The Tor Browser: comparison js/src/gdb/mozilla/jsval.py

--1:000000000000
+:3f96a6142c51
+# Pretty-printers for SpiderMonkey jsvals.
+import gdb
+import gdb.types
+import mozilla.prettyprinters
+from mozilla.prettyprinters import pretty_printer, ptr_pretty_printer
+# Forget any printers from previous loads of this module.
+mozilla.prettyprinters.clear_module_printers(__name__)
+# Summary of the JS::Value (also known as jsval) type:
+#
+# Viewed abstractly, JS::Value is a 64-bit discriminated union, with
+# JSString *, JSObject *, IEEE 64-bit floating-point, and 32-bit integer
+# branches (and a few others). (It is not actually a C++ union;
+# 'discriminated union' just describes the overall effect.) Note that
+# JS::Value is always 64 bits long, even on 32-bit architectures.
+#
+# The ECMAScript standard specifies that ECMAScript numbers are IEEE 64-bit
+# floating-point values. A JS::Value can represent any JavaScript number
+# value directly, without referring to additional storage, or represent an
+# object, string, or other ECMAScript value, and remember which type it is.
+# This may seem surprising: how can a 64-bit type hold all the 64-bit IEEE
+# values, and still distinguish them from objects, strings, and so on,
+# which have 64-bit addresses?
+#
+# This is possible for two reasons:
+#
+# - First, ECMAScript implementations aren't required to distinguish all
+#   the values the IEEE 64-bit format can represent. The IEEE format
+#   specifies many bitstrings representing NaN values, while ECMAScript
+#   requires only a single NaN value. This means we can use one IEEE NaN to
+#   represent ECMAScript's NaN, and use all the other IEEE NaNs to
+#   represent the other ECMAScript values.
+#
+#   (IEEE says that any floating-point value whose 11-bit exponent field is
+#   0x7ff (all ones) and whose 52-bit fraction field is non-zero is a NaN.
+#   So as long as we ensure the fraction field is non-zero, and save a NaN
+#   for ECMAScript, we have 2^52 values to play with.)
+#
+# - Second, on the only 64-bit architecture we support, x86_64, only the
+#   lower 48 bits of an address are significant. The upper sixteen bits are
+#   required to be the sign-extension of bit 48. Furthermore, user code
+#   always runs in "positive addresses": those in which bit 48 is zero. So
+#   we only actually need 47 bits to store all possible object or string
+#   addresses, even on 64-bit platforms.
+#
+# With a 52-bit fraction field, and 47 bits needed for the 'payload', we
+# have up to five bits left to store a 'tag' value, to indicate which
+# branch of our discriminated union is live.
+#
+# Thus, we define JS::Value representations in terms of the IEEE 64-bit
+# floating-point format:
+#
+# - Any bitstring that IEEE calls a number or an infinity represents that
+#   ECMAScript number.
+#
+# - Any bitstring that IEEE calls a NaN represents either an ECMAScript NaN
+#   or a non-number ECMAScript value, as determined by a tag field stored
+#   towards the most significant end of the fraction field (exactly where
+#   depends on the address size). If the tag field indicates that this
+#   JS::Value is an object, the fraction field's least significant end
+#   holds the address of a JSObject; if a string, the address of a
+#   JSString; and so on.
+#
+# On the only 64-bit platform we support, x86_64, only the lower 48 bits of
+# an address are significant, and only those values whose top bit is zero
+# are used for user-space addresses. This means that x86_64 addresses are
+# effectively 47 bits long, and thus fit nicely in the available portion of
+# the fraction field.
+#
+#
+# In detail:
+#
+# - jsval (Value.h) is a typedef for JS::Value.
+#
+# - JS::Value (Value.h) is a class with a lot of methods and a single data
+#   member, of type jsval_layout.
+#
+# - jsval_layout (Value.h) is a helper type for picking apart values. This
+#   is always 64 bits long, with a variant for each address size (32 bits
+#   or 64 bits) and endianness (little- or big-endian).
+#
+#   jsval_layout is a union with 'asBits', 'asDouble', and 'asPtr'
+#   branches, and an 's' branch, which is a struct that tries to break out
+#   the bitfields a little for the non-double types. On 64-bit machines,
+#   jsval_layout also has an 'asUIntPtr' branch.
+#
+#   On 32-bit platforms, the 's' structure has a 'tag' member at the
+#   exponent end of the 's' struct, and a 'payload' union at the mantissa
+#   end. The 'payload' union's branches are things like JSString *,
+#   JSObject *, and so on: the natural representations of the tags.
+#
+#   On 64-bit platforms, the payload is 47 bits long; since C++ doesn't let
+#   us declare bitfields that hold unions, we can't break it down so
+#   neatly. In this case, we apply bit-shifting tricks to the 'asBits'
+#   branch of the union to extract the tag.
+class Box(object):
+def __init__(self, asBits, jtc):
+self.asBits = asBits
+self.jtc = jtc
+# jsval_layout::asBits is uint64, but somebody botches the sign bit, even
+# though Python integers are arbitrary precision.
+if self.asBits < 0:
+self.asBits = self.asBits + (1 << 64)
+# Return this value's type tag.
+def tag(self): raise NotImplementedError
+# Return this value as a 32-bit integer, double, or address.
+def as_uint32(self): raise NotImplementedError
+def as_double(self): raise NotImplementedError
+def as_address(self): raise NotImplementedError
+# Packed non-number boxing --- the format used on x86_64. It would be nice to simply
+# call JSVAL_TO_INT, etc. here, but the debugger is likely to see many jsvals, and
+# doing several inferior calls for each one seems like a bad idea.
+class Punbox(Box):
+FULL_WIDTH     = 64
+TAG_SHIFT      = 47
+PAYLOAD_MASK   = (1 << TAG_SHIFT) - 1
+TAG_MASK       = (1 << (FULL_WIDTH - TAG_SHIFT)) - 1
+TAG_MAX_DOUBLE = 0x1fff0
+TAG_TYPE_MASK  = 0x0000f
+def tag(self):
+tag = self.asBits >> Punbox.TAG_SHIFT
+if tag <= Punbox.TAG_MAX_DOUBLE:
+return self.jtc.DOUBLE
+else:
+return tag & Punbox.TAG_TYPE_MASK
+def as_uint32(self): return int(self.asBits & ((1 << 32) - 1))
+def as_address(self): return gdb.Value(self.asBits & Punbox.PAYLOAD_MASK)
+class Nunbox(Box):
+TAG_SHIFT      = 32
+TAG_CLEAR      = 0xffff0000
+PAYLOAD_MASK   = 0xffffffff
+TAG_TYPE_MASK  = 0x0000000f
+def tag(self):
+tag = self.asBits >> Nunbox.TAG_SHIFT
+if tag < Nunbox.TAG_CLEAR:
+return self.jtc.DOUBLE
+return tag & Nunbox.TAG_TYPE_MASK
+def as_uint32(self): return int(self.asBits & Nunbox.PAYLOAD_MASK)
+def as_address(self): return gdb.Value(self.asBits & Nunbox.PAYLOAD_MASK)
+# Cache information about the jsval type for this objfile.
+class jsvalTypeCache(object):
+def __init__(self, cache):
+# Capture the tag values.
+d = gdb.types.make_enum_dict(gdb.lookup_type('JSValueType'))
+self.DOUBLE    = d['JSVAL_TYPE_DOUBLE']
+self.INT32     = d['JSVAL_TYPE_INT32']
+self.UNDEFINED = d['JSVAL_TYPE_UNDEFINED']
+self.BOOLEAN   = d['JSVAL_TYPE_BOOLEAN']
+self.MAGIC     = d['JSVAL_TYPE_MAGIC']
+self.STRING    = d['JSVAL_TYPE_STRING']
+self.NULL      = d['JSVAL_TYPE_NULL']
+self.OBJECT    = d['JSVAL_TYPE_OBJECT']
+# Let self.magic_names be an array whose i'th element is the name of
+# the i'th magic value.
+d = gdb.types.make_enum_dict(gdb.lookup_type('JSWhyMagic'))
+self.magic_names = range(max(d.itervalues()) + 1)
+for (k,v) in d.items(): self.magic_names[v] = k
+# Choose an unboxing scheme for this architecture.
+self.boxer = Punbox if cache.void_ptr_t.sizeof == 8 else Nunbox
+@pretty_printer('jsval_layout')
+class jsval_layout(object):
+def __init__(self, value, cache):
+# Save the generic typecache, and create our own, if we haven't already.
+self.cache = cache
+if not cache.mod_jsval:
+cache.mod_jsval = jsvalTypeCache(cache)
+self.jtc = cache.mod_jsval
+self.value = value
+self.box = self.jtc.boxer(value['asBits'], self.jtc)
+def to_string(self):
+tag = self.box.tag()
+if tag == self.jtc.INT32:
+value = self.box.as_uint32()
+signbit = 1 << 31
+value = (value ^ signbit) - signbit
+elif tag == self.jtc.UNDEFINED:
+return 'JSVAL_VOID'
+elif tag == self.jtc.BOOLEAN:
+return 'JSVAL_TRUE' if self.box.as_uint32() else 'JSVAL_FALSE'
+elif tag == self.jtc.MAGIC:
+value = self.box.as_uint32()
+if 0 <= value and value < len(self.jtc.magic_names):
+return '$jsmagic(%s)' % (self.jtc.magic_names[value],)
+else:
+return '$jsmagic(%d)' % (value,)
+elif tag == self.jtc.STRING:
+value = self.box.as_address().cast(self.cache.JSString_ptr_t)
+elif tag == self.jtc.NULL:
+return 'JSVAL_NULL'
+elif tag == self.jtc.OBJECT:
+value = self.box.as_address().cast(self.cache.JSObject_ptr_t)
+elif tag == self.jtc.DOUBLE:
+value = self.value['asDouble']
+else:
+return '$jsval(unrecognized!)'
+return '$jsval(%s)' % (value,)
+@pretty_printer('JS::Value')
+class JSValue(object):
+def __new__(cls, value, cache):
+return jsval_layout(value['data'], cache)

The Tor Browser / file comparison

comparison: js/src/gdb/mozilla/jsval.py

js/src/gdb/mozilla/jsval.py