Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-04-02 20:42:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1246597 - support DataView on SharedArrayBuffer. r=waldo

Browse Source 
--HG--
extra : rebase_source : 9d9e943a6dac3d20602449314813d1dde571d2eb
This commit is contained in:
Lars T Hansen 2016-12-07 14:21:24 -10:00
parent 842a92723b
commit f4484acb99
7 changed files with 241 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
js/src/jsfriendapi.h
View File

@ -1978,7 +1978,7 @@ JS_ArrayBufferHasData(JSObject* obj);
* that it would pass such a test: it is an ArrayBuffer or a wrapper of an
* ArrayBuffer, and the unwrapping will succeed.
*
* *isSharedMemory will be set to false, the argument is present to simplify
* |*isSharedMemory| will be set to false, the argument is present to simplify
* its use from code that also interacts with SharedArrayBuffer.
*/
extern JS_FRIEND_API(uint8_t*)
@ -2048,7 +2048,7 @@ JS_GetArrayBufferViewByteLength(JSObject* obj);
* pass such a test: it is a typed array or a wrapper of a typed array, and the
* unwrapping will succeed.
*
* *isSharedMemory will be set to true if the typed array maps a
* |*isSharedMemory| will be set to true if the typed array maps a
* SharedArrayBuffer, otherwise to false.
*/
@ -2110,14 +2110,14 @@ JS_FRIEND_API(bool)
JS_IsDataViewObject(JSObject* obj);
/**
* Create a new DataView using the given ArrayBuffer for storage. The given
* buffer must be an ArrayBuffer (or a cross-compartment wrapper of an
* ArrayBuffer), and the offset and length must fit within the bounds of the
* arrayBuffer. Currently, nullptr will be returned and an exception will be
* thrown if these conditions do not hold, but do not depend on that behavior.
* Create a new DataView using the given buffer for storage. The given buffer
* must be an ArrayBuffer or SharedArrayBuffer (or a cross-compartment wrapper
* of either type), and the offset and length must fit within the bounds of the
* buffer. Currently, nullptr will be returned and an exception will be thrown
* if these conditions do not hold, but do not depend on that behavior.
*/
JS_FRIEND_API(JSObject*)
JS_NewDataView(JSContext* cx, JS::HandleObject arrayBuffer, uint32_t byteOffset, int32_t byteLength);
JS_NewDataView(JSContext* cx, JS::HandleObject buffer, uint32_t byteOffset, int32_t byteLength);
/**
* Return the byte offset of a data view into its array buffer. |obj| must be a
@ -2148,9 +2148,12 @@ JS_GetDataViewByteLength(JSObject* obj);
* it would pass such a test: it is a data view or a wrapper of a data view,
* and the unwrapping will succeed. If cx is nullptr, then DEBUG builds may be
* unable to assert when unwrapping should be disallowed.
*
* |*isSharedMemory| will be set to true if the DataView maps a SharedArrayBuffer,
* otherwise to false.
*/
JS_FRIEND_API(void*)
JS_GetDataViewData(JSObject* obj, const JS::AutoCheckCannotGC&);
JS_GetDataViewData(JSObject* obj, bool* isSharedMemory, const JS::AutoCheckCannotGC&);
namespace js {

44
js/src/tests/js1_8_5/extensions/shareddataview.js Normal file
View File

@ -0,0 +1,44 @@
// |reftest| skip-if(!xulRuntime.shell)
/* -*- Mode: js2; tab-width: 40; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* Any copyright is dedicated to the Public Domain.
* https://creativecommons.org/publicdomain/zero/1.0/
*/
// Test DataView on SharedArrayBuffer.
if (!this.SharedArrayBuffer) {
reportCompare(true,true);
quit(0);
}
var sab = new SharedArrayBuffer(4096);
var dv = new DataView(sab);
assertEq(sab, dv.buffer);
assertEq(dv.byteLength, sab.byteLength);
assertEq(ArrayBuffer.isView(dv), true);
var dv2 = new DataView(sab, 1075, 2048);
assertEq(sab, dv2.buffer);
assertEq(dv2.byteLength, 2048);
assertEq(dv2.byteOffset, 1075);
assertEq(ArrayBuffer.isView(dv2), true);
// Test that it is the same buffer memory for the two views
dv.setInt8(1075, 37);
assertEq(dv2.getInt8(0), 37);
// Test that range checking works
assertThrowsInstanceOf(() => dv.setInt32(4098, -1), RangeError);
assertThrowsInstanceOf(() => dv.setInt32(4094, -1), RangeError);
assertThrowsInstanceOf(() => dv.setInt32(-1, -1), RangeError);
assertThrowsInstanceOf(() => dv2.setInt32(2080, -1), RangeError);
assertThrowsInstanceOf(() => dv2.setInt32(2046, -1), RangeError);
assertThrowsInstanceOf(() => dv2.setInt32(-1, -1), RangeError);
reportCompare(true,true);

69
js/src/vm/ArrayBufferObject.cpp
View File

@ -227,6 +227,38 @@ js::AsArrayBuffer(JSObject* obj)
return obj->as<ArrayBufferObject>();
}
bool
js::IsArrayBufferMaybeShared(HandleValue v)
{
return v.isObject() && v.toObject().is<ArrayBufferObjectMaybeShared>();
}
bool
js::IsArrayBufferMaybeShared(HandleObject obj)
{
return obj->is<ArrayBufferObjectMaybeShared>();
}
bool
js::IsArrayBufferMaybeShared(JSObject* obj)
{
return obj->is<ArrayBufferObjectMaybeShared>();
}
ArrayBufferObjectMaybeShared&
js::AsArrayBufferMaybeShared(HandleObject obj)
{
MOZ_ASSERT(IsArrayBufferMaybeShared(obj));
return obj->as<ArrayBufferObjectMaybeShared>();
}
ArrayBufferObjectMaybeShared&
js::AsArrayBufferMaybeShared(JSObject* obj)
{
MOZ_ASSERT(IsArrayBufferMaybeShared(obj));
return obj->as<ArrayBufferObjectMaybeShared>();
}
MOZ_ALWAYS_INLINE bool
ArrayBufferObject::byteLengthGetterImpl(JSContext* cx, const CallArgs& args)
{
@ -1110,7 +1142,7 @@ ArrayBufferObject::createEmpty(JSContext* cx)
bool
ArrayBufferObject::createDataViewForThisImpl(JSContext* cx, const CallArgs& args)
{
MOZ_ASSERT(IsArrayBuffer(args.thisv()));
MOZ_ASSERT(IsArrayBufferMaybeShared(args.thisv()));
/*
* This method is only called for |DataView(alienBuf, ...)| which calls
@ -1122,7 +1154,8 @@ ArrayBufferObject::createDataViewForThisImpl(JSContext* cx, const CallArgs& args
uint32_t byteOffset = args[0].toPrivateUint32();
uint32_t byteLength = args[1].toPrivateUint32();
Rooted<ArrayBufferObject*> buffer(cx, &args.thisv().toObject().as<ArrayBufferObject>());
Rooted<ArrayBufferObjectMaybeShared*> buffer(cx);
buffer = &args.thisv().toObject().as<ArrayBufferObjectMaybeShared>();
/*
* Pop off the passed-along prototype and delegate to normal DataViewObject
@ -1139,7 +1172,7 @@ bool
ArrayBufferObject::createDataViewForThis(JSContext* cx, unsigned argc, Value* vp)
{
CallArgs args = CallArgsFromVp(argc, vp);
return CallNonGenericMethod<IsArrayBuffer, createDataViewForThisImpl>(cx, args);
return CallNonGenericMethod<IsArrayBufferMaybeShared, createDataViewForThisImpl>(cx, args);
}
/* static */ ArrayBufferObject::BufferContents
@ -1531,6 +1564,8 @@ void
ArrayBufferViewObject::notifyBufferDetached(JSContext* cx, void* newData)
{
if (is<DataViewObject>()) {
if (as<DataViewObject>().isSharedMemory())
return;
as<DataViewObject>().notifyBufferDetached(newData);
} else if (is<TypedArrayObject>()) {
if (as<TypedArrayObject>().isSharedMemory())
@ -1544,8 +1579,10 @@ ArrayBufferViewObject::notifyBufferDetached(JSContext* cx, void* newData)
uint8_t*
ArrayBufferViewObject::dataPointerUnshared(const JS::AutoRequireNoGC& nogc)
{
if (is<DataViewObject>())
return static_cast<uint8_t*>(as<DataViewObject>().dataPointer());
if (is<DataViewObject>()) {
MOZ_ASSERT(!as<DataViewObject>().isSharedMemory());
return static_cast<uint8_t*>(as<DataViewObject>().dataPointerUnshared());
}
if (is<TypedArrayObject>()) {
MOZ_ASSERT(!as<TypedArrayObject>().isSharedMemory());
return static_cast<uint8_t*>(as<TypedArrayObject>().viewDataUnshared());
@ -1567,6 +1604,7 @@ void
ArrayBufferViewObject::setDataPointerUnshared(uint8_t* data)
{
if (is<DataViewObject>()) {
MOZ_ASSERT(!as<DataViewObject>().isSharedMemory());
as<DataViewObject>().setPrivate(data);
} else if (is<TypedArrayObject>()) {
MOZ_ASSERT(!as<TypedArrayObject>().isSharedMemory());
@ -1588,7 +1626,7 @@ ArrayBufferViewObject::bufferObject(JSContext* cx, Handle<ArrayBufferViewObject*
return thisObject->as<TypedArrayObject>().bufferEither();
}
MOZ_ASSERT(thisObject->is<DataViewObject>());
return &thisObject->as<DataViewObject>().arrayBuffer();
return &thisObject->as<DataViewObject>().arrayBufferEither();
}
/* JS Friend API */
@ -1839,12 +1877,13 @@ JS_GetArrayBufferViewData(JSObject* obj, bool* isSharedMemory, const JS::AutoChe
if (!obj)
return nullptr;
if (obj->is<DataViewObject>()) {
*isSharedMemory = false;
return obj->as<DataViewObject>().dataPointer();
DataViewObject& dv = obj->as<DataViewObject>();
*isSharedMemory = dv.isSharedMemory();
return dv.dataPointerEither().unwrap(/*safe - caller sees isSharedMemory flag*/);
}
TypedArrayObject& ta = obj->as<TypedArrayObject>();
*isSharedMemory = ta.isSharedMemory();
return ta.viewDataEither().unwrap(/*safe - caller sees isShared flag*/);
return ta.viewDataEither().unwrap(/*safe - caller sees isSharedMemory flag*/);
}
JS_FRIEND_API(JSObject*)
@ -1889,7 +1928,8 @@ JS_GetObjectAsArrayBufferView(JSObject* obj, uint32_t* length, bool* isSharedMem
}
JS_FRIEND_API(void)
js::GetArrayBufferViewLengthAndData(JSObject* obj, uint32_t* length, bool* isSharedMemory, uint8_t** data)
js::GetArrayBufferViewLengthAndData(JSObject* obj, uint32_t* length, bool* isSharedMemory,
uint8_t** data)
{
MOZ_ASSERT(obj->is<ArrayBufferViewObject>());
@ -1898,13 +1938,16 @@ js::GetArrayBufferViewLengthAndData(JSObject* obj, uint32_t* length, bool* isSha
: obj->as<TypedArrayObject>().byteLength();
if (obj->is<DataViewObject>()) {
*isSharedMemory = false;
*data = static_cast<uint8_t*>(obj->as<DataViewObject>().dataPointer());
DataViewObject& dv = obj->as<DataViewObject>();
*isSharedMemory = dv.isSharedMemory();
*data = static_cast<uint8_t*>(
dv.dataPointerEither().unwrap(/*safe - caller sees isShared flag*/));
}
else {
TypedArrayObject& ta = obj->as<TypedArrayObject>();
*isSharedMemory = ta.isSharedMemory();
*data = static_cast<uint8_t*>(ta.viewDataEither().unwrap(/*safe - caller sees isShared flag*/));
*data = static_cast<uint8_t*>(
ta.viewDataEither().unwrap(/*safe - caller sees isShared flag*/));
}
}

11
js/src/vm/ArrayBufferObject.h
View File

@ -254,12 +254,12 @@ class ArrayBufferObject : public ArrayBufferObjectMaybeShared
// initialize()d to become a real, content-visible ArrayBufferObject.
static ArrayBufferObject* createEmpty(JSContext* cx);
// Also valid when the buffer is a SharedArrayBuffer.
static bool createDataViewForThisImpl(JSContext* cx, const CallArgs& args);
static bool createDataViewForThis(JSContext* cx, unsigned argc, Value* vp);
template<typename T>
static bool createTypedArrayFromBufferImpl(JSContext* cx, const CallArgs& args);
template<typename T>
static bool createTypedArrayFromBuffer(JSContext* cx, unsigned argc, Value* vp);
@ -452,6 +452,15 @@ bool IsArrayBuffer(JSObject* obj);
ArrayBufferObject& AsArrayBuffer(HandleObject obj);
ArrayBufferObject& AsArrayBuffer(JSObject* obj);
/*
* Ditto for ArrayBufferObjectMaybeShared.
*/
bool IsArrayBufferMaybeShared(HandleValue v);
bool IsArrayBufferMaybeShared(HandleObject obj);
bool IsArrayBufferMaybeShared(JSObject* obj);
ArrayBufferObjectMaybeShared& AsArrayBufferMaybeShared(HandleObject obj);
ArrayBufferObjectMaybeShared& AsArrayBufferMaybeShared(JSObject* obj);
extern uint32_t JS_FASTCALL
ClampDoubleToUint8(const double x);

1
js/src/vm/SharedMem.h
View File

@ -69,6 +69,7 @@ class SharedMem
}
// Reinterpret-cast the pointer to type U, preserving sharedness.
// Eg, "obj->dataPointerEither().cast<uint8_t*>()" yields a SharedMem<uint8_t*>.
template<typename U>
inline SharedMem<U> cast() const {
#ifdef DEBUG

122
js/src/vm/TypedArrayObject.cpp
View File

@ -39,6 +39,7 @@
#include "vm/Interpreter.h"
#include "vm/PIC.h"
#include "vm/SelfHosting.h"
#include "vm/SharedMem.h"
#include "vm/TypedArrayCommon.h"
#include "vm/WrapperObject.h"
@ -1652,12 +1653,11 @@ DataViewNewObjectKind(JSContext* cx, uint32_t byteLength, JSObject* proto)
DataViewObject*
DataViewObject::create(JSContext* cx, uint32_t byteOffset, uint32_t byteLength,
Handle<ArrayBufferObject*> arrayBuffer, JSObject* protoArg)
Handle<ArrayBufferObjectMaybeShared*> arrayBuffer, JSObject* protoArg)
{
MOZ_ASSERT(byteOffset <= INT32_MAX);
MOZ_ASSERT(byteLength <= INT32_MAX);
MOZ_ASSERT(byteOffset + byteLength < UINT32_MAX);
MOZ_ASSERT(!arrayBuffer || !arrayBuffer->is<SharedArrayBufferObject>());
RootedObject proto(cx, protoArg);
RootedObject obj(cx);
@ -1688,21 +1688,47 @@ DataViewObject::create(JSContext* cx, uint32_t byteOffset, uint32_t byteLength,
MOZ_ASSERT(byteOffset + byteLength <= arrayBuffer->byteLength());
DataViewObject& dvobj = obj->as<DataViewObject>();
// The isSharedMemory property is invariant. Self-hosting code that sets
// BUFFER_SLOT or the private slot (if it does) must maintain it by always
// setting those to reference shared memory.
bool isSharedMemory = IsSharedArrayBuffer(arrayBuffer.get());
if (isSharedMemory)
dvobj.setIsSharedMemory();
dvobj.setFixedSlot(TypedArrayObject::BYTEOFFSET_SLOT, Int32Value(byteOffset));
dvobj.setFixedSlot(TypedArrayObject::LENGTH_SLOT, Int32Value(byteLength));
dvobj.setFixedSlot(TypedArrayObject::BUFFER_SLOT, ObjectValue(*arrayBuffer));
dvobj.initPrivate(arrayBuffer->dataPointer() + byteOffset);
SharedMem<uint8_t*> ptr = arrayBuffer->dataPointerEither();
// A pointer to raw shared memory is exposed through the private slot. This
// is safe so long as getPrivate() is not used willy-nilly. It is wrapped in
// other accessors in TypedArrayObject.h.
dvobj.initPrivate(ptr.unwrap(/*safe - see above*/) + byteOffset);
// Include a barrier if the data view's data pointer is in the nursery, as
// is done for typed arrays.
if (!IsInsideNursery(obj) && cx->runtime()->gc.nursery.isInside(arrayBuffer->dataPointer()))
cx->runtime()->gc.storeBuffer.putWholeCell(obj);
if (!IsInsideNursery(obj) && cx->runtime()->gc.nursery.isInside(ptr)) {
// Shared buffer data should never be nursery-allocated, so we
// need to fail here if isSharedMemory. However, mmap() can
// place a SharedArrayRawBuffer up against the bottom end of a
// nursery chunk, and a zero-length buffer will erroneously be
// perceived as being inside the nursery; sidestep that.
if (isSharedMemory) {
MOZ_ASSERT(arrayBuffer->byteLength() == 0 &&
(uintptr_t(ptr.unwrapValue()) & gc::ChunkMask) == 0);
} else {
cx->runtime()->gc.storeBuffer.putWholeCell(obj);
}
}
// Verify that the private slot is at the expected place
MOZ_ASSERT(dvobj.numFixedSlots() == TypedArrayObject::DATA_SLOT);
if (!arrayBuffer->addView(cx, &dvobj))
return nullptr;
if (arrayBuffer->is<ArrayBufferObject>()) {
if (!arrayBuffer->as<ArrayBufferObject>().addView(cx, &dvobj))
return nullptr;
}
return &dvobj;
}
@ -1711,13 +1737,13 @@ bool
DataViewObject::getAndCheckConstructorArgs(JSContext* cx, JSObject* bufobj, const CallArgs& args,
uint32_t* byteOffsetPtr, uint32_t* byteLengthPtr)
{
if (!IsArrayBuffer(bufobj)) {
if (!IsArrayBufferMaybeShared(bufobj)) {
JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_NOT_EXPECTED_TYPE,
"DataView", "ArrayBuffer", bufobj->getClass()->name);
return false;
}
Rooted<ArrayBufferObject*> buffer(cx, &AsArrayBuffer(bufobj));
Rooted<ArrayBufferObjectMaybeShared*> buffer(cx, &AsArrayBufferMaybeShared(bufobj));
uint32_t byteOffset = 0;
uint32_t byteLength = buffer->byteLength();
@ -1790,7 +1816,7 @@ DataViewObject::constructSameCompartment(JSContext* cx, HandleObject bufobj, con
if (!GetPrototypeFromConstructor(cx, newTarget, &proto))
return false;
Rooted<ArrayBufferObject*> buffer(cx, &AsArrayBuffer(bufobj));
Rooted<ArrayBufferObjectMaybeShared*> buffer(cx, &AsArrayBufferMaybeShared(bufobj));
JSObject* obj = DataViewObject::create(cx, byteOffset, byteLength, buffer, proto);
if (!obj)
return false;
@ -1877,8 +1903,9 @@ DataViewObject::class_constructor(JSContext* cx, unsigned argc, Value* vp)
}
template <typename NativeType>
/* static */ uint8_t*
DataViewObject::getDataPointer(JSContext* cx, Handle<DataViewObject*> obj, double offset)
/* static */ SharedMem<uint8_t*>
DataViewObject::getDataPointer(JSContext* cx, Handle<DataViewObject*> obj, double offset,
bool* isSharedMemory)
{
MOZ_ASSERT(offset >= 0);
@ -1886,11 +1913,12 @@ DataViewObject::getDataPointer(JSContext* cx, Handle<DataViewObject*> obj, doubl
if (offset > UINT32_MAX - TypeSize || offset + TypeSize > obj->byteLength()) {
JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_ARG_INDEX_OUT_OF_RANGE,
"1");
return nullptr;
return SharedMem<uint8_t*>::unshared(nullptr);
}
MOZ_ASSERT(offset < UINT32_MAX);
return static_cast<uint8_t*>(obj->dataPointer()) + uint32_t(offset);
*isSharedMemory = obj->isSharedMemory();
return obj->dataPointerEither().cast<uint8_t*>() + uint32_t(offset);
}
static inline bool
@ -1942,28 +1970,46 @@ template <> struct DataToRepType<uint32_t> { typedef uint32_t result; };
template <> struct DataToRepType<float> { typedef uint32_t result; };
template <> struct DataToRepType<double> { typedef uint64_t result; };
template <typename DataType>
static inline void
Memcpy(uint8_t* dest, uint8_t* src, size_t nbytes)
{
memcpy(dest, src, nbytes);
}
static inline void
Memcpy(uint8_t* dest, SharedMem<uint8_t*> src, size_t nbytes)
{
jit::AtomicOperations::memcpySafeWhenRacy(dest, src, nbytes);
}
static inline void
Memcpy(SharedMem<uint8_t*> dest, uint8_t* src, size_t nbytes)
{
jit::AtomicOperations::memcpySafeWhenRacy(dest, src, nbytes);
}
template <typename DataType, typename BufferPtrType>
struct DataViewIO
{
typedef typename DataToRepType<DataType>::result ReadWriteType;
static void fromBuffer(DataType* dest, const uint8_t* unalignedBuffer, bool wantSwap)
static void fromBuffer(DataType* dest, BufferPtrType unalignedBuffer, bool wantSwap)
{
MOZ_ASSERT((reinterpret_cast<uintptr_t>(dest) & (Min<size_t>(MOZ_ALIGNOF(void*), sizeof(DataType)) - 1)) == 0);
memcpy((void*) dest, unalignedBuffer, sizeof(ReadWriteType));
Memcpy((uint8_t*) dest, unalignedBuffer, sizeof(ReadWriteType));
if (wantSwap) {
ReadWriteType* rwDest = reinterpret_cast<ReadWriteType*>(dest);
*rwDest = swapBytes(*rwDest);
}
}
static void toBuffer(uint8_t* unalignedBuffer, const DataType* src, bool wantSwap)
static void toBuffer(BufferPtrType unalignedBuffer, const DataType* src, bool wantSwap)
{
MOZ_ASSERT((reinterpret_cast<uintptr_t>(src) & (Min<size_t>(MOZ_ALIGNOF(void*), sizeof(DataType)) - 1)) == 0);
ReadWriteType temp = *reinterpret_cast<const ReadWriteType*>(src);
if (wantSwap)
temp = swapBytes(temp);
memcpy(unalignedBuffer, (void*) &temp, sizeof(ReadWriteType));
Memcpy(unalignedBuffer, (uint8_t*) &temp, sizeof(ReadWriteType));
}
};
@ -2009,18 +2055,26 @@ DataViewObject::read(JSContext* cx, Handle<DataViewObject*> obj,
bool isLittleEndian = args.length() >= 2 && ToBoolean(args[1]);
// Steps 6-7.
if (obj->arrayBuffer().isDetached()) {
if (obj->arrayBufferEither().isDetached()) {
JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_DETACHED);
return false;
}
// Steps 8-12.
uint8_t* data = DataViewObject::getDataPointer<NativeType>(cx, obj, getIndex);
bool isSharedMemory;
SharedMem<uint8_t*> data = DataViewObject::getDataPointer<NativeType>(cx, obj, getIndex,
&isSharedMemory);
if (!data)
return false;
// Step 13.
DataViewIO<NativeType>::fromBuffer(val, data, needToSwapBytes(isLittleEndian));
if (isSharedMemory) {
DataViewIO<NativeType, SharedMem<uint8_t*>>::fromBuffer(val, data,
needToSwapBytes(isLittleEndian));
} else {
DataViewIO<NativeType, uint8_t*>::fromBuffer(val, data.unwrapUnshared(),
needToSwapBytes(isLittleEndian));
}
return true;
}
@ -2084,18 +2138,26 @@ DataViewObject::write(JSContext* cx, Handle<DataViewObject*> obj,
bool isLittleEndian = args.length() >= 3 && ToBoolean(args[2]);
// Steps 7-8.
if (obj->arrayBuffer().isDetached()) {
if (obj->arrayBufferEither().isDetached()) {
JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_DETACHED);
return false;
}
// Steps 9-13.
uint8_t* data = DataViewObject::getDataPointer<NativeType>(cx, obj, getIndex);
bool isSharedMemory;
SharedMem<uint8_t*> data = DataViewObject::getDataPointer<NativeType>(cx, obj, getIndex,
&isSharedMemory);
if (!data)
return false;
// Step 14.
DataViewIO<NativeType>::toBuffer(data, &value, needToSwapBytes(isLittleEndian));
if (isSharedMemory) {
DataViewIO<NativeType, SharedMem<uint8_t*>>::toBuffer(data, &value,
needToSwapBytes(isLittleEndian));
} else {
DataViewIO<NativeType, uint8_t*>::toBuffer(data.unwrapUnshared(), &value,
needToSwapBytes(isLittleEndian));
}
return true;
}
@ -3189,12 +3251,14 @@ JS_GetDataViewByteOffset(JSObject* obj)
}
JS_FRIEND_API(void*)
JS_GetDataViewData(JSObject* obj, const JS::AutoCheckCannotGC&)
JS_GetDataViewData(JSObject* obj, bool* isSharedMemory, const JS::AutoCheckCannotGC&)
{
obj = CheckedUnwrap(obj);
if (!obj)
return nullptr;
return obj->as<DataViewObject>().dataPointer();
DataViewObject& dv = obj->as<DataViewObject>();
*isSharedMemory = dv.isSharedMemory();
return dv.dataPointerEither().unwrap(/*safe - caller sees isSharedMemory*/);
}
JS_FRIEND_API(uint32_t)
@ -3207,7 +3271,7 @@ JS_GetDataViewByteLength(JSObject* obj)
}
JS_FRIEND_API(JSObject*)
JS_NewDataView(JSContext* cx, HandleObject arrayBuffer, uint32_t byteOffset, int32_t byteLength)
JS_NewDataView(JSContext* cx, HandleObject buffer, uint32_t byteOffset, int32_t byteLength)
{
RootedObject constructor(cx);
JSProtoKey key = JSCLASS_CACHED_PROTO_KEY(&DataViewObject::class_);
@ -3216,7 +3280,7 @@ JS_NewDataView(JSContext* cx, HandleObject arrayBuffer, uint32_t byteOffset, int
FixedConstructArgs<3> cargs(cx);
cargs[0].setObject(*arrayBuffer);
cargs[0].setObject(*buffer);
cargs[1].setNumber(byteOffset);
cargs[2].setInt32(byteLength);

31
js/src/vm/TypedArrayObject.h
View File

@ -416,6 +416,11 @@ SetDisjointTypedElements(TypedArrayObject* target, uint32_t targetOffset,
extern JSObject*
InitDataViewClass(JSContext* cx, HandleObject obj);
// In the DataViewObject, the private slot contains a raw pointer into
// the buffer. The buffer may be shared memory and the raw pointer
// should not be exposed without sharedness information accompanying
// it.
class DataViewObject : public NativeObject
{
private:
@ -426,8 +431,8 @@ class DataViewObject : public NativeObject
}
template <typename NativeType>
static uint8_t*
getDataPointer(JSContext* cx, Handle<DataViewObject*> obj, double offset);
static SharedMem<uint8_t*>
getDataPointer(JSContext* cx, Handle<DataViewObject*> obj, double offset, bool* isSharedMemory);
template<Value ValueGetter(DataViewObject* view)>
static bool
@ -449,7 +454,7 @@ class DataViewObject : public NativeObject
friend bool ArrayBufferObject::createDataViewForThisImpl(JSContext* cx, const CallArgs& args);
static DataViewObject*
create(JSContext* cx, uint32_t byteOffset, uint32_t byteLength,
Handle<ArrayBufferObject*> arrayBuffer, JSObject* proto);
Handle<ArrayBufferObjectMaybeShared*> arrayBuffer, JSObject* proto);
public:
static const Class class_;
@ -478,11 +483,25 @@ class DataViewObject : public NativeObject
return byteLengthValue(const_cast<DataViewObject*>(this)).toInt32();
}
ArrayBufferObject& arrayBuffer() const {
return bufferValue(const_cast<DataViewObject*>(this)).toObject().as<ArrayBufferObject>();
ArrayBufferObjectMaybeShared& arrayBufferEither() const {
return bufferValue(
const_cast<DataViewObject*>(this)).toObject().as<ArrayBufferObjectMaybeShared>();
}
void* dataPointer() const {
SharedMem<void*> dataPointerEither() const {
void *p = getPrivate();
if (isSharedMemory())
return SharedMem<void*>::shared(p);
return SharedMem<void*>::unshared(p);
}
void* dataPointerUnshared() const {
MOZ_ASSERT(!isSharedMemory());
return getPrivate();
}
void* dataPointerShared() const {
MOZ_ASSERT(isSharedMemory());
return getPrivate();
}