + // We use a faster algorithm for base 10. + ToCStringBuf cbuf; + size_t numStrLen; + char* numStr = FracNumberToCString(&cbuf, d, &numStrLen); + MOZ_ASSERT(numStr); + MOZ_ASSERT(numStrLen == strlen(numStr)); + + s = NewStringCopyN<allowGC>(cx, numStr, numStrLen); + if (!s) { + return nullptr; + } + } else { + if (!EnsureDtoaState(cx)) { + if constexpr (allowGC) { + ReportOutOfMemory(cx); + } + return nullptr; + } + + UniqueChars numStr(js_dtobasestr(cx->dtoaState, base, d)); + if (!numStr) { + if constexpr (allowGC) { + ReportOutOfMemory(cx); + } + return nullptr; + } + + s = NewStringCopyZ<allowGC>(cx, numStr.get()); + if (!s) { + return nullptr; + } + } + + realm->dtoaCache.cache(base, d, s); + return s; +} + +template <AllowGC allowGC> +JSString* js::NumberToString(JSContext* cx, double d) { + return NumberToStringWithBase<allowGC>(cx, d, 10); +} + +template JSString* js::NumberToString<CanGC>(JSContext* cx, double d); + +template JSString* js::NumberToString<NoGC>(JSContext* cx, double d); + +JSString* js::NumberToStringPure(JSContext* cx, double d) { + AutoUnsafeCallWithABI unsafe; + return NumberToString<NoGC>(cx, d); +} + +JSAtom* js::NumberToAtom(JSContext* cx, double d) { + int32_t si; + if (NumberEqualsInt32(d, &si)) { + return Int32ToAtom(cx, si); + } + + if (JSLinearString* str = LookupDtoaCache(cx, d)) { + return AtomizeString(cx, str); + } + + ToCStringBuf cbuf; + size_t length; + char* numStr = FracNumberToCString(&cbuf, d, &length); + MOZ_ASSERT(numStr); + MOZ_ASSERT(std::begin(cbuf.sbuf) <= numStr && numStr < std::end(cbuf.sbuf)); + MOZ_ASSERT(length == strlen(numStr)); + + JSAtom* atom = Atomize(cx, numStr, length); + if (!atom) { + return nullptr; + } + + CacheNumber(cx, d, atom); + + return atom; +} + +frontend::TaggedParserAtomIndex js::NumberToParserAtom( + FrontendContext* fc, frontend::ParserAtomsTable& parserAtoms, double d) { + int32_t si; + if (NumberEqualsInt32(d, &si)) { + return Int32ToParserAtom(fc, parserAtoms, si); + } + + ToCStringBuf cbuf; + size_t length; + char* numStr = FracNumberToCString(&cbuf, d, &length); + MOZ_ASSERT(numStr); + MOZ_ASSERT(std::begin(cbuf.sbuf) <= numStr && numStr < std::end(cbuf.sbuf)); + MOZ_ASSERT(length == strlen(numStr)); + + return parserAtoms.internAscii(fc, numStr, length); +} + +JSLinearString* js::IndexToString(JSContext* cx, uint32_t index) { + if (StaticStrings::hasUint(index)) { + return cx->staticStrings().getUint(index); + } + + Realm* realm = cx->realm(); + if (JSLinearString* str = realm->dtoaCache.lookup(10, index)) { + return str; + } + + Latin1Char buffer[JSFatInlineString::MAX_LENGTH_LATIN1 + 1]; + RangedPtr<Latin1Char> end(buffer + JSFatInlineString::MAX_LENGTH_LATIN1, + buffer, JSFatInlineString::MAX_LENGTH_LATIN1 + 1); + *end = '\0'; + RangedPtr<Latin1Char> start = BackfillIndexInCharBuffer(index, end); + + mozilla::Range<const Latin1Char> chars(start.get(), end - start); + JSInlineString* str = + NewInlineString<CanGC>(cx, chars, js::gc::Heap::Default); + if (!str) { + return nullptr; + } + + realm->dtoaCache.cache(10, index, str); + return str; +} + +JSString* js::Int32ToStringWithBase(JSContext* cx, int32_t i, int32_t base, + bool lowerCase) { + Rooted<JSString*> str(cx, NumberToStringWithBase<CanGC>(cx, double(i), base)); + if (!str) { + return nullptr; + } + if (lowerCase) { + return str; + } + return StringToUpperCase(cx, str); +} + +bool js::NumberValueToStringBuffer(const Value& v, StringBuffer& sb) { + /* Convert to C-string. */ + ToCStringBuf cbuf; + const char* cstr; + size_t cstrlen; + if (v.isInt32()) { + cstr = ::Int32ToCString(&cbuf, v.toInt32(), &cstrlen); + } else { + cstr = NumberToCString(&cbuf, v.toDouble(), &cstrlen); + } + MOZ_ASSERT(cstr); + MOZ_ASSERT(cstrlen == strlen(cstr)); + + MOZ_ASSERT(cstrlen < std::size(cbuf.sbuf)); + return sb.append(cstr, cstrlen); +} + +template <typename CharT> +inline double CharToNumber(CharT c) { + if ('0' <= c && c <= '9') { + return c - '0'; + } + if (unicode::IsSpace(c)) { + return 0.0; + } + return GenericNaN(); +} + +template <typename CharT> +inline bool CharsToNonDecimalNumber(const CharT* start, const CharT* end, + double* result) { + MOZ_ASSERT(end - start >= 2); + MOZ_ASSERT(start[0] == '0'); + + int radix = 0; + if (start[1] == 'b' || start[1] == 'B') { + radix = 2; + } else if (start[1] == 'o' || start[1] == 'O') { + radix = 8; + } else if (start[1] == 'x' || start[1] == 'X') { + radix = 16; + } else { + return false; + } + + // It's probably a non-decimal number. Accept if there's at least one digit + // after the 0b|0o|0x, and if no non-whitespace characters follow all the + // digits. + const CharT* endptr; + double d; + MOZ_ALWAYS_TRUE(GetPrefixIntegerImpl( + start + 2, end, radix, IntegerSeparatorHandling::None, &endptr, &d)); + if (endptr == start + 2 || SkipSpace(endptr, end) != end) { + *result = GenericNaN(); + } else { + *result = d; + } + return true; +} + +template <typename CharT> +double js::CharsToNumber(const CharT* chars, size_t length) { + if (length == 1) { + return CharToNumber(chars[0]); + } + + const CharT* end = chars + length; + const CharT* start = SkipSpace(chars, end); + + // ECMA doesn't allow signed non-decimal numbers (bug 273467). + if (end - start >= 2 && start[0] == '0') { + double d; + if (CharsToNonDecimalNumber(start, end, &d)) { + return d; + } + } + + /* + * Note that ECMA doesn't treat a string beginning with a '0' as + * an octal number here. This works because all such numbers will + * be interpreted as decimal by js_strtod. Also, any hex numbers + * that have made it here (which can only be negative ones) will + * be treated as 0 without consuming the 'x' by js_strtod. + */ + const CharT* ep; + double d = js_strtod(start, end, &ep); + if (SkipSpace(ep, end) != end) { + return GenericNaN(); + } + return d; +} + +template double js::CharsToNumber(const Latin1Char* chars, size_t length); + +template double js::CharsToNumber(const char16_t* chars, size_t length); + +double js::LinearStringToNumber(JSLinearString* str) { + if (str->hasIndexValue()) { + return str->getIndexValue(); + } + + AutoCheckCannotGC nogc; + return str->hasLatin1Chars() + ? CharsToNumber(str->latin1Chars(nogc), str->length()) + : CharsToNumber(str->twoByteChars(nogc), str->length()); +} + +bool js::StringToNumber(JSContext* cx, JSString* str, double* result) { + JSLinearString* linearStr = str->ensureLinear(cx); + if (!linearStr) { + return false; + } + + *result = LinearStringToNumber(linearStr); + return true; +} + +bool js::StringToNumberPure(JSContext* cx, JSString* str, double* result) { + // IC Code calls this directly. + AutoUnsafeCallWithABI unsafe; + + if (!StringToNumber(cx, str, result)) { + cx->recoverFromOutOfMemory(); + return false; + } + return true; +} + +JS_PUBLIC_API bool js::ToNumberSlow(JSContext* cx, HandleValue v_, + double* out) { + RootedValue v(cx, v_); + MOZ_ASSERT(!v.isNumber()); + + if (!v.isPrimitive()) { + if (!ToPrimitive(cx, JSTYPE_NUMBER, &v)) { + return false; + } + + if (v.isNumber()) { + *out = v.toNumber(); + return true; + } + } + if (v.isString()) { + return StringToNumber(cx, v.toString(), out); + } + if (v.isBoolean()) { + *out = v.toBoolean() ? 1.0 : 0.0; + return true; + } + if (v.isNull()) { + *out = 0.0; + return true; + } + if (v.isUndefined()) { + *out = GenericNaN(); + return true; + } +#ifdef ENABLE_RECORD_TUPLE + if (v.isExtendedPrimitive()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_RECORD_TUPLE_TO_NUMBER); + return false; + } +#endif + + MOZ_ASSERT(v.isSymbol() || v.isBigInt()); + unsigned errnum = JSMSG_SYMBOL_TO_NUMBER; + if (v.isBigInt()) { + errnum = JSMSG_BIGINT_TO_NUMBER; + } + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, errnum); + return false; +} + +// BigInt proposal section 3.1.6 +bool js::ToNumericSlow(JSContext* cx, MutableHandleValue vp) { + MOZ_ASSERT(!vp.isNumeric()); + + // Step 1. + if (!vp.isPrimitive()) { + if (!ToPrimitive(cx, JSTYPE_NUMBER, vp)) { + return false; + } + } + + // Step 2. + if (vp.isBigInt()) { + return true; + } + + // Step 3. + return ToNumber(cx, vp); +} + +/* + * Convert a value to an int8_t, according to the WebIDL rules for byte + * conversion. Return converted value in *out on success, false on failure. + */ +JS_PUBLIC_API bool js::ToInt8Slow(JSContext* cx, const HandleValue v, + int8_t* out) { + MOZ_ASSERT(!v.isInt32()); + double d; + if (v.isDouble()) { + d = v.toDouble(); + } else { + if (!ToNumberSlow(cx, v, &d)) { + return false; + } + } + *out = ToInt8(d); + return true; +} + +/* + * Convert a value to an uint8_t, according to the ToUInt8() function in ES6 + * ECMA-262, 7.1.10. Return converted value in *out on success, false on + * failure. + */ +JS_PUBLIC_API bool js::ToUint8Slow(JSContext* cx, const HandleValue v, + uint8_t* out) { + MOZ_ASSERT(!v.isInt32()); + double d; + if (v.isDouble()) { + d = v.toDouble(); + } else { + if (!ToNumberSlow(cx, v, &d)) { + return false; + } + } + *out = ToUint8(d); + return true; +} + +/* + * Convert a value to an int16_t, according to the WebIDL rules for short + * conversion. Return converted value in *out on success, false on failure. + */ +JS_PUBLIC_API bool js::ToInt16Slow(JSContext* cx, const HandleValue v, + int16_t* out) { + MOZ_ASSERT(!v.isInt32()); + double d; + if (v.isDouble()) { + d = v.toDouble(); + } else { + if (!ToNumberSlow(cx, v, &d)) { + return false; + } + } + *out = ToInt16(d); + return true; +} + +/* + * Convert a value to an int64_t, according to the WebIDL rules for long long + * conversion. Return converted value in *out on success, false on failure. + */ +JS_PUBLIC_API bool js::ToInt64Slow(JSContext* cx, const HandleValue v, + int64_t* out) { + MOZ_ASSERT(!v.isInt32()); + double d; + if (v.isDouble()) { + d = v.toDouble(); + } else { + if (!ToNumberSlow(cx, v, &d)) { + return false; + } + } + *out = ToInt64(d); + return true; +} + +/* + * Convert a value to an uint64_t, according to the WebIDL rules for unsigned + * long long conversion. Return converted value in *out on success, false on + * failure. + */ +JS_PUBLIC_API bool js::ToUint64Slow(JSContext* cx, const HandleValue v, + uint64_t* out) { + MOZ_ASSERT(!v.isInt32()); + double d; + if (v.isDouble()) { + d = v.toDouble(); + } else { + if (!ToNumberSlow(cx, v, &d)) { + return false; + } + } + *out = ToUint64(d); + return true; +} + +JS_PUBLIC_API bool js::ToInt32Slow(JSContext* cx, const HandleValue v, + int32_t* out) { + MOZ_ASSERT(!v.isInt32()); + double d; + if (v.isDouble()) { + d = v.toDouble(); + } else { + if (!ToNumberSlow(cx, v, &d)) { + return false; + } + } + *out = ToInt32(d); + return true; +} + +bool js::ToInt32OrBigIntSlow(JSContext* cx, MutableHandleValue vp) { + MOZ_ASSERT(!vp.isInt32()); + if (vp.isDouble()) { + vp.setInt32(ToInt32(vp.toDouble())); + return true; + } + + if (!ToNumeric(cx, vp)) { + return false; + } + + if (vp.isBigInt()) { + return true; + } + + vp.setInt32(ToInt32(vp.toNumber())); + return true; +} + +JS_PUBLIC_API bool js::ToUint32Slow(JSContext* cx, const HandleValue v, + uint32_t* out) { + MOZ_ASSERT(!v.isInt32()); + double d; + if (v.isDouble()) { + d = v.toDouble(); + } else { + if (!ToNumberSlow(cx, v, &d)) { + return false; + } + } + *out = ToUint32(d); + return true; +} + +JS_PUBLIC_API bool js::ToUint16Slow(JSContext* cx, const HandleValue v, + uint16_t* out) { + MOZ_ASSERT(!v.isInt32()); + double d; + if (v.isDouble()) { + d = v.toDouble(); + } else if (!ToNumberSlow(cx, v, &d)) { + return false; + } + *out = ToUint16(d); + return true; +} + +// ES2017 draft 7.1.17 ToIndex +bool js::ToIndexSlow(JSContext* cx, JS::HandleValue v, + const unsigned errorNumber, uint64_t* index) { + MOZ_ASSERT_IF(v.isInt32(), v.toInt32() < 0); + + // Step 1. + if (v.isUndefined()) { + *index = 0; + return true; + } + + // Step 2.a. + double integerIndex; + if (!ToInteger(cx, v, &integerIndex)) { + return false; + } + + // Inlined version of ToLength. + // 1. Already an integer. + // 2. Step eliminates < 0, +0 == -0 with SameValueZero. + // 3/4. Limit to <= 2^53-1, so everything above should fail. + if (integerIndex < 0 || integerIndex >= DOUBLE_INTEGRAL_PRECISION_LIMIT) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, errorNumber); + return false; + } + + // Step 3. + *index = uint64_t(integerIndex); + return true; +} + +template <typename CharT> +double js_strtod(const CharT* begin, const CharT* end, const CharT** dEnd) { + const CharT* s = SkipSpace(begin, end); + size_t length = end - s; + + { + // StringToDouble can make indirect calls but can't trigger a GC. + JS::AutoSuppressGCAnalysis nogc; + + using SToDConverter = double_conversion::StringToDoubleConverter; + SToDConverter converter(SToDConverter::ALLOW_TRAILING_JUNK, + /* empty_string_value = */ 0.0, + /* junk_string_value = */ GenericNaN(), + /* infinity_symbol = */ nullptr, + /* nan_symbol = */ nullptr); + int lengthInt = mozilla::AssertedCast<int>(length); + double d; + int processed = 0; + if constexpr (std::is_same_v<CharT, char16_t>) { + d = converter.StringToDouble(reinterpret_cast<const uc16*>(s), lengthInt, + &processed); + } else { + static_assert(std::is_same_v<CharT, Latin1Char>); + d = converter.StringToDouble(reinterpret_cast<const char*>(s), lengthInt, + &processed); + } + MOZ_ASSERT(processed >= 0); + MOZ_ASSERT(processed <= lengthInt); + + if (processed > 0) { + *dEnd = s + processed; + return d; + } + } + + // Try to parse +Infinity, -Infinity or Infinity. Note that we do this here + // instead of using StringToDoubleConverter's infinity_symbol because it's + // faster: the code below is less generic and not on the fast path for regular + // doubles. + static constexpr std::string_view Infinity = "Infinity"; + if (length >= Infinity.length()) { + const CharT* afterSign = s; + bool negative = (*afterSign == '-'); + if (negative || *afterSign == '+') { + afterSign++; + } + MOZ_ASSERT(afterSign < end); + if (*afterSign == 'I' && size_t(end - afterSign) >= Infinity.length() && + EqualChars(afterSign, Infinity.data(), Infinity.length())) { + *dEnd = afterSign + Infinity.length(); + return negative ? NegativeInfinity<double>() : PositiveInfinity<double>(); + } + } + + *dEnd = begin; + return 0.0; +} + +template double js_strtod(const char16_t* begin, const char16_t* end, + const char16_t** dEnd); + +template double js_strtod(const Latin1Char* begin, const Latin1Char* end, + const Latin1Char** dEnd); |