1/*
2 * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#pragma once
27
28#include "JSCast.h"
29#include "ScopeOffset.h"
30#include <wtf/Assertions.h>
31#include <wtf/CagedUniquePtr.h>
32
33namespace JSC {
34
35// This class's only job is to hold onto the list of ScopeOffsets for each argument that a
36// function has. Most of the time, the BytecodeGenerator will create one of these and it will
37// never be modified subsequently. There is a rare case where a ScopedArguments object is created
38// and aliases one of these and then decides to modify it; in that case we do copy-on-write. This
39// makes sense because such modifications are so uncommon. You'd have to do something crazy like
40// "delete arguments[i]" or some variant of defineOwnProperty.
41class ScopedArgumentsTable final : public JSCell {
42 friend class CachedScopedArgumentsTable;
43
44public:
45 typedef JSCell Base;
46 static constexpr unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal;
47
48private:
49 ScopedArgumentsTable(VM&);
50 ~ScopedArgumentsTable();
51
52public:
53 static ScopedArgumentsTable* create(VM&);
54 static ScopedArgumentsTable* create(VM&, uint32_t length);
55
56 static constexpr bool needsDestruction = true;
57 static void destroy(JSCell*);
58
59 ScopedArgumentsTable* clone(VM&);
60
61 uint32_t length() const { return m_length; }
62 ScopedArgumentsTable* setLength(VM&, uint32_t newLength);
63
64 ScopeOffset get(uint32_t i) const { return at(i); }
65
66 void lock()
67 {
68 m_locked = true;
69 }
70
71 ScopedArgumentsTable* set(VM&, uint32_t index, ScopeOffset);
72
73 DECLARE_INFO;
74
75 static Structure* createStructure(VM&, JSGlobalObject*, JSValue prototype);
76
77 static ptrdiff_t offsetOfLength() { return OBJECT_OFFSETOF(ScopedArgumentsTable, m_length); }
78 static ptrdiff_t offsetOfArguments() { return OBJECT_OFFSETOF(ScopedArgumentsTable, m_arguments); }
79
80 typedef CagedUniquePtr<Gigacage::Primitive, ScopeOffset> ArgumentsPtr;
81
82private:
83 ScopeOffset& at(uint32_t i) const
84 {
85 ASSERT_WITH_SECURITY_IMPLICATION(i < m_length);
86 return m_arguments.get(length())[i];
87 }
88
89 uint32_t m_length;
90 bool m_locked; // Being locked means that there are multiple references to this object and none of them expect to see the others' modifications. This means that modifications need to make a copy first.
91 ArgumentsPtr m_arguments;
92};
93
94} // namespace JSC
95