static JSObject *
GetKeyArg(JSContext *cx, CallArgs &args)
{
Value *vp = &args[0];
if (vp->isPrimitive()) {
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_NOT_NONNULL_OBJECT);
return NULL;
}
return &vp->toObject();
}
ModuleEnvironmentObject*
ModuleObject::environment() const
{
Value value = getReservedSlot(EnvironmentSlot);
MOZ_ASSERT(!value.isNull());
if (value.isUndefined())
return nullptr;
return &value.toObject().as<ModuleEnvironmentObject>();
}
static inline bool
UncachedInlineCall(VMFrame &f, uint32 flags, void **pret, bool *unjittable, uint32 argc)
{
JSContext *cx = f.cx;
Value *vp = f.regs.sp - (argc + 2);
JSObject &callee = vp->toObject();
JSFunction *newfun = callee.getFunctionPrivate();
JSScript *newscript = newfun->script();
/* Get pointer to new frame/slots, prepare arguments. */
StackSpace &stack = cx->stack();
JSStackFrame *newfp = stack.getInlineFrameWithinLimit(cx, f.regs.sp, argc,
newfun, newscript, &flags,
f.entryfp, &f.stackLimit);
if (JS_UNLIKELY(!newfp))
return false;
/* Initialize frame, locals. */
newfp->initCallFrame(cx, callee, newfun, argc, flags);
SetValueRangeToUndefined(newfp->slots(), newscript->nfixed);
/* Officially push the frame. */
stack.pushInlineFrame(cx, newscript, newfp, &f.regs);
JS_ASSERT(newfp == f.regs.fp);
/* Scope with a call object parented by callee's parent. */
if (newfun->isHeavyweight() && !js::CreateFunCallObject(cx, newfp))
return false;
/* Try to compile if not already compiled. */
if (newscript->getJITStatus(newfp->isConstructing()) == JITScript_None) {
CompileStatus status = CanMethodJIT(cx, newscript, newfp, CompileRequest_Interpreter);
if (status == Compile_Error) {
/* A runtime exception was thrown, get out. */
InlineReturn(f);
return false;
}
if (status == Compile_Abort)
*unjittable = true;
}
/* If newscript was successfully compiled, run it. */
if (JITScript *jit = newscript->getJIT(newfp->isConstructing())) {
*pret = jit->invokeEntry;
return true;
}
/* Otherwise, run newscript in the interpreter. */
bool ok = !!Interpret(cx, cx->fp());
InlineReturn(f);
*pret = NULL;
return ok;
}
Node::Node(Value value)
{
if (value.isObject())
construct(&value.toObject());
else if (value.isString())
construct(value.toString());
else if (value.isSymbol())
construct(value.toSymbol());
else
construct<void>(nullptr);
}
static bool
CheckArgCompartment(JSContext *cx, JSObject *obj, const Value &v,
const char *methodname, const char *propname)
{
if (v.isObject() && v.toObject().compartment() != obj->compartment()) {
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_DEBUG_COMPARTMENT_MISMATCH,
methodname, propname);
return false;
}
return true;
}
static bool
IsMaybeWrappedNativeFunction(const Value &v, Native native)
{
if (!v.isObject())
return false;
JSObject *obj = CheckedUnwrap(&v.toObject());
if (!obj)
return false;
return obj->is<JSFunction>() && obj->as<JSFunction>().maybeNative() == native;
}
bool rs::jsapi::Object::IsObject(const Value& value) {
auto isObject = value.isObject() && !value.isNull();
if (isObject) {
auto obj = value.toObject();
isObject = obj;
if (isObject) {
auto klass = JS_GetClass(obj);
isObject = klass && klass->name && std::strcmp(klass->name, class_.name) == 0;
}
}
return isObject;
}
void
ValueReadBarrier(const Value &value)
{
JS_ASSERT(!CurrentThreadIsIonCompiling());
if (value.isObject())
JSObject::readBarrier(&value.toObject());
else if (value.isString())
JSString::readBarrier(value.toString());
else if (value.isSymbol())
JS::Symbol::readBarrier(value.toSymbol());
else
JS_ASSERT(!value.isMarkable());
}
JSFunction *
JSRuntime::getSelfHostedFunction(JSContext *cx, const char *name)
{
RootedObject holder(cx, cx->global()->getIntrinsicsHolder());
JSAtom *atom = Atomize(cx, name, strlen(name));
if (!atom)
return NULL;
Value funVal = NullValue();
JSAutoByteString bytes;
if (!cloneSelfHostedValueById(cx, AtomToId(atom), holder, &funVal))
return NULL;
return funVal.toObject().toFunction();
}
static bool
TestProtoSetterThis(const Value &v)
{
if (v.isNullOrUndefined())
return false;
/* These will work as if on a boxed primitive; dumb, but whatever. */
if (!v.isObject())
return true;
/* Otherwise, only accept non-proxies. */
return !v.toObject().isProxy();
}
JS_ALWAYS_INLINE bool
WeakMap_set_impl(JSContext *cx, CallArgs args)
{
JS_ASSERT(IsWeakMap(args.thisv()));
if (args.length() < 1) {
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_MORE_ARGS_NEEDED,
"WeakMap.set", "0", "s");
return false;
}
RootedObject key(cx, GetKeyArg(cx, args));
if (!key)
return false;
Value value = (args.length() > 1) ? args[1] : UndefinedValue();
Rooted<JSObject*> thisObj(cx, &args.thisv().toObject());
ObjectValueMap *map = GetObjectMap(thisObj);
if (!map) {
map = cx->new_<ObjectValueMap>(cx, thisObj.get());
if (!map->init()) {
js_delete(map);
JS_ReportOutOfMemory(cx);
return false;
}
thisObj->setPrivate(map);
}
// Preserve wrapped native keys to prevent wrapper optimization.
if (key->getClass()->ext.isWrappedNative ||
(key->getClass()->flags & JSCLASS_IS_DOMJSCLASS) ||
(key->isProxy() && GetProxyHandler(key)->family() == GetListBaseHandlerFamily()))
{
JS_ASSERT(cx->runtime->preserveWrapperCallback);
if (!cx->runtime->preserveWrapperCallback(cx, key)) {
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_BAD_WEAKMAP_KEY);
return false;
}
}
JS_ASSERT(key->compartment() == thisObj->compartment());
JS_ASSERT_IF(value.isObject(), value.toObject().compartment() == thisObj->compartment());
if (!map->put(key, value)) {
JS_ReportOutOfMemory(cx);
return false;
}
HashTableWriteBarrierPost(cx->compartment, map, key);
args.rval().setUndefined();
return true;
}
bool
js_InternNonIntElementIdSlow(JSContext *cx, JSObject *obj, const Value &idval,
jsid *idp, Value *vp)
{
JS_ASSERT(idval.isObject());
if (obj->isXML()) {
JSObject &idobj = idval.toObject();
*idp = OBJECT_TO_JSID(&idobj);
vp->setObject(idobj);
return true;
}
if (js_GetLocalNameFromFunctionQName(&idval.toObject(), idp, cx)) {
*vp = IdToValue(*idp);
return true;
}
if (js_ValueToStringId(cx, idval, idp)) {
vp->setString(JSID_TO_STRING(*idp));
return true;
}
return false;
}
/* static */ DebuggerMemory*
DebuggerMemory::create(JSContext* cx, Debugger* dbg)
{
Value memoryProtoValue = dbg->object->getReservedSlot(Debugger::JSSLOT_DEBUG_MEMORY_PROTO);
RootedObject memoryProto(cx, &memoryProtoValue.toObject());
RootedNativeObject memory(cx, NewNativeObjectWithGivenProto(cx, &class_, memoryProto));
if (!memory)
return nullptr;
dbg->object->setReservedSlot(Debugger::JSSLOT_DEBUG_MEMORY_INSTANCE, ObjectValue(*memory));
memory->setReservedSlot(JSSLOT_DEBUGGER, ObjectValue(*dbg->object));
return &memory->as<DebuggerMemory>();
}
JSObject *
InlineFrameIterator::scopeChain() const
{
SnapshotIterator s(si_);
// scopeChain
Value v = s.read();
if (v.isObject()) {
JS_ASSERT_IF(script()->hasAnalysis(), script()->analysis()->usesScopeChain());
return &v.toObject();
}
return callee()->environment();
}
bool
CrossCompartmentWrapper::nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl,
CallArgs srcArgs)
{
RootedObject wrapper(cx, &srcArgs.thisv().toObject());
JS_ASSERT(srcArgs.thisv().isMagic(JS_IS_CONSTRUCTING) ||
!UncheckedUnwrap(wrapper)->isCrossCompartmentWrapper());
RootedObject wrapped(cx, wrappedObject(wrapper));
{
AutoCompartment call(cx, wrapped);
InvokeArgsGuard dstArgs;
if (!cx->stack.pushInvokeArgs(cx, srcArgs.length(), &dstArgs))
return false;
Value *src = srcArgs.base();
Value *srcend = srcArgs.array() + srcArgs.length();
Value *dst = dstArgs.base();
RootedValue source(cx);
for (; src < srcend; ++src, ++dst) {
source = *src;
if (!cx->compartment->wrap(cx, &source))
return false;
*dst = source.get();
// Handle |this| specially. When we rewrap on the other side of the
// membrane, we might apply a same-compartment security wrapper that
// will stymie this whole process. If that happens, unwrap the wrapper.
// This logic can go away when same-compartment security wrappers go away.
if ((src == srcArgs.base() + 1) && dst->isObject()) {
RootedObject thisObj(cx, &dst->toObject());
if (thisObj->isWrapper() &&
!Wrapper::wrapperHandler(thisObj)->isSafeToUnwrap())
{
JS_ASSERT(!IsCrossCompartmentWrapper(thisObj));
*dst = ObjectValue(*Wrapper::wrappedObject(thisObj));
}
}
}
if (!CallNonGenericMethod(cx, test, impl, dstArgs))
return false;
srcArgs.rval().set(dstArgs.rval());
dstArgs.pop();
}
return cx->compartment->wrap(cx, srcArgs.rval());
}
bool rs::jsapi::Object::SetPrivate(Value& value, uint64_t data, void* ptr) {
auto set = false;
if (value.isObject()) {
auto obj = value.toObject();
auto klass = JS_GetClass(obj);
if (klass != nullptr && std::strcmp(klass->name, Object::class_.name) == 0) {
auto state = GetState(obj);
state->data = data;
state->ptr = ptr;
set = true;
}
}
return set;
}
bool rs::jsapi::Object::GetPrivate(const Value& value, uint64_t& data, void*& ptr) {
auto get = false;
if (value.isObject()) {
auto obj = value.toObject();
auto klass = JS_GetClass(obj);
if (klass != nullptr && std::strcmp(klass->name, Object::class_.name) == 0) {
auto state = GetState(obj);
data = state->data;
ptr = state->ptr;
get = true;
}
}
return get;
}
JSObject *
InlineFrameIterator::thisObject() const
{
// JS_ASSERT(isConstructing(...));
SnapshotIterator s(si_);
// scopeChain
s.skip();
// In strict modes, |this| may not be an object and thus may not be
// readable which can either segv in read or trigger the assertion.
Value v = s.read();
JS_ASSERT(v.isObject());
return &v.toObject();
}
void
InlineFrameIterator::findNextFrame()
{
AutoAssertNoGC nogc;
JS_ASSERT(more());
si_ = start_;
// Read the initial frame.
callee_ = frame_->maybeCallee();
script_ = frame_->script();
pc_ = script_->code + si_.pcOffset();
#ifdef DEBUG
numActualArgs_ = 0xbadbad;
#endif
// This unfortunately is O(n*m), because we must skip over outer frames
// before reading inner ones.
unsigned remaining = start_.frameCount() - framesRead_ - 1;
for (unsigned i = 0; i < remaining; i++) {
JS_ASSERT(js_CodeSpec[*pc_].format & JOF_INVOKE);
// Recover the number of actual arguments from the script.
if (JSOp(*pc_) != JSOP_FUNAPPLY)
numActualArgs_ = GET_ARGC(pc_);
JS_ASSERT(numActualArgs_ != 0xbadbad);
// Skip over non-argument slots, as well as |this|.
unsigned skipCount = (si_.slots() - 1) - numActualArgs_ - 1;
for (unsigned j = 0; j < skipCount; j++)
si_.skip();
Value funval = si_.read();
// Skip extra slots.
while (si_.moreSlots())
si_.skip();
si_.nextFrame();
callee_ = funval.toObject().toFunction();
script_ = callee_->nonLazyScript();
pc_ = script_->code + si_.pcOffset();
}
framesRead_++;
}
static JSObject *
GetKeyArg(JSContext *cx, CallArgs &args)
{
Value *vp = &args[0];
if (vp->isPrimitive()) {
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_NOT_NONNULL_OBJECT);
return NULL;
}
JSObject &key = vp->toObject();
// If the key is from another compartment, and we store the wrapper as the key
// the wrapper might be GC-ed since it is not strong referenced (Bug 673468).
// To avoid this we always use the unwrapped object as the key instead of its
// security wrapper. This also means that if the keys are ever exposed they must
// be re-wrapped (see: JS_NondeterministicGetWeakMapKeys).
return JS_UnwrapObject(&key);
}
bool
JSProxyHandler::construct(JSContext *cx, JSObject *proxy,
uintN argc, Value *argv, Value *rval)
{
JS_ASSERT(OperationInProgress(cx, proxy));
Value fval = GetConstruct(proxy);
if (fval.isUndefined())
return ExternalInvokeConstructor(cx, GetCall(proxy), argc, argv, rval);
/*
* FIXME: The Proxy proposal says to pass undefined as the this argument,
* but primitive this is not supported yet. See bug 576644.
*/
JS_ASSERT(fval.isObject());
JSObject *thisobj = fval.toObject().getGlobal();
return ExternalInvoke(cx, thisobj, fval, argc, argv, rval);
}
/*
* This method marks pointers that cross compartment boundaries. It is called in
* per-zone GCs (since full GCs naturally follow pointers across compartments)
* and when compacting to update cross-compartment pointers.
*/
void
JSCompartment::markCrossCompartmentWrappers(JSTracer *trc)
{
MOZ_ASSERT(!zone()->isCollecting() || trc->runtime()->isHeapCompacting());
for (WrapperMap::Enum e(crossCompartmentWrappers); !e.empty(); e.popFront()) {
Value v = e.front().value();
if (e.front().key().kind == CrossCompartmentKey::ObjectWrapper) {
ProxyObject *wrapper = &v.toObject().as<ProxyObject>();
/*
* We have a cross-compartment wrapper. Its private pointer may
* point into the compartment being collected, so we should mark it.
*/
MarkValue(trc, wrapper->slotOfPrivate(), "cross-compartment wrapper");
}
}
}
static bool
Parent(JSContext* cx, unsigned argc, jsval* vp)
{
CallArgs args = CallArgsFromVp(argc, vp);
if (args.length() != 1) {
JS_ReportError(cx, "Wrong number of arguments");
return false;
}
Value v = args[0];
if (v.isPrimitive()) {
JS_ReportError(cx, "Only objects have parents!");
return false;
}
args.rval().setObjectOrNull(JS_GetParent(&v.toObject()));
return true;
}
void
stubs::UncachedNewHelper(VMFrame &f, uint32 argc, UncachedCallResult *ucr)
{
ucr->init();
JSContext *cx = f.cx;
Value *vp = f.regs.sp - (argc + 2);
/* Try to do a fast inline call before the general Invoke path. */
if (IsFunctionObject(*vp, &ucr->fun) && ucr->fun->isInterpreted()) {
ucr->callee = &vp->toObject();
if (!UncachedInlineCall(f, JSFRAME_CONSTRUCTING, &ucr->codeAddr, &ucr->unjittable, argc))
THROW();
} else {
if (!InvokeConstructor(cx, InvokeArgsAlreadyOnTheStack(vp, argc)))
THROW();
}
}
void
JSCompartment::traceOutgoingCrossCompartmentWrappers(JSTracer* trc)
{
MOZ_ASSERT(trc->runtime()->isHeapMajorCollecting());
MOZ_ASSERT(!zone()->isCollecting() || trc->runtime()->gc.isHeapCompacting());
for (WrapperMap::Enum e(crossCompartmentWrappers); !e.empty(); e.popFront()) {
Value v = e.front().value().unbarrieredGet();
if (e.front().key().is<JSObject*>()) {
ProxyObject* wrapper = &v.toObject().as<ProxyObject>();
/*
* We have a cross-compartment wrapper. Its private pointer may
* point into the compartment being collected, so we should mark it.
*/
TraceEdge(trc, wrapper->slotOfPrivate(), "cross-compartment wrapper");
}
}
}
static bool
GetDataProperty(JSContext *cx, const Value &objVal, HandlePropertyName field, MutableHandleValue v)
{
if (!objVal.isObject())
return LinkFail(cx, "accessing property of non-object");
Rooted<JSPropertyDescriptor> desc(cx);
if (!JS_GetPropertyDescriptorById(cx, &objVal.toObject(), NameToId(field), 0, &desc))
return false;
if (!desc.object())
return LinkFail(cx, "property not present on object");
if (desc.hasGetterOrSetterObject())
return LinkFail(cx, "property is not a data property");
v.set(desc.value());
return true;
}
static bool
GetDataProperty(JSContext *cx, const Value &objVal, HandlePropertyName field, MutableHandleValue v)
{
if (!objVal.isObject())
return LinkFail(cx, "accessing property of non-object");
JSPropertyDescriptor desc;
if (!JS_GetPropertyDescriptorById(cx, &objVal.toObject(), NameToId(field), 0, &desc))
return false;
if (!desc.obj)
return LinkFail(cx, "property not present on object");
if (desc.attrs & (JSPROP_GETTER | JSPROP_SETTER))
return LinkFail(cx, "property is not a data property");
v.set(desc.value);
return true;
}
void
JSCompartment::traceOutgoingCrossCompartmentWrappers(JSTracer* trc)
{
MOZ_ASSERT(JS::CurrentThreadIsHeapMajorCollecting());
MOZ_ASSERT(!zone()->isCollectingFromAnyThread() || trc->runtime()->gc.isHeapCompacting());
for (NonStringWrapperEnum e(this); !e.empty(); e.popFront()) {
if (e.front().key().is<JSObject*>()) {
Value v = e.front().value().unbarrieredGet();
ProxyObject* wrapper = &v.toObject().as<ProxyObject>();
/*
* We have a cross-compartment wrapper. Its private pointer may
* point into the compartment being collected, so we should mark it.
*/
ProxyObject::traceEdgeToTarget(trc, wrapper);
}
}
}
static bool
XPCShellOperationCallback(JSContext *cx)
{
// If no operation callback was set by script, no-op.
if (sScriptedOperationCallback.isUndefined())
return true;
JSAutoCompartment ac(cx, &sScriptedOperationCallback.toObject());
RootedValue rv(cx);
if (!JS_CallFunctionValue(cx, nullptr, sScriptedOperationCallback,
0, nullptr, rv.address()) || !rv.isBoolean())
{
NS_WARNING("Scripted operation callback failed! Terminating script.");
JS_ClearPendingException(cx);
return false;
}
return rv.toBoolean();
}
static JSBool
GC(JSContext *cx, unsigned argc, jsval *vp)
{
/*
* If the first argument is 'compartment', we collect any compartments
* previously scheduled for GC via schedulegc. If the first argument is an
* object, we collect the object's compartment (and any other compartments
* scheduled for GC). Otherwise, we collect all compartments.
*/
JSBool compartment = false;
if (argc == 1) {
Value arg = vp[2];
if (arg.isString()) {
if (!JS_StringEqualsAscii(cx, arg.toString(), "compartment", &compartment))
return false;
} else if (arg.isObject()) {
PrepareZoneForGC(UnwrapObject(&arg.toObject())->zone());
compartment = true;
}
}
#ifndef JS_MORE_DETERMINISTIC
size_t preBytes = cx->runtime->gcBytes;
#endif
if (compartment)
PrepareForDebugGC(cx->runtime);
else
PrepareForFullGC(cx->runtime);
GCForReason(cx->runtime, gcreason::API);
char buf[256] = { '\0' };
#ifndef JS_MORE_DETERMINISTIC
JS_snprintf(buf, sizeof(buf), "before %lu, after %lu\n",
(unsigned long)preBytes, (unsigned long)cx->runtime->gcBytes);
#endif
JSString *str = JS_NewStringCopyZ(cx, buf);
if (!str)
return false;
*vp = STRING_TO_JSVAL(str);
return true;
}
