1/*
2 * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
3 * Copyright (C) 2002-2019 Apple Inc. All rights reserved.
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Library General Public License for more details.
14 *
15 * You should have received a copy of the GNU Library General Public License
16 * along with this library; see the file COPYING.LIB. If not, write to
17 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 * Boston, MA 02110-1301, USA.
19 *
20 */
21
22#pragma once
23
24#include "CallFrame.h"
25#include "ExceptionHelpers.h"
26#include "JSBigInt.h"
27#include "JSCJSValueInlines.h"
28#include <wtf/Variant.h>
29
30namespace JSC {
31
32#define InvalidPrototypeChain (std::numeric_limits<size_t>::max())
33
34NEVER_INLINE JSValue jsAddSlowCase(JSGlobalObject*, JSValue, JSValue);
35JSValue jsTypeStringForValue(JSGlobalObject*, JSValue);
36JSValue jsTypeStringForValue(VM&, JSGlobalObject*, JSValue);
37bool jsIsObjectTypeOrNull(JSGlobalObject*, JSValue);
38size_t normalizePrototypeChain(JSGlobalObject*, JSCell*, bool& sawPolyProto);
39
40ALWAYS_INLINE JSString* jsString(JSGlobalObject* globalObject, const String& u1, JSString* s2)
41{
42 VM& vm = getVM(globalObject);
43 auto scope = DECLARE_THROW_SCOPE(vm);
44
45 unsigned length1 = u1.length();
46 if (!length1)
47 return s2;
48 unsigned length2 = s2->length();
49 if (!length2)
50 return jsString(vm, u1);
51 static_assert(JSString::MaxLength == std::numeric_limits<int32_t>::max(), "");
52 if (sumOverflows<int32_t>(length1, length2)) {
53 throwOutOfMemoryError(globalObject, scope);
54 return nullptr;
55 }
56
57 // (1) Cost of making JSString : sizeof(JSString) (for new string) + sizeof(StringImpl header) + length1 + length2
58 // (2) Cost of making JSRopeString: sizeof(JSString) (for u1) + sizeof(JSRopeString)
59 // We do not account u1 cost in (2) since u1 may be shared StringImpl, and it may not introduce additional cost.
60 // We conservatively consider the cost of u1. Currently, we are not considering about is8Bit() case because 16-bit
61 // strings are relatively rare. But we can do that if we need to consider it.
62 if (s2->isRope() || (StringImpl::headerSize<LChar>() + length1 + length2) >= sizeof(JSRopeString))
63 return JSRopeString::create(vm, jsString(vm, u1), s2);
64
65 ASSERT(!s2->isRope());
66 const String& u2 = s2->value(globalObject);
67 scope.assertNoException();
68 String newString = tryMakeString(u1, u2);
69 if (!newString) {
70 throwOutOfMemoryError(globalObject, scope);
71 return nullptr;
72 }
73 return JSString::create(vm, newString.releaseImpl().releaseNonNull());
74}
75
76ALWAYS_INLINE JSString* jsString(JSGlobalObject* globalObject, JSString* s1, const String& u2)
77{
78 VM& vm = getVM(globalObject);
79 auto scope = DECLARE_THROW_SCOPE(vm);
80
81 unsigned length1 = s1->length();
82 if (!length1)
83 return jsString(vm, u2);
84 unsigned length2 = u2.length();
85 if (!length2)
86 return s1;
87 static_assert(JSString::MaxLength == std::numeric_limits<int32_t>::max(), "");
88 if (sumOverflows<int32_t>(length1, length2)) {
89 throwOutOfMemoryError(globalObject, scope);
90 return nullptr;
91 }
92
93 // (1) Cost of making JSString : sizeof(JSString) (for new string) + sizeof(StringImpl header) + length1 + length2
94 // (2) Cost of making JSRopeString: sizeof(JSString) (for u2) + sizeof(JSRopeString)
95 if (s1->isRope() || (StringImpl::headerSize<LChar>() + length1 + length2) >= sizeof(JSRopeString))
96 return JSRopeString::create(vm, s1, jsString(vm, u2));
97
98 ASSERT(!s1->isRope());
99 const String& u1 = s1->value(globalObject);
100 scope.assertNoException();
101 String newString = tryMakeString(u1, u2);
102 if (!newString) {
103 throwOutOfMemoryError(globalObject, scope);
104 return nullptr;
105 }
106 return JSString::create(vm, newString.releaseImpl().releaseNonNull());
107}
108
109ALWAYS_INLINE JSString* jsString(JSGlobalObject* globalObject, JSString* s1, JSString* s2)
110{
111 VM& vm = getVM(globalObject);
112 auto scope = DECLARE_THROW_SCOPE(vm);
113
114 unsigned length1 = s1->length();
115 if (!length1)
116 return s2;
117 unsigned length2 = s2->length();
118 if (!length2)
119 return s1;
120 static_assert(JSString::MaxLength == std::numeric_limits<int32_t>::max(), "");
121 if (sumOverflows<int32_t>(length1, length2)) {
122 throwOutOfMemoryError(globalObject, scope);
123 return nullptr;
124 }
125
126 return JSRopeString::create(vm, s1, s2);
127}
128
129ALWAYS_INLINE JSString* jsString(JSGlobalObject* globalObject, JSString* s1, JSString* s2, JSString* s3)
130{
131 VM& vm = getVM(globalObject);
132 auto scope = DECLARE_THROW_SCOPE(vm);
133
134 unsigned length1 = s1->length();
135 if (!length1)
136 RELEASE_AND_RETURN(scope, jsString(globalObject, s2, s3));
137
138 unsigned length2 = s2->length();
139 if (!length2)
140 RELEASE_AND_RETURN(scope, jsString(globalObject, s1, s3));
141
142 unsigned length3 = s3->length();
143 if (!length3)
144 RELEASE_AND_RETURN(scope, jsString(globalObject, s1, s2));
145
146 static_assert(JSString::MaxLength == std::numeric_limits<int32_t>::max(), "");
147 if (sumOverflows<int32_t>(length1, length2, length3)) {
148 throwOutOfMemoryError(globalObject, scope);
149 return nullptr;
150 }
151
152 return JSRopeString::create(vm, s1, s2, s3);
153}
154
155ALWAYS_INLINE JSString* jsString(JSGlobalObject* globalObject, const String& u1, const String& u2)
156{
157 VM& vm = getVM(globalObject);
158 auto scope = DECLARE_THROW_SCOPE(vm);
159
160 unsigned length1 = u1.length();
161 if (!length1)
162 return jsString(vm, u2);
163 unsigned length2 = u2.length();
164 if (!length2)
165 return jsString(vm, u1);
166 static_assert(JSString::MaxLength == std::numeric_limits<int32_t>::max(), "");
167 if (sumOverflows<int32_t>(length1, length2)) {
168 throwOutOfMemoryError(globalObject, scope);
169 return nullptr;
170 }
171
172 // (1) Cost of making JSString : sizeof(JSString) (for new string) + sizeof(StringImpl header) + length1 + length2
173 // (2) Cost of making JSRopeString: sizeof(JSString) (for u1) + sizeof(JSString) (for u2) + sizeof(JSRopeString)
174 if ((StringImpl::headerSize<LChar>() + length1 + length2) >= (sizeof(JSRopeString) + sizeof(JSString)))
175 return JSRopeString::create(vm, jsString(vm, u1), jsString(vm, u2));
176
177 String newString = tryMakeString(u1, u2);
178 if (!newString) {
179 throwOutOfMemoryError(globalObject, scope);
180 return nullptr;
181 }
182 return JSString::create(vm, newString.releaseImpl().releaseNonNull());
183}
184
185ALWAYS_INLINE JSString* jsString(JSGlobalObject* globalObject, const String& u1, const String& u2, const String& u3)
186{
187 VM& vm = getVM(globalObject);
188 auto scope = DECLARE_THROW_SCOPE(vm);
189
190 unsigned length1 = u1.length();
191 unsigned length2 = u2.length();
192 unsigned length3 = u3.length();
193 ASSERT(length1 <= JSString::MaxLength);
194 ASSERT(length2 <= JSString::MaxLength);
195 ASSERT(length3 <= JSString::MaxLength);
196
197 if (!length1)
198 RELEASE_AND_RETURN(scope, jsString(globalObject, u2, u3));
199
200 if (!length2)
201 RELEASE_AND_RETURN(scope, jsString(globalObject, u1, u3));
202
203 if (!length3)
204 RELEASE_AND_RETURN(scope, jsString(globalObject, u1, u2));
205
206 static_assert(JSString::MaxLength == std::numeric_limits<int32_t>::max(), "");
207 if (sumOverflows<int32_t>(length1, length2, length3)) {
208 throwOutOfMemoryError(globalObject, scope);
209 return nullptr;
210 }
211
212 // (1) Cost of making JSString : sizeof(JSString) (for new string) + sizeof(StringImpl header) + length1 + length2 + length3
213 // (2) Cost of making JSRopeString: sizeof(JSString) (for u1) + sizeof(JSString) (for u2) + sizeof(JSString) (for u3) + sizeof(JSRopeString)
214 if ((StringImpl::headerSize<LChar>() + length1 + length2 + length3) >= (sizeof(JSRopeString) + sizeof(JSString) * 2))
215 return JSRopeString::create(vm, jsString(vm, u1), jsString(vm, u2), jsString(vm, u3));
216
217 String newString = tryMakeString(u1, u2, u3);
218 if (!newString) {
219 throwOutOfMemoryError(globalObject, scope);
220 return nullptr;
221 }
222 return JSString::create(vm, newString.releaseImpl().releaseNonNull());
223}
224
225ALWAYS_INLINE JSValue jsStringFromRegisterArray(JSGlobalObject* globalObject, Register* strings, unsigned count)
226{
227 VM& vm = getVM(globalObject);
228 auto scope = DECLARE_THROW_SCOPE(vm);
229 JSRopeString::RopeBuilder<RecordOverflow> ropeBuilder(vm);
230
231 for (unsigned i = 0; i < count; ++i) {
232 JSValue v = strings[-static_cast<int>(i)].jsValue();
233 JSString* string = v.toString(globalObject);
234 RETURN_IF_EXCEPTION(scope, { });
235 if (!ropeBuilder.append(string))
236 return throwOutOfMemoryError(globalObject, scope);
237 }
238
239 return ropeBuilder.release();
240}
241
242ALWAYS_INLINE bool bigIntCompareResult(JSBigInt::ComparisonResult comparisonResult, JSBigInt::ComparisonMode comparisonMode)
243{
244 if (comparisonMode == JSBigInt::ComparisonMode::LessThan)
245 return comparisonResult == JSBigInt::ComparisonResult::LessThan;
246
247 ASSERT(comparisonMode == JSBigInt::ComparisonMode::LessThanOrEqual);
248 return comparisonResult == JSBigInt::ComparisonResult::LessThan || comparisonResult == JSBigInt::ComparisonResult::Equal;
249}
250
251ALWAYS_INLINE bool bigIntCompare(JSGlobalObject* globalObject, JSValue v1, JSValue v2, JSBigInt::ComparisonMode comparisonMode)
252{
253 ASSERT(v1.isBigInt() || v2.isBigInt());
254 ASSERT(v1.isPrimitive() && v2.isPrimitive());
255
256 VM& vm = globalObject->vm();
257 auto scope = DECLARE_THROW_SCOPE(vm);
258
259 if (v1.isBigInt() && v2.isBigInt())
260 return bigIntCompareResult(JSBigInt::compare(asBigInt(v1), asBigInt(v2)), comparisonMode);
261
262 if (v1.isBigInt()) {
263 JSValue primValue = v2;
264 if (primValue.isString()) {
265 JSBigInt* bigIntValue = JSBigInt::stringToBigInt(globalObject, asString(primValue)->value(globalObject));
266 RETURN_IF_EXCEPTION(scope, false);
267 if (!bigIntValue)
268 return false;
269
270 return bigIntCompareResult(JSBigInt::compare(asBigInt(v1), bigIntValue), comparisonMode);
271 }
272
273 if (primValue.isBigInt())
274 return bigIntCompareResult(JSBigInt::compare(asBigInt(v1), asBigInt(primValue)), comparisonMode);
275
276 double numberValue = primValue.toNumber(globalObject);
277 RETURN_IF_EXCEPTION(scope, false);
278 return bigIntCompareResult(JSBigInt::compareToDouble(asBigInt(v1), numberValue), comparisonMode);
279 }
280
281 JSValue primValue = v1;
282 if (primValue.isString()) {
283 JSBigInt* bigIntValue = JSBigInt::stringToBigInt(globalObject, asString(primValue)->value(globalObject));
284 RETURN_IF_EXCEPTION(scope, false);
285 if (!bigIntValue)
286 return false;
287
288 return bigIntCompareResult(JSBigInt::compare(bigIntValue, asBigInt(v2)), comparisonMode);
289 }
290
291 if (primValue.isBigInt())
292 return bigIntCompareResult(JSBigInt::compare(asBigInt(primValue), asBigInt(v2)), comparisonMode);
293
294 double numberValue = primValue.toNumber(globalObject);
295 RETURN_IF_EXCEPTION(scope, false);
296
297 // Here we check inverted because BigInt is the v2
298 JSBigInt::ComparisonResult comparisonResult = JSBigInt::compareToDouble(asBigInt(v2), numberValue);
299 if (comparisonMode == JSBigInt::ComparisonMode::LessThan)
300 return comparisonResult == JSBigInt::ComparisonResult::GreaterThan;
301
302 return comparisonResult == JSBigInt::ComparisonResult::GreaterThan || comparisonResult == JSBigInt::ComparisonResult::Equal;
303}
304
305ALWAYS_INLINE bool toPrimitiveNumeric(JSGlobalObject* globalObject, JSValue v, JSValue& p, double& n)
306{
307 VM& vm = globalObject->vm();
308 auto scope = DECLARE_THROW_SCOPE(vm);
309
310 p = v.toPrimitive(globalObject, PreferNumber);
311 RETURN_IF_EXCEPTION(scope, false);
312 if (p.isBigInt())
313 return true;
314
315 n = p.toNumber(globalObject);
316 RETURN_IF_EXCEPTION(scope, false);
317 return !p.isString();
318}
319
320// See ES5 11.8.1/11.8.2/11.8.5 for definition of leftFirst, this value ensures correct
321// evaluation ordering for argument conversions for '<' and '>'. For '<' pass the value
322// true, for leftFirst, for '>' pass the value false (and reverse operand order).
323template<bool leftFirst>
324ALWAYS_INLINE bool jsLess(JSGlobalObject* globalObject, JSValue v1, JSValue v2)
325{
326 VM& vm = globalObject->vm();
327 auto scope = DECLARE_THROW_SCOPE(vm);
328
329 if (v1.isInt32() && v2.isInt32())
330 return v1.asInt32() < v2.asInt32();
331
332 if (v1.isNumber() && v2.isNumber())
333 return v1.asNumber() < v2.asNumber();
334
335 if (isJSString(v1) && isJSString(v2)) {
336 String s1 = asString(v1)->value(globalObject);
337 RETURN_IF_EXCEPTION(scope, false);
338 String s2 = asString(v2)->value(globalObject);
339 RETURN_IF_EXCEPTION(scope, false);
340 return codePointCompareLessThan(s1, s2);
341 }
342
343 double n1;
344 double n2;
345 JSValue p1;
346 JSValue p2;
347 bool wasNotString1;
348 bool wasNotString2;
349 if (leftFirst) {
350 wasNotString1 = toPrimitiveNumeric(globalObject, v1, p1, n1);
351 RETURN_IF_EXCEPTION(scope, false);
352 wasNotString2 = toPrimitiveNumeric(globalObject, v2, p2, n2);
353 } else {
354 wasNotString2 = toPrimitiveNumeric(globalObject, v2, p2, n2);
355 RETURN_IF_EXCEPTION(scope, false);
356 wasNotString1 = toPrimitiveNumeric(globalObject, v1, p1, n1);
357 }
358 RETURN_IF_EXCEPTION(scope, false);
359
360 if (wasNotString1 | wasNotString2) {
361 if (p1.isBigInt() || p2.isBigInt())
362 RELEASE_AND_RETURN(scope, bigIntCompare(globalObject, p1, p2, JSBigInt::ComparisonMode::LessThan));
363
364 return n1 < n2;
365 }
366
367 return codePointCompareLessThan(asString(p1)->value(globalObject), asString(p2)->value(globalObject));
368}
369
370// See ES5 11.8.3/11.8.4/11.8.5 for definition of leftFirst, this value ensures correct
371// evaluation ordering for argument conversions for '<=' and '=>'. For '<=' pass the
372// value true, for leftFirst, for '=>' pass the value false (and reverse operand order).
373template<bool leftFirst>
374ALWAYS_INLINE bool jsLessEq(JSGlobalObject* globalObject, JSValue v1, JSValue v2)
375{
376 VM& vm = globalObject->vm();
377 auto scope = DECLARE_THROW_SCOPE(vm);
378
379 if (v1.isInt32() && v2.isInt32())
380 return v1.asInt32() <= v2.asInt32();
381
382 if (v1.isNumber() && v2.isNumber())
383 return v1.asNumber() <= v2.asNumber();
384
385 if (isJSString(v1) && isJSString(v2)) {
386 String s1 = asString(v1)->value(globalObject);
387 RETURN_IF_EXCEPTION(scope, false);
388 String s2 = asString(v2)->value(globalObject);
389 RETURN_IF_EXCEPTION(scope, false);
390 return !codePointCompareLessThan(s2, s1);
391 }
392
393 double n1;
394 double n2;
395 JSValue p1;
396 JSValue p2;
397 bool wasNotString1;
398 bool wasNotString2;
399 if (leftFirst) {
400 wasNotString1 = toPrimitiveNumeric(globalObject, v1, p1, n1);
401 RETURN_IF_EXCEPTION(scope, false);
402 wasNotString2 = toPrimitiveNumeric(globalObject, v2, p2, n2);
403 } else {
404 wasNotString2 = toPrimitiveNumeric(globalObject, v2, p2, n2);
405 RETURN_IF_EXCEPTION(scope, false);
406 wasNotString1 = toPrimitiveNumeric(globalObject, v1, p1, n1);
407 }
408 RETURN_IF_EXCEPTION(scope, false);
409
410 if (wasNotString1 | wasNotString2) {
411 if (p1.isBigInt() || p2.isBigInt())
412 RELEASE_AND_RETURN(scope, bigIntCompare(globalObject, p1, p2, JSBigInt::ComparisonMode::LessThanOrEqual));
413
414 return n1 <= n2;
415 }
416 return !codePointCompareLessThan(asString(p2)->value(globalObject), asString(p1)->value(globalObject));
417}
418
419// Fast-path choices here are based on frequency data from SunSpider:
420// <times> Add case: <t1> <t2>
421// ---------------------------
422// 5626160 Add case: 3 3 (of these, 3637690 are for immediate values)
423// 247412 Add case: 5 5
424// 20900 Add case: 5 6
425// 13962 Add case: 5 3
426// 4000 Add case: 3 5
427
428
429ALWAYS_INLINE JSValue jsAddNonNumber(JSGlobalObject* globalObject, JSValue v1, JSValue v2)
430{
431 VM& vm = globalObject->vm();
432 auto scope = DECLARE_THROW_SCOPE(vm);
433 ASSERT(!v1.isNumber() || !v2.isNumber());
434
435 if (LIKELY(v1.isString() && !v2.isObject())) {
436 if (v2.isString())
437 RELEASE_AND_RETURN(scope, jsString(globalObject, asString(v1), asString(v2)));
438 String s2 = v2.toWTFString(globalObject);
439 RETURN_IF_EXCEPTION(scope, { });
440 RELEASE_AND_RETURN(scope, jsString(globalObject, asString(v1), s2));
441 }
442
443 // All other cases are pretty uncommon
444 RELEASE_AND_RETURN(scope, jsAddSlowCase(globalObject, v1, v2));
445}
446
447ALWAYS_INLINE JSValue jsAdd(JSGlobalObject* globalObject, JSValue v1, JSValue v2)
448{
449 if (v1.isNumber() && v2.isNumber())
450 return jsNumber(v1.asNumber() + v2.asNumber());
451
452 return jsAddNonNumber(globalObject, v1, v2);
453}
454
455ALWAYS_INLINE JSValue jsSub(JSGlobalObject* globalObject, JSValue v1, JSValue v2)
456{
457 VM& vm = getVM(globalObject);
458 auto scope = DECLARE_THROW_SCOPE(vm);
459
460 auto leftNumeric = v1.toNumeric(globalObject);
461 RETURN_IF_EXCEPTION(scope, { });
462 auto rightNumeric = v2.toNumeric(globalObject);
463 RETURN_IF_EXCEPTION(scope, { });
464
465 if (WTF::holds_alternative<JSBigInt*>(leftNumeric) || WTF::holds_alternative<JSBigInt*>(rightNumeric)) {
466 if (WTF::holds_alternative<JSBigInt*>(leftNumeric) && WTF::holds_alternative<JSBigInt*>(rightNumeric)) {
467 scope.release();
468 return JSBigInt::sub(globalObject, WTF::get<JSBigInt*>(leftNumeric), WTF::get<JSBigInt*>(rightNumeric));
469 }
470
471 return throwTypeError(globalObject, scope, "Invalid mix of BigInt and other type in subtraction."_s);
472 }
473
474 return jsNumber(WTF::get<double>(leftNumeric) - WTF::get<double>(rightNumeric));
475}
476
477ALWAYS_INLINE JSValue jsMul(JSGlobalObject* globalObject, JSValue v1, JSValue v2)
478{
479 VM& vm = globalObject->vm();
480 auto scope = DECLARE_THROW_SCOPE(vm);
481
482 Variant<JSBigInt*, double> leftNumeric = v1.toNumeric(globalObject);
483 RETURN_IF_EXCEPTION(scope, { });
484 Variant<JSBigInt*, double> rightNumeric = v2.toNumeric(globalObject);
485 RETURN_IF_EXCEPTION(scope, { });
486
487 if (WTF::holds_alternative<JSBigInt*>(leftNumeric) || WTF::holds_alternative<JSBigInt*>(rightNumeric)) {
488 if (WTF::holds_alternative<JSBigInt*>(leftNumeric) && WTF::holds_alternative<JSBigInt*>(rightNumeric)) {
489 scope.release();
490 return JSBigInt::multiply(globalObject, WTF::get<JSBigInt*>(leftNumeric), WTF::get<JSBigInt*>(rightNumeric));
491 }
492
493 throwTypeError(globalObject, scope, "Invalid mix of BigInt and other type in multiplication."_s);
494 return { };
495 }
496
497 double leftValue = WTF::get<double>(leftNumeric);
498 double rightValue = WTF::get<double>(rightNumeric);
499 return jsNumber(leftValue * rightValue);
500}
501
502inline bool scribbleFreeCells()
503{
504 return !ASSERT_DISABLED || Options::scribbleFreeCells();
505}
506
507#define SCRIBBLE_WORD static_cast<intptr_t>(0xbadbeef0)
508
509inline bool isScribbledValue(JSValue value)
510{
511 return JSValue::encode(value) == JSValue::encode(bitwise_cast<JSCell*>(SCRIBBLE_WORD));
512}
513
514inline void scribble(void* base, size_t size)
515{
516 for (size_t i = size / sizeof(EncodedJSValue); i--;) {
517 // Use a 16-byte aligned value to ensure that it passes the cell check.
518 static_cast<EncodedJSValue*>(base)[i] = JSValue::encode(bitwise_cast<JSCell*>(SCRIBBLE_WORD));
519 }
520}
521
522} // namespace JSC
523