1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set ts=8 sts=4 et sw=4 tw=99:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 /* JS Array interface. */
8
9 #ifndef jsarray_h
10 #define jsarray_h
11
12 #include "jspubtd.h"
13
14 #include "vm/ArrayObject.h"
15 #include "vm/JSObject.h"
16
17 namespace js {
18 /* 2^32-2, inclusive */
19 const uint32_t MAX_ARRAY_INDEX = 4294967294u;
20
IdIsIndex(jsid id,uint32_t * indexp)21 MOZ_ALWAYS_INLINE bool IdIsIndex(jsid id, uint32_t* indexp) {
22 if (JSID_IS_INT(id)) {
23 int32_t i = JSID_TO_INT(id);
24 MOZ_ASSERT(i >= 0);
25 *indexp = (uint32_t)i;
26 return true;
27 }
28
29 if (MOZ_UNLIKELY(!JSID_IS_STRING(id))) return false;
30
31 JSAtom* atom = JSID_TO_ATOM(id);
32 if (atom->length() == 0 || !JS7_ISDEC(atom->latin1OrTwoByteChar(0)))
33 return false;
34
35 return js::StringIsArrayIndex(atom, indexp);
36 }
37
38 // The methods below only create dense boxed arrays.
39
40 /* Create a dense array with no capacity allocated, length set to 0. */
41 extern ArrayObject* JS_FASTCALL
42 NewDenseEmptyArray(JSContext* cx, HandleObject proto = nullptr,
43 NewObjectKind newKind = GenericObject);
44
45 /*
46 * Create a dense array with a set length, but without allocating space for the
47 * contents. This is useful, e.g., when accepting length from the user.
48 */
49 extern ArrayObject* JS_FASTCALL NewDenseUnallocatedArray(
50 JSContext* cx, uint32_t length, HandleObject proto = nullptr,
51 NewObjectKind newKind = GenericObject);
52
53 /*
54 * Create a dense array with length and capacity == |length|, initialized length
55 * set to 0, but with only |EagerAllocationMaxLength| elements allocated.
56 */
57 extern ArrayObject* JS_FASTCALL NewDensePartlyAllocatedArray(
58 JSContext* cx, uint32_t length, HandleObject proto = nullptr,
59 NewObjectKind newKind = GenericObject);
60
61 /* Create a dense array with length and capacity == 'length', initialized length
62 * set to 0. */
63 extern ArrayObject* JS_FASTCALL NewDenseFullyAllocatedArray(
64 JSContext* cx, uint32_t length, HandleObject proto = nullptr,
65 NewObjectKind newKind = GenericObject);
66
67 /* Create a dense array from the given array values, which must be rooted */
68 extern ArrayObject* NewDenseCopiedArray(JSContext* cx, uint32_t length,
69 const Value* values,
70 HandleObject proto = nullptr,
71 NewObjectKind newKind = GenericObject);
72
73 /* Create a dense array based on templateObject with the given length. */
74 extern ArrayObject* NewDenseFullyAllocatedArrayWithTemplate(
75 JSContext* cx, uint32_t length, JSObject* templateObject);
76
77 /* Create a dense array with the same copy-on-write elements as another object.
78 */
79 extern ArrayObject* NewDenseCopyOnWriteArray(JSContext* cx,
80 HandleArrayObject templateObject,
81 gc::InitialHeap heap);
82
83 extern ArrayObject* NewFullyAllocatedArrayTryUseGroup(
84 JSContext* cx, HandleObjectGroup group, size_t length,
85 NewObjectKind newKind = GenericObject);
86
87 extern ArrayObject* NewPartlyAllocatedArrayTryUseGroup(JSContext* cx,
88 HandleObjectGroup group,
89 size_t length);
90
91 extern ArrayObject* NewFullyAllocatedArrayTryReuseGroup(
92 JSContext* cx, HandleObject obj, size_t length,
93 NewObjectKind newKind = GenericObject);
94
95 extern ArrayObject* NewPartlyAllocatedArrayTryReuseGroup(JSContext* cx,
96 HandleObject obj,
97 size_t length);
98
99 extern ArrayObject* NewFullyAllocatedArrayForCallingAllocationSite(
100 JSContext* cx, size_t length, NewObjectKind newKind = GenericObject);
101
102 extern ArrayObject* NewPartlyAllocatedArrayForCallingAllocationSite(
103 JSContext* cx, size_t length, HandleObject proto);
104
105 extern ArrayObject* NewCopiedArrayTryUseGroup(
106 JSContext* cx, HandleObjectGroup group, const Value* vp, size_t length,
107 NewObjectKind newKind = GenericObject,
108 ShouldUpdateTypes updateTypes = ShouldUpdateTypes::Update);
109
110 extern ArrayObject* NewCopiedArrayForCallingAllocationSite(
111 JSContext* cx, const Value* vp, size_t length,
112 HandleObject proto = nullptr);
113
114 /*
115 * Determines whether a write to the given element on |obj| should fail because
116 * |obj| is an Array with a non-writable length, and writing that element would
117 * increase the length of the array.
118 */
119 extern bool WouldDefinePastNonwritableLength(HandleNativeObject obj,
120 uint32_t index);
121
122 extern bool GetLengthProperty(JSContext* cx, HandleObject obj,
123 uint32_t* lengthp);
124
125 extern bool SetLengthProperty(JSContext* cx, HandleObject obj, uint32_t length);
126
127 /*
128 * Copy 'length' elements from aobj to vp.
129 *
130 * This function assumes 'length' is effectively the result of calling
131 * GetLengthProperty on aobj. vp must point to rooted memory.
132 */
133 extern bool GetElements(JSContext* cx, HandleObject aobj, uint32_t length,
134 js::Value* vp);
135
136 /* Natives exposed for optimization by the interpreter and JITs. */
137
138 extern bool intrinsic_ArrayNativeSort(JSContext* cx, unsigned argc,
139 js::Value* vp);
140
141 extern bool array_push(JSContext* cx, unsigned argc, js::Value* vp);
142
143 extern bool array_pop(JSContext* cx, unsigned argc, js::Value* vp);
144
145 extern bool array_join(JSContext* cx, unsigned argc, js::Value* vp);
146
147 extern void ArrayShiftMoveElements(NativeObject* obj);
148
149 extern bool array_shift(JSContext* cx, unsigned argc, js::Value* vp);
150
151 extern bool array_unshift(JSContext* cx, unsigned argc, js::Value* vp);
152
153 extern bool array_slice(JSContext* cx, unsigned argc, js::Value* vp);
154
155 extern JSObject* array_slice_dense(JSContext* cx, HandleObject obj,
156 int32_t begin, int32_t end,
157 HandleObject result);
158
159 extern bool array_reverse(JSContext* cx, unsigned argc, js::Value* vp);
160
161 extern bool array_splice(JSContext* cx, unsigned argc, js::Value* vp);
162
163 extern const JSJitInfo array_splice_info;
164
165 /*
166 * Append the given (non-hole) value to the end of an array. The array must be
167 * a newborn array -- that is, one which has not been exposed to script for
168 * arbitrary manipulation. (This method optimizes on the assumption that
169 * extending the array to accommodate the element will never make the array
170 * sparse, which requires that the array be completely filled.)
171 */
172 extern bool NewbornArrayPush(JSContext* cx, HandleObject obj, const Value& v);
173
174 extern ArrayObject* ArrayConstructorOneArg(JSContext* cx,
175 HandleObjectGroup group,
176 int32_t lengthInt);
177
178 #ifdef DEBUG
179 extern bool ArrayInfo(JSContext* cx, unsigned argc, Value* vp);
180 #endif
181
182 /* Array constructor native. Exposed only so the JIT can know its address. */
183 extern bool ArrayConstructor(JSContext* cx, unsigned argc, Value* vp);
184
185 // Like Array constructor, but doesn't perform GetPrototypeFromConstructor.
186 extern bool array_construct(JSContext* cx, unsigned argc, Value* vp);
187
188 extern bool IsWrappedArrayConstructor(JSContext* cx, const Value& v,
189 bool* result);
190
191 class MOZ_NON_TEMPORARY_CLASS ArraySpeciesLookup final {
192 /*
193 * An ArraySpeciesLookup holds the following:
194 *
195 * Array.prototype (arrayProto_)
196 * To ensure that the incoming array has the standard proto.
197 *
198 * Array.prototype's shape (arrayProtoShape_)
199 * To ensure that Array.prototype has not been modified.
200 *
201 * Array (arrayConstructor_)
202 * Array's shape (arrayConstructorShape_)
203 * To ensure that Array has not been modified.
204 *
205 * Array.prototype's slot number for constructor (arrayProtoConstructorSlot_)
206 * To quickly retrieve and ensure that the Array constructor
207 * stored in the slot has not changed.
208 *
209 * Array's shape for the @@species getter. (arraySpeciesShape_)
210 * Array's canonical value for @@species (canonicalSpeciesFunc_)
211 * To quickly retrieve and ensure that the @@species getter for Array
212 * has not changed.
213 */
214
215 // Pointer to canonical Array.prototype and Array.
216 NativeObject* arrayProto_;
217 NativeObject* arrayConstructor_;
218
219 // Shape of matching Array, and slot containing the @@species
220 // property, and the canonical value.
221 Shape* arrayConstructorShape_;
222 #ifdef DEBUG
223 Shape* arraySpeciesShape_;
224 JSFunction* canonicalSpeciesFunc_;
225 #endif
226
227 // Shape of matching Array.prototype object, and slot containing the
228 // constructor for it.
229 Shape* arrayProtoShape_;
230 uint32_t arrayProtoConstructorSlot_;
231
232 enum class State : uint8_t {
233 // Flags marking the lazy initialization of the above fields.
234 Uninitialized,
235 Initialized,
236
237 // The disabled flag is set when we don't want to try optimizing
238 // anymore because core objects were changed.
239 Disabled
240 };
241
242 State state_;
243
244 // Initialize the internal fields.
245 void initialize(JSContext* cx);
246
247 // Reset the cache.
248 void reset();
249
250 // Check if the global array-related objects have not been messed with
251 // in a way that would disable this cache.
252 bool isArrayStateStillSane();
253
254 public:
ArraySpeciesLookup()255 ArraySpeciesLookup() { reset(); }
256
257 // Try to optimize the @@species lookup for an array.
258 bool tryOptimizeArray(JSContext* cx, ArrayObject* array);
259
260 // Purge the cache and all info associated with it.
purge()261 void purge() {
262 if (state_ == State::Initialized) reset();
263 }
264 };
265
266 } /* namespace js */
267
268 #endif /* jsarray_h */
269