| 1 | /* |
|---|---|
| 2 | * Copyright (C) 2011, 2016-2017 Apple Inc. All rights reserved. |
| 3 | * |
| 4 | * Redistribution and use in source and binary forms, with or without |
| 5 | * modification, are permitted provided that the following conditions |
| 6 | * are met: |
| 7 | * 1. Redistributions of source code must retain the above copyright |
| 8 | * notice, this list of conditions and the following disclaimer. |
| 9 | * 2. Redistributions in binary form must reproduce the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer in the |
| 11 | * documentation and/or other materials provided with the distribution. |
| 12 | * |
| 13 | * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY |
| 14 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 15 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 16 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR |
| 17 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
| 18 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
| 19 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
| 20 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
| 21 | * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 23 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 24 | */ |
| 25 | |
| 26 | #include "config.h" |
| 27 | #include "JSBoundFunction.h" |
| 28 | |
| 29 | #include "ExecutableBaseInlines.h" |
| 30 | #include "GetterSetter.h" |
| 31 | #include "JSGlobalObject.h" |
| 32 | #include "JSCInlines.h" |
| 33 | |
| 34 | namespace JSC { |
| 35 | |
| 36 | const ClassInfo JSBoundFunction::s_info = { "Function", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSBoundFunction) }; |
| 37 | |
| 38 | EncodedJSValue JSC_HOST_CALL boundThisNoArgsFunctionCall(ExecState* exec) |
| 39 | { |
| 40 | JSBoundFunction* boundFunction = jsCast<JSBoundFunction*>(exec->jsCallee()); |
| 41 | |
| 42 | MarkedArgumentBuffer args; |
| 43 | for (unsigned i = 0; i < exec->argumentCount(); ++i) |
| 44 | args.append(exec->uncheckedArgument(i)); |
| 45 | RELEASE_ASSERT(!args.hasOverflowed()); |
| 46 | |
| 47 | JSFunction* targetFunction = jsCast<JSFunction*>(boundFunction->targetFunction()); |
| 48 | ExecutableBase* executable = targetFunction->executable(); |
| 49 | if (executable->hasJITCodeForCall()) { |
| 50 | // Force the executable to cache its arity entrypoint. |
| 51 | executable->entrypointFor(CodeForCall, MustCheckArity); |
| 52 | } |
| 53 | CallData callData; |
| 54 | CallType callType = getCallData(exec->vm(), targetFunction, callData); |
| 55 | ASSERT(callType != CallType::None); |
| 56 | return JSValue::encode(call(exec, targetFunction, callType, callData, boundFunction->boundThis(), args)); |
| 57 | } |
| 58 | |
| 59 | EncodedJSValue JSC_HOST_CALL boundFunctionCall(ExecState* exec) |
| 60 | { |
| 61 | VM& vm = exec->vm(); |
| 62 | auto scope = DECLARE_THROW_SCOPE(vm); |
| 63 | JSBoundFunction* boundFunction = jsCast<JSBoundFunction*>(exec->jsCallee()); |
| 64 | |
| 65 | JSArray* boundArgs = boundFunction->boundArgs(); |
| 66 | |
| 67 | MarkedArgumentBuffer args; |
| 68 | if (boundArgs) { |
| 69 | for (unsigned i = 0; i < boundArgs->length(); ++i) |
| 70 | args.append(boundArgs->getIndexQuickly(i)); |
| 71 | } |
| 72 | for (unsigned i = 0; i < exec->argumentCount(); ++i) |
| 73 | args.append(exec->uncheckedArgument(i)); |
| 74 | if (UNLIKELY(args.hasOverflowed())) { |
| 75 | throwOutOfMemoryError(exec, scope); |
| 76 | return encodedJSValue(); |
| 77 | } |
| 78 | |
| 79 | JSObject* targetFunction = boundFunction->targetFunction(); |
| 80 | CallData callData; |
| 81 | CallType callType = getCallData(vm, targetFunction, callData); |
| 82 | ASSERT(callType != CallType::None); |
| 83 | RELEASE_AND_RETURN(scope, JSValue::encode(call(exec, targetFunction, callType, callData, boundFunction->boundThis(), args))); |
| 84 | } |
| 85 | |
| 86 | EncodedJSValue JSC_HOST_CALL boundThisNoArgsFunctionConstruct(ExecState* exec) |
| 87 | { |
| 88 | JSBoundFunction* boundFunction = jsCast<JSBoundFunction*>(exec->jsCallee()); |
| 89 | |
| 90 | MarkedArgumentBuffer args; |
| 91 | for (unsigned i = 0; i < exec->argumentCount(); ++i) |
| 92 | args.append(exec->uncheckedArgument(i)); |
| 93 | RELEASE_ASSERT(!args.hasOverflowed()); |
| 94 | |
| 95 | JSFunction* targetFunction = jsCast<JSFunction*>(boundFunction->targetFunction()); |
| 96 | ConstructData constructData; |
| 97 | ConstructType constructType = getConstructData(exec->vm(), targetFunction, constructData); |
| 98 | ASSERT(constructType != ConstructType::None); |
| 99 | return JSValue::encode(construct(exec, targetFunction, constructType, constructData, args)); |
| 100 | } |
| 101 | |
| 102 | EncodedJSValue JSC_HOST_CALL boundFunctionConstruct(ExecState* exec) |
| 103 | { |
| 104 | VM& vm = exec->vm(); |
| 105 | auto scope = DECLARE_THROW_SCOPE(vm); |
| 106 | JSBoundFunction* boundFunction = jsCast<JSBoundFunction*>(exec->jsCallee()); |
| 107 | |
| 108 | JSArray* boundArgs = boundFunction->boundArgs(); |
| 109 | |
| 110 | MarkedArgumentBuffer args; |
| 111 | if (boundArgs) { |
| 112 | for (unsigned i = 0; i < boundArgs->length(); ++i) |
| 113 | args.append(boundArgs->getIndexQuickly(i)); |
| 114 | } |
| 115 | for (unsigned i = 0; i < exec->argumentCount(); ++i) |
| 116 | args.append(exec->uncheckedArgument(i)); |
| 117 | if (UNLIKELY(args.hasOverflowed())) { |
| 118 | throwOutOfMemoryError(exec, scope); |
| 119 | return encodedJSValue(); |
| 120 | } |
| 121 | |
| 122 | JSObject* targetFunction = boundFunction->targetFunction(); |
| 123 | ConstructData constructData; |
| 124 | ConstructType constructType = getConstructData(vm, targetFunction, constructData); |
| 125 | ASSERT(constructType != ConstructType::None); |
| 126 | RELEASE_AND_RETURN(scope, JSValue::encode(construct(exec, targetFunction, constructType, constructData, args))); |
| 127 | } |
| 128 | |
| 129 | EncodedJSValue JSC_HOST_CALL isBoundFunction(ExecState* exec) |
| 130 | { |
| 131 | return JSValue::encode(JSValue(static_cast<bool>(jsDynamicCast<JSBoundFunction*>(exec->vm(), exec->uncheckedArgument(0))))); |
| 132 | } |
| 133 | |
| 134 | EncodedJSValue JSC_HOST_CALL hasInstanceBoundFunction(ExecState* exec) |
| 135 | { |
| 136 | JSBoundFunction* boundObject = jsCast<JSBoundFunction*>(exec->uncheckedArgument(0)); |
| 137 | JSValue value = exec->uncheckedArgument(1); |
| 138 | |
| 139 | return JSValue::encode(jsBoolean(boundObject->targetFunction()->hasInstance(exec, value))); |
| 140 | } |
| 141 | |
| 142 | inline Structure* getBoundFunctionStructure(VM& vm, ExecState* exec, JSGlobalObject* globalObject, JSObject* targetFunction) |
| 143 | { |
| 144 | auto scope = DECLARE_THROW_SCOPE(vm); |
| 145 | JSValue prototype = targetFunction->getPrototype(vm, exec); |
| 146 | RETURN_IF_EXCEPTION(scope, nullptr); |
| 147 | JSFunction* targetJSFunction = jsDynamicCast<JSFunction*>(vm, targetFunction); |
| 148 | |
| 149 | // We only cache the structure of the bound function if the bindee is a JSFunction since there |
| 150 | // isn't any good place to put the structure on Internal Functions. |
| 151 | if (targetJSFunction) { |
| 152 | Structure* structure = targetJSFunction->rareData(vm)->getBoundFunctionStructure(); |
| 153 | if (structure && structure->storedPrototype() == prototype && structure->globalObject() == globalObject) |
| 154 | return structure; |
| 155 | } |
| 156 | |
| 157 | Structure* result = globalObject->boundFunctionStructure(); |
| 158 | |
| 159 | // It would be nice if the structure map was keyed global objects in addition to the other things. Unfortunately, it is not |
| 160 | // currently. Whoever works on caching structure changes for prototype transitions should consider this problem as well. |
| 161 | // See: https://bugs.webkit.org/show_bug.cgi?id=152738 |
| 162 | if (prototype.isObject() && prototype.getObject()->globalObject(vm) == globalObject) { |
| 163 | result = vm.structureCache.emptyStructureForPrototypeFromBaseStructure(globalObject, prototype.getObject(), result); |
| 164 | ASSERT_WITH_SECURITY_IMPLICATION(result->globalObject() == globalObject); |
| 165 | } else |
| 166 | result = Structure::create(vm, globalObject, prototype, result->typeInfo(), result->classInfo()); |
| 167 | |
| 168 | if (targetJSFunction) |
| 169 | targetJSFunction->rareData(vm)->setBoundFunctionStructure(vm, result); |
| 170 | |
| 171 | return result; |
| 172 | } |
| 173 | |
| 174 | JSBoundFunction* JSBoundFunction::create(VM& vm, ExecState* exec, JSGlobalObject* globalObject, JSObject* targetFunction, JSValue boundThis, JSArray* boundArgs, int length, const String& name) |
| 175 | { |
| 176 | auto scope = DECLARE_THROW_SCOPE(vm); |
| 177 | ConstructData constructData; |
| 178 | ConstructType constructType = JSC::getConstructData(vm, targetFunction, constructData); |
| 179 | bool canConstruct = constructType != ConstructType::None; |
| 180 | |
| 181 | bool slowCase = boundArgs || !getJSFunction(targetFunction); |
| 182 | |
| 183 | NativeExecutable* executable = vm.getHostFunction( |
| 184 | slowCase ? boundFunctionCall : boundThisNoArgsFunctionCall, |
| 185 | slowCase ? NoIntrinsic : BoundThisNoArgsFunctionCallIntrinsic, |
| 186 | canConstruct ? (slowCase ? boundFunctionConstruct : boundThisNoArgsFunctionConstruct) : callHostFunctionAsConstructor, nullptr, |
| 187 | name); |
| 188 | Structure* structure = getBoundFunctionStructure(vm, exec, globalObject, targetFunction); |
| 189 | RETURN_IF_EXCEPTION(scope, nullptr); |
| 190 | JSBoundFunction* function = new (NotNull, allocateCell<JSBoundFunction>(vm.heap)) JSBoundFunction(vm, globalObject, structure, targetFunction, boundThis, boundArgs); |
| 191 | |
| 192 | function->finishCreation(vm, executable, length); |
| 193 | return function; |
| 194 | } |
| 195 | |
| 196 | bool JSBoundFunction::customHasInstance(JSObject* object, ExecState* exec, JSValue value) |
| 197 | { |
| 198 | return jsCast<JSBoundFunction*>(object)->m_targetFunction->hasInstance(exec, value); |
| 199 | } |
| 200 | |
| 201 | JSBoundFunction::JSBoundFunction(VM& vm, JSGlobalObject* globalObject, Structure* structure, JSObject* targetFunction, JSValue boundThis, JSArray* boundArgs) |
| 202 | : Base(vm, globalObject, structure) |
| 203 | , m_targetFunction(vm, this, targetFunction) |
| 204 | , m_boundThis(vm, this, boundThis) |
| 205 | , m_boundArgs(vm, this, boundArgs, WriteBarrier<JSArray>::MayBeNull) |
| 206 | { |
| 207 | } |
| 208 | |
| 209 | JSArray* JSBoundFunction::boundArgsCopy(ExecState* exec) |
| 210 | { |
| 211 | VM& vm = exec->vm(); |
| 212 | auto scope = DECLARE_THROW_SCOPE(vm); |
| 213 | JSArray* result = constructEmptyArray(exec, nullptr, globalObject(vm)); |
| 214 | RETURN_IF_EXCEPTION(scope, nullptr); |
| 215 | for (unsigned i = 0; i < m_boundArgs->length(); ++i) { |
| 216 | result->push(exec, m_boundArgs->getIndexQuickly(i)); |
| 217 | RETURN_IF_EXCEPTION(scope, nullptr); |
| 218 | } |
| 219 | return result; |
| 220 | } |
| 221 | |
| 222 | void JSBoundFunction::finishCreation(VM& vm, NativeExecutable* executable, int length) |
| 223 | { |
| 224 | String name; // We lazily create our 'name' string property. |
| 225 | Base::finishCreation(vm, executable, length, name); |
| 226 | ASSERT(inherits(vm, info())); |
| 227 | } |
| 228 | |
| 229 | void JSBoundFunction::visitChildren(JSCell* cell, SlotVisitor& visitor) |
| 230 | { |
| 231 | JSBoundFunction* thisObject = jsCast<JSBoundFunction*>(cell); |
| 232 | ASSERT_GC_OBJECT_INHERITS(thisObject, info()); |
| 233 | Base::visitChildren(thisObject, visitor); |
| 234 | |
| 235 | visitor.append(thisObject->m_targetFunction); |
| 236 | visitor.append(thisObject->m_boundThis); |
| 237 | visitor.append(thisObject->m_boundArgs); |
| 238 | } |
| 239 | |
| 240 | } // namespace JSC |
| 241 |
Generated on 2019-Jul-08 from project webcore revision master
Powered by 
Code Browser 2.1
Generator usage only permitted with license.