mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1079844 - Rename isNeutered() to isDetached(), and rename isNeutered() on views to hasDetachedBuffer(). r=sfink
This commit is contained in:
parent
9c7dd117d1
commit
2205671c69
@ -1386,7 +1386,7 @@ TypedObject::isAttached() const
|
||||
if (table) {
|
||||
JSObject* buffer = table->lookup(this);
|
||||
if (buffer)
|
||||
return !buffer->as<ArrayBufferObject>().isNeutered();
|
||||
return !buffer->as<ArrayBufferObject>().isDetached();
|
||||
}
|
||||
return true;
|
||||
}
|
||||
@ -1395,7 +1395,7 @@ TypedObject::isAttached() const
|
||||
if (!as<OutlineTypedObject>().outOfLineTypedMem())
|
||||
return false;
|
||||
JSObject& owner = as<OutlineTypedObject>().owner();
|
||||
if (owner.is<ArrayBufferObject>() && owner.as<ArrayBufferObject>().isNeutered())
|
||||
if (owner.is<ArrayBufferObject>() && owner.as<ArrayBufferObject>().isDetached())
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
@ -1408,7 +1408,7 @@ TypedObject::maybeForwardedIsAttached() const
|
||||
if (!as<OutlineTypedObject>().outOfLineTypedMem())
|
||||
return false;
|
||||
JSObject& owner = *MaybeForwarded(&as<OutlineTypedObject>().owner());
|
||||
if (owner.is<ArrayBufferObject>() && owner.as<ArrayBufferObject>().isNeutered())
|
||||
if (owner.is<ArrayBufferObject>() && owner.as<ArrayBufferObject>().isDetached())
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
@ -2356,7 +2356,7 @@ TypedObject::construct(JSContext* cx, unsigned int argc, Value* vp)
|
||||
Rooted<ArrayBufferObject*> buffer(cx);
|
||||
buffer = &args[0].toObject().as<ArrayBufferObject>();
|
||||
|
||||
if (callee->opaque() || buffer->isNeutered()) {
|
||||
if (callee->opaque() || buffer->isDetached()) {
|
||||
JS_ReportErrorNumber(cx, GetErrorMessage,
|
||||
nullptr, JSMSG_TYPEDOBJECT_BAD_ARGS);
|
||||
return false;
|
||||
|
@ -106,7 +106,7 @@ BEGIN_TEST(testArrayBuffer_bug720949_viewList)
|
||||
CHECK(contents != nullptr);
|
||||
JS_free(nullptr, contents);
|
||||
GC(cx);
|
||||
CHECK(isNeutered(view));
|
||||
CHECK(hasDetachedBuffer(view));
|
||||
CHECK(JS_IsDetachedArrayBufferObject(buffer));
|
||||
view = nullptr;
|
||||
GC(cx);
|
||||
@ -131,8 +131,8 @@ BEGIN_TEST(testArrayBuffer_bug720949_viewList)
|
||||
CHECK(contents != nullptr);
|
||||
JS_free(nullptr, contents);
|
||||
|
||||
CHECK(isNeutered(view1));
|
||||
CHECK(isNeutered(view2));
|
||||
CHECK(hasDetachedBuffer(view1));
|
||||
CHECK(hasDetachedBuffer(view2));
|
||||
CHECK(JS_IsDetachedArrayBufferObject(buffer));
|
||||
|
||||
view1 = nullptr;
|
||||
@ -152,7 +152,7 @@ static void GC(JSContext* cx)
|
||||
JS_GC(JS_GetRuntime(cx)); // Trigger another to wait for background finalization to end
|
||||
}
|
||||
|
||||
bool isNeutered(JS::HandleObject obj) {
|
||||
bool hasDetachedBuffer(JS::HandleObject obj) {
|
||||
JS::RootedValue v(cx);
|
||||
return JS_GetProperty(cx, obj, "byteLength", &v) && v.toInt32() == 0;
|
||||
}
|
||||
|
@ -301,7 +301,7 @@ ArrayBufferObject::neuter(JSContext* cx, Handle<ArrayBufferObject*> buffer,
|
||||
buffer->setNewOwnedData(cx->runtime()->defaultFreeOp(), newContents);
|
||||
|
||||
buffer->setByteLength(0);
|
||||
buffer->setIsNeutered();
|
||||
buffer->setIsDetached();
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -1161,7 +1161,7 @@ JS_IsDetachedArrayBufferObject(JSObject* obj)
|
||||
if (!obj)
|
||||
return false;
|
||||
|
||||
return obj->is<ArrayBufferObject>() && obj->as<ArrayBufferObject>().isNeutered();
|
||||
return obj->is<ArrayBufferObject>() && obj->as<ArrayBufferObject>().isDetached();
|
||||
}
|
||||
|
||||
JS_FRIEND_API(JSObject*)
|
||||
@ -1223,7 +1223,7 @@ JS_StealArrayBufferContents(JSContext* cx, HandleObject objArg)
|
||||
}
|
||||
|
||||
Rooted<ArrayBufferObject*> buffer(cx, &obj->as<ArrayBufferObject>());
|
||||
if (buffer->isNeutered()) {
|
||||
if (buffer->isDetached()) {
|
||||
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_DETACHED);
|
||||
return nullptr;
|
||||
}
|
||||
|
@ -244,12 +244,12 @@ class ArrayBufferObject : public ArrayBufferObjectMaybeShared
|
||||
if (!ownsData())
|
||||
return false;
|
||||
|
||||
// Neutered contents aren't transferrable because we want a neutered
|
||||
// array's contents to be backed by zeroed memory equal in length to
|
||||
// Detached contents aren't transferrable because we want a detached
|
||||
// buffer's contents to be backed by zeroed memory equal in length to
|
||||
// the original buffer contents. Transferring these contents would
|
||||
// allocate new ones based on the current byteLength, which is 0 for a
|
||||
// neutered array -- not the original byteLength.
|
||||
return !isNeutered();
|
||||
// detached buffer -- not the original byteLength.
|
||||
return !isDetached();
|
||||
}
|
||||
|
||||
// Return whether the buffer is allocated by js_malloc and should be freed
|
||||
@ -313,7 +313,7 @@ class ArrayBufferObject : public ArrayBufferObjectMaybeShared
|
||||
bool isAsmJSMalloced() const { return bufferKind() == ASMJS_MALLOCED; }
|
||||
bool isAsmJS() const { return isAsmJSMapped() || isAsmJSMalloced(); }
|
||||
bool isMapped() const { return bufferKind() == MAPPED; }
|
||||
bool isNeutered() const { return flags() & DETACHED; }
|
||||
bool isDetached() const { return flags() & DETACHED; }
|
||||
|
||||
static bool prepareForAsmJS(JSContext* cx, Handle<ArrayBufferObject*> buffer,
|
||||
bool usesSignalHandlers);
|
||||
@ -354,7 +354,7 @@ class ArrayBufferObject : public ArrayBufferObjectMaybeShared
|
||||
bool hasTypedObjectViews() const { return flags() & TYPED_OBJECT_VIEWS; }
|
||||
|
||||
void setIsAsmJSMalloced() { setFlags((flags() & ~KIND_MASK) | ASMJS_MALLOCED); }
|
||||
void setIsNeutered() { setFlags(flags() | DETACHED); }
|
||||
void setIsDetached() { setFlags(flags() | DETACHED); }
|
||||
|
||||
void initialize(size_t byteLength, BufferContents contents, OwnsState ownsState) {
|
||||
setByteLength(byteLength);
|
||||
|
@ -886,9 +886,9 @@ intrinsic_MoveTypedArrayElements(JSContext* cx, unsigned argc, Value* vp)
|
||||
|
||||
MOZ_ASSERT(count > 0,
|
||||
"don't call this method if copying no elements, because then "
|
||||
"the not-neutered requirement is wrong");
|
||||
"the not-detached requirement is wrong");
|
||||
|
||||
if (tarray->isNeutered() && tarray->hasBuffer()) {
|
||||
if (tarray->hasDetachedBuffer()) {
|
||||
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_BAD_ARGS);
|
||||
return false;
|
||||
}
|
||||
@ -970,8 +970,9 @@ intrinsic_SetFromTypedArrayApproach(JSContext* cx, unsigned argc, Value* vp)
|
||||
MOZ_ASSERT(args.length() == 4);
|
||||
|
||||
Rooted<TypedArrayObject*> target(cx, &args[0].toObject().as<TypedArrayObject>());
|
||||
MOZ_ASSERT(!target->hasBuffer() || !target->isNeutered(),
|
||||
"something should have defended against a neutered target");
|
||||
MOZ_ASSERT(!target->hasDetachedBuffer(),
|
||||
"something should have defended against a target viewing a "
|
||||
"detached buffer");
|
||||
|
||||
// As directed by |DangerouslyUnwrapTypedArray|, sigil this pointer and all
|
||||
// variables derived from it to counsel extreme caution here.
|
||||
@ -990,9 +991,7 @@ intrinsic_SetFromTypedArrayApproach(JSContext* cx, unsigned argc, Value* vp)
|
||||
// that might abort processing (other than for reason of internal error.)
|
||||
|
||||
// Steps 12-13.
|
||||
if (unsafeTypedArrayCrossCompartment->hasBuffer() &&
|
||||
unsafeTypedArrayCrossCompartment->isNeutered())
|
||||
{
|
||||
if (unsafeTypedArrayCrossCompartment->hasDetachedBuffer()) {
|
||||
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_DETACHED);
|
||||
return false;
|
||||
}
|
||||
@ -1216,9 +1215,9 @@ intrinsic_SetDisjointTypedElements(JSContext* cx, unsigned argc, Value* vp)
|
||||
MOZ_ASSERT(args.length() == 3);
|
||||
|
||||
Rooted<TypedArrayObject*> target(cx, &args[0].toObject().as<TypedArrayObject>());
|
||||
MOZ_ASSERT(!target->hasBuffer() || !target->isNeutered(),
|
||||
"a neutered typed array has no elements to set, so "
|
||||
"it's nonsensical to be setting them");
|
||||
MOZ_ASSERT(!target->hasDetachedBuffer(),
|
||||
"a typed array viewing a detached buffer has no elements to "
|
||||
"set, so it's nonsensical to be setting them");
|
||||
|
||||
uint32_t targetOffset = uint32_t(args[1].toInt32());
|
||||
|
||||
@ -1242,8 +1241,8 @@ intrinsic_SetOverlappingTypedElements(JSContext* cx, unsigned argc, Value* vp)
|
||||
MOZ_ASSERT(args.length() == 3);
|
||||
|
||||
Rooted<TypedArrayObject*> target(cx, &args[0].toObject().as<TypedArrayObject>());
|
||||
MOZ_ASSERT(!target->hasBuffer() || !target->isNeutered(),
|
||||
"shouldn't be setting elements if neutered");
|
||||
MOZ_ASSERT(!target->hasDetachedBuffer(),
|
||||
"shouldn't set elements if underlying buffer is detached");
|
||||
|
||||
uint32_t targetOffset = uint32_t(args[1].toInt32());
|
||||
|
||||
|
@ -399,7 +399,7 @@ class TypedArrayObjectTemplate : public TypedArrayObject
|
||||
uint32_t bufferByteLength = buffer->byteLength();
|
||||
// Unwraps are safe: both are for the pointer value.
|
||||
if (IsArrayBuffer(buffer.get())) {
|
||||
MOZ_ASSERT_IF(!AsArrayBuffer(buffer.get()).isNeutered(),
|
||||
MOZ_ASSERT_IF(!AsArrayBuffer(buffer.get()).isDetached(),
|
||||
buffer->dataPointerEither().unwrap(/*safe*/) <= obj->viewDataEither().unwrap(/*safe*/));
|
||||
}
|
||||
MOZ_ASSERT(bufferByteLength - arrayByteOffset >= arrayByteLength);
|
||||
@ -592,7 +592,7 @@ class TypedArrayObjectTemplate : public TypedArrayObject
|
||||
Rooted<ArrayBufferObjectMaybeShared*> buffer(cx);
|
||||
if (IsArrayBuffer(bufobj)) {
|
||||
ArrayBufferObject& buf = AsArrayBuffer(bufobj);
|
||||
if (buf.isNeutered()) {
|
||||
if (buf.isDetached()) {
|
||||
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_DETACHED);
|
||||
return nullptr;
|
||||
}
|
||||
@ -726,7 +726,7 @@ TypedArrayObjectTemplate<T>::fromArray(JSContext* cx, HandleObject other,
|
||||
if (!GetPrototypeForInstance(cx, newTarget, &proto))
|
||||
return nullptr;
|
||||
|
||||
if (other->as<TypedArrayObject>().isNeutered()) {
|
||||
if (other->as<TypedArrayObject>().hasDetachedBuffer()) {
|
||||
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_DETACHED);
|
||||
return nullptr;
|
||||
}
|
||||
@ -1109,7 +1109,7 @@ DataViewObject::getAndCheckConstructorArgs(JSContext* cx, JSObject* bufobj, cons
|
||||
}
|
||||
}
|
||||
|
||||
if (buffer->isNeutered()) {
|
||||
if (buffer->isDetached()) {
|
||||
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_DETACHED);
|
||||
return false;
|
||||
}
|
||||
@ -1360,7 +1360,7 @@ DataViewObject::read(JSContext* cx, Handle<DataViewObject*> obj,
|
||||
|
||||
bool fromLittleEndian = args.length() >= 2 && ToBoolean(args[1]);
|
||||
|
||||
if (obj->arrayBuffer().isNeutered()) {
|
||||
if (obj->arrayBuffer().isDetached()) {
|
||||
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_DETACHED);
|
||||
return false;
|
||||
}
|
||||
@ -1426,7 +1426,7 @@ DataViewObject::write(JSContext* cx, Handle<DataViewObject*> obj,
|
||||
|
||||
bool toLittleEndian = args.length() >= 3 && ToBoolean(args[2]);
|
||||
|
||||
if (obj->arrayBuffer().isNeutered()) {
|
||||
if (obj->arrayBuffer().isDetached()) {
|
||||
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_DETACHED);
|
||||
return false;
|
||||
}
|
||||
|
@ -207,8 +207,18 @@ class TypedArrayObject : public NativeObject
|
||||
return viewDataEither_();
|
||||
}
|
||||
|
||||
bool isNeutered() const {
|
||||
return !isSharedMemory() && bufferUnshared() && bufferUnshared()->isNeutered();
|
||||
bool hasDetachedBuffer() const {
|
||||
// Shared buffers can't be detached.
|
||||
if (isSharedMemory())
|
||||
return false;
|
||||
|
||||
// A typed array with a null buffer has never had its buffer exposed to
|
||||
// become detached.
|
||||
ArrayBufferObject* buffer = bufferUnshared();
|
||||
if (!buffer)
|
||||
return false;
|
||||
|
||||
return buffer->isDetached();
|
||||
}
|
||||
|
||||
private:
|
||||
|
Loading…
Reference in New Issue
Block a user