Bug 1393089 - Part 1: Change AllocateArrayBuffer constructor argument to HandleObject. r=jandem
authorAndré Bargull <andre.bargull@gmail.com>
Wed, 23 Aug 2017 17:58:10 +0200
changeset 663384 daaddc22f93fc7d435c8816626790587f4c59ae4
parent 663383 e62cc9325a2b6124cda2a1e219a66fe161ca353b
child 663385 0ac55815c6bc3403b942b7adf4c5ef6b9e76a634
push id79424
push userbmo:tchiovoloni@mozilla.com
push dateTue, 12 Sep 2017 23:17:54 +0000
reviewersjandem
bugs1393089
milestone57.0a1
Bug 1393089 - Part 1: Change AllocateArrayBuffer constructor argument to HandleObject. r=jandem
js/src/vm/TypedArrayObject.cpp
--- a/js/src/vm/TypedArrayObject.cpp
+++ b/js/src/vm/TypedArrayObject.cpp
@@ -972,17 +972,17 @@ class TypedArrayObjectTemplate : public 
         Rooted<ArrayBufferObject*> buffer(cx);
         if (!maybeCreateArrayBuffer(cx, uint32_t(nelements), BYTES_PER_ELEMENT, nullptr, &buffer))
             return nullptr;
 
         return makeInstance(cx, buffer, 0, uint32_t(nelements), proto);
     }
 
     static bool
-    AllocateArrayBuffer(JSContext* cx, HandleValue ctor,
+    AllocateArrayBuffer(JSContext* cx, HandleObject ctor,
                         uint32_t count, uint32_t unit,
                         MutableHandle<ArrayBufferObject*> buffer);
 
     static bool
     CloneArrayBufferNoCopy(JSContext* cx, Handle<ArrayBufferObjectMaybeShared*> srcBuffer,
                            bool isWrapped, uint32_t srcByteOffset, uint32_t srcLength,
                            SpeciesConstructorOverride override,
                            MutableHandle<ArrayBufferObject*> buffer);
@@ -1037,26 +1037,24 @@ JS_FOR_EACH_TYPED_ARRAY(CREATE_TYPED_ARR
         MOZ_CRASH("Unsupported TypedArray type");
     }
 }
 
 // ES 2016 draft Mar 25, 2016 24.1.1.1.
 // byteLength = count * unit
 template<typename T>
 /* static */ bool
-TypedArrayObjectTemplate<T>::AllocateArrayBuffer(JSContext* cx, HandleValue ctor,
+TypedArrayObjectTemplate<T>::AllocateArrayBuffer(JSContext* cx, HandleObject ctor,
                                                  uint32_t count, uint32_t unit,
                                                  MutableHandle<ArrayBufferObject*> buffer)
 {
     // ES 2016 draft Mar 25, 2016 24.1.1.1 step 1 (partially).
     // ES 2016 draft Mar 25, 2016 9.1.14 steps 1-2.
-    MOZ_ASSERT(ctor.isObject());
     RootedObject proto(cx);
-    RootedObject ctorObj(cx, &ctor.toObject());
-    if (!GetPrototypeFromConstructor(cx, ctorObj, &proto))
+    if (!GetPrototypeFromConstructor(cx, ctor, &proto))
         return false;
     JSObject* arrayBufferProto = GlobalObject::getOrCreateArrayBufferPrototype(cx, cx->global());
     if (!arrayBufferProto)
         return false;
     if (proto == arrayBufferProto)
         proto = nullptr;
 
     // ES 2016 draft Mar 25, 2016 24.1.1.1 steps 1 (remaining part), 2-6.
@@ -1099,20 +1097,19 @@ TypedArrayObjectTemplate<T>::CloneArrayB
                                                     bool isWrapped, uint32_t srcByteOffset,
                                                     uint32_t srcLength,
                                                     SpeciesConstructorOverride override,
                                                     MutableHandle<ArrayBufferObject*> buffer)
 {
     // Step 1 (skipped).
 
     // Step 2.a.
-    JSObject* ctorObj = GetSpeciesConstructor(cx, srcBuffer, isWrapped, override);
-    if (!ctorObj)
+    RootedObject cloneCtor(cx, GetSpeciesConstructor(cx, srcBuffer, isWrapped, override));
+    if (!cloneCtor)
         return false;
-    RootedValue cloneCtor(cx, ObjectValue(*ctorObj));
 
     // Step 2.b.
     if (srcBuffer->isDetached()) {
         JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_DETACHED);
         return false;
     }
 
     // Steps 3-4 (skipped).
@@ -1220,20 +1217,19 @@ TypedArrayObjectTemplate<T>::fromTypedAr
         // Steps 16.b-c.
         if (!CloneArrayBufferNoCopy(cx, srcData, isWrapped, srcByteOffset, srcLength, override,
                                     &buffer))
         {
             return nullptr;
         }
     } else {
         // Steps 17.a-b.
-        JSObject* ctorObj = GetSpeciesConstructor(cx, srcData, isWrapped, override);
-        if (!ctorObj)
+        RootedObject bufferCtor(cx, GetSpeciesConstructor(cx, srcData, isWrapped, override));
+        if (!bufferCtor)
             return nullptr;
-        RootedValue bufferCtor(cx, ObjectValue(*ctorObj));
 
         // Steps 14-15, 17.c.
         if (!AllocateArrayBuffer(cx, bufferCtor, elementLength, BYTES_PER_ELEMENT, &buffer))
             return nullptr;
 
         // Step 17.d.
         if (srcArray->hasDetachedBuffer()) {
             JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_DETACHED);