// Copyright 2016 the V8 project authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "src/builtins/builtins-utils-inl.h" #include "src/builtins/builtins.h" #include "src/conversions.h" #include "src/counters.h" #include "src/maybe-handles-inl.h" #include "src/objects-inl.h" #include "src/objects/js-array-buffer-inl.h" namespace v8 { namespace internal { #define CHECK_SHARED(expected, name, method) \ if (name->is_shared() != expected) { \ THROW_NEW_ERROR_RETURN_FAILURE( \ isolate, \ NewTypeError(MessageTemplate::kIncompatibleMethodReceiver, \ isolate->factory()->NewStringFromAsciiChecked(method), \ name)); \ } // ----------------------------------------------------------------------------- // ES6 section 21.1 ArrayBuffer Objects namespace { Object* ConstructBuffer(Isolate* isolate, Handle target, Handle new_target, Handle length, bool initialize) { Handle result; ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, JSObject::New(target, new_target)); size_t byte_length; if (!TryNumberToSize(*length, &byte_length)) { THROW_NEW_ERROR_RETURN_FAILURE( isolate, NewRangeError(MessageTemplate::kInvalidArrayBufferLength)); } SharedFlag shared_flag = (*target == target->native_context()->array_buffer_fun()) ? SharedFlag::kNotShared : SharedFlag::kShared; if (!JSArrayBuffer::SetupAllocatingData(Handle::cast(result), isolate, byte_length, initialize, shared_flag)) { THROW_NEW_ERROR_RETURN_FAILURE( isolate, NewRangeError(MessageTemplate::kArrayBufferAllocationFailed)); } return *result; } } // namespace // ES #sec-arraybuffer-constructor BUILTIN(ArrayBufferConstructor) { HandleScope scope(isolate); Handle target = args.target(); DCHECK(*target == target->native_context()->array_buffer_fun() || *target == target->native_context()->shared_array_buffer_fun()); if (args.new_target()->IsUndefined(isolate)) { // [[Call]] THROW_NEW_ERROR_RETURN_FAILURE( isolate, NewTypeError(MessageTemplate::kConstructorNotFunction, handle(target->shared()->Name(), isolate))); } // [[Construct]] Handle new_target = Handle::cast(args.new_target()); Handle length = args.atOrUndefined(isolate, 1); Handle number_length; ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, number_length, Object::ToInteger(isolate, length)); if (number_length->Number() < 0.0) { THROW_NEW_ERROR_RETURN_FAILURE( isolate, NewRangeError(MessageTemplate::kInvalidArrayBufferLength)); } return ConstructBuffer(isolate, target, new_target, number_length, true); } // This is a helper to construct an ArrayBuffer with uinitialized memory. // This means the caller must ensure the buffer is totally initialized in // all cases, or we will expose uinitialized memory to user code. BUILTIN(ArrayBufferConstructor_DoNotInitialize) { HandleScope scope(isolate); Handle target(isolate->native_context()->array_buffer_fun(), isolate); Handle length = args.atOrUndefined(isolate, 1); return ConstructBuffer(isolate, target, target, length, false); } // ES6 section 24.1.4.1 get ArrayBuffer.prototype.byteLength BUILTIN(ArrayBufferPrototypeGetByteLength) { const char* const kMethodName = "get ArrayBuffer.prototype.byteLength"; HandleScope scope(isolate); CHECK_RECEIVER(JSArrayBuffer, array_buffer, kMethodName); CHECK_SHARED(false, array_buffer, kMethodName); // TODO(franzih): According to the ES6 spec, we should throw a TypeError // here if the JSArrayBuffer is detached. return array_buffer->byte_length(); } // ES7 sharedmem 6.3.4.1 get SharedArrayBuffer.prototype.byteLength BUILTIN(SharedArrayBufferPrototypeGetByteLength) { const char* const kMethodName = "get SharedArrayBuffer.prototype.byteLength"; HandleScope scope(isolate); CHECK_RECEIVER(JSArrayBuffer, array_buffer, "get SharedArrayBuffer.prototype.byteLength"); CHECK_SHARED(true, array_buffer, kMethodName); return array_buffer->byte_length(); } // ES6 section 24.1.3.1 ArrayBuffer.isView ( arg ) BUILTIN(ArrayBufferIsView) { SealHandleScope shs(isolate); DCHECK_EQ(2, args.length()); Object* arg = args[1]; return isolate->heap()->ToBoolean(arg->IsJSArrayBufferView()); } static Object* SliceHelper(BuiltinArguments args, Isolate* isolate, const char* kMethodName, bool is_shared) { HandleScope scope(isolate); Handle start = args.at(1); Handle end = args.atOrUndefined(isolate, 2); // * If Type(O) is not Object, throw a TypeError exception. // * If O does not have an [[ArrayBufferData]] internal slot, throw a // TypeError exception. CHECK_RECEIVER(JSArrayBuffer, array_buffer, kMethodName); // * [AB] If IsSharedArrayBuffer(O) is true, throw a TypeError exception. // * [SAB] If IsSharedArrayBuffer(O) is false, throw a TypeError exception. CHECK_SHARED(is_shared, array_buffer, kMethodName); // * [AB] If IsDetachedBuffer(buffer) is true, throw a TypeError exception. if (!is_shared && array_buffer->was_neutered()) { THROW_NEW_ERROR_RETURN_FAILURE( isolate, NewTypeError(MessageTemplate::kDetachedOperation, isolate->factory()->NewStringFromAsciiChecked( kMethodName))); } // * [AB] Let len be O.[[ArrayBufferByteLength]]. // * [SAB] Let len be O.[[ArrayBufferByteLength]]. double const len = array_buffer->byte_length()->Number(); // * Let relativeStart be ? ToInteger(start). Handle relative_start; ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, relative_start, Object::ToInteger(isolate, start)); // * If relativeStart < 0, let first be max((len + relativeStart), 0); else // let first be min(relativeStart, len). double const first = (relative_start->Number() < 0) ? Max(len + relative_start->Number(), 0.0) : Min(relative_start->Number(), len); Handle first_obj = isolate->factory()->NewNumber(first); // * If end is undefined, let relativeEnd be len; else let relativeEnd be ? // ToInteger(end). double relative_end; if (end->IsUndefined(isolate)) { relative_end = len; } else { Handle relative_end_obj; ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, relative_end_obj, Object::ToInteger(isolate, end)); relative_end = relative_end_obj->Number(); } // * If relativeEnd < 0, let final be max((len + relativeEnd), 0); else let // final be min(relativeEnd, len). double const final_ = (relative_end < 0) ? Max(len + relative_end, 0.0) : Min(relative_end, len); // * Let newLen be max(final-first, 0). double const new_len = Max(final_ - first, 0.0); Handle new_len_obj = isolate->factory()->NewNumber(new_len); // * [AB] Let ctor be ? SpeciesConstructor(O, %ArrayBuffer%). // * [SAB] Let ctor be ? SpeciesConstructor(O, %SharedArrayBuffer%). Handle constructor_fun = is_shared ? isolate->shared_array_buffer_fun() : isolate->array_buffer_fun(); Handle ctor; ASSIGN_RETURN_FAILURE_ON_EXCEPTION( isolate, ctor, Object::SpeciesConstructor( isolate, Handle::cast(args.receiver()), constructor_fun)); // * Let new be ? Construct(ctor, newLen). Handle new_; { const int argc = 1; ScopedVector> argv(argc); argv[0] = new_len_obj; Handle new_obj; ASSIGN_RETURN_FAILURE_ON_EXCEPTION( isolate, new_obj, Execution::New(isolate, ctor, argc, argv.start())); new_ = Handle::cast(new_obj); } // * If new does not have an [[ArrayBufferData]] internal slot, throw a // TypeError exception. if (!new_->IsJSArrayBuffer()) { THROW_NEW_ERROR_RETURN_FAILURE( isolate, NewTypeError(MessageTemplate::kIncompatibleMethodReceiver, isolate->factory()->NewStringFromAsciiChecked(kMethodName), new_)); } // * [AB] If IsSharedArrayBuffer(new) is true, throw a TypeError exception. // * [SAB] If IsSharedArrayBuffer(new) is false, throw a TypeError exception. Handle new_array_buffer = Handle::cast(new_); CHECK_SHARED(is_shared, new_array_buffer, kMethodName); // * [AB] If IsDetachedBuffer(new) is true, throw a TypeError exception. if (!is_shared && new_array_buffer->was_neutered()) { THROW_NEW_ERROR_RETURN_FAILURE( isolate, NewTypeError(MessageTemplate::kDetachedOperation, isolate->factory()->NewStringFromAsciiChecked( kMethodName))); } // * [AB] If SameValue(new, O) is true, throw a TypeError exception. if (!is_shared && new_->SameValue(*args.receiver())) { THROW_NEW_ERROR_RETURN_FAILURE( isolate, NewTypeError(MessageTemplate::kArrayBufferSpeciesThis)); } // * [SAB] If new.[[ArrayBufferData]] and O.[[ArrayBufferData]] are the same // Shared Data Block values, throw a TypeError exception. if (is_shared && new_array_buffer->backing_store() == array_buffer->backing_store()) { THROW_NEW_ERROR_RETURN_FAILURE( isolate, NewTypeError(MessageTemplate::kSharedArrayBufferSpeciesThis)); } // * If new.[[ArrayBufferByteLength]] < newLen, throw a TypeError exception. if (new_array_buffer->byte_length()->Number() < new_len) { THROW_NEW_ERROR_RETURN_FAILURE( isolate, NewTypeError(is_shared ? MessageTemplate::kSharedArrayBufferTooShort : MessageTemplate::kArrayBufferTooShort)); } // * [AB] NOTE: Side-effects of the above steps may have detached O. // * [AB] If IsDetachedBuffer(O) is true, throw a TypeError exception. if (!is_shared && array_buffer->was_neutered()) { THROW_NEW_ERROR_RETURN_FAILURE( isolate, NewTypeError(MessageTemplate::kDetachedOperation, isolate->factory()->NewStringFromAsciiChecked( kMethodName))); } // * Let fromBuf be O.[[ArrayBufferData]]. // * Let toBuf be new.[[ArrayBufferData]]. // * Perform CopyDataBlockBytes(toBuf, 0, fromBuf, first, newLen). size_t first_size = 0, new_len_size = 0; CHECK(TryNumberToSize(*first_obj, &first_size)); CHECK(TryNumberToSize(*new_len_obj, &new_len_size)); DCHECK(NumberToSize(new_array_buffer->byte_length()) >= new_len_size); if (new_len_size != 0) { size_t from_byte_length = NumberToSize(array_buffer->byte_length()); USE(from_byte_length); DCHECK(first_size <= from_byte_length); DCHECK(from_byte_length - first_size >= new_len_size); uint8_t* from_data = reinterpret_cast(array_buffer->backing_store()); uint8_t* to_data = reinterpret_cast(new_array_buffer->backing_store()); CopyBytes(to_data, from_data + first_size, new_len_size); } return *new_; } // ES #sec-sharedarraybuffer.prototype.slice BUILTIN(SharedArrayBufferPrototypeSlice) { const char* const kMethodName = "SharedArrayBuffer.prototype.slice"; return SliceHelper(args, isolate, kMethodName, true); } // ES #sec-arraybuffer.prototype.slice // ArrayBuffer.prototype.slice ( start, end ) BUILTIN(ArrayBufferPrototypeSlice) { const char* const kMethodName = "ArrayBuffer.prototype.slice"; return SliceHelper(args, isolate, kMethodName, false); } } // namespace internal } // namespace v8