The Tor Browser: js/src/vm/ObjectImpl.h@b8a032363ba2 (annotated)

js/src/vm/ObjectImpl.h@b8a032363ba2 (annotated)

js/src/vm/ObjectImpl.h

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  * vim: set ts=8 sts=4 et sw=4 tw=99:
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #ifndef vm_ObjectImpl_h
 #define vm_ObjectImpl_h
 #include "mozilla/Assertions.h"
 #include "mozilla/Attributes.h"
 #include <stdint.h>
 #include "jsfriendapi.h"
 #include "jsinfer.h"
 #include "NamespaceImports.h"
 #include "gc/Barrier.h"
 #include "gc/Heap.h"
 #include "gc/Marking.h"
 #include "js/Value.h"
 #include "vm/NumericConversions.h"
 #include "vm/Shape.h"
 #include "vm/String.h"
 namespace js {
 class ObjectImpl;
 class Nursery;
 class Shape;
 /*
  * To really poison a set of values, using 'magic' or 'undefined' isn't good
  * enough since often these will just be ignored by buggy code (see bug 629974)
  * in debug builds and crash in release builds. Instead, we use a safe-for-crash
  * pointer.
  */
 static MOZ_ALWAYS_INLINE void
 Debug_SetValueRangeToCrashOnTouch(Value *beg, Value *end)
 {
 #ifdef DEBUG
     for (Value *v = beg; v != end; ++v)
         v->setObject(*reinterpret_cast<JSObject *>(0x42));
 #endif
 }
 static MOZ_ALWAYS_INLINE void
 Debug_SetValueRangeToCrashOnTouch(Value *vec, size_t len)
 {
 #ifdef DEBUG
     Debug_SetValueRangeToCrashOnTouch(vec, vec + len);
 #endif
 }
 static MOZ_ALWAYS_INLINE void
 Debug_SetValueRangeToCrashOnTouch(HeapValue *vec, size_t len)
 {
 #ifdef DEBUG
     Debug_SetValueRangeToCrashOnTouch((Value *) vec, len);
 #endif
 }
 static MOZ_ALWAYS_INLINE void
 Debug_SetSlotRangeToCrashOnTouch(HeapSlot *vec, uint32_t len)
 {
 #ifdef DEBUG
     Debug_SetValueRangeToCrashOnTouch((Value *) vec, len);
 #endif
 }
 static MOZ_ALWAYS_INLINE void
 Debug_SetSlotRangeToCrashOnTouch(HeapSlot *begin, HeapSlot *end)
 {
 #ifdef DEBUG
     Debug_SetValueRangeToCrashOnTouch((Value *) begin, end - begin);
 #endif
 }
 class ArrayObject;
 /*
  * ES6 20130308 draft 8.4.2.4 ArraySetLength.
  *
  * |id| must be "length", |attrs| are the attributes to be used for the newly-
  * changed length property, |value| is the value for the new length, and
  * |setterIsStrict| indicates whether invalid changes will cause a TypeError
  * to be thrown.
  */
 template <ExecutionMode mode>
 extern bool
 ArraySetLength(typename ExecutionModeTraits<mode>::ContextType cx,
                Handle<ArrayObject*> obj, HandleId id,
                unsigned attrs, HandleValue value, bool setterIsStrict);
 /*
  * Elements header used for all objects. The elements component of such objects
  * offers an efficient representation for all or some of the indexed properties
  * of the object, using a flat array of Values rather than a shape hierarchy
  * stored in the object's slots. This structure is immediately followed by an
  * array of elements, with the elements member in an object pointing to the
  * beginning of that array (the end of this structure).
  * See below for usage of this structure.
  *
  * The sets of properties represented by an object's elements and slots
  * are disjoint. The elements contain only indexed properties, while the slots
  * can contain both named and indexed properties; any indexes in the slots are
  * distinct from those in the elements. If isIndexed() is false for an object,
  * all indexed properties (if any) are stored in the dense elements.
  *
  * Indexes will be stored in the object's slots instead of its elements in
  * the following case:
  *  - there are more than MIN_SPARSE_INDEX slots total and the load factor
  *    (COUNT / capacity) is less than 0.25
  *  - a property is defined that has non-default property attributes.
  *
  * We track these pieces of metadata for dense elements:
  *  - The length property as a uint32_t, accessible for array objects with
  *    ArrayObject::{length,setLength}().  This is unused for non-arrays.
  *  - The number of element slots (capacity), gettable with
  *    getDenseElementsCapacity().
  *  - The array's initialized length, accessible with
  *    getDenseElementsInitializedLength().
  *
  * Holes in the array are represented by MagicValue(JS_ELEMENTS_HOLE) values.
  * These indicate indexes which are not dense properties of the array. The
  * property may, however, be held by the object's properties.
  *
  * The capacity and length of an object's elements are almost entirely
  * unrelated!  In general the length may be greater than, less than, or equal
  * to the capacity.  The first case occurs with |new Array(100)|.  The length
  * is 100, but the capacity remains 0 (indices below length and above capacity
  * must be treated as holes) until elements between capacity and length are
  * set.  The other two cases are common, depending upon the number of elements
  * in an array and the underlying allocator used for element storage.
  *
  * The only case in which the capacity and length of an object's elements are
  * related is when the object is an array with non-writable length.  In this
  * case the capacity is always less than or equal to the length.  This permits
  * JIT code to optimize away the check for non-writable length when assigning
  * to possibly out-of-range elements: such code already has to check for
  * |index < capacity|, and fallback code checks for non-writable length.
  *
  * The initialized length of an object specifies the number of elements that
  * have been initialized. All elements above the initialized length are
  * holes in the object, and the memory for all elements between the initialized
  * length and capacity is left uninitialized. The initialized length is some
  * value less than or equal to both the object's length and the object's
  * capacity.
  *
  * There is flexibility in exactly the value the initialized length must hold,
  * e.g. if an array has length 5, capacity 10, completely empty, it is valid
  * for the initialized length to be any value between zero and 5, as long as
  * the in memory values below the initialized length have been initialized with
  * a hole value. However, in such cases we want to keep the initialized length
  * as small as possible: if the object is known to have no hole values below
  * its initialized length, then it is "packed" and can be accessed much faster
  * by JIT code.
  *
  * Elements do not track property creation order, so enumerating the elements
  * of an object does not necessarily visit indexes in the order they were
  * created.
  */
 class ObjectElements
 {
   public:
     enum Flags {
         CONVERT_DOUBLE_ELEMENTS     = 0x1,
         // Present only if these elements correspond to an array with
         // non-writable length; never present for non-arrays.
         NONWRITABLE_ARRAY_LENGTH    = 0x2
     };
   private:
     friend class ::JSObject;
     friend class ObjectImpl;
     friend class ArrayObject;
     friend class Nursery;
     template <ExecutionMode mode>
     friend bool
     ArraySetLength(typename ExecutionModeTraits<mode>::ContextType cx,
                    Handle<ArrayObject*> obj, HandleId id,
                    unsigned attrs, HandleValue value, bool setterIsStrict);
     /* See Flags enum above. */
     uint32_t flags;
     /*
      * Number of initialized elements. This is <= the capacity, and for arrays
      * is <= the length. Memory for elements above the initialized length is
      * uninitialized, but values between the initialized length and the proper
      * length are conceptually holes.
      */
     uint32_t initializedLength;
     /* Number of allocated slots. */
     uint32_t capacity;
     /* 'length' property of array objects, unused for other objects. */
     uint32_t length;
     void staticAsserts() {
         static_assert(sizeof(ObjectElements) == VALUES_PER_HEADER * sizeof(Value),
                       "Elements size and values-per-Elements mismatch");
     }
     bool shouldConvertDoubleElements() const {
         return flags & CONVERT_DOUBLE_ELEMENTS;
     }
     void setShouldConvertDoubleElements() {
         flags |= CONVERT_DOUBLE_ELEMENTS;
     }
     void clearShouldConvertDoubleElements() {
         flags &= ~CONVERT_DOUBLE_ELEMENTS;
     }
     bool hasNonwritableArrayLength() const {
         return flags & NONWRITABLE_ARRAY_LENGTH;
     }
     void setNonwritableArrayLength() {
         flags |= NONWRITABLE_ARRAY_LENGTH;
     }
   public:
     MOZ_CONSTEXPR ObjectElements(uint32_t capacity, uint32_t length)
       : flags(0), initializedLength(0), capacity(capacity), length(length)
     {}
     HeapSlot *elements() {
         return reinterpret_cast<HeapSlot*>(uintptr_t(this) + sizeof(ObjectElements));
     }
     static ObjectElements * fromElements(HeapSlot *elems) {
         return reinterpret_cast<ObjectElements*>(uintptr_t(elems) - sizeof(ObjectElements));
     }
     static int offsetOfFlags() {
         return int(offsetof(ObjectElements, flags)) - int(sizeof(ObjectElements));
     }
     static int offsetOfInitializedLength() {
         return int(offsetof(ObjectElements, initializedLength)) - int(sizeof(ObjectElements));
     }
     static int offsetOfCapacity() {
         return int(offsetof(ObjectElements, capacity)) - int(sizeof(ObjectElements));
     }
     static int offsetOfLength() {
         return int(offsetof(ObjectElements, length)) - int(sizeof(ObjectElements));
     }
     static bool ConvertElementsToDoubles(JSContext *cx, uintptr_t elements);
     static const size_t VALUES_PER_HEADER = 2;
 };
 /* Shared singleton for objects with no elements. */
 extern HeapSlot *const emptyObjectElements;
 struct Class;
 struct GCMarker;
 struct ObjectOps;
 class Shape;
 class NewObjectCache;
 class TaggedProto;
 inline Value
 ObjectValue(ObjectImpl &obj);
 #ifdef DEBUG
 static inline bool
 IsObjectValueInCompartment(js::Value v, JSCompartment *comp);
 #endif
 /*
  * ObjectImpl specifies the internal implementation of an object.  (In contrast
  * JSObject specifies an "external" interface, at the conceptual level of that
  * exposed in ECMAScript.)
  *
  * The |shape_| member stores the shape of the object, which includes the
  * object's class and the layout of all its properties.
  *
  * The |type_| member stores the type of the object, which contains its
  * prototype object and the possible types of its properties.
  *
  * The rest of the object stores its named properties and indexed elements.
  * These are stored separately from one another. Objects are followed by a
  * variable-sized array of values for inline storage, which may be used by
  * either properties of native objects (fixed slots), by elements (fixed
  * elements), or by other data for certain kinds of objects, such as
  * ArrayBufferObjects and TypedArrayObjects.
  *
  * Two native objects with the same shape are guaranteed to have the same
  * number of fixed slots.
  *
  * Named property storage can be split between fixed slots and a dynamically
  * allocated array (the slots member). For an object with N fixed slots, shapes
  * with slots [0..N-1] are stored in the fixed slots, and the remainder are
  * stored in the dynamic array. If all properties fit in the fixed slots, the
  * 'slots' member is nullptr.
  *
  * Elements are indexed via the 'elements' member. This member can point to
  * either the shared emptyObjectElements singleton, into the inline value array
  * (the address of the third value, to leave room for a ObjectElements header;
  * in this case numFixedSlots() is zero) or to a dynamically allocated array.
  *
  * Only certain combinations of slots and elements storage are possible.
  *
  * - For native objects, slots and elements may both be non-empty. The
  *   slots may be either names or indexes; no indexed property will be in both
  *   the slots and elements.
  *
  * - For non-native objects, slots and elements are both empty.
  *
  * The members of this class are currently protected; in the long run this will
  * will change so that some members are private, and only certain methods that
  * act upon them will be protected.
  */
 class ObjectImpl : public gc::BarrieredCell<ObjectImpl>
 {
     friend Zone *js::gc::BarrieredCell<ObjectImpl>::zone() const;
     friend Zone *js::gc::BarrieredCell<ObjectImpl>::zoneFromAnyThread() const;
   protected:
     /*
      * Shape of the object, encodes the layout of the object's properties and
      * all other information about its structure. See vm/Shape.h.
      */
     HeapPtrShape shape_;
     /*
      * The object's type and prototype. For objects with the LAZY_TYPE flag
      * set, this is the prototype's default 'new' type and can only be used
      * to get that prototype.
      */
     HeapPtrTypeObject type_;
     HeapSlot *slots;     /* Slots for object properties. */
     HeapSlot *elements;  /* Slots for object elements. */
     friend bool
     ArraySetLength(JSContext *cx, Handle<ArrayObject*> obj, HandleId id, unsigned attrs,
                    HandleValue value, bool setterIsStrict);
   private:
     static void staticAsserts() {
         static_assert(sizeof(ObjectImpl) == sizeof(shadow::Object),
                       "shadow interface must match actual implementation");
         static_assert(sizeof(ObjectImpl) % sizeof(Value) == 0,
                       "fixed slots after an object must be aligned");
         static_assert(offsetof(ObjectImpl, shape_) == offsetof(shadow::Object, shape),
                       "shadow shape must match actual shape");
         static_assert(offsetof(ObjectImpl, type_) == offsetof(shadow::Object, type),
                       "shadow type must match actual type");
         static_assert(offsetof(ObjectImpl, slots) == offsetof(shadow::Object, slots),
                       "shadow slots must match actual slots");
         static_assert(offsetof(ObjectImpl, elements) == offsetof(shadow::Object, _1),
                       "shadow placeholder must match actual elements");
     }
     JSObject * asObjectPtr() { return reinterpret_cast<JSObject *>(this); }
     const JSObject * asObjectPtr() const { return reinterpret_cast<const JSObject *>(this); }
     friend inline Value ObjectValue(ObjectImpl &obj);
     /* These functions are public, and they should remain public. */
   public:
     TaggedProto getTaggedProto() const {
         return type_->proto();
     }
     bool hasTenuredProto() const;
     const Class *getClass() const {
         return type_->clasp();
     }
     static inline bool
     isExtensible(ExclusiveContext *cx, Handle<ObjectImpl*> obj, bool *extensible);
     // Indicates whether a non-proxy is extensible.  Don't call on proxies!
     // This method really shouldn't exist -- but there are a few internal
     // places that want it (JITs and the like), and it'd be a pain to mark them
     // all as friends.
     bool nonProxyIsExtensible() const {
         MOZ_ASSERT(!isProxy());
         // [[Extensible]] for ordinary non-proxy objects is an object flag.
         return !lastProperty()->hasObjectFlag(BaseShape::NOT_EXTENSIBLE);
     }
 #ifdef DEBUG
     bool isProxy() const;
 #endif
     // Attempt to change the [[Extensible]] bit on |obj| to false.  Callers
     // must ensure that |obj| is currently extensible before calling this!
     static bool
     preventExtensions(JSContext *cx, Handle<ObjectImpl*> obj);
     HeapSlotArray getDenseElements() {
         JS_ASSERT(isNative());
         return HeapSlotArray(elements);
     }
     const Value &getDenseElement(uint32_t idx) {
         JS_ASSERT(isNative());
         MOZ_ASSERT(idx < getDenseInitializedLength());
         return elements[idx];
     }
     bool containsDenseElement(uint32_t idx) {
         JS_ASSERT(isNative());
         return idx < getDenseInitializedLength() && !elements[idx].isMagic(JS_ELEMENTS_HOLE);
     }
     uint32_t getDenseInitializedLength() {
         JS_ASSERT(getClass()->isNative());
         return getElementsHeader()->initializedLength;
     }
     uint32_t getDenseCapacity() {
         JS_ASSERT(getClass()->isNative());
         return getElementsHeader()->capacity;
     }
   protected:
 #ifdef DEBUG
     void checkShapeConsistency();
 #else
     void checkShapeConsistency() { }
 #endif
     Shape *
     replaceWithNewEquivalentShape(ThreadSafeContext *cx,
                                   Shape *existingShape, Shape *newShape = nullptr);
     enum GenerateShape {
         GENERATE_NONE,
         GENERATE_SHAPE
     };
     bool setFlag(ExclusiveContext *cx, /*BaseShape::Flag*/ uint32_t flag,
                  GenerateShape generateShape = GENERATE_NONE);
     bool clearFlag(ExclusiveContext *cx, /*BaseShape::Flag*/ uint32_t flag);
     bool toDictionaryMode(ThreadSafeContext *cx);
   private:
     friend class Nursery;
     /*
      * Get internal pointers to the range of values starting at start and
      * running for length.
      */
     void getSlotRangeUnchecked(uint32_t start, uint32_t length,
                                HeapSlot **fixedStart, HeapSlot **fixedEnd,
                                HeapSlot **slotsStart, HeapSlot **slotsEnd)
     {
         MOZ_ASSERT(start + length >= start);
         uint32_t fixed = numFixedSlots();
         if (start < fixed) {
             if (start + length < fixed) {
                 *fixedStart = &fixedSlots()[start];
                 *fixedEnd = &fixedSlots()[start + length];
                 *slotsStart = *slotsEnd = nullptr;
             } else {
                 uint32_t localCopy = fixed - start;
                 *fixedStart = &fixedSlots()[start];
                 *fixedEnd = &fixedSlots()[start + localCopy];
                 *slotsStart = &slots[0];
                 *slotsEnd = &slots[length - localCopy];
             }
         } else {
             *fixedStart = *fixedEnd = nullptr;
             *slotsStart = &slots[start - fixed];
             *slotsEnd = &slots[start - fixed + length];
         }
     }
     void getSlotRange(uint32_t start, uint32_t length,
                       HeapSlot **fixedStart, HeapSlot **fixedEnd,
                       HeapSlot **slotsStart, HeapSlot **slotsEnd)
     {
         MOZ_ASSERT(slotInRange(start + length, SENTINEL_ALLOWED));
         getSlotRangeUnchecked(start, length, fixedStart, fixedEnd, slotsStart, slotsEnd);
     }
   protected:
     friend struct GCMarker;
     friend class Shape;
     friend class NewObjectCache;
     void invalidateSlotRange(uint32_t start, uint32_t length) {
 #ifdef DEBUG
         HeapSlot *fixedStart, *fixedEnd, *slotsStart, *slotsEnd;
         getSlotRange(start, length, &fixedStart, &fixedEnd, &slotsStart, &slotsEnd);
         Debug_SetSlotRangeToCrashOnTouch(fixedStart, fixedEnd);
         Debug_SetSlotRangeToCrashOnTouch(slotsStart, slotsEnd);
 #endif /* DEBUG */
     }
     void initializeSlotRange(uint32_t start, uint32_t count);
     /*
      * Initialize a flat array of slots to this object at a start slot.  The
      * caller must ensure that are enough slots.
      */
     void initSlotRange(uint32_t start, const Value *vector, uint32_t length);
     /*
      * Copy a flat array of slots to this object at a start slot. Caller must
      * ensure there are enough slots in this object.
      */
     void copySlotRange(uint32_t start, const Value *vector, uint32_t length);
 #ifdef DEBUG
     enum SentinelAllowed {
         SENTINEL_NOT_ALLOWED,
         SENTINEL_ALLOWED
     };
     /*
      * Check that slot is in range for the object's allocated slots.
      * If sentinelAllowed then slot may equal the slot capacity.
      */
     bool slotInRange(uint32_t slot, SentinelAllowed sentinel = SENTINEL_NOT_ALLOWED) const;
 #endif
     /*
      * Minimum size for dynamically allocated slots in normal Objects.
      * ArrayObjects don't use this limit and can have a lower slot capacity,
      * since they normally don't have a lot of slots.
      */
     static const uint32_t SLOT_CAPACITY_MIN = 8;
     HeapSlot *fixedSlots() const {
         return reinterpret_cast<HeapSlot *>(uintptr_t(this) + sizeof(ObjectImpl));
     }
     /*
      * These functions are currently public for simplicity; in the long run
      * it may make sense to make at least some of them private.
      */
   public:
     Shape * lastProperty() const {
         MOZ_ASSERT(shape_);
         return shape_;
     }
     bool generateOwnShape(ThreadSafeContext *cx, js::Shape *newShape = nullptr) {
         return replaceWithNewEquivalentShape(cx, lastProperty(), newShape);
     }
     JSCompartment *compartment() const {
         return lastProperty()->base()->compartment();
     }
     bool isNative() const {
         return lastProperty()->isNative();
     }
     types::TypeObject *type() const {
         MOZ_ASSERT(!hasLazyType());
         return typeRaw();
     }
     types::TypeObject *typeRaw() const {
         return type_;
     }
     uint32_t numFixedSlots() const {
         return reinterpret_cast<const shadow::Object *>(this)->numFixedSlots();
     }
     /*
      * Whether this is the only object which has its specified type. This
      * object will have its type constructed lazily as needed by analysis.
      */
     bool hasSingletonType() const {
         return !!type_->singleton();
     }
     /*
      * Whether the object's type has not been constructed yet. If an object
      * might have a lazy type, use getType() below, otherwise type().
      */
     bool hasLazyType() const {
         return type_->lazy();
     }
     uint32_t slotSpan() const {
         if (inDictionaryMode())
             return lastProperty()->base()->slotSpan();
         return lastProperty()->slotSpan();
     }
     /* Compute dynamicSlotsCount() for this object. */
     uint32_t numDynamicSlots() const {
         return dynamicSlotsCount(numFixedSlots(), slotSpan(), getClass());
     }
     Shape *nativeLookup(ExclusiveContext *cx, jsid id);
     Shape *nativeLookup(ExclusiveContext *cx, PropertyName *name) {
         return nativeLookup(cx, NameToId(name));
     }
     bool nativeContains(ExclusiveContext *cx, jsid id) {
         return nativeLookup(cx, id) != nullptr;
     }
     bool nativeContains(ExclusiveContext *cx, PropertyName* name) {
         return nativeLookup(cx, name) != nullptr;
     }
     bool nativeContains(ExclusiveContext *cx, Shape* shape) {
         return nativeLookup(cx, shape->propid()) == shape;
     }
     /* Contextless; can be called from parallel code. */
     Shape *nativeLookupPure(jsid id);
     Shape *nativeLookupPure(PropertyName *name) {
         return nativeLookupPure(NameToId(name));
     }
     bool nativeContainsPure(jsid id) {
         return nativeLookupPure(id) != nullptr;
     }
     bool nativeContainsPure(PropertyName* name) {
         return nativeContainsPure(NameToId(name));
     }
     bool nativeContainsPure(Shape* shape) {
         return nativeLookupPure(shape->propid()) == shape;
     }
     const JSClass *getJSClass() const {
         return Jsvalify(getClass());
     }
     bool hasClass(const Class *c) const {
         return getClass() == c;
     }
     const ObjectOps *getOps() const {
         return &getClass()->ops;
     }
     /*
      * An object is a delegate if it is on another object's prototype or scope
      * chain, and therefore the delegate might be asked implicitly to get or
      * set a property on behalf of another object. Delegates may be accessed
      * directly too, as may any object, but only those objects linked after the
      * head of any prototype or scope chain are flagged as delegates. This
      * definition helps to optimize shape-based property cache invalidation
      * (see Purge{Scope,Proto}Chain in jsobj.cpp).
      */
     bool isDelegate() const {
         return lastProperty()->hasObjectFlag(BaseShape::DELEGATE);
     }
     /*
      * Return true if this object is a native one that has been converted from
      * shared-immutable prototype-rooted shape storage to dictionary-shapes in
      * a doubly-linked list.
      */
     bool inDictionaryMode() const {
         return lastProperty()->inDictionary();
     }
     const Value &getSlot(uint32_t slot) const {
         MOZ_ASSERT(slotInRange(slot));
         uint32_t fixed = numFixedSlots();
         if (slot < fixed)
             return fixedSlots()[slot];
         return slots[slot - fixed];
     }
     const HeapSlot *getSlotAddressUnchecked(uint32_t slot) const {
         uint32_t fixed = numFixedSlots();
         if (slot < fixed)
             return fixedSlots() + slot;
         return slots + (slot - fixed);
     }
     HeapSlot *getSlotAddressUnchecked(uint32_t slot) {
         const ObjectImpl *obj = static_cast<const ObjectImpl*>(this);
         return const_cast<HeapSlot*>(obj->getSlotAddressUnchecked(slot));
     }
     HeapSlot *getSlotAddress(uint32_t slot) {
         /*
          * This can be used to get the address of the end of the slots for the
          * object, which may be necessary when fetching zero-length arrays of
          * slots (e.g. for callObjVarArray).
          */
         MOZ_ASSERT(slotInRange(slot, SENTINEL_ALLOWED));
         return getSlotAddressUnchecked(slot);
     }
     const HeapSlot *getSlotAddress(uint32_t slot) const {
         /*
          * This can be used to get the address of the end of the slots for the
          * object, which may be necessary when fetching zero-length arrays of
          * slots (e.g. for callObjVarArray).
          */
         MOZ_ASSERT(slotInRange(slot, SENTINEL_ALLOWED));
         return getSlotAddressUnchecked(slot);
     }
     HeapSlot &getSlotRef(uint32_t slot) {
         MOZ_ASSERT(slotInRange(slot));
         return *getSlotAddress(slot);
     }
     const HeapSlot &getSlotRef(uint32_t slot) const {
         MOZ_ASSERT(slotInRange(slot));
         return *getSlotAddress(slot);
     }
     HeapSlot &nativeGetSlotRef(uint32_t slot) {
         JS_ASSERT(isNative() && slot < slotSpan());
         return getSlotRef(slot);
     }
     const Value &nativeGetSlot(uint32_t slot) const {
         JS_ASSERT(isNative() && slot < slotSpan());
         return getSlot(slot);
     }
     void setSlot(uint32_t slot, const Value &value) {
         MOZ_ASSERT(slotInRange(slot));
         MOZ_ASSERT(IsObjectValueInCompartment(value, compartment()));
         getSlotRef(slot).set(this->asObjectPtr(), HeapSlot::Slot, slot, value);
     }
     inline void setCrossCompartmentSlot(uint32_t slot, const Value &value) {
         MOZ_ASSERT(slotInRange(slot));
         getSlotRef(slot).set(this->asObjectPtr(), HeapSlot::Slot, slot, value);
     }
     void initSlot(uint32_t slot, const Value &value) {
         MOZ_ASSERT(getSlot(slot).isUndefined());
         MOZ_ASSERT(slotInRange(slot));
         MOZ_ASSERT(IsObjectValueInCompartment(value, compartment()));
         initSlotUnchecked(slot, value);
     }
     void initCrossCompartmentSlot(uint32_t slot, const Value &value) {
         MOZ_ASSERT(getSlot(slot).isUndefined());
         MOZ_ASSERT(slotInRange(slot));
         initSlotUnchecked(slot, value);
     }
     void initSlotUnchecked(uint32_t slot, const Value &value) {
         getSlotAddressUnchecked(slot)->init(this->asObjectPtr(), HeapSlot::Slot, slot, value);
     }
     /* For slots which are known to always be fixed, due to the way they are allocated. */
     HeapSlot &getFixedSlotRef(uint32_t slot) {
         MOZ_ASSERT(slot < numFixedSlots());
         return fixedSlots()[slot];
     }
     const Value &getFixedSlot(uint32_t slot) const {
         MOZ_ASSERT(slot < numFixedSlots());
         return fixedSlots()[slot];
     }
     void setFixedSlot(uint32_t slot, const Value &value) {
         MOZ_ASSERT(slot < numFixedSlots());
         fixedSlots()[slot].set(this->asObjectPtr(), HeapSlot::Slot, slot, value);
     }
     void initFixedSlot(uint32_t slot, const Value &value) {
         MOZ_ASSERT(slot < numFixedSlots());
         fixedSlots()[slot].init(this->asObjectPtr(), HeapSlot::Slot, slot, value);
     }
     /*
      * Get the number of dynamic slots to allocate to cover the properties in
      * an object with the given number of fixed slots and slot span. The slot
      * capacity is not stored explicitly, and the allocated size of the slot
      * array is kept in sync with this count.
      */
     static uint32_t dynamicSlotsCount(uint32_t nfixed, uint32_t span, const Class *clasp);
     /* Memory usage functions. */
     size_t tenuredSizeOfThis() const {
         return js::gc::Arena::thingSize(tenuredGetAllocKind());
     }
     /* Elements accessors. */
     ObjectElements * getElementsHeader() const {
         return ObjectElements::fromElements(elements);
     }
     inline HeapSlot *fixedElements() const {
         static_assert(2 * sizeof(Value) == sizeof(ObjectElements),
                       "when elements are stored inline, the first two "
                       "slots will hold the ObjectElements header");
         return &fixedSlots()[2];
     }
 #ifdef DEBUG
     bool canHaveNonEmptyElements();
 #endif
     void setFixedElements() {
         JS_ASSERT(canHaveNonEmptyElements());
         this->elements = fixedElements();
     }
     inline bool hasDynamicElements() const {
         /*
          * Note: for objects with zero fixed slots this could potentially give
          * a spurious 'true' result, if the end of this object is exactly
          * aligned with the end of its arena and dynamic slots are allocated
          * immediately afterwards. Such cases cannot occur for dense arrays
          * (which have at least two fixed slots) and can only result in a leak.
          */
         return !hasEmptyElements() && elements != fixedElements();
     }
     inline bool hasFixedElements() const {
         return elements == fixedElements();
     }
     inline bool hasEmptyElements() const {
         return elements == emptyObjectElements;
     }
     /*
      * Get a pointer to the unused data in the object's allocation immediately
      * following this object, for use with objects which allocate a larger size
      * class than they need and store non-elements data inline.
      */
     inline void *fixedData(size_t nslots) const;
     /* GC support. */
     static ThingRootKind rootKind() { return THING_ROOT_OBJECT; }
     inline void privateWriteBarrierPre(void **oldval);
     void privateWriteBarrierPost(void **pprivate) {
 #ifdef JSGC_GENERATIONAL
         shadowRuntimeFromAnyThread()->gcStoreBufferPtr()->putCell(reinterpret_cast<js::gc::Cell **>(pprivate));
 #endif
     }
     void markChildren(JSTracer *trc);
     /* Private data accessors. */
     inline void *&privateRef(uint32_t nfixed) const { /* XXX should be private, not protected! */
         /*
          * The private pointer of an object can hold any word sized value.
          * Private pointers are stored immediately after the last fixed slot of
          * the object.
          */
         MOZ_ASSERT(nfixed == numFixedSlots());
         MOZ_ASSERT(hasPrivate());
         HeapSlot *end = &fixedSlots()[nfixed];
         return *reinterpret_cast<void**>(end);
     }
     bool hasPrivate() const {
         return getClass()->hasPrivate();
     }
     void *getPrivate() const {
         return privateRef(numFixedSlots());
     }
     void setPrivate(void *data) {
         void **pprivate = &privateRef(numFixedSlots());
         privateWriteBarrierPre(pprivate);
         *pprivate = data;
     }
     void setPrivateGCThing(gc::Cell *cell) {
         void **pprivate = &privateRef(numFixedSlots());
         privateWriteBarrierPre(pprivate);
         *pprivate = reinterpret_cast<void *>(cell);
         privateWriteBarrierPost(pprivate);
     }
     void setPrivateUnbarriered(void *data) {
         void **pprivate = &privateRef(numFixedSlots());
         *pprivate = data;
     }
     void initPrivate(void *data) {
         privateRef(numFixedSlots()) = data;
     }
     /* Access private data for an object with a known number of fixed slots. */
     inline void *getPrivate(uint32_t nfixed) const {
         return privateRef(nfixed);
     }
     /* GC Accessors */
     void setInitialSlots(HeapSlot *newSlots) { slots = newSlots; }
     /* JIT Accessors */
     static size_t offsetOfShape() { return offsetof(ObjectImpl, shape_); }
     HeapPtrShape *addressOfShape() { return &shape_; }
     static size_t offsetOfType() { return offsetof(ObjectImpl, type_); }
     HeapPtrTypeObject *addressOfType() { return &type_; }
     static size_t offsetOfElements() { return offsetof(ObjectImpl, elements); }
     static size_t offsetOfFixedElements() {
         return sizeof(ObjectImpl) + sizeof(ObjectElements);
     }
     static size_t getFixedSlotOffset(size_t slot) {
         return sizeof(ObjectImpl) + slot * sizeof(Value);
     }
     static size_t getPrivateDataOffset(size_t nfixed) { return getFixedSlotOffset(nfixed); }
     static size_t offsetOfSlots() { return offsetof(ObjectImpl, slots); }
 };
 namespace gc {
 template <>
 MOZ_ALWAYS_INLINE Zone *
 BarrieredCell<ObjectImpl>::zone() const
 {
     const ObjectImpl* obj = static_cast<const ObjectImpl*>(this);
     JS::Zone *zone = obj->shape_->zone();
     JS_ASSERT(CurrentThreadCanAccessZone(zone));
     return zone;
 }
 template <>
 MOZ_ALWAYS_INLINE Zone *
 BarrieredCell<ObjectImpl>::zoneFromAnyThread() const
 {
     const ObjectImpl* obj = static_cast<const ObjectImpl*>(this);
     return obj->shape_->zoneFromAnyThread();
 }
 // TypeScript::global uses 0x1 as a special value.
 template<>
 /* static */ inline bool
 BarrieredCell<ObjectImpl>::isNullLike(ObjectImpl *obj)
 {
     return IsNullTaggedPointer(obj);
 }
 template<>
 /* static */ inline void
 BarrieredCell<ObjectImpl>::writeBarrierPost(ObjectImpl *obj, void *addr)
 {
 #ifdef JSGC_GENERATIONAL
     if (IsNullTaggedPointer(obj))
         return;
     obj->shadowRuntimeFromAnyThread()->gcStoreBufferPtr()->putCell((Cell **)addr);
 #endif
 }
 template<>
 /* static */ inline void
 BarrieredCell<ObjectImpl>::writeBarrierPostRelocate(ObjectImpl *obj, void *addr)
 {
 #ifdef JSGC_GENERATIONAL
     obj->shadowRuntimeFromAnyThread()->gcStoreBufferPtr()->putRelocatableCell((Cell **)addr);
 #endif
 }
 template<>
 /* static */ inline void
 BarrieredCell<ObjectImpl>::writeBarrierPostRemove(ObjectImpl *obj, void *addr)
 {
 #ifdef JSGC_GENERATIONAL
     obj->shadowRuntimeFromAnyThread()->gcStoreBufferPtr()->removeRelocatableCell((Cell **)addr);
 #endif
 }
 } // namespace gc
 inline void
 ObjectImpl::privateWriteBarrierPre(void **oldval)
 {
 #ifdef JSGC_INCREMENTAL
     JS::shadow::Zone *shadowZone = this->shadowZoneFromAnyThread();
     if (shadowZone->needsBarrier()) {
         if (*oldval && getClass()->trace)
             getClass()->trace(shadowZone->barrierTracer(), this->asObjectPtr());
     }
 #endif
 }
 inline Value
 ObjectValue(ObjectImpl &obj)
 {
     Value v;
     v.setObject(*obj.asObjectPtr());
     return v;
 }
 inline Handle<JSObject*>
 Downcast(Handle<ObjectImpl*> obj)
 {
     return Handle<JSObject*>::fromMarkedLocation(reinterpret_cast<JSObject* const*>(obj.address()));
 }
 #ifdef DEBUG
 static inline bool
 IsObjectValueInCompartment(js::Value v, JSCompartment *comp)
 {
     if (!v.isObject())
         return true;
     return reinterpret_cast<ObjectImpl*>(&v.toObject())->compartment() == comp;
 }
 #endif
 } /* namespace js */
 #endif /* vm_ObjectImpl_h */

The Tor Browser / annotate

js/src/vm/ObjectImpl.h@b8a032363ba2 (annotated)

js/src/vm/ObjectImpl.h