1/*
2 * Copyright (C) 2017-2019 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "config.h"
27#include "ObjectInitializationScope.h"
28
29#include "JSCInlines.h"
30#include "JSObject.h"
31#include "Operations.h"
32
33namespace JSC {
34
35#ifndef NDEBUG
36ObjectInitializationScope::ObjectInitializationScope(VM& vm)
37 : m_vm(vm)
38 , m_disallowGC(false)
39 , m_disallowVMReentry(false)
40{
41}
42
43ObjectInitializationScope::~ObjectInitializationScope()
44{
45 m_vm.heap.mutatorFence();
46 if (!m_object)
47 return;
48 verifyPropertiesAreInitialized(m_object);
49}
50
51void ObjectInitializationScope::notifyAllocated(JSObject* object, bool wasCreatedUninitialized)
52{
53 if (wasCreatedUninitialized) {
54 m_disallowGC.enable();
55 m_disallowVMReentry.enable();
56 m_object = object;
57 } else
58 verifyPropertiesAreInitialized(object);
59}
60
61void ObjectInitializationScope::notifyInitialized(JSObject* object)
62{
63 if (m_object) {
64 m_disallowGC.disable();
65 m_disallowVMReentry.disable();
66 m_object = nullptr;
67 }
68 verifyPropertiesAreInitialized(object);
69}
70
71void ObjectInitializationScope::verifyPropertiesAreInitialized(JSObject* object)
72{
73 Butterfly* butterfly = object->butterfly();
74 Structure* structure = object->structure(m_vm);
75 IndexingType indexingType = structure->indexingType();
76 unsigned vectorLength = butterfly->vectorLength();
77 if (UNLIKELY(hasUndecided(indexingType)) || !hasIndexedProperties(indexingType)) {
78 // Nothing to verify.
79 } else if (LIKELY(!hasAnyArrayStorage(indexingType))) {
80 auto data = butterfly->contiguous().data();
81 for (unsigned i = 0; i < vectorLength; ++i) {
82 if (isScribbledValue(data[i].get())) {
83 dataLogLn("Found scribbled value at i = ", i);
84 ASSERT_NOT_REACHED();
85 }
86 }
87 } else {
88 ArrayStorage* storage = butterfly->arrayStorage();
89 for (unsigned i = 0; i < vectorLength; ++i) {
90 if (isScribbledValue(storage->m_vector[i].get())) {
91 dataLogLn("Found scribbled value at i = ", i);
92 ASSERT_NOT_REACHED();
93 }
94 }
95 }
96
97 auto isSafeEmptyValueForGCScanning = [] (JSValue value) {
98#if USE(JSVALUE64)
99 return !value;
100#else
101 return !value || !JSValue::encode(value);
102#endif
103 };
104
105 for (int64_t i = 0; i < static_cast<int64_t>(structure->outOfLineCapacity()); i++) {
106 // We rely on properties past the last offset be zero for concurrent GC.
107 if (i + firstOutOfLineOffset > structure->lastOffset())
108 ASSERT(isSafeEmptyValueForGCScanning(butterfly->propertyStorage()[-i - 1].get()));
109 else if (isScribbledValue(butterfly->propertyStorage()[-i - 1].get())) {
110 dataLogLn("Found scribbled property at i = ", -i - 1);
111 ASSERT_NOT_REACHED();
112 }
113 }
114}
115#endif
116
117} // namespace JSC
118