Bug 1165052 - Part 3: Add IsWrappedArrayConstructor intrinsic. r=efaust
☠☠ backed out by a08059a8e178 ☠ ☠
authorTooru Fujisawa <arai_a@mac.com>
Wed, 23 Dec 2015 12:46:35 +0900
changeset 290608 5e02cbf51e4540dec3716e5ec9b415b632e8473c
parent 290607 2a3147dc1003ff95a0b4b79d924113c1466baec9
child 290609 fdbb1c215d783a85c27d71ed8bb832690962c948
push id19656
push usergwagner@mozilla.com
push dateMon, 04 Apr 2016 13:43:23 +0000
treeherderb2g-inbound@e99061fde28a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersefaust
bugs1165052
milestone48.0a1
Bug 1165052 - Part 3: Add IsWrappedArrayConstructor intrinsic. r=efaust
js/src/jsarray.cpp
js/src/jsarray.h
js/src/vm/SelfHosting.cpp
--- a/js/src/jsarray.cpp
+++ b/js/src/jsarray.cpp
@@ -31,16 +31,17 @@
 #include "js/Class.h"
 #include "js/Conversions.h"
 #include "vm/ArgumentsObject.h"
 #include "vm/Interpreter.h"
 #include "vm/SelfHosting.h"
 #include "vm/Shape.h"
 #include "vm/StringBuffer.h"
 #include "vm/TypedArrayCommon.h"
+#include "vm/WrapperObject.h"
 
 #include "jsatominlines.h"
 
 #include "vm/ArgumentsObject-inl.h"
 #include "vm/ArrayObject-inl.h"
 #include "vm/Interpreter-inl.h"
 #include "vm/NativeObject-inl.h"
 #include "vm/Runtime-inl.h"
@@ -863,25 +864,51 @@ AddLengthProperty(ExclusiveContext* cx, 
 
     return NativeObject::addProperty(cx, obj, lengthId, array_length_getter, array_length_setter,
                                      SHAPE_INVALID_SLOT,
                                      JSPROP_PERMANENT | JSPROP_SHARED | JSPROP_SHADOWABLE,
                                      0, /* allowDictionary = */ false);
 }
 
 static bool
-IsArrayConstructor(const Value& v)
+IsArrayConstructor(const JSObject* obj)
 {
     // This must only return true if v is *the* Array constructor for the
     // current compartment; we rely on the fact that any other Array
     // constructor would be represented as a wrapper.
-    return v.isObject() &&
-           v.toObject().is<JSFunction>() &&
-           v.toObject().as<JSFunction>().isNative() &&
-           v.toObject().as<JSFunction>().native() == ArrayConstructor;
+    return obj->is<JSFunction>() &&
+           obj->as<JSFunction>().isNative() &&
+           obj->as<JSFunction>().native() == ArrayConstructor;
+}
+
+static bool
+IsArrayConstructor(const Value& v)
+{
+    return v.isObject() && IsArrayConstructor(&v.toObject());
+}
+
+bool
+js::IsWrappedArrayConstructor(JSContext* cx, const Value& v, bool* result)
+{
+    if (!v.isObject()) {
+        *result = false;
+        return true;
+    }
+    if (v.toObject().is<WrapperObject>()) {
+        JSObject* obj = CheckedUnwrap(&v.toObject());
+        if (!obj) {
+            JS_ReportError(cx, "Permission denied to access object");
+            return false;
+        }
+
+        *result = IsArrayConstructor(obj);
+    } else {
+        *result = false;
+    }
+    return true;
 }
 
 /* static */ bool
 IsArraySpecies(JSContext* cx, HandleObject origArray)
 {
     RootedValue ctor(cx);
     if (!GetPropertyPure(cx, origArray, NameToId(cx->names().constructor), ctor.address()))
         return false;
--- a/js/src/jsarray.h
+++ b/js/src/jsarray.h
@@ -201,11 +201,14 @@ ArrayConstructorOneArg(JSContext* cx, Ha
 extern bool
 ArrayInfo(JSContext* cx, unsigned argc, Value* vp);
 #endif
 
 /* Array constructor native. Exposed only so the JIT can know its address. */
 extern bool
 ArrayConstructor(JSContext* cx, unsigned argc, Value* vp);
 
+extern bool
+IsWrappedArrayConstructor(JSContext* cx, const Value& v, bool* result);
+
 } /* namespace js */
 
 #endif /* jsarray_h */
--- a/js/src/vm/SelfHosting.cpp
+++ b/js/src/vm/SelfHosting.cpp
@@ -104,16 +104,27 @@ intrinsic_IsArray(JSContext* cx, unsigne
         args.rval().setBoolean(isArray);
     } else {
         args.rval().setBoolean(false);
     }
     return true;
 }
 
 static bool
+intrinsic_IsWrappedArrayConstructor(JSContext* cx, unsigned argc, Value* vp)
+{
+    CallArgs args = CallArgsFromVp(argc, vp);
+    bool result = false;
+    if (!IsWrappedArrayConstructor(cx, args[0], &result))
+        return false;
+    args.rval().setBoolean(result);
+    return true;
+}
+
+static bool
 intrinsic_ToInteger(JSContext* cx, unsigned argc, Value* vp)
 {
     CallArgs args = CallArgsFromVp(argc, vp);
     double result;
     if (!ToInteger(cx, args[0], &result))
         return false;
     args.rval().setNumber(result);
     return true;
@@ -2116,16 +2127,17 @@ static const JSFunctionSpec intrinsic_fu
     JS_FN("std_SIMD_Bool16x8_extractLane",       simd_bool16x8_extractLane,    2,0),
     JS_FN("std_SIMD_Bool32x4_extractLane",       simd_bool32x4_extractLane,    2,0),
     JS_FN("std_SIMD_Bool64x2_extractLane",       simd_bool64x2_extractLane,    2,0),
 
     // Helper funtions after this point.
     JS_INLINABLE_FN("ToObject",      intrinsic_ToObject,                1,0, IntrinsicToObject),
     JS_INLINABLE_FN("IsObject",      intrinsic_IsObject,                1,0, IntrinsicIsObject),
     JS_INLINABLE_FN("IsArray",       intrinsic_IsArray,                 1,0, ArrayIsArray),
+    JS_FN("IsWrappedArrayConstructor", intrinsic_IsWrappedArrayConstructor, 1,0),
     JS_INLINABLE_FN("ToInteger",     intrinsic_ToInteger,               1,0, IntrinsicToInteger),
     JS_INLINABLE_FN("ToString",      intrinsic_ToString,                1,0, IntrinsicToString),
     JS_FN("ToPropertyKey",           intrinsic_ToPropertyKey,           1,0),
     JS_INLINABLE_FN("IsCallable",    intrinsic_IsCallable,              1,0, IntrinsicIsCallable),
     JS_FN("IsConstructor",           intrinsic_IsConstructor,           1,0),
     JS_FN("GetBuiltinConstructorImpl", intrinsic_GetBuiltinConstructor, 1,0),
     JS_FN("MakeConstructible",       intrinsic_MakeConstructible,       2,0),
     JS_FN("_ConstructFunction",      intrinsic_ConstructFunction,       2,0),