/js/lib/Socket.IO-node/support/expresso/deps/jscoverage/js/jsarray.cpp
C++ | 2159 lines | 1567 code | 251 blank | 341 comment | 398 complexity | df71ecc54001a084e456bc2e9727708b MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1, MPL-2.0-no-copyleft-exception, BSD-3-Clause
- /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
- * vim: set sw=4 ts=8 et tw=78:
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is Mozilla Communicator client code, released
- * March 31, 1998.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1998
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either of the GNU General Public License Version 2 or later (the "GPL"),
- * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
- /*
- * JS array class.
- *
- * Array objects begin as "dense" arrays, optimized for numeric-only property
- * access over a vector of slots (obj->dslots) with high load factor. Array
- * methods optimize for denseness by testing that the object's class is
- * &js_ArrayClass, and can then directly manipulate the slots for efficiency.
- *
- * We track these pieces of metadata for arrays in dense mode:
- * - the array's length property as a uint32, in JSSLOT_ARRAY_LENGTH,
- * - the number of indices that are filled (non-holes), in JSSLOT_ARRAY_COUNT,
- * - the net number of slots starting at dslots (DENSELEN), in dslots[-1] if
- * dslots is non-NULL.
- *
- * In dense mode, holes in the array are represented by JSVAL_HOLE. The final
- * slot in fslots (JSSLOT_ARRAY_LOOKUP_HOLDER) is used to store the single jsid
- * "in use" by a lookupProperty caller.
- *
- * Arrays are converted to use js_SlowArrayClass when any of these conditions
- * are met:
- * - the load factor (COUNT / DENSELEN) is less than 0.25, and there are
- * more than MIN_SPARSE_INDEX slots total
- * - a property is set that is non-numeric (and not "length"); or
- * - a hole is filled below DENSELEN (possibly implicitly through methods like
- * |reverse| or |splice|).
- *
- * In the latter two cases, property creation order is no longer index order,
- * which necessitates use of a structure that keeps track of property creation
- * order. (ES4, due to expectations baked into web script, requires that
- * enumeration order be the order in which properties were created.)
- *
- * An alternative in the latter case (out-of-order index set) would be to
- * maintain the scope to track property enumeration order, but still use
- * the fast slot access. That would have the same memory cost as just using
- * a js_SlowArrayClass, but have the same performance characteristics as
- * a dense array for slot accesses, at some cost in code complexity.
- */
- #include "jsstddef.h"
- #include <stdlib.h>
- #include <string.h>
- #include "jstypes.h"
- #include "jsutil.h" /* Added by JSIFY */
- #include "jsapi.h"
- #include "jsarray.h"
- #include "jsatom.h"
- #include "jsbit.h"
- #include "jsbool.h"
- #include "jsbuiltins.h"
- #include "jscntxt.h"
- #include "jsversion.h"
- #include "jsdbgapi.h" /* for js_TraceWatchPoints */
- #include "jsdtoa.h"
- #include "jsfun.h"
- #include "jsgc.h"
- #include "jsinterp.h"
- #include "jslock.h"
- #include "jsnum.h"
- #include "jsobj.h"
- #include "jsscope.h"
- #include "jsstr.h"
- #include "jsstaticcheck.h"
- /* 2^32 - 1 as a number and a string */
- #define MAXINDEX 4294967295u
- #define MAXSTR "4294967295"
- /* Small arrays are dense, no matter what. */
- #define MIN_SPARSE_INDEX 32
- #define INDEX_TOO_BIG(index) ((index) > JS_BIT(29) - 1)
- #define INDEX_TOO_SPARSE(array, index) \
- (INDEX_TOO_BIG(index) || \
- ((index) > ARRAY_DENSE_LENGTH(array) && (index) >= MIN_SPARSE_INDEX && \
- (index) > (uint32)((array)->fslots[JSSLOT_ARRAY_COUNT] + 1) * 4))
- JS_STATIC_ASSERT(sizeof(JSScopeProperty) > 4 * sizeof(jsval));
- #define ENSURE_SLOW_ARRAY(cx, obj) \
- (OBJ_GET_CLASS(cx, obj) == &js_SlowArrayClass || js_MakeArraySlow(cx, obj))
- /*
- * Determine if the id represents an array index or an XML property index.
- *
- * An id is an array index according to ECMA by (15.4):
- *
- * "Array objects give special treatment to a certain class of property names.
- * A property name P (in the form of a string value) is an array index if and
- * only if ToString(ToUint32(P)) is equal to P and ToUint32(P) is not equal
- * to 2^32-1."
- *
- * In our implementation, it would be sufficient to check for JSVAL_IS_INT(id)
- * except that by using signed 32-bit integers we miss the top half of the
- * valid range. This function checks the string representation itself; note
- * that calling a standard conversion routine might allow strings such as
- * "08" or "4.0" as array indices, which they are not.
- */
- JSBool
- js_IdIsIndex(jsval id, jsuint *indexp)
- {
- JSString *str;
- jschar *cp;
- if (JSVAL_IS_INT(id)) {
- jsint i;
- i = JSVAL_TO_INT(id);
- if (i < 0)
- return JS_FALSE;
- *indexp = (jsuint)i;
- return JS_TRUE;
- }
- /* NB: id should be a string, but jsxml.c may call us with an object id. */
- if (!JSVAL_IS_STRING(id))
- return JS_FALSE;
- str = JSVAL_TO_STRING(id);
- cp = JSSTRING_CHARS(str);
- if (JS7_ISDEC(*cp) && JSSTRING_LENGTH(str) < sizeof(MAXSTR)) {
- jsuint index = JS7_UNDEC(*cp++);
- jsuint oldIndex = 0;
- jsuint c = 0;
- if (index != 0) {
- while (JS7_ISDEC(*cp)) {
- oldIndex = index;
- c = JS7_UNDEC(*cp);
- index = 10*index + c;
- cp++;
- }
- }
- /* Ensure that all characters were consumed and we didn't overflow. */
- if (*cp == 0 &&
- (oldIndex < (MAXINDEX / 10) ||
- (oldIndex == (MAXINDEX / 10) && c < (MAXINDEX % 10))))
- {
- *indexp = index;
- return JS_TRUE;
- }
- }
- return JS_FALSE;
- }
- static jsuint
- ValueIsLength(JSContext *cx, jsval* vp)
- {
- jsint i;
- jsdouble d;
- jsuint length;
- if (JSVAL_IS_INT(*vp)) {
- i = JSVAL_TO_INT(*vp);
- if (i < 0)
- goto error;
- return (jsuint) i;
- }
- d = js_ValueToNumber(cx, vp);
- if (JSVAL_IS_NULL(*vp))
- goto error;
- if (JSDOUBLE_IS_NaN(d))
- goto error;
- length = (jsuint) d;
- if (d != (jsdouble) length)
- goto error;
- return length;
- error:
- JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
- JSMSG_BAD_ARRAY_LENGTH);
- *vp = JSVAL_NULL;
- return 0;
- }
- JSBool
- js_GetLengthProperty(JSContext *cx, JSObject *obj, jsuint *lengthp)
- {
- JSTempValueRooter tvr;
- jsid id;
- JSBool ok;
- jsint i;
- if (OBJ_IS_ARRAY(cx, obj)) {
- *lengthp = obj->fslots[JSSLOT_ARRAY_LENGTH];
- return JS_TRUE;
- }
- JS_PUSH_SINGLE_TEMP_ROOT(cx, JSVAL_NULL, &tvr);
- id = ATOM_TO_JSID(cx->runtime->atomState.lengthAtom);
- ok = OBJ_GET_PROPERTY(cx, obj, id, &tvr.u.value);
- if (ok) {
- if (JSVAL_IS_INT(tvr.u.value)) {
- i = JSVAL_TO_INT(tvr.u.value);
- *lengthp = (jsuint)i; /* jsuint cast does ToUint32 */
- } else {
- *lengthp = js_ValueToECMAUint32(cx, &tvr.u.value);
- ok = !JSVAL_IS_NULL(tvr.u.value);
- }
- }
- JS_POP_TEMP_ROOT(cx, &tvr);
- return ok;
- }
- static JSBool
- IndexToValue(JSContext *cx, jsuint index, jsval *vp)
- {
- if (index <= JSVAL_INT_MAX) {
- *vp = INT_TO_JSVAL(index);
- return JS_TRUE;
- }
- return JS_NewDoubleValue(cx, (jsdouble)index, vp);
- }
- JSBool JS_FASTCALL
- js_IndexToId(JSContext *cx, jsuint index, jsid *idp)
- {
- JSString *str;
- if (index <= JSVAL_INT_MAX) {
- *idp = INT_TO_JSID(index);
- return JS_TRUE;
- }
- str = js_NumberToString(cx, index);
- if (!str)
- return JS_FALSE;
- return js_ValueToStringId(cx, STRING_TO_JSVAL(str), idp);
- }
- static JSBool
- BigIndexToId(JSContext *cx, JSObject *obj, jsuint index, JSBool createAtom,
- jsid *idp)
- {
- jschar buf[10], *start;
- JSClass *clasp;
- JSAtom *atom;
- JS_STATIC_ASSERT((jsuint)-1 == 4294967295U);
- JS_ASSERT(index > JSVAL_INT_MAX);
- start = JS_ARRAY_END(buf);
- do {
- --start;
- *start = (jschar)('0' + index % 10);
- index /= 10;
- } while (index != 0);
- /*
- * Skip the atomization if the class is known to store atoms corresponding
- * to big indexes together with elements. In such case we know that the
- * array does not have an element at the given index if its atom does not
- * exist. Fast arrays (clasp == &js_ArrayClass) don't use atoms for
- * any indexes, though it would be rare to see them have a big index
- * in any case.
- */
- if (!createAtom &&
- ((clasp = OBJ_GET_CLASS(cx, obj)) == &js_SlowArrayClass ||
- clasp == &js_ArgumentsClass ||
- clasp == &js_ObjectClass)) {
- atom = js_GetExistingStringAtom(cx, start, JS_ARRAY_END(buf) - start);
- if (!atom) {
- *idp = JSVAL_VOID;
- return JS_TRUE;
- }
- } else {
- atom = js_AtomizeChars(cx, start, JS_ARRAY_END(buf) - start, 0);
- if (!atom)
- return JS_FALSE;
- }
- *idp = ATOM_TO_JSID(atom);
- return JS_TRUE;
- }
- static JSBool
- ResizeSlots(JSContext *cx, JSObject *obj, uint32 oldlen, uint32 len)
- {
- jsval *slots, *newslots;
- if (len == 0) {
- if (obj->dslots) {
- JS_free(cx, obj->dslots - 1);
- obj->dslots = NULL;
- }
- return JS_TRUE;
- }
- if (len > ~(uint32)0 / sizeof(jsval)) {
- js_ReportAllocationOverflow(cx);
- return JS_FALSE;
- }
- slots = obj->dslots ? obj->dslots - 1 : NULL;
- newslots = (jsval *) JS_realloc(cx, slots, sizeof (jsval) * (len + 1));
- if (!newslots)
- return JS_FALSE;
- obj->dslots = newslots + 1;
- ARRAY_SET_DENSE_LENGTH(obj, len);
- for (slots = obj->dslots + oldlen; slots < obj->dslots + len; slots++)
- *slots = JSVAL_HOLE;
- return JS_TRUE;
- }
- static JSBool
- EnsureLength(JSContext *cx, JSObject *obj, uint32 len)
- {
- uint32 oldlen = ARRAY_DENSE_LENGTH(obj);
- if (len > oldlen) {
- return ResizeSlots(cx, obj, oldlen,
- len + ARRAY_GROWBY - (len % ARRAY_GROWBY));
- }
- return JS_TRUE;
- }
- /*
- * If the property at the given index exists, get its value into location
- * pointed by vp and set *hole to false. Otherwise set *hole to true and *vp
- * to JSVAL_VOID. This function assumes that the location pointed by vp is
- * properly rooted and can be used as GC-protected storage for temporaries.
- */
- static JSBool
- GetArrayElement(JSContext *cx, JSObject *obj, jsuint index, JSBool *hole,
- jsval *vp)
- {
- jsid id;
- JSObject *obj2;
- JSProperty *prop;
- if (OBJ_IS_DENSE_ARRAY(cx, obj) && index < ARRAY_DENSE_LENGTH(obj) &&
- (*vp = obj->dslots[index]) != JSVAL_HOLE) {
- *hole = JS_FALSE;
- return JS_TRUE;
- }
- if (index <= JSVAL_INT_MAX) {
- id = INT_TO_JSID(index);
- } else {
- if (!BigIndexToId(cx, obj, index, JS_FALSE, &id))
- return JS_FALSE;
- if (JSVAL_IS_VOID(id)) {
- *hole = JS_TRUE;
- *vp = JSVAL_VOID;
- return JS_TRUE;
- }
- }
- if (!OBJ_LOOKUP_PROPERTY(cx, obj, id, &obj2, &prop))
- return JS_FALSE;
- if (!prop) {
- *hole = JS_TRUE;
- *vp = JSVAL_VOID;
- } else {
- OBJ_DROP_PROPERTY(cx, obj2, prop);
- if (!OBJ_GET_PROPERTY(cx, obj, id, vp))
- return JS_FALSE;
- *hole = JS_FALSE;
- }
- return JS_TRUE;
- }
- /*
- * Set the value of the property at the given index to v assuming v is rooted.
- */
- static JSBool
- SetArrayElement(JSContext *cx, JSObject *obj, jsuint index, jsval v)
- {
- jsid id;
- if (OBJ_IS_DENSE_ARRAY(cx, obj)) {
- /* Predicted/prefeched code should favor the remains-dense case. */
- if (!INDEX_TOO_SPARSE(obj, index)) {
- if (!EnsureLength(cx, obj, index + 1))
- return JS_FALSE;
- if (index >= (uint32)obj->fslots[JSSLOT_ARRAY_LENGTH])
- obj->fslots[JSSLOT_ARRAY_LENGTH] = index + 1;
- if (obj->dslots[index] == JSVAL_HOLE)
- obj->fslots[JSSLOT_ARRAY_COUNT]++;
- obj->dslots[index] = v;
- return JS_TRUE;
- }
- if (!js_MakeArraySlow(cx, obj))
- return JS_FALSE;
- }
- if (index <= JSVAL_INT_MAX) {
- id = INT_TO_JSID(index);
- } else {
- if (!BigIndexToId(cx, obj, index, JS_TRUE, &id))
- return JS_FALSE;
- JS_ASSERT(!JSVAL_IS_VOID(id));
- }
- return OBJ_SET_PROPERTY(cx, obj, id, &v);
- }
- static JSBool
- DeleteArrayElement(JSContext *cx, JSObject *obj, jsuint index)
- {
- jsid id;
- jsval junk;
- if (OBJ_IS_DENSE_ARRAY(cx, obj)) {
- if (index < ARRAY_DENSE_LENGTH(obj)) {
- if (obj->dslots[index] != JSVAL_HOLE)
- obj->fslots[JSSLOT_ARRAY_COUNT]--;
- obj->dslots[index] = JSVAL_HOLE;
- }
- return JS_TRUE;
- }
- if (index <= JSVAL_INT_MAX) {
- id = INT_TO_JSID(index);
- } else {
- if (!BigIndexToId(cx, obj, index, JS_FALSE, &id))
- return JS_FALSE;
- if (JSVAL_IS_VOID(id))
- return JS_TRUE;
- }
- return OBJ_DELETE_PROPERTY(cx, obj, id, &junk);
- }
- /*
- * When hole is true, delete the property at the given index. Otherwise set
- * its value to v assuming v is rooted.
- */
- static JSBool
- SetOrDeleteArrayElement(JSContext *cx, JSObject *obj, jsuint index,
- JSBool hole, jsval v)
- {
- if (hole) {
- JS_ASSERT(JSVAL_IS_VOID(v));
- return DeleteArrayElement(cx, obj, index);
- }
- return SetArrayElement(cx, obj, index, v);
- }
- JSBool
- js_SetLengthProperty(JSContext *cx, JSObject *obj, jsuint length)
- {
- jsval v;
- jsid id;
- if (!IndexToValue(cx, length, &v))
- return JS_FALSE;
- id = ATOM_TO_JSID(cx->runtime->atomState.lengthAtom);
- return OBJ_SET_PROPERTY(cx, obj, id, &v);
- }
- JSBool
- js_HasLengthProperty(JSContext *cx, JSObject *obj, jsuint *lengthp)
- {
- JSErrorReporter older;
- JSTempValueRooter tvr;
- jsid id;
- JSBool ok;
- older = JS_SetErrorReporter(cx, NULL);
- JS_PUSH_SINGLE_TEMP_ROOT(cx, JSVAL_NULL, &tvr);
- id = ATOM_TO_JSID(cx->runtime->atomState.lengthAtom);
- ok = OBJ_GET_PROPERTY(cx, obj, id, &tvr.u.value);
- JS_SetErrorReporter(cx, older);
- if (ok) {
- *lengthp = ValueIsLength(cx, &tvr.u.value);
- ok = !JSVAL_IS_NULL(tvr.u.value);
- }
- JS_POP_TEMP_ROOT(cx, &tvr);
- return ok;
- }
- JSBool
- js_IsArrayLike(JSContext *cx, JSObject *obj, JSBool *answerp, jsuint *lengthp)
- {
- JSClass *clasp;
- clasp = OBJ_GET_CLASS(cx, obj);
- *answerp = (clasp == &js_ArgumentsClass || clasp == &js_ArrayClass ||
- clasp == &js_SlowArrayClass);
- if (!*answerp) {
- *lengthp = 0;
- return JS_TRUE;
- }
- return js_GetLengthProperty(cx, obj, lengthp);
- }
- /*
- * The 'length' property of all native Array instances is a shared permanent
- * property of Array.prototype, so it appears to be a direct property of each
- * array instance delegating to that Array.prototype. It accesses the private
- * slot reserved by js_ArrayClass.
- *
- * Since SpiderMonkey supports cross-class prototype-based delegation, we have
- * to be careful about the length getter and setter being called on an object
- * not of Array class. For the getter, we search obj's prototype chain for the
- * array that caused this getter to be invoked. In the setter case to overcome
- * the JSPROP_SHARED attribute, we must define a shadowing length property.
- */
- static JSBool
- array_length_getter(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
- {
- do {
- if (OBJ_IS_ARRAY(cx, obj))
- return IndexToValue(cx, obj->fslots[JSSLOT_ARRAY_LENGTH], vp);
- } while ((obj = OBJ_GET_PROTO(cx, obj)) != NULL);
- return JS_TRUE;
- }
- static JSBool
- array_length_setter(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
- {
- jsuint newlen, oldlen, gap, index;
- jsval junk;
- JSObject *iter;
- JSTempValueRooter tvr;
- JSBool ok;
- if (!OBJ_IS_ARRAY(cx, obj)) {
- jsid lengthId = ATOM_TO_JSID(cx->runtime->atomState.lengthAtom);
- return OBJ_DEFINE_PROPERTY(cx, obj, lengthId, *vp, NULL, NULL,
- JSPROP_ENUMERATE, NULL);
- }
- newlen = ValueIsLength(cx, vp);
- if (JSVAL_IS_NULL(*vp))
- return JS_FALSE;
- oldlen = obj->fslots[JSSLOT_ARRAY_LENGTH];
- if (oldlen == newlen)
- return JS_TRUE;
- if (!IndexToValue(cx, newlen, vp))
- return JS_FALSE;
- if (oldlen < newlen) {
- obj->fslots[JSSLOT_ARRAY_LENGTH] = newlen;
- return JS_TRUE;
- }
- if (OBJ_IS_DENSE_ARRAY(cx, obj)) {
- if (ARRAY_DENSE_LENGTH(obj) && !ResizeSlots(cx, obj, oldlen, newlen))
- return JS_FALSE;
- } else if (oldlen - newlen < (1 << 24)) {
- do {
- --oldlen;
- if (!JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) ||
- !DeleteArrayElement(cx, obj, oldlen)) {
- return JS_FALSE;
- }
- } while (oldlen != newlen);
- } else {
- /*
- * We are going to remove a lot of indexes in a presumably sparse
- * array. So instead of looping through indexes between newlen and
- * oldlen, we iterate through all properties and remove those that
- * correspond to indexes in the half-open range [newlen, oldlen). See
- * bug 322135.
- */
- iter = JS_NewPropertyIterator(cx, obj);
- if (!iter)
- return JS_FALSE;
- /* Protect iter against GC in OBJ_DELETE_PROPERTY. */
- JS_PUSH_TEMP_ROOT_OBJECT(cx, iter, &tvr);
- gap = oldlen - newlen;
- for (;;) {
- ok = (JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) &&
- JS_NextProperty(cx, iter, &id));
- if (!ok)
- break;
- if (JSVAL_IS_VOID(id))
- break;
- if (js_IdIsIndex(id, &index) && index - newlen < gap) {
- ok = OBJ_DELETE_PROPERTY(cx, obj, id, &junk);
- if (!ok)
- break;
- }
- }
- JS_POP_TEMP_ROOT(cx, &tvr);
- if (!ok)
- return JS_FALSE;
- }
- obj->fslots[JSSLOT_ARRAY_LENGTH] = newlen;
- return JS_TRUE;
- }
- static JSBool
- array_lookupProperty(JSContext *cx, JSObject *obj, jsid id, JSObject **objp,
- JSProperty **propp)
- {
- uint32 i;
- union { JSProperty *p; jsval *v; } u;
- if (!OBJ_IS_DENSE_ARRAY(cx, obj))
- return js_LookupProperty(cx, obj, id, objp, propp);
- /*
- * We have only indexed properties up to DENSELEN (excepting holes), plus
- * the length property. For all else, we delegate to the prototype.
- */
- if (id != ATOM_TO_JSID(cx->runtime->atomState.lengthAtom) &&
- (!js_IdIsIndex(id, &i) ||
- obj->fslots[JSSLOT_ARRAY_LENGTH] == 0 ||
- i >= ARRAY_DENSE_LENGTH(obj) ||
- obj->dslots[i] == JSVAL_HOLE))
- {
- JSObject *proto = STOBJ_GET_PROTO(obj);
- if (!proto) {
- *objp = NULL;
- *propp = NULL;
- return JS_TRUE;
- }
- return OBJ_LOOKUP_PROPERTY(cx, proto, id, objp, propp);
- }
- /* FIXME 417501: threadsafety: could race with a lookup on another thread.
- * If we can only have a single lookup active per context, we could
- * pigeonhole this on the context instead. */
- JS_ASSERT(JSVAL_IS_VOID(obj->fslots[JSSLOT_ARRAY_LOOKUP_HOLDER]));
- obj->fslots[JSSLOT_ARRAY_LOOKUP_HOLDER] = (jsval) id;
- u.v = &(obj->fslots[JSSLOT_ARRAY_LOOKUP_HOLDER]);
- *propp = u.p;
- *objp = obj;
- return JS_TRUE;
- }
- static void
- array_dropProperty(JSContext *cx, JSObject *obj, JSProperty *prop)
- {
- JS_ASSERT_IF(OBJ_IS_DENSE_ARRAY(cx, obj),
- !JSVAL_IS_VOID(obj->fslots[JSSLOT_ARRAY_LOOKUP_HOLDER]));
- #ifdef DEBUG
- obj->fslots[JSSLOT_ARRAY_LOOKUP_HOLDER] = JSVAL_VOID;
- #endif
- }
- static JSBool
- array_getProperty(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
- {
- uint32 i;
- if (id == ATOM_TO_JSID(cx->runtime->atomState.lengthAtom))
- return IndexToValue(cx, obj->fslots[JSSLOT_ARRAY_LENGTH], vp);
- if (id == ATOM_TO_JSID(cx->runtime->atomState.protoAtom)) {
- *vp = STOBJ_GET_SLOT(obj, JSSLOT_PROTO);
- return JS_TRUE;
- }
- if (!OBJ_IS_DENSE_ARRAY(cx, obj))
- return js_GetProperty(cx, obj, id, vp);
- if (!js_IdIsIndex(ID_TO_VALUE(id), &i) || i >= ARRAY_DENSE_LENGTH(obj) ||
- obj->dslots[i] == JSVAL_HOLE) {
- JSObject *obj2;
- JSProperty *prop;
- JSScopeProperty *sprop;
- JSObject *proto = STOBJ_GET_PROTO(obj);
- if (!proto) {
- *vp = JSVAL_VOID;
- return JS_TRUE;
- }
- *vp = JSVAL_VOID;
- if (js_LookupPropertyWithFlags(cx, proto, id, cx->resolveFlags,
- &obj2, &prop) < 0)
- return JS_FALSE;
- if (prop) {
- if (OBJ_IS_NATIVE(obj2)) {
- sprop = (JSScopeProperty *) prop;
- if (!js_NativeGet(cx, obj, obj2, sprop, vp))
- return JS_FALSE;
- }
- OBJ_DROP_PROPERTY(cx, obj2, prop);
- }
- return JS_TRUE;
- }
- *vp = obj->dslots[i];
- return JS_TRUE;
- }
- static JSBool
- slowarray_addProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
- {
- jsuint index, length;
- if (!js_IdIsIndex(id, &index))
- return JS_TRUE;
- length = obj->fslots[JSSLOT_ARRAY_LENGTH];
- if (index >= length)
- obj->fslots[JSSLOT_ARRAY_LENGTH] = index + 1;
- return JS_TRUE;
- }
- static void
- slowarray_trace(JSTracer *trc, JSObject *obj)
- {
- uint32 length = obj->fslots[JSSLOT_ARRAY_LENGTH];
- JS_ASSERT(STOBJ_GET_CLASS(obj) == &js_SlowArrayClass);
- /*
- * Move JSSLOT_ARRAY_LENGTH aside to prevent the GC from treating
- * untagged integer values as objects or strings.
- */
- obj->fslots[JSSLOT_ARRAY_LENGTH] = JSVAL_VOID;
- js_TraceObject(trc, obj);
- obj->fslots[JSSLOT_ARRAY_LENGTH] = length;
- }
- static JSObjectOps js_SlowArrayObjectOps;
- static JSObjectOps *
- slowarray_getObjectOps(JSContext *cx, JSClass *clasp)
- {
- return &js_SlowArrayObjectOps;
- }
- static JSBool
- array_setProperty(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
- {
- uint32 i;
- if (id == ATOM_TO_JSID(cx->runtime->atomState.lengthAtom))
- return array_length_setter(cx, obj, id, vp);
- if (!OBJ_IS_DENSE_ARRAY(cx, obj))
- return js_SetProperty(cx, obj, id, vp);
- if (!js_IdIsIndex(id, &i) || INDEX_TOO_SPARSE(obj, i)) {
- if (!js_MakeArraySlow(cx, obj))
- return JS_FALSE;
- return js_SetProperty(cx, obj, id, vp);
- }
- if (!EnsureLength(cx, obj, i + 1))
- return JS_FALSE;
- if (i >= (uint32)obj->fslots[JSSLOT_ARRAY_LENGTH])
- obj->fslots[JSSLOT_ARRAY_LENGTH] = i + 1;
- if (obj->dslots[i] == JSVAL_HOLE)
- obj->fslots[JSSLOT_ARRAY_COUNT]++;
- obj->dslots[i] = *vp;
- return JS_TRUE;
- }
- #ifdef JS_TRACER
- JSBool FASTCALL
- js_Array_dense_setelem(JSContext* cx, JSObject* obj, jsint i, jsval v)
- {
- JS_ASSERT(OBJ_IS_DENSE_ARRAY(cx, obj));
- do {
- jsuint length = ARRAY_DENSE_LENGTH(obj);
- if ((jsuint)i < length) {
- if (obj->dslots[i] == JSVAL_HOLE) {
- if (cx->runtime->anyArrayProtoHasElement)
- break;
- if (i >= obj->fslots[JSSLOT_ARRAY_LENGTH])
- obj->fslots[JSSLOT_ARRAY_LENGTH] = i + 1;
- obj->fslots[JSSLOT_ARRAY_COUNT]++;
- }
- obj->dslots[i] = v;
- return JS_TRUE;
- }
- } while (0);
- return OBJ_SET_PROPERTY(cx, obj, INT_TO_JSID(i), &v);
- }
- #endif
- static JSBool
- array_defineProperty(JSContext *cx, JSObject *obj, jsid id, jsval value,
- JSPropertyOp getter, JSPropertyOp setter, uintN attrs,
- JSProperty **propp)
- {
- uint32 i;
- JSBool isIndex;
- if (id == ATOM_TO_JSID(cx->runtime->atomState.lengthAtom))
- return JS_TRUE;
- isIndex = js_IdIsIndex(ID_TO_VALUE(id), &i);
- if (!isIndex || attrs != JSPROP_ENUMERATE) {
- if (!ENSURE_SLOW_ARRAY(cx, obj))
- return JS_FALSE;
- if (isIndex && STOBJ_IS_DELEGATE(obj))
- cx->runtime->anyArrayProtoHasElement = JS_TRUE;
- return js_DefineProperty(cx, obj, id, value, getter, setter, attrs, propp);
- }
- return array_setProperty(cx, obj, id, &value);
- }
- static JSBool
- array_getAttributes(JSContext *cx, JSObject *obj, jsid id, JSProperty *prop,
- uintN *attrsp)
- {
- *attrsp = id == ATOM_TO_JSID(cx->runtime->atomState.lengthAtom)
- ? JSPROP_PERMANENT : JSPROP_ENUMERATE;
- return JS_TRUE;
- }
- static JSBool
- array_setAttributes(JSContext *cx, JSObject *obj, jsid id, JSProperty *prop,
- uintN *attrsp)
- {
- JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
- JSMSG_CANT_SET_ARRAY_ATTRS);
- return JS_FALSE;
- }
- static JSBool
- array_deleteProperty(JSContext *cx, JSObject *obj, jsval id, jsval *rval)
- {
- uint32 i;
- if (!OBJ_IS_DENSE_ARRAY(cx, obj))
- return js_DeleteProperty(cx, obj, id, rval);
- if (id == ATOM_TO_JSID(cx->runtime->atomState.lengthAtom)) {
- *rval = JSVAL_FALSE;
- return JS_TRUE;
- }
- if (js_IdIsIndex(id, &i) && i < ARRAY_DENSE_LENGTH(obj) &&
- obj->dslots[i] != JSVAL_HOLE) {
- obj->fslots[JSSLOT_ARRAY_COUNT]--;
- obj->dslots[i] = JSVAL_HOLE;
- }
- *rval = JSVAL_TRUE;
- return JS_TRUE;
- }
- /*
- * JSObjectOps.enumerate implementation.
- *
- * For a fast array, JSENUMERATE_INIT captures in the enumeration state both
- * the length of the array and the bitmap indicating the positions of holes in
- * the array. This ensures that adding or deleting array elements does not
- * affect the sequence of indexes JSENUMERATE_NEXT returns.
- *
- * For a common case of an array without holes, to represent the state we pack
- * the (nextEnumerationIndex, arrayLength) pair as a pseudo-boolean jsval.
- * This is possible when length <= PACKED_UINT_PAIR_BITS. For arrays with
- * greater length or holes we allocate the JSIndexIterState structure and
- * store it as an int-tagged private pointer jsval. For a slow array we
- * delegate the enumeration implementation to js_Enumerate in
- * slowarray_enumerate.
- *
- * Array mutations can turn a fast array into a slow one after the enumeration
- * starts. When this happens, slowarray_enumerate receives a state created
- * when the array was fast. To distinguish such fast state from a slow state,
- * which is an int-tagged pointer that js_Enumerate creates, we set not one
- * but two lowest bits when tagging a JSIndexIterState pointer -- see
- * INDEX_ITER_TAG usage below. Thus, when slowarray_enumerate receives a state
- * tagged with JSVAL_BOOLEAN or with two lowest bits set, it knows that this
- * is a fast state so it calls array_enumerate to continue enumerating the
- * indexes present in the original fast array.
- */
- #define PACKED_UINT_PAIR_BITS 14
- #define PACKED_UINT_PAIR_MASK JS_BITMASK(PACKED_UINT_PAIR_BITS)
- #define UINT_PAIR_TO_BOOLEAN_JSVAL(i,j) \
- (JS_ASSERT((uint32) (i) <= PACKED_UINT_PAIR_MASK), \
- JS_ASSERT((uint32) (j) <= PACKED_UINT_PAIR_MASK), \
- ((jsval) (i) << (PACKED_UINT_PAIR_BITS + JSVAL_TAGBITS)) | \
- ((jsval) (j) << (JSVAL_TAGBITS)) | \
- (jsval) JSVAL_BOOLEAN)
- #define BOOLEAN_JSVAL_TO_UINT_PAIR(v,i,j) \
- (JS_ASSERT(JSVAL_TAG(v) == JSVAL_BOOLEAN), \
- (i) = (uint32) ((v) >> (PACKED_UINT_PAIR_BITS + JSVAL_TAGBITS)), \
- (j) = (uint32) ((v) >> JSVAL_TAGBITS) & PACKED_UINT_PAIR_MASK, \
- JS_ASSERT((i) <= PACKED_UINT_PAIR_MASK))
- JS_STATIC_ASSERT(PACKED_UINT_PAIR_BITS * 2 + JSVAL_TAGBITS <= JS_BITS_PER_WORD);
- typedef struct JSIndexIterState {
- uint32 index;
- uint32 length;
- JSBool hasHoles;
- /*
- * Variable-length bitmap representing array's holes. It must not be
- * accessed when hasHoles is false.
- */
- jsbitmap holes[1];
- } JSIndexIterState;
- #define INDEX_ITER_TAG 3
- JS_STATIC_ASSERT(JSVAL_INT == 1);
- static JSBool
- array_enumerate(JSContext *cx, JSObject *obj, JSIterateOp enum_op,
- jsval *statep, jsid *idp)
- {
- uint32 length, i;
- JSIndexIterState *ii;
- switch (enum_op) {
- case JSENUMERATE_INIT:
- JS_ASSERT(OBJ_IS_DENSE_ARRAY(cx, obj));
- length = ARRAY_DENSE_LENGTH(obj);
- if (idp)
- *idp = INT_TO_JSVAL(obj->fslots[JSSLOT_ARRAY_COUNT]);
- ii = NULL;
- for (i = 0; i != length; ++i) {
- if (obj->dslots[i] == JSVAL_HOLE) {
- if (!ii) {
- ii = (JSIndexIterState *)
- JS_malloc(cx, offsetof(JSIndexIterState, holes) +
- JS_BITMAP_SIZE(length));
- if (!ii)
- return JS_FALSE;
- ii->hasHoles = JS_TRUE;
- memset(ii->holes, 0, JS_BITMAP_SIZE(length));
- }
- JS_SET_BIT(ii->holes, i);
- }
- }
- if (!ii) {
- /* Array has no holes. */
- if (length <= PACKED_UINT_PAIR_MASK) {
- *statep = UINT_PAIR_TO_BOOLEAN_JSVAL(0, length);
- break;
- }
- ii = (JSIndexIterState *)
- JS_malloc(cx, offsetof(JSIndexIterState, holes));
- if (!ii)
- return JS_FALSE;
- ii->hasHoles = JS_FALSE;
- }
- ii->index = 0;
- ii->length = length;
- *statep = (jsval) ii | INDEX_ITER_TAG;
- JS_ASSERT(*statep & JSVAL_INT);
- break;
- case JSENUMERATE_NEXT:
- if (JSVAL_TAG(*statep) == JSVAL_BOOLEAN) {
- BOOLEAN_JSVAL_TO_UINT_PAIR(*statep, i, length);
- if (i != length) {
- *idp = INT_TO_JSID(i);
- *statep = UINT_PAIR_TO_BOOLEAN_JSVAL(i + 1, length);
- break;
- }
- } else {
- JS_ASSERT((*statep & INDEX_ITER_TAG) == INDEX_ITER_TAG);
- ii = (JSIndexIterState *) (*statep & ~INDEX_ITER_TAG);
- i = ii->index;
- if (i != ii->length) {
- /* Skip holes if any. */
- if (ii->hasHoles) {
- while (JS_TEST_BIT(ii->holes, i) && ++i != ii->length)
- continue;
- }
- if (i != ii->length) {
- ii->index = i + 1;
- return js_IndexToId(cx, i, idp);
- }
- }
- }
- /* FALL THROUGH */
- case JSENUMERATE_DESTROY:
- if (JSVAL_TAG(*statep) != JSVAL_BOOLEAN) {
- JS_ASSERT((*statep & INDEX_ITER_TAG) == INDEX_ITER_TAG);
- ii = (JSIndexIterState *) (*statep & ~INDEX_ITER_TAG);
- JS_free(cx, ii);
- }
- *statep = JSVAL_NULL;
- break;
- }
- return JS_TRUE;
- }
- static JSBool
- slowarray_enumerate(JSContext *cx, JSObject *obj, JSIterateOp enum_op,
- jsval *statep, jsid *idp)
- {
- JSBool ok;
- /* Are we continuing an enumeration that started when we were dense? */
- if (enum_op != JSENUMERATE_INIT) {
- if (JSVAL_TAG(*statep) == JSVAL_BOOLEAN ||
- (*statep & INDEX_ITER_TAG) == INDEX_ITER_TAG) {
- return array_enumerate(cx, obj, enum_op, statep, idp);
- }
- JS_ASSERT((*statep & INDEX_ITER_TAG) == JSVAL_INT);
- }
- ok = js_Enumerate(cx, obj, enum_op, statep, idp);
- JS_ASSERT(*statep == JSVAL_NULL || (*statep & INDEX_ITER_TAG) == JSVAL_INT);
- return ok;
- }
- static void
- array_finalize(JSContext *cx, JSObject *obj)
- {
- if (obj->dslots)
- JS_free(cx, obj->dslots - 1);
- obj->dslots = NULL;
- }
- static void
- array_trace(JSTracer *trc, JSObject *obj)
- {
- uint32 length;
- size_t i;
- jsval v;
- JS_ASSERT(OBJ_IS_DENSE_ARRAY(cx, obj));
- length = ARRAY_DENSE_LENGTH(obj);
- for (i = 0; i < length; i++) {
- v = obj->dslots[i];
- if (JSVAL_IS_TRACEABLE(v)) {
- JS_SET_TRACING_INDEX(trc, "array_dslots", i);
- JS_CallTracer(trc, JSVAL_TO_TRACEABLE(v), JSVAL_TRACE_KIND(v));
- }
- }
- for (i = JSSLOT_PROTO; i <= JSSLOT_PARENT; ++i) {
- v = STOBJ_GET_SLOT(obj, i);
- if (JSVAL_IS_TRACEABLE(v)) {
- JS_SET_TRACING_DETAILS(trc, js_PrintObjectSlotName, obj, i);
- JS_CallTracer(trc, JSVAL_TO_TRACEABLE(v), JSVAL_TRACE_KIND(v));
- }
- }
- }
- static JSObjectMap *
- array_newObjectMap(JSContext *cx, jsrefcount nrefs, JSObjectOps *ops,
- JSClass *clasp, JSObject *obj)
- {
- #ifdef DEBUG
- extern JSClass js_ArrayClass;
- extern JSObjectOps js_ArrayObjectOps;
- #endif
- JSObjectMap *map = (JSObjectMap *) JS_malloc(cx, sizeof(*map));
- if (!map)
- return NULL;
- map->nrefs = nrefs;
- JS_ASSERT(ops == &js_ArrayObjectOps);
- map->ops = ops;
- JS_ASSERT(clasp == &js_ArrayClass);
- map->freeslot = JSSLOT_FREE(clasp);
- return map;
- }
- void
- array_destroyObjectMap(JSContext *cx, JSObjectMap *map)
- {
- JS_free(cx, map);
- }
- JSObjectOps js_ArrayObjectOps = {
- array_newObjectMap, array_destroyObjectMap,
- array_lookupProperty, array_defineProperty,
- array_getProperty, array_setProperty,
- array_getAttributes, array_setAttributes,
- array_deleteProperty, js_DefaultValue,
- array_enumerate, js_CheckAccess,
- NULL, array_dropProperty,
- NULL, NULL,
- NULL, js_HasInstance,
- js_SetProtoOrParent, js_SetProtoOrParent,
- array_trace, NULL,
- NULL, NULL
- };
- static JSObjectOps *
- array_getObjectOps(JSContext *cx, JSClass *clasp)
- {
- return &js_ArrayObjectOps;
- }
- JSClass js_ArrayClass = {
- "Array",
- JSCLASS_HAS_PRIVATE | JSCLASS_HAS_CACHED_PROTO(JSProto_Array) |
- JSCLASS_HAS_RESERVED_SLOTS(1) | JSCLASS_NEW_ENUMERATE,
- JS_PropertyStub, JS_PropertyStub, JS_PropertyStub, JS_PropertyStub,
- JS_EnumerateStub, JS_ResolveStub, js_TryValueOf, array_finalize,
- array_getObjectOps, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL
- };
- JSClass js_SlowArrayClass = {
- "Array",
- JSCLASS_HAS_PRIVATE | JSCLASS_HAS_CACHED_PROTO(JSProto_Array),
- slowarray_addProperty, JS_PropertyStub, JS_PropertyStub, JS_PropertyStub,
- JS_EnumerateStub, JS_ResolveStub, js_TryValueOf, JS_FinalizeStub,
- slowarray_getObjectOps, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL
- };
- /*
- * Convert an array object from fast-and-dense to slow-and-flexible.
- */
- JSBool
- js_MakeArraySlow(JSContext *cx, JSObject *obj)
- {
- JSObjectMap *map, *oldmap;
- uint32 i, length;
- JS_ASSERT(OBJ_GET_CLASS(cx, obj) == &js_ArrayClass);
- /* Create a native scope. */
- map = js_NewObjectMap(cx, obj->map->nrefs, &js_SlowArrayObjectOps,
- &js_SlowArrayClass, obj);
- if (!map)
- return JS_FALSE;
- length = ARRAY_DENSE_LENGTH(obj);
- if (length) {
- map->freeslot = STOBJ_NSLOTS(obj) + JS_INITIAL_NSLOTS;
- obj->dslots[-1] = JS_INITIAL_NSLOTS + length;
- } else {
- map->freeslot = STOBJ_NSLOTS(obj);
- }
- /* Create new properties pointing to existing values in dslots */
- for (i = 0; i < length; i++) {
- jsid id;
- JSScopeProperty *sprop;
- if (!JS_ValueToId(cx, INT_TO_JSVAL(i), &id))
- goto out_bad;
- if (obj->dslots[i] == JSVAL_HOLE) {
- obj->dslots[i] = JSVAL_VOID;
- continue;
- }
- sprop = js_AddScopeProperty(cx, (JSScope *)map, id, NULL, NULL,
- i + JS_INITIAL_NSLOTS, JSPROP_ENUMERATE,
- 0, 0);
- if (!sprop)
- goto out_bad;
- }
- /*
- * Render our formerly-reserved count property GC-safe. If length fits in
- * a jsval, set our slow/sparse COUNT to the current length as a jsval, so
- * we can tell when only named properties have been added to a dense array
- * to make it slow-but-not-sparse.
- */
- length = obj->fslots[JSSLOT_ARRAY_LENGTH];
- obj->fslots[JSSLOT_ARRAY_COUNT] = INT_FITS_IN_JSVAL(length)
- ? INT_TO_JSVAL(length)
- : JSVAL_VOID;
- /* Make sure we preserve any flags borrowing bits in classword. */
- obj->classword ^= (jsuword) &js_ArrayClass;
- obj->classword |= (jsuword) &js_SlowArrayClass;
- /* Swap in our new map. */
- oldmap = obj->map;
- obj->map = map;
- array_destroyObjectMap(cx, oldmap);
- return JS_TRUE;
- out_bad:
- js_DestroyObjectMap(cx, map);
- return JS_FALSE;
- }
- enum ArrayToStringOp {
- TO_STRING,
- TO_LOCALE_STRING,
- TO_SOURCE
- };
- /*
- * When op is TO_STRING or TO_LOCALE_STRING sep indicates a separator to use
- * or "," when sep is NULL.
- * When op is TO_SOURCE sep must be NULL.
- */
- static JSBool
- array_join_sub(JSContext *cx, JSObject *obj, enum ArrayToStringOp op,
- JSString *sep, jsval *rval)
- {
- JSBool ok, hole;
- jsuint length, index;
- jschar *chars, *ochars;
- size_t nchars, growth, seplen, tmplen, extratail;
- const jschar *sepstr;
- JSString *str;
- JSHashEntry *he;
- JSAtom *atom;
- JS_CHECK_RECURSION(cx, return JS_FALSE);
- ok = js_GetLengthProperty(cx, obj, &length);
- if (!ok)
- return JS_FALSE;
- he = js_EnterSharpObject(cx, obj, NULL, &chars);
- if (!he)
- return JS_FALSE;
- #ifdef DEBUG
- growth = (size_t) -1;
- #endif
- if (op == TO_SOURCE) {
- if (IS_SHARP(he)) {
- #if JS_HAS_SHARP_VARS
- nchars = js_strlen(chars);
- #else
- chars[0] = '[';
- chars[1] = ']';
- chars[2] = 0;
- nchars = 2;
- #endif
- goto make_string;
- }
- /*
- * Always allocate 2 extra chars for closing ']' and terminating 0
- * and then preallocate 1 + extratail to include starting '['.
- */
- extratail = 2;
- growth = (1 + extratail) * sizeof(jschar);
- if (!chars) {
- nchars = 0;
- chars = (jschar *) malloc(growth);
- if (!chars)
- goto done;
- } else {
- MAKE_SHARP(he);
- nchars = js_strlen(chars);
- growth += nchars * sizeof(jschar);
- chars = (jschar *)realloc((ochars = chars), growth);
- if (!chars) {
- free(ochars);
- goto done;
- }
- }
- chars[nchars++] = '[';
- JS_ASSERT(sep == NULL);
- sepstr = NULL; /* indicates to use ", " as separator */
- seplen = 2;
- } else {
- /*
- * Free any sharp variable definition in chars. Normally, we would
- * MAKE_SHARP(he) so that only the first sharp variable annotation is
- * a definition, and all the rest are references, but in the current
- * case of (op != TO_SOURCE), we don't need chars at all.
- */
- if (chars)
- JS_free(cx, chars);
- chars = NULL;
- nchars = 0;
- extratail = 1; /* allocate extra char for terminating 0 */
- /* Return the empty string on a cycle as well as on empty join. */
- if (IS_BUSY(he) || length == 0) {
- js_LeaveSharpObject(cx, NULL);
- *rval = JS_GetEmptyStringValue(cx);
- return ok;
- }
- /* Flag he as BUSY so we can distinguish a cycle from a join-point. */
- MAKE_BUSY(he);
- if (sep) {
- JSSTRING_CHARS_AND_LENGTH(sep, sepstr, seplen);
- } else {
- sepstr = NULL; /* indicates to use "," as separator */
- seplen = 1;
- }
- }
- /* Use rval to locally root each element value as we loop and convert. */
- for (index = 0; index < length; index++) {
- ok = (JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) &&
- GetArrayElement(cx, obj, index, &hole, rval));
- if (!ok)
- goto done;
- if (hole ||
- (op != TO_SOURCE &&
- (JSVAL_IS_VOID(*rval) || JSVAL_IS_NULL(*rval)))) {
- str = cx->runtime->emptyString;
- } else {
- if (op == TO_LOCALE_STRING) {
- JSObject *robj;
- atom = cx->runtime->atomState.toLocaleStringAtom;
- ok = js_ValueToObject(cx, *rval, &robj);
- if (ok) {
- /* Re-use *rval to protect robj temporarily. */
- *rval = OBJECT_TO_JSVAL(robj);
- ok = js_TryMethod(cx, robj, atom, 0, NULL, rval);
- }
- if (!ok)
- goto done;
- str = js_ValueToString(cx, *rval);
- } else if (op == TO_STRING) {
- str = js_ValueToString(cx, *rval);
- } else {
- JS_ASSERT(op == TO_SOURCE);
- str = js_ValueToSource(cx, *rval);
- }
- if (!str) {
- ok = JS_FALSE;
- goto done;
- }
- }
- /*
- * Do not append separator after the last element unless it is a hole
- * and we are in toSource. In that case we append single ",".
- */
- if (index + 1 == length)
- seplen = (hole && op == TO_SOURCE) ? 1 : 0;
- /* Allocate 1 at end for closing bracket and zero. */
- tmplen = JSSTRING_LENGTH(str);
- growth = nchars + tmplen + seplen + extratail;
- if (nchars > growth || tmplen > growth ||
- growth > (size_t)-1 / sizeof(jschar)) {
- if (chars) {
- free(chars);
- chars = NULL;
- }
- goto done;
- }
- growth *= sizeof(jschar);
- JS_COUNT_OPERATION(cx, JSOW_ALLOCATION);
- if (!chars) {
- chars = (jschar *) malloc(growth);
- if (!chars)
- goto done;
- } else {
- chars = (jschar *) realloc((ochars = chars), growth);
- if (!chars) {
- free(ochars);
- goto done;
- }
- }
- js_strncpy(&chars[nchars], JSSTRING_CHARS(str), tmplen);
- nchars += tmplen;
- if (seplen) {
- if (sepstr) {
- js_strncpy(&chars[nchars], sepstr, seplen);
- } else {
- JS_ASSERT(seplen == 1 || seplen == 2);
- chars[nchars] = ',';
- if (seplen == 2)
- chars[nchars + 1] = ' ';
- }
- nchars += seplen;
- }
- }
- done:
- if (op == TO_SOURCE) {
- if (chars)
- chars[nchars++] = ']';
- } else {
- CLEAR_BUSY(he);
- }
- js_LeaveSharpObject(cx, NULL);
- if (!ok) {
- if (chars)
- free(chars);
- return ok;
- }
- make_string:
- if (!chars) {
- JS_ReportOutOfMemory(cx);
- return JS_FALSE;
- }
- chars[nchars] = 0;
- JS_ASSERT(growth == (size_t)-1 || (nchars + 1) * sizeof(jschar) == growth);
- str = js_NewString(cx, chars, nchars);
- if (!str) {
- free(chars);
- return JS_FALSE;
- }
- *rval = STRING_TO_JSVAL(str);
- return JS_TRUE;
- }
- #if JS_HAS_TOSOURCE
- static JSBool
- array_toSource(JSContext *cx, uintN argc, jsval *vp)
- {
- JSObject *obj;
- obj = JS_THIS_OBJECT(cx, vp);
- if (OBJ_GET_CLASS(cx, obj) != &js_SlowArrayClass &&
- !JS_InstanceOf(cx, obj, &js_ArrayClass, vp + 2)) {
- return JS_FALSE;
- }
- return array_join_sub(cx, obj, TO_SOURCE, NULL, vp);
- }
- #endif
- static JSBool
- array_toString(JSContext *cx, uintN argc, jsval *vp)
- {
- JSObject *obj;
- obj = JS_THIS_OBJECT(cx, vp);
- if (OBJ_GET_CLASS(cx, obj) != &js_SlowArrayClass &&
- !JS_InstanceOf(cx, obj, &js_ArrayClass, vp + 2)) {
- return JS_FALSE;
- }
- return array_join_sub(cx, obj, TO_STRING, NULL, vp);
- }
- static JSBool
- array_toLocaleString(JSContext *cx, uintN argc, jsval *vp)
- {
- JSObject *obj;
- obj = JS_THIS_OBJECT(cx, vp);
- if (OBJ_GET_CLASS(cx, obj) != &js_SlowArrayClass &&
- !JS_InstanceOf(cx, obj, &js_ArrayClass, vp + 2)) {
- return JS_FALSE;
- }
- /*
- * Passing comma here as the separator. Need a way to get a
- * locale-specific version.
- */
- return array_join_sub(cx, obj, TO_LOCALE_STRING, NULL, vp);
- }
- static JSBool
- InitArrayElements(JSContext *cx, JSObject *obj, jsuint start, jsuint end,
- jsval *vector)
- {
- if (OBJ_IS_DENSE_ARRAY(cx, obj)) {
- if (!EnsureLength(cx, obj, end))
- return JS_FALSE;
- if (end > (uint32)obj->fslots[JSSLOT_ARRAY_LENGTH])
- obj->fslots[JSSLOT_ARRAY_LENGTH] = end;
- memcpy(obj->dslots + start, vector, sizeof(jsval) * (end - start));
- return JS_TRUE;
- }
- while (start != end) {
- if (!JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) ||
- !SetArrayElement(cx, obj, start++, *vector++)) {
- return JS_FALSE;
- }
- }
- return JS_TRUE;
- }
- static JSBool
- InitArrayObject(JSContext *cx, JSObject *obj, jsuint length, jsval *vector,
- JSBool holey = JS_FALSE)
- {
- JS_ASSERT(OBJ_IS_ARRAY(cx, obj));
- obj->fslots[JSSLOT_ARRAY_LENGTH] = length;
- if (vector) {
- if (!EnsureLength(cx, obj, length))
- return JS_FALSE;
- jsuint count = length;
- if (!holey) {
- memcpy(obj->dslots, vector, length * sizeof (jsval));
- } else {
- for (jsuint i = 0; i < length; i++) {
- if (vector[i] == JSVAL_HOLE)
- --count;
- obj->dslots[i] = vector[i];
- }
- }
- obj->fslots[JSSLOT_ARRAY_COUNT] = count;
- } else {
- obj->fslots[JSSLOT_ARRAY_COUNT] = 0;
- }
- return JS_TRUE;
- }
- #ifdef JS_TRACER
- static JSString* FASTCALL
- Array_p_join(JSContext* cx, JSObject* obj, JSString *str)
- {
- jsval v;
- if (!array_join_sub(cx, obj, TO_STRING, str, &v))
- return NULL;
- JS_ASSERT(JSVAL_IS_STRING(v));
- return JSVAL_TO_STRING(v);
- }
- static JSString* FASTCALL
- Array_p_toString(JSContext* cx, JSObject* obj)
- {
- jsval v;
- if (!array_join_sub(cx, obj, TO_STRING, NULL, &v))
- return NULL;
- JS_ASSERT(JSVAL_IS_STRING(v));
- return JSVAL_TO_STRING(v);
- }
- #endif
- /*
- * Perl-inspired join, reverse, and sort.
- */
- static JSBool
- array_join(JSContext *cx, uintN argc, jsval *vp)
- {
- JSString *str;
- JSObject *obj;
- if (argc == 0 || JSVAL_IS_VOID(vp[2])) {
- str = NULL;
- } else {
- str = js_ValueToString(cx, vp[2]);
- if (!str)
- return JS_FALSE;
- vp[2] = STRING_TO_JSVAL(str);
- }
- obj = JS_THIS_OBJECT(cx, vp);
- return obj && array_join_sub(cx, obj, TO_STRING, str, vp);
- }
- static JSBool
- array_reverse(JSContext *cx, uintN argc, jsval *vp)
- {
- JSObject *obj;
- JSTempValueRooter tvr;
- jsuint len, half, i;
- JSBool ok, hole, hole2;
- obj = JS_THIS_OBJECT(cx, vp);
- if (!obj || !js_GetLengthProperty(cx, obj, &len))
- return JS_FALSE;
- ok = JS_TRUE;
- JS_PUSH_SINGLE_TEMP_ROOT(cx, JSVAL_NULL, &tvr);
- half = len / 2;
- for (i = 0; i < half; i++) {
- ok = JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) &&
- GetArrayElement(cx, obj, i, &hole, &tvr.u.value) &&
- GetArrayElement(cx, obj, len - i - 1, &hole2, vp) &&
- SetOrDeleteArrayElement(cx, obj, len - i - 1, hole, tvr.u.value) &&
- SetOrDeleteArrayElement(cx, obj, i, hole2, *vp);
- if (!ok)
- break;
- }
- JS_POP_TEMP_ROOT(cx, &tvr);
- *vp = OBJECT_TO_JSVAL(obj);
- return ok;
- }
- typedef struct MSortArgs {
- size_t elsize;
- JSComparator cmp;
- void *arg;
- JSBool fastcopy;
- } MSortArgs;
- /* Helper function for js_MergeSort. */
- static JSBool
- MergeArrays(MSortArgs *msa, void *src, void *dest, size_t run1, size_t run2)
- {
- void *arg, *a, *b, *c;
- size_t elsize, runtotal;
- int cmp_result;
- JSComparator cmp;
- JSBool fastcopy;
- runtotal = run1 + run2;
- elsize = msa->elsize;
- cmp = msa->cmp;
- arg = msa->arg;
- fastcopy = msa->fastcopy;
- #define CALL_CMP(a, b) \
- if (!cmp(arg, (a), (b), &cmp_result)) return JS_FALSE;
- /* Copy runs already in sorted order. */
- b = (char *)src + run1 * elsize;
- a = (char *)b - elsize;
- CALL_CMP(a, b);
- if (cmp_result <= 0) {
- memcpy(dest, src, runtotal * elsize);
- return JS_TRUE;
- }
- #define COPY_ONE(p,q,n) \
- (fastcopy ? (void)(*(jsval*)(p) = *(jsval*)(q)) : (void)memcpy(p, q, n))
- a = src;
- c = dest;
- for (; runtotal != 0; runtotal--) {
- JSBool from_a = run2 == 0;
- if (!from_a && run1 != 0) {
- CALL_CMP(a,b);
- from_a = cmp_result <= 0;
- }
- if (from_a) {
- COPY_ONE(c, a, elsize);
- run1--;
- a = (char *)a + elsize;
- } else {
- COPY_ONE(c, b, elsize);
- run2--;
- b = (char *)b + elsize;
- }
- c = (char *)c + elsize;
- }
- #undef COPY_ONE
- #undef CALL_CMP
- return JS_TRUE;
- }
- /*
- * This sort is stable, i.e. sequence of equal elements is preserved.
- * See also bug #224128.
- */
- JSBool
- js_MergeSort(void *src, size_t nel, size_t elsize,
- JSComparator cmp, void *arg, void *tmp)
- {
- void *swap, *vec1, *vec2;
- MSortArgs msa;
- size_t i, j, lo, hi, run;
- JSBool fastcopy;
- int cmp_result;
- /* Avoid memcpy overhead for word-sized and word-aligned elements. */
- fastcopy = (elsize == sizeof(jsval) &&
- (((jsuword) src | (jsuword) tmp) & JSVAL_ALIGN) == 0);
- #define COPY_ONE(p,q,n) \
- (fastcopy ? (void)(*(jsval*)(p) = *(jsval*)(q)) : (void)memcpy(p, q, n))
- #define CALL_CMP(a, b) \
- if (!cmp(arg, (a), (b), &cmp_result)) return JS_FALSE;
- #define INS_SORT_INT 4
- /*
- * Apply insertion sort to small chunks to reduce the number of merge
- * passes needed.
- */
- for (lo = 0; lo < nel; lo += INS_SORT_INT) {
- hi = lo + INS_SORT_INT;
- if (hi >= nel)
- hi = nel;
- for (i = lo + 1; i < hi; i++) {
- vec1 = (char *)src + i * elsize;
- vec2 = (char *)vec1 - elsize;
- for (j = i; j > lo; j--) {
- CALL_CMP(vec2, vec1);
- /* "<=" instead of "<" insures the sort is stable */
- if (cmp_result <= 0) {
- break;
- }
- /* Swap elements, using "tmp" as tmp storage */
- COPY_ONE(tmp, vec2, elsize);
- COPY_ONE(vec2, vec1, elsize);
- COPY_ONE(vec1, tmp, elsize);
- vec1 = vec2;
- vec2 = (char *)vec1 - elsize;
- }
- }
- }
- #undef CALL_CMP
- #undef COPY_ONE
- msa.elsize = elsize;
- msa.cmp = cmp;
- msa.arg = arg;
- msa.fastcopy = fastcopy;
- vec1 = src;
- vec2 = tmp;
- for (run = INS_SORT_INT; run < nel; run *= 2) {
- for (lo = 0; lo < nel; lo += 2 * run) {
- hi = lo + run;
- if (hi >= nel) {
- memcpy((char *)vec2 + lo * elsize, (char *)vec1 + lo * elsize,
- (nel - lo) * elsize);
- break;
- }
- if (!MergeArrays(&msa, (char *)vec1 + lo * elsize,
- (char *)vec2 + lo * elsize, run,
- hi + run > nel ? nel - hi : run)) {
- return JS_FALSE;
- }
- }
- swap = vec1;
- vec1 = vec2;
- vec2 = swap;
- }
- if (src != vec1)
- memcpy(src, tmp, nel * elsize);
- return JS_TRUE;
- }
- typedef struct CompareArgs {
- JSContext *context;
- jsval fval;
- jsval *elemroot; /* stack needed for js_Invoke */
- } CompareArgs;
- static JSBool
- sort_compare(void *arg, const void *a, const void *b, int *result)
- {
- jsval av = *(const jsval *)a, bv = *(const jsval *)b;
- CompareArgs *ca = (CompareArgs *) arg;
- JSContext *cx = ca->context;
- jsval *invokevp, *sp;
- jsdouble cmp;
- /**
- * array_sort deals with holes and undefs on its own and they should not
- * come here.
- */
- JS_ASSERT(!JSVAL_IS_VOID(av));
- JS_ASSERT(!JSVAL_IS_VOID(bv));
- if (!JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP))
- return JS_FALSE;
- invokevp = ca->elemroot;
- sp = invokevp;
- *sp++ = ca->fval;
- *sp++ = JSVAL_NULL;
- *sp++ = av;
- *sp++ = bv;
- if (!js_Invoke(cx, 2, invokevp, 0))
- return JS_FALSE;
- cmp = js_ValueToNumber(cx, invokevp);
- if (JSVAL_IS_NULL(*invokevp))
- return JS_FALSE;
- /* Clamp cmp to -1, 0, 1. */
- *result = 0;
- if (!JSDOUBLE_IS_NaN(cmp) && cmp != 0)
- *result = cmp > 0 ? 1 : -1;
- /*
- * XXX else report some kind of error here? ECMA talks about 'consistent
- * compare functions' that don't return NaN, but is silent about what the
- * result should be. So we currently ignore it.
- */
- return JS_TRUE;
- }
- static int
- sort_compare_strings(void *arg, const void *a, const void *b, int *result)
- {
- jsval av = *(const jsval *)a, bv = *(const jsval *)b;
- JS_ASSERT(JSVAL_IS_STRING(av));
- JS_ASSERT(JSVAL_IS_STRING(bv));
- if (!JS_CHECK_OPERATION_LIMIT((JSContext *)arg, JSOW_JUMP))
- return JS_FALSE;
- *result = (int) js_CompareStrings(JSVAL_TO_STRING(av), JSVAL_TO_STRING(bv));
- return JS_TRUE;
- }
- /*
- * The array_sort function below assumes JSVAL_NULL is zero in order to
- * perform initialization using memset. Other parts of SpiderMonkey likewise
- * "know" that JSVAL_NULL is zero; this static assertion covers all cases.
- */
- JS_STATIC_ASSERT(JSVAL_NULL == 0);
- static JSBool
- array_sort(JSContext *cx, uintN argc, jsval *vp)
- {
- jsval *argv, fval, *vec, *mergesort_tmp, v;
- JSObject *obj;
- CompareArgs ca;
- jsuint len, newlen, i, undefs;
- JSTempValueRooter tvr;
- JSBool hole;
- bool ok;
- size_t elemsize;
- JSString *str;
- /*
- * Optimize the default compare function case if all of obj's elements
- * have values of type string.
- */
- JSBool all_strings;
- argv = JS_ARGV(cx, vp);
- if (argc > 0) {
- if (JSVAL_IS_PRIMITIVE(argv[0])) {
- JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
- JSMSG_BAD_SORT_ARG);
- return JS_FALSE;
- }
- fval = argv[0]; /* non-default compare function */
- } else {
- fval = JSVAL_NULL;
- }
- obj = JS_THIS_OBJECT(cx, vp);
- if (!obj || !js_GetLengthProperty(cx, obj, &len))
- return JS_FALSE;
- if (len == 0) {
- *vp = OBJECT_TO_JSVAL(obj);
- return JS_TRUE;
- }
- /*
- * We need a temporary array of 2 * len jsvals to hold the array elements
- * and the scratch space for merge sort. Check that its size does not
- * overflow size_t, which would allow for indexing beyond the end of the
- * malloc'd vector.
- */
- #if JS_BITS_PER_WORD == 32
- if ((size_t)len > ~(size_t)0 / (2 * sizeof(jsval))) {
- js_ReportAllocationOverflow(cx);
- return JS_FALSE;
- }
- #endif
- vec = (jsval *) JS_malloc(cx, 2 * (size_t) len * sizeof(jsval));
- if (!vec)
- return JS_FALSE;
- /*
- * Initialize vec as a root. We will clear elements of vec one by
- * one while increasing tvr.count when we know that the property at
- * the corresponding index exists and its value must be rooted.
- *
- * In this way when sorting a huge mostly sparse array we will not
- * access the tail of vec corresponding to properties that do not
- * exist, allowing OS to avoiding committing RAM. See bug 330812.
- *
- * After this point control must flow through label out: to exit.
- */
- JS_PUSH_TEMP_ROOT(cx, 0, vec, &tvr);
- /*
- * By ECMA 262, 15.4.4.11, a property that does not exist (which we
- * call a "hole") is always greater than an existing property with
- * value undefined and that is always greater than any other property.
- * Thus to sort holes and undefs we simply count them, sort the rest
- * of elements, append undefs after them and then make holes after
- * undefs.
- */
- undefs = 0;
- newlen = 0;
- all_strings = JS_TRUE;
- for (i = 0; i < len; i++) {
- ok = JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP);
- if (!ok)
- goto out;
- /* Clear vec[newlen] before including it in the rooted set. */
- vec[newlen] = JSVAL_NULL;
- tvr.count = newlen + 1;
- ok = GetArrayElement(cx, obj, i, &hole, &vec[newlen]);
- if (!ok)
- goto out;
- if (hole)
- continue;
- if (JSVAL_IS_VOID(vec[newlen])) {
- ++undefs;
- continue;
- }
- /* We know JSVAL_IS_STRING yields 0 or 1, so avoid a branch via &=. */
- all_strings &= JSVAL_IS_STRING(vec[newlen]);
- ++newlen;
- }
- if (newlen == 0) {
- /* The array has only holes and undefs. */
- ok = JS_TRUE;
- goto out;
- }
- /*
- * The first newlen elements of vec are copied from the array object
- * (above). The remaining newlen positions are used as GC-rooted scratch
- * space for mergesort. We must clear the space before including it to
- * the root set covered by tvr.count. We assume JSVAL_NULL==0 to optimize
- * initialization using memset.
- */
- mergesort_tmp = vec + newlen;
- memset(mergesort_tmp, 0, newlen * sizeof(jsval));
- tvr.count = newlen * 2;
- /* Here len == 2 * (newlen + undefs + number_of_holes). */
- if (fval == JSVAL_NULL) {
- /*
- * Sort using the default comparator converting all elements to
- * strings.
- */
- if (all_strings) {
- elemsize = sizeof(jsval);
- } else {
- /*
- * To avoid string conversion on each compare we do it only once
- * prior to sorting. But we also need the space for the original
- * values to recover the sorting result. To reuse
- * sort_compare_strings we move the original values to the odd
- * indexes in vec, put the string conversion results in the even
- * indexes and pass 2 * sizeof(jsval) as an element size to the
- * sorting function. In this way sort_compare_strings will only
- * see the string values when it casts the compare arguments as
- * pointers to jsval.
- *
- * This requires doubling the temporary storage including the
- * scratch space for the merge sort. Since vec already contains
- * the rooted scratch space for newlen elements at the tail, we
- * can use it to rearrange and convert to strings first and try
- * realloc only when we know that we successfully converted all
- * the elements.
- */
- #if JS_BITS_PER_WORD == 32
- if ((size_t)newlen > ~(size_t)0 / (4 * sizeof(jsval))) {
- js_ReportAllocationOverflow(cx);
- ok = JS_FALSE;
- goto out;
- }
- #endif
- /*
- * Rearrange and string-convert the elements of the vector from
- * the tail here and, after sorting, move the results back
- * starting from the start to prevent overwrite the existing
- * elements.
- */
- i = newlen;
- do {
- --i;
- ok = JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP);
- if (!ok)
- goto out;
- v = vec[i];
- str = js_ValueToString(cx, v);
- if (!str) {
- ok = JS_FALSE;
- goto out;
- }
- vec[2 * i] = STRING_TO_JSVAL(str);
- vec[2 * i + 1] = v;
- } while (i != 0);
- JS_ASSERT(tvr.u.array == vec);
- vec = (jsval *) JS_realloc(cx, vec,
- 4 * (size_t) newlen * sizeof(jsval));
- if (!vec) {
- vec = tvr.u.array;
- ok = JS_FALSE;
- goto out;
- }
- tvr.u.array = vec;
- mergesort_tmp = vec + 2 * newlen;
- memset(mergesort_tmp, 0, newlen * 2 * sizeof(jsval));
- tvr.count = newlen * 4;
- elemsize = 2 * sizeof(jsval);
- }
- ok = js_MergeSort(vec, (size_t) newlen, elemsize,
- sort_compare_strings, cx, mergesort_tmp);
- if (!ok)
- goto out;
- if (!all_strings) {
- /*
- * We want to make the following loop fast and to unroot the
- * cached results of toString invocations before the operation
- * callback has a chance to run the GC. For this reason we do
- * not call JS_CHECK_OPERATION_LIMIT in the loop.
- */
- i = 0;
- do {
- vec[i] = vec[2 * i + 1];
- } while (++i != newlen);
- }
- } else {
- void *mark;
- ca.context = cx;
- ca.fval = fval;
- ca.elemroot = js_AllocStack(cx, 2 + 2, &mark);
- if (!ca.elemroot) {
- ok = JS_FALSE;
- goto out;
- }
- ok = js_MergeSort(vec, (size_t) newlen, sizeof(jsval),
- sort_compare, &ca, mergesort_tmp);
- js_FreeStack(cx, mark);
- if (!ok)
- goto out;
- }
- /*
- * We no longer need to root the scratch space for the merge sort, so
- * unroot it now to make the job of a potential GC under InitArrayElements
- * easier.
- */
- tvr.count = newlen;
- ok = InitArrayElements(cx, obj, 0, newlen, vec);
- if (!ok)
- goto out;
- out:
- JS_POP_TEMP_ROOT(cx, &tvr);
- JS_free(cx, vec);
- if (!ok)
- return JS_FALSE;
- /* Set undefs that sorted after the rest of elements. */
- while (undefs != 0) {
- --undefs;
- if (!JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) ||
- !SetArrayElement(cx, obj, newlen++, JSVAL_VOID)) {
- return JS_FALSE;
- }
- }
- /* Re-create any holes that sorted to the end of the array. */
- while (len > newlen) {
- if (!JS_CHECK_OPERATION_LIMIT(cx, JSOW_JUMP) ||
- !DeleteArrayElement(cx, obj, --len)) {
- return JS_FALSE;
- }
- }
- *vp = OBJECT_TO_JSVAL(obj);
- return JS_TRUE;
- }
- /*
- * Perl-inspired push, pop, shift, unshift, and splice methods.
- */
- static JSBool
- array_push_slowly(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
- {
- jsuint length, newlength;
- if (!js_GetLengthProperty(cx, obj, &length))
- return JS_FALSE;
- newlength = length + argc;
- if (!InitArrayElements(cx, obj, length, newlength, argv))
- return JS_FALSE;
- /* Per ECMA-262, return the new array length. */
- if (!IndexToValue(cx, newlength, rval))
- return JS_FALSE;
- return js_SetLengthProperty(cx, obj, newlength);
- }
- static JSBool
- array_push1_dense(JSContext* cx, JSObject* obj, jsval v, jsval *rval)
- {
- uint32 length = obj->fslots[JSSLOT_ARRAY_LENGTH];
- if (INDEX_TOO_SPARSE(obj, length)) {
- if (!js_MakeArraySlow(cx, obj))
- return JS_FALSE;
- return array_push_slowly(cx, obj, 1, &v, rval);
- }
- if (!EnsureLength(cx, obj, length + 1))
- return JS_FALSE;
- obj->fslots[JSSLOT_ARRAY_LENGTH] = length + 1;
- JS_ASSERT(obj->dslots[length] == JSVAL_HOLE);
- obj->fslots[JSSLOT_ARRAY_COUNT]++;
- obj->dslots[length] = v;
- return IndexToValue(cx, obj->fslots[JSSLOT_ARRAY_LENGTH], rval);
- }
- #ifdef JS_TRACER
- static jsval FASTCALL
- Array_p_push1(JSContext* cx, JSObject* obj, jsval v)
- {
- if (OBJ_IS_DENSE_ARRAY(cx, obj)
- ? array_push1_dense(cx, obj, v, &v)
- : array_push_slowly(cx, obj, 1, &v, &v)) {
- return v;
- }
- return JSVAL_ERROR_COOKIE;
- }
- #endif
- static JSBool
- array_push(JSContext *cx, uintN argc, jsval *vp)
- {
- JSObject *obj;
- /* Insist on one argument and obj of the expected class. */
- obj = JS_THIS_OBJECT(cx, vp);
- if (!obj)
- re