1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
* vim: set ts=8 sts=2 et sw=2 tw=80:
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef vm_ArrayBufferViewObject_h
#define vm_ArrayBufferViewObject_h
#include "mozilla/Maybe.h"
#include "builtin/TypedArrayConstants.h"
#include "vm/ArrayBufferObject.h"
#include "vm/NativeObject.h"
#include "vm/SharedArrayObject.h"
#include "vm/SharedMem.h"
namespace js {
class JS_PUBLIC_API GenericPrinter;
class JSONPrinter;
/*
* ArrayBufferViewObject
*
* Common base class for all array buffer views (DataViewObject and
* TypedArrayObject).
*/
class ArrayBufferViewObject : public NativeObject {
public:
// Underlying (Shared)ArrayBufferObject. ObjectValue if there is
// a buffer. Otherwise, the buffer is implicit because the data
// is held inline, and the buffer slot will store the pinned status
// (FalseValue or TrueValue).
static constexpr size_t BUFFER_SLOT = 0;
static_assert(BUFFER_SLOT == JS_TYPEDARRAYLAYOUT_BUFFER_SLOT,
"self-hosted code with burned-in constants must get the "
"right buffer slot");
// Slot containing length of the view in number of typed elements.
static constexpr size_t LENGTH_SLOT = 1;
// Offset of view within underlying (Shared)ArrayBufferObject.
static constexpr size_t BYTEOFFSET_SLOT = 2;
// Pointer to raw buffer memory.
static constexpr size_t DATA_SLOT = 3;
static constexpr size_t RESERVED_SLOTS = 4;
// Additional slots for views on resizable/growable (Shared)ArrayBufferObject.
static const uint8_t AUTO_LENGTH_SLOT = 4;
static const uint8_t INITIAL_LENGTH_SLOT = 5;
static const uint8_t INITIAL_BYTE_OFFSET_SLOT = 6;
static constexpr size_t RESIZABLE_RESERVED_SLOTS = 7;
#ifdef DEBUG
static const uint8_t ZeroLengthArrayData = 0x4A;
#endif
static constexpr int bufferOffset() {
return NativeObject::getFixedSlotOffset(BUFFER_SLOT);
}
static constexpr int lengthOffset() {
return NativeObject::getFixedSlotOffset(LENGTH_SLOT);
}
static constexpr int byteOffsetOffset() {
return NativeObject::getFixedSlotOffset(BYTEOFFSET_SLOT);
}
static constexpr int dataOffset() {
return NativeObject::getFixedSlotOffset(DATA_SLOT);
}
static constexpr int autoLengthOffset() {
return NativeObject::getFixedSlotOffset(AUTO_LENGTH_SLOT);
}
static constexpr int initialLengthOffset() {
return NativeObject::getFixedSlotOffset(INITIAL_LENGTH_SLOT);
}
static constexpr int initialByteOffsetOffset() {
return NativeObject::getFixedSlotOffset(INITIAL_BYTE_OFFSET_SLOT);
}
private:
void* dataPointerEither_() const {
// Note, do not check whether shared or not
// Keep synced with js::Get<Type>ArrayLengthAndData in jsfriendapi.h!
return maybePtrFromReservedSlot<void>(DATA_SLOT);
}
public:
[[nodiscard]] bool init(JSContext* cx, ArrayBufferObjectMaybeShared* buffer,
size_t byteOffset, size_t length,
uint32_t bytesPerElement);
enum class AutoLength : bool { No, Yes };
[[nodiscard]] bool initResizable(JSContext* cx,
ArrayBufferObjectMaybeShared* buffer,
size_t byteOffset, size_t length,
uint32_t bytesPerElement,
AutoLength autoLength);
static ArrayBufferObjectMaybeShared* ensureBufferObject(
JSContext* cx, Handle<ArrayBufferViewObject*> obj);
void notifyBufferDetached();
void notifyBufferResized();
void notifyBufferMoved(uint8_t* srcBufStart, uint8_t* dstBufStart);
void initDataPointer(SharedMem<uint8_t*> viewData) {
// Install a pointer to the buffer location that corresponds
// to offset zero within the typed array.
//
// The following unwrap is safe because the DATA_SLOT is
// accessed only from jitted code and from the
// dataPointerEither_() accessor above; in neither case does the
// raw pointer escape untagged into C++ code.
void* data = viewData.unwrap(/*safe - see above*/);
initReservedSlot(DATA_SLOT, PrivateValue(data));
}
SharedMem<void*> dataPointerShared() const {
return SharedMem<void*>::shared(dataPointerEither_());
}
SharedMem<void*> dataPointerEither() const {
if (isSharedMemory()) {
return SharedMem<void*>::shared(dataPointerEither_());
}
return SharedMem<void*>::unshared(dataPointerEither_());
}
void* dataPointerUnshared() const {
MOZ_ASSERT(!isSharedMemory());
return dataPointerEither_();
}
Value bufferValue() const { return getFixedSlot(BUFFER_SLOT); }
bool hasBuffer() const { return bufferValue().isObject(); }
ArrayBufferObject* bufferUnshared() const {
MOZ_ASSERT(!isSharedMemory());
ArrayBufferObjectMaybeShared* obj = bufferEither();
if (!obj) {
return nullptr;
}
return &obj->as<ArrayBufferObject>();
}
SharedArrayBufferObject* bufferShared() const {
MOZ_ASSERT(isSharedMemory());
ArrayBufferObjectMaybeShared* obj = bufferEither();
if (!obj) {
return nullptr;
}
return &obj->as<SharedArrayBufferObject>();
}
ArrayBufferObjectMaybeShared* bufferEither() const {
JSObject* obj =
bufferValue().isBoolean() ? nullptr : bufferValue().toObjectOrNull();
if (!obj) {
return nullptr;
}
MOZ_ASSERT(isSharedMemory() ? obj->is<SharedArrayBufferObject>()
: obj->is<ArrayBufferObject>());
return &obj->as<ArrayBufferObjectMaybeShared>();
}
bool hasDetachedBuffer() const {
// Shared buffers can't be detached.
if (isSharedMemory()) {
return false;
}
// A typed array with a null buffer has never had its buffer exposed to
// become detached.
ArrayBufferObject* buffer = bufferUnshared();
if (!buffer) {
return false;
}
return buffer->isDetached();
}
bool hasResizableBuffer() const;
private:
bool hasDetachedBufferOrIsOutOfBounds() const {
// Shared buffers can't be detached or get out-of-bounds.
if (isSharedMemory()) {
return false;
}
// A view with a null buffer has never had its buffer exposed to become
// detached or get out-of-bounds.
auto* buffer = bufferUnshared();
if (!buffer) {
return false;
}
return buffer->isDetached() || (buffer->isResizable() && isOutOfBounds());
}
public:
bool isLengthPinned() const {
Value buffer = bufferValue();
if (buffer.isBoolean()) {
return buffer.toBoolean();
}
if (isSharedMemory()) {
return true;
}
return bufferUnshared()->isLengthPinned();
}
bool pinLength(bool pin) {
if (isSharedMemory()) {
// Always pinned, cannot change.
return false;
}
if (hasBuffer()) {
return bufferUnshared()->pinLength(pin);
}
// No ArrayBuffer (data is inline in the view). bufferValue() is a
// BooleanValue saying whether the length is currently pinned.
MOZ_ASSERT(bufferValue().isBoolean());
bool wasPinned = bufferValue().toBoolean();
if (wasPinned == pin) {
return false;
}
setFixedSlot(BUFFER_SLOT, JS::BooleanValue(pin));
return true;
}
static bool ensureNonInline(JSContext* cx,
JS::Handle<ArrayBufferViewObject*> view);
private:
void computeResizableLengthAndByteOffset(size_t bytesPerElement);
size_t bytesPerElement() const;
protected:
size_t lengthSlotValue() const {
return size_t(getFixedSlot(LENGTH_SLOT).toPrivate());
}
size_t byteOffsetSlotValue() const {
return size_t(getFixedSlot(BYTEOFFSET_SLOT).toPrivate());
}
/**
* Offset into the buffer's data-pointer. Different from |byteOffset| for
* views on non-detached resizable buffers which are currently out-of-bounds.
*/
size_t dataPointerOffset() const;
/**
* Return the current length, or |Nothing| if the view is detached or
* out-of-bounds.
*/
mozilla::Maybe<size_t> length() const;
public:
/**
* Return the current byteOffset, or |Nothing| if the view is detached or
* out-of-bounds.
*/
mozilla::Maybe<size_t> byteOffset() const;
private:
size_t initialByteOffsetValue() const {
// No assertion for resizable buffers here, because this method is called
// from dataPointerOffset(), which can be called during tracing.
return size_t(getFixedSlot(INITIAL_BYTE_OFFSET_SLOT).toPrivate());
}
public:
// The following methods can only be called on views for resizable buffers.
bool isAutoLength() const {
MOZ_ASSERT(hasResizableBuffer());
return getFixedSlot(AUTO_LENGTH_SLOT).toBoolean();
}
size_t initialLength() const {
MOZ_ASSERT(hasResizableBuffer());
return size_t(getFixedSlot(INITIAL_LENGTH_SLOT).toPrivate());
}
size_t initialByteOffset() const {
MOZ_ASSERT(hasResizableBuffer());
return initialByteOffsetValue();
}
bool isOutOfBounds() const {
MOZ_ASSERT(hasResizableBuffer());
// The view is out-of-bounds if the length and byteOffset slots are both set
// to zero and the initial length or initial byteOffset are non-zero. If the
// initial length and initial byteOffset are both zero, the view can never
// get out-of-bounds.
return lengthSlotValue() == 0 && byteOffsetSlotValue() == 0 &&
(initialLength() > 0 || initialByteOffset() > 0);
}
public:
static void trace(JSTracer* trc, JSObject* obj);
#if defined(DEBUG) || defined(JS_JITSPEW)
void dumpOwnFields(js::JSONPrinter& json) const;
void dumpOwnStringContent(js::GenericPrinter& out) const;
#endif
};
} // namespace js
template <>
bool JSObject::is<js::ArrayBufferViewObject>() const;
#endif // vm_ArrayBufferViewObject_h
|