| // Copyright 2018 the V8 project authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "src/objects/js-array-buffer.h" |
| #include "src/objects/js-array-buffer-inl.h" |
| #include "src/property-descriptor.h" |
| |
| namespace v8 { |
| namespace internal { |
| |
| namespace { |
| |
| bool CanonicalNumericIndexString(Isolate* isolate, Handle<Object> s, |
| Handle<Object>* index) { |
| DCHECK(s->IsString() || s->IsSmi()); |
| |
| Handle<Object> result; |
| if (s->IsSmi()) { |
| result = s; |
| } else { |
| result = String::ToNumber(isolate, Handle<String>::cast(s)); |
| if (!result->IsMinusZero()) { |
| Handle<String> str = Object::ToString(isolate, result).ToHandleChecked(); |
| // Avoid treating strings like "2E1" and "20" as the same key. |
| if (!str->SameValue(*s)) return false; |
| } |
| } |
| *index = result; |
| return true; |
| } |
| |
| inline int ConvertToMb(size_t size) { |
| return static_cast<int>(size / static_cast<size_t>(MB)); |
| } |
| |
| } // anonymous namespace |
| |
| void JSArrayBuffer::Neuter() { |
| CHECK(is_neuterable()); |
| CHECK(!was_neutered()); |
| CHECK(is_external()); |
| set_backing_store(nullptr); |
| set_byte_length(Smi::kZero); |
| set_was_neutered(true); |
| set_is_neuterable(false); |
| // Invalidate the neutering protector. |
| Isolate* const isolate = GetIsolate(); |
| if (isolate->IsArrayBufferNeuteringIntact()) { |
| isolate->InvalidateArrayBufferNeuteringProtector(); |
| } |
| } |
| |
| void JSArrayBuffer::StopTrackingWasmMemory(Isolate* isolate) { |
| DCHECK(is_wasm_memory()); |
| isolate->wasm_engine()->memory_tracker()->ReleaseAllocation(isolate, |
| backing_store()); |
| set_is_wasm_memory(false); |
| } |
| |
| void JSArrayBuffer::FreeBackingStoreFromMainThread() { |
| if (allocation_base() == nullptr) { |
| return; |
| } |
| FreeBackingStore(GetIsolate(), {allocation_base(), allocation_length(), |
| backing_store(), is_wasm_memory()}); |
| // Zero out the backing store and allocation base to avoid dangling |
| // pointers. |
| set_backing_store(nullptr); |
| } |
| |
| // static |
| void JSArrayBuffer::FreeBackingStore(Isolate* isolate, Allocation allocation) { |
| if (allocation.is_wasm_memory) { |
| wasm::WasmMemoryTracker* memory_tracker = |
| isolate->wasm_engine()->memory_tracker(); |
| if (!memory_tracker->FreeMemoryIfIsWasmMemory(isolate, |
| allocation.backing_store)) { |
| CHECK(FreePages(GetPlatformPageAllocator(), allocation.allocation_base, |
| allocation.length)); |
| } |
| } else { |
| isolate->array_buffer_allocator()->Free(allocation.allocation_base, |
| allocation.length); |
| } |
| } |
| |
| void JSArrayBuffer::set_is_wasm_memory(bool is_wasm_memory) { |
| set_bit_field(IsWasmMemory::update(bit_field(), is_wasm_memory)); |
| } |
| |
| void JSArrayBuffer::Setup(Handle<JSArrayBuffer> array_buffer, Isolate* isolate, |
| bool is_external, void* data, size_t byte_length, |
| SharedFlag shared, bool is_wasm_memory) { |
| DCHECK_EQ(array_buffer->GetEmbedderFieldCount(), |
| v8::ArrayBuffer::kEmbedderFieldCount); |
| for (int i = 0; i < v8::ArrayBuffer::kEmbedderFieldCount; i++) { |
| array_buffer->SetEmbedderField(i, Smi::kZero); |
| } |
| array_buffer->set_bit_field(0); |
| array_buffer->set_is_external(is_external); |
| array_buffer->set_is_neuterable(shared == SharedFlag::kNotShared); |
| array_buffer->set_is_shared(shared == SharedFlag::kShared); |
| array_buffer->set_is_wasm_memory(is_wasm_memory); |
| |
| Handle<Object> heap_byte_length = |
| isolate->factory()->NewNumberFromSize(byte_length); |
| CHECK(heap_byte_length->IsSmi() || heap_byte_length->IsHeapNumber()); |
| array_buffer->set_byte_length(*heap_byte_length); |
| // Initialize backing store at last to avoid handling of |JSArrayBuffers| that |
| // are currently being constructed in the |ArrayBufferTracker|. The |
| // registration method below handles the case of registering a buffer that has |
| // already been promoted. |
| array_buffer->set_backing_store(data); |
| |
| if (data && !is_external) { |
| isolate->heap()->RegisterNewArrayBuffer(*array_buffer); |
| } |
| } |
| |
| bool JSArrayBuffer::SetupAllocatingData(Handle<JSArrayBuffer> array_buffer, |
| Isolate* isolate, |
| size_t allocated_length, |
| bool initialize, SharedFlag shared) { |
| void* data; |
| CHECK_NOT_NULL(isolate->array_buffer_allocator()); |
| if (allocated_length != 0) { |
| if (allocated_length >= MB) |
| isolate->counters()->array_buffer_big_allocations()->AddSample( |
| ConvertToMb(allocated_length)); |
| if (shared == SharedFlag::kShared) |
| isolate->counters()->shared_array_allocations()->AddSample( |
| ConvertToMb(allocated_length)); |
| if (initialize) { |
| data = isolate->array_buffer_allocator()->Allocate(allocated_length); |
| } else { |
| data = isolate->array_buffer_allocator()->AllocateUninitialized( |
| allocated_length); |
| } |
| if (data == nullptr) { |
| isolate->counters()->array_buffer_new_size_failures()->AddSample( |
| ConvertToMb(allocated_length)); |
| return false; |
| } |
| } else { |
| data = nullptr; |
| } |
| |
| const bool is_external = false; |
| JSArrayBuffer::Setup(array_buffer, isolate, is_external, data, |
| allocated_length, shared); |
| return true; |
| } |
| |
| Handle<JSArrayBuffer> JSTypedArray::MaterializeArrayBuffer( |
| Handle<JSTypedArray> typed_array) { |
| DCHECK(typed_array->is_on_heap()); |
| |
| Isolate* isolate = typed_array->GetIsolate(); |
| |
| DCHECK(IsFixedTypedArrayElementsKind(typed_array->GetElementsKind())); |
| |
| Handle<FixedTypedArrayBase> fixed_typed_array( |
| FixedTypedArrayBase::cast(typed_array->elements()), isolate); |
| |
| Handle<JSArrayBuffer> buffer(JSArrayBuffer::cast(typed_array->buffer()), |
| isolate); |
| // This code does not know how to materialize from wasm buffers. |
| DCHECK(!buffer->is_wasm_memory()); |
| |
| void* backing_store = |
| isolate->array_buffer_allocator()->AllocateUninitialized( |
| fixed_typed_array->DataSize()); |
| if (backing_store == nullptr) { |
| isolate->heap()->FatalProcessOutOfMemory( |
| "JSTypedArray::MaterializeArrayBuffer"); |
| } |
| buffer->set_is_external(false); |
| DCHECK(buffer->byte_length()->IsSmi() || |
| buffer->byte_length()->IsHeapNumber()); |
| DCHECK(NumberToInt32(buffer->byte_length()) == fixed_typed_array->DataSize()); |
| // Initialize backing store at last to avoid handling of |JSArrayBuffers| that |
| // are currently being constructed in the |ArrayBufferTracker|. The |
| // registration method below handles the case of registering a buffer that has |
| // already been promoted. |
| buffer->set_backing_store(backing_store); |
| // RegisterNewArrayBuffer expects a valid length for adjusting counters. |
| isolate->heap()->RegisterNewArrayBuffer(*buffer); |
| memcpy(buffer->backing_store(), fixed_typed_array->DataPtr(), |
| fixed_typed_array->DataSize()); |
| Handle<FixedTypedArrayBase> new_elements = |
| isolate->factory()->NewFixedTypedArrayWithExternalPointer( |
| fixed_typed_array->length(), typed_array->type(), |
| static_cast<uint8_t*>(buffer->backing_store())); |
| |
| typed_array->set_elements(*new_elements); |
| DCHECK(!typed_array->is_on_heap()); |
| |
| return buffer; |
| } |
| |
| Handle<JSArrayBuffer> JSTypedArray::GetBuffer() { |
| if (!is_on_heap()) { |
| Handle<JSArrayBuffer> array_buffer(JSArrayBuffer::cast(buffer()), |
| GetIsolate()); |
| return array_buffer; |
| } |
| Handle<JSTypedArray> self(this, GetIsolate()); |
| return MaterializeArrayBuffer(self); |
| } |
| |
| // ES#sec-integer-indexed-exotic-objects-defineownproperty-p-desc |
| // static |
| Maybe<bool> JSTypedArray::DefineOwnProperty(Isolate* isolate, |
| Handle<JSTypedArray> o, |
| Handle<Object> key, |
| PropertyDescriptor* desc, |
| ShouldThrow should_throw) { |
| // 1. Assert: IsPropertyKey(P) is true. |
| DCHECK(key->IsName() || key->IsNumber()); |
| // 2. Assert: O is an Object that has a [[ViewedArrayBuffer]] internal slot. |
| // 3. If Type(P) is String, then |
| if (key->IsString() || key->IsSmi()) { |
| // 3a. Let numericIndex be ! CanonicalNumericIndexString(P) |
| // 3b. If numericIndex is not undefined, then |
| Handle<Object> numeric_index; |
| if (CanonicalNumericIndexString(isolate, key, &numeric_index)) { |
| // 3b i. If IsInteger(numericIndex) is false, return false. |
| // 3b ii. If numericIndex = -0, return false. |
| // 3b iii. If numericIndex < 0, return false. |
| // FIXME: the standard allows up to 2^53 elements. |
| uint32_t index; |
| if (numeric_index->IsMinusZero() || !numeric_index->ToUint32(&index)) { |
| RETURN_FAILURE(isolate, should_throw, |
| NewTypeError(MessageTemplate::kInvalidTypedArrayIndex)); |
| } |
| // 3b iv. Let length be O.[[ArrayLength]]. |
| uint32_t length = o->length()->Number(); |
| // 3b v. If numericIndex ≥ length, return false. |
| if (index >= length) { |
| RETURN_FAILURE(isolate, should_throw, |
| NewTypeError(MessageTemplate::kInvalidTypedArrayIndex)); |
| } |
| // 3b vi. If IsAccessorDescriptor(Desc) is true, return false. |
| if (PropertyDescriptor::IsAccessorDescriptor(desc)) { |
| RETURN_FAILURE(isolate, should_throw, |
| NewTypeError(MessageTemplate::kRedefineDisallowed, key)); |
| } |
| // 3b vii. If Desc has a [[Configurable]] field and if |
| // Desc.[[Configurable]] is true, return false. |
| // 3b viii. If Desc has an [[Enumerable]] field and if Desc.[[Enumerable]] |
| // is false, return false. |
| // 3b ix. If Desc has a [[Writable]] field and if Desc.[[Writable]] is |
| // false, return false. |
| if ((desc->has_configurable() && desc->configurable()) || |
| (desc->has_enumerable() && !desc->enumerable()) || |
| (desc->has_writable() && !desc->writable())) { |
| RETURN_FAILURE(isolate, should_throw, |
| NewTypeError(MessageTemplate::kRedefineDisallowed, key)); |
| } |
| // 3b x. If Desc has a [[Value]] field, then |
| // 3b x 1. Let value be Desc.[[Value]]. |
| // 3b x 2. Return ? IntegerIndexedElementSet(O, numericIndex, value). |
| if (desc->has_value()) { |
| if (!desc->has_configurable()) desc->set_configurable(false); |
| if (!desc->has_enumerable()) desc->set_enumerable(true); |
| if (!desc->has_writable()) desc->set_writable(true); |
| Handle<Object> value = desc->value(); |
| RETURN_ON_EXCEPTION_VALUE(isolate, |
| SetOwnElementIgnoreAttributes( |
| o, index, value, desc->ToAttributes()), |
| Nothing<bool>()); |
| } |
| // 3b xi. Return true. |
| return Just(true); |
| } |
| } |
| // 4. Return ! OrdinaryDefineOwnProperty(O, P, Desc). |
| return OrdinaryDefineOwnProperty(isolate, o, key, desc, should_throw); |
| } |
| |
| ExternalArrayType JSTypedArray::type() { |
| switch (elements()->map()->instance_type()) { |
| #define INSTANCE_TYPE_TO_ARRAY_TYPE(Type, type, TYPE, ctype) \ |
| case FIXED_##TYPE##_ARRAY_TYPE: \ |
| return kExternal##Type##Array; |
| |
| TYPED_ARRAYS(INSTANCE_TYPE_TO_ARRAY_TYPE) |
| #undef INSTANCE_TYPE_TO_ARRAY_TYPE |
| |
| default: |
| UNREACHABLE(); |
| } |
| } |
| |
| size_t JSTypedArray::element_size() { |
| switch (elements()->map()->instance_type()) { |
| #define INSTANCE_TYPE_TO_ELEMENT_SIZE(Type, type, TYPE, ctype) \ |
| case FIXED_##TYPE##_ARRAY_TYPE: \ |
| return sizeof(ctype); |
| |
| TYPED_ARRAYS(INSTANCE_TYPE_TO_ELEMENT_SIZE) |
| #undef INSTANCE_TYPE_TO_ELEMENT_SIZE |
| |
| default: |
| UNREACHABLE(); |
| } |
| } |
| |
| } // namespace internal |
| } // namespace v8 |