The Tor Browser / annotate

js/src/vm/ObjectImpl.cpp@129ffea94266 (annotated)

js/src/vm/ObjectImpl.cpp

Sat, 03 Jan 2015 20:18:00 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Sat, 03 Jan 2015 20:18:00 +0100
branch
TOR_BUG_3246
changeset 7
129ffea94266
permissions
-rw-r--r--

Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.

michael@0 1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
michael@0 2 * vim: set ts=8 sts=4 et sw=4 tw=99:
michael@0 3 * This Source Code Form is subject to the terms of the Mozilla Public
michael@0 4 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 6
michael@0 7 #include "vm/ObjectImpl-inl.h"
michael@0 8
michael@0 9 #include "gc/Marking.h"
michael@0 10 #include "js/Value.h"
michael@0 11 #include "vm/Debugger.h"
michael@0 12
michael@0 13 #include "jsobjinlines.h"
michael@0 14 #include "vm/Shape-inl.h"
michael@0 15
michael@0 16 using namespace js;
michael@0 17
michael@0 18 using JS::GenericNaN;
michael@0 19
michael@0 20 PropDesc::PropDesc()
michael@0 21 : pd_(UndefinedValue()),
michael@0 22 value_(UndefinedValue()),
michael@0 23 get_(UndefinedValue()),
michael@0 24 set_(UndefinedValue()),
michael@0 25 attrs(0),
michael@0 26 hasGet_(false),
michael@0 27 hasSet_(false),
michael@0 28 hasValue_(false),
michael@0 29 hasWritable_(false),
michael@0 30 hasEnumerable_(false),
michael@0 31 hasConfigurable_(false),
michael@0 32 isUndefined_(true)
michael@0 33 {
michael@0 34 }
michael@0 35
michael@0 36 bool
michael@0 37 PropDesc::checkGetter(JSContext *cx)
michael@0 38 {
michael@0 39 if (hasGet_) {
michael@0 40 if (!js_IsCallable(get_) && !get_.isUndefined()) {
michael@0 41 JS_ReportErrorNumber(cx, js_GetErrorMessage, nullptr, JSMSG_BAD_GET_SET_FIELD,
michael@0 42 js_getter_str);
michael@0 43 return false;
michael@0 44 }
michael@0 45 }
michael@0 46 return true;
michael@0 47 }
michael@0 48
michael@0 49 bool
michael@0 50 PropDesc::checkSetter(JSContext *cx)
michael@0 51 {
michael@0 52 if (hasSet_) {
michael@0 53 if (!js_IsCallable(set_) && !set_.isUndefined()) {
michael@0 54 JS_ReportErrorNumber(cx, js_GetErrorMessage, nullptr, JSMSG_BAD_GET_SET_FIELD,
michael@0 55 js_setter_str);
michael@0 56 return false;
michael@0 57 }
michael@0 58 }
michael@0 59 return true;
michael@0 60 }
michael@0 61
michael@0 62 static bool
michael@0 63 CheckArgCompartment(JSContext *cx, JSObject *obj, HandleValue v,
michael@0 64 const char *methodname, const char *propname)
michael@0 65 {
michael@0 66 if (v.isObject() && v.toObject().compartment() != obj->compartment()) {
michael@0 67 JS_ReportErrorNumber(cx, js_GetErrorMessage, nullptr, JSMSG_DEBUG_COMPARTMENT_MISMATCH,
michael@0 68 methodname, propname);
michael@0 69 return false;
michael@0 70 }
michael@0 71 return true;
michael@0 72 }
michael@0 73
michael@0 74 /*
michael@0 75 * Convert Debugger.Objects in desc to debuggee values.
michael@0 76 * Reject non-callable getters and setters.
michael@0 77 */
michael@0 78 bool
michael@0 79 PropDesc::unwrapDebuggerObjectsInto(JSContext *cx, Debugger *dbg, HandleObject obj,
michael@0 80 PropDesc *unwrapped) const
michael@0 81 {
michael@0 82 MOZ_ASSERT(!isUndefined());
michael@0 83
michael@0 84 *unwrapped = *this;
michael@0 85
michael@0 86 if (unwrapped->hasValue()) {
michael@0 87 RootedValue value(cx, unwrapped->value_);
michael@0 88 if (!dbg->unwrapDebuggeeValue(cx, &value) ||
michael@0 89 !CheckArgCompartment(cx, obj, value, "defineProperty", "value"))
michael@0 90 {
michael@0 91 return false;
michael@0 92 }
michael@0 93 unwrapped->value_ = value;
michael@0 94 }
michael@0 95
michael@0 96 if (unwrapped->hasGet()) {
michael@0 97 RootedValue get(cx, unwrapped->get_);
michael@0 98 if (!dbg->unwrapDebuggeeValue(cx, &get) ||
michael@0 99 !CheckArgCompartment(cx, obj, get, "defineProperty", "get"))
michael@0 100 {
michael@0 101 return false;
michael@0 102 }
michael@0 103 unwrapped->get_ = get;
michael@0 104 }
michael@0 105
michael@0 106 if (unwrapped->hasSet()) {
michael@0 107 RootedValue set(cx, unwrapped->set_);
michael@0 108 if (!dbg->unwrapDebuggeeValue(cx, &set) ||
michael@0 109 !CheckArgCompartment(cx, obj, set, "defineProperty", "set"))
michael@0 110 {
michael@0 111 return false;
michael@0 112 }
michael@0 113 unwrapped->set_ = set;
michael@0 114 }
michael@0 115
michael@0 116 return true;
michael@0 117 }
michael@0 118
michael@0 119 /*
michael@0 120 * Rewrap *idp and the fields of *desc for the current compartment. Also:
michael@0 121 * defining a property on a proxy requires pd_ to contain a descriptor object,
michael@0 122 * so reconstitute desc->pd_ if needed.
michael@0 123 */
michael@0 124 bool
michael@0 125 PropDesc::wrapInto(JSContext *cx, HandleObject obj, const jsid &id, jsid *wrappedId,
michael@0 126 PropDesc *desc) const
michael@0 127 {
michael@0 128 MOZ_ASSERT(!isUndefined());
michael@0 129
michael@0 130 JSCompartment *comp = cx->compartment();
michael@0 131
michael@0 132 *wrappedId = id;
michael@0 133 if (!comp->wrapId(cx, wrappedId))
michael@0 134 return false;
michael@0 135
michael@0 136 *desc = *this;
michael@0 137 RootedValue value(cx, desc->value_);
michael@0 138 RootedValue get(cx, desc->get_);
michael@0 139 RootedValue set(cx, desc->set_);
michael@0 140
michael@0 141 if (!comp->wrap(cx, &value) || !comp->wrap(cx, &get) || !comp->wrap(cx, &set))
michael@0 142 return false;
michael@0 143
michael@0 144 desc->value_ = value;
michael@0 145 desc->get_ = get;
michael@0 146 desc->set_ = set;
michael@0 147 return !obj->is<ProxyObject>() || desc->makeObject(cx);
michael@0 148 }
michael@0 149
michael@0 150 static const ObjectElements emptyElementsHeader(0, 0);
michael@0 151
michael@0 152 /* Objects with no elements share one empty set of elements. */
michael@0 153 HeapSlot *const js::emptyObjectElements =
michael@0 154 reinterpret_cast<HeapSlot *>(uintptr_t(&emptyElementsHeader) + sizeof(ObjectElements));
michael@0 155
michael@0 156 #ifdef DEBUG
michael@0 157
michael@0 158 bool
michael@0 159 ObjectImpl::canHaveNonEmptyElements()
michael@0 160 {
michael@0 161 JSObject *obj = static_cast<JSObject *>(this);
michael@0 162 return isNative() && !obj->is<TypedArrayObject>();
michael@0 163 }
michael@0 164
michael@0 165 #endif // DEBUG
michael@0 166
michael@0 167 /* static */ bool
michael@0 168 ObjectElements::ConvertElementsToDoubles(JSContext *cx, uintptr_t elementsPtr)
michael@0 169 {
michael@0 170 /*
michael@0 171 * This function is infallible, but has a fallible interface so that it can
michael@0 172 * be called directly from Ion code. Only arrays can have their dense
michael@0 173 * elements converted to doubles, and arrays never have empty elements.
michael@0 174 */
michael@0 175 HeapSlot *elementsHeapPtr = (HeapSlot *) elementsPtr;
michael@0 176 JS_ASSERT(elementsHeapPtr != emptyObjectElements);
michael@0 177
michael@0 178 ObjectElements *header = ObjectElements::fromElements(elementsHeapPtr);
michael@0 179 JS_ASSERT(!header->shouldConvertDoubleElements());
michael@0 180
michael@0 181 Value *vp = (Value *) elementsPtr;
michael@0 182 for (size_t i = 0; i < header->initializedLength; i++) {
michael@0 183 if (vp[i].isInt32())
michael@0 184 vp[i].setDouble(vp[i].toInt32());
michael@0 185 }
michael@0 186
michael@0 187 header->setShouldConvertDoubleElements();
michael@0 188 return true;
michael@0 189 }
michael@0 190
michael@0 191 #ifdef DEBUG
michael@0 192 void
michael@0 193 js::ObjectImpl::checkShapeConsistency()
michael@0 194 {
michael@0 195 static int throttle = -1;
michael@0 196 if (throttle < 0) {
michael@0 197 if (const char *var = getenv("JS_CHECK_SHAPE_THROTTLE"))
michael@0 198 throttle = atoi(var);
michael@0 199 if (throttle < 0)
michael@0 200 throttle = 0;
michael@0 201 }
michael@0 202 if (throttle == 0)
michael@0 203 return;
michael@0 204
michael@0 205 MOZ_ASSERT(isNative());
michael@0 206
michael@0 207 Shape *shape = lastProperty();
michael@0 208 Shape *prev = nullptr;
michael@0 209
michael@0 210 if (inDictionaryMode()) {
michael@0 211 MOZ_ASSERT(shape->hasTable());
michael@0 212
michael@0 213 ShapeTable &table = shape->table();
michael@0 214 for (uint32_t fslot = table.freelist; fslot != SHAPE_INVALID_SLOT;
michael@0 215 fslot = getSlot(fslot).toPrivateUint32()) {
michael@0 216 MOZ_ASSERT(fslot < slotSpan());
michael@0 217 }
michael@0 218
michael@0 219 for (int n = throttle; --n >= 0 && shape->parent; shape = shape->parent) {
michael@0 220 MOZ_ASSERT_IF(lastProperty() != shape, !shape->hasTable());
michael@0 221
michael@0 222 Shape **spp = table.search(shape->propid(), false);
michael@0 223 MOZ_ASSERT(SHAPE_FETCH(spp) == shape);
michael@0 224 }
michael@0 225
michael@0 226 shape = lastProperty();
michael@0 227 for (int n = throttle; --n >= 0 && shape; shape = shape->parent) {
michael@0 228 MOZ_ASSERT_IF(shape->slot() != SHAPE_INVALID_SLOT, shape->slot() < slotSpan());
michael@0 229 if (!prev) {
michael@0 230 MOZ_ASSERT(lastProperty() == shape);
michael@0 231 MOZ_ASSERT(shape->listp == &shape_);
michael@0 232 } else {
michael@0 233 MOZ_ASSERT(shape->listp == &prev->parent);
michael@0 234 }
michael@0 235 prev = shape;
michael@0 236 }
michael@0 237 } else {
michael@0 238 for (int n = throttle; --n >= 0 && shape->parent; shape = shape->parent) {
michael@0 239 if (shape->hasTable()) {
michael@0 240 ShapeTable &table = shape->table();
michael@0 241 MOZ_ASSERT(shape->parent);
michael@0 242 for (Shape::Range<NoGC> r(shape); !r.empty(); r.popFront()) {
michael@0 243 Shape **spp = table.search(r.front().propid(), false);
michael@0 244 MOZ_ASSERT(SHAPE_FETCH(spp) == &r.front());
michael@0 245 }
michael@0 246 }
michael@0 247 if (prev) {
michael@0 248 MOZ_ASSERT(prev->maybeSlot() >= shape->maybeSlot());
michael@0 249 shape->kids.checkConsistency(prev);
michael@0 250 }
michael@0 251 prev = shape;
michael@0 252 }
michael@0 253 }
michael@0 254 }
michael@0 255 #endif
michael@0 256
michael@0 257 void
michael@0 258 js::ObjectImpl::initializeSlotRange(uint32_t start, uint32_t length)
michael@0 259 {
michael@0 260 /*
michael@0 261 * No bounds check, as this is used when the object's shape does not
michael@0 262 * reflect its allocated slots (updateSlotsForSpan).
michael@0 263 */
michael@0 264 HeapSlot *fixedStart, *fixedEnd, *slotsStart, *slotsEnd;
michael@0 265 getSlotRangeUnchecked(start, length, &fixedStart, &fixedEnd, &slotsStart, &slotsEnd);
michael@0 266
michael@0 267 JSRuntime *rt = runtimeFromAnyThread();
michael@0 268 uint32_t offset = start;
michael@0 269 for (HeapSlot *sp = fixedStart; sp < fixedEnd; sp++)
michael@0 270 sp->init(rt, this->asObjectPtr(), HeapSlot::Slot, offset++, UndefinedValue());
michael@0 271 for (HeapSlot *sp = slotsStart; sp < slotsEnd; sp++)
michael@0 272 sp->init(rt, this->asObjectPtr(), HeapSlot::Slot, offset++, UndefinedValue());
michael@0 273 }
michael@0 274
michael@0 275 void
michael@0 276 js::ObjectImpl::initSlotRange(uint32_t start, const Value *vector, uint32_t length)
michael@0 277 {
michael@0 278 JSRuntime *rt = runtimeFromAnyThread();
michael@0 279 HeapSlot *fixedStart, *fixedEnd, *slotsStart, *slotsEnd;
michael@0 280 getSlotRange(start, length, &fixedStart, &fixedEnd, &slotsStart, &slotsEnd);
michael@0 281 for (HeapSlot *sp = fixedStart; sp < fixedEnd; sp++)
michael@0 282 sp->init(rt, this->asObjectPtr(), HeapSlot::Slot, start++, *vector++);
michael@0 283 for (HeapSlot *sp = slotsStart; sp < slotsEnd; sp++)
michael@0 284 sp->init(rt, this->asObjectPtr(), HeapSlot::Slot, start++, *vector++);
michael@0 285 }
michael@0 286
michael@0 287 void
michael@0 288 js::ObjectImpl::copySlotRange(uint32_t start, const Value *vector, uint32_t length)
michael@0 289 {
michael@0 290 JS::Zone *zone = this->zone();
michael@0 291 HeapSlot *fixedStart, *fixedEnd, *slotsStart, *slotsEnd;
michael@0 292 getSlotRange(start, length, &fixedStart, &fixedEnd, &slotsStart, &slotsEnd);
michael@0 293 for (HeapSlot *sp = fixedStart; sp < fixedEnd; sp++)
michael@0 294 sp->set(zone, this->asObjectPtr(), HeapSlot::Slot, start++, *vector++);
michael@0 295 for (HeapSlot *sp = slotsStart; sp < slotsEnd; sp++)
michael@0 296 sp->set(zone, this->asObjectPtr(), HeapSlot::Slot, start++, *vector++);
michael@0 297 }
michael@0 298
michael@0 299 #ifdef DEBUG
michael@0 300 bool
michael@0 301 js::ObjectImpl::isProxy() const
michael@0 302 {
michael@0 303 return asObjectPtr()->is<ProxyObject>();
michael@0 304 }
michael@0 305
michael@0 306 bool
michael@0 307 js::ObjectImpl::slotInRange(uint32_t slot, SentinelAllowed sentinel) const
michael@0 308 {
michael@0 309 uint32_t capacity = numFixedSlots() + numDynamicSlots();
michael@0 310 if (sentinel == SENTINEL_ALLOWED)
michael@0 311 return slot <= capacity;
michael@0 312 return slot < capacity;
michael@0 313 }
michael@0 314 #endif /* DEBUG */
michael@0 315
michael@0 316 // See bug 844580.
michael@0 317 #if defined(_MSC_VER)
michael@0 318 # pragma optimize("g", off)
michael@0 319 #endif
michael@0 320
michael@0 321 #if defined(_MSC_VER) && _MSC_VER >= 1500
michael@0 322 /*
michael@0 323 * Work around a compiler bug in MSVC9 and above, where inlining this function
michael@0 324 * causes stack pointer offsets to go awry and spp to refer to something higher
michael@0 325 * up the stack.
michael@0 326 */
michael@0 327 MOZ_NEVER_INLINE
michael@0 328 #endif
michael@0 329 Shape *
michael@0 330 js::ObjectImpl::nativeLookup(ExclusiveContext *cx, jsid id)
michael@0 331 {
michael@0 332 MOZ_ASSERT(isNative());
michael@0 333 Shape **spp;
michael@0 334 return Shape::search(cx, lastProperty(), id, &spp);
michael@0 335 }
michael@0 336
michael@0 337 #if defined(_MSC_VER)
michael@0 338 # pragma optimize("", on)
michael@0 339 #endif
michael@0 340
michael@0 341 Shape *
michael@0 342 js::ObjectImpl::nativeLookupPure(jsid id)
michael@0 343 {
michael@0 344 MOZ_ASSERT(isNative());
michael@0 345 return Shape::searchNoHashify(lastProperty(), id);
michael@0 346 }
michael@0 347
michael@0 348 uint32_t
michael@0 349 js::ObjectImpl::dynamicSlotsCount(uint32_t nfixed, uint32_t span, const Class *clasp)
michael@0 350 {
michael@0 351 if (span <= nfixed)
michael@0 352 return 0;
michael@0 353 span -= nfixed;
michael@0 354
michael@0 355 // Increase the slots to SLOT_CAPACITY_MIN to decrease the likelihood
michael@0 356 // the dynamic slots need to get increased again. ArrayObjects ignore
michael@0 357 // this because slots are uncommon in that case.
michael@0 358 if (clasp != &ArrayObject::class_ && span <= SLOT_CAPACITY_MIN)
michael@0 359 return SLOT_CAPACITY_MIN;
michael@0 360
michael@0 361 uint32_t slots = mozilla::RoundUpPow2(span);
michael@0 362 MOZ_ASSERT(slots >= span);
michael@0 363 return slots;
michael@0 364 }
michael@0 365
michael@0 366 void
michael@0 367 js::ObjectImpl::markChildren(JSTracer *trc)
michael@0 368 {
michael@0 369 MarkTypeObject(trc, &type_, "type");
michael@0 370
michael@0 371 MarkShape(trc, &shape_, "shape");
michael@0 372
michael@0 373 const Class *clasp = type_->clasp();
michael@0 374 JSObject *obj = asObjectPtr();
michael@0 375 if (clasp->trace)
michael@0 376 clasp->trace(trc, obj);
michael@0 377
michael@0 378 if (shape_->isNative()) {
michael@0 379 MarkObjectSlots(trc, obj, 0, obj->slotSpan());
michael@0 380 gc::MarkArraySlots(trc, obj->getDenseInitializedLength(), obj->getDenseElements(), "objectElements");
michael@0 381 }
michael@0 382 }
michael@0 383
michael@0 384 void
michael@0 385 AutoPropDescRooter::trace(JSTracer *trc)
michael@0 386 {
michael@0 387 gc::MarkValueRoot(trc, &propDesc.pd_, "AutoPropDescRooter pd");
michael@0 388 gc::MarkValueRoot(trc, &propDesc.value_, "AutoPropDescRooter value");
michael@0 389 gc::MarkValueRoot(trc, &propDesc.get_, "AutoPropDescRooter get");
michael@0 390 gc::MarkValueRoot(trc, &propDesc.set_, "AutoPropDescRooter set");
michael@0 391 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial