wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity
dbab136074
gecko/js/src/jsarray.cpp

3415 lines
99 KiB
C++
Raw Blame History

/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
* vim: set sw=4 ts=8 et tw=78:
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator client code, released
* March 31, 1998.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either of the GNU General Public License Version 2 or later (the "GPL"),
* or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* JS array class.
*
* Array objects begin as "dense" arrays, optimized for numeric-only property
* access over a vector of slots (obj->dslots) with high load factor. Array
* methods optimize for denseness by testing that the object's class is
* &js_ArrayClass, and can then directly manipulate the slots for efficiency.
*
* We track these pieces of metadata for arrays in dense mode:
* - the array's length property as a uint32, in JSSLOT_ARRAY_LENGTH,
* - the number of indices that are filled (non-holes), in JSSLOT_ARRAY_COUNT,
* - the net number of slots starting at dslots (DENSELEN), in dslots[-1] if
* dslots is non-NULL.
*
* In dense mode, holes in the array are represented by JSVAL_HOLE. The final
* slot in fslots (JSSLOT_ARRAY_LOOKUP_HOLDER) is used to store the single jsid
* "in use" by a lookupProperty caller.
*
* Arrays are converted to use js_SlowArrayClass when any of these conditions
* are met:
* - the load factor (COUNT / DENSELEN) is less than 0.25, and there are
* more than MIN_SPARSE_INDEX slots total
* - a property is set that is non-numeric (and not "length"); or
* - a hole is filled below DENSELEN (possibly implicitly through methods like
* |reverse| or |splice|).
*
* In the latter two cases, property creation order is no longer index order,
* which necessitates use of a structure that keeps track of property creation
* order. (ES4, due to expectations baked into web script, requires that
* enumeration order be the order in which properties were created.)
*
* An alternative in the latter case (out-of-order index set) would be to
* maintain the scope to track property enumeration order, but still use
* the fast slot access. That would have the same memory cost as just using
* a js_SlowArrayClass, but have the same performance characteristics as
* a dense array for slot accesses, at some cost in code complexity.
*/
#include "jsstddef.h"
#include <stdlib.h>
#include <string.h>
#include "jstypes.h"
#include "jsutil.h" /* Added by JSIFY */
#include "jsapi.h"
#include "jsarray.h"
#include "jsatom.h"
#include "jsbit.h"
#include "jsbool.h"
#include "jsbuiltins.h"
#include "jscntxt.h"
#include "jsversion.h"
#include "jsdbgapi.h" /* for js_TraceWatchPoints */
#include "jsdtoa.h"
#include "jsfun.h"
#include "jsgc.h"
#include "jsinterp.h"
#include "jslock.h"
#include "jsnum.h"
#include "jsobj.h"
#include "jsscope.h"
#include "jsstr.h"
#include "jsstaticcheck.h"
/* 2^32 - 1 as a number and a string */
#define MAXINDEX 4294967295u
#define MAXSTR "4294967295"
/* Small arrays are dense, no matter what. */
#define MIN_SPARSE_INDEX 32
#define INDEX_TOO_BIG(index) ((index) > JS_BIT(29) - 1)
#define INDEX_TOO_SPARSE(array, index) \
(INDEX_TOO_BIG(index) || \
((index) > ARRAY_DENSE_LENGTH(array) && (index) >= MIN_SPARSE_INDEX && \
(index) > (uint32)((array)->fslots[JSSLOT_ARRAY_COUNT] + 1) * 4))
JS_STATIC_ASSERT(sizeof(JSScopeProperty) > 4 * sizeof(jsval));
#define ENSURE_SLOW_ARRAY(cx, obj) \
(OBJ_GET_CLASS(cx, obj) == &js_SlowArrayClass || js_MakeArraySlow(cx, obj))
/*
* Determine if the id represents an array index or an XML property index.
*
* An id is an array index according to ECMA by (15.4):
*
* "Array objects give special treatment to a certain class of property names.
* A property name P (in the form of a string value) is an array index if and
* only if ToString(ToUint32(P)) is equal to P and ToUint32(P) is not equal
* to 2^32-1."
*
* In our implementation, it would be sufficient to check for JSVAL_IS_INT(id)
* except that by using signed 32-bit integers we miss the top half of the
* valid range. This function checks the string representation itself; note
* that calling a standard conversion routine might allow strings such as
* "08" or "4.0" as array indices, which they are not.
*/
JSBool
js_IdIsIndex(jsval id, jsuint *indexp)
{
JSString *str;
jschar *cp;
if (JSVAL_IS_INT(id)) {
jsint i;
i = JSVAL_TO_INT(id);
if (i < 0)
return JS_FALSE;
*indexp = (jsuint)i;
return JS_TRUE;
}
/* NB: id should be a string, but jsxml.c may call us with an object id. */
if (!JSVAL_IS_STRING(id))
return JS_FALSE;
str = JSVAL_TO_STRING(id);
cp = JSSTRING_CHARS(str);
if (JS7_ISDEC(*cp) && JSSTRING_LENGTH(str) < sizeof(MAXSTR)) {
jsuint index = JS7_UNDEC(*cp++);
jsuint oldIndex = 0;
jsuint c = 0;
if (index != 0) {
while (JS7_ISDEC(*cp)) {
oldIndex = index;
c = JS7_UNDEC(*cp);
index = 10*index + c;
cp++;
}
}
/* Ensure that all characters were consumed and we didn't overflow. */
if (*cp == 0 &&
(oldIndex < (MAXINDEX / 10) ||
(oldIndex == (MAXINDEX / 10) && c < (MAXINDEX % 10))))
{
*indexp = index;
return JS_TRUE;
}
}
return JS_FALSE;
}
static jsuint
ValueIsLength(JSContext *cx, jsval* vp)
{
jsint i;
jsdouble d;
jsuint length;
if (JSVAL_IS_INT(*vp)) {
i = JSVAL_TO_INT(*vp);
if (i < 0)
goto error;
return (jsuint) i;
}
d = js_ValueToNumber(cx, vp);
if (JSVAL_IS_NULL(*vp))
goto error;
if (JSDOUBLE_IS_NaN(d))
goto error;
length = (jsuint) d;
if (d != (jsdouble) length)
goto error;
return length;
error:
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
JSMSG_BAD_ARRAY_LENGTH);
*vp = JSVAL_NULL;
return 0;
}
JSBool
js_GetLengthProperty(JSContext *cx, JSObject *obj, jsuint *lengthp)
{
JSTempValueRooter tvr;
jsid id;
JSBool ok;
jsint i;
if (OBJ_IS_ARRAY(cx, obj)) {
*lengthp = obj->fslots[JSSLOT_ARRAY_LENGTH];
return JS_TRUE;
}
JS_PUSH_SINGLE_TEMP_ROOT(cx, JSVAL_NULL, &tvr);
id = ATOM_TO_JSID(cx->runtime->atomState.lengthAtom);
ok = OBJ_GET_PROPERTY(cx, obj, id, &tvr.u.value);
if (ok) {
if (JSVAL_IS_INT(tvr.u.value)) {
i = JSVAL_TO_INT(tvr.u.value);
*lengthp = (jsuint)i; /* jsuint cast does ToUint32 */
} else {
*lengthp = js_ValueToECMAUint32(cx, &tvr.u.value);
ok = !JSVAL_IS_NULL(tvr.u.value);
}
}
JS_POP_TEMP_ROOT(cx, &tvr);
return ok;
}
static JSBool
IndexToValue(JSContext *cx, jsuint index, jsval *vp)
{
if (index <= JSVAL_INT_MAX) {
*vp = INT_TO_JSVAL(index);
return JS_TRUE;
}
return JS_NewDoubleValue(cx, (jsdouble)index, vp);
}
JSBool JS_FASTCALL
js_IndexToId(JSContext *cx, jsuint index, jsid *idp)
{
JSString *str;
if (index <= JSVAL_INT_MAX) {
*idp = INT_TO_JSID(index);
return JS_TRUE;
}
str = js_NumberToString(cx, index);
if (!str)
return JS_FALSE;
return js_ValueToStringId(cx, STRING_TO_JSVAL(str), idp);
}
static JSBool
BigIndexToId(JSContext *cx, JSObject *obj, jsuint index, JSBool createAtom,
jsid *idp)
{
jschar buf[10], *start;
JSClass *clasp;
JSAtom *atom;
JS_STATIC_ASSERT((jsuint)-1 == 4294967295U);
JS_ASSERT(index > JSVAL_INT_MAX);
start = JS_ARRAY_END(buf);
do {
--start;
*start = (jschar)('0' + index % 10);
index /= 10;
} while (index != 0);
/*
* Skip the atomization if the class is known to store atoms corresponding
* to big indexes together with elements. In such case we know that the
* array does not have an element at the given index if its atom does not
* exist. Fast arrays (clasp == &js_ArrayClass) don't use atoms for
* any indexes, though it would be rare to see them have a big index
* in any case.
*/
if (!createAtom &&
((clasp = OBJ_GET_CLASS(cx, obj)) == &js_SlowArrayClass ||
clasp == &js_ArgumentsClass ||
clasp == &js_ObjectClass)) {
atom = js_GetExistingStringAtom(cx, start, JS_ARRAY_END(buf) - start);
if (!atom) {
*idp = JSVAL_VOID;
return JS_TRUE;
}
} else {
atom = js_AtomizeChars(cx, start, JS_ARRAY_END(buf) - start, 0);
if (!atom)
return JS_FALSE;
}
*idp = ATOM_TO_JSID(atom);
return JS_TRUE;
}
static JSBool
ResizeSlots(JSContext *cx, JSObject *obj, uint32 oldlen, uint32 len)
{
jsval *slots, *newslots;
if (len == 0) {
if (obj->dslots) {
JS_free(cx, obj->dslots - 1);
obj->dslots = NULL;
}
return JS_TRUE;
}
if (len > ~(uint32)0 / sizeof(jsval)) {
js_ReportAllocationOverflow(cx);
return JS_FALSE;
}
slots = obj->dslots ? obj->dslots - 1 : NULL;
newslots = (jsval *) JS_realloc(cx, slots, sizeof (jsval) * (len + 1));
if (!newslots)
return JS_FALSE;
obj->dslots = newslots + 1;
ARRAY_SET_DENSE_LENGTH(obj, len);
for (slots = obj->dslots + oldlen; slots < obj->dslots + len; slots++)
*slots = JSVAL_HOLE;
return JS_TRUE;
}
static JSBool
EnsureLength(JSContext *cx, JSObject *obj, uint32 len)
{
uint32 oldlen = ARRAY_DENSE_LENGTH(obj);
if (len > oldlen) {
return ResizeSlots(cx, obj, oldlen,
len + ARRAY_GROWBY - (len % ARRAY_GROWBY));
}
return JS_TRUE;
}
/*
* If the property at the given index exists, get its value into location
* pointed by vp and set *hole to false. Otherwise set *hole to true and *vp
* to JSVAL_VOID. This function assumes that the location pointed by vp is
* properly rooted and can be used as GC-protected storage for temporaries.
*/
static JSBool
GetArrayElement(JSContext *cx, JSObject *obj, jsuint index, JSBool *hole,
jsval *vp)
{
jsid id;
JSObject *obj2;
JSProperty *prop;
if (OBJ_IS_DENSE_ARRAY(cx, obj) && index < ARRAY_DENSE_LENGTH(obj) &&
(*vp = obj->dslots[index]) != JSVAL_HOLE) {
*hole = JS_FALSE;
return JS_TRUE;
}
if (index <= JSVAL_INT_MAX) {
id = INT_TO_JSID(index);
} else {
if (!BigIndexToId(cx, obj, index, JS_FALSE, &id))
return JS_FALSE;
if (JSVAL_IS_VOID(id)) {
*hole = JS_TRUE;
*vp = JSVAL_VOID;
return JS_TRUE;
}
}
if (!OBJ_LOOKUP_PROPERTY(cx, obj, id, &obj2, &prop))
return JS_FALSE;
if (!prop) {
*hole = JS_TRUE;
*vp = JSVAL_VOID;
} else {
OBJ_DROP_PROPERTY(cx, obj2, prop);
if (!OBJ_GET_PROPERTY(cx, obj, id, vp))
return JS_FALSE;
*hole = JS_FALSE;
}
return JS_TRUE;
}
/*
* Set the value of the property at the given index to v assuming v is rooted.
*/
static JSBool
SetArrayElement(JSContext *cx, JSObject *obj, jsuint index, jsval v)
{
jsid id;
if (OBJ_IS_DENSE_ARRAY(cx, obj)) {
/* Predicted/prefeched code should favor the remains-dense case. */
if (!INDEX_TOO_SPARSE(obj, index)) {
if (!EnsureLength(cx, obj, index + 1))
return JS_FALSE;
if (index >= (uint32)obj->fslots[JSSLOT_ARRAY_LENGTH])
obj->fslots[JSSLOT_ARRAY_LENGTH] = index + 1;
if (obj->dslots[index] == JSVAL_HOLE)
obj->fslots[JSSLOT_ARRAY_COUNT]++;
obj->dslots[index] = v;
return JS_TRUE;
}
if (!js_MakeArraySlow(cx, obj))
return JS_FALSE;
}
if (index <= JSVAL_INT_MAX) {
id = INT_TO_JSID(index);
} else {
if (!BigIndexToId(cx, obj, index, JS_TRUE, &id))
return JS_FALSE;
JS_ASSERT(!JSVAL_IS_VOID(id));
}
return OBJ_SET_PROPERTY(cx, obj, id, &v);
}
static JSBool
DeleteArrayElement(JSContext *cx, JSObject *obj, jsuint index)
{
jsid id;
jsval junk;
if (OBJ_IS_DENSE_ARRAY(cx, obj)) {
if (index < ARRAY_DENSE_LENGTH(obj)) {
if (obj->dslots[index] != JSVAL_HOLE)
obj->fslots[JSSLOT_ARRAY_COUNT]--;
obj->dslots[index] = JSVAL_HOLE;
}
return JS_TRUE;
}
if (index <= JSVAL_INT_MAX) {
id = INT_TO_JSID(index);
} else {
if (!BigIndexToId(cx, obj, index, JS_FALSE, &id))
return JS_FALSE;
if (JSVAL_IS_VOID(id))
return JS_TRUE;
}
return OBJ_DELETE_PROPERTY(cx, obj, id, &junk);
}
/*
* When hole is true, delete the property at the given index. Otherwise set
* its value to v assuming v is rooted.
*/
static JSBool
SetOrDeleteArrayElement(JSContext *cx, JSObject *obj, jsuint index,
JSBool hole, jsval v)
{
if (hole) {
JS_ASSERT(JSVAL_IS_VOID(v));
return DeleteArrayElement(cx, obj, index);
}
return SetArrayElement(cx, obj, index, v);
}
JSBool
js_SetLengthProperty(JSContext *cx, JSObject *obj, jsuint length)
{
jsval v;
jsid id;
if (!IndexToValue(cx, length, &v))
return JS_FALSE;
id = ATOM_TO_JSID(cx->runtime->atomState.lengthAtom);
return OBJ_SET_PROPERTY(cx, obj, id, &v);
}
JSBool
js_HasLengthProperty(JSContext *cx, JSObject *obj, jsuint *lengthp)
{
JSErrorReporter older;
JSTempValueRooter tvr;
jsid id;
JSBool ok;
older = JS_SetErrorReporter(cx, NULL);
JS_PUSH_SINGLE_TEMP_ROOT(cx, JSVAL_NULL, &tvr);
id = ATOM_TO_JSID(cx->runtime->atomState.lengthAtom);
ok = OBJ_GET_PROPERTY(cx, obj, id, &tvr.u.value);
JS_SetErrorReporter(cx, older);
if (ok) {
*lengthp = ValueIsLength(cx, &tvr.u.value);
ok = !JSVAL_IS_NULL(tvr.u.value);
}
JS_POP_TEMP_ROOT(cx, &tvr);
return ok;
}
JSBool
js_IsArrayLike(JSContext *cx, JSObject *obj, JSBool *answerp, jsuint *lengthp)
{
JSClass *clasp;
clasp = OBJ_GET_CLASS(cx, obj);
*answerp = (clasp == &js_ArgumentsClass || clasp == &js_ArrayClass ||
clasp == &js_SlowArrayClass);
if (!*answerp) {
*lengthp = 0;
return JS_TRUE;
}
return js_GetLengthProperty(cx, obj, lengthp);
}
/*
* The 'length' property of all native Array instances is a shared permanent
* property of Array.prototype, so it appears to be a direct property of each
* array instance delegating to that Array.prototype. It accesses the private
* slot reserved by js_ArrayClass.
*
* Since SpiderMonkey supports cross-class prototype-based delegation, we have
* to be careful about the length getter and setter being called on an object
* not of Array class. For the getter, we search obj's prototype chain for the
* array that caused this getter to be invoked. In the setter case to overcome
* the JSPROP_SHARED attribute, we must define a shadowing length property.
*/
static JSBool
array_length_getter(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
{
do {
if (OBJ_IS_ARRAY(cx, obj))
return IndexToValue(cx, obj->fslots[JSSLOT_ARRAY_LENGTH], vp);
} while ((obj = OBJ_GET_PROTO(cx, obj)) != NULL);
return JS_TRUE;
}
static JSBool
array_length_setter(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
{
jsuint newlen, oldlen, gap, index;
jsval junk;
JSObject *iter;
JSTempValueRooter tvr;
JSBool ok;
if (!OBJ_IS_ARRAY(cx, obj)) {
jsid lengthId = ATOM_TO_JSID(cx->runtime->atomState.lengthAtom);
return OBJ_DEFINE_PROPERTY(cx, obj, lengthId, *vp, NULL, NULL,
JSPROP_ENUMERATE, NULL);
}
newlen = ValueIsLength(cx, vp);
if (JSVAL_IS_NULL(*vp))
return JS_FALSE;
oldlen = obj->fslots[JSSLOT_ARRAY_LENGTH];
if (oldlen == newlen)
return JS_TRUE;
if (!IndexToValue(cx, newlen, vp))
return JS_FALSE;
if (oldlen < newlen) {
obj->fslots[JSSLOT_ARRAY_LENGTH] = newlen;
return JS_TRUE;
}
if (OBJ_IS_DENSE_ARRAY(cx, obj)) {
if (ARRAY_DENSE_LENGTH(obj) && !ResizeSlots(cx, obj, oldlen, newlen))
return JS_FALSE;
} else if (oldlen - newlen < (1 << 24)) {
do {
--oldlen;
if (!JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) ||
!DeleteArrayElement(cx, obj, oldlen)) {
return JS_FALSE;
}
} while (oldlen != newlen);
} else {
/*
* We are going to remove a lot of indexes in a presumably sparse
* array. So instead of looping through indexes between newlen and
* oldlen, we iterate through all properties and remove those that
* correspond to indexes in the half-open range [newlen, oldlen). See
* bug 322135.
*/
iter = JS_NewPropertyIterator(cx, obj);
if (!iter)
return JS_FALSE;
/* Protect iter against GC in OBJ_DELETE_PROPERTY. */
JS_PUSH_TEMP_ROOT_OBJECT(cx, iter, &tvr);
gap = oldlen - newlen;
for (;;) {
ok = (JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) &&
JS_NextProperty(cx, iter, &id));
if (!ok)
break;
if (JSVAL_IS_VOID(id))
break;
if (js_IdIsIndex(id, &index) && index - newlen < gap) {
ok = OBJ_DELETE_PROPERTY(cx, obj, id, &junk);
if (!ok)
break;
}
}
JS_POP_TEMP_ROOT(cx, &tvr);
if (!ok)
return JS_FALSE;
}
obj->fslots[JSSLOT_ARRAY_LENGTH] = newlen;
return JS_TRUE;
}
static JSBool
array_lookupProperty(JSContext *cx, JSObject *obj, jsid id, JSObject **objp,
JSProperty **propp)
{
uint32 i;
union { JSProperty *p; jsval *v; } u;
if (!OBJ_IS_DENSE_ARRAY(cx, obj))
return js_LookupProperty(cx, obj, id, objp, propp);
/*
* We have only indexed properties up to DENSELEN (excepting holes), plus
* the length property. For all else, we delegate to the prototype.
*/
if (id != ATOM_TO_JSID(cx->runtime->atomState.lengthAtom) &&
(!js_IdIsIndex(id, &i) ||
obj->fslots[JSSLOT_ARRAY_LENGTH] == 0 ||
i >= ARRAY_DENSE_LENGTH(obj) ||
obj->dslots[i] == JSVAL_HOLE))
{
JSObject *proto = STOBJ_GET_PROTO(obj);
if (!proto) {
*objp = NULL;
*propp = NULL;
return JS_TRUE;
}
return OBJ_LOOKUP_PROPERTY(cx, proto, id, objp, propp);
}
/* FIXME 417501: threadsafety: could race with a lookup on another thread.
* If we can only have a single lookup active per context, we could
* pigeonhole this on the context instead. */
JS_ASSERT(JSVAL_IS_VOID(obj->fslots[JSSLOT_ARRAY_LOOKUP_HOLDER]));
obj->fslots[JSSLOT_ARRAY_LOOKUP_HOLDER] = (jsval) id;
u.v = &(obj->fslots[JSSLOT_ARRAY_LOOKUP_HOLDER]);
*propp = u.p;
*objp = obj;
return JS_TRUE;
}
static void
array_dropProperty(JSContext *cx, JSObject *obj, JSProperty *prop)
{
JS_ASSERT_IF(OBJ_IS_DENSE_ARRAY(cx, obj),
!JSVAL_IS_VOID(obj->fslots[JSSLOT_ARRAY_LOOKUP_HOLDER]));
#ifdef DEBUG
obj->fslots[JSSLOT_ARRAY_LOOKUP_HOLDER] = JSVAL_VOID;
#endif
}
static JSBool
array_getProperty(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
{
uint32 i;
if (id == ATOM_TO_JSID(cx->runtime->atomState.lengthAtom))
return IndexToValue(cx, obj->fslots[JSSLOT_ARRAY_LENGTH], vp);
if (id == ATOM_TO_JSID(cx->runtime->atomState.protoAtom)) {
*vp = STOBJ_GET_SLOT(obj, JSSLOT_PROTO);
return JS_TRUE;
}
if (!OBJ_IS_DENSE_ARRAY(cx, obj))
return js_GetProperty(cx, obj, id, vp);
if (!js_IdIsIndex(ID_TO_VALUE(id), &i) || i >= ARRAY_DENSE_LENGTH(obj) ||
obj->dslots[i] == JSVAL_HOLE) {
JSObject *obj2;
JSProperty *prop;
JSScopeProperty *sprop;
JSObject *proto = STOBJ_GET_PROTO(obj);
if (!proto) {
*vp = JSVAL_VOID;
return JS_TRUE;
}
*vp = JSVAL_VOID;
if (js_LookupPropertyWithFlags(cx, proto, id, cx->resolveFlags,
&obj2, &prop) < 0)
return JS_FALSE;
if (prop) {
if (OBJ_IS_NATIVE(obj2)) {
sprop = (JSScopeProperty *) prop;
if (!js_NativeGet(cx, obj, obj2, sprop, vp))
return JS_FALSE;
}
OBJ_DROP_PROPERTY(cx, obj2, prop);
}
return JS_TRUE;
}
*vp = obj->dslots[i];
return JS_TRUE;
}
static JSBool
slowarray_addProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
{
jsuint index, length;
if (!js_IdIsIndex(id, &index))
return JS_TRUE;
length = obj->fslots[JSSLOT_ARRAY_LENGTH];
if (index >= length)
obj->fslots[JSSLOT_ARRAY_LENGTH] = index + 1;
return JS_TRUE;
}
static void
slowarray_trace(JSTracer *trc, JSObject *obj)
{
uint32 length = obj->fslots[JSSLOT_ARRAY_LENGTH];
JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_SlowArrayClass);
/*
* Move JSSLOT_ARRAY_LENGTH aside to prevent the GC from treating
* untagged integer values as objects or strings.
*/
obj->fslots[JSSLOT_ARRAY_LENGTH] = JSVAL_VOID;
js_TraceObject(trc, obj);
obj->fslots[JSSLOT_ARRAY_LENGTH] = length;
}
static JSObjectOps js_SlowArrayObjectOps;
static JSObjectOps *
slowarray_getObjectOps(JSContext *cx, JSClass *clasp)
{
return &js_SlowArrayObjectOps;
}
static JSBool
array_setProperty(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
{
uint32 i;
if (id == ATOM_TO_JSID(cx->runtime->atomState.lengthAtom))
return array_length_setter(cx, obj, id, vp);
if (!OBJ_IS_DENSE_ARRAY(cx, obj))
return js_SetProperty(cx, obj, id, vp);
if (!js_IdIsIndex(id, &i) || INDEX_TOO_SPARSE(obj, i)) {
if (!js_MakeArraySlow(cx, obj))
return JS_FALSE;
return js_SetProperty(cx, obj, id, vp);
}
if (!EnsureLength(cx, obj, i + 1))
return JS_FALSE;
if (i >= (uint32)obj->fslots[JSSLOT_ARRAY_LENGTH])
obj->fslots[JSSLOT_ARRAY_LENGTH] = i + 1;
if (obj->dslots[i] == JSVAL_HOLE)
obj->fslots[JSSLOT_ARRAY_COUNT]++;
obj->dslots[i] = *vp;
return JS_TRUE;
}
#ifdef JS_TRACER
JSBool FASTCALL
js_Array_dense_setelem(JSContext* cx, JSObject* obj, jsint i, jsval v)
{
JS_ASSERT(OBJ_IS_DENSE_ARRAY(cx, obj));
do {
jsuint length = ARRAY_DENSE_LENGTH(obj);
if ((jsuint)i < length) {
if (obj->dslots[i] == JSVAL_HOLE) {
if (cx->runtime->anyArrayProtoHasElement)
break;
if (i >= obj->fslots[JSSLOT_ARRAY_LENGTH])
obj->fslots[JSSLOT_ARRAY_LENGTH] = i + 1;
obj->fslots[JSSLOT_ARRAY_COUNT]++;
}
obj->dslots[i] = v;
return JS_TRUE;
}
} while (0);
return OBJ_SET_PROPERTY(cx, obj, INT_TO_JSID(i), &v);
}
#endif
static JSBool
array_defineProperty(JSContext *cx, JSObject *obj, jsid id, jsval value,
JSPropertyOp getter, JSPropertyOp setter, uintN attrs,
JSProperty **propp)
{
uint32 i;
JSBool isIndex;
if (id == ATOM_TO_JSID(cx->runtime->atomState.lengthAtom))
return JS_TRUE;
isIndex = js_IdIsIndex(ID_TO_VALUE(id), &i);
if (!isIndex || attrs != JSPROP_ENUMERATE) {
if (!ENSURE_SLOW_ARRAY(cx, obj))
return JS_FALSE;
if (isIndex && STOBJ_IS_DELEGATE(obj))
cx->runtime->anyArrayProtoHasElement = JS_TRUE;
return js_DefineProperty(cx, obj, id, value, getter, setter, attrs, propp);
}
return array_setProperty(cx, obj, id, &value);
}
static JSBool
array_getAttributes(JSContext *cx, JSObject *obj, jsid id, JSProperty *prop,
uintN *attrsp)
{
*attrsp = id == ATOM_TO_JSID(cx->runtime->atomState.lengthAtom)
? JSPROP_PERMANENT : JSPROP_ENUMERATE;
return JS_TRUE;
}
static JSBool
array_setAttributes(JSContext *cx, JSObject *obj, jsid id, JSProperty *prop,
uintN *attrsp)
{
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
JSMSG_CANT_SET_ARRAY_ATTRS);
return JS_FALSE;
}
static JSBool
array_deleteProperty(JSContext *cx, JSObject *obj, jsval id, jsval *rval)
{
uint32 i;
if (!OBJ_IS_DENSE_ARRAY(cx, obj))
return js_DeleteProperty(cx, obj, id, rval);
if (id == ATOM_TO_JSID(cx->runtime->atomState.lengthAtom)) {
*rval = JSVAL_FALSE;
return JS_TRUE;
}
if (js_IdIsIndex(id, &i) && i < ARRAY_DENSE_LENGTH(obj) &&
obj->dslots[i] != JSVAL_HOLE) {
obj->fslots[JSSLOT_ARRAY_COUNT]--;
obj->dslots[i] = JSVAL_HOLE;
}
*rval = JSVAL_TRUE;
return JS_TRUE;
}
/*
* JSObjectOps.enumerate implementation.
*
* For a fast array, JSENUMERATE_INIT captures in the enumeration state both
* the length of the array and the bitmap indicating the positions of holes in
* the array. This ensures that adding or deleting array elements does not
* affect the sequence of indexes JSENUMERATE_NEXT returns.
*
* For a common case of an array without holes, to represent the state we pack
* the (nextEnumerationIndex, arrayLength) pair as a pseudo-boolean jsval.
* This is possible when length <= PACKED_UINT_PAIR_BITS. For arrays with
* greater length or holes we allocate the JSIndexIterState structure and
* store it as an int-tagged private pointer jsval. For a slow array we
* delegate the enumeration implementation to js_Enumerate in
* slowarray_enumerate.
*
* Array mutations can turn a fast array into a slow one after the enumeration
* starts. When this happens, slowarray_enumerate receives a state created
* when the array was fast. To distinguish such fast state from a slow state,
* which is an int-tagged pointer that js_Enumerate creates, we set not one
* but two lowest bits when tagging a JSIndexIterState pointer -- see
* INDEX_ITER_TAG usage below. Thus, when slowarray_enumerate receives a state
* tagged with JSVAL_BOOLEAN or with two lowest bits set, it knows that this
* is a fast state so it calls array_enumerate to continue enumerating the
* indexes present in the original fast array.
*/
#define PACKED_UINT_PAIR_BITS 14
#define PACKED_UINT_PAIR_MASK JS_BITMASK(PACKED_UINT_PAIR_BITS)
#define UINT_PAIR_TO_BOOLEAN_JSVAL(i,j) \
(JS_ASSERT((uint32) (i) <= PACKED_UINT_PAIR_MASK), \
JS_ASSERT((uint32) (j) <= PACKED_UINT_PAIR_MASK), \
((jsval) (i) << (PACKED_UINT_PAIR_BITS + JSVAL_TAGBITS)) | \
((jsval) (j) << (JSVAL_TAGBITS)) | \
(jsval) JSVAL_BOOLEAN)
#define BOOLEAN_JSVAL_TO_UINT_PAIR(v,i,j) \
(JS_ASSERT(JSVAL_TAG(v) == JSVAL_BOOLEAN), \
(i) = (uint32) ((v) >> (PACKED_UINT_PAIR_BITS + JSVAL_TAGBITS)), \
(j) = (uint32) ((v) >> JSVAL_TAGBITS) & PACKED_UINT_PAIR_MASK, \
JS_ASSERT((i) <= PACKED_UINT_PAIR_MASK))
JS_STATIC_ASSERT(PACKED_UINT_PAIR_BITS * 2 + JSVAL_TAGBITS <= JS_BITS_PER_WORD);
typedef struct JSIndexIterState {
uint32 index;
uint32 length;
JSBool hasHoles;
/*
* Variable-length bitmap representing array's holes. It must not be
* accessed when hasHoles is false.
*/
jsbitmap holes[1];
} JSIndexIterState;
#define INDEX_ITER_TAG 3
JS_STATIC_ASSERT(JSVAL_INT == 1);
static JSBool
array_enumerate(JSContext *cx, JSObject *obj, JSIterateOp enum_op,
jsval *statep, jsid *idp)
{
uint32 length, i;
JSIndexIterState *ii;
switch (enum_op) {
case JSENUMERATE_INIT:
JS_ASSERT(OBJ_IS_DENSE_ARRAY(cx, obj));
length = ARRAY_DENSE_LENGTH(obj);
if (idp)
*idp = INT_TO_JSVAL(obj->fslots[JSSLOT_ARRAY_COUNT]);
ii = NULL;
for (i = 0; i != length; ++i) {
if (obj->dslots[i] == JSVAL_HOLE) {
if (!ii) {
ii = (JSIndexIterState *)
JS_malloc(cx, offsetof(JSIndexIterState, holes) +
JS_BITMAP_SIZE(length));
if (!ii)
return JS_FALSE;
ii->hasHoles = JS_TRUE;
memset(ii->holes, 0, JS_BITMAP_SIZE(length));
}
JS_SET_BIT(ii->holes, i);
}
}
if (!ii) {
/* Array has no holes. */
if (length <= PACKED_UINT_PAIR_MASK) {
*statep = UINT_PAIR_TO_BOOLEAN_JSVAL(0, length);
break;
}
ii = (JSIndexIterState *)
JS_malloc(cx, offsetof(JSIndexIterState, holes));
if (!ii)
return JS_FALSE;
ii->hasHoles = JS_FALSE;
}
ii->index = 0;
ii->length = length;
*statep = (jsval) ii | INDEX_ITER_TAG;
JS_ASSERT(*statep & JSVAL_INT);
break;
case JSENUMERATE_NEXT:
if (JSVAL_TAG(*statep) == JSVAL_BOOLEAN) {
BOOLEAN_JSVAL_TO_UINT_PAIR(*statep, i, length);
if (i != length) {
*idp = INT_TO_JSID(i);
*statep = UINT_PAIR_TO_BOOLEAN_JSVAL(i + 1, length);
break;
}
} else {
JS_ASSERT((*statep & INDEX_ITER_TAG) == INDEX_ITER_TAG);
ii = (JSIndexIterState *) (*statep & ~INDEX_ITER_TAG);
i = ii->index;
if (i != ii->length) {
/* Skip holes if any. */
if (ii->hasHoles) {
while (JS_TEST_BIT(ii->holes, i) && ++i != ii->length)
continue;
}
if (i != ii->length) {
ii->index = i + 1;
return js_IndexToId(cx, i, idp);
}
}
}
/* FALL THROUGH */
case JSENUMERATE_DESTROY:
if (JSVAL_TAG(*statep) != JSVAL_BOOLEAN) {
JS_ASSERT((*statep & INDEX_ITER_TAG) == INDEX_ITER_TAG);
ii = (JSIndexIterState *) (*statep & ~INDEX_ITER_TAG);
JS_free(cx, ii);
}
*statep = JSVAL_NULL;
break;
}
return JS_TRUE;
}
static JSBool
slowarray_enumerate(JSContext *cx, JSObject *obj, JSIterateOp enum_op,
jsval *statep, jsid *idp)
{
JSBool ok;
/* Are we continuing an enumeration that started when we were dense? */
if (enum_op != JSENUMERATE_INIT) {
if (JSVAL_TAG(*statep) == JSVAL_BOOLEAN ||
(*statep & INDEX_ITER_TAG) == INDEX_ITER_TAG) {
return array_enumerate(cx, obj, enum_op, statep, idp);
}
JS_ASSERT((*statep & INDEX_ITER_TAG) == JSVAL_INT);
}
ok = js_Enumerate(cx, obj, enum_op, statep, idp);
JS_ASSERT(*statep == JSVAL_NULL || (*statep & INDEX_ITER_TAG) == JSVAL_INT);
return ok;
}
static void
array_finalize(JSContext *cx, JSObject *obj)
{
if (obj->dslots)
JS_free(cx, obj->dslots - 1);
obj->dslots = NULL;
}
static void
array_trace(JSTracer *trc, JSObject *obj)
{
uint32 length;
size_t i;
jsval v;
JS_ASSERT(OBJ_IS_DENSE_ARRAY(cx, obj));
length = ARRAY_DENSE_LENGTH(obj);
for (i = 0; i < length; i++) {
v = obj->dslots[i];
if (JSVAL_IS_TRACEABLE(v)) {
JS_SET_TRACING_INDEX(trc, "array_dslots", i);
JS_CallTracer(trc, JSVAL_TO_TRACEABLE(v), JSVAL_TRACE_KIND(v));
}
}
for (i = JSSLOT_PROTO; i <= JSSLOT_PARENT; ++i) {
v = STOBJ_GET_SLOT(obj, i);
if (JSVAL_IS_TRACEABLE(v)) {
JS_SET_TRACING_DETAILS(trc, js_PrintObjectSlotName, obj, i);
JS_CallTracer(trc, JSVAL_TO_TRACEABLE(v), JSVAL_TRACE_KIND(v));
}
}
}
static JSObjectMap *
array_newObjectMap(JSContext *cx, jsrefcount nrefs, JSObjectOps *ops,
JSClass *clasp, JSObject *obj)
{
#ifdef DEBUG
extern JSClass js_ArrayClass;
extern JSObjectOps js_ArrayObjectOps;
#endif
JSObjectMap *map = (JSObjectMap *) JS_malloc(cx, sizeof(*map));
if (!map)
return NULL;
map->nrefs = nrefs;
JS_ASSERT(ops == &js_ArrayObjectOps);
map->ops = ops;
JS_ASSERT(clasp == &js_ArrayClass);
map->freeslot = JSSLOT_FREE(clasp);
return map;
}
void
array_destroyObjectMap(JSContext *cx, JSObjectMap *map)
{
JS_free(cx, map);
}
JSObjectOps js_ArrayObjectOps = {
array_newObjectMap, array_destroyObjectMap,
array_lookupProperty, array_defineProperty,
array_getProperty, array_setProperty,
array_getAttributes, array_setAttributes,
array_deleteProperty, js_DefaultValue,
array_enumerate, js_CheckAccess,
NULL, array_dropProperty,
NULL, NULL,
NULL, js_HasInstance,
js_SetProtoOrParent, js_SetProtoOrParent,
array_trace, NULL,
NULL, NULL
};
static JSObjectOps *
array_getObjectOps(JSContext *cx, JSClass *clasp)
{
return &js_ArrayObjectOps;
}
JSClass js_ArrayClass = {
"Array",
JSCLASS_HAS_PRIVATE | JSCLASS_HAS_CACHED_PROTO(JSProto_Array) |
JSCLASS_HAS_RESERVED_SLOTS(1) | JSCLASS_NEW_ENUMERATE,
JS_PropertyStub, JS_PropertyStub, JS_PropertyStub, JS_PropertyStub,
JS_EnumerateStub, JS_ResolveStub, js_TryValueOf, array_finalize,
array_getObjectOps, NULL, NULL, NULL,
NULL, NULL, NULL, NULL
};
JSClass js_SlowArrayClass = {
"Array",
JSCLASS_HAS_PRIVATE | JSCLASS_HAS_CACHED_PROTO(JSProto_Array),
slowarray_addProperty, JS_PropertyStub, JS_PropertyStub, JS_PropertyStub,
JS_EnumerateStub, JS_ResolveStub, js_TryValueOf, JS_FinalizeStub,
slowarray_getObjectOps, NULL, NULL, NULL,
NULL, NULL, NULL, NULL
};
/*
* Convert an array object from fast-and-dense to slow-and-flexible.
*/
JSBool
js_MakeArraySlow(JSContext *cx, JSObject *obj)
{
JSObjectMap *map, *oldmap;
uint32 i, length;
JS_ASSERT(OBJ_GET_CLASS(cx, obj) == &js_ArrayClass);
/* Create a native scope. */
map = js_NewObjectMap(cx, obj->map->nrefs, &js_SlowArrayObjectOps,
&js_SlowArrayClass, obj);
if (!map)
return JS_FALSE;
length = ARRAY_DENSE_LENGTH(obj);
if (length) {
map->freeslot = STOBJ_NSLOTS(obj) + JS_INITIAL_NSLOTS;
obj->dslots[-1] = JS_INITIAL_NSLOTS + length;
} else {
map->freeslot = STOBJ_NSLOTS(obj);
}
/* Create new properties pointing to existing values in dslots */
for (i = 0; i < length; i++) {
jsid id;
JSScopeProperty *sprop;
if (!JS_ValueToId(cx, INT_TO_JSVAL(i), &id))
goto out_bad;
if (obj->dslots[i] == JSVAL_HOLE) {
obj->dslots[i] = JSVAL_VOID;
continue;
}
sprop = js_AddScopeProperty(cx, (JSScope *)map, id, NULL, NULL,
i + JS_INITIAL_NSLOTS, JSPROP_ENUMERATE,
0, 0);
if (!sprop)
goto out_bad;
}
/*
* Render our formerly-reserved count property GC-safe. If length fits in
* a jsval, set our slow/sparse COUNT to the current length as a jsval, so
* we can tell when only named properties have been added to a dense array
* to make it slow-but-not-sparse.
*/
length = obj->fslots[JSSLOT_ARRAY_LENGTH];
obj->fslots[JSSLOT_ARRAY_COUNT] = INT_FITS_IN_JSVAL(length)
? INT_TO_JSVAL(length)
: JSVAL_VOID;
/* Make sure we preserve any flags borrowing bits in classword. */
obj->classword ^= (jsuword) &js_ArrayClass;
obj->classword |= (jsuword) &js_SlowArrayClass;
/* Swap in our new map. */
oldmap = obj->map;
obj->map = map;
array_destroyObjectMap(cx, oldmap);
return JS_TRUE;
out_bad:
js_DestroyObjectMap(cx, map);
return JS_FALSE;
}
enum ArrayToStringOp {
TO_STRING,
TO_LOCALE_STRING,
TO_SOURCE
};
/*
* When op is TO_STRING or TO_LOCALE_STRING sep indicates a separator to use
* or "," when sep is NULL.
* When op is TO_SOURCE sep must be NULL.
*/
static JSBool
array_join_sub(JSContext *cx, JSObject *obj, enum ArrayToStringOp op,
JSString *sep, jsval *rval)
{
JSBool ok, hole;
jsuint length, index;
jschar *chars, *ochars;
size_t nchars, growth, seplen, tmplen, extratail;
const jschar *sepstr;
JSString *str;
JSHashEntry *he;
JSAtom *atom;
JS_CHECK_RECURSION(cx, return JS_FALSE);
ok = js_GetLengthProperty(cx, obj, &length);
if (!ok)
return JS_FALSE;
he = js_EnterSharpObject(cx, obj, NULL, &chars);
if (!he)
return JS_FALSE;
#ifdef DEBUG
growth = (size_t) -1;
#endif
if (op == TO_SOURCE) {
if (IS_SHARP(he)) {
#if JS_HAS_SHARP_VARS
nchars = js_strlen(chars);
#else
chars[0] = '[';
chars[1] = ']';
chars[2] = 0;
nchars = 2;
#endif
goto make_string;
}
/*
* Always allocate 2 extra chars for closing ']' and terminating 0
* and then preallocate 1 + extratail to include starting '['.
*/
extratail = 2;
growth = (1 + extratail) * sizeof(jschar);
if (!chars) {
nchars = 0;
chars = (jschar *) malloc(growth);
if (!chars)
goto done;
} else {
MAKE_SHARP(he);
nchars = js_strlen(chars);
growth += nchars * sizeof(jschar);
chars = (jschar *)realloc((ochars = chars), growth);
if (!chars) {
free(ochars);
goto done;
}
}
chars[nchars++] = '[';
JS_ASSERT(sep == NULL);
sepstr = NULL; /* indicates to use ", " as separator */
seplen = 2;
} else {
/*
* Free any sharp variable definition in chars. Normally, we would
* MAKE_SHARP(he) so that only the first sharp variable annotation is
* a definition, and all the rest are references, but in the current
* case of (op != TO_SOURCE), we don't need chars at all.
*/
if (chars)
JS_free(cx, chars);
chars = NULL;
nchars = 0;
extratail = 1; /* allocate extra char for terminating 0 */
/* Return the empty string on a cycle as well as on empty join. */
if (IS_BUSY(he) || length == 0) {
js_LeaveSharpObject(cx, NULL);
*rval = JS_GetEmptyStringValue(cx);
return ok;
}
/* Flag he as BUSY so we can distinguish a cycle from a join-point. */
MAKE_BUSY(he);
if (sep) {
JSSTRING_CHARS_AND_LENGTH(sep, sepstr, seplen);
} else {
sepstr = NULL; /* indicates to use "," as separator */
seplen = 1;
}
}
/* Use rval to locally root each element value as we loop and convert. */
for (index = 0; index < length; index++) {
ok = (JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) &&
GetArrayElement(cx, obj, index, &hole, rval));
if (!ok)
goto done;
if (hole ||
(op != TO_SOURCE &&
(JSVAL_IS_VOID(*rval) || JSVAL_IS_NULL(*rval)))) {
str = cx->runtime->emptyString;
} else {
if (op == TO_LOCALE_STRING) {
JSObject *robj;
atom = cx->runtime->atomState.toLocaleStringAtom;
ok = js_ValueToObject(cx, *rval, &robj);
if (ok) {
/* Re-use *rval to protect robj temporarily. */
*rval = OBJECT_TO_JSVAL(robj);
ok = js_TryMethod(cx, robj, atom, 0, NULL, rval);
}
if (!ok)
goto done;
str = js_ValueToString(cx, *rval);
} else if (op == TO_STRING) {
str = js_ValueToString(cx, *rval);
} else {
JS_ASSERT(op == TO_SOURCE);
str = js_ValueToSource(cx, *rval);
}
if (!str) {
ok = JS_FALSE;
goto done;
}
}
/*
* Do not append separator after the last element unless it is a hole
* and we are in toSource. In that case we append single ",".
*/
if (index + 1 == length)
seplen = (hole && op == TO_SOURCE) ? 1 : 0;
/* Allocate 1 at end for closing bracket and zero. */
tmplen = JSSTRING_LENGTH(str);
growth = nchars + tmplen + seplen + extratail;
if (nchars > growth || tmplen > growth ||
growth > (size_t)-1 / sizeof(jschar)) {
if (chars) {
free(chars);
chars = NULL;
}
goto done;
}
growth *= sizeof(jschar);
JS_COUNT_OPERATION(cx, JSOW_ALLOCATION);
if (!chars) {
chars = (jschar *) malloc(growth);
if (!chars)
goto done;
} else {
chars = (jschar *) realloc((ochars = chars), growth);
if (!chars) {
free(ochars);
goto done;
}
}
js_strncpy(&chars[nchars], JSSTRING_CHARS(str), tmplen);
nchars += tmplen;
if (seplen) {
if (sepstr) {
js_strncpy(&chars[nchars], sepstr, seplen);
} else {
JS_ASSERT(seplen == 1 || seplen == 2);
chars[nchars] = ',';
if (seplen == 2)
chars[nchars + 1] = ' ';
}
nchars += seplen;
}
}
done:
if (op == TO_SOURCE) {
if (chars)
chars[nchars++] = ']';
} else {
CLEAR_BUSY(he);
}
js_LeaveSharpObject(cx, NULL);
if (!ok) {
if (chars)
free(chars);
return ok;
}
make_string:
if (!chars) {
JS_ReportOutOfMemory(cx);
return JS_FALSE;
}
chars[nchars] = 0;
JS_ASSERT(growth == (size_t)-1 || (nchars + 1) * sizeof(jschar) == growth);
str = js_NewString(cx, chars, nchars);
if (!str) {
free(chars);
return JS_FALSE;
}
*rval = STRING_TO_JSVAL(str);
return JS_TRUE;
}
#if JS_HAS_TOSOURCE
static JSBool
array_toSource(JSContext *cx, uintN argc, jsval *vp)
{
JSObject *obj;
obj = JS_THIS_OBJECT(cx, vp);
if (OBJ_GET_CLASS(cx, obj) != &js_SlowArrayClass &&
!JS_InstanceOf(cx, obj, &js_ArrayClass, vp + 2)) {
return JS_FALSE;
}
return array_join_sub(cx, obj, TO_SOURCE, NULL, vp);
}
#endif
static JSBool
array_toString(JSContext *cx, uintN argc, jsval *vp)
{
JSObject *obj;
obj = JS_THIS_OBJECT(cx, vp);
if (OBJ_GET_CLASS(cx, obj) != &js_SlowArrayClass &&
!JS_InstanceOf(cx, obj, &js_ArrayClass, vp + 2)) {
return JS_FALSE;
}
return array_join_sub(cx, obj, TO_STRING, NULL, vp);
}
static JSBool
array_toLocaleString(JSContext *cx, uintN argc, jsval *vp)
{
JSObject *obj;
obj = JS_THIS_OBJECT(cx, vp);
if (OBJ_GET_CLASS(cx, obj) != &js_SlowArrayClass &&
!JS_InstanceOf(cx, obj, &js_ArrayClass, vp + 2)) {
return JS_FALSE;
}
/*
* Passing comma here as the separator. Need a way to get a
* locale-specific version.
*/
return array_join_sub(cx, obj, TO_LOCALE_STRING, NULL, vp);
}
static JSBool
InitArrayElements(JSContext *cx, JSObject *obj, jsuint start, jsuint end,
jsval *vector)
{
if (OBJ_IS_DENSE_ARRAY(cx, obj)) {
if (!EnsureLength(cx, obj, end))
return JS_FALSE;
if (end > (uint32)obj->fslots[JSSLOT_ARRAY_LENGTH])
obj->fslots[JSSLOT_ARRAY_LENGTH] = end;
memcpy(obj->dslots + start, vector, sizeof(jsval) * (end - start));
return JS_TRUE;
}
while (start != end) {
if (!JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) ||
!SetArrayElement(cx, obj, start++, *vector++)) {
return JS_FALSE;
}
}
return JS_TRUE;
}
static JSBool
InitArrayObject(JSContext *cx, JSObject *obj, jsuint length, jsval *vector,
JSBool holey = JS_FALSE)
{
JS_ASSERT(OBJ_IS_ARRAY(cx, obj));
obj->fslots[JSSLOT_ARRAY_LENGTH] = length;
if (vector) {
if (!EnsureLength(cx, obj, length))
return JS_FALSE;
jsuint count = length;
if (!holey) {
memcpy(obj->dslots, vector, length * sizeof (jsval));
} else {
for (jsuint i = 0; i < length; i++) {
if (vector[i] == JSVAL_HOLE)
--count;
obj->dslots[i] = vector[i];
}
}
obj->fslots[JSSLOT_ARRAY_COUNT] = count;
} else {
obj->fslots[JSSLOT_ARRAY_COUNT] = 0;
}
return JS_TRUE;
}
#ifdef JS_TRACER
static JSString* FASTCALL
Array_p_join(JSContext* cx, JSObject* obj, JSString *str)
{
jsval v;
if (!array_join_sub(cx, obj, TO_STRING, str, &v))
return NULL;
JS_ASSERT(JSVAL_IS_STRING(v));
return JSVAL_TO_STRING(v);
}
static JSString* FASTCALL
Array_p_toString(JSContext* cx, JSObject* obj)
{
jsval v;
if (!array_join_sub(cx, obj, TO_STRING, NULL, &v))
return NULL;
JS_ASSERT(JSVAL_IS_STRING(v));
return JSVAL_TO_STRING(v);
}
#endif
/*
* Perl-inspired join, reverse, and sort.
*/
static JSBool
array_join(JSContext *cx, uintN argc, jsval *vp)
{
JSString *str;
JSObject *obj;
if (argc == 0 || JSVAL_IS_VOID(vp[2])) {
str = NULL;
} else {
str = js_ValueToString(cx, vp[2]);
if (!str)
return JS_FALSE;
vp[2] = STRING_TO_JSVAL(str);
}
obj = JS_THIS_OBJECT(cx, vp);
return obj && array_join_sub(cx, obj, TO_STRING, str, vp);
}
static JSBool
array_reverse(JSContext *cx, uintN argc, jsval *vp)
{
JSObject *obj;
JSTempValueRooter tvr;
jsuint len, half, i;
JSBool ok, hole, hole2;
obj = JS_THIS_OBJECT(cx, vp);
if (!obj || !js_GetLengthProperty(cx, obj, &len))
return JS_FALSE;
ok = JS_TRUE;
JS_PUSH_SINGLE_TEMP_ROOT(cx, JSVAL_NULL, &tvr);
half = len / 2;
for (i = 0; i < half; i++) {
ok = JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) &&
GetArrayElement(cx, obj, i, &hole, &tvr.u.value) &&
GetArrayElement(cx, obj, len - i - 1, &hole2, vp) &&
SetOrDeleteArrayElement(cx, obj, len - i - 1, hole, tvr.u.value) &&
SetOrDeleteArrayElement(cx, obj, i, hole2, *vp);
if (!ok)
break;
}
JS_POP_TEMP_ROOT(cx, &tvr);
*vp = OBJECT_TO_JSVAL(obj);
return ok;
}
typedef struct MSortArgs {
size_t elsize;
JSComparator cmp;
void *arg;
JSBool fastcopy;
} MSortArgs;
/* Helper function for js_MergeSort. */
static JSBool
MergeArrays(MSortArgs *msa, void *src, void *dest, size_t run1, size_t run2)
{
void *arg, *a, *b, *c;
size_t elsize, runtotal;
int cmp_result;
JSComparator cmp;
JSBool fastcopy;
runtotal = run1 + run2;
elsize = msa->elsize;
cmp = msa->cmp;
arg = msa->arg;
fastcopy = msa->fastcopy;
#define CALL_CMP(a, b) \
if (!cmp(arg, (a), (b), &cmp_result)) return JS_FALSE;
/* Copy runs already in sorted order. */
b = (char *)src + run1 * elsize;
a = (char *)b - elsize;
CALL_CMP(a, b);
if (cmp_result <= 0) {
memcpy(dest, src, runtotal * elsize);
return JS_TRUE;
}
#define COPY_ONE(p,q,n) \
(fastcopy ? (void)(*(jsval*)(p) = *(jsval*)(q)) : (void)memcpy(p, q, n))
a = src;
c = dest;
for (; runtotal != 0; runtotal--) {
JSBool from_a = run2 == 0;
if (!from_a && run1 != 0) {
CALL_CMP(a,b);
from_a = cmp_result <= 0;
}
if (from_a) {
COPY_ONE(c, a, elsize);
run1--;
a = (char *)a + elsize;
} else {
COPY_ONE(c, b, elsize);
run2--;
b = (char *)b + elsize;
}
c = (char *)c + elsize;
}
#undef COPY_ONE
#undef CALL_CMP
return JS_TRUE;
}
/*
* This sort is stable, i.e. sequence of equal elements is preserved.
* See also bug #224128.
*/
JSBool
js_MergeSort(void *src, size_t nel, size_t elsize,
JSComparator cmp, void *arg, void *tmp)
{
void *swap, *vec1, *vec2;
MSortArgs msa;
size_t i, j, lo, hi, run;
JSBool fastcopy;
int cmp_result;
/* Avoid memcpy overhead for word-sized and word-aligned elements. */
fastcopy = (elsize == sizeof(jsval) &&
(((jsuword) src | (jsuword) tmp) & JSVAL_ALIGN) == 0);
#define COPY_ONE(p,q,n) \
(fastcopy ? (void)(*(jsval*)(p) = *(jsval*)(q)) : (void)memcpy(p, q, n))
#define CALL_CMP(a, b) \
if (!cmp(arg, (a), (b), &cmp_result)) return JS_FALSE;
#define INS_SORT_INT 4
/*
* Apply insertion sort to small chunks to reduce the number of merge
* passes needed.
*/
for (lo = 0; lo < nel; lo += INS_SORT_INT) {
hi = lo + INS_SORT_INT;
if (hi >= nel)
hi = nel;
for (i = lo + 1; i < hi; i++) {
vec1 = (char *)src + i * elsize;
vec2 = (char *)vec1 - elsize;
for (j = i; j > lo; j--) {
CALL_CMP(vec2, vec1);
/* "<=" instead of "<" insures the sort is stable */
if (cmp_result <= 0) {
break;
}
/* Swap elements, using "tmp" as tmp storage */
COPY_ONE(tmp, vec2, elsize);
COPY_ONE(vec2, vec1, elsize);
COPY_ONE(vec1, tmp, elsize);
vec1 = vec2;
vec2 = (char *)vec1 - elsize;
}
}
}
#undef CALL_CMP
#undef COPY_ONE
msa.elsize = elsize;
msa.cmp = cmp;
msa.arg = arg;
msa.fastcopy = fastcopy;
vec1 = src;
vec2 = tmp;
for (run = INS_SORT_INT; run < nel; run *= 2) {
for (lo = 0; lo < nel; lo += 2 * run) {
hi = lo + run;
if (hi >= nel) {
memcpy((char *)vec2 + lo * elsize, (char *)vec1 + lo * elsize,
(nel - lo) * elsize);
break;
}
if (!MergeArrays(&msa, (char *)vec1 + lo * elsize,
(char *)vec2 + lo * elsize, run,
hi + run > nel ? nel - hi : run)) {
return JS_FALSE;
}
}
swap = vec1;
vec1 = vec2;
vec2 = swap;
}
if (src != vec1)
memcpy(src, tmp, nel * elsize);
return JS_TRUE;
}
typedef struct CompareArgs {
JSContext *context;
jsval fval;
jsval *elemroot; /* stack needed for js_Invoke */
} CompareArgs;
static JSBool
sort_compare(void *arg, const void *a, const void *b, int *result)
{
jsval av = *(const jsval *)a, bv = *(const jsval *)b;
CompareArgs *ca = (CompareArgs *) arg;
JSContext *cx = ca->context;
jsval *invokevp, *sp;
jsdouble cmp;
/**
* array_sort deals with holes and undefs on its own and they should not
* come here.
*/
JS_ASSERT(!JSVAL_IS_VOID(av));
JS_ASSERT(!JSVAL_IS_VOID(bv));
if (!JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP))
return JS_FALSE;
invokevp = ca->elemroot;
sp = invokevp;
*sp++ = ca->fval;
*sp++ = JSVAL_NULL;
*sp++ = av;
*sp++ = bv;
if (!js_Invoke(cx, 2, invokevp, 0))
return JS_FALSE;
cmp = js_ValueToNumber(cx, invokevp);
if (JSVAL_IS_NULL(*invokevp))
return JS_FALSE;
/* Clamp cmp to -1, 0, 1. */
*result = 0;
if (!JSDOUBLE_IS_NaN(cmp) && cmp != 0)
*result = cmp > 0 ? 1 : -1;
/*
* XXX else report some kind of error here? ECMA talks about 'consistent
* compare functions' that don't return NaN, but is silent about what the
* result should be. So we currently ignore it.
*/
return JS_TRUE;
}
static int
sort_compare_strings(void *arg, const void *a, const void *b, int *result)
{
jsval av = *(const jsval *)a, bv = *(const jsval *)b;
JS_ASSERT(JSVAL_IS_STRING(av));
JS_ASSERT(JSVAL_IS_STRING(bv));
if (!JS_CHECK_OPERATION_LIMIT((JSContext *)arg, JSOW_JUMP))
return JS_FALSE;
*result = (int) js_CompareStrings(JSVAL_TO_STRING(av), JSVAL_TO_STRING(bv));
return JS_TRUE;
}
/*
* The array_sort function below assumes JSVAL_NULL is zero in order to
* perform initialization using memset. Other parts of SpiderMonkey likewise
* "know" that JSVAL_NULL is zero; this static assertion covers all cases.
*/
JS_STATIC_ASSERT(JSVAL_NULL == 0);
static JSBool
array_sort(JSContext *cx, uintN argc, jsval *vp)
{
jsval *argv, fval, *vec, *mergesort_tmp, v;
JSObject *obj;
CompareArgs ca;
jsuint len, newlen, i, undefs;
JSTempValueRooter tvr;
JSBool hole;
bool ok;
size_t elemsize;
JSString *str;
/*
* Optimize the default compare function case if all of obj's elements
* have values of type string.
*/
JSBool all_strings;
argv = JS_ARGV(cx, vp);
if (argc > 0) {
if (JSVAL_IS_PRIMITIVE(argv[0])) {
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
JSMSG_BAD_SORT_ARG);
return JS_FALSE;
}
fval = argv[0]; /* non-default compare function */
} else {
fval = JSVAL_NULL;
}
obj = JS_THIS_OBJECT(cx, vp);
if (!obj || !js_GetLengthProperty(cx, obj, &len))
return JS_FALSE;
if (len == 0) {
*vp = OBJECT_TO_JSVAL(obj);
return JS_TRUE;
}
/*
* We need a temporary array of 2 * len jsvals to hold the array elements
* and the scratch space for merge sort. Check that its size does not
* overflow size_t, which would allow for indexing beyond the end of the
* malloc'd vector.
*/
#if JS_BITS_PER_WORD == 32
if ((size_t)len > ~(size_t)0 / (2 * sizeof(jsval))) {
js_ReportAllocationOverflow(cx);
return JS_FALSE;
}
#endif
vec = (jsval *) JS_malloc(cx, 2 * (size_t) len * sizeof(jsval));
if (!vec)
return JS_FALSE;
/*
* Initialize vec as a root. We will clear elements of vec one by
* one while increasing tvr.count when we know that the property at
* the corresponding index exists and its value must be rooted.
*
* In this way when sorting a huge mostly sparse array we will not
* access the tail of vec corresponding to properties that do not
* exist, allowing OS to avoiding committing RAM. See bug 330812.
*
* After this point control must flow through label out: to exit.
*/
JS_PUSH_TEMP_ROOT(cx, 0, vec, &tvr);
/*
* By ECMA 262, 15.4.4.11, a property that does not exist (which we
* call a "hole") is always greater than an existing property with
* value undefined and that is always greater than any other property.
* Thus to sort holes and undefs we simply count them, sort the rest
* of elements, append undefs after them and then make holes after
* undefs.
*/
undefs = 0;
newlen = 0;
all_strings = JS_TRUE;
for (i = 0; i < len; i++) {
ok = JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP);
if (!ok)
goto out;
/* Clear vec[newlen] before including it in the rooted set. */
vec[newlen] = JSVAL_NULL;
tvr.count = newlen + 1;
ok = GetArrayElement(cx, obj, i, &hole, &vec[newlen]);
if (!ok)
goto out;
if (hole)
continue;
if (JSVAL_IS_VOID(vec[newlen])) {
++undefs;
continue;
}
/* We know JSVAL_IS_STRING yields 0 or 1, so avoid a branch via &=. */
all_strings &= JSVAL_IS_STRING(vec[newlen]);
++newlen;
}
if (newlen == 0) {
/* The array has only holes and undefs. */
ok = JS_TRUE;
goto out;
}
/*
* The first newlen elements of vec are copied from the array object
* (above). The remaining newlen positions are used as GC-rooted scratch
* space for mergesort. We must clear the space before including it to
* the root set covered by tvr.count. We assume JSVAL_NULL==0 to optimize
* initialization using memset.
*/
mergesort_tmp = vec + newlen;
memset(mergesort_tmp, 0, newlen * sizeof(jsval));
tvr.count = newlen * 2;
/* Here len == 2 * (newlen + undefs + number_of_holes). */
if (fval == JSVAL_NULL) {
/*
* Sort using the default comparator converting all elements to
* strings.
*/
if (all_strings) {
elemsize = sizeof(jsval);
} else {
/*
* To avoid string conversion on each compare we do it only once
* prior to sorting. But we also need the space for the original
* values to recover the sorting result. To reuse
* sort_compare_strings we move the original values to the odd
* indexes in vec, put the string conversion results in the even
* indexes and pass 2 * sizeof(jsval) as an element size to the
* sorting function. In this way sort_compare_strings will only
* see the string values when it casts the compare arguments as
* pointers to jsval.
*
* This requires doubling the temporary storage including the
* scratch space for the merge sort. Since vec already contains
* the rooted scratch space for newlen elements at the tail, we
* can use it to rearrange and convert to strings first and try
* realloc only when we know that we successfully converted all
* the elements.
*/
#if JS_BITS_PER_WORD == 32
if ((size_t)newlen > ~(size_t)0 / (4 * sizeof(jsval))) {
js_ReportAllocationOverflow(cx);
ok = JS_FALSE;
goto out;
}
#endif
/*
* Rearrange and string-convert the elements of the vector from
* the tail here and, after sorting, move the results back
* starting from the start to prevent overwrite the existing
* elements.
*/
i = newlen;
do {
--i;
ok = JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP);
if (!ok)
goto out;
v = vec[i];
str = js_ValueToString(cx, v);
if (!str) {
ok = JS_FALSE;
goto out;
}
vec[2 * i] = STRING_TO_JSVAL(str);
vec[2 * i + 1] = v;
} while (i != 0);
JS_ASSERT(tvr.u.array == vec);
vec = (jsval *) JS_realloc(cx, vec,
4 * (size_t) newlen * sizeof(jsval));
if (!vec) {
vec = tvr.u.array;
ok = JS_FALSE;
goto out;
}
tvr.u.array = vec;
mergesort_tmp = vec + 2 * newlen;
memset(mergesort_tmp, 0, newlen * 2 * sizeof(jsval));
tvr.count = newlen * 4;
elemsize = 2 * sizeof(jsval);
}
ok = js_MergeSort(vec, (size_t) newlen, elemsize,
sort_compare_strings, cx, mergesort_tmp);
if (!ok)
goto out;
if (!all_strings) {
/*
* We want to make the following loop fast and to unroot the
* cached results of toString invocations before the operation
* callback has a chance to run the GC. For this reason we do
* not call JS_CHECK_OPERATION_LIMIT in the loop.
*/
i = 0;
do {
vec[i] = vec[2 * i + 1];
} while (++i != newlen);
}
} else {
void *mark;
ca.context = cx;
ca.fval = fval;
ca.elemroot = js_AllocStack(cx, 2 + 2, &mark);
if (!ca.elemroot) {
ok = JS_FALSE;
goto out;
}
ok = js_MergeSort(vec, (size_t) newlen, sizeof(jsval),
sort_compare, &ca, mergesort_tmp);
js_FreeStack(cx, mark);
if (!ok)
goto out;
}
/*
* We no longer need to root the scratch space for the merge sort, so
* unroot it now to make the job of a potential GC under InitArrayElements
* easier.
*/
tvr.count = newlen;
ok = InitArrayElements(cx, obj, 0, newlen, vec);
if (!ok)
goto out;
out:
JS_POP_TEMP_ROOT(cx, &tvr);
JS_free(cx, vec);
if (!ok)
return JS_FALSE;
/* Set undefs that sorted after the rest of elements. */
while (undefs != 0) {
--undefs;
if (!JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) ||
!SetArrayElement(cx, obj, newlen++, JSVAL_VOID)) {
return JS_FALSE;
}
}
/* Re-create any holes that sorted to the end of the array. */
while (len > newlen) {
if (!JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) ||
!DeleteArrayElement(cx, obj, --len)) {
return JS_FALSE;
}
}
*vp = OBJECT_TO_JSVAL(obj);
return JS_TRUE;
}
/*
* Perl-inspired push, pop, shift, unshift, and splice methods.
*/
static JSBool
array_push_slowly(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
{
jsuint length, newlength;
if (!js_GetLengthProperty(cx, obj, &length))
return JS_FALSE;
newlength = length + argc;
if (!InitArrayElements(cx, obj, length, newlength, argv))
return JS_FALSE;
/* Per ECMA-262, return the new array length. */
if (!IndexToValue(cx, newlength, rval))
return JS_FALSE;
return js_SetLengthProperty(cx, obj, newlength);
}
static JSBool
array_push1_dense(JSContext* cx, JSObject* obj, jsval v, jsval *rval)
{
uint32 length = obj->fslots[JSSLOT_ARRAY_LENGTH];
if (INDEX_TOO_SPARSE(obj, length)) {
if (!js_MakeArraySlow(cx, obj))
return JS_FALSE;
return array_push_slowly(cx, obj, 1, &v, rval);
}
if (!EnsureLength(cx, obj, length + 1))
return JS_FALSE;
obj->fslots[JSSLOT_ARRAY_LENGTH] = length + 1;
JS_ASSERT(obj->dslots[length] == JSVAL_HOLE);
obj->fslots[JSSLOT_ARRAY_COUNT]++;
obj->dslots[length] = v;
return IndexToValue(cx, obj->fslots[JSSLOT_ARRAY_LENGTH], rval);
}
#ifdef JS_TRACER
static jsval FASTCALL
Array_p_push1(JSContext* cx, JSObject* obj, jsval v)
{
if (OBJ_IS_DENSE_ARRAY(cx, obj)
? array_push1_dense(cx, obj, v, &v)
: array_push_slowly(cx, obj, 1, &v, &v)) {
return v;
}
return JSVAL_ERROR_COOKIE;
}
#endif
static JSBool
array_push(JSContext *cx, uintN argc, jsval *vp)
{
JSObject *obj;
/* Insist on one argument and obj of the expected class. */
obj = JS_THIS_OBJECT(cx, vp);
if (!obj)
return JS_FALSE;
if (argc != 1 || !OBJ_IS_DENSE_ARRAY(cx, obj))
return array_push_slowly(cx, obj, argc, vp + 2, vp);
return array_push1_dense(cx, obj, vp[2], vp);
}
static JSBool
array_pop_slowly(JSContext *cx, JSObject* obj, jsval *vp)
{
jsuint index;
JSBool hole;
if (!js_GetLengthProperty(cx, obj, &index))
return JS_FALSE;
if (index == 0) {
*vp = JSVAL_VOID;
} else {
index--;
/* Get the to-be-deleted property's value into vp. */
if (!GetArrayElement(cx, obj, index, &hole, vp))
return JS_FALSE;
if (!hole && !DeleteArrayElement(cx, obj, index))
return JS_FALSE;
}
return js_SetLengthProperty(cx, obj, index);
}
static JSBool
array_pop_dense(JSContext *cx, JSObject* obj, jsval *vp)
{
jsuint index;
JSBool hole;
index = obj->fslots[JSSLOT_ARRAY_LENGTH];
if (index == 0) {
*vp = JSVAL_VOID;
return JS_TRUE;
}
index--;
if (!GetArrayElement(cx, obj, index, &hole, vp))
return JS_FALSE;
if (!hole && !DeleteArrayElement(cx, obj, index))
return JS_FALSE;
obj->fslots[JSSLOT_ARRAY_LENGTH] = index;
return JS_TRUE;
}
#ifdef JS_TRACER
static jsval FASTCALL
Array_p_pop(JSContext* cx, JSObject* obj)
{
jsval v;
if (OBJ_IS_DENSE_ARRAY(cx, obj)
? array_pop_dense(cx, obj, &v)
: array_pop_slowly(cx, obj, &v)) {
return v;
}
return JSVAL_ERROR_COOKIE;
}
#endif
static JSBool
array_pop(JSContext *cx, uintN argc, jsval *vp)
{
JSObject *obj;
obj = JS_THIS_OBJECT(cx, vp);
if (!obj)
return JS_FALSE;
if (OBJ_IS_DENSE_ARRAY(cx, obj))
return array_pop_dense(cx, obj, vp);
return array_pop_slowly(cx, obj, vp);
}
static JSBool
array_shift(JSContext *cx, uintN argc, jsval *vp)
{
JSObject *obj;
jsuint length, i;
JSBool hole, ok;
JSTempValueRooter tvr;
obj = JS_THIS_OBJECT(cx, vp);
if (!obj || !js_GetLengthProperty(cx, obj, &length))
return JS_FALSE;
if (length == 0) {
*vp = JSVAL_VOID;
} else {
length--;
/* Get the to-be-deleted property's value into vp ASAP. */
if (!GetArrayElement(cx, obj, 0, &hole, vp))
return JS_FALSE;
/* Slide down the array above the first element. */
ok = JS_TRUE;
JS_PUSH_SINGLE_TEMP_ROOT(cx, JSVAL_NULL, &tvr);
for (i = 0; i != length; i++) {
ok = JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) &&
GetArrayElement(cx, obj, i + 1, &hole, &tvr.u.value) &&
SetOrDeleteArrayElement(cx, obj, i, hole, tvr.u.value);
if (!ok)
break;
}
JS_POP_TEMP_ROOT(cx, &tvr);
if (!ok)
return JS_FALSE;
/* Delete the only or last element when it exist. */
if (!hole && !DeleteArrayElement(cx, obj, length))
return JS_FALSE;
}
return js_SetLengthProperty(cx, obj, length);
}
static JSBool
array_unshift(JSContext *cx, uintN argc, jsval *vp)
{
JSObject *obj;
jsval *argv;
jsuint length, last;
JSBool hole, ok;
JSTempValueRooter tvr;
obj = JS_THIS_OBJECT(cx, vp);
if (!obj || !js_GetLengthProperty(cx, obj, &length))
return JS_FALSE;
if (argc > 0) {
/* Slide up the array to make room for argc at the bottom. */
argv = JS_ARGV(cx, vp);
if (length > 0) {
last = length;
ok = JS_TRUE;
JS_PUSH_SINGLE_TEMP_ROOT(cx, JSVAL_NULL, &tvr);
do {
--last;
ok = JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) &&
GetArrayElement(cx, obj, last, &hole, &tvr.u.value) &&
SetOrDeleteArrayElement(cx, obj, last + argc, hole,
tvr.u.value);
if (!ok)
break;
} while (last != 0);
JS_POP_TEMP_ROOT(cx, &tvr);
if (!ok)
return JS_FALSE;
}
/* Copy from argv to the bottom of the array. */
if (!InitArrayElements(cx, obj, 0, argc, argv))
return JS_FALSE;
length += argc;
if (!js_SetLengthProperty(cx, obj, length))
return JS_FALSE;
}
/* Follow Perl by returning the new array length. */
return IndexToValue(cx, length, vp);
}
static JSBool
array_splice(JSContext *cx, uintN argc, jsval *vp)
{
jsval *argv;
JSObject *obj;
jsuint length, begin, end, count, delta, last;
jsdouble d;
JSBool hole, ok;
JSObject *obj2;
JSTempValueRooter tvr;
/*
* Create a new array value to return. Our ECMA v2 proposal specs
* that splice always returns an array value, even when given no
* arguments. We think this is best because it eliminates the need
* for callers to do an extra test to handle the empty splice case.
*/
obj2 = js_NewArrayObject(cx, 0, NULL);
if (!obj2)
return JS_FALSE;
*vp = OBJECT_TO_JSVAL(obj2);
/* Nothing to do if no args. Otherwise get length. */
if (argc == 0)
return JS_TRUE;
argv = JS_ARGV(cx, vp);
obj = JS_THIS_OBJECT(cx, vp);
if (!obj || !js_GetLengthProperty(cx, obj, &length))
return JS_FALSE;
/* Convert the first argument into a starting index. */
d = js_ValueToNumber(cx, argv);
if (JSVAL_IS_NULL(*argv))
return JS_FALSE;
d = js_DoubleToInteger(d);
if (d < 0) {
d += length;
if (d < 0)
d = 0;
} else if (d > length) {
d = length;
}
begin = (jsuint)d; /* d has been clamped to uint32 */
argc--;
argv++;
/* Convert the second argument from a count into a fencepost index. */
delta = length - begin;
if (argc == 0) {
count = delta;
end = length;
} else {
d = js_ValueToNumber(cx, argv);
if (JSVAL_IS_NULL(*argv))
return JS_FALSE;
d = js_DoubleToInteger(d);
if (d < 0)
d = 0;
else if (d > delta)
d = delta;
count = (jsuint)d;
end = begin + count;
argc--;
argv++;
}
MUST_FLOW_THROUGH("out");
JS_PUSH_SINGLE_TEMP_ROOT(cx, JSVAL_NULL, &tvr);
/* If there are elements to remove, put them into the return value. */
if (count > 0) {
for (last = begin; last < end; last++) {
ok = JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) &&
GetArrayElement(cx, obj, last, &hole, &tvr.u.value);
if (!ok)
goto out;
/* Copy tvr.u.value to new array unless it's a hole. */
if (!hole) {
ok = SetArrayElement(cx, obj2, last - begin, tvr.u.value);
if (!ok)
goto out;
}
}
ok = js_SetLengthProperty(cx, obj2, end - begin);
if (!ok)
goto out;
}
/* Find the direction (up or down) to copy and make way for argv. */
if (argc > count) {
delta = (jsuint)argc - count;
last = length;
/* (uint) end could be 0, so can't use vanilla >= test */
while (last-- > end) {
ok = JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) &&
GetArrayElement(cx, obj, last, &hole, &tvr.u.value) &&
SetOrDeleteArrayElement(cx, obj, last + delta, hole,
tvr.u.value);
if (!ok)
goto out;
}
length += delta;
} else if (argc < count) {
delta = count - (jsuint)argc;
for (last = end; last < length; last++) {
ok = JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) &&
GetArrayElement(cx, obj, last, &hole, &tvr.u.value) &&
SetOrDeleteArrayElement(cx, obj, last - delta, hole,
tvr.u.value);
if (!ok)
goto out;
}
length -= delta;
}
/* Copy from argv into the hole to complete the splice. */
ok = InitArrayElements(cx, obj, begin, begin + argc, argv);
if (!ok)
goto out;
/* Update length in case we deleted elements from the end. */
ok = js_SetLengthProperty(cx, obj, length);
out:
JS_POP_TEMP_ROOT(cx, &tvr);
return ok;
}
/*
* Python-esque sequence operations.
*/
static JSBool
array_concat(JSContext *cx, uintN argc, jsval *vp)
{
jsval *argv, v;
JSObject *aobj, *nobj;
jsuint length, alength, slot;
uintN i;
JSBool hole, ok;
JSTempValueRooter tvr;
/* Treat our |this| object as the first argument; see ECMA 15.4.4.4. */
argv = JS_ARGV(cx, vp) - 1;
JS_ASSERT(JS_THIS_OBJECT(cx, vp) == JSVAL_TO_OBJECT(argv[0]));
/* Create a new Array object and root it using *vp. */
aobj = JS_THIS_OBJECT(cx, vp);
if (OBJ_IS_DENSE_ARRAY(cx, aobj)) {
/*
* Clone aobj but pass the minimum of its length and capacity (aka
* "dense length"), to handle a = [1,2,3]; a.length = 10000 "dense"
* cases efficiently. In such a case we'll pass 8 (not 3) due to the
* ARRAY_GROWBY over-allocation policy, which will cause nobj to be
* over-allocated to 16. But in the normal case where length is <=
* capacity, nobj and aobj will have the same dense length.
*/
length = aobj->fslots[JSSLOT_ARRAY_LENGTH];
jsuint capacity = ARRAY_DENSE_LENGTH(aobj);
nobj = js_NewArrayObject(cx, JS_MIN(length, capacity), aobj->dslots,
aobj->fslots[JSSLOT_ARRAY_COUNT] !=
(jsval) length);
if (!nobj)
return JS_FALSE;
nobj->fslots[JSSLOT_ARRAY_LENGTH] = length;
*vp = OBJECT_TO_JSVAL(nobj);
if (argc == 0)
return JS_TRUE;
argc--;
argv++;
} else {
nobj = js_NewArrayObject(cx, 0, NULL);
if (!nobj)
return JS_FALSE;
*vp = OBJECT_TO_JSVAL(nobj);
length = 0;
}
MUST_FLOW_THROUGH("out");
JS_PUSH_SINGLE_TEMP_ROOT(cx, JSVAL_NULL, &tvr);
/* Loop over [0, argc] to concat args into nobj, expanding all Arrays. */
for (i = 0; i <= argc; i++) {
ok = JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP);
if (!ok)
goto out;
v = argv[i];
if (!JSVAL_IS_PRIMITIVE(v)) {
JSObject *wobj;
aobj = JSVAL_TO_OBJECT(v);
wobj = js_GetWrappedObject(cx, aobj);
if (OBJ_IS_ARRAY(cx, wobj)) {
ok = OBJ_GET_PROPERTY(cx, aobj,
ATOM_TO_JSID(cx->runtime->atomState
.lengthAtom),
&tvr.u.value);
if (!ok)
goto out;
alength = ValueIsLength(cx, &tvr.u.value);
ok = !JSVAL_IS_NULL(tvr.u.value);
if (!ok)
goto out;
for (slot = 0; slot < alength; slot++) {
ok = JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) &&
GetArrayElement(cx, aobj, slot, &hole,
&tvr.u.value);
if (!ok)
goto out;
/*
* Per ECMA 262, 15.4.4.4, step 9, ignore non-existent
* properties.
*/
if (!hole) {
ok = SetArrayElement(cx, nobj, length + slot,
tvr.u.value);
if (!ok)
goto out;
}
}
length += alength;
continue;
}
}
ok = SetArrayElement(cx, nobj, length, v);
if (!ok)
goto out;
length++;
}
ok = js_SetLengthProperty(cx, nobj, length);
out:
JS_POP_TEMP_ROOT(cx, &tvr);
return ok;
}
static JSBool
array_slice(JSContext *cx, uintN argc, jsval *vp)
{
jsval *argv;
JSObject *nobj, *obj;
jsuint length, begin, end, slot;
jsdouble d;
JSBool hole, ok;
JSTempValueRooter tvr;
argv = JS_ARGV(cx, vp);
obj = JS_THIS_OBJECT(cx, vp);
if (!obj || !js_GetLengthProperty(cx, obj, &length))
return JS_FALSE;
begin = 0;
end = length;
if (argc > 0) {
d = js_ValueToNumber(cx, &argv[0]);
if (JSVAL_IS_NULL(argv[0]))
return JS_FALSE;
d = js_DoubleToInteger(d);
if (d < 0) {
d += length;
if (d < 0)
d = 0;
} else if (d > length) {
d = length;
}
begin = (jsuint)d;
if (argc > 1) {
d = js_ValueToNumber(cx, &argv[1]);
if (JSVAL_IS_NULL(argv[1]))
return JS_FALSE;
d = js_DoubleToInteger(d);
if (d < 0) {
d += length;
if (d < 0)
d = 0;
} else if (d > length) {
d = length;
}
end = (jsuint)d;
}
}
if (begin > end)
begin = end;
if (OBJ_IS_DENSE_ARRAY(cx, obj) && end <= ARRAY_DENSE_LENGTH(obj)) {
nobj = js_NewArrayObject(cx, end - begin, obj->dslots + begin,
obj->fslots[JSSLOT_ARRAY_COUNT] !=
obj->fslots[JSSLOT_ARRAY_LENGTH]);
if (!nobj)
return JS_FALSE;
*vp = OBJECT_TO_JSVAL(nobj);
return JS_TRUE;
}
/* Create a new Array object and root it using *vp. */
nobj = js_NewArrayObject(cx, 0, NULL);
if (!nobj)
return JS_FALSE;
*vp = OBJECT_TO_JSVAL(nobj);
MUST_FLOW_THROUGH("out");
JS_PUSH_SINGLE_TEMP_ROOT(cx, JSVAL_NULL, &tvr);
for (slot = begin; slot < end; slot++) {
ok = JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) &&
GetArrayElement(cx, obj, slot, &hole, &tvr.u.value);
if (!ok)
goto out;
if (!hole) {
ok = SetArrayElement(cx, nobj, slot - begin, tvr.u.value);
if (!ok)
goto out;
}
}
ok = js_SetLengthProperty(cx, nobj, end - begin);
out:
JS_POP_TEMP_ROOT(cx, &tvr);
return ok;
}
#if JS_HAS_ARRAY_EXTRAS
static JSBool
array_indexOfHelper(JSContext *cx, JSBool isLast, uintN argc, jsval *vp)
{
JSObject *obj;
jsuint length, i, stop;
jsval tosearch;
jsint direction;
JSBool hole;
obj = JS_THIS_OBJECT(cx, vp);
if (!obj || !js_GetLengthProperty(cx, obj, &length))
return JS_FALSE;
if (length == 0)
goto not_found;
if (argc <= 1) {
i = isLast ? length - 1 : 0;
tosearch = (argc != 0) ? vp[2] : JSVAL_VOID;
} else {
jsdouble start;
tosearch = vp[2];
start = js_ValueToNumber(cx, &vp[3]);
if (JSVAL_IS_NULL(vp[3]))
return JS_FALSE;
start = js_DoubleToInteger(start);
if (start < 0) {
start += length;
if (start < 0) {
if (isLast)
goto not_found;
i = 0;
} else {
i = (jsuint)start;
}
} else if (start >= length) {
if (!isLast)
goto not_found;
i = length - 1;
} else {
i = (jsuint)start;
}
}
if (isLast) {
stop = 0;
direction = -1;
} else {
stop = length - 1;
direction = 1;
}
for (;;) {
if (!JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) ||
!GetArrayElement(cx, obj, (jsuint)i, &hole, vp)) {
return JS_FALSE;
}
if (!hole && js_StrictlyEqual(cx, *vp, tosearch))
return js_NewNumberInRootedValue(cx, i, vp);
if (i == stop)
goto not_found;
i += direction;
}
not_found:
*vp = INT_TO_JSVAL(-1);
return JS_TRUE;
}
static JSBool
array_indexOf(JSContext *cx, uintN argc, jsval *vp)
{
return array_indexOfHelper(cx, JS_FALSE, argc, vp);
}
static JSBool
array_lastIndexOf(JSContext *cx, uintN argc, jsval *vp)
{
return array_indexOfHelper(cx, JS_TRUE, argc, vp);
}
/* Order is important; extras that take a predicate funarg must follow MAP. */
typedef enum ArrayExtraMode {
FOREACH,
REDUCE,
REDUCE_RIGHT,
MAP,
FILTER,
SOME,
EVERY
} ArrayExtraMode;
#define REDUCE_MODE(mode) ((mode) == REDUCE || (mode) == REDUCE_RIGHT)
static JSBool
array_extra(JSContext *cx, ArrayExtraMode mode, uintN argc, jsval *vp)
{
JSObject *obj;
jsuint length, newlen;
jsval *argv, *elemroot, *invokevp, *sp;
JSBool ok, cond, hole;
JSObject *callable, *thisp, *newarr;
jsint start, end, step, i;
void *mark;
obj = JS_THIS_OBJECT(cx, vp);
if (!obj || !js_GetLengthProperty(cx, obj, &length))
return JS_FALSE;
/*
* First, get or compute our callee, so that we error out consistently
* when passed a non-callable object.
*/
if (argc == 0) {
js_ReportMissingArg(cx, vp, 0);
return JS_FALSE;
}
argv = vp + 2;
callable = js_ValueToCallableObject(cx, &argv[0], JSV2F_SEARCH_STACK);
if (!callable)
return JS_FALSE;
/*
* Set our initial return condition, used for zero-length array cases
* (and pre-size our map return to match our known length, for all cases).
*/
#ifdef __GNUC__ /* quell GCC overwarning */
newlen = 0;
newarr = NULL;
#endif
start = 0, end = length, step = 1;
switch (mode) {
case REDUCE_RIGHT:
start = length - 1, end = -1, step = -1;
/* FALL THROUGH */
case REDUCE:
if (length == 0 && argc == 1) {
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
JSMSG_EMPTY_ARRAY_REDUCE);
return JS_FALSE;
}
if (argc >= 2) {
*vp = argv[1];
} else {
do {
if (!GetArrayElement(cx, obj, start, &hole, vp))
return JS_FALSE;
start += step;
} while (hole && start != end);
if (hole && start == end) {
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
JSMSG_EMPTY_ARRAY_REDUCE);
return JS_FALSE;
}
}
break;
case MAP:
case FILTER:
newlen = (mode == MAP) ? length : 0;
newarr = js_NewArrayObject(cx, newlen, NULL);
if (!newarr)
return JS_FALSE;
*vp = OBJECT_TO_JSVAL(newarr);
break;
case SOME:
*vp = JSVAL_FALSE;
break;
case EVERY:
*vp = JSVAL_TRUE;
break;
case FOREACH:
*vp = JSVAL_VOID;
break;
}
if (length == 0)
return JS_TRUE;
if (argc > 1 && !REDUCE_MODE(mode)) {
if (!js_ValueToObject(cx, argv[1], &thisp))
return JS_FALSE;
argv[1] = OBJECT_TO_JSVAL(thisp);
} else {
thisp = NULL;
}
/*
* For all but REDUCE, we call with 3 args (value, index, array). REDUCE
* requires 4 args (accum, value, index, array).
*/
argc = 3 + REDUCE_MODE(mode);
elemroot = js_AllocStack(cx, 1 + 2 + argc, &mark);
if (!elemroot)
return JS_FALSE;
MUST_FLOW_THROUGH("out");
ok = JS_TRUE;
invokevp = elemroot + 1;
for (i = start; i != end; i += step) {
ok = JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) &&
GetArrayElement(cx, obj, i, &hole, elemroot);
if (!ok)
goto out;
if (hole)
continue;
/*
* Push callable and 'this', then args. We must do this for every
* iteration around the loop since js_Invoke uses spbase[0] for return
* value storage, while some native functions use spbase[1] for local
* rooting.
*/
sp = invokevp;
*sp++ = OBJECT_TO_JSVAL(callable);
*sp++ = OBJECT_TO_JSVAL(thisp);
if (REDUCE_MODE(mode))
*sp++ = *vp;
*sp++ = *elemroot;
*sp++ = INT_TO_JSVAL(i);
*sp++ = OBJECT_TO_JSVAL(obj);
/* Do the call. */
ok = js_Invoke(cx, argc, invokevp, 0);
if (!ok)
break;
if (mode > MAP)
cond = js_ValueToBoolean(*invokevp);
#ifdef __GNUC__ /* quell GCC overwarning */
else
cond = JS_FALSE;
#endif
switch (mode) {
case FOREACH:
break;
case REDUCE:
case REDUCE_RIGHT:
*vp = *invokevp;
break;
case MAP:
ok = SetArrayElement(cx, newarr, i, *invokevp);
if (!ok)
goto out;
break;
case FILTER:
if (!cond)
break;
/* The filter passed *elemroot, so push it onto our result. */
ok = SetArrayElement(cx, newarr, newlen++, *elemroot);
if (!ok)
goto out;
break;
case SOME:
if (cond) {
*vp = JSVAL_TRUE;
goto out;
}
break;
case EVERY:
if (!cond) {
*vp = JSVAL_FALSE;
goto out;
}
break;
}
}
out:
js_FreeStack(cx, mark);
if (ok && mode == FILTER)
ok = js_SetLengthProperty(cx, newarr, newlen);
return ok;
}
static JSBool
array_forEach(JSContext *cx, uintN argc, jsval *vp)
{
return array_extra(cx, FOREACH, argc, vp);
}
static JSBool
array_map(JSContext *cx, uintN argc, jsval *vp)
{
return array_extra(cx, MAP, argc, vp);
}
static JSBool
array_reduce(JSContext *cx, uintN argc, jsval *vp)
{
return array_extra(cx, REDUCE, argc, vp);
}
static JSBool
array_reduceRight(JSContext *cx, uintN argc, jsval *vp)
{
return array_extra(cx, REDUCE_RIGHT, argc, vp);
}
static JSBool
array_filter(JSContext *cx, uintN argc, jsval *vp)
{
return array_extra(cx, FILTER, argc, vp);
}
static JSBool
array_some(JSContext *cx, uintN argc, jsval *vp)
{
return array_extra(cx, SOME, argc, vp);
}
static JSBool
array_every(JSContext *cx, uintN argc, jsval *vp)
{
return array_extra(cx, EVERY, argc, vp);
}
#endif
static JSPropertySpec array_props[] = {
{js_length_str, -1, JSPROP_SHARED | JSPROP_PERMANENT,
array_length_getter, array_length_setter},
{0,0,0,0,0}
};
JS_DEFINE_TRCINFO_1(array_toString,
(2, (static, STRING_FAIL, Array_p_toString, CONTEXT, THIS, 0, 0)))
JS_DEFINE_TRCINFO_1(array_join,
(3, (static, STRING_FAIL, Array_p_join, CONTEXT, THIS, STRING, 0, 0)))
JS_DEFINE_TRCINFO_1(array_push,
(3, (static, JSVAL_FAIL, Array_p_push1, CONTEXT, THIS, JSVAL, 0, 0)))
JS_DEFINE_TRCINFO_1(array_pop,
(2, (static, JSVAL_FAIL, Array_p_pop, CONTEXT, THIS, 0, 0)))
static JSFunctionSpec array_methods[] = {
#if JS_HAS_TOSOURCE
JS_FN(js_toSource_str, array_toSource, 0,0),
#endif
JS_TN(js_toString_str, array_toString, 0,0, array_toString_trcinfo),
JS_FN(js_toLocaleString_str,array_toLocaleString,0,0),
/* Perl-ish methods. */
JS_TN("join", array_join, 1,JSFUN_GENERIC_NATIVE, array_join_trcinfo),
JS_FN("reverse", array_reverse, 0,JSFUN_GENERIC_NATIVE),
JS_FN("sort", array_sort, 1,JSFUN_GENERIC_NATIVE),
JS_TN("push", array_push, 1,JSFUN_GENERIC_NATIVE, array_push_trcinfo),
JS_TN("pop", array_pop, 0,JSFUN_GENERIC_NATIVE, array_pop_trcinfo),
JS_FN("shift", array_shift, 0,JSFUN_GENERIC_NATIVE),
JS_FN("unshift", array_unshift, 1,JSFUN_GENERIC_NATIVE),
JS_FN("splice", array_splice, 2,JSFUN_GENERIC_NATIVE),
/* Pythonic sequence methods. */
JS_FN("concat", array_concat, 1,JSFUN_GENERIC_NATIVE),
JS_FN("slice", array_slice, 2,JSFUN_GENERIC_NATIVE),
#if JS_HAS_ARRAY_EXTRAS
JS_FN("indexOf", array_indexOf, 1,JSFUN_GENERIC_NATIVE),
JS_FN("lastIndexOf", array_lastIndexOf, 1,JSFUN_GENERIC_NATIVE),
JS_FN("forEach", array_forEach, 1,JSFUN_GENERIC_NATIVE),
JS_FN("map", array_map, 1,JSFUN_GENERIC_NATIVE),
JS_FN("reduce", array_reduce, 1,JSFUN_GENERIC_NATIVE),
JS_FN("reduceRight", array_reduceRight, 1,JSFUN_GENERIC_NATIVE),
JS_FN("filter", array_filter, 1,JSFUN_GENERIC_NATIVE),
JS_FN("some", array_some, 1,JSFUN_GENERIC_NATIVE),
JS_FN("every", array_every, 1,JSFUN_GENERIC_NATIVE),
#endif
JS_FS_END
};
JSBool
js_Array(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
{
jsuint length;
jsval *vector;
/* If called without new, replace obj with a new Array object. */
if (!JS_IsConstructing(cx)) {
obj = js_NewObject(cx, &js_ArrayClass, NULL, NULL, 0);
if (!obj)
return JS_FALSE;
*rval = OBJECT_TO_JSVAL(obj);
}
if (argc == 0) {
length = 0;
vector = NULL;
} else if (argc > 1) {
length = (jsuint) argc;
vector = argv;
} else if (!JSVAL_IS_NUMBER(argv[0])) {
length = 1;
vector = argv;
} else {
length = ValueIsLength(cx, &argv[0]);
if (JSVAL_IS_NULL(argv[0]))
return JS_FALSE;
vector = NULL;
}
return InitArrayObject(cx, obj, length, vector);
}
JS_STATIC_ASSERT(JSSLOT_PRIVATE == JSSLOT_ARRAY_LENGTH);
JS_STATIC_ASSERT(JSSLOT_ARRAY_LENGTH + 1 == JSSLOT_ARRAY_COUNT);
#ifdef JS_TRACER
JSObject* FASTCALL
js_FastNewArray(JSContext* cx, JSObject* proto)
{
JS_ASSERT(OBJ_IS_ARRAY(cx, proto));
JS_ASSERT(JS_ON_TRACE(cx));
JSObject* obj = (JSObject*) js_NewGCThing(cx, GCX_OBJECT, sizeof(JSObject));
if (!obj)
return NULL;
JSClass* clasp = &js_ArrayClass;
obj->classword = jsuword(clasp);
obj->fslots[JSSLOT_PROTO] = OBJECT_TO_JSVAL(proto);
obj->fslots[JSSLOT_PARENT] = proto->fslots[JSSLOT_PARENT];
obj->fslots[JSSLOT_ARRAY_LENGTH] = 0;
obj->fslots[JSSLOT_ARRAY_COUNT] = 0;
for (unsigned i = JSSLOT_ARRAY_COUNT + 1; i != JS_INITIAL_NSLOTS; ++i)
obj->fslots[i] = JSVAL_VOID;
JSObjectOps* ops = clasp->getObjectOps(cx, clasp);
obj->map = ops->newObjectMap(cx, 1, ops, clasp, obj);
if (!obj->map)
return NULL;
obj->dslots = NULL;
return obj;
}
JSObject* FASTCALL
js_FastNewArrayWithLength(JSContext* cx, JSObject* proto, uint32 i)
{
JS_ASSERT(JS_ON_TRACE(cx));
JSObject* obj = js_FastNewArray(cx, proto);
if (obj)
obj->fslots[JSSLOT_ARRAY_LENGTH] = i;
return obj;
}
JSObject* FASTCALL
js_NewUninitializedArray(JSContext* cx, JSObject* proto, uint32 len)
{
JSObject *obj = js_FastNewArrayWithLength(cx, proto, len);
if (!obj || !ResizeSlots(cx, obj, 0, JS_MAX(len, ARRAY_GROWBY)))
return NULL;
return obj;
}
#define ARRAY_CTOR_GUTS(exact_len, newslots_code) \
JS_ASSERT(JS_ON_TRACE(cx)); \
JSObject* obj = js_FastNewArray(cx, proto); \
if (obj) { \
const uint32 len = ARRAY_GROWBY; \
jsval* newslots = (jsval*) JS_malloc(cx, sizeof (jsval) * (len + 1)); \
if (newslots) { \
obj->dslots = newslots + 1; \
ARRAY_SET_DENSE_LENGTH(obj, len); \
{newslots_code} \
while (++newslots < obj->dslots + len) \
*newslots = JSVAL_HOLE; \
obj->fslots[JSSLOT_ARRAY_LENGTH] = (exact_len); \
return obj; \
} \
} \
return NULL;
JSObject* FASTCALL
js_Array_1str(JSContext* cx, JSObject* proto, JSString *str)
{
ARRAY_CTOR_GUTS(1, *++newslots = STRING_TO_JSVAL(str);)
}
#endif /* JS_TRACER */
JSObject *
js_InitArrayClass(JSContext *cx, JSObject *obj)
{
JSObject *proto;
/* Initialize the ops structure used by slow arrays */
memcpy(&js_SlowArrayObjectOps, &js_ObjectOps, sizeof(JSObjectOps));
js_SlowArrayObjectOps.trace = slowarray_trace;
js_SlowArrayObjectOps.enumerate = slowarray_enumerate;
js_SlowArrayObjectOps.call = NULL;
proto = JS_InitClass(cx, obj, NULL, &js_ArrayClass, js_Array, 1,
array_props, array_methods, NULL, NULL);
/* Initialize the Array prototype object so it gets a length property. */
if (!proto || !InitArrayObject(cx, proto, 0, NULL))
return NULL;
return proto;
}
JSObject *
js_NewArrayObject(JSContext *cx, jsuint length, jsval *vector, JSBool holey)
{
JSTempValueRooter tvr;
JSObject *obj;
obj = js_NewObject(cx, &js_ArrayClass, NULL, NULL, 0);
if (!obj)
return NULL;
JS_PUSH_TEMP_ROOT_OBJECT(cx, obj, &tvr);
if (!InitArrayObject(cx, obj, length, vector, holey))
obj = NULL;
JS_POP_TEMP_ROOT(cx, &tvr);
/* Set/clear newborn root, in case we lost it. */
cx->weakRoots.newborn[GCX_OBJECT] = obj;
return obj;
}
JSObject *
js_NewSlowArrayObject(JSContext *cx)
{
JSObject *obj = js_NewObject(cx, &js_SlowArrayClass, NULL, NULL, 0);
if (obj)
obj->fslots[JSSLOT_ARRAY_LENGTH] = 0;
return obj;
}
#ifdef DEBUG_ARRAYS
JSBool
js_ArrayInfo(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
{
uintN i;
JSObject *array;
for (i = 0; i < argc; i++) {
char *bytes;
bytes = js_DecompileValueGenerator(cx, JSDVG_SEARCH_STACK, argv[i],
NULL);
if (!bytes)
return JS_FALSE;
if (JSVAL_IS_PRIMITIVE(argv[i]) ||
!OBJ_IS_ARRAY(cx, (array = JSVAL_TO_OBJECT(argv[i])))) {
fprintf(stderr, "%s: not array\n", bytes);
JS_free(cx, bytes);
continue;
}
fprintf(stderr, "%s: %s (len %lu", bytes,
OBJ_IS_DENSE_ARRAY(cx, array) ? "dense" : "sparse",
array->fslots[JSSLOT_ARRAY_LENGTH]);
if (OBJ_IS_DENSE_ARRAY(cx, array)) {
fprintf(stderr, ", count %lu, denselen %lu",
array->fslots[JSSLOT_ARRAY_COUNT],
ARRAY_DENSE_LENGTH(array));
}
fputs(")\n", stderr);
JS_free(cx, bytes);
}
return JS_TRUE;
}
#endif
JS_FRIEND_API(JSBool)
js_ArrayToJSUint8Buffer(JSContext *cx, JSObject *obj, jsuint offset, jsuint count,
JSUint8 *dest)
{
uint32 length;
if (!obj || !OBJ_IS_DENSE_ARRAY(cx, obj))
return JS_FALSE;
length = obj->fslots[JSSLOT_ARRAY_LENGTH];
if (length < offset + count)
return JS_FALSE;
jsval v;
jsint vi;
JSUint8 *dp = dest;
for (uintN i = offset; i < offset+count; i++) {
v = obj->dslots[i];
if (!JSVAL_IS_INT(v) || (vi = JSVAL_TO_INT(v)) < 0)
return JS_FALSE;
*dp++ = (JSUint8) vi;
}
return JS_TRUE;
}
JS_FRIEND_API(JSBool)
js_ArrayToJSUint16Buffer(JSContext *cx, JSObject *obj, jsuint offset, jsuint count,
JSUint16 *dest)
{
uint32 length;
if (!obj || !OBJ_IS_DENSE_ARRAY(cx, obj))
return JS_FALSE;
length = obj->fslots[JSSLOT_ARRAY_LENGTH];
if (length < offset + count)
return JS_FALSE;
jsval v;
jsint vi;
JSUint16 *dp = dest;
for (uintN i = offset; i < offset+count; i++) {
v = obj->dslots[i];
if (!JSVAL_IS_INT(v) || (vi = JSVAL_TO_INT(v)) < 0)
return JS_FALSE;
*dp++ = (JSUint16) vi;
}
return JS_TRUE;
}
JS_FRIEND_API(JSBool)
js_ArrayToJSUint32Buffer(JSContext *cx, JSObject *obj, jsuint offset, jsuint count,
JSUint32 *dest)
{
uint32 length;
if (!obj || !OBJ_IS_DENSE_ARRAY(cx, obj))
return JS_FALSE;
length = obj->fslots[JSSLOT_ARRAY_LENGTH];
if (length < offset + count)
return JS_FALSE;
jsval v;
jsint vi;
JSUint32 *dp = dest;
for (uintN i = offset; i < offset+count; i++) {
v = obj->dslots[i];
if (!JSVAL_IS_INT(v) || (vi = JSVAL_TO_INT(v)) < 0)
return JS_FALSE;
*dp++ = (JSUint32) vi;
}
return JS_TRUE;
}
JS_FRIEND_API(JSBool)
js_ArrayToJSInt8Buffer(JSContext *cx, JSObject *obj, jsuint offset, jsuint count,
JSInt8 *dest)
{
uint32 length;
if (!obj || !OBJ_IS_DENSE_ARRAY(cx, obj))
return JS_FALSE;
length = obj->fslots[JSSLOT_ARRAY_LENGTH];
if (length < offset + count)
return JS_FALSE;
jsval v;
JSInt8 *dp = dest;
for (uintN i = offset; i < offset+count; i++) {
v = obj->dslots[i];
if (!JSVAL_IS_INT(v))
return JS_FALSE;
*dp++ = (JSInt8) JSVAL_TO_INT(v);
}
return JS_TRUE;
}
JS_FRIEND_API(JSBool)
js_ArrayToJSInt16Buffer(JSContext *cx, JSObject *obj, jsuint offset, jsuint count,
JSInt16 *dest)
{
uint32 length;
if (!obj || !OBJ_IS_DENSE_ARRAY(cx, obj))
return JS_FALSE;
length = obj->fslots[JSSLOT_ARRAY_LENGTH];
if (length < offset + count)
return JS_FALSE;
jsval v;
JSInt16 *dp = dest;
for (uintN i = offset; i < offset+count; i++) {
v = obj->dslots[i];
if (!JSVAL_IS_INT(v))
return JS_FALSE;
*dp++ = (JSInt16) JSVAL_TO_INT(v);
}
return JS_TRUE;
}
JS_FRIEND_API(JSBool)
js_ArrayToJSInt32Buffer(JSContext *cx, JSObject *obj, jsuint offset, jsuint count,
JSInt32 *dest)
{
uint32 length;
if (!obj || !OBJ_IS_DENSE_ARRAY(cx, obj))
return JS_FALSE;
length = obj->fslots[JSSLOT_ARRAY_LENGTH];
if (length < offset + count)
return JS_FALSE;
jsval v;
JSInt32 *dp = dest;
for (uintN i = offset; i < offset+count; i++) {
v = obj->dslots[i];
if (!JSVAL_IS_INT(v))
return JS_FALSE;
*dp++ = (JSInt32) JSVAL_TO_INT(v);
}
return JS_TRUE;
}
JS_FRIEND_API(JSBool)
js_ArrayToJSDoubleBuffer(JSContext *cx, JSObject *obj, jsuint offset, jsuint count,
jsdouble *dest)
{
uint32 length;
if (!obj || !OBJ_IS_DENSE_ARRAY(cx, obj))
return JS_FALSE;
length = obj->fslots[JSSLOT_ARRAY_LENGTH];
if (length < offset + count)
return JS_FALSE;
jsval v;
jsdouble *dp = dest;
for (uintN i = offset; i < offset+count; i++) {
v = obj->dslots[i];
if (JSVAL_IS_INT(v))
*dp++ = (jsdouble) JSVAL_TO_INT(v);
else if (JSVAL_IS_DOUBLE(v))
*dp++ = *(JSVAL_TO_DOUBLE(v));
else
return JS_FALSE;
}
return JS_TRUE;
}
JS_DEFINE_CALLINFO_4(extern, BOOL, js_Array_dense_setelem, CONTEXT, OBJECT, INT32, JSVAL, 0, 0)
JS_DEFINE_CALLINFO_2(extern, OBJECT, js_FastNewArray, CONTEXT, OBJECT, 0, 0)
JS_DEFINE_CALLINFO_3(extern, OBJECT, js_NewUninitializedArray, CONTEXT, OBJECT, UINT32, 0, 0)
JS_DEFINE_CALLINFO_3(extern, OBJECT, js_FastNewArrayWithLength, CONTEXT, OBJECT, UINT32, 0, 0)
JS_DEFINE_CALLINFO_3(extern, OBJECT, js_Array_1str, CONTEXT, OBJECT, STRING, 0, 0)
Reference in New Issue View Git Blame Copy Permalink