bool
JSCompartment::wrap(JSContext *cx, Value *vp, JSObject *existing)
{
JS_ASSERT(cx->compartment == this);
JS_ASSERT_IF(existing, existing->compartment() == cx->compartment);
JS_ASSERT_IF(existing, vp->isObject());
JS_ASSERT_IF(existing, IsDeadProxyObject(existing));
unsigned flags = 0;
JS_CHECK_CHROME_RECURSION(cx, return false);
#ifdef DEBUG
struct AutoDisableProxyCheck {
JSRuntime *runtime;
AutoDisableProxyCheck(JSRuntime *rt) : runtime(rt) {
runtime->gcDisableStrictProxyCheckingCount++;
}
~AutoDisableProxyCheck() { runtime->gcDisableStrictProxyCheckingCount--; }
} adpc(rt);
#endif
/* Only GC things have to be wrapped or copied. */
if (!vp->isMarkable())
return true;
if (vp->isString()) {
JSString *str = vp->toString();
/* If the string is already in this compartment, we are done. */
if (str->compartment() == this)
return true;
/* If the string is an atom, we don't have to copy. */
if (str->isAtom()) {
JS_ASSERT(str->compartment() == cx->runtime->atomsCompartment);
return true;
}
}
/*
* Wrappers should really be parented to the wrapped parent of the wrapped
* object, but in that case a wrapped global object would have a NULL
* parent without being a proper global object (JSCLASS_IS_GLOBAL). Instead,
* we parent all wrappers to the global object in their home compartment.
* This loses us some transparency, and is generally very cheesy.
*/
HandleObject global = cx->global();
/* Unwrap incoming objects. */
if (vp->isObject()) {
Rooted<JSObject*> obj(cx, &vp->toObject());
if (obj->compartment() == this)
return WrapForSameCompartment(cx, obj, vp);
/* Translate StopIteration singleton. */
if (obj->isStopIteration()) {
RootedValue vvp(cx, *vp);
bool result = js_FindClassObject(cx, JSProto_StopIteration, &vvp);
*vp = vvp;
return result;
}
/* Unwrap the object, but don't unwrap outer windows. */
obj = UnwrapObject(&vp->toObject(), /* stopAtOuter = */ true, &flags);
if (obj->compartment() == this)
return WrapForSameCompartment(cx, obj, vp);
if (cx->runtime->preWrapObjectCallback) {
obj = cx->runtime->preWrapObjectCallback(cx, global, obj, flags);
if (!obj)
return false;
}
if (obj->compartment() == this)
return WrapForSameCompartment(cx, obj, vp);
vp->setObject(*obj);
#ifdef DEBUG
{
JSObject *outer = GetOuterObject(cx, obj);
JS_ASSERT(outer && outer == obj);
}
#endif
}
RootedValue key(cx, *vp);
/* If we already have a wrapper for this value, use it. */
if (WrapperMap::Ptr p = crossCompartmentWrappers.lookup(key)) {
*vp = p->value;
if (vp->isObject()) {
RootedObject obj(cx, &vp->toObject());
JS_ASSERT(obj->isCrossCompartmentWrapper());
JS_ASSERT(obj->getParent() == global);
}
return true;
}
if (vp->isString()) {
RootedValue orig(cx, *vp);
JSStableString *str = vp->toString()->ensureStable(cx);
if (!str)
return false;
JSString *wrapped = js_NewStringCopyN(cx, str->chars().get(), str->length());
if (!wrapped)
return false;
vp->setString(wrapped);
return crossCompartmentWrappers.put(orig, *vp);
}
RootedObject obj(cx, &vp->toObject());
JSObject *proto = Proxy::LazyProto;
if (existing) {
/* Is it possible to reuse |existing|? */
if (!existing->getTaggedProto().isLazy() ||
existing->getClass() != &ObjectProxyClass ||
existing->getParent() != global ||
obj->isCallable())
{
existing = NULL;
}
}
/*
* We hand in the original wrapped object into the wrap hook to allow
* the wrap hook to reason over what wrappers are currently applied
* to the object.
*/
RootedObject wrapper(cx);
wrapper = cx->runtime->wrapObjectCallback(cx, existing, obj, proto, global, flags);
if (!wrapper)
return false;
// We maintain the invariant that the key in the cross-compartment wrapper
// map is always directly wrapped by the value.
JS_ASSERT(Wrapper::wrappedObject(wrapper) == &key.get().toObject());
vp->setObject(*wrapper);
if (!crossCompartmentWrappers.put(key, *vp))
return false;
return true;
}
bool
JSCompartment::wrap(JSContext *cx, Value *vp)
{
JS_ASSERT(cx->compartment == this);
unsigned flags = 0;
JS_CHECK_RECURSION(cx, return false);
#ifdef DEBUG
struct AutoDisableProxyCheck {
JSRuntime *runtime;
AutoDisableProxyCheck(JSRuntime *rt) : runtime(rt) {
runtime->gcDisableStrictProxyCheckingCount++;
}
~AutoDisableProxyCheck() { runtime->gcDisableStrictProxyCheckingCount--; }
} adpc(rt);
#endif
/* Only GC things have to be wrapped or copied. */
if (!vp->isMarkable())
return true;
if (vp->isString()) {
JSString *str = vp->toString();
/* If the string is already in this compartment, we are done. */
if (str->compartment() == this)
return true;
/* If the string is an atom, we don't have to copy. */
if (str->isAtom()) {
JS_ASSERT(str->compartment() == cx->runtime->atomsCompartment);
return true;
}
}
/*
* Wrappers should really be parented to the wrapped parent of the wrapped
* object, but in that case a wrapped global object would have a NULL
* parent without being a proper global object (JSCLASS_IS_GLOBAL). Instead,
* we parent all wrappers to the global object in their home compartment.
* This loses us some transparency, and is generally very cheesy.
*/
HandleObject global = cx->global();
/* Unwrap incoming objects. */
if (vp->isObject()) {
Rooted<JSObject*> obj(cx, &vp->toObject());
if (obj->compartment() == this)
return WrapForSameCompartment(cx, obj, vp);
/* Translate StopIteration singleton. */
if (obj->isStopIteration()) {
RootedValue vvp(cx, *vp);
bool result = js_FindClassObject(cx, JSProto_StopIteration, &vvp);
*vp = vvp;
return result;
}
/* Unwrap the object, but don't unwrap outer windows. */
obj = UnwrapObject(&vp->toObject(), /* stopAtOuter = */ true, &flags);
if (obj->compartment() == this)
return WrapForSameCompartment(cx, obj, vp);
if (cx->runtime->preWrapObjectCallback) {
obj = cx->runtime->preWrapObjectCallback(cx, global, obj, flags);
if (!obj)
return false;
}
if (obj->compartment() == this)
return WrapForSameCompartment(cx, obj, vp);
vp->setObject(*obj);
#ifdef DEBUG
{
JSObject *outer = GetOuterObject(cx, obj);
JS_ASSERT(outer && outer == obj);
}
#endif
}
RootedValue key(cx, *vp);
/* If we already have a wrapper for this value, use it. */
if (WrapperMap::Ptr p = crossCompartmentWrappers.lookup(key)) {
*vp = p->value;
if (vp->isObject()) {
RootedObject obj(cx, &vp->toObject());
JS_ASSERT(obj->isCrossCompartmentWrapper());
if (obj->getParent() != global) {
do {
if (!JSObject::setParent(cx, obj, global))
return false;
obj = obj->getProto();
} while (obj && obj->isCrossCompartmentWrapper());
}
}
return true;
}
if (vp->isString()) {
RootedValue orig(cx, *vp);
JSString *str = vp->toString();
const jschar *chars = str->getChars(cx);
if (!chars)
return false;
JSString *wrapped = js_NewStringCopyN(cx, chars, str->length());
if (!wrapped)
return false;
vp->setString(wrapped);
return crossCompartmentWrappers.put(orig, *vp);
}
RootedObject obj(cx, &vp->toObject());
/*
* Recurse to wrap the prototype. Long prototype chains will run out of
* stack, causing an error in CHECK_RECURSE.
*
* Wrapping the proto before creating the new wrapper and adding it to the
* cache helps avoid leaving a bad entry in the cache on OOM. But note that
* if we wrapped both proto and parent, we would get infinite recursion
* here (since Object.prototype->parent->proto leads to Object.prototype
* itself).
*/
RootedObject proto(cx, obj->getProto());
if (!wrap(cx, proto.address()))
return false;
/*
* We hand in the original wrapped object into the wrap hook to allow
* the wrap hook to reason over what wrappers are currently applied
* to the object.
*/
RootedObject wrapper(cx, cx->runtime->wrapObjectCallback(cx, obj, proto, global, flags));
if (!wrapper)
return false;
// We maintain the invariant that the key in the cross-compartment wrapper
// map is always directly wrapped by the value.
JS_ASSERT(Wrapper::wrappedObject(wrapper) == &key.get().toObject());
vp->setObject(*wrapper);
if (!crossCompartmentWrappers.put(key, *vp))
return false;
return true;
}
bool
JSCompartment::wrap(JSContext *cx, Value *vp)
{
JS_ASSERT(cx->compartment == this);
unsigned flags = 0;
JS_CHECK_RECURSION(cx, return false);
/* Only GC things have to be wrapped or copied. */
if (!vp->isMarkable())
return true;
if (vp->isString()) {
JSString *str = vp->toString();
/* If the string is already in this compartment, we are done. */
if (str->compartment() == this)
return true;
/* If the string is an atom, we don't have to copy. */
if (str->isAtom()) {
JS_ASSERT(str->compartment() == cx->runtime->atomsCompartment);
return true;
}
}
/*
* Wrappers should really be parented to the wrapped parent of the wrapped
* object, but in that case a wrapped global object would have a NULL
* parent without being a proper global object (JSCLASS_IS_GLOBAL). Instead,
* we parent all wrappers to the global object in their home compartment.
* This loses us some transparency, and is generally very cheesy.
*/
JSObject *global;
if (cx->hasfp()) {
global = &cx->fp()->scopeChain().global();
} else {
global = JS_ObjectToInnerObject(cx, cx->globalObject);
if (!global)
return false;
}
/* Unwrap incoming objects. */
if (vp->isObject()) {
JSObject *obj = &vp->toObject();
/* If the object is already in this compartment, we are done. */
if (obj->compartment() == this)
return true;
/* Translate StopIteration singleton. */
if (obj->isStopIteration())
return js_FindClassObject(cx, NULL, JSProto_StopIteration, vp);
/* Don't unwrap an outer window proxy. */
if (!obj->getClass()->ext.innerObject) {
obj = UnwrapObject(&vp->toObject(), true, &flags);
vp->setObject(*obj);
if (obj->compartment() == this)
return true;
if (cx->runtime->preWrapObjectCallback) {
obj = cx->runtime->preWrapObjectCallback(cx, global, obj, flags);
if (!obj)
return false;
}
vp->setObject(*obj);
if (obj->compartment() == this)
return true;
} else {
if (cx->runtime->preWrapObjectCallback) {
obj = cx->runtime->preWrapObjectCallback(cx, global, obj, flags);
if (!obj)
return false;
}
JS_ASSERT(!obj->isWrapper() || obj->getClass()->ext.innerObject);
vp->setObject(*obj);
}
#ifdef DEBUG
{
JSObject *outer = obj;
OBJ_TO_OUTER_OBJECT(cx, outer);
JS_ASSERT(outer && outer == obj);
}
#endif
}
/* If we already have a wrapper for this value, use it. */
if (WrapperMap::Ptr p = crossCompartmentWrappers.lookup(*vp)) {
*vp = p->value;
if (vp->isObject()) {
JSObject *obj = &vp->toObject();
JS_ASSERT(obj->isCrossCompartmentWrapper());
if (global->getClass() != &dummy_class && obj->getParent() != global) {
do {
if (!obj->setParent(cx, global))
return false;
obj = obj->getProto();
} while (obj && obj->isCrossCompartmentWrapper());
}
}
return true;
}
if (vp->isString()) {
Value orig = *vp;
JSString *str = vp->toString();
const jschar *chars = str->getChars(cx);
if (!chars)
return false;
JSString *wrapped = js_NewStringCopyN(cx, chars, str->length());
if (!wrapped)
return false;
vp->setString(wrapped);
return crossCompartmentWrappers.put(orig, *vp);
}
JSObject *obj = &vp->toObject();
/*
* Recurse to wrap the prototype. Long prototype chains will run out of
* stack, causing an error in CHECK_RECURSE.
*
* Wrapping the proto before creating the new wrapper and adding it to the
* cache helps avoid leaving a bad entry in the cache on OOM. But note that
* if we wrapped both proto and parent, we would get infinite recursion
* here (since Object.prototype->parent->proto leads to Object.prototype
* itself).
*/
JSObject *proto = obj->getProto();
if (!wrap(cx, &proto))
return false;
/*
* We hand in the original wrapped object into the wrap hook to allow
* the wrap hook to reason over what wrappers are currently applied
* to the object.
*/
JSObject *wrapper = cx->runtime->wrapObjectCallback(cx, obj, proto, global, flags);
if (!wrapper)
return false;
vp->setObject(*wrapper);
if (wrapper->getProto() != proto && !SetProto(cx, wrapper, proto, false))
return false;
if (!crossCompartmentWrappers.put(GetProxyPrivate(wrapper), *vp))
return false;
if (!wrapper->setParent(cx, global))
return false;
return true;
}
inline void
GCMarker::processMarkStackTop(SliceBudget &budget)
{
/*
* The function uses explicit goto and implements the scanning of the
* object directly. It allows to eliminate the tail recursion and
* significantly improve the marking performance, see bug 641025.
*/
HeapSlot *vp, *end;
JSObject *obj;
uintptr_t addr = stack.pop();
uintptr_t tag = addr & StackTagMask;
addr &= ~StackTagMask;
if (tag == ValueArrayTag) {
JS_STATIC_ASSERT(ValueArrayTag == 0);
JS_ASSERT(!(addr & Cell::CellMask));
obj = reinterpret_cast<JSObject *>(addr);
uintptr_t addr2 = stack.pop();
uintptr_t addr3 = stack.pop();
JS_ASSERT(addr2 <= addr3);
JS_ASSERT((addr3 - addr2) % sizeof(Value) == 0);
vp = reinterpret_cast<HeapSlot *>(addr2);
end = reinterpret_cast<HeapSlot *>(addr3);
goto scan_value_array;
}
if (tag == ObjectTag) {
obj = reinterpret_cast<JSObject *>(addr);
JS_COMPARTMENT_ASSERT(runtime, obj);
goto scan_obj;
}
processMarkStackOther(budget, tag, addr);
return;
scan_value_array:
JS_ASSERT(vp <= end);
while (vp != end) {
const Value &v = *vp++;
if (v.isString()) {
JSString *str = v.toString();
JS_COMPARTMENT_ASSERT_STR(runtime, str);
JS_ASSERT(str->compartment() == runtime->atomsCompartment ||
str->compartment() == obj->compartment());
if (str->markIfUnmarked())
ScanString(this, str);
} else if (v.isObject()) {
JSObject *obj2 = &v.toObject();
JS_COMPARTMENT_ASSERT(runtime, obj2);
JS_ASSERT(obj->compartment() == obj2->compartment());
if (obj2->markIfUnmarked(getMarkColor())) {
pushValueArray(obj, vp, end);
obj = obj2;
goto scan_obj;
}
}
}
return;
scan_obj:
{
JS_COMPARTMENT_ASSERT(runtime, obj);
budget.step();
if (budget.isOverBudget()) {
pushObject(obj);
return;
}
types::TypeObject *type = obj->typeFromGC();
PushMarkStack(this, type);
Shape *shape = obj->lastProperty();
PushMarkStack(this, shape);
/* Call the trace hook if necessary. */
Class *clasp = shape->getObjectClass();
if (clasp->trace) {
if (clasp == &ArrayClass) {
JS_ASSERT(!shape->isNative());
vp = obj->getDenseArrayElements();
end = vp + obj->getDenseArrayInitializedLength();
goto scan_value_array;
} else {
JS_ASSERT_IF(runtime->gcMode == JSGC_MODE_INCREMENTAL &&
runtime->gcIncrementalEnabled,
clasp->flags & JSCLASS_IMPLEMENTS_BARRIERS);
}
clasp->trace(this, obj);
}
if (!shape->isNative())
return;
unsigned nslots = obj->slotSpan();
vp = obj->fixedSlots();
if (obj->slots) {
unsigned nfixed = obj->numFixedSlots();
if (nslots > nfixed) {
pushValueArray(obj, vp, vp + nfixed);
vp = obj->slots;
end = vp + (nslots - nfixed);
goto scan_value_array;
}
}
JS_ASSERT(nslots <= obj->numFixedSlots());
end = vp + nslots;
goto scan_value_array;
}
}