mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 979480 - Don't store array buffer contents in elements, r=sfink.
This commit is contained in:
parent
72868bca23
commit
ffc1a58e54
@ -3816,8 +3816,7 @@ nsXMLHttpRequestXPCOMifier::GetInterface(const nsIID & aIID, void **aResult)
|
||||
namespace mozilla {
|
||||
|
||||
ArrayBufferBuilder::ArrayBufferBuilder()
|
||||
: mRawContents(nullptr),
|
||||
mDataPtr(nullptr),
|
||||
: mDataPtr(nullptr),
|
||||
mCapacity(0),
|
||||
mLength(0)
|
||||
{
|
||||
@ -3831,20 +3830,22 @@ ArrayBufferBuilder::~ArrayBufferBuilder()
|
||||
void
|
||||
ArrayBufferBuilder::reset()
|
||||
{
|
||||
if (mRawContents) {
|
||||
JS_free(nullptr, mRawContents);
|
||||
if (mDataPtr) {
|
||||
JS_free(nullptr, mDataPtr);
|
||||
}
|
||||
mRawContents = mDataPtr = nullptr;
|
||||
mDataPtr = nullptr;
|
||||
mCapacity = mLength = 0;
|
||||
}
|
||||
|
||||
bool
|
||||
ArrayBufferBuilder::setCapacity(uint32_t aNewCap)
|
||||
{
|
||||
if (!JS_ReallocateArrayBufferContents(nullptr, aNewCap, &mRawContents, &mDataPtr)) {
|
||||
uint8_t *newdata = (uint8_t *) JS_ReallocateArrayBufferContents(nullptr, aNewCap, mDataPtr, mCapacity);
|
||||
if (!newdata) {
|
||||
return false;
|
||||
}
|
||||
|
||||
mDataPtr = newdata;
|
||||
mCapacity = aNewCap;
|
||||
if (mLength > aNewCap) {
|
||||
mLength = aNewCap;
|
||||
@ -3902,12 +3903,12 @@ ArrayBufferBuilder::getArrayBuffer(JSContext* aCx)
|
||||
}
|
||||
}
|
||||
|
||||
JSObject* obj = JS_NewArrayBufferWithContents(aCx, mRawContents);
|
||||
JSObject* obj = JS_NewArrayBufferWithContents(aCx, mLength, mDataPtr);
|
||||
if (!obj) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
mRawContents = mDataPtr = nullptr;
|
||||
mDataPtr = nullptr;
|
||||
mLength = mCapacity = 0;
|
||||
|
||||
return obj;
|
||||
|
@ -62,7 +62,6 @@ namespace mozilla {
|
||||
// or it can be reset explicitly at any point by calling reset().
|
||||
class ArrayBufferBuilder
|
||||
{
|
||||
void* mRawContents;
|
||||
uint8_t* mDataPtr;
|
||||
uint32_t mCapacity;
|
||||
uint32_t mLength;
|
||||
|
@ -198,12 +198,11 @@ StealJSArrayDataIntoThreadSharedFloatArrayBufferList(JSContext* aJSContext,
|
||||
for (uint32_t i = 0; i < aJSArrays.Length(); ++i) {
|
||||
JS::Rooted<JSObject*> arrayBuffer(aJSContext,
|
||||
JS_GetArrayBufferViewBuffer(aJSArrays[i]));
|
||||
void* dataToFree = nullptr;
|
||||
uint8_t* stolenData = nullptr;
|
||||
if (arrayBuffer &&
|
||||
JS_StealArrayBufferContents(aJSContext, arrayBuffer, &dataToFree,
|
||||
&stolenData)) {
|
||||
result->SetData(i, dataToFree, reinterpret_cast<float*>(stolenData));
|
||||
uint8_t* stolenData = arrayBuffer
|
||||
? (uint8_t*) JS_StealArrayBufferContents(aJSContext, arrayBuffer)
|
||||
: nullptr;
|
||||
if (stolenData) {
|
||||
result->SetData(i, stolenData, reinterpret_cast<float*>(stolenData));
|
||||
} else {
|
||||
return nullptr;
|
||||
}
|
||||
|
@ -1406,7 +1406,6 @@ TypedObject::createUnattachedWithClass(JSContext *cx,
|
||||
obj->initReservedSlot(JS_TYPEDOBJ_SLOT_BYTELENGTH, Int32Value(0));
|
||||
obj->initReservedSlot(JS_TYPEDOBJ_SLOT_OWNER, NullValue());
|
||||
obj->initReservedSlot(JS_TYPEDOBJ_SLOT_NEXT_VIEW, PrivateValue(nullptr));
|
||||
obj->initReservedSlot(JS_TYPEDOBJ_SLOT_NEXT_BUFFER, PrivateValue(UNSET_BUFFER_LINK));
|
||||
obj->initReservedSlot(JS_TYPEDOBJ_SLOT_LENGTH, Int32Value(length));
|
||||
obj->initReservedSlot(JS_TYPEDOBJ_SLOT_TYPE_DESCR, ObjectValue(*type));
|
||||
|
||||
@ -1508,7 +1507,7 @@ TypedObject::createZeroed(JSContext *cx,
|
||||
{
|
||||
size_t totalSize = descr->as<SizedTypeDescr>().size();
|
||||
Rooted<ArrayBufferObject*> buffer(cx);
|
||||
buffer = ArrayBufferObject::create(cx, totalSize, false);
|
||||
buffer = ArrayBufferObject::create(cx, totalSize);
|
||||
if (!buffer)
|
||||
return nullptr;
|
||||
typeRepr->asSized()->initInstance(cx->runtime(), buffer->dataPointer(), 1);
|
||||
@ -1529,7 +1528,7 @@ TypedObject::createZeroed(JSContext *cx,
|
||||
}
|
||||
|
||||
Rooted<ArrayBufferObject*> buffer(cx);
|
||||
buffer = ArrayBufferObject::create(cx, totalSize, false);
|
||||
buffer = ArrayBufferObject::create(cx, totalSize);
|
||||
if (!buffer)
|
||||
return nullptr;
|
||||
|
||||
@ -1723,11 +1722,10 @@ TypedObject::obj_defineElement(JSContext *cx, HandleObject obj, uint32_t index,
|
||||
PropertyOp getter, StrictPropertyOp setter, unsigned attrs)
|
||||
{
|
||||
AutoRooterGetterSetter gsRoot(cx, attrs, &getter, &setter);
|
||||
|
||||
RootedObject delegate(cx, ArrayBufferDelegate(cx, obj));
|
||||
if (!delegate)
|
||||
Rooted<jsid> id(cx);
|
||||
if (!IndexToId(cx, index, &id))
|
||||
return false;
|
||||
return baseops::DefineElement(cx, delegate, index, v, getter, setter, attrs);
|
||||
return obj_defineGeneric(cx, obj, id, v, getter, setter, attrs);
|
||||
}
|
||||
|
||||
bool
|
||||
|
@ -109,15 +109,14 @@
|
||||
#define JS_TYPEDOBJ_SLOT_BYTELENGTH 1
|
||||
#define JS_TYPEDOBJ_SLOT_OWNER 2
|
||||
#define JS_TYPEDOBJ_SLOT_NEXT_VIEW 3
|
||||
#define JS_TYPEDOBJ_SLOT_NEXT_BUFFER 4
|
||||
|
||||
#define JS_DATAVIEW_SLOTS 5 // Number of slots for data views
|
||||
#define JS_DATAVIEW_SLOTS 4 // Number of slots for data views
|
||||
|
||||
#define JS_TYPEDOBJ_SLOT_LENGTH 5 // Length of array (see (*) below)
|
||||
#define JS_TYPEDOBJ_SLOT_TYPE_DESCR 6 // For typed objects, type descr
|
||||
#define JS_TYPEDOBJ_SLOT_LENGTH 4 // Length of array (see (*) below)
|
||||
#define JS_TYPEDOBJ_SLOT_TYPE_DESCR 5 // For typed objects, type descr
|
||||
|
||||
#define JS_TYPEDOBJ_SLOT_DATA 7 // private slot, based on alloc kind
|
||||
#define JS_TYPEDOBJ_SLOTS 7 // Number of slots for typed objs
|
||||
#define JS_TYPEDOBJ_SLOTS 6 // Number of slots for typed objs
|
||||
|
||||
// (*) The JS_TYPEDOBJ_SLOT_LENGTH slot stores the length for typed objects of
|
||||
// sized and unsized array type. The slot contains 0 for non-arrays.
|
||||
|
@ -277,24 +277,6 @@ js::Nursery::notifyInitialSlots(Cell *cell, HeapSlot *slots)
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
js::Nursery::notifyNewElements(gc::Cell *cell, ObjectElements *elements)
|
||||
{
|
||||
JS_ASSERT(!isInside(elements));
|
||||
notifyInitialSlots(cell, reinterpret_cast<HeapSlot *>(elements));
|
||||
}
|
||||
|
||||
void
|
||||
js::Nursery::notifyRemovedElements(gc::Cell *cell, ObjectElements *oldElements)
|
||||
{
|
||||
JS_ASSERT(cell);
|
||||
JS_ASSERT(oldElements);
|
||||
JS_ASSERT(!isInside(oldElements));
|
||||
|
||||
if (isInside(cell))
|
||||
hugeSlots.remove(reinterpret_cast<HeapSlot *>(oldElements));
|
||||
}
|
||||
|
||||
namespace js {
|
||||
namespace gc {
|
||||
|
||||
@ -619,25 +601,6 @@ js::Nursery::moveElementsToTenured(JSObject *dst, JSObject *src, AllocKind dstKi
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* ArrayBuffer stores byte-length, not Value count. */
|
||||
if (src->is<ArrayBufferObject>()) {
|
||||
size_t nbytes;
|
||||
if (src->hasDynamicElements()) {
|
||||
nbytes = sizeof(ObjectElements) + srcHeader->initializedLength;
|
||||
dstHeader = static_cast<ObjectElements *>(zone->malloc_(nbytes));
|
||||
if (!dstHeader)
|
||||
CrashAtUnhandlableOOM("Failed to allocate array buffer elements while tenuring.");
|
||||
} else {
|
||||
dst->setFixedElements();
|
||||
nbytes = GetGCKindSlots(dst->tenuredGetAllocKind()) * sizeof(HeapSlot);
|
||||
dstHeader = dst->getElementsHeader();
|
||||
}
|
||||
js_memcpy(dstHeader, srcHeader, nbytes);
|
||||
setElementsForwardingPointer(srcHeader, dstHeader, nbytes / sizeof(HeapSlot));
|
||||
dst->elements = dstHeader->elements();
|
||||
return src->hasDynamicElements() ? nbytes : 0;
|
||||
}
|
||||
|
||||
size_t nslots = ObjectElements::VALUES_PER_HEADER + srcHeader->capacity;
|
||||
|
||||
/* Unlike other objects, Arrays can have fixed elements. */
|
||||
@ -783,7 +746,7 @@ js::Nursery::collect(JSRuntime *rt, JS::gcreason::Reason reason, TypeObjectList
|
||||
// Update the array buffer object's view lists.
|
||||
TIME_START(sweepArrayBufferViewList);
|
||||
for (CompartmentsIter c(rt, SkipAtoms); !c.done(); c.next()) {
|
||||
if (c->gcLiveArrayBuffers)
|
||||
if (!c->gcLiveArrayBuffers.empty())
|
||||
ArrayBufferObject::sweep(c);
|
||||
}
|
||||
TIME_END(sweepArrayBufferViewList);
|
||||
|
@ -104,12 +104,6 @@ class Nursery
|
||||
/* Add a slots to our tracking list if it is out-of-line. */
|
||||
void notifyInitialSlots(gc::Cell *cell, HeapSlot *slots);
|
||||
|
||||
/* Add elements to our tracking list if it is out-of-line. */
|
||||
void notifyNewElements(gc::Cell *cell, ObjectElements *elements);
|
||||
|
||||
/* Remove elements to our tracking list if it is out-of-line. */
|
||||
void notifyRemovedElements(gc::Cell *cell, ObjectElements *oldElements);
|
||||
|
||||
typedef Vector<types::TypeObject *, 0, SystemAllocPolicy> TypeObjectList;
|
||||
|
||||
/*
|
||||
|
@ -51,8 +51,7 @@ BEGIN_TEST(testArrayBuffer_bug720949_steal)
|
||||
CHECK_SAME(v, INT_TO_JSVAL(MAGIC_VALUE_2));
|
||||
|
||||
// Steal the contents
|
||||
void *contents;
|
||||
CHECK(JS_StealArrayBufferContents(cx, obj, &contents, &data));
|
||||
void *contents = JS_StealArrayBufferContents(cx, obj);
|
||||
CHECK(contents != nullptr);
|
||||
CHECK(data != nullptr);
|
||||
|
||||
@ -72,7 +71,7 @@ BEGIN_TEST(testArrayBuffer_bug720949_steal)
|
||||
CHECK_SAME(v, JSVAL_VOID);
|
||||
|
||||
// Transfer to a new ArrayBuffer
|
||||
JS::RootedObject dst(cx, JS_NewArrayBufferWithContents(cx, contents));
|
||||
JS::RootedObject dst(cx, JS_NewArrayBufferWithContents(cx, size, contents));
|
||||
CHECK(JS_IsArrayBufferObject(dst));
|
||||
data = JS_GetStableArrayBufferData(cx, obj);
|
||||
|
||||
@ -105,11 +104,8 @@ BEGIN_TEST(testArrayBuffer_bug720949_viewList)
|
||||
{
|
||||
buffer = JS_NewArrayBuffer(cx, 2000);
|
||||
JS::RootedObject view(cx, JS_NewUint8ArrayWithBuffer(cx, buffer, 0, -1));
|
||||
void *contents;
|
||||
uint8_t *data;
|
||||
CHECK(JS_StealArrayBufferContents(cx, buffer, &contents, &data));
|
||||
void *contents = JS_StealArrayBufferContents(cx, buffer);
|
||||
CHECK(contents != nullptr);
|
||||
CHECK(data != nullptr);
|
||||
JS_free(nullptr, contents);
|
||||
GC(cx);
|
||||
CHECK(isNeutered(view));
|
||||
@ -133,11 +129,8 @@ BEGIN_TEST(testArrayBuffer_bug720949_viewList)
|
||||
view2 = JS_NewUint8ArrayWithBuffer(cx, buffer, 1, 200);
|
||||
|
||||
// Neuter
|
||||
void *contents;
|
||||
uint8_t *data;
|
||||
CHECK(JS_StealArrayBufferContents(cx, buffer, &contents, &data));
|
||||
void *contents = JS_StealArrayBufferContents(cx, buffer);
|
||||
CHECK(contents != nullptr);
|
||||
CHECK(data != nullptr);
|
||||
JS_free(nullptr, contents);
|
||||
|
||||
CHECK(isNeutered(view1));
|
||||
|
@ -64,11 +64,11 @@ BEGIN_TEST(testMappedArrayBuffer_bug945152)
|
||||
JSObject *CreateNewObject(const int offset, const int length)
|
||||
{
|
||||
int fd = open(test_filename, O_RDONLY);
|
||||
void *ptr;
|
||||
int new_fd;
|
||||
if (!JS_CreateMappedArrayBufferContents(fd, &new_fd, offset, length, &ptr))
|
||||
void *ptr = JS_CreateMappedArrayBufferContents(fd, &new_fd, offset, length);
|
||||
if (!ptr)
|
||||
return nullptr;
|
||||
JSObject *obj = JS_NewArrayBufferWithContents(cx, ptr);
|
||||
JSObject *obj = JS_NewArrayBufferWithContents(cx, length, ptr, /* mapped = */ true);
|
||||
close(fd);
|
||||
|
||||
return obj;
|
||||
@ -109,9 +109,9 @@ bool TestCreateObject(const int offset, const int length)
|
||||
bool TestReleaseContents()
|
||||
{
|
||||
int fd = open(test_filename, O_RDONLY);
|
||||
void *ptr;
|
||||
int new_fd;
|
||||
if (!JS_CreateMappedArrayBufferContents(fd, &new_fd, 0, 12, &ptr))
|
||||
void *ptr = JS_CreateMappedArrayBufferContents(fd, &new_fd, 0, 12);
|
||||
if (!ptr)
|
||||
return false;
|
||||
CHECK(fd_is_valid(new_fd));
|
||||
JS_ReleaseMappedArrayBufferContents(new_fd, ptr, 12);
|
||||
|
@ -3119,47 +3119,39 @@ JS_PUBLIC_API(void)
|
||||
JS_SetAllNonReservedSlotsToUndefined(JSContext *cx, JSObject *objArg);
|
||||
|
||||
/*
|
||||
* Create a new array buffer with the given contents, which must have been
|
||||
* returned by JS_AllocateArrayBufferContents or JS_StealArrayBufferContents.
|
||||
* The new array buffer takes ownership. After calling this function, do not
|
||||
* free |contents| or use |contents| from another thread.
|
||||
* Create a new array buffer with the given contents. The new array buffer
|
||||
* takes ownership: after calling this function, do not free |contents| or use
|
||||
* |contents| from another thread. |mapped| indicates whether the contents were
|
||||
* created using JS_CreateMappedArrayBufferContents.
|
||||
*/
|
||||
extern JS_PUBLIC_API(JSObject *)
|
||||
JS_NewArrayBufferWithContents(JSContext *cx, void *contents);
|
||||
JS_NewArrayBufferWithContents(JSContext *cx, size_t nbytes, void *contents, bool mapped = false);
|
||||
|
||||
/*
|
||||
* Steal the contents of the given array buffer. The array buffer has its
|
||||
* length set to 0 and its contents array cleared. The caller takes ownership
|
||||
* of |*contents| and must free it or transfer ownership via
|
||||
* of the return value and must free it or transfer ownership via
|
||||
* JS_NewArrayBufferWithContents when done using it.
|
||||
* To free |*contents|, call free().
|
||||
* A pointer to the buffer's data is returned in |*data|. This pointer can
|
||||
* be used until |*contents| is freed or has its ownership transferred.
|
||||
*/
|
||||
extern JS_PUBLIC_API(bool)
|
||||
JS_StealArrayBufferContents(JSContext *cx, JS::HandleObject obj, void **contents, uint8_t **data);
|
||||
extern JS_PUBLIC_API(void *)
|
||||
JS_StealArrayBufferContents(JSContext *cx, JS::HandleObject obj);
|
||||
|
||||
/*
|
||||
* Allocate memory that may be eventually passed to
|
||||
* JS_NewArrayBufferWithContents. |maybecx| is optional; if a non-nullptr cx is
|
||||
* given, it will be used for memory accounting and OOM reporting. |nbytes| is
|
||||
* the number of payload bytes required. The pointer to pass to
|
||||
* JS_NewArrayBufferWithContents is returned in |contents|. The pointer to the
|
||||
* |nbytes| of usable memory is returned in |data|. (*|contents| will contain a
|
||||
* header before |data|.) The only legal operations on *|contents| are to pass
|
||||
* it to either JS_NewArrayBufferWithContents or
|
||||
* JS_ReallocateArrayBufferContents, or free it with js_free or JS_free.
|
||||
* the number of payload bytes required.
|
||||
*/
|
||||
extern JS_PUBLIC_API(bool)
|
||||
JS_AllocateArrayBufferContents(JSContext *maybecx, uint32_t nbytes, void **contents, uint8_t **data);
|
||||
extern JS_PUBLIC_API(void *)
|
||||
JS_AllocateArrayBufferContents(JSContext *maybecx, uint32_t nbytes);
|
||||
|
||||
/*
|
||||
* Reallocate memory allocated by JS_AllocateArrayBufferContents, growing or
|
||||
* shrinking it as appropriate. The new data pointer will be returned in data.
|
||||
* If *contents is nullptr, behaves like JS_AllocateArrayBufferContents.
|
||||
* shrinking it as appropriate. If oldContents is null then this behaves like
|
||||
* JS_AllocateArrayBufferContents.
|
||||
*/
|
||||
extern JS_PUBLIC_API(bool)
|
||||
JS_ReallocateArrayBufferContents(JSContext *cx, uint32_t nbytes, void **contents, uint8_t **data);
|
||||
extern JS_PUBLIC_API(void *)
|
||||
JS_ReallocateArrayBufferContents(JSContext *cx, uint32_t nbytes, void *oldContents, uint32_t oldNbytes);
|
||||
|
||||
/*
|
||||
* Create memory mapped array buffer contents.
|
||||
@ -3167,9 +3159,8 @@ JS_ReallocateArrayBufferContents(JSContext *cx, uint32_t nbytes, void **contents
|
||||
* take care of closing fd after calling this function.
|
||||
* A new duplicated fd used by the mapping is returned in new_fd.
|
||||
*/
|
||||
extern JS_PUBLIC_API(bool)
|
||||
JS_CreateMappedArrayBufferContents(int fd, int *new_fd, size_t offset,
|
||||
size_t length, void **contents);
|
||||
extern JS_PUBLIC_API(void *)
|
||||
JS_CreateMappedArrayBufferContents(int fd, int *new_fd, size_t offset, size_t length);
|
||||
|
||||
/*
|
||||
* Release the allocated resource of mapped array buffer contents before the
|
||||
|
@ -58,7 +58,6 @@ JSCompartment::JSCompartment(Zone *zone, const JS::CompartmentOptions &options =
|
||||
propertyTree(thisForCtor()),
|
||||
selfHostingScriptSource(nullptr),
|
||||
gcIncomingGrayPointers(nullptr),
|
||||
gcLiveArrayBuffers(nullptr),
|
||||
gcWeakMapList(nullptr),
|
||||
debugModeBits(runtime_->debugMode ? DebugFromC : 0),
|
||||
rngState(0),
|
||||
|
@ -280,8 +280,8 @@ struct JSCompartment
|
||||
*/
|
||||
JSObject *gcIncomingGrayPointers;
|
||||
|
||||
/* Linked list of live array buffers with >1 view. */
|
||||
js::ArrayBufferObject *gcLiveArrayBuffers;
|
||||
/* During GC, list of live array buffers with >1 view accumulated during tracing. */
|
||||
js::ArrayBufferVector gcLiveArrayBuffers;
|
||||
|
||||
/* Linked list of live weakmaps in this compartment. */
|
||||
js::WeakMapBase *gcWeakMapList;
|
||||
|
@ -3001,7 +3001,7 @@ BeginMarkPhase(JSRuntime *rt)
|
||||
}
|
||||
|
||||
for (CompartmentsIter c(rt, WithAtoms); !c.done(); c.next()) {
|
||||
JS_ASSERT(!c->gcLiveArrayBuffers);
|
||||
JS_ASSERT(c->gcLiveArrayBuffers.empty());
|
||||
c->marked = false;
|
||||
if (ShouldPreserveJITCode(c, currentTime))
|
||||
c->zone()->setPreservingCode(true);
|
||||
@ -4253,7 +4253,7 @@ EndSweepPhase(JSRuntime *rt, JSGCInvocationKind gckind, bool lastGC)
|
||||
#ifdef DEBUG
|
||||
for (CompartmentsIter c(rt, SkipAtoms); !c.done(); c.next()) {
|
||||
JS_ASSERT(!c->gcIncomingGrayPointers);
|
||||
JS_ASSERT(!c->gcLiveArrayBuffers);
|
||||
JS_ASSERT(c->gcLiveArrayBuffers.empty());
|
||||
|
||||
for (JSCompartment::WrapperEnum e(c); !e.empty(); e.popFront()) {
|
||||
if (e.front().key().kind != CrossCompartmentKey::StringWrapper)
|
||||
@ -4468,7 +4468,7 @@ ResetIncrementalGC(JSRuntime *rt, const char *reason)
|
||||
|
||||
#ifdef DEBUG
|
||||
for (CompartmentsIter c(rt, SkipAtoms); !c.done(); c.next())
|
||||
JS_ASSERT(!c->gcLiveArrayBuffers);
|
||||
JS_ASSERT(c->gcLiveArrayBuffers.empty());
|
||||
|
||||
for (ZonesIter zone(rt, WithAtoms); !zone.done(); zone.next()) {
|
||||
JS_ASSERT(!zone->needsBarrier());
|
||||
|
@ -5900,19 +5900,7 @@ JSObject::addSizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf, JS::Objects
|
||||
|
||||
if (hasDynamicElements()) {
|
||||
js::ObjectElements *elements = getElementsHeader();
|
||||
if (MOZ_UNLIKELY(elements->isAsmJSArrayBuffer())) {
|
||||
#if defined (JS_CPU_X64)
|
||||
// On x64, ArrayBufferObject::prepareForAsmJS switches the
|
||||
// ArrayBufferObject to use mmap'd storage.
|
||||
sizes->nonHeapElementsAsmJS += as<ArrayBufferObject>().byteLength();
|
||||
#else
|
||||
sizes->mallocHeapElementsAsmJS += mallocSizeOf(elements);
|
||||
#endif
|
||||
} else if (MOZ_UNLIKELY(elements->isMappedArrayBuffer())) {
|
||||
sizes->nonHeapElementsMapped += as<ArrayBufferObject>().byteLength();
|
||||
} else {
|
||||
sizes->mallocHeapElementsNonAsmJS += mallocSizeOf(elements);
|
||||
}
|
||||
sizes->mallocHeapElementsNonAsmJS += mallocSizeOf(elements);
|
||||
}
|
||||
|
||||
// Other things may be measured in the future if DMD indicates it is worthwhile.
|
||||
@ -5939,6 +5927,8 @@ JSObject::addSizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf, JS::Objects
|
||||
sizes->mallocHeapRegExpStatics += as<RegExpStaticsObject>().sizeOfData(mallocSizeOf);
|
||||
} else if (is<PropertyIteratorObject>()) {
|
||||
sizes->mallocHeapPropertyIteratorData += as<PropertyIteratorObject>().sizeOfMisc(mallocSizeOf);
|
||||
} else if (is<ArrayBufferObject>() || is<SharedArrayBufferObject>()) {
|
||||
ArrayBufferObject::addSizeOfExcludingThis(this, mallocSizeOf, sizes);
|
||||
#ifdef JS_ION
|
||||
} else if (is<AsmJSModuleObject>()) {
|
||||
as<AsmJSModuleObject>().addSizeOfMisc(mallocSizeOf, &sizes->nonHeapCodeAsmJS,
|
||||
|
@ -538,7 +538,7 @@ JSObject::create(js::ExclusiveContext *cx, js::gc::AllocKind kind, js::gc::Initi
|
||||
obj->privateRef(shape->numFixedSlots()) = nullptr;
|
||||
|
||||
size_t span = shape->slotSpan();
|
||||
if (span && clasp != &js::ArrayBufferObject::class_)
|
||||
if (span)
|
||||
obj->initializeSlotRange(0, span);
|
||||
|
||||
return obj;
|
||||
@ -584,14 +584,10 @@ JSObject::finish(js::FreeOp *fop)
|
||||
{
|
||||
if (hasDynamicSlots())
|
||||
fop->free_(slots);
|
||||
|
||||
if (hasDynamicElements()) {
|
||||
js::ObjectElements *elements = getElementsHeader();
|
||||
if (MOZ_UNLIKELY(elements->isAsmJSArrayBuffer()))
|
||||
js::ArrayBufferObject::releaseAsmJSArrayBuffer(fop, this);
|
||||
else if (MOZ_UNLIKELY(elements->isMappedArrayBuffer()))
|
||||
js::ArrayBufferObject::releaseMappedArrayBuffer(fop, this);
|
||||
else
|
||||
fop->free_(elements);
|
||||
fop->free_(elements);
|
||||
}
|
||||
}
|
||||
|
||||
@ -954,6 +950,17 @@ NewBuiltinClassInstance(ExclusiveContext *cx, NewObjectKind newKind = GenericObj
|
||||
return &obj->as<T>();
|
||||
}
|
||||
|
||||
template<typename T>
|
||||
inline T *
|
||||
NewBuiltinClassInstance(ExclusiveContext *cx, gc::AllocKind allocKind, NewObjectKind newKind = GenericObject)
|
||||
{
|
||||
JSObject *obj = NewBuiltinClassInstance(cx, &T::class_, allocKind, newKind);
|
||||
if (!obj)
|
||||
return nullptr;
|
||||
|
||||
return &obj->as<T>();
|
||||
}
|
||||
|
||||
// Used to optimize calls to (new Object())
|
||||
bool
|
||||
NewObjectScriptedCall(JSContext *cx, MutableHandleObject obj);
|
||||
|
@ -1025,7 +1025,6 @@ CacheEntry_setBytecode(JSContext *cx, HandleObject cache, uint8_t *buffer, uint3
|
||||
if (!arrayBuffer || !ArrayBufferObject::ensureNonInline(cx, arrayBuffer))
|
||||
return false;
|
||||
|
||||
memcpy(arrayBuffer->dataPointer(), buffer, length);
|
||||
SetReservedSlot(cache, CacheEntry_BYTECODE, OBJECT_TO_JSVAL(arrayBuffer));
|
||||
return true;
|
||||
}
|
||||
@ -1284,6 +1283,8 @@ Evaluate(JSContext *cx, unsigned argc, jsval *vp)
|
||||
|
||||
if (!CacheEntry_setBytecode(cx, cacheEntry, saveBuffer, saveLength))
|
||||
return false;
|
||||
|
||||
saveBuffer.forget();
|
||||
}
|
||||
|
||||
return JS_WrapValue(cx, args.rval());
|
||||
@ -6220,6 +6221,11 @@ main(int argc, char **argv, char **envp)
|
||||
PR_JoinThread(workerThreads[i]);
|
||||
#endif
|
||||
|
||||
#ifdef JSGC_GENERATIONAL
|
||||
if (!noggc.empty())
|
||||
noggc.destroy();
|
||||
#endif
|
||||
|
||||
JS_DestroyRuntime(rt);
|
||||
JS_ShutDown();
|
||||
return result;
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -23,6 +23,11 @@ struct MappingInfoHeader
|
||||
{
|
||||
uint32_t fd;
|
||||
uint32_t offset;
|
||||
|
||||
void init(uint32_t fd, uint32_t offset) {
|
||||
this->fd = fd;
|
||||
this->offset = offset;
|
||||
}
|
||||
};
|
||||
|
||||
// The inheritance hierarchy for the various classes relating to typed arrays
|
||||
@ -60,6 +65,13 @@ class ArrayBufferObject : public JSObject
|
||||
static bool fun_slice_impl(JSContext *cx, CallArgs args);
|
||||
|
||||
public:
|
||||
static const uint8_t DATA_SLOT = 0;
|
||||
static const uint8_t BYTE_LENGTH_SLOT = 1;
|
||||
static const uint8_t VIEW_LIST_SLOT = 2;
|
||||
static const uint8_t FLAGS_SLOT = 3;
|
||||
|
||||
static const uint8_t RESERVED_SLOTS = 4;
|
||||
|
||||
static const Class class_;
|
||||
|
||||
static const Class protoClass;
|
||||
@ -74,8 +86,9 @@ class ArrayBufferObject : public JSObject
|
||||
|
||||
static bool class_constructor(JSContext *cx, unsigned argc, Value *vp);
|
||||
|
||||
static ArrayBufferObject *create(JSContext *cx, uint32_t nbytes, bool clear = true,
|
||||
NewObjectKind newKind = GenericObject);
|
||||
static ArrayBufferObject *create(JSContext *cx, uint32_t nbytes, void *contents = nullptr,
|
||||
NewObjectKind newKind = GenericObject,
|
||||
bool mapped = false);
|
||||
|
||||
static JSObject *createSlice(JSContext *cx, Handle<ArrayBufferObject*> arrayBuffer,
|
||||
uint32_t begin, uint32_t end);
|
||||
@ -91,106 +104,28 @@ class ArrayBufferObject : public JSObject
|
||||
|
||||
static void obj_trace(JSTracer *trc, JSObject *obj);
|
||||
|
||||
static bool obj_lookupGeneric(JSContext *cx, HandleObject obj, HandleId id,
|
||||
MutableHandleObject objp, MutableHandleShape propp);
|
||||
static bool obj_lookupProperty(JSContext *cx, HandleObject obj, HandlePropertyName name,
|
||||
MutableHandleObject objp, MutableHandleShape propp);
|
||||
static bool obj_lookupElement(JSContext *cx, HandleObject obj, uint32_t index,
|
||||
MutableHandleObject objp, MutableHandleShape propp);
|
||||
|
||||
static bool obj_defineGeneric(JSContext *cx, HandleObject obj, HandleId id, HandleValue v,
|
||||
PropertyOp getter, StrictPropertyOp setter, unsigned attrs);
|
||||
static bool obj_defineProperty(JSContext *cx, HandleObject obj,
|
||||
HandlePropertyName name, HandleValue v,
|
||||
PropertyOp getter, StrictPropertyOp setter, unsigned attrs);
|
||||
static bool obj_defineElement(JSContext *cx, HandleObject obj, uint32_t index, HandleValue v,
|
||||
PropertyOp getter, StrictPropertyOp setter, unsigned attrs);
|
||||
|
||||
static bool obj_getGeneric(JSContext *cx, HandleObject obj, HandleObject receiver,
|
||||
HandleId id, MutableHandleValue vp);
|
||||
static bool obj_getProperty(JSContext *cx, HandleObject obj, HandleObject receiver,
|
||||
HandlePropertyName name, MutableHandleValue vp);
|
||||
static bool obj_getElement(JSContext *cx, HandleObject obj, HandleObject receiver,
|
||||
uint32_t index, MutableHandleValue vp);
|
||||
|
||||
static bool obj_setGeneric(JSContext *cx, HandleObject obj, HandleId id,
|
||||
MutableHandleValue vp, bool strict);
|
||||
static bool obj_setProperty(JSContext *cx, HandleObject obj, HandlePropertyName name,
|
||||
MutableHandleValue vp, bool strict);
|
||||
static bool obj_setElement(JSContext *cx, HandleObject obj, uint32_t index,
|
||||
MutableHandleValue vp, bool strict);
|
||||
|
||||
static bool obj_getGenericAttributes(JSContext *cx, HandleObject obj,
|
||||
HandleId id, unsigned *attrsp);
|
||||
static bool obj_setGenericAttributes(JSContext *cx, HandleObject obj,
|
||||
HandleId id, unsigned *attrsp);
|
||||
|
||||
static bool obj_deleteProperty(JSContext *cx, HandleObject obj, HandlePropertyName name,
|
||||
bool *succeeded);
|
||||
static bool obj_deleteElement(JSContext *cx, HandleObject obj, uint32_t index,
|
||||
bool *succeeded);
|
||||
|
||||
static bool obj_enumerate(JSContext *cx, HandleObject obj, JSIterateOp enum_op,
|
||||
MutableHandleValue statep, MutableHandleId idp);
|
||||
|
||||
static void sweep(JSCompartment *rt);
|
||||
|
||||
static void resetArrayBufferList(JSCompartment *rt);
|
||||
static bool saveArrayBufferList(JSCompartment *c, ArrayBufferVector &vector);
|
||||
static void restoreArrayBufferLists(ArrayBufferVector &vector);
|
||||
|
||||
static bool stealContents(JSContext *cx, Handle<ArrayBufferObject*> buffer, void **contents,
|
||||
uint8_t **data);
|
||||
static void *stealContents(JSContext *cx, Handle<ArrayBufferObject*> buffer);
|
||||
|
||||
static void updateElementsHeader(js::ObjectElements *header, uint32_t bytes) {
|
||||
header->initializedLength = bytes;
|
||||
static void addSizeOfExcludingThis(JSObject *obj, mozilla::MallocSizeOf mallocSizeOf,
|
||||
JS::ObjectsExtraSizes *sizes);
|
||||
|
||||
// NB: one or both of these fields is clobbered by GetViewList to store
|
||||
// the 'views' link. Set them to 0 to effectively initialize 'views'
|
||||
// to nullptr.
|
||||
header->length = 0;
|
||||
header->capacity = 0;
|
||||
MappingInfoHeader *getMappingInfoHeader() const {
|
||||
JS_ASSERT(isMappedArrayBuffer());
|
||||
return reinterpret_cast<MappingInfoHeader *>(dataPointer() - sizeof(MappingInfoHeader));
|
||||
}
|
||||
|
||||
static void initElementsHeader(js::ObjectElements *header, uint32_t bytes) {
|
||||
header->flags = 0;
|
||||
updateElementsHeader(header, bytes);
|
||||
}
|
||||
|
||||
static void initMappedElementsHeader(js::ObjectElements *header, uint32_t fd,
|
||||
uint32_t offset, uint32_t bytes) {
|
||||
initElementsHeader(header, bytes);
|
||||
header->setIsMappedArrayBuffer();
|
||||
MappingInfoHeader *mh = getMappingInfoHeader(header);
|
||||
mh->fd = fd;
|
||||
mh->offset = offset;
|
||||
}
|
||||
|
||||
static MappingInfoHeader *getMappingInfoHeader(js::ObjectElements *header) {
|
||||
MOZ_ASSERT(header->isMappedArrayBuffer());
|
||||
return reinterpret_cast<MappingInfoHeader *>(uintptr_t(header) -
|
||||
sizeof(MappingInfoHeader));
|
||||
}
|
||||
|
||||
uint32_t getMappingFD() {
|
||||
MOZ_ASSERT(getElementsHeader()->isMappedArrayBuffer());
|
||||
MappingInfoHeader *mh = getMappingInfoHeader(getElementsHeader());
|
||||
return mh->fd;
|
||||
}
|
||||
|
||||
uint32_t getMappingOffset() const {
|
||||
MOZ_ASSERT(getElementsHeader()->isMappedArrayBuffer());
|
||||
MappingInfoHeader *mh = getMappingInfoHeader(getElementsHeader());
|
||||
return mh->offset;
|
||||
}
|
||||
|
||||
static uint32_t headerInitializedLength(const js::ObjectElements *header) {
|
||||
return header->initializedLength;
|
||||
}
|
||||
uint32_t getMappingFD() const { return getMappingInfoHeader()->fd; }
|
||||
uint32_t getMappingOffset() const { return getMappingInfoHeader()->offset; }
|
||||
|
||||
void addView(ArrayBufferViewObject *view);
|
||||
|
||||
void changeContents(JSContext *cx, ObjectElements *newHeader);
|
||||
void changeContents(JSContext *cx, void *newData);
|
||||
|
||||
/*
|
||||
* Ensure data is not stored inline in the object. Used when handing back a
|
||||
@ -198,22 +133,15 @@ class ArrayBufferObject : public JSObject
|
||||
*/
|
||||
static bool ensureNonInline(JSContext *cx, Handle<ArrayBufferObject*> buffer);
|
||||
|
||||
uint32_t byteLength() const {
|
||||
return getElementsHeader()->initializedLength;
|
||||
}
|
||||
bool canNeuter(JSContext *cx);
|
||||
|
||||
/*
|
||||
* Neuter all views of an ArrayBuffer.
|
||||
*/
|
||||
static bool neuterViews(JSContext *cx, Handle<ArrayBufferObject*> buffer);
|
||||
/* Neuter this buffer and all its views. */
|
||||
static void neuter(JSContext *cx, Handle<ArrayBufferObject*> buffer);
|
||||
|
||||
uint8_t * dataPointer() const;
|
||||
uint8_t *dataPointer() const;
|
||||
size_t byteLength() const;
|
||||
|
||||
/*
|
||||
* Discard the ArrayBuffer contents. For asm.js buffers, at least, should
|
||||
* be called after neuterViews().
|
||||
*/
|
||||
void neuter(JSContext *cx);
|
||||
void releaseData(FreeOp *fop);
|
||||
|
||||
/*
|
||||
* Check if the arrayBuffer contains any data. This will return false for
|
||||
@ -223,28 +151,74 @@ class ArrayBufferObject : public JSObject
|
||||
return getClass() == &class_;
|
||||
}
|
||||
|
||||
bool isSharedArrayBuffer() const {
|
||||
return getElementsHeader()->isSharedArrayBuffer();
|
||||
}
|
||||
bool isAsmJSArrayBuffer() const { return flags() & ASMJS_BUFFER; }
|
||||
bool isSharedArrayBuffer() const { return flags() & SHARED_BUFFER; }
|
||||
bool isMappedArrayBuffer() const { return flags() & MAPPED_BUFFER; }
|
||||
bool isNeutered() const { return flags() & NEUTERED_BUFFER; }
|
||||
|
||||
bool isAsmJSArrayBuffer() const {
|
||||
return getElementsHeader()->isAsmJSArrayBuffer();
|
||||
}
|
||||
bool isNeutered() const {
|
||||
return getElementsHeader()->isNeuteredBuffer();
|
||||
}
|
||||
static bool prepareForAsmJS(JSContext *cx, Handle<ArrayBufferObject*> buffer);
|
||||
static bool neuterAsmJSArrayBuffer(JSContext *cx, ArrayBufferObject &buffer);
|
||||
static void releaseAsmJSArrayBuffer(FreeOp *fop, JSObject *obj);
|
||||
static bool canNeuterAsmJSArrayBuffer(JSContext *cx, ArrayBufferObject &buffer);
|
||||
|
||||
static void finalize(FreeOp *fop, JSObject *obj);
|
||||
|
||||
bool isMappedArrayBuffer() const {
|
||||
return getElementsHeader()->isMappedArrayBuffer();
|
||||
}
|
||||
void setIsMappedArrayBuffer() {
|
||||
getElementsHeader()->setIsMappedArrayBuffer();
|
||||
}
|
||||
static void *createMappedArrayBuffer(int fd, int *new_fd, size_t offset, size_t length);
|
||||
static void releaseMappedArrayBuffer(FreeOp *fop, JSObject *obj);
|
||||
|
||||
protected:
|
||||
enum OwnsState {
|
||||
DoesntOwnData = 0,
|
||||
OwnsData = 1,
|
||||
};
|
||||
|
||||
void setDataPointer(void *data, OwnsState ownsState);
|
||||
void setByteLength(size_t length);
|
||||
|
||||
ArrayBufferViewObject *viewList() const;
|
||||
void setViewList(ArrayBufferViewObject *viewsHead);
|
||||
void setViewListNoBarrier(ArrayBufferViewObject *viewsHead);
|
||||
|
||||
enum ArrayBufferFlags {
|
||||
// In the gcLiveArrayBuffers list.
|
||||
IN_LIVE_LIST = 0x1,
|
||||
|
||||
// The dataPointer() is owned by this buffer and should be released
|
||||
// when no longer in use. Releasing the pointer may be done by either
|
||||
// freeing or unmapping it, and how to do this is determined by the
|
||||
// buffer's other flags (e.g. ASMJS_BUFFER and MAPPED_BUFFER).
|
||||
OWNS_DATA = 0x2,
|
||||
|
||||
ASMJS_BUFFER = 0x4,
|
||||
SHARED_BUFFER = 0x8,
|
||||
MAPPED_BUFFER = 0x10,
|
||||
NEUTERED_BUFFER = 0x20
|
||||
};
|
||||
|
||||
uint32_t flags() const;
|
||||
void setFlags(uint32_t flags);
|
||||
|
||||
bool inLiveList() const { return flags() & IN_LIVE_LIST; }
|
||||
void setInLiveList(bool value) {
|
||||
setFlags(value ? (flags() | IN_LIVE_LIST) : (flags() & ~IN_LIVE_LIST));
|
||||
}
|
||||
|
||||
bool ownsData() const { return flags() & OWNS_DATA; }
|
||||
void setOwnsData(OwnsState owns) {
|
||||
setFlags(owns ? (flags() | OWNS_DATA) : (flags() & ~OWNS_DATA));
|
||||
}
|
||||
|
||||
void setIsAsmJSArrayBuffer() { setFlags(flags() | ASMJS_BUFFER); }
|
||||
void setIsSharedArrayBuffer() { setFlags(flags() | SHARED_BUFFER); }
|
||||
void setIsMappedArrayBuffer() { setFlags(flags() | MAPPED_BUFFER); }
|
||||
void setIsNeutered() { setFlags(flags() | NEUTERED_BUFFER); }
|
||||
|
||||
void initialize(size_t byteLength, void *data, OwnsState ownsState) {
|
||||
setByteLength(byteLength);
|
||||
setFlags(0);
|
||||
setViewListNoBarrier(nullptr);
|
||||
setDataPointer(data, ownsState);
|
||||
}
|
||||
|
||||
void releaseAsmJSArray(FreeOp *fop);
|
||||
void releaseMappedArray();
|
||||
};
|
||||
|
||||
/*
|
||||
@ -268,35 +242,24 @@ class ArrayBufferViewObject : public JSObject
|
||||
/* ArrayBufferObjects point to a linked list of views, chained through this slot */
|
||||
static const size_t NEXT_VIEW_SLOT = JS_TYPEDOBJ_SLOT_NEXT_VIEW;
|
||||
|
||||
/*
|
||||
* When ArrayBufferObjects are traced during GC, they construct a linked
|
||||
* list of ArrayBufferObjects with more than one view, chained through this
|
||||
* slot of the first view of each ArrayBufferObject.
|
||||
*/
|
||||
static const size_t NEXT_BUFFER_SLOT = JS_TYPEDOBJ_SLOT_NEXT_BUFFER;
|
||||
|
||||
public:
|
||||
JSObject *bufferObject() const {
|
||||
return &getFixedSlot(BUFFER_SLOT).toObject();
|
||||
}
|
||||
|
||||
ArrayBufferObject *bufferLink() {
|
||||
return static_cast<ArrayBufferObject*>(getFixedSlot(NEXT_BUFFER_SLOT).toPrivate());
|
||||
}
|
||||
|
||||
inline void setBufferLink(ArrayBufferObject *buffer);
|
||||
|
||||
ArrayBufferViewObject *nextView() const {
|
||||
return static_cast<ArrayBufferViewObject*>(getFixedSlot(NEXT_VIEW_SLOT).toPrivate());
|
||||
}
|
||||
|
||||
inline void setNextView(ArrayBufferViewObject *view);
|
||||
|
||||
void prependToViews(ArrayBufferViewObject *viewsHead);
|
||||
|
||||
void neuter(JSContext *cx);
|
||||
|
||||
static void trace(JSTracer *trc, JSObject *obj);
|
||||
|
||||
uint8_t *dataPointer() {
|
||||
return static_cast<uint8_t *>(getPrivate());
|
||||
}
|
||||
};
|
||||
|
||||
bool
|
||||
@ -335,13 +298,6 @@ bool IsArrayBuffer(JSObject *obj);
|
||||
ArrayBufferObject &AsArrayBuffer(HandleObject obj);
|
||||
ArrayBufferObject &AsArrayBuffer(JSObject *obj);
|
||||
|
||||
inline void
|
||||
ArrayBufferViewObject::setBufferLink(ArrayBufferObject *buffer)
|
||||
{
|
||||
setFixedSlot(NEXT_BUFFER_SLOT, PrivateValue(buffer));
|
||||
PostBarrierTypedArrayObject(this);
|
||||
}
|
||||
|
||||
inline void
|
||||
ArrayBufferViewObject::setNextView(ArrayBufferViewObject *view)
|
||||
{
|
||||
|
@ -383,20 +383,6 @@ js::ObjectImpl::markChildren(JSTracer *trc)
|
||||
}
|
||||
}
|
||||
|
||||
JSObject *
|
||||
js::ArrayBufferDelegate(JSContext *cx, Handle<ObjectImpl*> obj)
|
||||
{
|
||||
MOZ_ASSERT(obj->hasClass(&ArrayBufferObject::class_) ||
|
||||
obj->hasClass(&SharedArrayBufferObject::class_));
|
||||
|
||||
if (obj->getPrivate())
|
||||
return static_cast<JSObject *>(obj->getPrivate());
|
||||
JSObject *delegate = NewObjectWithGivenProto(cx, &JSObject::class_,
|
||||
obj->getTaggedProto(), nullptr);
|
||||
obj->setPrivateGCThing(delegate);
|
||||
return delegate;
|
||||
}
|
||||
|
||||
void
|
||||
AutoPropDescRooter::trace(JSTracer *trc)
|
||||
{
|
||||
|
@ -168,24 +168,16 @@ class ObjectElements
|
||||
public:
|
||||
enum Flags {
|
||||
CONVERT_DOUBLE_ELEMENTS = 0x1,
|
||||
ASMJS_ARRAY_BUFFER = 0x2,
|
||||
NEUTERED_BUFFER = 0x4,
|
||||
SHARED_ARRAY_BUFFER = 0x8,
|
||||
MAPPED_ARRAY_BUFFER = 0x10,
|
||||
|
||||
// Present only if these elements correspond to an array with
|
||||
// non-writable length; never present for non-arrays.
|
||||
NONWRITABLE_ARRAY_LENGTH = 0x20,
|
||||
NONWRITABLE_ARRAY_LENGTH = 0x2
|
||||
};
|
||||
|
||||
private:
|
||||
friend class ::JSObject;
|
||||
friend class ObjectImpl;
|
||||
friend class ArrayObject;
|
||||
friend class ArrayBufferObject;
|
||||
friend class ArrayBufferViewObject;
|
||||
friend class SharedArrayBufferObject;
|
||||
friend class TypedArrayObject;
|
||||
friend class Nursery;
|
||||
|
||||
template <ExecutionMode mode>
|
||||
@ -232,30 +224,6 @@ class ObjectElements
|
||||
void clearShouldConvertDoubleElements() {
|
||||
flags &= ~CONVERT_DOUBLE_ELEMENTS;
|
||||
}
|
||||
bool isAsmJSArrayBuffer() const {
|
||||
return flags & ASMJS_ARRAY_BUFFER;
|
||||
}
|
||||
void setIsAsmJSArrayBuffer() {
|
||||
flags |= ASMJS_ARRAY_BUFFER;
|
||||
}
|
||||
bool isNeuteredBuffer() const {
|
||||
return flags & NEUTERED_BUFFER;
|
||||
}
|
||||
void setIsNeuteredBuffer() {
|
||||
flags |= NEUTERED_BUFFER;
|
||||
}
|
||||
bool isSharedArrayBuffer() const {
|
||||
return flags & SHARED_ARRAY_BUFFER;
|
||||
}
|
||||
void setIsSharedArrayBuffer() {
|
||||
flags |= SHARED_ARRAY_BUFFER;
|
||||
}
|
||||
bool isMappedArrayBuffer() const {
|
||||
return flags & MAPPED_ARRAY_BUFFER;
|
||||
}
|
||||
void setIsMappedArrayBuffer() {
|
||||
flags |= MAPPED_ARRAY_BUFFER;
|
||||
}
|
||||
bool hasNonwritableArrayLength() const {
|
||||
return flags & NONWRITABLE_ARRAY_LENGTH;
|
||||
}
|
||||
@ -1046,9 +1014,6 @@ IsObjectValueInCompartment(js::Value v, JSCompartment *comp)
|
||||
}
|
||||
#endif
|
||||
|
||||
extern JSObject *
|
||||
ArrayBufferDelegate(JSContext *cx, Handle<ObjectImpl*> obj);
|
||||
|
||||
} /* namespace js */
|
||||
|
||||
#endif /* vm_ObjectImpl_h */
|
||||
|
@ -23,8 +23,6 @@ using namespace js;
|
||||
using mozilla::IsNaN;
|
||||
using mozilla::PodCopy;
|
||||
|
||||
#define SHAREDARRAYBUFFER_RESERVED_SLOTS 15
|
||||
|
||||
/*
|
||||
* SharedArrayRawBuffer
|
||||
*/
|
||||
@ -179,53 +177,26 @@ SharedArrayBufferObject::New(JSContext *cx, uint32_t length)
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
RootedObject obj(cx, NewBuiltinClassInstance(cx, &class_));
|
||||
if (!obj)
|
||||
return nullptr;
|
||||
|
||||
JS_ASSERT(obj->getClass() == &class_);
|
||||
|
||||
Rooted<js::Shape*> empty(cx);
|
||||
empty = EmptyShape::getInitialShape(cx, &class_, obj->getProto(), obj->getParent(),
|
||||
obj->getMetadata(), gc::FINALIZE_OBJECT16_BACKGROUND);
|
||||
if (!empty)
|
||||
return nullptr;
|
||||
obj->setLastPropertyInfallible(empty);
|
||||
|
||||
obj->setFixedElements();
|
||||
obj->as<SharedArrayBufferObject>().initElementsHeader(obj->getElementsHeader(), length);
|
||||
obj->getElementsHeader()->setIsSharedArrayBuffer();
|
||||
|
||||
SharedArrayRawBuffer *buffer = SharedArrayRawBuffer::New(length);
|
||||
if (!buffer)
|
||||
return nullptr;
|
||||
obj->as<SharedArrayBufferObject>().acceptRawBuffer(buffer);
|
||||
|
||||
return obj;
|
||||
return New(cx, buffer);
|
||||
}
|
||||
|
||||
JSObject *
|
||||
SharedArrayBufferObject::New(JSContext *cx, SharedArrayRawBuffer *buffer)
|
||||
{
|
||||
RootedObject obj(cx, NewBuiltinClassInstance(cx, &class_));
|
||||
Rooted<SharedArrayBufferObject*> obj(cx, NewBuiltinClassInstance<SharedArrayBufferObject>(cx));
|
||||
if (!obj)
|
||||
return nullptr;
|
||||
|
||||
JS_ASSERT(obj->getClass() == &class_);
|
||||
|
||||
Rooted<js::Shape*> empty(cx);
|
||||
empty = EmptyShape::getInitialShape(cx, &class_, obj->getProto(), obj->getParent(),
|
||||
obj->getMetadata(), gc::FINALIZE_OBJECT16_BACKGROUND);
|
||||
if (!empty)
|
||||
return nullptr;
|
||||
obj->setLastPropertyInfallible(empty);
|
||||
obj->initialize(buffer->byteLength(), nullptr, DoesntOwnData);
|
||||
|
||||
obj->setFixedElements();
|
||||
obj->as<SharedArrayBufferObject>().initElementsHeader(obj->getElementsHeader(),
|
||||
buffer->byteLength());
|
||||
obj->getElementsHeader()->setIsSharedArrayBuffer();
|
||||
|
||||
obj->as<SharedArrayBufferObject>().acceptRawBuffer(buffer);
|
||||
obj->acceptRawBuffer(buffer);
|
||||
obj->setIsSharedArrayBuffer();
|
||||
|
||||
return obj;
|
||||
}
|
||||
@ -283,8 +254,6 @@ SharedArrayBufferObject::Finalize(FreeOp *fop, JSObject *obj)
|
||||
|
||||
const Class SharedArrayBufferObject::protoClass = {
|
||||
"SharedArrayBufferPrototype",
|
||||
JSCLASS_HAS_PRIVATE |
|
||||
JSCLASS_HAS_RESERVED_SLOTS(SHAREDARRAYBUFFER_RESERVED_SLOTS) |
|
||||
JSCLASS_HAS_CACHED_PROTO(JSProto_SharedArrayBuffer),
|
||||
JS_PropertyStub, /* addProperty */
|
||||
JS_DeletePropertyStub, /* delProperty */
|
||||
@ -297,10 +266,8 @@ const Class SharedArrayBufferObject::protoClass = {
|
||||
|
||||
const Class SharedArrayBufferObject::class_ = {
|
||||
"SharedArrayBuffer",
|
||||
JSCLASS_HAS_PRIVATE |
|
||||
JSCLASS_IMPLEMENTS_BARRIERS |
|
||||
Class::NON_NATIVE |
|
||||
JSCLASS_HAS_RESERVED_SLOTS(SHAREDARRAYBUFFER_RESERVED_SLOTS) |
|
||||
JSCLASS_HAS_RESERVED_SLOTS(SharedArrayBufferObject::RESERVED_SLOTS) |
|
||||
JSCLASS_HAS_CACHED_PROTO(JSProto_SharedArrayBuffer),
|
||||
JS_PropertyStub, /* addProperty */
|
||||
JS_DeletePropertyStub, /* delProperty */
|
||||
@ -315,29 +282,7 @@ const Class SharedArrayBufferObject::class_ = {
|
||||
nullptr, /* construct */
|
||||
ArrayBufferObject::obj_trace,
|
||||
JS_NULL_CLASS_SPEC,
|
||||
JS_NULL_CLASS_EXT,
|
||||
{
|
||||
ArrayBufferObject::obj_lookupGeneric,
|
||||
ArrayBufferObject::obj_lookupProperty,
|
||||
ArrayBufferObject::obj_lookupElement,
|
||||
ArrayBufferObject::obj_defineGeneric,
|
||||
ArrayBufferObject::obj_defineProperty,
|
||||
ArrayBufferObject::obj_defineElement,
|
||||
ArrayBufferObject::obj_getGeneric,
|
||||
ArrayBufferObject::obj_getProperty,
|
||||
ArrayBufferObject::obj_getElement,
|
||||
ArrayBufferObject::obj_setGeneric,
|
||||
ArrayBufferObject::obj_setProperty,
|
||||
ArrayBufferObject::obj_setElement,
|
||||
ArrayBufferObject::obj_getGenericAttributes,
|
||||
ArrayBufferObject::obj_setGenericAttributes,
|
||||
ArrayBufferObject::obj_deleteProperty,
|
||||
ArrayBufferObject::obj_deleteElement,
|
||||
nullptr, nullptr, /* watch/unwatch */
|
||||
nullptr, /* slice */
|
||||
ArrayBufferObject::obj_enumerate,
|
||||
nullptr, /* thisObject */
|
||||
}
|
||||
JS_NULL_CLASS_EXT
|
||||
};
|
||||
|
||||
JSObject *
|
||||
|
@ -74,8 +74,9 @@ class SharedArrayBufferObject : public ArrayBufferObject
|
||||
static const Class protoClass;
|
||||
|
||||
// Slot used for storing a pointer to the SharedArrayRawBuffer.
|
||||
// First two slots hold the ObjectElements.
|
||||
static const int32_t RAWBUF_SLOT = 2;
|
||||
static const uint8_t RAWBUF_SLOT = ArrayBufferObject::RESERVED_SLOTS;
|
||||
|
||||
static const uint8_t RESERVED_SLOTS = ArrayBufferObject::RESERVED_SLOTS + 1;
|
||||
|
||||
static bool class_constructor(JSContext *cx, unsigned argc, Value *vp);
|
||||
|
||||
|
@ -985,6 +985,8 @@ JSStructuredCloneWriter::writeTransferMap()
|
||||
return false;
|
||||
if (!out.writePtr(nullptr)) // Pointer to ArrayBuffer contents or to SharedArrayRawBuffer.
|
||||
return false;
|
||||
if (!out.write(0)) // |byteLength| for an ArrayBuffer, 0 for SharedArrayBuffer
|
||||
return false;
|
||||
if (!out.write(0)) // |userdata|, intended to be passed to callbacks.
|
||||
return false;
|
||||
}
|
||||
@ -1014,14 +1016,15 @@ JSStructuredCloneWriter::transferOwnership()
|
||||
MOZ_ASSERT(uint32_t(LittleEndian::readUint64(point)) == SCTAG_TM_UNFILLED);
|
||||
|
||||
if (obj->is<ArrayBufferObject>()) {
|
||||
void *content;
|
||||
uint8_t *data;
|
||||
if (!JS_StealArrayBufferContents(context(), obj, &content, &data))
|
||||
size_t nbytes = obj->as<ArrayBufferObject>().byteLength();
|
||||
void *contents = JS_StealArrayBufferContents(context(), obj);
|
||||
if (!contents)
|
||||
return false; // Destructor will clean up the already-transferred data
|
||||
|
||||
uint64_t entryTag = PairToUInt64(SCTAG_TRANSFER_MAP_ENTRY, SCTAG_TM_ALLOC_DATA);
|
||||
LittleEndian::writeUint64(point++, entryTag);
|
||||
LittleEndian::writeUint64(point++, reinterpret_cast<uint64_t>(content));
|
||||
LittleEndian::writeUint64(point++, reinterpret_cast<uint64_t>(contents));
|
||||
LittleEndian::writeUint64(point++, nbytes);
|
||||
LittleEndian::writeUint64(point++, 0);
|
||||
} else {
|
||||
SharedArrayRawBuffer *rawbuf = obj->as<SharedArrayBufferObject>().rawBufferObject();
|
||||
@ -1034,6 +1037,7 @@ JSStructuredCloneWriter::transferOwnership()
|
||||
LittleEndian::writeUint64(point++, entryTag);
|
||||
LittleEndian::writeUint64(point++, reinterpret_cast<uint64_t>(rawbuf));
|
||||
LittleEndian::writeUint64(point++, 0);
|
||||
LittleEndian::writeUint64(point++, 0);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1240,13 +1244,13 @@ bool
|
||||
JSStructuredCloneReader::readMappedArrayBuffer(Value *vp, uint32_t fd,
|
||||
uint32_t offset, uint32_t length)
|
||||
{
|
||||
void *ptr;
|
||||
int new_fd;
|
||||
if(!JS_CreateMappedArrayBufferContents(fd, &new_fd, offset, length, &ptr)) {
|
||||
void *ptr = JS_CreateMappedArrayBufferContents(fd, &new_fd, offset, length);
|
||||
if (!ptr) {
|
||||
JS_ReportError(context(), "Failed to create mapped array buffer contents");
|
||||
return false;
|
||||
}
|
||||
JSObject *obj = JS_NewArrayBufferWithContents(context(), ptr);
|
||||
JSObject *obj = JS_NewArrayBufferWithContents(context(), length, ptr, /* mapped = */ true);
|
||||
if (!obj) {
|
||||
JS_ReleaseMappedArrayBufferContents(new_fd, ptr, length);
|
||||
return false;
|
||||
@ -1548,6 +1552,10 @@ JSStructuredCloneReader::readTransferMap()
|
||||
if (!in.readPtr(&content))
|
||||
return false;
|
||||
|
||||
uint64_t nbytes;
|
||||
if (!in.read(&nbytes))
|
||||
return false;
|
||||
|
||||
uint64_t userdata;
|
||||
if (!in.read(&userdata))
|
||||
return false;
|
||||
@ -1555,7 +1563,7 @@ JSStructuredCloneReader::readTransferMap()
|
||||
RootedObject obj(context());
|
||||
|
||||
if (data == SCTAG_TM_ALLOC_DATA)
|
||||
obj = JS_NewArrayBufferWithContents(context(), content);
|
||||
obj = JS_NewArrayBufferWithContents(context(), nbytes, content);
|
||||
else if (data == SCTAG_TM_SHARED_BUFFER)
|
||||
obj = SharedArrayBufferObject::New(context(), (SharedArrayRawBuffer *)content);
|
||||
|
||||
|
@ -349,7 +349,6 @@ class TypedArrayObjectTemplate : public TypedArrayObject
|
||||
obj->setSlot(BYTEOFFSET_SLOT, Int32Value(byteOffset));
|
||||
obj->setSlot(BYTELENGTH_SLOT, Int32Value(len * sizeof(NativeType)));
|
||||
obj->setSlot(NEXT_VIEW_SLOT, PrivateValue(nullptr));
|
||||
obj->setSlot(NEXT_BUFFER_SLOT, PrivateValue(UNSET_BUFFER_LINK));
|
||||
|
||||
js::Shape *empty = EmptyShape::getInitialShape(cx, fastClass(),
|
||||
obj->getProto(), obj->getParent(), obj->getMetadata(),
|
||||
@ -1338,7 +1337,6 @@ DataViewObject::create(JSContext *cx, uint32_t byteOffset, uint32_t byteLength,
|
||||
dvobj.setFixedSlot(BYTELENGTH_SLOT, Int32Value(byteLength));
|
||||
dvobj.setFixedSlot(BUFFER_SLOT, ObjectValue(*arrayBuffer));
|
||||
dvobj.setFixedSlot(NEXT_VIEW_SLOT, PrivateValue(nullptr));
|
||||
dvobj.setFixedSlot(NEXT_BUFFER_SLOT, PrivateValue(UNSET_BUFFER_LINK));
|
||||
InitArrayBufferViewDataPointer(&dvobj, arrayBuffer, byteOffset);
|
||||
JS_ASSERT(byteOffset + byteLength <= arrayBuffer->byteLength());
|
||||
|
||||
|
@ -337,7 +337,7 @@ ClampIntForUint8Array(int32_t x)
|
||||
return x;
|
||||
}
|
||||
|
||||
extern js::ArrayBufferObject * const UNSET_BUFFER_LINK;
|
||||
bool ToDoubleForTypedArray(JSContext *cx, JS::HandleValue vp, double *d);
|
||||
|
||||
} // namespace js
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user