Bug 1130988 - Actually support creating TypedArrays with Xray SharedArrayBuffer. r=bz
authorTom Schuster <evilpies@gmail.com>
Sat, 29 Oct 2016 20:09:45 +0200
changeset 320192 d27de07adaae222e1d1f7f2c6f70c32ef3831620
parent 320191 5fb5979e6bfb1e81637e0c5129e6e4f55567902c
child 320193 0b9e245f787d6c5c42a323d5db3e52302e71144a
push id20751
push userphilringnalda@gmail.com
push dateSun, 30 Oct 2016 18:06:35 +0000
treeherderfx-team@e3279760cd97 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs1130988
milestone52.0a1
Bug 1130988 - Actually support creating TypedArrays with Xray SharedArrayBuffer. r=bz
js/src/vm/TypedArrayObject.cpp
js/src/vm/TypedArrayObject.h
--- a/js/src/vm/TypedArrayObject.cpp
+++ b/js/src/vm/TypedArrayObject.cpp
@@ -789,17 +789,17 @@ class TypedArrayObjectTemplate : public 
              * ArrayBufferObject in that same compartment.
              */
             JSObject* wrapped = CheckedUnwrap(bufobj);
             if (!wrapped) {
                 JS_ReportErrorASCII(cx, "Permission denied to access object");
                 return nullptr;
             }
 
-            if (!IsArrayBuffer(wrapped) && !IsSharedArrayBuffer(wrapped)) {
+            if (!IsAnyArrayBuffer(wrapped)) {
                 JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_BAD_ARGS);
                 return nullptr; // must be arrayBuffer
             }
 
             /*
              * And for even more fun, the new view's prototype should be
              * set to the origin compartment's prototype object, not the
              * target's (specifically, the actual view in the target
@@ -832,17 +832,17 @@ class TypedArrayObjectTemplate : public 
             RootedValue thisv(cx, ObjectValue(*bufobj));
             RootedValue rval(cx);
             if (!js::Call(cx, fval, thisv, args, &rval))
                 return nullptr;
 
             return &rval.toObject();
         }
 
-        if (!IsArrayBuffer(bufobj) && !IsSharedArrayBuffer(bufobj)) {
+        if (!IsAnyArrayBuffer(bufobj)) {
             JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_BAD_ARGS);
             return nullptr; // must be arrayBuffer
         }
 
         Rooted<ArrayBufferObjectMaybeShared*> buffer(cx);
         if (IsArrayBuffer(bufobj)) {
             ArrayBufferObject& buf = AsArrayBuffer(bufobj);
             if (buf.isDetached()) {
@@ -1535,17 +1535,17 @@ TypedArrayObject::sharedTypedArrayProtot
     &TypedArrayObjectSharedTypedArrayPrototypeClassSpec
 };
 
 template<typename T>
 bool
 ArrayBufferObject::createTypedArrayFromBufferImpl(JSContext* cx, const CallArgs& args)
 {
     typedef TypedArrayObjectTemplate<T> ArrayType;
-    MOZ_ASSERT(IsArrayBuffer(args.thisv()));
+    MOZ_ASSERT(IsAnyArrayBuffer(args.thisv()));
     MOZ_ASSERT(args.length() == 3);
 
     Rooted<JSObject*> buffer(cx, &args.thisv().toObject());
     Rooted<JSObject*> proto(cx, &args[2].toObject());
 
     Rooted<JSObject*> obj(cx);
     double byteOffset = args[0].toNumber();
     MOZ_ASSERT(0 <= byteOffset);
@@ -1559,17 +1559,17 @@ ArrayBufferObject::createTypedArrayFromB
     return true;
 }
 
 template<typename T>
 bool
 ArrayBufferObject::createTypedArrayFromBuffer(JSContext* cx, unsigned argc, Value* vp)
 {
     CallArgs args = CallArgsFromVp(argc, vp);
-    return CallNonGenericMethod<IsArrayBuffer, createTypedArrayFromBufferImpl<T> >(cx, args);
+    return CallNonGenericMethod<IsAnyArrayBuffer, createTypedArrayFromBufferImpl<T> >(cx, args);
 }
 
 // this default implementation is only valid for integer types
 // less than 32-bits in size.
 template<typename NativeType>
 Value
 TypedArrayObjectTemplate<NativeType>::getIndexValue(JSObject* tarray, uint32_t index)
 {
--- a/js/src/vm/TypedArrayObject.h
+++ b/js/src/vm/TypedArrayObject.h
@@ -556,16 +556,34 @@ ClampIntForUint8Array(int32_t x)
 {
     if (x < 0)
         return 0;
     if (x > 255)
         return 255;
     return x;
 }
 
+static inline bool
+IsAnyArrayBuffer(HandleObject obj)
+{
+    return IsArrayBuffer(obj) || IsSharedArrayBuffer(obj);
+}
+
+static inline bool
+IsAnyArrayBuffer(JSObject* obj)
+{
+    return IsArrayBuffer(obj) || IsSharedArrayBuffer(obj);
+}
+
+static inline bool
+IsAnyArrayBuffer(HandleValue v)
+{
+    return v.isObject() && IsAnyArrayBuffer(&v.toObject());
+}
+
 } // namespace js
 
 template <>
 inline bool
 JSObject::is<js::TypedArrayObject>() const
 {
     return js::IsTypedArrayClass(getClass());
 }