]> git.proxmox.com Git - ceph.git/blob - ceph/src/jaegertracing/opentelemetry-cpp/third_party/prometheus-cpp/3rdparty/civetweb/src/third_party/duktape-1.5.2/src-separate/duk_hobject_props.c
projects / ceph.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
update ceph source to reef 18.1.2
[ceph.git] / ceph / src / jaegertracing / opentelemetry-cpp / third_party / prometheus-cpp / 3rdparty / civetweb / src / third_party / duktape-1.5.2 / src-separate / duk_hobject_props.c
1 /*
2 * Hobject property set/get functionality.
3 *
4 * This is very central functionality for size, performance, and compliance.
5 * It is also rather intricate; see hobject-algorithms.rst for discussion on
6 * the algorithms and memory-management.rst for discussion on refcounts and
7 * side effect issues.
8 *
9 * Notes:
10 *
11 * - It might be tempting to assert "refcount nonzero" for objects
12 * being operated on, but that's not always correct: objects with
13 * a zero refcount may be operated on by the refcount implementation
14 * (finalization) for instance. Hence, no refcount assertions are made.
15 *
16 * - Many operations (memory allocation, identifier operations, etc)
17 * may cause arbitrary side effects (e.g. through GC and finalization).
18 * These side effects may invalidate duk_tval pointers which point to
19 * areas subject to reallocation (like value stack). Heap objects
20 * themselves have stable pointers. Holding heap object pointers or
21 * duk_tval copies is not problematic with respect to side effects;
22 * care must be taken when holding and using argument duk_tval pointers.
23 *
24 * - If a finalizer is executed, it may operate on the the same object
25 * we're currently dealing with. For instance, the finalizer might
26 * delete a certain property which has already been looked up and
27 * confirmed to exist. Ideally finalizers would be disabled if GC
28 * happens during property access. At the moment property table realloc
29 * disables finalizers, and all DECREFs may cause arbitrary changes so
30 * handle DECREF carefully.
31 *
32 * - The order of operations for a DECREF matters. When DECREF is executed,
33 * the entire object graph must be consistent; note that a refzero may
34 * lead to a mark-and-sweep through a refcount finalizer.
35 */
36
37 /*
38 * XXX: array indices are mostly typed as duk_uint32_t here; duk_uarridx_t
39 * might be more appropriate.
40 */
41
42 /*
43 * XXX: duk_uint_fast32_t should probably be used in many places here.
44 */
45
46 #include "duk_internal.h"
47
48 /*
49 * Local defines
50 */
51
52 #define DUK__NO_ARRAY_INDEX DUK_HSTRING_NO_ARRAY_INDEX
53
54 /* hash probe sequence */
55 #define DUK__HASH_INITIAL(hash,h_size) DUK_HOBJECT_HASH_INITIAL((hash),(h_size))
56 #define DUK__HASH_PROBE_STEP(hash) DUK_HOBJECT_HASH_PROBE_STEP((hash))
57
58 /* marker values for hash part */
59 #define DUK__HASH_UNUSED DUK_HOBJECT_HASHIDX_UNUSED
60 #define DUK__HASH_DELETED DUK_HOBJECT_HASHIDX_DELETED
61
62 /* valstack space that suffices for all local calls, including recursion
63 * of other than Duktape calls (getters etc)
64 */
65 #define DUK__VALSTACK_SPACE 10
66
67 /* valstack space allocated especially for proxy lookup which does a
68 * recursive property lookup
69 */
70 #define DUK__VALSTACK_PROXY_LOOKUP 20
71
72 /*
73 * Local prototypes
74 */
75
76 DUK_LOCAL_DECL duk_bool_t duk__check_arguments_map_for_get(duk_hthread *thr, duk_hobject *obj, duk_hstring *key, duk_propdesc *temp_desc);
77 DUK_LOCAL_DECL void duk__check_arguments_map_for_put(duk_hthread *thr, duk_hobject *obj, duk_hstring *key, duk_propdesc *temp_desc, duk_bool_t throw_flag);
78 DUK_LOCAL_DECL void duk__check_arguments_map_for_delete(duk_hthread *thr, duk_hobject *obj, duk_hstring *key, duk_propdesc *temp_desc);
79
80 DUK_LOCAL_DECL duk_bool_t duk__handle_put_array_length_smaller(duk_hthread *thr, duk_hobject *obj, duk_uint32_t old_len, duk_uint32_t new_len, duk_bool_t force_flag, duk_uint32_t *out_result_len);
81 DUK_LOCAL_DECL duk_bool_t duk__handle_put_array_length(duk_hthread *thr, duk_hobject *obj);
82
83 DUK_LOCAL_DECL duk_bool_t duk__get_propdesc(duk_hthread *thr, duk_hobject *obj, duk_hstring *key, duk_propdesc *out_desc, duk_small_uint_t flags);
84 DUK_LOCAL_DECL duk_bool_t duk__get_own_propdesc_raw(duk_hthread *thr, duk_hobject *obj, duk_hstring *key, duk_uint32_t arr_idx, duk_propdesc *out_desc, duk_small_uint_t flags);
85 DUK_LOCAL duk_uint32_t duk__get_old_array_length(duk_hthread *thr, duk_hobject *obj, duk_propdesc *temp_desc);
86
87 /*
88 * Misc helpers
89 */
90
91 /* Convert a duk_tval number (caller checks) to a 32-bit index. Returns
92 * DUK__NO_ARRAY_INDEX if the number is not whole or not a valid array
93 * index.
94 */
95 /* XXX: for fastints, could use a variant which assumes a double duk_tval
96 * (and doesn't need to check for fastint again).
97 */
98 DUK_LOCAL duk_uint32_t duk__tval_number_to_arr_idx(duk_tval *tv) {
99 duk_double_t dbl;
100 duk_uint32_t idx;
101
102 DUK_ASSERT(tv != NULL);
103 DUK_ASSERT(DUK_TVAL_IS_NUMBER(tv));
104
105 /* -0 is accepted here as index 0 because ToString(-0) == "0" which is
106 * in canonical form and thus an array index.
107 */
108 dbl = DUK_TVAL_GET_NUMBER(tv);
109 idx = (duk_uint32_t) dbl;
110 if ((duk_double_t) idx == dbl) {
111 /* Is whole and within 32 bit range. If the value happens to be 0xFFFFFFFF,
112 * it's not a valid array index but will then match DUK__NO_ARRAY_INDEX.
113 */
114 return idx;
115 }
116 return DUK__NO_ARRAY_INDEX;
117 }
118
119 #if defined(DUK_USE_FASTINT)
120 /* Convert a duk_tval fastint (caller checks) to a 32-bit index. */
121 DUK_LOCAL duk_uint32_t duk__tval_fastint_to_arr_idx(duk_tval *tv) {
122 duk_int64_t t;
123
124 DUK_ASSERT(tv != NULL);
125 DUK_ASSERT(DUK_TVAL_IS_FASTINT(tv));
126
127 t = DUK_TVAL_GET_FASTINT(tv);
128 if ((t & ~0xffffffffULL) != 0) {
129 /* Catches >0x100000000 and negative values. */
130 return DUK__NO_ARRAY_INDEX;
131 }
132
133 /* If the value happens to be 0xFFFFFFFF, it's not a valid array index
134 * but will then match DUK__NO_ARRAY_INDEX.
135 */
136 return (duk_uint32_t) t;
137 }
138 #endif /* DUK_USE_FASTINT */
139
140 /* Push an arbitrary duk_tval to the stack, coerce it to string, and return
141 * both a duk_hstring pointer and an array index (or DUK__NO_ARRAY_INDEX).
142 */
143 DUK_LOCAL duk_uint32_t duk__push_tval_to_hstring_arr_idx(duk_context *ctx, duk_tval *tv, duk_hstring **out_h) {
144 duk_uint32_t arr_idx;
145 duk_hstring *h;
146
147 DUK_ASSERT(ctx != NULL);
148 DUK_ASSERT(tv != NULL);
149 DUK_ASSERT(out_h != NULL);
150
151 duk_push_tval(ctx, tv);
152 duk_to_string(ctx, -1);
153 h = duk_get_hstring(ctx, -1);
154 DUK_ASSERT(h != NULL);
155 *out_h = h;
156
157 arr_idx = DUK_HSTRING_GET_ARRIDX_FAST(h);
158 return arr_idx;
159 }
160
161 /* String is an own (virtual) property of a lightfunc. */
162 DUK_LOCAL duk_bool_t duk__key_is_lightfunc_ownprop(duk_hthread *thr, duk_hstring *key) {
163 DUK_UNREF(thr);
164 return (key == DUK_HTHREAD_STRING_LENGTH(thr) ||
165 key == DUK_HTHREAD_STRING_NAME(thr));
166 }
167
168 /*
169 * Helpers for managing property storage size
170 */
171
172 /* Get default hash part size for a certain entry part size. */
173 #if defined(DUK_USE_HOBJECT_HASH_PART)
174 DUK_LOCAL duk_uint32_t duk__get_default_h_size(duk_uint32_t e_size) {
175 DUK_ASSERT(e_size <= DUK_HOBJECT_MAX_PROPERTIES);
176
177 if (e_size >= DUK_HOBJECT_E_USE_HASH_LIMIT) {
178 duk_uint32_t res;
179
180 /* result: hash_prime(floor(1.2 * e_size)) */
181 res = duk_util_get_hash_prime(e_size + e_size / DUK_HOBJECT_H_SIZE_DIVISOR);
182
183 /* if fails, e_size will be zero = not an issue, except performance-wise */
184 DUK_ASSERT(res == 0 || res > e_size);
185 return res;
186 } else {
187 return 0;
188 }
189 }
190 #endif /* USE_PROP_HASH_PART */
191
192 /* Get minimum entry part growth for a certain size. */
193 DUK_LOCAL duk_uint32_t duk__get_min_grow_e(duk_uint32_t e_size) {
194 duk_uint32_t res;
195
196 DUK_ASSERT(e_size <= DUK_HOBJECT_MAX_PROPERTIES);
197
198 res = (e_size + DUK_HOBJECT_E_MIN_GROW_ADD) / DUK_HOBJECT_E_MIN_GROW_DIVISOR;
199 DUK_ASSERT(res >= 1); /* important for callers */
200 return res;
201 }
202
203 /* Get minimum array part growth for a certain size. */
204 DUK_LOCAL duk_uint32_t duk__get_min_grow_a(duk_uint32_t a_size) {
205 duk_uint32_t res;
206
207 DUK_ASSERT((duk_size_t) a_size <= DUK_HOBJECT_MAX_PROPERTIES);
208
209 res = (a_size + DUK_HOBJECT_A_MIN_GROW_ADD) / DUK_HOBJECT_A_MIN_GROW_DIVISOR;
210 DUK_ASSERT(res >= 1); /* important for callers */
211 return res;
212 }
213
214 /* Count actually used entry part entries (non-NULL keys). */
215 DUK_LOCAL duk_uint32_t duk__count_used_e_keys(duk_hthread *thr, duk_hobject *obj) {
216 duk_uint_fast32_t i;
217 duk_uint_fast32_t n = 0;
218 duk_hstring **e;
219
220 DUK_ASSERT(obj != NULL);
221 DUK_UNREF(thr);
222
223 e = DUK_HOBJECT_E_GET_KEY_BASE(thr->heap, obj);
224 for (i = 0; i < DUK_HOBJECT_GET_ENEXT(obj); i++) {
225 if (*e++) {
226 n++;
227 }
228 }
229 return (duk_uint32_t) n;
230 }
231
232 /* Count actually used array part entries and array minimum size.
233 * NOTE: 'out_min_size' can be computed much faster by starting from the
234 * end and breaking out early when finding first used entry, but this is
235 * not needed now.
236 */
237 DUK_LOCAL void duk__compute_a_stats(duk_hthread *thr, duk_hobject *obj, duk_uint32_t *out_used, duk_uint32_t *out_min_size) {
238 duk_uint_fast32_t i;
239 duk_uint_fast32_t used = 0;
240 duk_uint_fast32_t highest_idx = (duk_uint_fast32_t) -1; /* see below */
241 duk_tval *a;
242
243 DUK_ASSERT(obj != NULL);
244 DUK_ASSERT(out_used != NULL);
245 DUK_ASSERT(out_min_size != NULL);
246 DUK_UNREF(thr);
247
248 a = DUK_HOBJECT_A_GET_BASE(thr->heap, obj);
249 for (i = 0; i < DUK_HOBJECT_GET_ASIZE(obj); i++) {
250 duk_tval *tv = a++;
251 if (!DUK_TVAL_IS_UNUSED(tv)) {
252 used++;
253 highest_idx = i;
254 }
255 }
256
257 /* Initial value for highest_idx is -1 coerced to unsigned. This
258 * is a bit odd, but (highest_idx + 1) will then wrap to 0 below
259 * for out_min_size as intended.
260 */
261
262 *out_used = used;
263 *out_min_size = highest_idx + 1; /* 0 if no used entries */
264 }
265
266 /* Check array density and indicate whether or not the array part should be abandoned. */
267 DUK_LOCAL duk_bool_t duk__abandon_array_density_check(duk_uint32_t a_used, duk_uint32_t a_size) {
268 /*
269 * Array abandon check; abandon if:
270 *
271 * new_used / new_size < limit
272 * new_used < limit * new_size || limit is 3 bits fixed point
273 * new_used < limit' / 8 * new_size || *8
274 * 8*new_used < limit' * new_size || :8
275 * new_used < limit' * (new_size / 8)
276 *
277 * Here, new_used = a_used, new_size = a_size.
278 *
279 * Note: some callers use approximate values for a_used and/or a_size
280 * (e.g. dropping a '+1' term). This doesn't affect the usefulness
281 * of the check, but may confuse debugging.
282 */
283
284 return (a_used < DUK_HOBJECT_A_ABANDON_LIMIT * (a_size >> 3));
285 }
286
287 /* Fast check for extending array: check whether or not a slow density check is required. */
288 DUK_LOCAL duk_bool_t duk__abandon_array_slow_check_required(duk_uint32_t arr_idx, duk_uint32_t old_size) {
289 /*
290 * In a fast check we assume old_size equals old_used (i.e., existing
291 * array is fully dense).
292 *
293 * Slow check if:
294 *
295 * (new_size - old_size) / old_size > limit
296 * new_size - old_size > limit * old_size
297 * new_size > (1 + limit) * old_size || limit' is 3 bits fixed point
298 * new_size > (1 + (limit' / 8)) * old_size || * 8
299 * 8 * new_size > (8 + limit') * old_size || : 8
300 * new_size > (8 + limit') * (old_size / 8)
301 * new_size > limit'' * (old_size / 8) || limit'' = 9 -> max 25% increase
302 * arr_idx + 1 > limit'' * (old_size / 8)
303 *
304 * This check doesn't work well for small values, so old_size is rounded
305 * up for the check (and the '+ 1' of arr_idx can be ignored in practice):
306 *
307 * arr_idx > limit'' * ((old_size + 7) / 8)
308 */
309
310 return (arr_idx > DUK_HOBJECT_A_FAST_RESIZE_LIMIT * ((old_size + 7) >> 3));
311 }
312
313 /*
314 * Proxy helpers
315 */
316
317 #if defined(DUK_USE_ES6_PROXY)
318 DUK_INTERNAL duk_bool_t duk_hobject_proxy_check(duk_hthread *thr, duk_hobject *obj, duk_hobject **out_target, duk_hobject **out_handler) {
319 duk_tval *tv_target;
320 duk_tval *tv_handler;
321 duk_hobject *h_target;
322 duk_hobject *h_handler;
323
324 DUK_ASSERT(thr != NULL);
325 DUK_ASSERT(obj != NULL);
326 DUK_ASSERT(out_target != NULL);
327 DUK_ASSERT(out_handler != NULL);
328
329 /* Caller doesn't need to check exotic proxy behavior (but does so for
330 * some fast paths).
331 */
332 if (DUK_LIKELY(!DUK_HOBJECT_HAS_EXOTIC_PROXYOBJ(obj))) {
333 return 0;
334 }
335
336 tv_handler = duk_hobject_find_existing_entry_tval_ptr(thr->heap, obj, DUK_HTHREAD_STRING_INT_HANDLER(thr));
337 if (!tv_handler) {
338 DUK_ERROR_TYPE(thr, DUK_STR_PROXY_REVOKED);
339 return 0;
340 }
341 DUK_ASSERT(DUK_TVAL_IS_OBJECT(tv_handler));
342 h_handler = DUK_TVAL_GET_OBJECT(tv_handler);
343 DUK_ASSERT(h_handler != NULL);
344 *out_handler = h_handler;
345 tv_handler = NULL; /* avoid issues with relocation */
346
347 tv_target = duk_hobject_find_existing_entry_tval_ptr(thr->heap, obj, DUK_HTHREAD_STRING_INT_TARGET(thr));
348 if (!tv_target) {
349 DUK_ERROR_TYPE(thr, DUK_STR_PROXY_REVOKED);
350 return 0;
351 }
352 DUK_ASSERT(DUK_TVAL_IS_OBJECT(tv_target));
353 h_target = DUK_TVAL_GET_OBJECT(tv_target);
354 DUK_ASSERT(h_target != NULL);
355 *out_target = h_target;
356 tv_target = NULL; /* avoid issues with relocation */
357
358 return 1;
359 }
360 #endif /* DUK_USE_ES6_PROXY */
361
362 /* Get Proxy target object. If the argument is not a Proxy, return it as is.
363 * If a Proxy is revoked, an error is thrown.
364 */
365 #if defined(DUK_USE_ES6_PROXY)
366 DUK_INTERNAL duk_hobject *duk_hobject_resolve_proxy_target(duk_hthread *thr, duk_hobject *obj) {
367 duk_hobject *h_target;
368 duk_hobject *h_handler;
369
370 DUK_ASSERT(thr != NULL);
371 DUK_ASSERT(obj != NULL);
372
373 /* Resolve Proxy targets until Proxy chain ends. No explicit check for
374 * a Proxy loop: user code cannot create such a loop without tweaking
375 * internal properties directly.
376 */
377
378 while (DUK_UNLIKELY(DUK_HOBJECT_HAS_EXOTIC_PROXYOBJ(obj))) {
379 if (duk_hobject_proxy_check(thr, obj, &h_target, &h_handler)) {
380 DUK_ASSERT(h_target != NULL);
381 obj = h_target;
382 } else {
383 break;
384 }
385 }
386
387 DUK_ASSERT(obj != NULL);
388 return obj;
389 }
390 #endif /* DUK_USE_ES6_PROXY */
391
392 #if defined(DUK_USE_ES6_PROXY)
393 DUK_LOCAL duk_bool_t duk__proxy_check_prop(duk_hthread *thr, duk_hobject *obj, duk_small_uint_t stridx_trap, duk_tval *tv_key, duk_hobject **out_target) {
394 duk_context *ctx = (duk_context *) thr;
395 duk_hobject *h_handler;
396
397 DUK_ASSERT(thr != NULL);
398 DUK_ASSERT(obj != NULL);
399 DUK_ASSERT(tv_key != NULL);
400 DUK_ASSERT(out_target != NULL);
401
402 if (!duk_hobject_proxy_check(thr, obj, out_target, &h_handler)) {
403 return 0;
404 }
405 DUK_ASSERT(*out_target != NULL);
406 DUK_ASSERT(h_handler != NULL);
407
408 /* XXX: At the moment Duktape accesses internal keys like _Finalizer using a
409 * normal property set/get which would allow a proxy handler to interfere with
410 * such behavior and to get access to internal key strings. This is not a problem
411 * as such because internal key strings can be created in other ways too (e.g.
412 * through buffers). The best fix is to change Duktape internal lookups to
413 * skip proxy behavior. Until that, internal property accesses bypass the
414 * proxy and are applied to the target (as if the handler did not exist).
415 * This has some side effects, see test-bi-proxy-internal-keys.js.
416 */
417
418 if (DUK_TVAL_IS_STRING(tv_key)) {
419 duk_hstring *h_key = (duk_hstring *) DUK_TVAL_GET_STRING(tv_key);
420 DUK_ASSERT(h_key != NULL);
421 if (DUK_HSTRING_HAS_INTERNAL(h_key)) {
422 DUK_DDD(DUK_DDDPRINT("internal key, skip proxy handler and apply to target"));
423 return 0;
424 }
425 }
426
427 /* The handler is looked up with a normal property lookup; it may be an
428 * accessor or the handler object itself may be a proxy object. If the
429 * handler is a proxy, we need to extend the valstack as we make a
430 * recursive proxy check without a function call in between (in fact
431 * there is no limit to the potential recursion here).
432 *
433 * (For sanity, proxy creation rejects another proxy object as either
434 * the handler or the target at the moment so recursive proxy cases
435 * are not realized now.)
436 */
437
438 /* XXX: C recursion limit if proxies are allowed as handler/target values */
439
440 duk_require_stack(ctx, DUK__VALSTACK_PROXY_LOOKUP);
441 duk_push_hobject(ctx, h_handler);
442 if (duk_get_prop_stridx(ctx, -1, stridx_trap)) {
443 /* -> [ ... handler trap ] */
444 duk_insert(ctx, -2); /* -> [ ... trap handler ] */
445
446 /* stack prepped for func call: [ ... trap handler ] */
447 return 1;
448 } else {
449 duk_pop_2(ctx);
450 return 0;
451 }
452 }
453 #endif /* DUK_USE_ES6_PROXY */
454
455 /*
456 * Reallocate property allocation, moving properties to the new allocation.
457 *
458 * Includes key compaction, rehashing, and can also optionally abandoning
459 * the array part, 'migrating' array entries into the beginning of the
460 * new entry part. Arguments are not validated here, so e.g. new_h_size
461 * MUST be a valid prime.
462 *
463 * There is no support for in-place reallocation or just compacting keys
464 * without resizing the property allocation. This is intentional to keep
465 * code size minimal.
466 *
467 * The implementation is relatively straightforward, except for the array
468 * abandonment process. Array abandonment requires that new string keys
469 * are interned, which may trigger GC. All keys interned so far must be
470 * reachable for GC at all times; valstack is used for that now.
471 *
472 * Also, a GC triggered during this reallocation process must not interfere
473 * with the object being resized. This is currently controlled by using
474 * heap->mark_and_sweep_base_flags to indicate that no finalizers will be
475 * executed (as they can affect ANY object) and no objects are compacted
476 * (it would suffice to protect this particular object only, though).
477 *
478 * Note: a non-checked variant would be nice but is a bit tricky to
479 * implement for the array abandonment process. It's easy for
480 * everything else.
481 *
482 * Note: because we need to potentially resize the valstack (as part
483 * of abandoning the array part), any tval pointers to the valstack
484 * will become invalid after this call.
485 */
486
487 DUK_LOCAL
488 void duk__realloc_props(duk_hthread *thr,
489 duk_hobject *obj,
490 duk_uint32_t new_e_size,
491 duk_uint32_t new_a_size,
492 duk_uint32_t new_h_size,
493 duk_bool_t abandon_array) {
494 duk_context *ctx = (duk_context *) thr;
495 #ifdef DUK_USE_MARK_AND_SWEEP
496 duk_small_uint_t prev_mark_and_sweep_base_flags;
497 #endif
498 duk_uint32_t new_alloc_size;
499 duk_uint32_t new_e_size_adjusted;
500 duk_uint8_t *new_p;
501 duk_hstring **new_e_k;
502 duk_propvalue *new_e_pv;
503 duk_uint8_t *new_e_f;
504 duk_tval *new_a;
505 duk_uint32_t *new_h;
506 duk_uint32_t new_e_next;
507 duk_uint_fast32_t i;
508
509 DUK_ASSERT(thr != NULL);
510 DUK_ASSERT(ctx != NULL);
511 DUK_ASSERT(obj != NULL);
512 DUK_ASSERT(!abandon_array || new_a_size == 0); /* if abandon_array, new_a_size must be 0 */
513 DUK_ASSERT(DUK_HOBJECT_GET_PROPS(thr->heap, obj) != NULL || (DUK_HOBJECT_GET_ESIZE(obj) == 0 && DUK_HOBJECT_GET_ASIZE(obj) == 0));
514 DUK_ASSERT(new_h_size == 0 || new_h_size >= new_e_size); /* required to guarantee success of rehashing,
515 * intentionally use unadjusted new_e_size
516 */
517 DUK_ASSERT(!DUK_HEAPHDR_HAS_READONLY((duk_heaphdr *) obj));
518 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
519
520 /*
521 * Pre resize assertions.
522 */
523
524 #ifdef DUK_USE_ASSERTIONS
525 /* XXX: pre-checks (such as no duplicate keys) */
526 #endif
527
528 /*
529 * For property layout 1, tweak e_size to ensure that the whole entry
530 * part (key + val + flags) is a suitable multiple for alignment
531 * (platform specific).
532 *
533 * Property layout 2 does not require this tweaking and is preferred
534 * on low RAM platforms requiring alignment.
535 */
536
537 #if defined(DUK_USE_HOBJECT_LAYOUT_2) || defined(DUK_USE_HOBJECT_LAYOUT_3)
538 DUK_DDD(DUK_DDDPRINT("using layout 2 or 3, no need to pad e_size: %ld", (long) new_e_size));
539 new_e_size_adjusted = new_e_size;
540 #elif defined(DUK_USE_HOBJECT_LAYOUT_1) && (DUK_HOBJECT_ALIGN_TARGET == 1)
541 DUK_DDD(DUK_DDDPRINT("using layout 1, but no need to pad e_size: %ld", (long) new_e_size));
542 new_e_size_adjusted = new_e_size;
543 #elif defined(DUK_USE_HOBJECT_LAYOUT_1) && ((DUK_HOBJECT_ALIGN_TARGET == 4) || (DUK_HOBJECT_ALIGN_TARGET == 8))
544 new_e_size_adjusted = (new_e_size + DUK_HOBJECT_ALIGN_TARGET - 1) & (~(DUK_HOBJECT_ALIGN_TARGET - 1));
545 DUK_DDD(DUK_DDDPRINT("using layout 1, and alignment target is %ld, adjusted e_size: %ld -> %ld",
546 (long) DUK_HOBJECT_ALIGN_TARGET, (long) new_e_size, (long) new_e_size_adjusted));
547 DUK_ASSERT(new_e_size_adjusted >= new_e_size);
548 #else
549 #error invalid hobject layout defines
550 #endif
551
552 /*
553 * Debug logging after adjustment.
554 */
555
556 DUK_DDD(DUK_DDDPRINT("attempt to resize hobject %p props (%ld -> %ld bytes), from {p=%p,e_size=%ld,e_next=%ld,a_size=%ld,h_size=%ld} to "
557 "{e_size=%ld,a_size=%ld,h_size=%ld}, abandon_array=%ld, unadjusted new_e_size=%ld",
558 (void *) obj,
559 (long) DUK_HOBJECT_P_COMPUTE_SIZE(DUK_HOBJECT_GET_ESIZE(obj),
560 DUK_HOBJECT_GET_ASIZE(obj),
561 DUK_HOBJECT_GET_HSIZE(obj)),
562 (long) DUK_HOBJECT_P_COMPUTE_SIZE(new_e_size_adjusted, new_a_size, new_h_size),
563 (void *) DUK_HOBJECT_GET_PROPS(thr->heap, obj),
564 (long) DUK_HOBJECT_GET_ESIZE(obj),
565 (long) DUK_HOBJECT_GET_ENEXT(obj),
566 (long) DUK_HOBJECT_GET_ASIZE(obj),
567 (long) DUK_HOBJECT_GET_HSIZE(obj),
568 (long) new_e_size_adjusted,
569 (long) new_a_size,
570 (long) new_h_size,
571 (long) abandon_array,
572 (long) new_e_size));
573
574 /*
575 * Property count check. This is the only point where we ensure that
576 * we don't get more (allocated) property space that we can handle.
577 * There aren't hard limits as such, but some algorithms fail (e.g.
578 * finding next higher prime, selecting hash part size) if we get too
579 * close to the 4G property limit.
580 *
581 * Since this works based on allocation size (not actually used size),
582 * the limit is a bit approximate but good enough in practice.
583 */
584
585 if (new_e_size_adjusted + new_a_size > DUK_HOBJECT_MAX_PROPERTIES) {
586 DUK_ERROR_ALLOC_DEFMSG(thr);
587 }
588
589 /*
590 * Compute new alloc size and alloc new area.
591 *
592 * The new area is allocated as a dynamic buffer and placed into the
593 * valstack for reachability. The actual buffer is then detached at
594 * the end.
595 *
596 * Note: heap_mark_and_sweep_base_flags are altered here to ensure
597 * no-one touches this object while we're resizing and rehashing it.
598 * The flags must be reset on every exit path after it. Finalizers
599 * and compaction is prevented currently for all objects while it
600 * would be enough to restrict it only for the current object.
601 */
602
603 #ifdef DUK_USE_MARK_AND_SWEEP
604 prev_mark_and_sweep_base_flags = thr->heap->mark_and_sweep_base_flags;
605 thr->heap->mark_and_sweep_base_flags |=
606 DUK_MS_FLAG_NO_FINALIZERS | /* avoid attempts to add/remove object keys */
607 DUK_MS_FLAG_NO_OBJECT_COMPACTION; /* avoid attempt to compact the current object */
608 #endif
609
610 new_alloc_size = DUK_HOBJECT_P_COMPUTE_SIZE(new_e_size_adjusted, new_a_size, new_h_size);
611 DUK_DDD(DUK_DDDPRINT("new hobject allocation size is %ld", (long) new_alloc_size));
612 if (new_alloc_size == 0) {
613 /* for zero size, don't push anything on valstack */
614 DUK_ASSERT(new_e_size_adjusted == 0);
615 DUK_ASSERT(new_a_size == 0);
616 DUK_ASSERT(new_h_size == 0);
617 new_p = NULL;
618 } else {
619 /* This may trigger mark-and-sweep with arbitrary side effects,
620 * including an attempted resize of the object we're resizing,
621 * executing a finalizer which may add or remove properties of
622 * the object we're resizing etc.
623 */
624
625 /* Note: buffer is dynamic so that we can 'steal' the actual
626 * allocation later.
627 */
628
629 new_p = (duk_uint8_t *) duk_push_dynamic_buffer(ctx, new_alloc_size); /* errors out if out of memory */
630 DUK_ASSERT(new_p != NULL); /* since new_alloc_size > 0 */
631 }
632
633 /* Set up pointers to the new property area: this is hidden behind a macro
634 * because it is memory layout specific.
635 */
636 DUK_HOBJECT_P_SET_REALLOC_PTRS(new_p, new_e_k, new_e_pv, new_e_f, new_a, new_h,
637 new_e_size_adjusted, new_a_size, new_h_size);
638 DUK_UNREF(new_h); /* happens when hash part dropped */
639 new_e_next = 0;
640
641 /* if new_p == NULL, all of these pointers are NULL */
642 DUK_ASSERT((new_p != NULL) ||
643 (new_e_k == NULL && new_e_pv == NULL && new_e_f == NULL &&
644 new_a == NULL && new_h == NULL));
645
646 DUK_DDD(DUK_DDDPRINT("new alloc size %ld, new_e_k=%p, new_e_pv=%p, new_e_f=%p, new_a=%p, new_h=%p",
647 (long) new_alloc_size, (void *) new_e_k, (void *) new_e_pv, (void *) new_e_f,
648 (void *) new_a, (void *) new_h));
649
650 /*
651 * Migrate array to start of entries if requested.
652 *
653 * Note: from an enumeration perspective the order of entry keys matters.
654 * Array keys should appear wherever they appeared before the array abandon
655 * operation.
656 */
657
658 if (abandon_array) {
659 /*
660 * Note: assuming new_a_size == 0, and that entry part contains
661 * no conflicting keys, refcounts do not need to be adjusted for
662 * the values, as they remain exactly the same.
663 *
664 * The keys, however, need to be interned, incref'd, and be
665 * reachable for GC. Any intern attempt may trigger a GC and
666 * claim any non-reachable strings, so every key must be reachable
667 * at all times.
668 *
669 * A longjmp must not occur here, as the new_p allocation would
670 * be freed without these keys being decref'd, hence the messy
671 * decref handling if intern fails.
672 */
673 DUK_ASSERT(new_a_size == 0);
674
675 for (i = 0; i < DUK_HOBJECT_GET_ASIZE(obj); i++) {
676 duk_tval *tv1;
677 duk_tval *tv2;
678 duk_hstring *key;
679
680 DUK_ASSERT(DUK_HOBJECT_GET_PROPS(thr->heap, obj) != NULL);
681
682 tv1 = DUK_HOBJECT_A_GET_VALUE_PTR(thr->heap, obj, i);
683 if (DUK_TVAL_IS_UNUSED(tv1)) {
684 continue;
685 }
686
687 DUK_ASSERT(new_p != NULL && new_e_k != NULL &&
688 new_e_pv != NULL && new_e_f != NULL);
689
690 /*
691 * Intern key via the valstack to ensure reachability behaves
692 * properly. We must avoid longjmp's here so use non-checked
693 * primitives.
694 *
695 * Note: duk_check_stack() potentially reallocs the valstack,
696 * invalidating any duk_tval pointers to valstack. Callers
697 * must be careful.
698 */
699
700 /* never shrinks; auto-adds DUK_VALSTACK_INTERNAL_EXTRA, which is generous */
701 if (!duk_check_stack(ctx, 1)) {
702 goto abandon_error;
703 }
704 DUK_ASSERT_VALSTACK_SPACE(thr, 1);
705 key = duk_heap_string_intern_u32(thr->heap, i);
706 if (!key) {
707 goto abandon_error;
708 }
709 duk_push_hstring(ctx, key); /* keep key reachable for GC etc; guaranteed not to fail */
710
711 /* key is now reachable in the valstack */
712
713 DUK_HSTRING_INCREF(thr, key); /* second incref for the entry reference */
714 new_e_k[new_e_next] = key;
715 tv2 = &new_e_pv[new_e_next].v; /* array entries are all plain values */
716 DUK_TVAL_SET_TVAL(tv2, tv1);
717 new_e_f[new_e_next] = DUK_PROPDESC_FLAG_WRITABLE |
718 DUK_PROPDESC_FLAG_ENUMERABLE |
719 DUK_PROPDESC_FLAG_CONFIGURABLE;
720 new_e_next++;
721
722 /* Note: new_e_next matches pushed temp key count, and nothing can
723 * fail above between the push and this point.
724 */
725 }
726
727 DUK_DDD(DUK_DDDPRINT("abandon array: pop %ld key temps from valstack", (long) new_e_next));
728 duk_pop_n(ctx, new_e_next);
729 }
730
731 /*
732 * Copy keys and values in the entry part (compacting them at the same time).
733 */
734
735 for (i = 0; i < DUK_HOBJECT_GET_ENEXT(obj); i++) {
736 duk_hstring *key;
737
738 DUK_ASSERT(DUK_HOBJECT_GET_PROPS(thr->heap, obj) != NULL);
739
740 key = DUK_HOBJECT_E_GET_KEY(thr->heap, obj, i);
741 if (!key) {
742 continue;
743 }
744
745 DUK_ASSERT(new_p != NULL && new_e_k != NULL &&
746 new_e_pv != NULL && new_e_f != NULL);
747
748 new_e_k[new_e_next] = key;
749 new_e_pv[new_e_next] = DUK_HOBJECT_E_GET_VALUE(thr->heap, obj, i);
750 new_e_f[new_e_next] = DUK_HOBJECT_E_GET_FLAGS(thr->heap, obj, i);
751 new_e_next++;
752 }
753 /* the entries [new_e_next, new_e_size_adjusted[ are left uninitialized on purpose (ok, not gc reachable) */
754
755 /*
756 * Copy array elements to new array part.
757 */
758
759 if (new_a_size > DUK_HOBJECT_GET_ASIZE(obj)) {
760 /* copy existing entries as is */
761 DUK_ASSERT(new_p != NULL && new_a != NULL);
762 if (DUK_HOBJECT_GET_ASIZE(obj) > 0) {
763 /* Avoid zero copy with an invalid pointer. If obj->p is NULL,
764 * the 'new_a' pointer will be invalid which is not allowed even
765 * when copy size is zero.
766 */
767 DUK_ASSERT(DUK_HOBJECT_GET_PROPS(thr->heap, obj) != NULL);
768 DUK_ASSERT(DUK_HOBJECT_GET_ASIZE(obj) > 0);
769 DUK_MEMCPY((void *) new_a, (void *) DUK_HOBJECT_A_GET_BASE(thr->heap, obj), sizeof(duk_tval) * DUK_HOBJECT_GET_ASIZE(obj));
770 }
771
772 /* fill new entries with -unused- (required, gc reachable) */
773 for (i = DUK_HOBJECT_GET_ASIZE(obj); i < new_a_size; i++) {
774 duk_tval *tv = &new_a[i];
775 DUK_TVAL_SET_UNUSED(tv);
776 }
777 } else {
778 #ifdef DUK_USE_ASSERTIONS
779 /* caller must have decref'd values above new_a_size (if that is necessary) */
780 if (!abandon_array) {
781 for (i = new_a_size; i < DUK_HOBJECT_GET_ASIZE(obj); i++) {
782 duk_tval *tv;
783 tv = DUK_HOBJECT_A_GET_VALUE_PTR(thr->heap, obj, i);
784
785 /* current assertion is quite strong: decref's and set to unused */
786 DUK_ASSERT(DUK_TVAL_IS_UNUSED(tv));
787 }
788 }
789 #endif
790 if (new_a_size > 0) {
791 /* Avoid zero copy with an invalid pointer. If obj->p is NULL,
792 * the 'new_a' pointer will be invalid which is not allowed even
793 * when copy size is zero.
794 */
795 DUK_ASSERT(DUK_HOBJECT_GET_PROPS(thr->heap, obj) != NULL);
796 DUK_ASSERT(new_a_size > 0);
797 DUK_MEMCPY((void *) new_a, (void *) DUK_HOBJECT_A_GET_BASE(thr->heap, obj), sizeof(duk_tval) * new_a_size);
798 }
799 }
800
801 /*
802 * Rebuild the hash part always from scratch (guaranteed to finish).
803 *
804 * Any resize of hash part requires rehashing. In addition, by rehashing
805 * get rid of any elements marked deleted (DUK__HASH_DELETED) which is critical
806 * to ensuring the hash part never fills up.
807 */
808
809 #if defined(DUK_USE_HOBJECT_HASH_PART)
810 if (DUK_UNLIKELY(new_h_size > 0)) {
811 DUK_ASSERT(new_h != NULL);
812
813 /* fill new_h with u32 0xff = UNUSED */
814 DUK_ASSERT(DUK_HOBJECT_GET_PROPS(thr->heap, obj) != NULL);
815 DUK_ASSERT(new_h_size > 0);
816 DUK_MEMSET(new_h, 0xff, sizeof(duk_uint32_t) * new_h_size);
817
818 DUK_ASSERT(new_e_next <= new_h_size); /* equality not actually possible */
819 for (i = 0; i < new_e_next; i++) {
820 duk_hstring *key = new_e_k[i];
821 duk_uint32_t j, step;
822
823 DUK_ASSERT(key != NULL);
824 j = DUK__HASH_INITIAL(DUK_HSTRING_GET_HASH(key), new_h_size);
825 step = DUK__HASH_PROBE_STEP(DUK_HSTRING_GET_HASH(key));
826
827 for (;;) {
828 DUK_ASSERT(new_h[j] != DUK__HASH_DELETED); /* should never happen */
829 if (new_h[j] == DUK__HASH_UNUSED) {
830 DUK_DDD(DUK_DDDPRINT("rebuild hit %ld -> %ld", (long) j, (long) i));
831 new_h[j] = i;
832 break;
833 }
834 DUK_DDD(DUK_DDDPRINT("rebuild miss %ld, step %ld", (long) j, (long) step));
835 j = (j + step) % new_h_size;
836
837 /* guaranteed to finish */
838 DUK_ASSERT(j != (duk_uint32_t) DUK__HASH_INITIAL(DUK_HSTRING_GET_HASH(key), new_h_size));
839 }
840 }
841 } else {
842 DUK_DDD(DUK_DDDPRINT("no hash part, no rehash"));
843 }
844 #endif /* DUK_USE_HOBJECT_HASH_PART */
845
846 /*
847 * Nice debug log.
848 */
849
850 DUK_DD(DUK_DDPRINT("resized hobject %p props (%ld -> %ld bytes), from {p=%p,e_size=%ld,e_next=%ld,a_size=%ld,h_size=%ld} to "
851 "{p=%p,e_size=%ld,e_next=%ld,a_size=%ld,h_size=%ld}, abandon_array=%ld, unadjusted new_e_size=%ld",
852 (void *) obj,
853 (long) DUK_HOBJECT_P_COMPUTE_SIZE(DUK_HOBJECT_GET_ESIZE(obj),
854 DUK_HOBJECT_GET_ASIZE(obj),
855 DUK_HOBJECT_GET_HSIZE(obj)),
856 (long) new_alloc_size,
857 (void *) DUK_HOBJECT_GET_PROPS(thr->heap, obj),
858 (long) DUK_HOBJECT_GET_ESIZE(obj),
859 (long) DUK_HOBJECT_GET_ENEXT(obj),
860 (long) DUK_HOBJECT_GET_ASIZE(obj),
861 (long) DUK_HOBJECT_GET_HSIZE(obj),
862 (void *) new_p,
863 (long) new_e_size_adjusted,
864 (long) new_e_next,
865 (long) new_a_size,
866 (long) new_h_size,
867 (long) abandon_array,
868 (long) new_e_size));
869
870 /*
871 * All done, switch properties ('p') allocation to new one.
872 */
873
874 DUK_FREE(thr->heap, DUK_HOBJECT_GET_PROPS(thr->heap, obj)); /* NULL obj->p is OK */
875 DUK_HOBJECT_SET_PROPS(thr->heap, obj, new_p);
876 DUK_HOBJECT_SET_ESIZE(obj, new_e_size_adjusted);
877 DUK_HOBJECT_SET_ENEXT(obj, new_e_next);
878 DUK_HOBJECT_SET_ASIZE(obj, new_a_size);
879 DUK_HOBJECT_SET_HSIZE(obj, new_h_size);
880
881 if (new_p) {
882 /*
883 * Detach actual buffer from dynamic buffer in valstack, and
884 * pop it from the stack.
885 *
886 * XXX: the buffer object is certainly not reachable at this point,
887 * so it would be nice to free it forcibly even with only
888 * mark-and-sweep enabled. Not a big issue though.
889 */
890 (void) duk_steal_buffer(ctx, -1, NULL);
891 duk_pop(ctx);
892 } else {
893 DUK_ASSERT(new_alloc_size == 0);
894 /* no need to pop, nothing was pushed */
895 }
896
897 /* clear array part flag only after switching */
898 if (abandon_array) {
899 DUK_HOBJECT_CLEAR_ARRAY_PART(obj);
900 }
901
902 DUK_DDD(DUK_DDDPRINT("resize result: %!O", (duk_heaphdr *) obj));
903
904 #ifdef DUK_USE_MARK_AND_SWEEP
905 thr->heap->mark_and_sweep_base_flags = prev_mark_and_sweep_base_flags;
906 #endif
907
908 /*
909 * Post resize assertions.
910 */
911
912 #ifdef DUK_USE_ASSERTIONS
913 /* XXX: post-checks (such as no duplicate keys) */
914 #endif
915 return;
916
917 /*
918 * Abandon array failed, need to decref keys already inserted
919 * into the beginning of new_e_k before unwinding valstack.
920 */
921
922 abandon_error:
923 DUK_D(DUK_DPRINT("hobject resize failed during abandon array, decref keys"));
924 i = new_e_next;
925 while (i > 0) {
926 i--;
927 DUK_ASSERT(new_e_k != NULL);
928 DUK_ASSERT(new_e_k[i] != NULL);
929 DUK_HSTRING_DECREF(thr, new_e_k[i]); /* side effects */
930 }
931
932 #ifdef DUK_USE_MARK_AND_SWEEP
933 thr->heap->mark_and_sweep_base_flags = prev_mark_and_sweep_base_flags;
934 #endif
935
936 DUK_ERROR_ALLOC_DEFMSG(thr);
937 }
938
939 /*
940 * Helpers to resize properties allocation on specific needs.
941 */
942
943 /* Grow entry part allocation for one additional entry. */
944 DUK_LOCAL void duk__grow_props_for_new_entry_item(duk_hthread *thr, duk_hobject *obj) {
945 duk_uint32_t old_e_used; /* actually used, non-NULL entries */
946 duk_uint32_t new_e_size;
947 duk_uint32_t new_a_size;
948 duk_uint32_t new_h_size;
949
950 DUK_ASSERT(thr != NULL);
951 DUK_ASSERT(obj != NULL);
952
953 /* Duktape 0.11.0 and prior tried to optimize the resize by not
954 * counting the number of actually used keys prior to the resize.
955 * This worked mostly well but also caused weird leak-like behavior
956 * as in: test-bug-object-prop-alloc-unbounded.js. So, now we count
957 * the keys explicitly to compute the new entry part size.
958 */
959
960 old_e_used = duk__count_used_e_keys(thr, obj);
961 new_e_size = old_e_used + duk__get_min_grow_e(old_e_used);
962 #if defined(DUK_USE_HOBJECT_HASH_PART)
963 new_h_size = duk__get_default_h_size(new_e_size);
964 #else
965 new_h_size = 0;
966 #endif
967 new_a_size = DUK_HOBJECT_GET_ASIZE(obj);
968 DUK_ASSERT(new_e_size >= old_e_used + 1); /* duk__get_min_grow_e() is always >= 1 */
969
970 duk__realloc_props(thr, obj, new_e_size, new_a_size, new_h_size, 0);
971 }
972
973 /* Grow array part for a new highest array index. */
974 DUK_LOCAL void duk__grow_props_for_array_item(duk_hthread *thr, duk_hobject *obj, duk_uint32_t highest_arr_idx) {
975 duk_uint32_t new_e_size;
976 duk_uint32_t new_a_size;
977 duk_uint32_t new_h_size;
978
979 DUK_ASSERT(thr != NULL);
980 DUK_ASSERT(obj != NULL);
981 DUK_ASSERT(highest_arr_idx >= DUK_HOBJECT_GET_ASIZE(obj));
982
983 /* minimum new length is highest_arr_idx + 1 */
984
985 new_e_size = DUK_HOBJECT_GET_ESIZE(obj);
986 new_h_size = DUK_HOBJECT_GET_HSIZE(obj);
987 new_a_size = highest_arr_idx + duk__get_min_grow_a(highest_arr_idx);
988 DUK_ASSERT(new_a_size >= highest_arr_idx + 1); /* duk__get_min_grow_a() is always >= 1 */
989
990 duk__realloc_props(thr, obj, new_e_size, new_a_size, new_h_size, 0);
991 }
992
993 /* Abandon array part, moving array entries into entries part.
994 * This requires a props resize, which is a heavy operation.
995 * We also compact the entries part while we're at it, although
996 * this is not strictly required.
997 */
998 DUK_LOCAL void duk__abandon_array_checked(duk_hthread *thr, duk_hobject *obj) {
999 duk_uint32_t new_e_size;
1000 duk_uint32_t new_a_size;
1001 duk_uint32_t new_h_size;
1002 duk_uint32_t e_used; /* actually used, non-NULL keys */
1003 duk_uint32_t a_used;
1004 duk_uint32_t a_size;
1005
1006 DUK_ASSERT(thr != NULL);
1007 DUK_ASSERT(obj != NULL);
1008
1009 e_used = duk__count_used_e_keys(thr, obj);
1010 duk__compute_a_stats(thr, obj, &a_used, &a_size);
1011
1012 /*
1013 * Must guarantee all actually used array entries will fit into
1014 * new entry part. Add one growth step to ensure we don't run out
1015 * of space right away.
1016 */
1017
1018 new_e_size = e_used + a_used;
1019 new_e_size = new_e_size + duk__get_min_grow_e(new_e_size);
1020 new_a_size = 0;
1021 #if defined(DUK_USE_HOBJECT_HASH_PART)
1022 new_h_size = duk__get_default_h_size(new_e_size);
1023 #else
1024 new_h_size = 0;
1025 #endif
1026
1027 DUK_DD(DUK_DDPRINT("abandon array part for hobject %p, "
1028 "array stats before: e_used=%ld, a_used=%ld, a_size=%ld; "
1029 "resize to e_size=%ld, a_size=%ld, h_size=%ld",
1030 (void *) obj, (long) e_used, (long) a_used, (long) a_size,
1031 (long) new_e_size, (long) new_a_size, (long) new_h_size));
1032
1033 duk__realloc_props(thr, obj, new_e_size, new_a_size, new_h_size, 1);
1034 }
1035
1036 /*
1037 * Compact an object. Minimizes allocation size for objects which are
1038 * not likely to be extended. This is useful for internal and non-
1039 * extensible objects, but can also be called for non-extensible objects.
1040 * May abandon the array part if it is computed to be too sparse.
1041 *
1042 * This call is relatively expensive, as it needs to scan both the
1043 * entries and the array part.
1044 *
1045 * The call may fail due to allocation error.
1046 */
1047
1048 DUK_INTERNAL void duk_hobject_compact_props(duk_hthread *thr, duk_hobject *obj) {
1049 duk_uint32_t e_size; /* currently used -> new size */
1050 duk_uint32_t a_size; /* currently required */
1051 duk_uint32_t a_used; /* actually used */
1052 duk_uint32_t h_size;
1053 duk_bool_t abandon_array;
1054
1055 DUK_ASSERT(thr != NULL);
1056 DUK_ASSERT(obj != NULL);
1057
1058 #if defined(DUK_USE_ROM_OBJECTS)
1059 if (DUK_HEAPHDR_HAS_READONLY((duk_heaphdr *) obj)) {
1060 DUK_DD(DUK_DDPRINT("ignore attempt to compact a rom object"));
1061 return;
1062 }
1063 #endif
1064
1065 e_size = duk__count_used_e_keys(thr, obj);
1066 duk__compute_a_stats(thr, obj, &a_used, &a_size);
1067
1068 DUK_DD(DUK_DDPRINT("compacting hobject, used e keys %ld, used a keys %ld, min a size %ld, "
1069 "resized array density would be: %ld/%ld = %lf",
1070 (long) e_size, (long) a_used, (long) a_size,
1071 (long) a_used, (long) a_size,
1072 (double) a_used / (double) a_size));
1073
1074 if (duk__abandon_array_density_check(a_used, a_size)) {
1075 DUK_DD(DUK_DDPRINT("decided to abandon array during compaction, a_used=%ld, a_size=%ld",
1076 (long) a_used, (long) a_size));
1077 abandon_array = 1;
1078 e_size += a_used;
1079 a_size = 0;
1080 } else {
1081 DUK_DD(DUK_DDPRINT("decided to keep array during compaction"));
1082 abandon_array = 0;
1083 }
1084
1085 #if defined(DUK_USE_HOBJECT_HASH_PART)
1086 if (e_size >= DUK_HOBJECT_E_USE_HASH_LIMIT) {
1087 h_size = duk__get_default_h_size(e_size);
1088 } else {
1089 h_size = 0;
1090 }
1091 #else
1092 h_size = 0;
1093 #endif
1094
1095 DUK_DD(DUK_DDPRINT("compacting hobject -> new e_size %ld, new a_size=%ld, new h_size=%ld, abandon_array=%ld",
1096 (long) e_size, (long) a_size, (long) h_size, (long) abandon_array));
1097
1098 duk__realloc_props(thr, obj, e_size, a_size, h_size, abandon_array);
1099 }
1100
1101 /*
1102 * Find an existing key from entry part either by linear scan or by
1103 * using the hash index (if it exists).
1104 *
1105 * Sets entry index (and possibly the hash index) to output variables,
1106 * which allows the caller to update the entry and hash entries in-place.
1107 * If entry is not found, both values are set to -1. If entry is found
1108 * but there is no hash part, h_idx is set to -1.
1109 */
1110
1111 DUK_INTERNAL void duk_hobject_find_existing_entry(duk_heap *heap, duk_hobject *obj, duk_hstring *key, duk_int_t *e_idx, duk_int_t *h_idx) {
1112 DUK_ASSERT(obj != NULL);
1113 DUK_ASSERT(key != NULL);
1114 DUK_ASSERT(e_idx != NULL);
1115 DUK_ASSERT(h_idx != NULL);
1116 DUK_UNREF(heap);
1117
1118 if (DUK_LIKELY(DUK_HOBJECT_GET_HSIZE(obj) == 0))
1119 {
1120 /* Linear scan: more likely because most objects are small.
1121 * This is an important fast path.
1122 *
1123 * XXX: this might be worth inlining for property lookups.
1124 */
1125 duk_uint_fast32_t i;
1126 duk_uint_fast32_t n;
1127 duk_hstring **h_keys_base;
1128 DUK_DDD(DUK_DDDPRINT("duk_hobject_find_existing_entry() using linear scan for lookup"));
1129
1130 h_keys_base = DUK_HOBJECT_E_GET_KEY_BASE(heap, obj);
1131 n = DUK_HOBJECT_GET_ENEXT(obj);
1132 for (i = 0; i < n; i++) {
1133 if (h_keys_base[i] == key) {
1134 *e_idx = i;
1135 *h_idx = -1;
1136 return;
1137 }
1138 }
1139 }
1140 #if defined(DUK_USE_HOBJECT_HASH_PART)
1141 else
1142 {
1143 /* hash lookup */
1144 duk_uint32_t n;
1145 duk_uint32_t i, step;
1146 duk_uint32_t *h_base;
1147
1148 DUK_DDD(DUK_DDDPRINT("duk_hobject_find_existing_entry() using hash part for lookup"));
1149
1150 h_base = DUK_HOBJECT_H_GET_BASE(heap, obj);
1151 n = DUK_HOBJECT_GET_HSIZE(obj);
1152 i = DUK__HASH_INITIAL(DUK_HSTRING_GET_HASH(key), n);
1153 step = DUK__HASH_PROBE_STEP(DUK_HSTRING_GET_HASH(key));
1154
1155 for (;;) {
1156 duk_uint32_t t;
1157
1158 DUK_ASSERT_DISABLE(i >= 0); /* unsigned */
1159 DUK_ASSERT(i < DUK_HOBJECT_GET_HSIZE(obj));
1160 t = h_base[i];
1161 DUK_ASSERT(t == DUK__HASH_UNUSED || t == DUK__HASH_DELETED ||
1162 (t < DUK_HOBJECT_GET_ESIZE(obj))); /* t >= 0 always true, unsigned */
1163
1164 if (t == DUK__HASH_UNUSED) {
1165 break;
1166 } else if (t == DUK__HASH_DELETED) {
1167 DUK_DDD(DUK_DDDPRINT("lookup miss (deleted) i=%ld, t=%ld",
1168 (long) i, (long) t));
1169 } else {
1170 DUK_ASSERT(t < DUK_HOBJECT_GET_ESIZE(obj));
1171 if (DUK_HOBJECT_E_GET_KEY(heap, obj, t) == key) {
1172 DUK_DDD(DUK_DDDPRINT("lookup hit i=%ld, t=%ld -> key %p",
1173 (long) i, (long) t, (void *) key));
1174 *e_idx = t;
1175 *h_idx = i;
1176 return;
1177 }
1178 DUK_DDD(DUK_DDDPRINT("lookup miss i=%ld, t=%ld",
1179 (long) i, (long) t));
1180 }
1181 i = (i + step) % n;
1182
1183 /* guaranteed to finish, as hash is never full */
1184 DUK_ASSERT(i != (duk_uint32_t) DUK__HASH_INITIAL(DUK_HSTRING_GET_HASH(key), n));
1185 }
1186 }
1187 #endif /* DUK_USE_HOBJECT_HASH_PART */
1188
1189 /* not found */
1190 *e_idx = -1;
1191 *h_idx = -1;
1192 }
1193
1194 /* For internal use: get non-accessor entry value */
1195 DUK_INTERNAL duk_tval *duk_hobject_find_existing_entry_tval_ptr(duk_heap *heap, duk_hobject *obj, duk_hstring *key) {
1196 duk_int_t e_idx;
1197 duk_int_t h_idx;
1198
1199 DUK_ASSERT(obj != NULL);
1200 DUK_ASSERT(key != NULL);
1201 DUK_UNREF(heap);
1202
1203 duk_hobject_find_existing_entry(heap, obj, key, &e_idx, &h_idx);
1204 if (e_idx >= 0 && !DUK_HOBJECT_E_SLOT_IS_ACCESSOR(heap, obj, e_idx)) {
1205 return DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(heap, obj, e_idx);
1206 } else {
1207 return NULL;
1208 }
1209 }
1210
1211 /* For internal use: get non-accessor entry value and attributes */
1212 DUK_INTERNAL duk_tval *duk_hobject_find_existing_entry_tval_ptr_and_attrs(duk_heap *heap, duk_hobject *obj, duk_hstring *key, duk_int_t *out_attrs) {
1213 duk_int_t e_idx;
1214 duk_int_t h_idx;
1215
1216 DUK_ASSERT(obj != NULL);
1217 DUK_ASSERT(key != NULL);
1218 DUK_ASSERT(out_attrs != NULL);
1219 DUK_UNREF(heap);
1220
1221 duk_hobject_find_existing_entry(heap, obj, key, &e_idx, &h_idx);
1222 if (e_idx >= 0 && !DUK_HOBJECT_E_SLOT_IS_ACCESSOR(heap, obj, e_idx)) {
1223 *out_attrs = DUK_HOBJECT_E_GET_FLAGS(heap, obj, e_idx);
1224 return DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(heap, obj, e_idx);
1225 } else {
1226 *out_attrs = 0;
1227 return NULL;
1228 }
1229 }
1230
1231 /* For internal use: get array part value */
1232 DUK_INTERNAL duk_tval *duk_hobject_find_existing_array_entry_tval_ptr(duk_heap *heap, duk_hobject *obj, duk_uarridx_t i) {
1233 duk_tval *tv;
1234
1235 DUK_ASSERT(obj != NULL);
1236 DUK_UNREF(heap);
1237
1238 if (!DUK_HOBJECT_HAS_ARRAY_PART(obj)) {
1239 return NULL;
1240 }
1241 if (i >= DUK_HOBJECT_GET_ASIZE(obj)) {
1242 return NULL;
1243 }
1244 tv = DUK_HOBJECT_A_GET_VALUE_PTR(heap, obj, i);
1245 return tv;
1246 }
1247
1248 /*
1249 * Allocate and initialize a new entry, resizing the properties allocation
1250 * if necessary. Returns entry index (e_idx) or throws an error if alloc fails.
1251 *
1252 * Sets the key of the entry (increasing the key's refcount), and updates
1253 * the hash part if it exists. Caller must set value and flags, and update
1254 * the entry value refcount. A decref for the previous value is not necessary.
1255 */
1256
1257 DUK_LOCAL duk_bool_t duk__alloc_entry_checked(duk_hthread *thr, duk_hobject *obj, duk_hstring *key) {
1258 duk_uint32_t idx;
1259
1260 DUK_ASSERT(thr != NULL);
1261 DUK_ASSERT(obj != NULL);
1262 DUK_ASSERT(key != NULL);
1263 DUK_ASSERT(DUK_HOBJECT_GET_ENEXT(obj) <= DUK_HOBJECT_GET_ESIZE(obj));
1264
1265 #ifdef DUK_USE_ASSERTIONS
1266 /* key must not already exist in entry part */
1267 {
1268 duk_uint_fast32_t i;
1269 for (i = 0; i < DUK_HOBJECT_GET_ENEXT(obj); i++) {
1270 DUK_ASSERT(DUK_HOBJECT_E_GET_KEY(thr->heap, obj, i) != key);
1271 }
1272 }
1273 #endif
1274
1275 if (DUK_HOBJECT_GET_ENEXT(obj) >= DUK_HOBJECT_GET_ESIZE(obj)) {
1276 /* only need to guarantee 1 more slot, but allocation growth is in chunks */
1277 DUK_DDD(DUK_DDDPRINT("entry part full, allocate space for one more entry"));
1278 duk__grow_props_for_new_entry_item(thr, obj);
1279 }
1280 DUK_ASSERT(DUK_HOBJECT_GET_ENEXT(obj) < DUK_HOBJECT_GET_ESIZE(obj));
1281 idx = DUK_HOBJECT_POSTINC_ENEXT(obj);
1282
1283 /* previous value is assumed to be garbage, so don't touch it */
1284 DUK_HOBJECT_E_SET_KEY(thr->heap, obj, idx, key);
1285 DUK_HSTRING_INCREF(thr, key);
1286
1287 #if defined(DUK_USE_HOBJECT_HASH_PART)
1288 if (DUK_UNLIKELY(DUK_HOBJECT_GET_HSIZE(obj) > 0)) {
1289 duk_uint32_t n;
1290 duk_uint32_t i, step;
1291 duk_uint32_t *h_base = DUK_HOBJECT_H_GET_BASE(thr->heap, obj);
1292
1293 n = DUK_HOBJECT_GET_HSIZE(obj);
1294 i = DUK__HASH_INITIAL(DUK_HSTRING_GET_HASH(key), n);
1295 step = DUK__HASH_PROBE_STEP(DUK_HSTRING_GET_HASH(key));
1296
1297 for (;;) {
1298 duk_uint32_t t = h_base[i];
1299 if (t == DUK__HASH_UNUSED || t == DUK__HASH_DELETED) {
1300 DUK_DDD(DUK_DDDPRINT("duk__alloc_entry_checked() inserted key into hash part, %ld -> %ld",
1301 (long) i, (long) idx));
1302 DUK_ASSERT_DISABLE(i >= 0); /* unsigned */
1303 DUK_ASSERT(i < DUK_HOBJECT_GET_HSIZE(obj));
1304 DUK_ASSERT_DISABLE(idx >= 0);
1305 DUK_ASSERT(idx < DUK_HOBJECT_GET_ESIZE(obj));
1306 h_base[i] = idx;
1307 break;
1308 }
1309 DUK_DDD(DUK_DDDPRINT("duk__alloc_entry_checked() miss %ld", (long) i));
1310 i = (i + step) % n;
1311
1312 /* guaranteed to find an empty slot */
1313 DUK_ASSERT(i != (duk_uint32_t) DUK__HASH_INITIAL(DUK_HSTRING_GET_HASH(key), DUK_HOBJECT_GET_HSIZE(obj)));
1314 }
1315 }
1316 #endif /* DUK_USE_HOBJECT_HASH_PART */
1317
1318 /* Note: we could return the hash index here too, but it's not
1319 * needed right now.
1320 */
1321
1322 DUK_ASSERT_DISABLE(idx >= 0);
1323 DUK_ASSERT(idx < DUK_HOBJECT_GET_ESIZE(obj));
1324 DUK_ASSERT(idx < DUK_HOBJECT_GET_ENEXT(obj));
1325 return idx;
1326 }
1327
1328 /*
1329 * Object internal value
1330 *
1331 * Returned value is guaranteed to be reachable / incref'd, caller does not need
1332 * to incref OR decref. No proxies or accessors are invoked, no prototype walk.
1333 */
1334
1335 DUK_INTERNAL duk_bool_t duk_hobject_get_internal_value(duk_heap *heap, duk_hobject *obj, duk_tval *tv_out) {
1336 duk_int_t e_idx;
1337 duk_int_t h_idx;
1338
1339 DUK_ASSERT(heap != NULL);
1340 DUK_ASSERT(obj != NULL);
1341 DUK_ASSERT(tv_out != NULL);
1342
1343 /* always in entry part, no need to look up parents etc */
1344 duk_hobject_find_existing_entry(heap, obj, DUK_HEAP_STRING_INT_VALUE(heap), &e_idx, &h_idx);
1345 if (e_idx >= 0) {
1346 DUK_ASSERT(!DUK_HOBJECT_E_SLOT_IS_ACCESSOR(heap, obj, e_idx));
1347 DUK_TVAL_SET_TVAL(tv_out, DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(heap, obj, e_idx));
1348 return 1;
1349 }
1350 DUK_TVAL_SET_UNDEFINED(tv_out);
1351 return 0;
1352 }
1353
1354 DUK_INTERNAL duk_hstring *duk_hobject_get_internal_value_string(duk_heap *heap, duk_hobject *obj) {
1355 duk_tval tv;
1356
1357 DUK_ASSERT(heap != NULL);
1358 DUK_ASSERT(obj != NULL);
1359
1360 /* This is not strictly necessary, but avoids compiler warnings; e.g.
1361 * gcc won't reliably detect that no uninitialized data is read below.
1362 */
1363 DUK_MEMZERO((void *) &tv, sizeof(duk_tval));
1364
1365 if (duk_hobject_get_internal_value(heap, obj, &tv)) {
1366 duk_hstring *h;
1367 DUK_ASSERT(DUK_TVAL_IS_STRING(&tv));
1368 h = DUK_TVAL_GET_STRING(&tv);
1369 return h;
1370 }
1371
1372 return NULL;
1373 }
1374
1375 /*
1376 * Arguments handling helpers (argument map mainly).
1377 *
1378 * An arguments object has exotic behavior for some numeric indices.
1379 * Accesses may translate to identifier operations which may have
1380 * arbitrary side effects (potentially invalidating any duk_tval
1381 * pointers).
1382 */
1383
1384 /* Lookup 'key' from arguments internal 'map', perform a variable lookup
1385 * if mapped, and leave the result on top of stack (and return non-zero).
1386 * Used in E5 Section 10.6 algorithms [[Get]] and [[GetOwnProperty]].
1387 */
1388 DUK_LOCAL
1389 duk_bool_t duk__lookup_arguments_map(duk_hthread *thr,
1390 duk_hobject *obj,
1391 duk_hstring *key,
1392 duk_propdesc *temp_desc,
1393 duk_hobject **out_map,
1394 duk_hobject **out_varenv) {
1395 duk_context *ctx = (duk_context *) thr;
1396 duk_hobject *map;
1397 duk_hobject *varenv;
1398 duk_bool_t rc;
1399
1400 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
1401
1402 DUK_DDD(DUK_DDDPRINT("arguments map lookup: thr=%p, obj=%p, key=%p, temp_desc=%p "
1403 "(obj -> %!O, key -> %!O)",
1404 (void *) thr, (void *) obj, (void *) key, (void *) temp_desc,
1405 (duk_heaphdr *) obj, (duk_heaphdr *) key));
1406
1407 if (!duk_hobject_get_own_propdesc(thr, obj, DUK_HTHREAD_STRING_INT_MAP(thr), temp_desc, DUK_GETDESC_FLAG_PUSH_VALUE)) {
1408 DUK_DDD(DUK_DDDPRINT("-> no 'map'"));
1409 return 0;
1410 }
1411
1412 map = duk_require_hobject(ctx, -1);
1413 DUK_ASSERT(map != NULL);
1414 duk_pop(ctx); /* map is reachable through obj */
1415
1416 if (!duk_hobject_get_own_propdesc(thr, map, key, temp_desc, DUK_GETDESC_FLAG_PUSH_VALUE)) {
1417 DUK_DDD(DUK_DDDPRINT("-> 'map' exists, but key not in map"));
1418 return 0;
1419 }
1420
1421 /* [... varname] */
1422 DUK_DDD(DUK_DDDPRINT("-> 'map' exists, and contains key, key is mapped to argument/variable binding %!T",
1423 (duk_tval *) duk_get_tval(ctx, -1)));
1424 DUK_ASSERT(duk_is_string(ctx, -1)); /* guaranteed when building arguments */
1425
1426 /* get varenv for varname (callee's declarative lexical environment) */
1427 rc = duk_hobject_get_own_propdesc(thr, obj, DUK_HTHREAD_STRING_INT_VARENV(thr), temp_desc, DUK_GETDESC_FLAG_PUSH_VALUE);
1428 DUK_UNREF(rc);
1429 DUK_ASSERT(rc != 0); /* arguments MUST have an initialized lexical environment reference */
1430 varenv = duk_require_hobject(ctx, -1);
1431 DUK_ASSERT(varenv != NULL);
1432 duk_pop(ctx); /* varenv remains reachable through 'obj' */
1433
1434 DUK_DDD(DUK_DDDPRINT("arguments varenv is: %!dO", (duk_heaphdr *) varenv));
1435
1436 /* success: leave varname in stack */
1437 *out_map = map;
1438 *out_varenv = varenv;
1439 return 1; /* [... varname] */
1440 }
1441
1442 /* Lookup 'key' from arguments internal 'map', and leave replacement value
1443 * on stack top if mapped (and return non-zero).
1444 * Used in E5 Section 10.6 algorithm for [[GetOwnProperty]] (used by [[Get]]).
1445 */
1446 DUK_LOCAL duk_bool_t duk__check_arguments_map_for_get(duk_hthread *thr, duk_hobject *obj, duk_hstring *key, duk_propdesc *temp_desc) {
1447 duk_context *ctx = (duk_context *) thr;
1448 duk_hobject *map;
1449 duk_hobject *varenv;
1450 duk_hstring *varname;
1451
1452 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
1453
1454 if (!duk__lookup_arguments_map(thr, obj, key, temp_desc, &map, &varenv)) {
1455 DUK_DDD(DUK_DDDPRINT("arguments: key not mapped, no exotic get behavior"));
1456 return 0;
1457 }
1458
1459 /* [... varname] */
1460
1461 varname = duk_require_hstring(ctx, -1);
1462 DUK_ASSERT(varname != NULL);
1463 duk_pop(ctx); /* varname is still reachable */
1464
1465 DUK_DDD(DUK_DDDPRINT("arguments object automatic getvar for a bound variable; "
1466 "key=%!O, varname=%!O",
1467 (duk_heaphdr *) key,
1468 (duk_heaphdr *) varname));
1469
1470 (void) duk_js_getvar_envrec(thr, varenv, varname, 1 /*throw*/);
1471
1472 /* [... value this_binding] */
1473
1474 duk_pop(ctx);
1475
1476 /* leave result on stack top */
1477 return 1;
1478 }
1479
1480 /* Lookup 'key' from arguments internal 'map', perform a variable write if mapped.
1481 * Used in E5 Section 10.6 algorithm for [[DefineOwnProperty]] (used by [[Put]]).
1482 * Assumes stack top contains 'put' value (which is NOT popped).
1483 */
1484 DUK_LOCAL void duk__check_arguments_map_for_put(duk_hthread *thr, duk_hobject *obj, duk_hstring *key, duk_propdesc *temp_desc, duk_bool_t throw_flag) {
1485 duk_context *ctx = (duk_context *) thr;
1486 duk_hobject *map;
1487 duk_hobject *varenv;
1488 duk_hstring *varname;
1489
1490 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
1491
1492 if (!duk__lookup_arguments_map(thr, obj, key, temp_desc, &map, &varenv)) {
1493 DUK_DDD(DUK_DDDPRINT("arguments: key not mapped, no exotic put behavior"));
1494 return;
1495 }
1496
1497 /* [... put_value varname] */
1498
1499 varname = duk_require_hstring(ctx, -1);
1500 DUK_ASSERT(varname != NULL);
1501 duk_pop(ctx); /* varname is still reachable */
1502
1503 DUK_DDD(DUK_DDDPRINT("arguments object automatic putvar for a bound variable; "
1504 "key=%!O, varname=%!O, value=%!T",
1505 (duk_heaphdr *) key,
1506 (duk_heaphdr *) varname,
1507 (duk_tval *) duk_require_tval(ctx, -1)));
1508
1509 /* [... put_value] */
1510
1511 /*
1512 * Note: although arguments object variable mappings are only established
1513 * for non-strict functions (and a call to a non-strict function created
1514 * the arguments object in question), an inner strict function may be doing
1515 * the actual property write. Hence the throw_flag applied here comes from
1516 * the property write call.
1517 */
1518
1519 duk_js_putvar_envrec(thr, varenv, varname, duk_require_tval(ctx, -1), throw_flag);
1520
1521 /* [... put_value] */
1522 }
1523
1524 /* Lookup 'key' from arguments internal 'map', delete mapping if found.
1525 * Used in E5 Section 10.6 algorithm for [[Delete]]. Note that the
1526 * variable/argument itself (where the map points) is not deleted.
1527 */
1528 DUK_LOCAL void duk__check_arguments_map_for_delete(duk_hthread *thr, duk_hobject *obj, duk_hstring *key, duk_propdesc *temp_desc) {
1529 duk_context *ctx = (duk_context *) thr;
1530 duk_hobject *map;
1531
1532 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
1533
1534 if (!duk_hobject_get_own_propdesc(thr, obj, DUK_HTHREAD_STRING_INT_MAP(thr), temp_desc, DUK_GETDESC_FLAG_PUSH_VALUE)) {
1535 DUK_DDD(DUK_DDDPRINT("arguments: key not mapped, no exotic delete behavior"));
1536 return;
1537 }
1538
1539 map = duk_require_hobject(ctx, -1);
1540 DUK_ASSERT(map != NULL);
1541 duk_pop(ctx); /* map is reachable through obj */
1542
1543 DUK_DDD(DUK_DDDPRINT("-> have 'map', delete key %!O from map (if exists)); ignore result",
1544 (duk_heaphdr *) key));
1545
1546 /* Note: no recursion issue, we can trust 'map' to behave */
1547 DUK_ASSERT(!DUK_HOBJECT_HAS_EXOTIC_BEHAVIOR(map));
1548 DUK_DDD(DUK_DDDPRINT("map before deletion: %!O", (duk_heaphdr *) map));
1549 (void) duk_hobject_delprop_raw(thr, map, key, 0); /* ignore result */
1550 DUK_DDD(DUK_DDDPRINT("map after deletion: %!O", (duk_heaphdr *) map));
1551 }
1552
1553 /*
1554 * Ecmascript compliant [[GetOwnProperty]](P), for internal use only.
1555 *
1556 * If property is found:
1557 * - Fills descriptor fields to 'out_desc'
1558 * - If DUK_GETDESC_FLAG_PUSH_VALUE is set, pushes a value related to the
1559 * property onto the stack ('undefined' for accessor properties).
1560 * - Returns non-zero
1561 *
1562 * If property is not found:
1563 * - 'out_desc' is left in untouched state (possibly garbage)
1564 * - Nothing is pushed onto the stack (not even with DUK_GETDESC_FLAG_PUSH_VALUE
1565 * set)
1566 * - Returns zero
1567 *
1568 * Notes:
1569 *
1570 * - Getting a property descriptor may cause an allocation (and hence
1571 * GC) to take place, hence reachability and refcount of all related
1572 * values matter. Reallocation of value stack, properties, etc may
1573 * invalidate many duk_tval pointers (concretely, those which reside
1574 * in memory areas subject to reallocation). However, heap object
1575 * pointers are never affected (heap objects have stable pointers).
1576 *
1577 * - The value of a plain property is always reachable and has a non-zero
1578 * reference count.
1579 *
1580 * - The value of a virtual property is not necessarily reachable from
1581 * elsewhere and may have a refcount of zero. Hence we push it onto
1582 * the valstack for the caller, which ensures it remains reachable
1583 * while it is needed.
1584 *
1585 * - There are no virtual accessor properties. Hence, all getters and
1586 * setters are always related to concretely stored properties, which
1587 * ensures that the get/set functions in the resulting descriptor are
1588 * reachable and have non-zero refcounts. Should there be virtual
1589 * accessor properties later, this would need to change.
1590 */
1591
1592 DUK_LOCAL duk_bool_t duk__get_own_propdesc_raw(duk_hthread *thr, duk_hobject *obj, duk_hstring *key, duk_uint32_t arr_idx, duk_propdesc *out_desc, duk_small_uint_t flags) {
1593 duk_context *ctx = (duk_context *) thr;
1594 duk_tval *tv;
1595
1596 DUK_DDD(DUK_DDDPRINT("duk_hobject_get_own_propdesc: thr=%p, obj=%p, key=%p, out_desc=%p, flags=%lx, "
1597 "arr_idx=%ld (obj -> %!O, key -> %!O)",
1598 (void *) thr, (void *) obj, (void *) key, (void *) out_desc,
1599 (long) flags, (long) arr_idx,
1600 (duk_heaphdr *) obj, (duk_heaphdr *) key));
1601
1602 DUK_ASSERT(ctx != NULL);
1603 DUK_ASSERT(thr != NULL);
1604 DUK_ASSERT(thr->heap != NULL);
1605 DUK_ASSERT(obj != NULL);
1606 DUK_ASSERT(key != NULL);
1607 DUK_ASSERT(out_desc != NULL);
1608 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
1609
1610 /* XXX: optimize this filling behavior later */
1611 out_desc->flags = 0;
1612 out_desc->get = NULL;
1613 out_desc->set = NULL;
1614 out_desc->e_idx = -1;
1615 out_desc->h_idx = -1;
1616 out_desc->a_idx = -1;
1617
1618 /*
1619 * Array part
1620 */
1621
1622 if (DUK_HOBJECT_HAS_ARRAY_PART(obj) && arr_idx != DUK__NO_ARRAY_INDEX) {
1623 if (arr_idx < DUK_HOBJECT_GET_ASIZE(obj)) {
1624 tv = DUK_HOBJECT_A_GET_VALUE_PTR(thr->heap, obj, arr_idx);
1625 if (!DUK_TVAL_IS_UNUSED(tv)) {
1626 DUK_DDD(DUK_DDDPRINT("-> found in array part"));
1627 if (flags & DUK_GETDESC_FLAG_PUSH_VALUE) {
1628 duk_push_tval(ctx, tv);
1629 }
1630 /* implicit attributes */
1631 out_desc->flags = DUK_PROPDESC_FLAG_WRITABLE |
1632 DUK_PROPDESC_FLAG_CONFIGURABLE |
1633 DUK_PROPDESC_FLAG_ENUMERABLE;
1634 out_desc->a_idx = arr_idx;
1635 goto prop_found;
1636 }
1637 }
1638 /* assume array part is comprehensive (contains all array indexed elements
1639 * or none of them); hence no need to check the entries part here.
1640 */
1641 DUK_DDD(DUK_DDDPRINT("-> not found as a concrete property (has array part, "
1642 "should be there if present)"));
1643 goto prop_not_found_concrete;
1644 }
1645
1646 /*
1647 * Entries part
1648 */
1649
1650 duk_hobject_find_existing_entry(thr->heap, obj, key, &out_desc->e_idx, &out_desc->h_idx);
1651 if (out_desc->e_idx >= 0) {
1652 duk_int_t e_idx = out_desc->e_idx;
1653 out_desc->flags = DUK_HOBJECT_E_GET_FLAGS(thr->heap, obj, e_idx);
1654 if (out_desc->flags & DUK_PROPDESC_FLAG_ACCESSOR) {
1655 DUK_DDD(DUK_DDDPRINT("-> found accessor property in entry part"));
1656 out_desc->get = DUK_HOBJECT_E_GET_VALUE_GETTER(thr->heap, obj, e_idx);
1657 out_desc->set = DUK_HOBJECT_E_GET_VALUE_SETTER(thr->heap, obj, e_idx);
1658 if (flags & DUK_GETDESC_FLAG_PUSH_VALUE) {
1659 /* a dummy undefined value is pushed to make valstack
1660 * behavior uniform for caller
1661 */
1662 duk_push_undefined(ctx);
1663 }
1664 } else {
1665 DUK_DDD(DUK_DDDPRINT("-> found plain property in entry part"));
1666 tv = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, obj, e_idx);
1667 if (flags & DUK_GETDESC_FLAG_PUSH_VALUE) {
1668 duk_push_tval(ctx, tv);
1669 }
1670 }
1671 goto prop_found;
1672 }
1673
1674 /*
1675 * Not found as a concrete property, check whether a String object
1676 * virtual property matches.
1677 */
1678
1679 prop_not_found_concrete:
1680
1681 if (DUK_HOBJECT_HAS_EXOTIC_STRINGOBJ(obj)) {
1682 DUK_DDD(DUK_DDDPRINT("string object exotic property get for key: %!O, arr_idx: %ld",
1683 (duk_heaphdr *) key, (long) arr_idx));
1684
1685 if (arr_idx != DUK__NO_ARRAY_INDEX) {
1686 duk_hstring *h_val;
1687
1688 DUK_DDD(DUK_DDDPRINT("array index exists"));
1689
1690 h_val = duk_hobject_get_internal_value_string(thr->heap, obj);
1691 DUK_ASSERT(h_val);
1692 if (arr_idx < DUK_HSTRING_GET_CHARLEN(h_val)) {
1693 DUK_DDD(DUK_DDDPRINT("-> found, array index inside string"));
1694 if (flags & DUK_GETDESC_FLAG_PUSH_VALUE) {
1695 duk_push_hstring(ctx, h_val);
1696 duk_substring(ctx, -1, arr_idx, arr_idx + 1); /* [str] -> [substr] */
1697 }
1698 out_desc->flags = DUK_PROPDESC_FLAG_ENUMERABLE | /* E5 Section 15.5.5.2 */
1699 DUK_PROPDESC_FLAG_VIRTUAL;
1700
1701 DUK_ASSERT(!DUK_HOBJECT_HAS_EXOTIC_ARGUMENTS(obj));
1702 return 1; /* cannot be e.g. arguments exotic, since exotic 'traits' are mutually exclusive */
1703 } else {
1704 /* index is above internal string length -> property is fully normal */
1705 DUK_DDD(DUK_DDDPRINT("array index outside string -> normal property"));
1706 }
1707 } else if (key == DUK_HTHREAD_STRING_LENGTH(thr)) {
1708 duk_hstring *h_val;
1709
1710 DUK_DDD(DUK_DDDPRINT("-> found, key is 'length', length exotic behavior"));
1711
1712 h_val = duk_hobject_get_internal_value_string(thr->heap, obj);
1713 DUK_ASSERT(h_val != NULL);
1714 if (flags & DUK_GETDESC_FLAG_PUSH_VALUE) {
1715 duk_push_uint(ctx, (duk_uint_t) DUK_HSTRING_GET_CHARLEN(h_val));
1716 }
1717 out_desc->flags = DUK_PROPDESC_FLAG_VIRTUAL; /* E5 Section 15.5.5.1 */
1718
1719 DUK_ASSERT(!DUK_HOBJECT_HAS_EXOTIC_ARGUMENTS(obj));
1720 return 1; /* cannot be arguments exotic */
1721 }
1722 } else if (DUK_HOBJECT_IS_BUFFEROBJECT(obj)) {
1723 duk_hbufferobject *h_bufobj;
1724 duk_uint_t byte_off;
1725 duk_small_uint_t elem_size;
1726
1727 h_bufobj = (duk_hbufferobject *) obj;
1728 DUK_ASSERT_HBUFFEROBJECT_VALID(h_bufobj);
1729 DUK_DDD(DUK_DDDPRINT("bufferobject property get for key: %!O, arr_idx: %ld",
1730 (duk_heaphdr *) key, (long) arr_idx));
1731
1732 if (arr_idx != DUK__NO_ARRAY_INDEX) {
1733 DUK_DDD(DUK_DDDPRINT("array index exists"));
1734
1735 /* Careful with wrapping: arr_idx upshift may easily wrap, whereas
1736 * length downshift won't.
1737 */
1738 if (arr_idx < (h_bufobj->length >> h_bufobj->shift)) {
1739 byte_off = arr_idx << h_bufobj->shift; /* no wrap assuming h_bufobj->length is valid */
1740 elem_size = 1 << h_bufobj->shift;
1741 if (flags & DUK_GETDESC_FLAG_PUSH_VALUE) {
1742 duk_uint8_t *data;
1743
1744 if (h_bufobj->buf != NULL && DUK_HBUFFEROBJECT_VALID_BYTEOFFSET_EXCL(h_bufobj, byte_off + elem_size)) {
1745 data = (duk_uint8_t *) DUK_HBUFFER_GET_DATA_PTR(thr->heap, h_bufobj->buf) + h_bufobj->offset + byte_off;
1746 duk_hbufferobject_push_validated_read(ctx, h_bufobj, data, elem_size);
1747 } else {
1748 DUK_D(DUK_DPRINT("bufferobject access out of underlying buffer, ignoring (read zero)"));
1749 duk_push_uint(ctx, 0);
1750 }
1751 }
1752 out_desc->flags = DUK_PROPDESC_FLAG_WRITABLE |
1753 DUK_PROPDESC_FLAG_ENUMERABLE |
1754 DUK_PROPDESC_FLAG_VIRTUAL;
1755
1756 DUK_ASSERT(!DUK_HOBJECT_HAS_EXOTIC_ARGUMENTS(obj));
1757 return 1; /* cannot be e.g. arguments exotic, since exotic 'traits' are mutually exclusive */
1758 } else {
1759 /* index is above internal buffer length -> property is fully normal */
1760 DUK_DDD(DUK_DDDPRINT("array index outside buffer -> normal property"));
1761 }
1762 } else if (key == DUK_HTHREAD_STRING_LENGTH(thr)) {
1763 DUK_DDD(DUK_DDDPRINT("-> found, key is 'length', length exotic behavior"));
1764
1765 if (flags & DUK_GETDESC_FLAG_PUSH_VALUE) {
1766 /* Length in elements: take into account shift, but
1767 * intentionally don't check the underlying buffer here.
1768 */
1769 duk_push_uint(ctx, h_bufobj->length >> h_bufobj->shift);
1770 }
1771 out_desc->flags = DUK_PROPDESC_FLAG_VIRTUAL;
1772
1773 DUK_ASSERT(!DUK_HOBJECT_HAS_EXOTIC_ARGUMENTS(obj));
1774 return 1; /* cannot be arguments exotic */
1775 } else if (key == DUK_HTHREAD_STRING_BYTE_LENGTH(thr)) {
1776 /* If neutered must return 0; length is zeroed during
1777 * neutering.
1778 */
1779 if (flags & DUK_GETDESC_FLAG_PUSH_VALUE) {
1780 duk_push_uint(ctx, h_bufobj->length);
1781 }
1782 out_desc->flags = DUK_PROPDESC_FLAG_VIRTUAL;
1783 return 1; /* cannot be arguments exotic */
1784 } else if (key == DUK_HTHREAD_STRING_BYTE_OFFSET(thr)) {
1785 /* If neutered must return 0; offset is zeroed during
1786 * neutering.
1787 */
1788 if (flags & DUK_GETDESC_FLAG_PUSH_VALUE) {
1789 duk_push_uint(ctx, h_bufobj->offset);
1790 }
1791 out_desc->flags = DUK_PROPDESC_FLAG_VIRTUAL;
1792 return 1; /* cannot be arguments exotic */
1793 } else if (key == DUK_HTHREAD_STRING_BYTES_PER_ELEMENT(thr)) {
1794 if (flags & DUK_GETDESC_FLAG_PUSH_VALUE) {
1795 duk_push_uint(ctx, 1 << h_bufobj->shift);
1796 }
1797 out_desc->flags = DUK_PROPDESC_FLAG_VIRTUAL;
1798 return 1; /* cannot be arguments exotic */
1799 }
1800 } else if (DUK_HOBJECT_HAS_EXOTIC_DUKFUNC(obj)) {
1801 DUK_DDD(DUK_DDDPRINT("duktape/c object exotic property get for key: %!O, arr_idx: %ld",
1802 (duk_heaphdr *) key, (long) arr_idx));
1803
1804 if (key == DUK_HTHREAD_STRING_LENGTH(thr)) {
1805 DUK_DDD(DUK_DDDPRINT("-> found, key is 'length', length exotic behavior"));
1806
1807 if (flags & DUK_GETDESC_FLAG_PUSH_VALUE) {
1808 duk_int16_t func_nargs = ((duk_hnativefunction *) obj)->nargs;
1809 duk_push_int(ctx, func_nargs == DUK_HNATIVEFUNCTION_NARGS_VARARGS ? 0 : func_nargs);
1810 }
1811 out_desc->flags = DUK_PROPDESC_FLAG_VIRTUAL; /* not enumerable */
1812
1813 DUK_ASSERT(!DUK_HOBJECT_HAS_EXOTIC_ARGUMENTS(obj));
1814 return 1; /* cannot be arguments exotic */
1815 }
1816 }
1817
1818 /* Array properties have exotic behavior but they are concrete,
1819 * so no special handling here.
1820 *
1821 * Arguments exotic behavior (E5 Section 10.6, [[GetOwnProperty]]
1822 * is only relevant as a post-check implemented below; hence no
1823 * check here.
1824 */
1825
1826 /*
1827 * Not found as concrete or virtual
1828 */
1829
1830 DUK_DDD(DUK_DDDPRINT("-> not found (virtual, entry part, or array part)"));
1831 return 0;
1832
1833 /*
1834 * Found
1835 *
1836 * Arguments object has exotic post-processing, see E5 Section 10.6,
1837 * description of [[GetOwnProperty]] variant for arguments.
1838 */
1839
1840 prop_found:
1841 DUK_DDD(DUK_DDDPRINT("-> property found, checking for arguments exotic post-behavior"));
1842
1843 /* Notes:
1844 * - only numbered indices are relevant, so arr_idx fast reject is good
1845 * (this is valid unless there are more than 4**32-1 arguments).
1846 * - since variable lookup has no side effects, this can be skipped if
1847 * DUK_GETDESC_FLAG_PUSH_VALUE is not set.
1848 */
1849
1850 if (DUK_HOBJECT_HAS_EXOTIC_ARGUMENTS(obj) &&
1851 arr_idx != DUK__NO_ARRAY_INDEX &&
1852 (flags & DUK_GETDESC_FLAG_PUSH_VALUE)) {
1853 duk_propdesc temp_desc;
1854
1855 /* Magically bound variable cannot be an accessor. However,
1856 * there may be an accessor property (or a plain property) in
1857 * place with magic behavior removed. This happens e.g. when
1858 * a magic property is redefined with defineProperty().
1859 * Cannot assert for "not accessor" here.
1860 */
1861
1862 /* replaces top of stack with new value if necessary */
1863 DUK_ASSERT((flags & DUK_GETDESC_FLAG_PUSH_VALUE) != 0);
1864
1865 if (duk__check_arguments_map_for_get(thr, obj, key, &temp_desc)) {
1866 DUK_DDD(DUK_DDDPRINT("-> arguments exotic behavior overrides result: %!T -> %!T",
1867 (duk_tval *) duk_get_tval(ctx, -2),
1868 (duk_tval *) duk_get_tval(ctx, -1)));
1869 /* [... old_result result] -> [... result] */
1870 duk_remove(ctx, -2);
1871 }
1872 }
1873
1874 return 1;
1875 }
1876
1877 DUK_INTERNAL duk_bool_t duk_hobject_get_own_propdesc(duk_hthread *thr, duk_hobject *obj, duk_hstring *key, duk_propdesc *out_desc, duk_small_uint_t flags) {
1878 DUK_ASSERT(thr != NULL);
1879 DUK_ASSERT(obj != NULL);
1880 DUK_ASSERT(key != NULL);
1881 DUK_ASSERT(out_desc != NULL);
1882 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
1883
1884 return duk__get_own_propdesc_raw(thr, obj, key, DUK_HSTRING_GET_ARRIDX_SLOW(key), out_desc, flags);
1885 }
1886
1887 /*
1888 * Ecmascript compliant [[GetProperty]](P), for internal use only.
1889 *
1890 * If property is found:
1891 * - Fills descriptor fields to 'out_desc'
1892 * - If DUK_GETDESC_FLAG_PUSH_VALUE is set, pushes a value related to the
1893 * property onto the stack ('undefined' for accessor properties).
1894 * - Returns non-zero
1895 *
1896 * If property is not found:
1897 * - 'out_desc' is left in untouched state (possibly garbage)
1898 * - Nothing is pushed onto the stack (not even with DUK_GETDESC_FLAG_PUSH_VALUE
1899 * set)
1900 * - Returns zero
1901 *
1902 * May cause arbitrary side effects and invalidate (most) duk_tval
1903 * pointers.
1904 */
1905
1906 DUK_LOCAL duk_bool_t duk__get_propdesc(duk_hthread *thr, duk_hobject *obj, duk_hstring *key, duk_propdesc *out_desc, duk_small_uint_t flags) {
1907 duk_hobject *curr;
1908 duk_uint32_t arr_idx;
1909 duk_uint_t sanity;
1910
1911 DUK_ASSERT(thr != NULL);
1912 DUK_ASSERT(thr->heap != NULL);
1913 DUK_ASSERT(obj != NULL);
1914 DUK_ASSERT(key != NULL);
1915 DUK_ASSERT(out_desc != NULL);
1916 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
1917
1918 arr_idx = DUK_HSTRING_GET_ARRIDX_FAST(key);
1919
1920 DUK_DDD(DUK_DDDPRINT("duk__get_propdesc: thr=%p, obj=%p, key=%p, out_desc=%p, flags=%lx, "
1921 "arr_idx=%ld (obj -> %!O, key -> %!O)",
1922 (void *) thr, (void *) obj, (void *) key, (void *) out_desc,
1923 (long) flags, (long) arr_idx,
1924 (duk_heaphdr *) obj, (duk_heaphdr *) key));
1925
1926 curr = obj;
1927 DUK_ASSERT(curr != NULL);
1928 sanity = DUK_HOBJECT_PROTOTYPE_CHAIN_SANITY;
1929 do {
1930 if (duk__get_own_propdesc_raw(thr, curr, key, arr_idx, out_desc, flags)) {
1931 /* stack contains value (if requested), 'out_desc' is set */
1932 return 1;
1933 }
1934
1935 /* not found in 'curr', next in prototype chain; impose max depth */
1936 if (sanity-- == 0) {
1937 if (flags & DUK_GETDESC_FLAG_IGNORE_PROTOLOOP) {
1938 /* treat like property not found */
1939 break;
1940 } else {
1941 DUK_ERROR_RANGE(thr, DUK_STR_PROTOTYPE_CHAIN_LIMIT);
1942 }
1943 }
1944 curr = DUK_HOBJECT_GET_PROTOTYPE(thr->heap, curr);
1945 } while (curr);
1946
1947 /* out_desc is left untouched (possibly garbage), caller must use return
1948 * value to determine whether out_desc can be looked up
1949 */
1950
1951 return 0;
1952 }
1953
1954 /*
1955 * Shallow fast path checks for accessing array elements with numeric
1956 * indices. The goal is to try to avoid coercing an array index to an
1957 * (interned) string for the most common lookups, in particular, for
1958 * standard Array objects.
1959 *
1960 * Interning is avoided but only for a very narrow set of cases:
1961 * - Object has array part, index is within array allocation, and
1962 * value is not unused (= key exists)
1963 * - Object has no interfering exotic behavior (e.g. arguments or
1964 * string object exotic behaviors interfere, array exotic
1965 * behavior does not).
1966 *
1967 * Current shortcoming: if key does not exist (even if it is within
1968 * the array allocation range) a slow path lookup with interning is
1969 * always required. This can probably be fixed so that there is a
1970 * quick fast path for non-existent elements as well, at least for
1971 * standard Array objects.
1972 */
1973
1974 DUK_LOCAL duk_tval *duk__getprop_shallow_fastpath_array_tval(duk_hthread *thr, duk_hobject *obj, duk_tval *tv_key) {
1975 duk_tval *tv;
1976 duk_uint32_t idx;
1977
1978 DUK_UNREF(thr);
1979
1980 if (!(DUK_HOBJECT_HAS_ARRAY_PART(obj) &&
1981 !DUK_HOBJECT_HAS_EXOTIC_ARGUMENTS(obj) &&
1982 !DUK_HOBJECT_HAS_EXOTIC_STRINGOBJ(obj) &&
1983 !DUK_HOBJECT_IS_BUFFEROBJECT(obj) &&
1984 !DUK_HOBJECT_HAS_EXOTIC_PROXYOBJ(obj))) {
1985 /* Must have array part and no conflicting exotic behaviors.
1986 * Doesn't need to have array special behavior, e.g. Arguments
1987 * object has array part.
1988 */
1989 return NULL;
1990 }
1991
1992 /* Arrays never have other exotic behaviors. */
1993
1994 DUK_DDD(DUK_DDDPRINT("fast path attempt (no exotic string/arguments/buffer "
1995 "behavior, object has array part)"));
1996
1997 #if defined(DUK_USE_FASTINT)
1998 if (DUK_TVAL_IS_FASTINT(tv_key)) {
1999 idx = duk__tval_fastint_to_arr_idx(tv_key);
2000 } else
2001 #endif
2002 if (DUK_TVAL_IS_DOUBLE(tv_key)) {
2003 idx = duk__tval_number_to_arr_idx(tv_key);
2004 } else {
2005 DUK_DDD(DUK_DDDPRINT("key is not a number"));
2006 return NULL;
2007 }
2008
2009 /* If index is not valid, idx will be DUK__NO_ARRAY_INDEX which
2010 * is 0xffffffffUL. We don't need to check for that explicitly
2011 * because 0xffffffffUL will never be inside object 'a_size'.
2012 */
2013
2014 if (idx >= DUK_HOBJECT_GET_ASIZE(obj)) {
2015 DUK_DDD(DUK_DDDPRINT("key is not an array index or outside array part"));
2016 return NULL;
2017 }
2018 DUK_ASSERT(idx != 0xffffffffUL);
2019 DUK_ASSERT(idx != DUK__NO_ARRAY_INDEX);
2020
2021 /* XXX: for array instances we could take a shortcut here and assume
2022 * Array.prototype doesn't contain an array index property.
2023 */
2024
2025 DUK_DDD(DUK_DDDPRINT("key is a valid array index and inside array part"));
2026 tv = DUK_HOBJECT_A_GET_VALUE_PTR(thr->heap, obj, idx);
2027 if (!DUK_TVAL_IS_UNUSED(tv)) {
2028 DUK_DDD(DUK_DDDPRINT("-> fast path successful"));
2029 return tv;
2030 }
2031
2032 DUK_DDD(DUK_DDDPRINT("fast path attempt failed, fall back to slow path"));
2033 return NULL;
2034 }
2035
2036 DUK_LOCAL duk_bool_t duk__putprop_shallow_fastpath_array_tval(duk_hthread *thr, duk_hobject *obj, duk_tval *tv_key, duk_tval *tv_val, duk_propdesc *temp_desc) {
2037 duk_tval *tv;
2038 duk_uint32_t idx;
2039 duk_uint32_t old_len, new_len;
2040
2041 if (!(DUK_HOBJECT_HAS_EXOTIC_ARRAY(obj) &&
2042 DUK_HOBJECT_HAS_ARRAY_PART(obj) &&
2043 DUK_HOBJECT_HAS_EXTENSIBLE(obj))) {
2044 return 0;
2045 }
2046 DUK_ASSERT(!DUK_HEAPHDR_HAS_READONLY((duk_heaphdr *) obj)); /* caller ensures */
2047
2048 #if defined(DUK_USE_FASTINT)
2049 if (DUK_TVAL_IS_FASTINT(tv_key)) {
2050 idx = duk__tval_fastint_to_arr_idx(tv_key);
2051 } else
2052 #endif
2053 if (DUK_TVAL_IS_DOUBLE(tv_key)) {
2054 idx = duk__tval_number_to_arr_idx(tv_key);
2055 } else {
2056 DUK_DDD(DUK_DDDPRINT("key is not a number"));
2057 return 0;
2058 }
2059
2060 /* If index is not valid, idx will be DUK__NO_ARRAY_INDEX which
2061 * is 0xffffffffUL. We don't need to check for that explicitly
2062 * because 0xffffffffUL will never be inside object 'a_size'.
2063 */
2064
2065 if (idx >= DUK_HOBJECT_GET_ASIZE(obj)) { /* for resizing of array part, use slow path */
2066 return 0;
2067 }
2068 DUK_ASSERT(idx != 0xffffffffUL);
2069 DUK_ASSERT(idx != DUK__NO_ARRAY_INDEX);
2070
2071 old_len = duk__get_old_array_length(thr, obj, temp_desc);
2072
2073 if (idx >= old_len) {
2074 DUK_DDD(DUK_DDDPRINT("write new array entry requires length update "
2075 "(arr_idx=%ld, old_len=%ld)",
2076 (long) idx, (long) old_len));
2077 if (!(temp_desc->flags & DUK_PROPDESC_FLAG_WRITABLE)) {
2078 DUK_ERROR_TYPE(thr, DUK_STR_NOT_WRITABLE);
2079 return 0; /* not reachable */
2080 }
2081 new_len = idx + 1;
2082
2083 /* No resize has occurred so temp_desc->e_idx is still OK */
2084 tv = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, obj, temp_desc->e_idx);
2085 DUK_ASSERT(DUK_TVAL_IS_NUMBER(tv));
2086 DUK_TVAL_SET_FASTINT_U32(tv, new_len); /* no need for decref/incref because value is a number */
2087 } else {
2088 ;
2089 }
2090
2091 tv = DUK_HOBJECT_A_GET_VALUE_PTR(thr->heap, obj, idx);
2092 DUK_TVAL_SET_TVAL_UPDREF(thr, tv, tv_val); /* side effects */
2093
2094 DUK_DDD(DUK_DDDPRINT("array fast path success for index %ld", (long) idx));
2095 return 1;
2096 }
2097
2098 /*
2099 * Fast path for bufferobject getprop/putprop
2100 */
2101
2102 DUK_LOCAL duk_bool_t duk__getprop_fastpath_bufobj_tval(duk_hthread *thr, duk_hobject *obj, duk_tval *tv_key) {
2103 duk_context *ctx;
2104 duk_uint32_t idx;
2105 duk_hbufferobject *h_bufobj;
2106 duk_uint_t byte_off;
2107 duk_small_uint_t elem_size;
2108 duk_uint8_t *data;
2109
2110 ctx = (duk_context *) thr;
2111
2112 if (!DUK_HOBJECT_IS_BUFFEROBJECT(obj)) {
2113 return 0;
2114 }
2115 h_bufobj = (duk_hbufferobject *) obj;
2116
2117 #if defined(DUK_USE_FASTINT)
2118 if (DUK_TVAL_IS_FASTINT(tv_key)) {
2119 idx = duk__tval_fastint_to_arr_idx(tv_key);
2120 } else
2121 #endif
2122 if (DUK_TVAL_IS_DOUBLE(tv_key)) {
2123 idx = duk__tval_number_to_arr_idx(tv_key);
2124 } else {
2125 return 0;
2126 }
2127
2128 /* If index is not valid, idx will be DUK__NO_ARRAY_INDEX which
2129 * is 0xffffffffUL. We don't need to check for that explicitly
2130 * because 0xffffffffUL will never be inside bufferobject length.
2131 */
2132
2133 /* Careful with wrapping (left shifting idx would be unsafe). */
2134 if (idx >= (h_bufobj->length >> h_bufobj->shift)) {
2135 return 0;
2136 }
2137 DUK_ASSERT(idx != DUK__NO_ARRAY_INDEX);
2138
2139 byte_off = idx << h_bufobj->shift; /* no wrap assuming h_bufobj->length is valid */
2140 elem_size = 1 << h_bufobj->shift;
2141
2142 if (h_bufobj->buf != NULL && DUK_HBUFFEROBJECT_VALID_BYTEOFFSET_EXCL(h_bufobj, byte_off + elem_size)) {
2143 data = (duk_uint8_t *) DUK_HBUFFER_GET_DATA_PTR(thr->heap, h_bufobj->buf) + h_bufobj->offset + byte_off;
2144 duk_hbufferobject_push_validated_read(ctx, h_bufobj, data, elem_size);
2145 } else {
2146 DUK_D(DUK_DPRINT("bufferobject access out of underlying buffer, ignoring (read zero)"));
2147 duk_push_uint(ctx, 0);
2148 }
2149
2150 return 1;
2151 }
2152
2153 DUK_LOCAL duk_bool_t duk__putprop_fastpath_bufobj_tval(duk_hthread *thr, duk_hobject *obj, duk_tval *tv_key, duk_tval *tv_val) {
2154 duk_context *ctx;
2155 duk_uint32_t idx;
2156 duk_hbufferobject *h_bufobj;
2157 duk_uint_t byte_off;
2158 duk_small_uint_t elem_size;
2159 duk_uint8_t *data;
2160
2161 ctx = (duk_context *) thr;
2162
2163 if (!(DUK_HOBJECT_IS_BUFFEROBJECT(obj) &&
2164 DUK_TVAL_IS_NUMBER(tv_val))) {
2165 return 0;
2166 }
2167 DUK_ASSERT(!DUK_HEAPHDR_HAS_READONLY((duk_heaphdr *) obj)); /* caller ensures; rom objects are never bufferobjects now */
2168
2169 h_bufobj = (duk_hbufferobject *) obj;
2170 #if defined(DUK_USE_FASTINT)
2171 if (DUK_TVAL_IS_FASTINT(tv_key)) {
2172 idx = duk__tval_fastint_to_arr_idx(tv_key);
2173 } else
2174 #endif
2175 if (DUK_TVAL_IS_DOUBLE(tv_key)) {
2176 idx = duk__tval_number_to_arr_idx(tv_key);
2177 } else {
2178 return 0;
2179 }
2180
2181 /* If index is not valid, idx will be DUK__NO_ARRAY_INDEX which
2182 * is 0xffffffffUL. We don't need to check for that explicitly
2183 * because 0xffffffffUL will never be inside bufferobject length.
2184 */
2185
2186 /* Careful with wrapping (left shifting idx would be unsafe). */
2187 if (idx >= (h_bufobj->length >> h_bufobj->shift)) {
2188 return 0;
2189 }
2190 DUK_ASSERT(idx != DUK__NO_ARRAY_INDEX);
2191
2192 byte_off = idx << h_bufobj->shift; /* no wrap assuming h_bufobj->length is valid */
2193 elem_size = 1 << h_bufobj->shift;
2194
2195 /* Value is required to be a number in the fast path so there
2196 * are no side effects in write coercion.
2197 */
2198 duk_push_tval(ctx, tv_val);
2199 DUK_ASSERT(duk_is_number(ctx, -1));
2200
2201 if (h_bufobj->buf != NULL && DUK_HBUFFEROBJECT_VALID_BYTEOFFSET_EXCL(h_bufobj, byte_off + elem_size)) {
2202 data = (duk_uint8_t *) DUK_HBUFFER_GET_DATA_PTR(thr->heap, h_bufobj->buf) + h_bufobj->offset + byte_off;
2203 duk_hbufferobject_validated_write(ctx, h_bufobj, data, elem_size);
2204 } else {
2205 DUK_D(DUK_DPRINT("bufferobject access out of underlying buffer, ignoring (write skipped)"));
2206 }
2207
2208 duk_pop(ctx);
2209 return 1;
2210 }
2211
2212 /*
2213 * GETPROP: Ecmascript property read.
2214 */
2215
2216 DUK_INTERNAL duk_bool_t duk_hobject_getprop(duk_hthread *thr, duk_tval *tv_obj, duk_tval *tv_key) {
2217 duk_context *ctx = (duk_context *) thr;
2218 duk_tval tv_obj_copy;
2219 duk_tval tv_key_copy;
2220 duk_hobject *curr = NULL;
2221 duk_hstring *key = NULL;
2222 duk_uint32_t arr_idx = DUK__NO_ARRAY_INDEX;
2223 duk_propdesc desc;
2224 duk_uint_t sanity;
2225
2226 DUK_DDD(DUK_DDDPRINT("getprop: thr=%p, obj=%p, key=%p (obj -> %!T, key -> %!T)",
2227 (void *) thr, (void *) tv_obj, (void *) tv_key,
2228 (duk_tval *) tv_obj, (duk_tval *) tv_key));
2229
2230 DUK_ASSERT(ctx != NULL);
2231 DUK_ASSERT(thr != NULL);
2232 DUK_ASSERT(thr->heap != NULL);
2233 DUK_ASSERT(tv_obj != NULL);
2234 DUK_ASSERT(tv_key != NULL);
2235
2236 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
2237
2238 /*
2239 * Make a copy of tv_obj, tv_key, and tv_val to avoid any issues of
2240 * them being invalidated by a valstack resize.
2241 *
2242 * XXX: this is now an overkill for many fast paths. Rework this
2243 * to be faster (although switching to a valstack discipline might
2244 * be a better solution overall).
2245 */
2246
2247 DUK_TVAL_SET_TVAL(&tv_obj_copy, tv_obj);
2248 DUK_TVAL_SET_TVAL(&tv_key_copy, tv_key);
2249 tv_obj = &tv_obj_copy;
2250 tv_key = &tv_key_copy;
2251
2252 /*
2253 * Coercion and fast path processing
2254 */
2255
2256 switch (DUK_TVAL_GET_TAG(tv_obj)) {
2257 case DUK_TAG_UNDEFINED:
2258 case DUK_TAG_NULL: {
2259 /* Note: unconditional throw */
2260 DUK_DDD(DUK_DDDPRINT("base object is undefined or null -> reject"));
2261 #if defined(DUK_USE_PARANOID_ERRORS)
2262 DUK_ERROR_TYPE(thr, DUK_STR_INVALID_BASE);
2263 #else
2264 DUK_ERROR_FMT2(thr, DUK_ERR_TYPE_ERROR, "cannot read property %s of %s",
2265 duk_push_string_tval_readable(ctx, tv_key), duk_push_string_tval_readable(ctx, tv_obj));
2266 #endif
2267 return 0;
2268 }
2269
2270 case DUK_TAG_BOOLEAN: {
2271 DUK_DDD(DUK_DDDPRINT("base object is a boolean, start lookup from boolean prototype"));
2272 curr = thr->builtins[DUK_BIDX_BOOLEAN_PROTOTYPE];
2273 break;
2274 }
2275
2276 case DUK_TAG_STRING: {
2277 duk_hstring *h = DUK_TVAL_GET_STRING(tv_obj);
2278 duk_int_t pop_count;
2279
2280 #if defined(DUK_USE_FASTINT)
2281 if (DUK_TVAL_IS_FASTINT(tv_key)) {
2282 arr_idx = duk__tval_fastint_to_arr_idx(tv_key);
2283 DUK_DDD(DUK_DDDPRINT("base object string, key is a fast-path fastint; arr_idx %ld", (long) arr_idx));
2284 pop_count = 0;
2285 } else
2286 #endif
2287 if (DUK_TVAL_IS_NUMBER(tv_key)) {
2288 arr_idx = duk__tval_number_to_arr_idx(tv_key);
2289 DUK_DDD(DUK_DDDPRINT("base object string, key is a fast-path number; arr_idx %ld", (long) arr_idx));
2290 pop_count = 0;
2291 } else {
2292 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
2293 DUK_ASSERT(key != NULL);
2294 DUK_DDD(DUK_DDDPRINT("base object string, key is a non-fast-path number; after "
2295 "coercion key is %!T, arr_idx %ld",
2296 (duk_tval *) duk_get_tval(ctx, -1), (long) arr_idx));
2297 pop_count = 1;
2298 }
2299
2300 if (arr_idx != DUK__NO_ARRAY_INDEX &&
2301 arr_idx < DUK_HSTRING_GET_CHARLEN(h)) {
2302 duk_pop_n(ctx, pop_count);
2303 duk_push_hstring(ctx, h);
2304 duk_substring(ctx, -1, arr_idx, arr_idx + 1); /* [str] -> [substr] */
2305
2306 DUK_DDD(DUK_DDDPRINT("-> %!T (base is string, key is an index inside string length "
2307 "after coercion -> return char)",
2308 (duk_tval *) duk_get_tval(ctx, -1)));
2309 return 1;
2310 }
2311
2312 if (pop_count == 0) {
2313 /* This is a pretty awkward control flow, but we need to recheck the
2314 * key coercion here.
2315 */
2316 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
2317 DUK_ASSERT(key != NULL);
2318 DUK_DDD(DUK_DDDPRINT("base object string, key is a non-fast-path number; after "
2319 "coercion key is %!T, arr_idx %ld",
2320 (duk_tval *) duk_get_tval(ctx, -1), (long) arr_idx));
2321 }
2322
2323 if (key == DUK_HTHREAD_STRING_LENGTH(thr)) {
2324 duk_pop(ctx); /* [key] -> [] */
2325 duk_push_uint(ctx, (duk_uint_t) DUK_HSTRING_GET_CHARLEN(h)); /* [] -> [res] */
2326
2327 DUK_DDD(DUK_DDDPRINT("-> %!T (base is string, key is 'length' after coercion -> "
2328 "return string length)",
2329 (duk_tval *) duk_get_tval(ctx, -1)));
2330 return 1;
2331 }
2332 DUK_DDD(DUK_DDDPRINT("base object is a string, start lookup from string prototype"));
2333 curr = thr->builtins[DUK_BIDX_STRING_PROTOTYPE];
2334 goto lookup; /* avoid double coercion */
2335 }
2336
2337 case DUK_TAG_OBJECT: {
2338 duk_tval *tmp;
2339
2340 curr = DUK_TVAL_GET_OBJECT(tv_obj);
2341 DUK_ASSERT(curr != NULL);
2342
2343 tmp = duk__getprop_shallow_fastpath_array_tval(thr, curr, tv_key);
2344 if (tmp) {
2345 duk_push_tval(ctx, tmp);
2346
2347 DUK_DDD(DUK_DDDPRINT("-> %!T (base is object, key is a number, array part "
2348 "fast path)",
2349 (duk_tval *) duk_get_tval(ctx, -1)));
2350 return 1;
2351 }
2352
2353 if (duk__getprop_fastpath_bufobj_tval(thr, curr, tv_key) != 0) {
2354 /* Read value pushed on stack. */
2355 DUK_DDD(DUK_DDDPRINT("-> %!T (base is bufobj, key is a number, bufferobject "
2356 "fast path)",
2357 (duk_tval *) duk_get_tval(ctx, -1)));
2358 return 1;
2359 }
2360
2361 #if defined(DUK_USE_ES6_PROXY)
2362 if (DUK_UNLIKELY(DUK_HOBJECT_HAS_EXOTIC_PROXYOBJ(curr))) {
2363 duk_hobject *h_target;
2364
2365 if (duk__proxy_check_prop(thr, curr, DUK_STRIDX_GET, tv_key, &h_target)) {
2366 /* -> [ ... trap handler ] */
2367 DUK_DDD(DUK_DDDPRINT("-> proxy object 'get' for key %!T", (duk_tval *) tv_key));
2368 duk_push_hobject(ctx, h_target); /* target */
2369 duk_push_tval(ctx, tv_key); /* P */
2370 duk_push_tval(ctx, tv_obj); /* Receiver: Proxy object */
2371 duk_call_method(ctx, 3 /*nargs*/);
2372
2373 /* Target object must be checked for a conflicting
2374 * non-configurable property.
2375 */
2376 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
2377 DUK_ASSERT(key != NULL);
2378
2379 if (duk__get_own_propdesc_raw(thr, h_target, key, arr_idx, &desc, DUK_GETDESC_FLAG_PUSH_VALUE)) {
2380 duk_tval *tv_hook = duk_require_tval(ctx, -3); /* value from hook */
2381 duk_tval *tv_targ = duk_require_tval(ctx, -1); /* value from target */
2382 duk_bool_t datadesc_reject;
2383 duk_bool_t accdesc_reject;
2384
2385 DUK_DDD(DUK_DDDPRINT("proxy 'get': target has matching property %!O, check for "
2386 "conflicting property; tv_hook=%!T, tv_targ=%!T, desc.flags=0x%08lx, "
2387 "desc.get=%p, desc.set=%p",
2388 (duk_heaphdr *) key, (duk_tval *) tv_hook, (duk_tval *) tv_targ,
2389 (unsigned long) desc.flags,
2390 (void *) desc.get, (void *) desc.set));
2391
2392 datadesc_reject = !(desc.flags & DUK_PROPDESC_FLAG_ACCESSOR) &&
2393 !(desc.flags & DUK_PROPDESC_FLAG_CONFIGURABLE) &&
2394 !(desc.flags & DUK_PROPDESC_FLAG_WRITABLE) &&
2395 !duk_js_samevalue(tv_hook, tv_targ);
2396 accdesc_reject = (desc.flags & DUK_PROPDESC_FLAG_ACCESSOR) &&
2397 !(desc.flags & DUK_PROPDESC_FLAG_CONFIGURABLE) &&
2398 (desc.get == NULL) &&
2399 !DUK_TVAL_IS_UNDEFINED(tv_hook);
2400 if (datadesc_reject || accdesc_reject) {
2401 DUK_ERROR_TYPE(thr, DUK_STR_PROXY_REJECTED);
2402 }
2403
2404 duk_pop_2(ctx);
2405 } else {
2406 duk_pop(ctx);
2407 }
2408 return 1; /* return value */
2409 }
2410
2411 curr = h_target; /* resume lookup from target */
2412 DUK_TVAL_SET_OBJECT(tv_obj, curr);
2413 }
2414 #endif /* DUK_USE_ES6_PROXY */
2415
2416 if (DUK_HOBJECT_HAS_EXOTIC_ARGUMENTS(curr)) {
2417 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
2418 DUK_ASSERT(key != NULL);
2419
2420 if (duk__check_arguments_map_for_get(thr, curr, key, &desc)) {
2421 DUK_DDD(DUK_DDDPRINT("-> %!T (base is object with arguments exotic behavior, "
2422 "key matches magically bound property -> skip standard "
2423 "Get with replacement value)",
2424 (duk_tval *) duk_get_tval(ctx, -1)));
2425
2426 /* no need for 'caller' post-check, because 'key' must be an array index */
2427
2428 duk_remove(ctx, -2); /* [key result] -> [result] */
2429 return 1;
2430 }
2431
2432 goto lookup; /* avoid double coercion */
2433 }
2434 break;
2435 }
2436
2437 /* Buffer has virtual properties similar to string, but indexed values
2438 * are numbers, not 1-byte buffers/strings which would perform badly.
2439 */
2440 case DUK_TAG_BUFFER: {
2441 duk_hbuffer *h = DUK_TVAL_GET_BUFFER(tv_obj);
2442 duk_int_t pop_count;
2443
2444 /*
2445 * Because buffer values are often looped over, a number fast path
2446 * is important.
2447 */
2448
2449 #if defined(DUK_USE_FASTINT)
2450 if (DUK_TVAL_IS_FASTINT(tv_key)) {
2451 arr_idx = duk__tval_fastint_to_arr_idx(tv_key);
2452 DUK_DDD(DUK_DDDPRINT("base object buffer, key is a fast-path fastint; arr_idx %ld", (long) arr_idx));
2453 pop_count = 0;
2454 }
2455 else
2456 #endif
2457 if (DUK_TVAL_IS_NUMBER(tv_key)) {
2458 arr_idx = duk__tval_number_to_arr_idx(tv_key);
2459 DUK_DDD(DUK_DDDPRINT("base object buffer, key is a fast-path number; arr_idx %ld", (long) arr_idx));
2460 pop_count = 0;
2461 } else {
2462 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
2463 DUK_ASSERT(key != NULL);
2464 DUK_DDD(DUK_DDDPRINT("base object buffer, key is a non-fast-path number; after "
2465 "coercion key is %!T, arr_idx %ld",
2466 (duk_tval *) duk_get_tval(ctx, -1), (long) arr_idx));
2467 pop_count = 1;
2468 }
2469
2470 if (arr_idx != DUK__NO_ARRAY_INDEX &&
2471 arr_idx < DUK_HBUFFER_GET_SIZE(h)) {
2472 duk_pop_n(ctx, pop_count);
2473 duk_push_uint(ctx, ((duk_uint8_t *) DUK_HBUFFER_GET_DATA_PTR(thr->heap, h))[arr_idx]);
2474
2475 DUK_DDD(DUK_DDDPRINT("-> %!T (base is buffer, key is an index inside buffer length "
2476 "after coercion -> return byte as number)",
2477 (duk_tval *) duk_get_tval(ctx, -1)));
2478 return 1;
2479 }
2480
2481 if (pop_count == 0) {
2482 /* This is a pretty awkward control flow, but we need to recheck the
2483 * key coercion here.
2484 */
2485 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
2486 DUK_ASSERT(key != NULL);
2487 DUK_DDD(DUK_DDDPRINT("base object buffer, key is a non-fast-path number; after "
2488 "coercion key is %!T, arr_idx %ld",
2489 (duk_tval *) duk_get_tval(ctx, -1), (long) arr_idx));
2490 }
2491
2492 if (key == DUK_HTHREAD_STRING_LENGTH(thr) ||
2493 key == DUK_HTHREAD_STRING_BYTE_LENGTH(thr)) {
2494 duk_pop(ctx); /* [key] -> [] */
2495 duk_push_uint(ctx, (duk_uint_t) DUK_HBUFFER_GET_SIZE(h)); /* [] -> [res] */
2496
2497 DUK_DDD(DUK_DDDPRINT("-> %!T (base is buffer, key is 'length' or 'byteLength' "
2498 "after coercion -> return buffer length)",
2499 (duk_tval *) duk_get_tval(ctx, -1)));
2500 return 1;
2501 } else if (key == DUK_HTHREAD_STRING_BYTE_OFFSET(thr)) {
2502 duk_pop(ctx); /* [key] -> [] */
2503 duk_push_uint(ctx, 0); /* [] -> [res] */
2504
2505 DUK_DDD(DUK_DDDPRINT("-> %!T (base is buffer, key is 'byteOffset' after coercion -> "
2506 "return 0 for consistency with Buffer objects)",
2507 (duk_tval *) duk_get_tval(ctx, -1)));
2508 return 1;
2509 } else if (key == DUK_HTHREAD_STRING_BYTES_PER_ELEMENT(thr)) {
2510 duk_pop(ctx); /* [key] -> [] */
2511 duk_push_uint(ctx, 1); /* [] -> [res] */
2512
2513 DUK_DDD(DUK_DDDPRINT("-> %!T (base is buffer, key is 'BYTES_PER_ELEMENT' after coercion -> "
2514 "return 1 for consistency with Buffer objects)",
2515 (duk_tval *) duk_get_tval(ctx, -1)));
2516 return 1;
2517 }
2518
2519 DUK_DDD(DUK_DDDPRINT("base object is a buffer, start lookup from buffer prototype"));
2520 curr = thr->builtins[DUK_BIDX_BUFFER_PROTOTYPE];
2521 goto lookup; /* avoid double coercion */
2522 }
2523
2524 case DUK_TAG_POINTER: {
2525 DUK_DDD(DUK_DDDPRINT("base object is a pointer, start lookup from pointer prototype"));
2526 curr = thr->builtins[DUK_BIDX_POINTER_PROTOTYPE];
2527 break;
2528 }
2529
2530 case DUK_TAG_LIGHTFUNC: {
2531 duk_int_t lf_flags = DUK_TVAL_GET_LIGHTFUNC_FLAGS(tv_obj);
2532
2533 /* Must coerce key: if key is an object, it may coerce to e.g. 'length'. */
2534 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
2535
2536 if (key == DUK_HTHREAD_STRING_LENGTH(thr)) {
2537 duk_int_t lf_len = DUK_LFUNC_FLAGS_GET_LENGTH(lf_flags);
2538 duk_pop(ctx);
2539 duk_push_int(ctx, lf_len);
2540 return 1;
2541 } else if (key == DUK_HTHREAD_STRING_NAME(thr)) {
2542 duk_pop(ctx);
2543 duk_push_lightfunc_name(ctx, tv_obj);
2544 return 1;
2545 }
2546
2547 DUK_DDD(DUK_DDDPRINT("base object is a lightfunc, start lookup from function prototype"));
2548 curr = thr->builtins[DUK_BIDX_FUNCTION_PROTOTYPE];
2549 goto lookup; /* avoid double coercion */
2550 }
2551
2552 #if defined(DUK_USE_FASTINT)
2553 case DUK_TAG_FASTINT:
2554 #endif
2555 default: {
2556 /* number */
2557 DUK_DDD(DUK_DDDPRINT("base object is a number, start lookup from number prototype"));
2558 DUK_ASSERT(!DUK_TVAL_IS_UNUSED(tv_obj));
2559 DUK_ASSERT(DUK_TVAL_IS_NUMBER(tv_obj));
2560 curr = thr->builtins[DUK_BIDX_NUMBER_PROTOTYPE];
2561 break;
2562 }
2563 }
2564
2565 /* key coercion (unless already coerced above) */
2566 DUK_ASSERT(key == NULL);
2567 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
2568 DUK_ASSERT(key != NULL);
2569
2570 /*
2571 * Property lookup
2572 */
2573
2574 lookup:
2575 /* [key] (coerced) */
2576 DUK_ASSERT(curr != NULL);
2577 DUK_ASSERT(key != NULL);
2578
2579 sanity = DUK_HOBJECT_PROTOTYPE_CHAIN_SANITY;
2580 do {
2581 if (!duk__get_own_propdesc_raw(thr, curr, key, arr_idx, &desc, DUK_GETDESC_FLAG_PUSH_VALUE)) {
2582 goto next_in_chain;
2583 }
2584
2585 if (desc.get != NULL) {
2586 /* accessor with defined getter */
2587 DUK_ASSERT((desc.flags & DUK_PROPDESC_FLAG_ACCESSOR) != 0);
2588
2589 duk_pop(ctx); /* [key undefined] -> [key] */
2590 duk_push_hobject(ctx, desc.get);
2591 duk_push_tval(ctx, tv_obj); /* note: original, uncoerced base */
2592 #ifdef DUK_USE_NONSTD_GETTER_KEY_ARGUMENT
2593 duk_dup(ctx, -3);
2594 duk_call_method(ctx, 1); /* [key getter this key] -> [key retval] */
2595 #else
2596 duk_call_method(ctx, 0); /* [key getter this] -> [key retval] */
2597 #endif
2598 } else {
2599 /* [key value] or [key undefined] */
2600
2601 /* data property or accessor without getter */
2602 DUK_ASSERT(((desc.flags & DUK_PROPDESC_FLAG_ACCESSOR) == 0) ||
2603 (desc.get == NULL));
2604
2605 /* if accessor without getter, return value is undefined */
2606 DUK_ASSERT(((desc.flags & DUK_PROPDESC_FLAG_ACCESSOR) == 0) ||
2607 duk_is_undefined(ctx, -1));
2608
2609 /* Note: for an accessor without getter, falling through to
2610 * check for "caller" exotic behavior is unnecessary as
2611 * "undefined" will never activate the behavior. But it does
2612 * no harm, so we'll do it anyway.
2613 */
2614 }
2615
2616 goto found; /* [key result] */
2617
2618 next_in_chain:
2619 /* XXX: option to pretend property doesn't exist if sanity limit is
2620 * hit might be useful.
2621 */
2622 if (sanity-- == 0) {
2623 DUK_ERROR_RANGE(thr, DUK_STR_PROTOTYPE_CHAIN_LIMIT);
2624 }
2625 curr = DUK_HOBJECT_GET_PROTOTYPE(thr->heap, curr);
2626 } while (curr);
2627
2628 /*
2629 * Not found
2630 */
2631
2632 duk_to_undefined(ctx, -1); /* [key] -> [undefined] (default value) */
2633
2634 DUK_DDD(DUK_DDDPRINT("-> %!T (not found)", (duk_tval *) duk_get_tval(ctx, -1)));
2635 return 0;
2636
2637 /*
2638 * Found; post-processing (Function and arguments objects)
2639 */
2640
2641 found:
2642 /* [key result] */
2643
2644 #if !defined(DUK_USE_NONSTD_FUNC_CALLER_PROPERTY)
2645 /* Special behavior for 'caller' property of (non-bound) function objects
2646 * and non-strict Arguments objects: if 'caller' -value- (!) is a strict
2647 * mode function, throw a TypeError (E5 Sections 15.3.5.4, 10.6).
2648 * Quite interestingly, a non-strict function with no formal arguments
2649 * will get an arguments object -without- special 'caller' behavior!
2650 *
2651 * The E5.1 spec is a bit ambiguous if this special behavior applies when
2652 * a bound function is the base value (not the 'caller' value): Section
2653 * 15.3.4.5 (describing bind()) states that [[Get]] for bound functions
2654 * matches that of Section 15.3.5.4 ([[Get]] for Function instances).
2655 * However, Section 13.3.5.4 has "NOTE: Function objects created using
2656 * Function.prototype.bind use the default [[Get]] internal method."
2657 * The current implementation assumes this means that bound functions
2658 * should not have the special [[Get]] behavior.
2659 *
2660 * The E5.1 spec is also a bit unclear if the TypeError throwing is
2661 * applied if the 'caller' value is a strict bound function. The
2662 * current implementation will throw even for both strict non-bound
2663 * and strict bound functions.
2664 *
2665 * See test-dev-strict-func-as-caller-prop-value.js for quite extensive
2666 * tests.
2667 *
2668 * This exotic behavior is disabled when the non-standard 'caller' property
2669 * is enabled, as it conflicts with the free use of 'caller'.
2670 */
2671 if (key == DUK_HTHREAD_STRING_CALLER(thr) &&
2672 DUK_TVAL_IS_OBJECT(tv_obj)) {
2673 duk_hobject *orig = DUK_TVAL_GET_OBJECT(tv_obj);
2674 DUK_ASSERT(orig != NULL);
2675
2676 if (DUK_HOBJECT_IS_NONBOUND_FUNCTION(orig) ||
2677 DUK_HOBJECT_HAS_EXOTIC_ARGUMENTS(orig)) {
2678 duk_hobject *h;
2679
2680 /* XXX: The TypeError is currently not applied to bound
2681 * functions because the 'strict' flag is not copied by
2682 * bind(). This may or may not be correct, the specification
2683 * only refers to the value being a "strict mode Function
2684 * object" which is ambiguous.
2685 */
2686 DUK_ASSERT(!DUK_HOBJECT_HAS_BOUND(orig));
2687
2688 h = duk_get_hobject(ctx, -1); /* NULL if not an object */
2689 if (h &&
2690 DUK_HOBJECT_IS_FUNCTION(h) &&
2691 DUK_HOBJECT_HAS_STRICT(h)) {
2692 /* XXX: sufficient to check 'strict', assert for 'is function' */
2693 DUK_ERROR_TYPE(thr, DUK_STR_STRICT_CALLER_READ);
2694 }
2695 }
2696 }
2697 #endif /* !DUK_USE_NONSTD_FUNC_CALLER_PROPERTY */
2698
2699 duk_remove(ctx, -2); /* [key result] -> [result] */
2700
2701 DUK_DDD(DUK_DDDPRINT("-> %!T (found)", (duk_tval *) duk_get_tval(ctx, -1)));
2702 return 1;
2703 }
2704
2705 /*
2706 * HASPROP: Ecmascript property existence check ("in" operator).
2707 *
2708 * Interestingly, the 'in' operator does not do any coercion of
2709 * the target object.
2710 */
2711
2712 DUK_INTERNAL duk_bool_t duk_hobject_hasprop(duk_hthread *thr, duk_tval *tv_obj, duk_tval *tv_key) {
2713 duk_context *ctx = (duk_context *) thr;
2714 duk_tval tv_key_copy;
2715 duk_hobject *obj;
2716 duk_hstring *key;
2717 duk_uint32_t arr_idx;
2718 duk_bool_t rc;
2719 duk_propdesc desc;
2720
2721 DUK_DDD(DUK_DDDPRINT("hasprop: thr=%p, obj=%p, key=%p (obj -> %!T, key -> %!T)",
2722 (void *) thr, (void *) tv_obj, (void *) tv_key,
2723 (duk_tval *) tv_obj, (duk_tval *) tv_key));
2724
2725 DUK_ASSERT(thr != NULL);
2726 DUK_ASSERT(thr->heap != NULL);
2727 DUK_ASSERT(tv_obj != NULL);
2728 DUK_ASSERT(tv_key != NULL);
2729 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
2730
2731 DUK_TVAL_SET_TVAL(&tv_key_copy, tv_key);
2732 tv_key = &tv_key_copy;
2733
2734 /*
2735 * The 'in' operator requires an object as its right hand side,
2736 * throwing a TypeError unconditionally if this is not the case.
2737 *
2738 * However, lightfuncs need to behave like fully fledged objects
2739 * here to be maximally transparent, so we need to handle them
2740 * here.
2741 */
2742
2743 /* XXX: Refactor key coercion so that it's only called once. It can't
2744 * be trivially lifted here because the object must be type checked
2745 * first.
2746 */
2747
2748 if (DUK_TVAL_IS_OBJECT(tv_obj)) {
2749 obj = DUK_TVAL_GET_OBJECT(tv_obj);
2750 DUK_ASSERT(obj != NULL);
2751
2752 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
2753 } else if (DUK_TVAL_IS_LIGHTFUNC(tv_obj)) {
2754 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
2755 if (duk__key_is_lightfunc_ownprop(thr, key)) {
2756 /* FOUND */
2757 rc = 1;
2758 goto pop_and_return;
2759 }
2760
2761 /* If not found, resume existence check from Function.prototype.
2762 * We can just substitute the value in this case; nothing will
2763 * need the original base value (as would be the case with e.g.
2764 * setters/getters.
2765 */
2766 obj = thr->builtins[DUK_BIDX_FUNCTION_PROTOTYPE];
2767 } else {
2768 /* Note: unconditional throw */
2769 DUK_DDD(DUK_DDDPRINT("base object is not an object -> reject"));
2770 DUK_ERROR_TYPE(thr, DUK_STR_INVALID_BASE);
2771 }
2772
2773 /* XXX: fast path for arrays? */
2774
2775 DUK_ASSERT(key != NULL);
2776 DUK_ASSERT(obj != NULL);
2777 DUK_UNREF(arr_idx);
2778
2779 #if defined(DUK_USE_ES6_PROXY)
2780 if (DUK_UNLIKELY(DUK_HOBJECT_HAS_EXOTIC_PROXYOBJ(obj))) {
2781 duk_hobject *h_target;
2782 duk_bool_t tmp_bool;
2783
2784 /* XXX: the key in 'key in obj' is string coerced before we're called
2785 * (which is the required behavior in E5/E5.1/E6) so the key is a string
2786 * here already.
2787 */
2788
2789 if (duk__proxy_check_prop(thr, obj, DUK_STRIDX_HAS, tv_key, &h_target)) {
2790 /* [ ... key trap handler ] */
2791 DUK_DDD(DUK_DDDPRINT("-> proxy object 'has' for key %!T", (duk_tval *) tv_key));
2792 duk_push_hobject(ctx, h_target); /* target */
2793 duk_push_tval(ctx, tv_key); /* P */
2794 duk_call_method(ctx, 2 /*nargs*/);
2795 tmp_bool = duk_to_boolean(ctx, -1);
2796 if (!tmp_bool) {
2797 /* Target object must be checked for a conflicting
2798 * non-configurable property.
2799 */
2800
2801 if (duk__get_own_propdesc_raw(thr, h_target, key, arr_idx, &desc, 0 /*flags*/)) { /* don't push value */
2802 DUK_DDD(DUK_DDDPRINT("proxy 'has': target has matching property %!O, check for "
2803 "conflicting property; desc.flags=0x%08lx, "
2804 "desc.get=%p, desc.set=%p",
2805 (duk_heaphdr *) key, (unsigned long) desc.flags,
2806 (void *) desc.get, (void *) desc.set));
2807 /* XXX: Extensibility check for target uses IsExtensible(). If we
2808 * implemented the isExtensible trap and didn't reject proxies as
2809 * proxy targets, it should be respected here.
2810 */
2811 if (!((desc.flags & DUK_PROPDESC_FLAG_CONFIGURABLE) && /* property is configurable and */
2812 DUK_HOBJECT_HAS_EXTENSIBLE(h_target))) { /* ... target is extensible */
2813 DUK_ERROR_TYPE(thr, DUK_STR_PROXY_REJECTED);
2814 }
2815 }
2816 }
2817
2818 duk_pop_2(ctx); /* [ key trap_result ] -> [] */
2819 return tmp_bool;
2820 }
2821
2822 obj = h_target; /* resume check from proxy target */
2823 }
2824 #endif /* DUK_USE_ES6_PROXY */
2825
2826 /* XXX: inline into a prototype walking loop? */
2827
2828 rc = duk__get_propdesc(thr, obj, key, &desc, 0 /*flags*/); /* don't push value */
2829 /* fall through */
2830
2831 pop_and_return:
2832 duk_pop(ctx); /* [ key ] -> [] */
2833 return rc;
2834 }
2835
2836 /*
2837 * HASPROP variant used internally.
2838 *
2839 * This primitive must never throw an error, callers rely on this.
2840 * In particular, don't throw an error for prototype loops; instead,
2841 * pretend like the property doesn't exist if a prototype sanity limit
2842 * is reached.
2843 *
2844 * Does not implement proxy behavior: if applied to a proxy object,
2845 * returns key existence on the proxy object itself.
2846 */
2847
2848 DUK_INTERNAL duk_bool_t duk_hobject_hasprop_raw(duk_hthread *thr, duk_hobject *obj, duk_hstring *key) {
2849 duk_propdesc dummy;
2850
2851 DUK_ASSERT(thr != NULL);
2852 DUK_ASSERT(thr->heap != NULL);
2853 DUK_ASSERT(obj != NULL);
2854 DUK_ASSERT(key != NULL);
2855
2856 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
2857
2858 return duk__get_propdesc(thr, obj, key, &dummy, DUK_GETDESC_FLAG_IGNORE_PROTOLOOP); /* don't push value */
2859 }
2860
2861 /*
2862 * Helper: handle Array object 'length' write which automatically
2863 * deletes properties, see E5 Section 15.4.5.1, step 3. This is
2864 * quite tricky to get right.
2865 *
2866 * Used by duk_hobject_putprop().
2867 */
2868
2869 DUK_LOCAL duk_uint32_t duk__get_old_array_length(duk_hthread *thr, duk_hobject *obj, duk_propdesc *temp_desc) {
2870 duk_bool_t rc;
2871 duk_tval *tv;
2872 duk_uint32_t res;
2873
2874 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
2875
2876 /* This function is only called for objects with array exotic behavior.
2877 * The [[DefineOwnProperty]] algorithm for arrays requires that
2878 * 'length' can never have a value outside the unsigned 32-bit range,
2879 * attempt to write such a value is a RangeError. Here we can thus
2880 * assert for this. When Duktape internals go around the official
2881 * property write interface (doesn't happen often) this assumption is
2882 * easy to accidentally break, so such code must be written carefully.
2883 * See test-bi-array-push-maxlen.js.
2884 */
2885
2886 rc = duk__get_own_propdesc_raw(thr, obj, DUK_HTHREAD_STRING_LENGTH(thr), DUK__NO_ARRAY_INDEX, temp_desc, 0 /*flags*/); /* don't push value */
2887 DUK_UNREF(rc);
2888 DUK_ASSERT(rc != 0); /* arrays MUST have a 'length' property */
2889 DUK_ASSERT(temp_desc->e_idx >= 0);
2890
2891 tv = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, obj, temp_desc->e_idx);
2892 DUK_ASSERT(DUK_TVAL_IS_NUMBER(tv)); /* array 'length' is always a number, as we coerce it */
2893 DUK_ASSERT(DUK_TVAL_GET_NUMBER(tv) >= 0.0);
2894 DUK_ASSERT(DUK_TVAL_GET_NUMBER(tv) <= (double) 0xffffffffUL);
2895 DUK_ASSERT((duk_double_t) (duk_uint32_t) DUK_TVAL_GET_NUMBER(tv) == DUK_TVAL_GET_NUMBER(tv));
2896 #if defined(DUK_USE_FASTINT)
2897 /* Downgrade checks are not made everywhere, so 'length' is not always
2898 * a fastint (it is a number though). This can be removed once length
2899 * is always guaranteed to be a fastint.
2900 */
2901 DUK_ASSERT(DUK_TVAL_IS_FASTINT(tv) || DUK_TVAL_IS_DOUBLE(tv));
2902 if (DUK_TVAL_IS_FASTINT(tv)) {
2903 res = (duk_uint32_t) DUK_TVAL_GET_FASTINT_U32(tv);
2904 } else {
2905 res = (duk_uint32_t) DUK_TVAL_GET_DOUBLE(tv);
2906 }
2907 #else
2908 res = (duk_uint32_t) DUK_TVAL_GET_NUMBER(tv);
2909 #endif /* DUK_USE_FASTINT */
2910
2911 return res;
2912 }
2913
2914 DUK_LOCAL duk_uint32_t duk__to_new_array_length_checked(duk_hthread *thr) {
2915 duk_context *ctx = (duk_context *) thr;
2916 duk_uint32_t res;
2917 duk_double_t d;
2918
2919 /* Input value should be on stack top and will be coerced and
2920 * popped. Refuse to update an Array's 'length' to a value
2921 * outside the 32-bit range. Negative zero is accepted as zero.
2922 */
2923
2924 /* XXX: fastint */
2925
2926 d = duk_to_number(ctx, -1);
2927 res = (duk_uint32_t) d;
2928 if ((duk_double_t) res != d) {
2929 DUK_ERROR_RANGE(thr, DUK_STR_INVALID_ARRAY_LENGTH);
2930 }
2931 duk_pop(ctx);
2932 return res;
2933 }
2934
2935 /* Delete elements required by a smaller length, taking into account
2936 * potentially non-configurable elements. Returns non-zero if all
2937 * elements could be deleted, and zero if all or some elements could
2938 * not be deleted. Also writes final "target length" to 'out_result_len'.
2939 * This is the length value that should go into the 'length' property
2940 * (must be set by the caller). Never throws an error.
2941 */
2942 DUK_LOCAL
2943 duk_bool_t duk__handle_put_array_length_smaller(duk_hthread *thr,
2944 duk_hobject *obj,
2945 duk_uint32_t old_len,
2946 duk_uint32_t new_len,
2947 duk_bool_t force_flag,
2948 duk_uint32_t *out_result_len) {
2949 duk_uint32_t target_len;
2950 duk_uint_fast32_t i;
2951 duk_uint32_t arr_idx;
2952 duk_hstring *key;
2953 duk_tval *tv;
2954 duk_bool_t rc;
2955
2956 DUK_DDD(DUK_DDDPRINT("new array length smaller than old (%ld -> %ld), "
2957 "probably need to remove elements",
2958 (long) old_len, (long) new_len));
2959
2960 /*
2961 * New length is smaller than old length, need to delete properties above
2962 * the new length.
2963 *
2964 * If array part exists, this is straightforward: array entries cannot
2965 * be non-configurable so this is guaranteed to work.
2966 *
2967 * If array part does not exist, array-indexed values are scattered
2968 * in the entry part, and some may not be configurable (preventing length
2969 * from becoming lower than their index + 1). To handle the algorithm
2970 * in E5 Section 15.4.5.1, step l correctly, we scan the entire property
2971 * set twice.
2972 */
2973
2974 DUK_ASSERT(thr != NULL);
2975 DUK_ASSERT(obj != NULL);
2976 DUK_ASSERT(new_len < old_len);
2977 DUK_ASSERT(out_result_len != NULL);
2978 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
2979
2980 if (DUK_HOBJECT_HAS_ARRAY_PART(obj)) {
2981 /*
2982 * All defined array-indexed properties are in the array part
2983 * (we assume the array part is comprehensive), and all array
2984 * entries are writable, configurable, and enumerable. Thus,
2985 * nothing can prevent array entries from being deleted.
2986 */
2987
2988 DUK_DDD(DUK_DDDPRINT("have array part, easy case"));
2989
2990 if (old_len < DUK_HOBJECT_GET_ASIZE(obj)) {
2991 /* XXX: assertion that entries >= old_len are already unused */
2992 i = old_len;
2993 } else {
2994 i = DUK_HOBJECT_GET_ASIZE(obj);
2995 }
2996 DUK_ASSERT(i <= DUK_HOBJECT_GET_ASIZE(obj));
2997
2998 while (i > new_len) {
2999 i--;
3000 tv = DUK_HOBJECT_A_GET_VALUE_PTR(thr->heap, obj, i);
3001 DUK_TVAL_SET_UNUSED_UPDREF(thr, tv); /* side effects */
3002 }
3003
3004 *out_result_len = new_len;
3005 return 1;
3006 } else {
3007 /*
3008 * Entries part is a bit more complex
3009 */
3010
3011 /* Stage 1: find highest preventing non-configurable entry (if any).
3012 * When forcing, ignore non-configurability.
3013 */
3014
3015 DUK_DDD(DUK_DDDPRINT("no array part, slow case"));
3016
3017 DUK_DDD(DUK_DDDPRINT("array length write, no array part, stage 1: find target_len "
3018 "(highest preventing non-configurable entry (if any))"));
3019
3020 target_len = new_len;
3021 if (force_flag) {
3022 DUK_DDD(DUK_DDDPRINT("array length write, no array part; force flag -> skip stage 1"));
3023 goto skip_stage1;
3024 }
3025 for (i = 0; i < DUK_HOBJECT_GET_ENEXT(obj); i++) {
3026 key = DUK_HOBJECT_E_GET_KEY(thr->heap, obj, i);
3027 if (!key) {
3028 DUK_DDD(DUK_DDDPRINT("skip entry index %ld: null key", (long) i));
3029 continue;
3030 }
3031 if (!DUK_HSTRING_HAS_ARRIDX(key)) {
3032 DUK_DDD(DUK_DDDPRINT("skip entry index %ld: key not an array index", (long) i));
3033 continue;
3034 }
3035
3036 DUK_ASSERT(DUK_HSTRING_HAS_ARRIDX(key)); /* XXX: macro checks for array index flag, which is unnecessary here */
3037 arr_idx = DUK_HSTRING_GET_ARRIDX_SLOW(key);
3038 DUK_ASSERT(arr_idx != DUK__NO_ARRAY_INDEX);
3039 DUK_ASSERT(arr_idx < old_len); /* consistency requires this */
3040
3041 if (arr_idx < new_len) {
3042 DUK_DDD(DUK_DDDPRINT("skip entry index %ld: key is array index %ld, below new_len",
3043 (long) i, (long) arr_idx));
3044 continue;
3045 }
3046 if (DUK_HOBJECT_E_SLOT_IS_CONFIGURABLE(thr->heap, obj, i)) {
3047 DUK_DDD(DUK_DDDPRINT("skip entry index %ld: key is a relevant array index %ld, but configurable",
3048 (long) i, (long) arr_idx));
3049 continue;
3050 }
3051
3052 /* relevant array index is non-configurable, blocks write */
3053 if (arr_idx >= target_len) {
3054 DUK_DDD(DUK_DDDPRINT("entry at index %ld has arr_idx %ld, is not configurable, "
3055 "update target_len %ld -> %ld",
3056 (long) i, (long) arr_idx, (long) target_len,
3057 (long) (arr_idx + 1)));
3058 target_len = arr_idx + 1;
3059 }
3060 }
3061 skip_stage1:
3062
3063 /* stage 2: delete configurable entries above target length */
3064
3065 DUK_DDD(DUK_DDDPRINT("old_len=%ld, new_len=%ld, target_len=%ld",
3066 (long) old_len, (long) new_len, (long) target_len));
3067
3068 DUK_DDD(DUK_DDDPRINT("array length write, no array part, stage 2: remove "
3069 "entries >= target_len"));
3070
3071 for (i = 0; i < DUK_HOBJECT_GET_ENEXT(obj); i++) {
3072 key = DUK_HOBJECT_E_GET_KEY(thr->heap, obj, i);
3073 if (!key) {
3074 DUK_DDD(DUK_DDDPRINT("skip entry index %ld: null key", (long) i));
3075 continue;
3076 }
3077 if (!DUK_HSTRING_HAS_ARRIDX(key)) {
3078 DUK_DDD(DUK_DDDPRINT("skip entry index %ld: key not an array index", (long) i));
3079 continue;
3080 }
3081
3082 DUK_ASSERT(DUK_HSTRING_HAS_ARRIDX(key)); /* XXX: macro checks for array index flag, which is unnecessary here */
3083 arr_idx = DUK_HSTRING_GET_ARRIDX_SLOW(key);
3084 DUK_ASSERT(arr_idx != DUK__NO_ARRAY_INDEX);
3085 DUK_ASSERT(arr_idx < old_len); /* consistency requires this */
3086
3087 if (arr_idx < target_len) {
3088 DUK_DDD(DUK_DDDPRINT("skip entry index %ld: key is array index %ld, below target_len",
3089 (long) i, (long) arr_idx));
3090 continue;
3091 }
3092 DUK_ASSERT(force_flag || DUK_HOBJECT_E_SLOT_IS_CONFIGURABLE(thr->heap, obj, i)); /* stage 1 guarantees */
3093
3094 DUK_DDD(DUK_DDDPRINT("delete entry index %ld: key is array index %ld",
3095 (long) i, (long) arr_idx));
3096
3097 /*
3098 * Slow delete, but we don't care as we're already in a very slow path.
3099 * The delete always succeeds: key has no exotic behavior, property
3100 * is configurable, and no resize occurs.
3101 */
3102 rc = duk_hobject_delprop_raw(thr, obj, key, force_flag ? DUK_DELPROP_FLAG_FORCE : 0);
3103 DUK_UNREF(rc);
3104 DUK_ASSERT(rc != 0);
3105 }
3106
3107 /* stage 3: update length (done by caller), decide return code */
3108
3109 DUK_DDD(DUK_DDDPRINT("array length write, no array part, stage 3: update length (done by caller)"));
3110
3111 *out_result_len = target_len;
3112
3113 if (target_len == new_len) {
3114 DUK_DDD(DUK_DDDPRINT("target_len matches new_len, return success"));
3115 return 1;
3116 }
3117 DUK_DDD(DUK_DDDPRINT("target_len does not match new_len (some entry prevented "
3118 "full length adjustment), return error"));
3119 return 0;
3120 }
3121
3122 DUK_UNREACHABLE();
3123 }
3124
3125 /* XXX: is valstack top best place for argument? */
3126 DUK_LOCAL duk_bool_t duk__handle_put_array_length(duk_hthread *thr, duk_hobject *obj) {
3127 duk_context *ctx = (duk_context *) thr;
3128 duk_propdesc desc;
3129 duk_uint32_t old_len;
3130 duk_uint32_t new_len;
3131 duk_uint32_t result_len;
3132 duk_tval *tv;
3133 duk_bool_t rc;
3134
3135 DUK_DDD(DUK_DDDPRINT("handling a put operation to array 'length' exotic property, "
3136 "new val: %!T",
3137 (duk_tval *) duk_get_tval(ctx, -1)));
3138
3139 DUK_ASSERT(thr != NULL);
3140 DUK_ASSERT(ctx != NULL);
3141 DUK_ASSERT(obj != NULL);
3142
3143 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
3144
3145 DUK_ASSERT(duk_is_valid_index(ctx, -1));
3146
3147 /*
3148 * Get old and new length
3149 */
3150
3151 old_len = duk__get_old_array_length(thr, obj, &desc);
3152 duk_dup(ctx, -1); /* [in_val in_val] */
3153 new_len = duk__to_new_array_length_checked(thr); /* -> [in_val] */
3154 DUK_DDD(DUK_DDDPRINT("old_len=%ld, new_len=%ld", (long) old_len, (long) new_len));
3155
3156 /*
3157 * Writability check
3158 */
3159
3160 if (!(desc.flags & DUK_PROPDESC_FLAG_WRITABLE)) {
3161 DUK_DDD(DUK_DDDPRINT("length is not writable, fail"));
3162 return 0;
3163 }
3164
3165 /*
3166 * New length not lower than old length => no changes needed
3167 * (not even array allocation).
3168 */
3169
3170 if (new_len >= old_len) {
3171 DUK_DDD(DUK_DDDPRINT("new length is higher than old length, just update length, no deletions"));
3172
3173 DUK_ASSERT(desc.e_idx >= 0);
3174 DUK_ASSERT(!DUK_HOBJECT_E_SLOT_IS_ACCESSOR(thr->heap, obj, desc.e_idx));
3175 tv = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, obj, desc.e_idx);
3176 DUK_ASSERT(DUK_TVAL_IS_NUMBER(tv));
3177 /* no decref needed for a number */
3178 DUK_TVAL_SET_FASTINT_U32(tv, new_len);
3179 DUK_ASSERT(DUK_TVAL_IS_NUMBER(tv));
3180 return 1;
3181 }
3182
3183 DUK_DDD(DUK_DDDPRINT("new length is lower than old length, probably must delete entries"));
3184
3185 /*
3186 * New length lower than old length => delete elements, then
3187 * update length.
3188 *
3189 * Note: even though a bunch of elements have been deleted, the 'desc' is
3190 * still valid as properties haven't been resized (and entries compacted).
3191 */
3192
3193 rc = duk__handle_put_array_length_smaller(thr, obj, old_len, new_len, 0 /*force_flag*/, &result_len);
3194 DUK_ASSERT(result_len >= new_len && result_len <= old_len);
3195
3196 DUK_ASSERT(desc.e_idx >= 0);
3197 DUK_ASSERT(!DUK_HOBJECT_E_SLOT_IS_ACCESSOR(thr->heap, obj, desc.e_idx));
3198 tv = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, obj, desc.e_idx);
3199 DUK_ASSERT(DUK_TVAL_IS_NUMBER(tv));
3200 /* no decref needed for a number */
3201 DUK_TVAL_SET_FASTINT_U32(tv, result_len);
3202 DUK_ASSERT(DUK_TVAL_IS_NUMBER(tv));
3203
3204 /* XXX: shrink array allocation or entries compaction here? */
3205
3206 return rc;
3207 }
3208
3209 /*
3210 * PUTPROP: Ecmascript property write.
3211 *
3212 * Unlike Ecmascript primitive which returns nothing, returns 1 to indicate
3213 * success and 0 to indicate failure (assuming throw is not set).
3214 *
3215 * This is an extremely tricky function. Some examples:
3216 *
3217 * * Currently a decref may trigger a GC, which may compact an object's
3218 * property allocation. Consequently, any entry indices (e_idx) will
3219 * be potentially invalidated by a decref.
3220 *
3221 * * Exotic behaviors (strings, arrays, arguments object) require,
3222 * among other things:
3223 *
3224 * - Preprocessing before and postprocessing after an actual property
3225 * write. For example, array index write requires pre-checking the
3226 * array 'length' property for access control, and may require an
3227 * array 'length' update after the actual write has succeeded (but
3228 * not if it fails).
3229 *
3230 * - Deletion of multiple entries, as a result of array 'length' write.
3231 *
3232 * * Input values are taken as pointers which may point to the valstack.
3233 * If valstack is resized because of the put (this may happen at least
3234 * when the array part is abandoned), the pointers can be invalidated.
3235 * (We currently make a copy of all of the input values to avoid issues.)
3236 */
3237
3238 DUK_INTERNAL duk_bool_t duk_hobject_putprop(duk_hthread *thr, duk_tval *tv_obj, duk_tval *tv_key, duk_tval *tv_val, duk_bool_t throw_flag) {
3239 duk_context *ctx = (duk_context *) thr;
3240 duk_tval tv_obj_copy;
3241 duk_tval tv_key_copy;
3242 duk_tval tv_val_copy;
3243 duk_hobject *orig = NULL; /* NULL if tv_obj is primitive */
3244 duk_hobject *curr;
3245 duk_hstring *key = NULL;
3246 duk_propdesc desc;
3247 duk_tval *tv;
3248 duk_uint32_t arr_idx;
3249 duk_bool_t rc;
3250 duk_int_t e_idx;
3251 duk_uint_t sanity;
3252 duk_uint32_t new_array_length = 0; /* 0 = no update */
3253
3254 DUK_DDD(DUK_DDDPRINT("putprop: thr=%p, obj=%p, key=%p, val=%p, throw=%ld "
3255 "(obj -> %!T, key -> %!T, val -> %!T)",
3256 (void *) thr, (void *) tv_obj, (void *) tv_key, (void *) tv_val,
3257 (long) throw_flag, (duk_tval *) tv_obj, (duk_tval *) tv_key, (duk_tval *) tv_val));
3258
3259 DUK_ASSERT(thr != NULL);
3260 DUK_ASSERT(thr->heap != NULL);
3261 DUK_ASSERT(ctx != NULL);
3262 DUK_ASSERT(tv_obj != NULL);
3263 DUK_ASSERT(tv_key != NULL);
3264 DUK_ASSERT(tv_val != NULL);
3265
3266 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
3267
3268 /*
3269 * Make a copy of tv_obj, tv_key, and tv_val to avoid any issues of
3270 * them being invalidated by a valstack resize.
3271 *
3272 * XXX: this is an overkill for some paths, so optimize this later
3273 * (or maybe switch to a stack arguments model entirely).
3274 */
3275
3276 DUK_TVAL_SET_TVAL(&tv_obj_copy, tv_obj);
3277 DUK_TVAL_SET_TVAL(&tv_key_copy, tv_key);
3278 DUK_TVAL_SET_TVAL(&tv_val_copy, tv_val);
3279 tv_obj = &tv_obj_copy;
3280 tv_key = &tv_key_copy;
3281 tv_val = &tv_val_copy;
3282
3283 /*
3284 * Coercion and fast path processing.
3285 */
3286
3287 switch (DUK_TVAL_GET_TAG(tv_obj)) {
3288 case DUK_TAG_UNDEFINED:
3289 case DUK_TAG_NULL: {
3290 /* Note: unconditional throw */
3291 DUK_DDD(DUK_DDDPRINT("base object is undefined or null -> reject (object=%!iT)",
3292 (duk_tval *) tv_obj));
3293 #if defined(DUK_USE_PARANOID_ERRORS)
3294 DUK_ERROR_TYPE(thr, DUK_STR_INVALID_BASE);
3295 #else
3296 DUK_ERROR_FMT2(thr, DUK_ERR_TYPE_ERROR, "cannot write property %s of %s",
3297 duk_push_string_tval_readable(ctx, tv_key), duk_push_string_tval_readable(ctx, tv_obj));
3298 #endif
3299 return 0;
3300 }
3301
3302 case DUK_TAG_BOOLEAN: {
3303 DUK_DDD(DUK_DDDPRINT("base object is a boolean, start lookup from boolean prototype"));
3304 curr = thr->builtins[DUK_BIDX_BOOLEAN_PROTOTYPE];
3305 break;
3306 }
3307
3308 case DUK_TAG_STRING: {
3309 duk_hstring *h = DUK_TVAL_GET_STRING(tv_obj);
3310
3311 /*
3312 * Note: currently no fast path for array index writes.
3313 * They won't be possible anyway as strings are immutable.
3314 */
3315
3316 DUK_ASSERT(key == NULL);
3317 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
3318 DUK_ASSERT(key != NULL);
3319
3320 if (key == DUK_HTHREAD_STRING_LENGTH(thr)) {
3321 goto fail_not_writable;
3322 }
3323
3324 if (arr_idx != DUK__NO_ARRAY_INDEX &&
3325 arr_idx < DUK_HSTRING_GET_CHARLEN(h)) {
3326 goto fail_not_writable;
3327 }
3328
3329 DUK_DDD(DUK_DDDPRINT("base object is a string, start lookup from string prototype"));
3330 curr = thr->builtins[DUK_BIDX_STRING_PROTOTYPE];
3331 goto lookup; /* avoid double coercion */
3332 }
3333
3334 case DUK_TAG_OBJECT: {
3335 orig = DUK_TVAL_GET_OBJECT(tv_obj);
3336 DUK_ASSERT(orig != NULL);
3337
3338 #if defined(DUK_USE_ROM_OBJECTS)
3339 /* With this check in place fast paths won't need read-only
3340 * object checks. This is technically incorrect if there are
3341 * setters that cause no writes to ROM objects, but current
3342 * built-ins don't have such setters.
3343 */
3344 if (DUK_HEAPHDR_HAS_READONLY((duk_heaphdr *) orig)) {
3345 DUK_DD(DUK_DDPRINT("attempt to putprop on read-only target object"));
3346 goto fail_not_writable_no_pop; /* Must avoid duk_pop() in exit path */
3347 }
3348 #endif
3349
3350 /* The fast path for array property put is not fully compliant:
3351 * If one places conflicting number-indexed properties into
3352 * Array.prototype (for example, a non-writable Array.prototype[7])
3353 * the fast path will incorrectly ignore them.
3354 *
3355 * This fast path could be made compliant by falling through
3356 * to the slow path if the previous value was UNUSED. This would
3357 * also remove the need to check for extensibility. Right now a
3358 * non-extensible array is slower than an extensible one as far
3359 * as writes are concerned.
3360 *
3361 * The fast path behavior is documented in more detail here:
3362 * tests/ecmascript/test-misc-array-fast-write.js
3363 */
3364
3365 if (duk__putprop_shallow_fastpath_array_tval(thr, orig, tv_key, tv_val, &desc) != 0) {
3366 DUK_DDD(DUK_DDDPRINT("array fast path success"));
3367 return 1;
3368 }
3369
3370 if (duk__putprop_fastpath_bufobj_tval(thr, orig, tv_key, tv_val) != 0) {
3371 DUK_DDD(DUK_DDDPRINT("base is bufobj, key is a number, bufferobject fast path"));
3372 return 1;
3373 }
3374
3375 #if defined(DUK_USE_ES6_PROXY)
3376 if (DUK_UNLIKELY(DUK_HOBJECT_HAS_EXOTIC_PROXYOBJ(orig))) {
3377 duk_hobject *h_target;
3378 duk_bool_t tmp_bool;
3379
3380 if (duk__proxy_check_prop(thr, orig, DUK_STRIDX_SET, tv_key, &h_target)) {
3381 /* -> [ ... trap handler ] */
3382 DUK_DDD(DUK_DDDPRINT("-> proxy object 'set' for key %!T", (duk_tval *) tv_key));
3383 duk_push_hobject(ctx, h_target); /* target */
3384 duk_push_tval(ctx, tv_key); /* P */
3385 duk_push_tval(ctx, tv_val); /* V */
3386 duk_push_tval(ctx, tv_obj); /* Receiver: Proxy object */
3387 duk_call_method(ctx, 4 /*nargs*/);
3388 tmp_bool = duk_to_boolean(ctx, -1);
3389 duk_pop(ctx);
3390 if (!tmp_bool) {
3391 goto fail_proxy_rejected;
3392 }
3393
3394 /* Target object must be checked for a conflicting
3395 * non-configurable property.
3396 */
3397 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
3398 DUK_ASSERT(key != NULL);
3399
3400 if (duk__get_own_propdesc_raw(thr, h_target, key, arr_idx, &desc, DUK_GETDESC_FLAG_PUSH_VALUE)) {
3401 duk_tval *tv_targ = duk_require_tval(ctx, -1);
3402 duk_bool_t datadesc_reject;
3403 duk_bool_t accdesc_reject;
3404
3405 DUK_DDD(DUK_DDDPRINT("proxy 'set': target has matching property %!O, check for "
3406 "conflicting property; tv_val=%!T, tv_targ=%!T, desc.flags=0x%08lx, "
3407 "desc.get=%p, desc.set=%p",
3408 (duk_heaphdr *) key, (duk_tval *) tv_val, (duk_tval *) tv_targ,
3409 (unsigned long) desc.flags,
3410 (void *) desc.get, (void *) desc.set));
3411
3412 datadesc_reject = !(desc.flags & DUK_PROPDESC_FLAG_ACCESSOR) &&
3413 !(desc.flags & DUK_PROPDESC_FLAG_CONFIGURABLE) &&
3414 !(desc.flags & DUK_PROPDESC_FLAG_WRITABLE) &&
3415 !duk_js_samevalue(tv_val, tv_targ);
3416 accdesc_reject = (desc.flags & DUK_PROPDESC_FLAG_ACCESSOR) &&
3417 !(desc.flags & DUK_PROPDESC_FLAG_CONFIGURABLE) &&
3418 (desc.set == NULL);
3419 if (datadesc_reject || accdesc_reject) {
3420 DUK_ERROR_TYPE(thr, DUK_STR_PROXY_REJECTED);
3421 }
3422
3423 duk_pop_2(ctx);
3424 } else {
3425 duk_pop(ctx);
3426 }
3427 return 1; /* success */
3428 }
3429
3430 orig = h_target; /* resume write to target */
3431 DUK_TVAL_SET_OBJECT(tv_obj, orig);
3432 }
3433 #endif /* DUK_USE_ES6_PROXY */
3434
3435 curr = orig;
3436 break;
3437 }
3438
3439 case DUK_TAG_BUFFER: {
3440 duk_hbuffer *h = DUK_TVAL_GET_BUFFER(tv_obj);
3441 duk_int_t pop_count = 0;
3442
3443 /*
3444 * Because buffer values may be looped over and read/written
3445 * from, an array index fast path is important.
3446 */
3447
3448 #if defined(DUK_USE_FASTINT)
3449 if (DUK_TVAL_IS_FASTINT(tv_key)) {
3450 arr_idx = duk__tval_fastint_to_arr_idx(tv_key);
3451 DUK_DDD(DUK_DDDPRINT("base object buffer, key is a fast-path fastint; arr_idx %ld", (long) arr_idx));
3452 pop_count = 0;
3453 } else
3454 #endif
3455 if (DUK_TVAL_IS_NUMBER(tv_key)) {
3456 arr_idx = duk__tval_number_to_arr_idx(tv_key);
3457 DUK_DDD(DUK_DDDPRINT("base object buffer, key is a fast-path number; arr_idx %ld", (long) arr_idx));
3458 pop_count = 0;
3459 } else {
3460 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
3461 DUK_ASSERT(key != NULL);
3462 DUK_DDD(DUK_DDDPRINT("base object buffer, key is a non-fast-path number; after "
3463 "coercion key is %!T, arr_idx %ld",
3464 (duk_tval *) duk_get_tval(ctx, -1), (long) arr_idx));
3465 pop_count = 1;
3466 }
3467
3468 if (arr_idx != DUK__NO_ARRAY_INDEX &&
3469 arr_idx < DUK_HBUFFER_GET_SIZE(h)) {
3470 duk_uint8_t *data;
3471 DUK_DDD(DUK_DDDPRINT("writing to buffer data at index %ld", (long) arr_idx));
3472 data = (duk_uint8_t *) DUK_HBUFFER_GET_DATA_PTR(thr->heap, h);
3473
3474 /* XXX: duk_to_int() ensures we'll get 8 lowest bits as
3475 * as input is within duk_int_t range (capped outside it).
3476 */
3477 #if defined(DUK_USE_FASTINT)
3478 /* Buffer writes are often integers. */
3479 if (DUK_TVAL_IS_FASTINT(tv_val)) {
3480 data[arr_idx] = (duk_uint8_t) DUK_TVAL_GET_FASTINT_U32(tv_val);
3481 }
3482 else
3483 #endif
3484 {
3485 duk_push_tval(ctx, tv_val);
3486 data[arr_idx] = (duk_uint8_t) duk_to_uint32(ctx, -1);
3487 pop_count++;
3488 }
3489
3490 duk_pop_n(ctx, pop_count);
3491 DUK_DDD(DUK_DDDPRINT("result: success (buffer data write)"));
3492 return 1;
3493 }
3494
3495 if (pop_count == 0) {
3496 /* This is a pretty awkward control flow, but we need to recheck the
3497 * key coercion here.
3498 */
3499 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
3500 DUK_ASSERT(key != NULL);
3501 DUK_DDD(DUK_DDDPRINT("base object buffer, key is a non-fast-path number; after "
3502 "coercion key is %!T, arr_idx %ld",
3503 (duk_tval *) duk_get_tval(ctx, -1), (long) arr_idx));
3504 }
3505
3506 if (key == DUK_HTHREAD_STRING_LENGTH(thr) ||
3507 key == DUK_HTHREAD_STRING_BYTE_LENGTH(thr) ||
3508 key == DUK_HTHREAD_STRING_BYTE_OFFSET(thr) ||
3509 key == DUK_HTHREAD_STRING_BYTES_PER_ELEMENT(thr)) {
3510 goto fail_not_writable;
3511 }
3512
3513 DUK_DDD(DUK_DDDPRINT("base object is a buffer, start lookup from buffer prototype"));
3514 curr = thr->builtins[DUK_BIDX_BUFFER_PROTOTYPE];
3515 goto lookup; /* avoid double coercion */
3516 }
3517
3518 case DUK_TAG_POINTER: {
3519 DUK_DDD(DUK_DDDPRINT("base object is a pointer, start lookup from pointer prototype"));
3520 curr = thr->builtins[DUK_BIDX_POINTER_PROTOTYPE];
3521 break;
3522 }
3523
3524 case DUK_TAG_LIGHTFUNC: {
3525 /* All lightfunc own properties are non-writable and the lightfunc
3526 * is considered non-extensible. However, the write may be captured
3527 * by an inherited setter which means we can't stop the lookup here.
3528 */
3529
3530 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
3531
3532 if (duk__key_is_lightfunc_ownprop(thr, key)) {
3533 goto fail_not_writable;
3534 }
3535
3536 DUK_DDD(DUK_DDDPRINT("base object is a lightfunc, start lookup from function prototype"));
3537 curr = thr->builtins[DUK_BIDX_FUNCTION_PROTOTYPE];
3538 goto lookup; /* avoid double coercion */
3539 }
3540
3541 #if defined(DUK_USE_FASTINT)
3542 case DUK_TAG_FASTINT:
3543 #endif
3544 default: {
3545 /* number */
3546 DUK_DDD(DUK_DDDPRINT("base object is a number, start lookup from number prototype"));
3547 DUK_ASSERT(DUK_TVAL_IS_NUMBER(tv_obj));
3548 curr = thr->builtins[DUK_BIDX_NUMBER_PROTOTYPE];
3549 break;
3550 }
3551 }
3552
3553 DUK_ASSERT(key == NULL);
3554 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
3555 DUK_ASSERT(key != NULL);
3556
3557 lookup:
3558
3559 /*
3560 * Check whether the property already exists in the prototype chain.
3561 * Note that the actual write goes into the original base object
3562 * (except if an accessor property captures the write).
3563 */
3564
3565 /* [key] */
3566
3567 DUK_ASSERT(curr != NULL);
3568 sanity = DUK_HOBJECT_PROTOTYPE_CHAIN_SANITY;
3569 do {
3570 if (!duk__get_own_propdesc_raw(thr, curr, key, arr_idx, &desc, 0 /*flags*/)) { /* don't push value */
3571 goto next_in_chain;
3572 }
3573
3574 if (desc.flags & DUK_PROPDESC_FLAG_ACCESSOR) {
3575 /*
3576 * Found existing accessor property (own or inherited).
3577 * Call setter with 'this' set to orig, and value as the only argument.
3578 * Setter calls are OK even for ROM objects.
3579 *
3580 * Note: no exotic arguments object behavior, because [[Put]] never
3581 * calls [[DefineOwnProperty]] (E5 Section 8.12.5, step 5.b).
3582 */
3583
3584 duk_hobject *setter;
3585
3586 DUK_DD(DUK_DDPRINT("put to an own or inherited accessor, calling setter"));
3587
3588 setter = DUK_HOBJECT_E_GET_VALUE_SETTER(thr->heap, curr, desc.e_idx);
3589 if (!setter) {
3590 goto fail_no_setter;
3591 }
3592 duk_push_hobject(ctx, setter);
3593 duk_push_tval(ctx, tv_obj); /* note: original, uncoerced base */
3594 duk_push_tval(ctx, tv_val); /* [key setter this val] */
3595 #ifdef DUK_USE_NONSTD_SETTER_KEY_ARGUMENT
3596 duk_dup(ctx, -4);
3597 duk_call_method(ctx, 2); /* [key setter this val key] -> [key retval] */
3598 #else
3599 duk_call_method(ctx, 1); /* [key setter this val] -> [key retval] */
3600 #endif
3601 duk_pop(ctx); /* ignore retval -> [key] */
3602 goto success_no_arguments_exotic;
3603 }
3604
3605 if (orig == NULL) {
3606 /*
3607 * Found existing own or inherited plain property, but original
3608 * base is a primitive value.
3609 */
3610 DUK_DD(DUK_DDPRINT("attempt to create a new property in a primitive base object"));
3611 goto fail_base_primitive;
3612 }
3613
3614 if (curr != orig) {
3615 /*
3616 * Found existing inherited plain property.
3617 * Do an access control check, and if OK, write
3618 * new property to 'orig'.
3619 */
3620 if (!DUK_HOBJECT_HAS_EXTENSIBLE(orig)) {
3621 DUK_DD(DUK_DDPRINT("found existing inherited plain property, but original object is not extensible"));
3622 goto fail_not_extensible;
3623 }
3624 if (!(desc.flags & DUK_PROPDESC_FLAG_WRITABLE)) {
3625 DUK_DD(DUK_DDPRINT("found existing inherited plain property, original object is extensible, but inherited property is not writable"));
3626 goto fail_not_writable;
3627 }
3628 DUK_DD(DUK_DDPRINT("put to new property, object extensible, inherited property found and is writable"));
3629 goto create_new;
3630 } else {
3631 /*
3632 * Found existing own (non-inherited) plain property.
3633 * Do an access control check and update in place.
3634 */
3635
3636 if (!(desc.flags & DUK_PROPDESC_FLAG_WRITABLE)) {
3637 DUK_DD(DUK_DDPRINT("found existing own (non-inherited) plain property, but property is not writable"));
3638 goto fail_not_writable;
3639 }
3640 if (desc.flags & DUK_PROPDESC_FLAG_VIRTUAL) {
3641 DUK_DD(DUK_DDPRINT("found existing own (non-inherited) virtual property, property is writable"));
3642 if (DUK_HOBJECT_IS_BUFFEROBJECT(curr)) {
3643 duk_hbufferobject *h_bufobj;
3644 duk_uint_t byte_off;
3645 duk_small_uint_t elem_size;
3646
3647 h_bufobj = (duk_hbufferobject *) curr;
3648 DUK_ASSERT_HBUFFEROBJECT_VALID(h_bufobj);
3649
3650 DUK_DD(DUK_DDPRINT("writable virtual property is in buffer object"));
3651
3652 /* Careful with wrapping: arr_idx upshift may easily wrap, whereas
3653 * length downshift won't.
3654 */
3655 if (arr_idx < (h_bufobj->length >> h_bufobj->shift)) {
3656 duk_uint8_t *data;
3657 DUK_DDD(DUK_DDDPRINT("writing to buffer data at index %ld", (long) arr_idx));
3658
3659 DUK_ASSERT(arr_idx != DUK__NO_ARRAY_INDEX); /* index/length check guarantees */
3660 byte_off = arr_idx << h_bufobj->shift; /* no wrap assuming h_bufobj->length is valid */
3661 elem_size = 1 << h_bufobj->shift;
3662
3663 /* Coerce to number before validating pointers etc so that the
3664 * number coercions in duk_hbufferobject_validated_write() are
3665 * guaranteed to be side effect free and not invalidate the
3666 * pointer checks we do here.
3667 */
3668 duk_push_tval(ctx, tv_val);
3669 duk_to_number(ctx, -1);
3670
3671 if (h_bufobj->buf != NULL && DUK_HBUFFEROBJECT_VALID_BYTEOFFSET_EXCL(h_bufobj, byte_off + elem_size)) {
3672 data = (duk_uint8_t *) DUK_HBUFFER_GET_DATA_PTR(thr->heap, h_bufobj->buf) + h_bufobj->offset + byte_off;
3673 duk_hbufferobject_validated_write(ctx, h_bufobj, data, elem_size);
3674 } else {
3675 DUK_D(DUK_DPRINT("bufferobject access out of underlying buffer, ignoring (write skipped)"));
3676 }
3677 duk_pop(ctx);
3678 goto success_no_arguments_exotic;
3679 }
3680 }
3681
3682 goto fail_internal; /* should not happen */
3683 }
3684 DUK_DD(DUK_DDPRINT("put to existing own plain property, property is writable"));
3685 goto update_old;
3686 }
3687 DUK_UNREACHABLE();
3688
3689 next_in_chain:
3690 /* XXX: option to pretend property doesn't exist if sanity limit is
3691 * hit might be useful.
3692 */
3693 if (sanity-- == 0) {
3694 DUK_ERROR_RANGE(thr, DUK_STR_PROTOTYPE_CHAIN_LIMIT);
3695 }
3696 curr = DUK_HOBJECT_GET_PROTOTYPE(thr->heap, curr);
3697 } while (curr);
3698
3699 /*
3700 * Property not found in prototype chain.
3701 */
3702
3703 DUK_DDD(DUK_DDDPRINT("property not found in prototype chain"));
3704
3705 if (orig == NULL) {
3706 DUK_DD(DUK_DDPRINT("attempt to create a new property in a primitive base object"));
3707 goto fail_base_primitive;
3708 }
3709
3710 if (!DUK_HOBJECT_HAS_EXTENSIBLE(orig)) {
3711 DUK_DD(DUK_DDPRINT("put to a new property (not found in prototype chain), but original object not extensible"));
3712 goto fail_not_extensible;
3713 }
3714
3715 goto create_new;
3716
3717 update_old:
3718
3719 /*
3720 * Update an existing property of the base object.
3721 */
3722
3723 /* [key] */
3724
3725 DUK_DDD(DUK_DDDPRINT("update an existing property of the original object"));
3726
3727 DUK_ASSERT(orig != NULL);
3728 #if defined(DUK_USE_ROM_OBJECTS)
3729 /* This should not happen because DUK_TAG_OBJECT case checks
3730 * for this already, but check just in case.
3731 */
3732 if (DUK_HEAPHDR_HAS_READONLY((duk_heaphdr *) orig)) {
3733 goto fail_not_writable;
3734 }
3735 #endif
3736
3737 /* Although there are writable virtual properties (e.g. plain buffer
3738 * and buffer object number indices), they are handled before we come
3739 * here.
3740 */
3741 DUK_ASSERT((desc.flags & DUK_PROPDESC_FLAG_VIRTUAL) == 0);
3742 DUK_ASSERT(desc.a_idx >= 0 || desc.e_idx >= 0);
3743
3744 if (DUK_HOBJECT_HAS_EXOTIC_ARRAY(orig) &&
3745 key == DUK_HTHREAD_STRING_LENGTH(thr)) {
3746 /*
3747 * Write to 'length' of an array is a very complex case
3748 * handled in a helper which updates both the array elements
3749 * and writes the new 'length'. The write may result in an
3750 * unconditional RangeError or a partial write (indicated
3751 * by a return code).
3752 *
3753 * Note: the helper has an unnecessary writability check
3754 * for 'length', we already know it is writable.
3755 */
3756
3757 DUK_DDD(DUK_DDDPRINT("writing existing 'length' property to array exotic, invoke complex helper"));
3758
3759 /* XXX: the helper currently assumes stack top contains new
3760 * 'length' value and the whole calling convention is not very
3761 * compatible with what we need.
3762 */
3763
3764 duk_push_tval(ctx, tv_val); /* [key val] */
3765 rc = duk__handle_put_array_length(thr, orig);
3766 duk_pop(ctx); /* [key val] -> [key] */
3767 if (!rc) {
3768 goto fail_array_length_partial;
3769 }
3770
3771 /* key is 'length', cannot match argument exotic behavior */
3772 goto success_no_arguments_exotic;
3773 }
3774
3775 if (desc.e_idx >= 0) {
3776 tv = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, orig, desc.e_idx);
3777 DUK_DDD(DUK_DDDPRINT("previous entry value: %!iT", (duk_tval *) tv));
3778 DUK_TVAL_SET_TVAL_UPDREF(thr, tv, tv_val); /* side effects */
3779 /* don't touch property attributes or hash part */
3780 DUK_DD(DUK_DDPRINT("put to an existing entry at index %ld -> new value %!iT",
3781 (long) desc.e_idx, (duk_tval *) tv));
3782 } else {
3783 /* Note: array entries are always writable, so the writability check
3784 * above is pointless for them. The check could be avoided with some
3785 * refactoring but is probably not worth it.
3786 */
3787
3788 DUK_ASSERT(desc.a_idx >= 0);
3789 tv = DUK_HOBJECT_A_GET_VALUE_PTR(thr->heap, orig, desc.a_idx);
3790 DUK_DDD(DUK_DDDPRINT("previous array value: %!iT", (duk_tval *) tv));
3791 DUK_TVAL_SET_TVAL_UPDREF(thr, tv, tv_val); /* side effects */
3792 DUK_DD(DUK_DDPRINT("put to an existing array entry at index %ld -> new value %!iT",
3793 (long) desc.a_idx, (duk_tval *) tv));
3794 }
3795
3796 /* Regardless of whether property is found in entry or array part,
3797 * it may have arguments exotic behavior (array indices may reside
3798 * in entry part for abandoned / non-existent array parts).
3799 */
3800 goto success_with_arguments_exotic;
3801
3802 create_new:
3803
3804 /*
3805 * Create a new property in the original object.
3806 *
3807 * Exotic properties need to be reconsidered here from a write
3808 * perspective (not just property attributes perspective).
3809 * However, the property does not exist in the object already,
3810 * so this limits the kind of exotic properties that apply.
3811 */
3812
3813 /* [key] */
3814
3815 DUK_DDD(DUK_DDDPRINT("create new property to original object"));
3816
3817 DUK_ASSERT(orig != NULL);
3818
3819 #if defined(DUK_USE_ROM_OBJECTS)
3820 /* This should not happen because DUK_TAG_OBJECT case checks
3821 * for this already, but check just in case.
3822 */
3823 if (DUK_HEAPHDR_HAS_READONLY((duk_heaphdr *) orig)) {
3824 goto fail_not_writable;
3825 }
3826 #endif
3827
3828 /* Not possible because array object 'length' is present
3829 * from its creation and cannot be deleted, and is thus
3830 * caught as an existing property above.
3831 */
3832 DUK_ASSERT(!(DUK_HOBJECT_HAS_EXOTIC_ARRAY(orig) &&
3833 key == DUK_HTHREAD_STRING_LENGTH(thr)));
3834
3835 if (DUK_HOBJECT_HAS_EXOTIC_ARRAY(orig) &&
3836 arr_idx != DUK__NO_ARRAY_INDEX) {
3837 /* automatic length update */
3838 duk_uint32_t old_len;
3839
3840 old_len = duk__get_old_array_length(thr, orig, &desc);
3841
3842 if (arr_idx >= old_len) {
3843 DUK_DDD(DUK_DDDPRINT("write new array entry requires length update "
3844 "(arr_idx=%ld, old_len=%ld)",
3845 (long) arr_idx, (long) old_len));
3846
3847 if (!(desc.flags & DUK_PROPDESC_FLAG_WRITABLE)) {
3848 DUK_DD(DUK_DDPRINT("attempt to extend array, but array 'length' is not writable"));
3849 goto fail_not_writable;
3850 }
3851
3852 /* Note: actual update happens once write has been completed
3853 * without error below. The write should always succeed
3854 * from a specification viewpoint, but we may e.g. run out
3855 * of memory. It's safer in this order.
3856 */
3857
3858 DUK_ASSERT(arr_idx != 0xffffffffUL);
3859 new_array_length = arr_idx + 1; /* flag for later write */
3860 } else {
3861 DUK_DDD(DUK_DDDPRINT("write new array entry does not require length update "
3862 "(arr_idx=%ld, old_len=%ld)",
3863 (long) arr_idx, (long) old_len));
3864 }
3865 }
3866
3867 /* write_to_array_part: */
3868
3869 /*
3870 * Write to array part?
3871 *
3872 * Note: array abandonding requires a property resize which uses
3873 * 'rechecks' valstack for temporaries and may cause any existing
3874 * valstack pointers to be invalidated. To protect against this,
3875 * tv_obj, tv_key, and tv_val are copies of the original inputs.
3876 */
3877
3878 if (arr_idx != DUK__NO_ARRAY_INDEX &&
3879 DUK_HOBJECT_HAS_ARRAY_PART(orig)) {
3880 if (arr_idx < DUK_HOBJECT_GET_ASIZE(orig)) {
3881 goto no_array_growth;
3882 }
3883
3884 /*
3885 * Array needs to grow, but we don't want it becoming too sparse.
3886 * If it were to become sparse, abandon array part, moving all
3887 * array entries into the entries part (for good).
3888 *
3889 * Since we don't keep track of actual density (used vs. size) of
3890 * the array part, we need to estimate somehow. The check is made
3891 * in two parts:
3892 *
3893 * - Check whether the resize need is small compared to the
3894 * current size (relatively); if so, resize without further
3895 * checking (essentially we assume that the original part is
3896 * "dense" so that the result would be dense enough).
3897 *
3898 * - Otherwise, compute the resize using an actual density
3899 * measurement based on counting the used array entries.
3900 */
3901
3902 DUK_DDD(DUK_DDDPRINT("write to new array requires array resize, decide whether to do a "
3903 "fast resize without abandon check (arr_idx=%ld, old_size=%ld)",
3904 (long) arr_idx, (long) DUK_HOBJECT_GET_ASIZE(orig)));
3905
3906 if (duk__abandon_array_slow_check_required(arr_idx, DUK_HOBJECT_GET_ASIZE(orig))) {
3907 duk_uint32_t old_used;
3908 duk_uint32_t old_size;
3909
3910 DUK_DDD(DUK_DDDPRINT("=> fast check is NOT OK, do slow check for array abandon"));
3911
3912 duk__compute_a_stats(thr, orig, &old_used, &old_size);
3913
3914 DUK_DDD(DUK_DDDPRINT("abandon check, array stats: old_used=%ld, old_size=%ld, arr_idx=%ld",
3915 (long) old_used, (long) old_size, (long) arr_idx));
3916
3917 /* Note: intentionally use approximations to shave a few instructions:
3918 * a_used = old_used (accurate: old_used + 1)
3919 * a_size = arr_idx (accurate: arr_idx + 1)
3920 */
3921 if (duk__abandon_array_density_check(old_used, arr_idx)) {
3922 DUK_DD(DUK_DDPRINT("write to new array entry beyond current length, "
3923 "decided to abandon array part (would become too sparse)"));
3924
3925 /* abandoning requires a props allocation resize and
3926 * 'rechecks' the valstack, invalidating any existing
3927 * valstack value pointers!
3928 */
3929 duk__abandon_array_checked(thr, orig);
3930 DUK_ASSERT(!DUK_HOBJECT_HAS_ARRAY_PART(orig));
3931
3932 goto write_to_entry_part;
3933 }
3934
3935 DUK_DDD(DUK_DDDPRINT("=> decided to keep array part"));
3936 } else {
3937 DUK_DDD(DUK_DDDPRINT("=> fast resize is OK"));
3938 }
3939
3940 DUK_DD(DUK_DDPRINT("write to new array entry beyond current length, "
3941 "decided to extend current allocation"));
3942
3943 duk__grow_props_for_array_item(thr, orig, arr_idx);
3944
3945 no_array_growth:
3946
3947 /* Note: assume array part is comprehensive, so that either
3948 * the write goes to the array part, or we've abandoned the
3949 * array above (and will not come here).
3950 */
3951
3952 DUK_ASSERT(DUK_HOBJECT_HAS_ARRAY_PART(orig));
3953 DUK_ASSERT(arr_idx < DUK_HOBJECT_GET_ASIZE(orig));
3954
3955 tv = DUK_HOBJECT_A_GET_VALUE_PTR(thr->heap, orig, arr_idx);
3956 /* prev value must be unused, no decref */
3957 DUK_ASSERT(DUK_TVAL_IS_UNUSED(tv));
3958 DUK_TVAL_SET_TVAL(tv, tv_val);
3959 DUK_TVAL_INCREF(thr, tv);
3960 DUK_DD(DUK_DDPRINT("put to new array entry: %ld -> %!T",
3961 (long) arr_idx, (duk_tval *) tv));
3962
3963 /* Note: array part values are [[Writable]], [[Enumerable]],
3964 * and [[Configurable]] which matches the required attributes
3965 * here.
3966 */
3967 goto entry_updated;
3968 }
3969
3970 write_to_entry_part:
3971
3972 /*
3973 * Write to entry part
3974 */
3975
3976 /* entry allocation updates hash part and increases the key
3977 * refcount; may need a props allocation resize but doesn't
3978 * 'recheck' the valstack.
3979 */
3980 e_idx = duk__alloc_entry_checked(thr, orig, key);
3981 DUK_ASSERT(e_idx >= 0);
3982
3983 tv = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, orig, e_idx);
3984 /* prev value can be garbage, no decref */
3985 DUK_TVAL_SET_TVAL(tv, tv_val);
3986 DUK_TVAL_INCREF(thr, tv);
3987 DUK_HOBJECT_E_SET_FLAGS(thr->heap, orig, e_idx, DUK_PROPDESC_FLAGS_WEC);
3988 goto entry_updated;
3989
3990 entry_updated:
3991
3992 /*
3993 * Possible pending array length update, which must only be done
3994 * if the actual entry write succeeded.
3995 */
3996
3997 if (new_array_length > 0) {
3998 /*
3999 * Note: zero works as a "no update" marker because the new length
4000 * can never be zero after a new property is written.
4001 *
4002 * Note: must re-lookup because calls above (e.g. duk__alloc_entry_checked())
4003 * may realloc and compact properties and hence change e_idx.
4004 */
4005
4006 DUK_DDD(DUK_DDDPRINT("write successful, pending array length update to: %ld",
4007 (long) new_array_length));
4008
4009 rc = duk__get_own_propdesc_raw(thr, orig, DUK_HTHREAD_STRING_LENGTH(thr), DUK__NO_ARRAY_INDEX, &desc, 0 /*flags*/); /* don't push value */
4010 DUK_UNREF(rc);
4011 DUK_ASSERT(rc != 0);
4012 DUK_ASSERT(desc.e_idx >= 0);
4013
4014 tv = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, orig, desc.e_idx);
4015 DUK_ASSERT(DUK_TVAL_IS_NUMBER(tv));
4016 /* no need for decref/incref because value is a number */
4017 DUK_TVAL_SET_FASTINT_U32(tv, new_array_length);
4018 }
4019
4020 /*
4021 * Arguments exotic behavior not possible for new properties: all
4022 * magically bound properties are initially present in the arguments
4023 * object, and if they are deleted, the binding is also removed from
4024 * parameter map.
4025 */
4026
4027 goto success_no_arguments_exotic;
4028
4029 success_with_arguments_exotic:
4030
4031 /*
4032 * Arguments objects have exotic [[DefineOwnProperty]] which updates
4033 * the internal 'map' of arguments for writes to currently mapped
4034 * arguments. More conretely, writes to mapped arguments generate
4035 * a write to a bound variable.
4036 *
4037 * The [[Put]] algorithm invokes [[DefineOwnProperty]] for existing
4038 * data properties and new properties, but not for existing accessors.
4039 * Hence, in E5 Section 10.6 ([[DefinedOwnProperty]] algorithm), we
4040 * have a Desc with 'Value' (and possibly other properties too), and
4041 * we end up in step 5.b.i.
4042 */
4043
4044 if (arr_idx != DUK__NO_ARRAY_INDEX &&
4045 DUK_HOBJECT_HAS_EXOTIC_ARGUMENTS(orig)) {
4046 /* Note: only numbered indices are relevant, so arr_idx fast reject
4047 * is good (this is valid unless there are more than 4**32-1 arguments).
4048 */
4049
4050 DUK_DDD(DUK_DDDPRINT("putprop successful, arguments exotic behavior needed"));
4051
4052 /* Note: we can reuse 'desc' here */
4053
4054 /* XXX: top of stack must contain value, which helper doesn't touch,
4055 * rework to use tv_val directly?
4056 */
4057
4058 duk_push_tval(ctx, tv_val);
4059 (void) duk__check_arguments_map_for_put(thr, orig, key, &desc, throw_flag);
4060 duk_pop(ctx);
4061 }
4062 /* fall thru */
4063
4064 success_no_arguments_exotic:
4065 /* shared exit path now */
4066 DUK_DDD(DUK_DDDPRINT("result: success"));
4067 duk_pop(ctx); /* remove key */
4068 return 1;
4069
4070 #if defined(DUK_USE_ES6_PROXY)
4071 fail_proxy_rejected:
4072 DUK_DDD(DUK_DDDPRINT("result: error, proxy rejects"));
4073 if (throw_flag) {
4074 DUK_ERROR_TYPE(thr, DUK_STR_PROXY_REJECTED);
4075 }
4076 /* Note: no key on stack */
4077 return 0;
4078 #endif
4079
4080 fail_base_primitive:
4081 DUK_DDD(DUK_DDDPRINT("result: error, base primitive"));
4082 if (throw_flag) {
4083 #if defined(DUK_USE_PARANOID_ERRORS)
4084 DUK_ERROR_TYPE(thr, DUK_STR_INVALID_BASE);
4085 #else
4086 DUK_ERROR_FMT2(thr, DUK_ERR_TYPE_ERROR, "cannot write property %s of %s",
4087 duk_push_string_tval_readable(ctx, tv_key), duk_push_string_tval_readable(ctx, tv_obj));
4088 #endif
4089 }
4090 duk_pop(ctx); /* remove key */
4091 return 0;
4092
4093 fail_not_extensible:
4094 DUK_DDD(DUK_DDDPRINT("result: error, not extensible"));
4095 if (throw_flag) {
4096 DUK_ERROR_TYPE(thr, DUK_STR_NOT_EXTENSIBLE);
4097 }
4098 duk_pop(ctx); /* remove key */
4099 return 0;
4100
4101 fail_not_writable:
4102 DUK_DDD(DUK_DDDPRINT("result: error, not writable"));
4103 if (throw_flag) {
4104 DUK_ERROR_TYPE(thr, DUK_STR_NOT_WRITABLE);
4105 }
4106 duk_pop(ctx); /* remove key */
4107 return 0;
4108
4109 #if defined(DUK_USE_ROM_OBJECTS)
4110 fail_not_writable_no_pop:
4111 DUK_DDD(DUK_DDDPRINT("result: error, not writable"));
4112 if (throw_flag) {
4113 DUK_ERROR_TYPE(thr, DUK_STR_NOT_WRITABLE);
4114 }
4115 return 0;
4116 #endif
4117
4118 fail_array_length_partial:
4119 DUK_DDD(DUK_DDDPRINT("result: error, array length write only partially successful"));
4120 if (throw_flag) {
4121 DUK_ERROR_TYPE(thr, DUK_STR_ARRAY_LENGTH_WRITE_FAILED);
4122 }
4123 duk_pop(ctx); /* remove key */
4124 return 0;
4125
4126 fail_no_setter:
4127 DUK_DDD(DUK_DDDPRINT("result: error, accessor property without setter"));
4128 if (throw_flag) {
4129 DUK_ERROR_TYPE(thr, DUK_STR_SETTER_UNDEFINED);
4130 }
4131 duk_pop(ctx); /* remove key */
4132 return 0;
4133
4134 fail_internal:
4135 DUK_DDD(DUK_DDDPRINT("result: error, internal"));
4136 if (throw_flag) {
4137 DUK_ERROR_INTERNAL_DEFMSG(thr);
4138 }
4139 duk_pop(ctx); /* remove key */
4140 return 0;
4141 }
4142
4143 /*
4144 * Ecmascript compliant [[Delete]](P, Throw).
4145 */
4146
4147 DUK_INTERNAL duk_bool_t duk_hobject_delprop_raw(duk_hthread *thr, duk_hobject *obj, duk_hstring *key, duk_small_uint_t flags) {
4148 duk_propdesc desc;
4149 duk_tval *tv;
4150 duk_uint32_t arr_idx;
4151 duk_bool_t throw_flag;
4152 duk_bool_t force_flag;
4153
4154 throw_flag = (flags & DUK_DELPROP_FLAG_THROW);
4155 force_flag = (flags & DUK_DELPROP_FLAG_FORCE);
4156
4157 DUK_DDD(DUK_DDDPRINT("delprop_raw: thr=%p, obj=%p, key=%p, throw=%ld, force=%ld (obj -> %!O, key -> %!O)",
4158 (void *) thr, (void *) obj, (void *) key, (long) throw_flag, (long) force_flag,
4159 (duk_heaphdr *) obj, (duk_heaphdr *) key));
4160
4161 DUK_ASSERT(thr != NULL);
4162 DUK_ASSERT(thr->heap != NULL);
4163 DUK_ASSERT(obj != NULL);
4164 DUK_ASSERT(key != NULL);
4165
4166 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
4167
4168 arr_idx = DUK_HSTRING_GET_ARRIDX_FAST(key);
4169
4170 /* 0 = don't push current value */
4171 if (!duk__get_own_propdesc_raw(thr, obj, key, arr_idx, &desc, 0 /*flags*/)) { /* don't push value */
4172 DUK_DDD(DUK_DDDPRINT("property not found, succeed always"));
4173 goto success;
4174 }
4175
4176 #if defined(DUK_USE_ROM_OBJECTS)
4177 if (DUK_HEAPHDR_HAS_READONLY((duk_heaphdr *) obj)) {
4178 DUK_DD(DUK_DDPRINT("attempt to delprop on read-only target object"));
4179 goto fail_not_configurable;
4180 }
4181 #endif
4182
4183 if ((desc.flags & DUK_PROPDESC_FLAG_CONFIGURABLE) == 0 && !force_flag) {
4184 goto fail_not_configurable;
4185 }
4186 if (desc.a_idx < 0 && desc.e_idx < 0) {
4187 /* Currently there are no deletable virtual properties, but
4188 * with force_flag we might attempt to delete one.
4189 */
4190 goto fail_virtual;
4191 }
4192
4193 if (desc.a_idx >= 0) {
4194 DUK_ASSERT(desc.e_idx < 0);
4195
4196 tv = DUK_HOBJECT_A_GET_VALUE_PTR(thr->heap, obj, desc.a_idx);
4197 DUK_TVAL_SET_UNUSED_UPDREF(thr, tv); /* side effects */
4198 goto success;
4199 } else {
4200 duk_hobject *h_get = NULL;
4201 duk_hobject *h_set = NULL;
4202 duk_tval tv_tmp;
4203
4204 DUK_ASSERT(desc.a_idx < 0);
4205
4206 /* Set property slot to an empty state. Careful not to invoke
4207 * any side effects while using desc.e_idx so that it doesn't
4208 * get invalidated by a finalizer mutating our object.
4209 */
4210
4211 /* remove hash entry (no decref) */
4212 #if defined(DUK_USE_HOBJECT_HASH_PART)
4213 if (desc.h_idx >= 0) {
4214 duk_uint32_t *h_base = DUK_HOBJECT_H_GET_BASE(thr->heap, obj);
4215
4216 DUK_DDD(DUK_DDDPRINT("removing hash entry at h_idx %ld", (long) desc.h_idx));
4217 DUK_ASSERT(DUK_HOBJECT_GET_HSIZE(obj) > 0);
4218 DUK_ASSERT((duk_uint32_t) desc.h_idx < DUK_HOBJECT_GET_HSIZE(obj));
4219 h_base[desc.h_idx] = DUK__HASH_DELETED;
4220 } else {
4221 DUK_ASSERT(DUK_HOBJECT_GET_HSIZE(obj) == 0);
4222 }
4223 #else
4224 DUK_ASSERT(DUK_HOBJECT_GET_HSIZE(obj) == 0);
4225 #endif
4226
4227 /* remove value */
4228 DUK_DDD(DUK_DDDPRINT("before removing value, e_idx %ld, key %p, key at slot %p",
4229 (long) desc.e_idx, (void *) key, (void *) DUK_HOBJECT_E_GET_KEY(thr->heap, obj, desc.e_idx)));
4230 DUK_DDD(DUK_DDDPRINT("removing value at e_idx %ld", (long) desc.e_idx));
4231 DUK_MEMSET((void *) &tv_tmp, 0, sizeof(tv_tmp));
4232 DUK_TVAL_SET_UNDEFINED(&tv_tmp);
4233 if (DUK_HOBJECT_E_SLOT_IS_ACCESSOR(thr->heap, obj, desc.e_idx)) {
4234 h_get = DUK_HOBJECT_E_GET_VALUE_GETTER(thr->heap, obj, desc.e_idx);
4235 h_set = DUK_HOBJECT_E_GET_VALUE_SETTER(thr->heap, obj, desc.e_idx);
4236 DUK_HOBJECT_E_SET_VALUE_GETTER(thr->heap, obj, desc.e_idx, NULL);
4237 DUK_HOBJECT_E_SET_VALUE_SETTER(thr->heap, obj, desc.e_idx, NULL);
4238 } else {
4239 tv = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, obj, desc.e_idx);
4240 DUK_TVAL_SET_TVAL(&tv_tmp, tv);
4241 DUK_TVAL_SET_UNDEFINED(tv);
4242 }
4243 #if 0
4244 /* Not strictly necessary because if key == NULL, flag MUST be ignored. */
4245 DUK_HOBJECT_E_SET_FLAGS(thr->heap, obj, desc.e_idx, 0);
4246 #endif
4247
4248 /* remove key */
4249 DUK_DDD(DUK_DDDPRINT("before removing key, e_idx %ld, key %p, key at slot %p",
4250 (long) desc.e_idx, (void *) key, (void *) DUK_HOBJECT_E_GET_KEY(thr->heap, obj, desc.e_idx)));
4251 DUK_DDD(DUK_DDDPRINT("removing key at e_idx %ld", (long) desc.e_idx));
4252 DUK_ASSERT(key == DUK_HOBJECT_E_GET_KEY(thr->heap, obj, desc.e_idx));
4253 DUK_HOBJECT_E_SET_KEY(thr->heap, obj, desc.e_idx, NULL);
4254
4255 /* Do decrefs only with safe pointers to avoid side effects
4256 * disturbing e_idx.
4257 */
4258 DUK_TVAL_DECREF(thr, &tv_tmp);
4259 DUK_HOBJECT_DECREF_ALLOWNULL(thr, h_get);
4260 DUK_HOBJECT_DECREF_ALLOWNULL(thr, h_set);
4261 DUK_HSTRING_DECREF(thr, key);
4262 goto success;
4263 }
4264
4265 DUK_UNREACHABLE();
4266
4267 success:
4268 /*
4269 * Argument exotic [[Delete]] behavior (E5 Section 10.6) is
4270 * a post-check, keeping arguments internal 'map' in sync with
4271 * any successful deletes (note that property does not need to
4272 * exist for delete to 'succeed').
4273 *
4274 * Delete key from 'map'. Since 'map' only contains array index
4275 * keys, we can use arr_idx for a fast skip.
4276 */
4277
4278 DUK_DDD(DUK_DDDPRINT("delete successful, check for arguments exotic behavior"));
4279
4280 if (arr_idx != DUK__NO_ARRAY_INDEX && DUK_HOBJECT_HAS_EXOTIC_ARGUMENTS(obj)) {
4281 /* Note: only numbered indices are relevant, so arr_idx fast reject
4282 * is good (this is valid unless there are more than 4**32-1 arguments).
4283 */
4284
4285 DUK_DDD(DUK_DDDPRINT("delete successful, arguments exotic behavior needed"));
4286
4287 /* Note: we can reuse 'desc' here */
4288 (void) duk__check_arguments_map_for_delete(thr, obj, key, &desc);
4289 }
4290
4291 DUK_DDD(DUK_DDDPRINT("delete successful"));
4292 return 1;
4293
4294 fail_virtual:
4295 DUK_DDD(DUK_DDDPRINT("delete failed: property found, force flag, but virtual"));
4296
4297 if (throw_flag) {
4298 DUK_ERROR_TYPE(thr, DUK_STR_PROPERTY_IS_VIRTUAL);
4299 }
4300 return 0;
4301
4302 fail_not_configurable:
4303 DUK_DDD(DUK_DDDPRINT("delete failed: property found, not configurable"));
4304
4305 if (throw_flag) {
4306 DUK_ERROR_TYPE(thr, DUK_STR_NOT_CONFIGURABLE);
4307 }
4308 return 0;
4309 }
4310
4311 /*
4312 * DELPROP: Ecmascript property deletion.
4313 */
4314
4315 DUK_INTERNAL duk_bool_t duk_hobject_delprop(duk_hthread *thr, duk_tval *tv_obj, duk_tval *tv_key, duk_bool_t throw_flag) {
4316 duk_context *ctx = (duk_context *) thr;
4317 duk_hstring *key = NULL;
4318 #if defined(DUK_USE_ES6_PROXY)
4319 duk_propdesc desc;
4320 #endif
4321 duk_int_t entry_top;
4322 duk_uint32_t arr_idx = DUK__NO_ARRAY_INDEX;
4323 duk_bool_t rc;
4324
4325 DUK_DDD(DUK_DDDPRINT("delprop: thr=%p, obj=%p, key=%p (obj -> %!T, key -> %!T)",
4326 (void *) thr, (void *) tv_obj, (void *) tv_key,
4327 (duk_tval *) tv_obj, (duk_tval *) tv_key));
4328
4329 DUK_ASSERT(ctx != NULL);
4330 DUK_ASSERT(thr != NULL);
4331 DUK_ASSERT(thr->heap != NULL);
4332 DUK_ASSERT(tv_obj != NULL);
4333 DUK_ASSERT(tv_key != NULL);
4334
4335 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
4336
4337 /* Storing the entry top is cheaper here to ensure stack is correct at exit,
4338 * as there are several paths out.
4339 */
4340 entry_top = duk_get_top(ctx);
4341
4342 if (DUK_TVAL_IS_UNDEFINED(tv_obj) ||
4343 DUK_TVAL_IS_NULL(tv_obj)) {
4344 DUK_DDD(DUK_DDDPRINT("base object is undefined or null -> reject"));
4345 goto fail_invalid_base_uncond;
4346 }
4347
4348 duk_push_tval(ctx, tv_obj);
4349 duk_push_tval(ctx, tv_key);
4350
4351 tv_obj = DUK_GET_TVAL_NEGIDX(ctx, -2);
4352 if (DUK_TVAL_IS_OBJECT(tv_obj)) {
4353 duk_hobject *obj = DUK_TVAL_GET_OBJECT(tv_obj);
4354 DUK_ASSERT(obj != NULL);
4355
4356 #if defined(DUK_USE_ES6_PROXY)
4357 if (DUK_UNLIKELY(DUK_HOBJECT_HAS_EXOTIC_PROXYOBJ(obj))) {
4358 duk_hobject *h_target;
4359 duk_bool_t tmp_bool;
4360
4361 /* Note: proxy handling must happen before key is string coerced. */
4362
4363 if (duk__proxy_check_prop(thr, obj, DUK_STRIDX_DELETE_PROPERTY, tv_key, &h_target)) {
4364 /* -> [ ... trap handler ] */
4365 DUK_DDD(DUK_DDDPRINT("-> proxy object 'deleteProperty' for key %!T", (duk_tval *) tv_key));
4366 duk_push_hobject(ctx, h_target); /* target */
4367 duk_push_tval(ctx, tv_key); /* P */
4368 duk_call_method(ctx, 2 /*nargs*/);
4369 tmp_bool = duk_to_boolean(ctx, -1);
4370 duk_pop(ctx);
4371 if (!tmp_bool) {
4372 goto fail_proxy_rejected; /* retval indicates delete failed */
4373 }
4374
4375 /* Target object must be checked for a conflicting
4376 * non-configurable property.
4377 */
4378 arr_idx = duk__push_tval_to_hstring_arr_idx(ctx, tv_key, &key);
4379 DUK_ASSERT(key != NULL);
4380
4381 if (duk__get_own_propdesc_raw(thr, h_target, key, arr_idx, &desc, 0 /*flags*/)) { /* don't push value */
4382 int desc_reject;
4383
4384 DUK_DDD(DUK_DDDPRINT("proxy 'deleteProperty': target has matching property %!O, check for "
4385 "conflicting property; desc.flags=0x%08lx, "
4386 "desc.get=%p, desc.set=%p",
4387 (duk_heaphdr *) key, (unsigned long) desc.flags,
4388 (void *) desc.get, (void *) desc.set));
4389
4390 desc_reject = !(desc.flags & DUK_PROPDESC_FLAG_CONFIGURABLE);
4391 if (desc_reject) {
4392 /* unconditional */
4393 DUK_ERROR_TYPE(thr, DUK_STR_PROXY_REJECTED);
4394 }
4395 }
4396 rc = 1; /* success */
4397 goto done_rc;
4398 }
4399
4400 obj = h_target; /* resume delete to target */
4401 }
4402 #endif /* DUK_USE_ES6_PROXY */
4403
4404 duk_to_string(ctx, -1);
4405 key = duk_get_hstring(ctx, -1);
4406 DUK_ASSERT(key != NULL);
4407
4408 rc = duk_hobject_delprop_raw(thr, obj, key, throw_flag ? DUK_DELPROP_FLAG_THROW : 0);
4409 goto done_rc;
4410 } else if (DUK_TVAL_IS_STRING(tv_obj)) {
4411 /* XXX: unnecessary string coercion for array indices,
4412 * intentional to keep small.
4413 */
4414 duk_hstring *h = DUK_TVAL_GET_STRING(tv_obj);
4415 DUK_ASSERT(h != NULL);
4416
4417 duk_to_string(ctx, -1);
4418 key = duk_get_hstring(ctx, -1);
4419 DUK_ASSERT(key != NULL);
4420
4421 if (key == DUK_HTHREAD_STRING_LENGTH(thr)) {
4422 goto fail_not_configurable;
4423 }
4424
4425 arr_idx = DUK_HSTRING_GET_ARRIDX_FAST(key);
4426
4427 if (arr_idx != DUK__NO_ARRAY_INDEX &&
4428 arr_idx < DUK_HSTRING_GET_CHARLEN(h)) {
4429 goto fail_not_configurable;
4430 }
4431 } else if (DUK_TVAL_IS_BUFFER(tv_obj)) {
4432 /* XXX: unnecessary string coercion for array indices,
4433 * intentional to keep small; some overlap with string
4434 * handling.
4435 */
4436 duk_hbuffer *h = DUK_TVAL_GET_BUFFER(tv_obj);
4437 DUK_ASSERT(h != NULL);
4438
4439 duk_to_string(ctx, -1);
4440 key = duk_get_hstring(ctx, -1);
4441 DUK_ASSERT(key != NULL);
4442
4443 if (key == DUK_HTHREAD_STRING_LENGTH(thr)) {
4444 goto fail_not_configurable;
4445 }
4446
4447 arr_idx = DUK_HSTRING_GET_ARRIDX_FAST(key);
4448
4449 if (arr_idx != DUK__NO_ARRAY_INDEX &&
4450 arr_idx < DUK_HBUFFER_GET_SIZE(h)) {
4451 goto fail_not_configurable;
4452 }
4453 } else if (DUK_TVAL_IS_LIGHTFUNC(tv_obj)) {
4454 /* Lightfunc virtual properties are non-configurable, so
4455 * reject if match any of them.
4456 */
4457
4458 duk_to_string(ctx, -1);
4459 key = duk_get_hstring(ctx, -1);
4460 DUK_ASSERT(key != NULL);
4461
4462 if (duk__key_is_lightfunc_ownprop(thr, key)) {
4463 goto fail_not_configurable;
4464 }
4465 }
4466
4467 /* non-object base, no offending virtual property */
4468 rc = 1;
4469 goto done_rc;
4470
4471 done_rc:
4472 duk_set_top(ctx, entry_top);
4473 return rc;
4474
4475 fail_invalid_base_uncond:
4476 /* Note: unconditional throw */
4477 DUK_ASSERT(duk_get_top(ctx) == entry_top);
4478 #if defined(DUK_USE_PARANOID_ERRORS)
4479 DUK_ERROR_TYPE(thr, DUK_STR_INVALID_BASE);
4480 #else
4481 DUK_ERROR_FMT2(thr, DUK_ERR_TYPE_ERROR, "cannot delete property %s of %s",
4482 duk_push_string_tval_readable(ctx, tv_key), duk_push_string_tval_readable(ctx, tv_obj));
4483 #endif
4484 return 0;
4485
4486 #if defined(DUK_USE_ES6_PROXY)
4487 fail_proxy_rejected:
4488 if (throw_flag) {
4489 DUK_ERROR_TYPE(thr, DUK_STR_PROXY_REJECTED);
4490 }
4491 duk_set_top(ctx, entry_top);
4492 return 0;
4493 #endif
4494
4495 fail_not_configurable:
4496 if (throw_flag) {
4497 DUK_ERROR_TYPE(thr, DUK_STR_NOT_CONFIGURABLE);
4498 }
4499 duk_set_top(ctx, entry_top);
4500 return 0;
4501 }
4502
4503 /*
4504 * Internal helper to define a property with specific flags, ignoring
4505 * normal semantics such as extensibility, write protection etc.
4506 * Overwrites any existing value and attributes unless caller requests
4507 * that value only be updated if it doesn't already exists.
4508 *
4509 * Does not support:
4510 * - virtual properties (error if write attempted)
4511 * - getter/setter properties (error if write attempted)
4512 * - non-default (!= WEC) attributes for array entries (error if attempted)
4513 * - array abandoning: if array part exists, it is always extended
4514 * - array 'length' updating
4515 *
4516 * Stack: [... in_val] -> []
4517 *
4518 * Used for e.g. built-in initialization and environment record
4519 * operations.
4520 */
4521
4522 DUK_INTERNAL void duk_hobject_define_property_internal(duk_hthread *thr, duk_hobject *obj, duk_hstring *key, duk_small_uint_t flags) {
4523 duk_context *ctx = (duk_context *) thr;
4524 duk_propdesc desc;
4525 duk_uint32_t arr_idx;
4526 duk_int_t e_idx;
4527 duk_tval *tv1 = NULL;
4528 duk_tval *tv2 = NULL;
4529 duk_small_uint_t propflags = flags & DUK_PROPDESC_FLAGS_MASK; /* mask out flags not actually stored */
4530
4531 DUK_DDD(DUK_DDDPRINT("define new property (internal): thr=%p, obj=%!O, key=%!O, flags=0x%02lx, val=%!T",
4532 (void *) thr, (duk_heaphdr *) obj, (duk_heaphdr *) key,
4533 (unsigned long) flags, (duk_tval *) duk_get_tval(ctx, -1)));
4534
4535 DUK_ASSERT(thr != NULL);
4536 DUK_ASSERT(thr->heap != NULL);
4537 DUK_ASSERT(obj != NULL);
4538 DUK_ASSERT(key != NULL);
4539 DUK_ASSERT(!DUK_HEAPHDR_HAS_READONLY((duk_heaphdr *) obj));
4540 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
4541 DUK_ASSERT(duk_is_valid_index(ctx, -1)); /* contains value */
4542
4543 arr_idx = DUK_HSTRING_GET_ARRIDX_SLOW(key);
4544
4545 if (duk__get_own_propdesc_raw(thr, obj, key, arr_idx, &desc, 0 /*flags*/)) { /* don't push value */
4546 if (desc.e_idx >= 0) {
4547 if (flags & DUK_PROPDESC_FLAG_NO_OVERWRITE) {
4548 DUK_DDD(DUK_DDDPRINT("property already exists in the entry part -> skip as requested"));
4549 goto pop_exit;
4550 }
4551 DUK_DDD(DUK_DDDPRINT("property already exists in the entry part -> update value and attributes"));
4552 if (DUK_UNLIKELY(DUK_HOBJECT_E_SLOT_IS_ACCESSOR(thr->heap, obj, desc.e_idx))) {
4553 DUK_D(DUK_DPRINT("existing property is an accessor, not supported"));
4554 goto error_internal;
4555 }
4556
4557 DUK_HOBJECT_E_SET_FLAGS(thr->heap, obj, desc.e_idx, propflags);
4558 tv1 = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, obj, desc.e_idx);
4559 } else if (desc.a_idx >= 0) {
4560 if (flags & DUK_PROPDESC_FLAG_NO_OVERWRITE) {
4561 DUK_DDD(DUK_DDDPRINT("property already exists in the array part -> skip as requested"));
4562 goto pop_exit;
4563 }
4564 DUK_DDD(DUK_DDDPRINT("property already exists in the array part -> update value (assert attributes)"));
4565 if (propflags != DUK_PROPDESC_FLAGS_WEC) {
4566 DUK_D(DUK_DPRINT("existing property in array part, but propflags not WEC (0x%02lx)",
4567 (unsigned long) propflags));
4568 goto error_internal;
4569 }
4570
4571 tv1 = DUK_HOBJECT_A_GET_VALUE_PTR(thr->heap, obj, desc.a_idx);
4572 } else {
4573 if (flags & DUK_PROPDESC_FLAG_NO_OVERWRITE) {
4574 DUK_DDD(DUK_DDDPRINT("property already exists but is virtual -> skip as requested"));
4575 goto pop_exit;
4576 }
4577 DUK_DDD(DUK_DDDPRINT("property already exists but is virtual -> failure"));
4578 goto error_virtual;
4579 }
4580
4581 goto write_value;
4582 }
4583
4584 if (DUK_HOBJECT_HAS_ARRAY_PART(obj)) {
4585 if (arr_idx != DUK__NO_ARRAY_INDEX) {
4586 DUK_DDD(DUK_DDDPRINT("property does not exist, object has array part -> possibly extend array part and write value (assert attributes)"));
4587 DUK_ASSERT(propflags == DUK_PROPDESC_FLAGS_WEC);
4588
4589 /* always grow the array, no sparse / abandon support here */
4590 if (arr_idx >= DUK_HOBJECT_GET_ASIZE(obj)) {
4591 duk__grow_props_for_array_item(thr, obj, arr_idx);
4592 }
4593
4594 DUK_ASSERT(arr_idx < DUK_HOBJECT_GET_ASIZE(obj));
4595 tv1 = DUK_HOBJECT_A_GET_VALUE_PTR(thr->heap, obj, arr_idx);
4596 goto write_value;
4597 }
4598 }
4599
4600 DUK_DDD(DUK_DDDPRINT("property does not exist, object belongs in entry part -> allocate new entry and write value and attributes"));
4601 e_idx = duk__alloc_entry_checked(thr, obj, key); /* increases key refcount */
4602 DUK_ASSERT(e_idx >= 0);
4603 DUK_HOBJECT_E_SET_FLAGS(thr->heap, obj, e_idx, propflags);
4604 tv1 = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, obj, e_idx);
4605 /* new entry: previous value is garbage; set to undefined to share write_value */
4606 DUK_TVAL_SET_UNDEFINED(tv1);
4607 goto write_value;
4608
4609 write_value:
4610 /* tv1 points to value storage */
4611
4612 tv2 = duk_require_tval(ctx, -1); /* late lookup, avoid side effects */
4613 DUK_DDD(DUK_DDDPRINT("writing/updating value: %!T -> %!T",
4614 (duk_tval *) tv1, (duk_tval *) tv2));
4615
4616 DUK_TVAL_SET_TVAL_UPDREF(thr, tv1, tv2); /* side effects */
4617 goto pop_exit;
4618
4619 pop_exit:
4620 duk_pop(ctx); /* remove in_val */
4621 return;
4622
4623 error_internal:
4624 DUK_ERROR_INTERNAL_DEFMSG(thr);
4625 return;
4626
4627 error_virtual:
4628 DUK_ERROR_TYPE(thr, DUK_STR_REDEFINE_VIRT_PROP);
4629 return;
4630 }
4631
4632 /*
4633 * Fast path for defining array indexed values without interning the key.
4634 * This is used by e.g. code for Array prototype and traceback creation so
4635 * must avoid interning.
4636 */
4637
4638 DUK_INTERNAL void duk_hobject_define_property_internal_arridx(duk_hthread *thr, duk_hobject *obj, duk_uarridx_t arr_idx, duk_small_uint_t flags) {
4639 duk_context *ctx = (duk_context *) thr;
4640 duk_hstring *key;
4641 duk_tval *tv1, *tv2;
4642
4643 DUK_DDD(DUK_DDDPRINT("define new property (internal) arr_idx fast path: thr=%p, obj=%!O, "
4644 "arr_idx=%ld, flags=0x%02lx, val=%!T",
4645 (void *) thr, obj, (long) arr_idx, (unsigned long) flags,
4646 (duk_tval *) duk_get_tval(ctx, -1)));
4647
4648 DUK_ASSERT(thr != NULL);
4649 DUK_ASSERT(thr->heap != NULL);
4650 DUK_ASSERT(obj != NULL);
4651 DUK_ASSERT(!DUK_HEAPHDR_HAS_READONLY((duk_heaphdr *) obj));
4652
4653 if (DUK_HOBJECT_HAS_ARRAY_PART(obj) &&
4654 arr_idx != DUK__NO_ARRAY_INDEX &&
4655 flags == DUK_PROPDESC_FLAGS_WEC) {
4656 DUK_ASSERT((flags & DUK_PROPDESC_FLAG_NO_OVERWRITE) == 0); /* covered by comparison */
4657
4658 DUK_DDD(DUK_DDDPRINT("define property to array part (property may or may not exist yet)"));
4659
4660 /* always grow the array, no sparse / abandon support here */
4661 if (arr_idx >= DUK_HOBJECT_GET_ASIZE(obj)) {
4662 duk__grow_props_for_array_item(thr, obj, arr_idx);
4663 }
4664
4665 DUK_ASSERT(arr_idx < DUK_HOBJECT_GET_ASIZE(obj));
4666 tv1 = DUK_HOBJECT_A_GET_VALUE_PTR(thr->heap, obj, arr_idx);
4667 tv2 = duk_require_tval(ctx, -1);
4668
4669 DUK_TVAL_SET_TVAL_UPDREF(thr, tv1, tv2); /* side effects */
4670
4671 duk_pop(ctx); /* [ ...val ] -> [ ... ] */
4672 return;
4673 }
4674
4675 DUK_DDD(DUK_DDDPRINT("define property fast path didn't work, use slow path"));
4676
4677 duk_push_uint(ctx, (duk_uint_t) arr_idx);
4678 key = duk_to_hstring(ctx, -1);
4679 DUK_ASSERT(key != NULL);
4680 duk_insert(ctx, -2); /* [ ... val key ] -> [ ... key val ] */
4681
4682 duk_hobject_define_property_internal(thr, obj, key, flags);
4683
4684 duk_pop(ctx); /* [ ... key ] -> [ ... ] */
4685 }
4686
4687 /*
4688 * Internal helper for defining an accessor property, ignoring
4689 * normal semantics such as extensibility, write protection etc.
4690 * Overwrites any existing value and attributes. This is called
4691 * very rarely, so the implementation first sets a value to undefined
4692 * and then changes the entry to an accessor (this is to save code space).
4693 */
4694
4695 DUK_INTERNAL void duk_hobject_define_accessor_internal(duk_hthread *thr, duk_hobject *obj, duk_hstring *key, duk_hobject *getter, duk_hobject *setter, duk_small_uint_t propflags) {
4696 duk_context *ctx = (duk_context *) thr;
4697 duk_int_t e_idx;
4698 duk_int_t h_idx;
4699
4700 DUK_DDD(DUK_DDDPRINT("define new accessor (internal): thr=%p, obj=%!O, key=%!O, "
4701 "getter=%!O, setter=%!O, flags=0x%02lx",
4702 (void *) thr, (duk_heaphdr *) obj, (duk_heaphdr *) key,
4703 (duk_heaphdr *) getter, (duk_heaphdr *) setter,
4704 (unsigned long) propflags));
4705
4706 DUK_ASSERT(thr != NULL);
4707 DUK_ASSERT(thr->heap != NULL);
4708 DUK_ASSERT(obj != NULL);
4709 DUK_ASSERT(key != NULL);
4710 DUK_ASSERT((propflags & ~DUK_PROPDESC_FLAGS_MASK) == 0);
4711 /* setter and/or getter may be NULL */
4712 DUK_ASSERT(!DUK_HEAPHDR_HAS_READONLY((duk_heaphdr *) obj));
4713
4714 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
4715
4716 /* force the property to 'undefined' to create a slot for it */
4717 duk_push_undefined(ctx);
4718 duk_hobject_define_property_internal(thr, obj, key, propflags);
4719 duk_hobject_find_existing_entry(thr->heap, obj, key, &e_idx, &h_idx);
4720 DUK_DDD(DUK_DDDPRINT("accessor slot: e_idx=%ld, h_idx=%ld", (long) e_idx, (long) h_idx));
4721 DUK_ASSERT(e_idx >= 0);
4722 DUK_ASSERT((duk_uint32_t) e_idx < DUK_HOBJECT_GET_ENEXT(obj));
4723
4724 /* no need to decref, as previous value is 'undefined' */
4725 DUK_HOBJECT_E_SLOT_SET_ACCESSOR(thr->heap, obj, e_idx);
4726 DUK_HOBJECT_E_SET_VALUE_GETTER(thr->heap, obj, e_idx, getter);
4727 DUK_HOBJECT_E_SET_VALUE_SETTER(thr->heap, obj, e_idx, setter);
4728 DUK_HOBJECT_INCREF_ALLOWNULL(thr, getter);
4729 DUK_HOBJECT_INCREF_ALLOWNULL(thr, setter);
4730 }
4731
4732 /*
4733 * Internal helpers for managing object 'length'
4734 */
4735
4736 /* XXX: awkward helpers */
4737
4738 DUK_INTERNAL void duk_hobject_set_length(duk_hthread *thr, duk_hobject *obj, duk_uint32_t length) {
4739 duk_context *ctx = (duk_context *) thr;
4740 duk_push_hobject(ctx, obj);
4741 duk_push_hstring_stridx(ctx, DUK_STRIDX_LENGTH);
4742 duk_push_u32(ctx, length);
4743 (void) duk_hobject_putprop(thr,
4744 DUK_GET_TVAL_NEGIDX(ctx, -3),
4745 DUK_GET_TVAL_NEGIDX(ctx, -2),
4746 DUK_GET_TVAL_NEGIDX(ctx, -1),
4747 0);
4748 duk_pop_n(ctx, 3);
4749 }
4750
4751 DUK_INTERNAL void duk_hobject_set_length_zero(duk_hthread *thr, duk_hobject *obj) {
4752 duk_hobject_set_length(thr, obj, 0);
4753 }
4754
4755 DUK_INTERNAL duk_uint32_t duk_hobject_get_length(duk_hthread *thr, duk_hobject *obj) {
4756 duk_context *ctx = (duk_context *) thr;
4757 duk_double_t val;
4758 duk_push_hobject(ctx, obj);
4759 duk_push_hstring_stridx(ctx, DUK_STRIDX_LENGTH);
4760 (void) duk_hobject_getprop(thr,
4761 DUK_GET_TVAL_NEGIDX(ctx, -2),
4762 DUK_GET_TVAL_NEGIDX(ctx, -1));
4763 val = duk_to_number(ctx, -1);
4764 duk_pop_n(ctx, 3);
4765 if (val >= 0.0 && val < DUK_DOUBLE_2TO32) {
4766 return (duk_uint32_t) val;
4767 }
4768 return 0;
4769 }
4770
4771 /*
4772 * Object.getOwnPropertyDescriptor() (E5 Sections 15.2.3.3, 8.10.4)
4773 *
4774 * This is an actual function call.
4775 */
4776
4777 DUK_INTERNAL duk_ret_t duk_hobject_object_get_own_property_descriptor(duk_context *ctx) {
4778 duk_hthread *thr = (duk_hthread *) ctx;
4779 duk_hobject *obj;
4780 duk_hstring *key;
4781 duk_propdesc pd;
4782 duk_bool_t rc;
4783
4784 DUK_ASSERT(ctx != NULL);
4785 DUK_ASSERT(thr != NULL);
4786 DUK_ASSERT(thr->heap != NULL);
4787
4788 obj = duk_require_hobject_or_lfunc_coerce(ctx, 0);
4789 (void) duk_to_string(ctx, 1);
4790 key = duk_require_hstring(ctx, 1);
4791
4792 DUK_ASSERT(obj != NULL);
4793 DUK_ASSERT(key != NULL);
4794
4795 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
4796
4797 rc = duk_hobject_get_own_propdesc(thr, obj, key, &pd, DUK_GETDESC_FLAG_PUSH_VALUE);
4798 if (!rc) {
4799 duk_push_undefined(ctx);
4800
4801 /* [obj key undefined] */
4802 return 1;
4803 }
4804
4805 duk_push_object(ctx);
4806
4807 /* [obj key value desc] */
4808
4809 if (DUK_PROPDESC_IS_ACCESSOR(&pd)) {
4810 /* If a setter/getter is missing (undefined), the descriptor must
4811 * still have the property present with the value 'undefined'.
4812 */
4813 if (pd.get) {
4814 duk_push_hobject(ctx, pd.get);
4815 } else {
4816 duk_push_undefined(ctx);
4817 }
4818 duk_put_prop_stridx(ctx, -2, DUK_STRIDX_GET);
4819 if (pd.set) {
4820 duk_push_hobject(ctx, pd.set);
4821 } else {
4822 duk_push_undefined(ctx);
4823 }
4824 duk_put_prop_stridx(ctx, -2, DUK_STRIDX_SET);
4825 } else {
4826 duk_dup(ctx, -2); /* [obj key value desc value] */
4827 duk_put_prop_stridx(ctx, -2, DUK_STRIDX_VALUE);
4828 duk_push_boolean(ctx, DUK_PROPDESC_IS_WRITABLE(&pd));
4829 duk_put_prop_stridx(ctx, -2, DUK_STRIDX_WRITABLE);
4830
4831 /* [obj key value desc] */
4832 }
4833 duk_push_boolean(ctx, DUK_PROPDESC_IS_ENUMERABLE(&pd));
4834 duk_put_prop_stridx(ctx, -2, DUK_STRIDX_ENUMERABLE);
4835 duk_push_boolean(ctx, DUK_PROPDESC_IS_CONFIGURABLE(&pd));
4836 duk_put_prop_stridx(ctx, -2, DUK_STRIDX_CONFIGURABLE);
4837
4838 /* [obj key value desc] */
4839 return 1;
4840 }
4841
4842 /*
4843 * NormalizePropertyDescriptor() related helper.
4844 *
4845 * Internal helper which validates and normalizes a property descriptor
4846 * represented as an Ecmascript object (e.g. argument to defineProperty()).
4847 * The output of this conversion is a set of defprop_flags and possibly
4848 * some values pushed on the value stack; some subset of: property value,
4849 * getter, setter. Caller must manage stack top carefully because the
4850 * number of values pushed depends on the input property descriptor.
4851 *
4852 * The original descriptor object must not be altered in the process.
4853 */
4854
4855 /* XXX: very basic optimization -> duk_get_prop_stridx_top */
4856
4857 DUK_INTERNAL
4858 void duk_hobject_prepare_property_descriptor(duk_context *ctx,
4859 duk_idx_t idx_in,
4860 duk_uint_t *out_defprop_flags,
4861 duk_idx_t *out_idx_value,
4862 duk_hobject **out_getter,
4863 duk_hobject **out_setter) {
4864 duk_hthread *thr = (duk_hthread *) ctx;
4865 duk_idx_t idx_value = -1;
4866 duk_hobject *getter = NULL;
4867 duk_hobject *setter = NULL;
4868 duk_bool_t is_data_desc = 0;
4869 duk_bool_t is_acc_desc = 0;
4870 duk_uint_t defprop_flags = 0;
4871
4872 DUK_ASSERT(ctx != NULL);
4873 DUK_ASSERT(out_defprop_flags != NULL);
4874 DUK_ASSERT(out_idx_value != NULL);
4875 DUK_ASSERT(out_getter != NULL);
4876 DUK_ASSERT(out_setter != NULL);
4877
4878 /* Must be an object, otherwise TypeError (E5.1 Section 8.10.5, step 1). */
4879 idx_in = duk_require_normalize_index(ctx, idx_in);
4880 (void) duk_require_hobject(ctx, idx_in);
4881
4882 /* The coercion order must match the ToPropertyDescriptor() algorithm
4883 * so that side effects in coercion happen in the correct order.
4884 * (This order also happens to be compatible with duk_def_prop(),
4885 * although it doesn't matter in practice.)
4886 */
4887
4888 if (duk_get_prop_stridx(ctx, idx_in, DUK_STRIDX_VALUE)) {
4889 is_data_desc = 1;
4890 defprop_flags |= DUK_DEFPROP_HAVE_VALUE;
4891 idx_value = duk_get_top_index(ctx);
4892 /* Leave 'value' on stack */
4893 } else {
4894 duk_pop(ctx);
4895 }
4896
4897 if (duk_get_prop_stridx(ctx, idx_in, DUK_STRIDX_WRITABLE)) {
4898 is_data_desc = 1;
4899 if (duk_to_boolean(ctx, -1)) {
4900 defprop_flags |= DUK_DEFPROP_HAVE_WRITABLE | DUK_DEFPROP_WRITABLE;
4901 } else {
4902 defprop_flags |= DUK_DEFPROP_HAVE_WRITABLE;
4903 }
4904 }
4905 duk_pop(ctx);
4906
4907 if (duk_get_prop_stridx(ctx, idx_in, DUK_STRIDX_GET)) {
4908 duk_tval *tv = duk_require_tval(ctx, -1);
4909 duk_hobject *h_get;
4910
4911 if (DUK_TVAL_IS_UNDEFINED(tv)) {
4912 /* undefined is accepted */
4913 DUK_ASSERT(getter == NULL);
4914 } else {
4915 /* NOTE: lightfuncs are coerced to full functions because
4916 * lightfuncs don't fit into a property value slot. This
4917 * has some side effects, see test-dev-lightfunc-accessor.js.
4918 */
4919 h_get = duk_get_hobject_or_lfunc_coerce(ctx, -1);
4920 if (h_get == NULL || !DUK_HOBJECT_IS_CALLABLE(h_get)) {
4921 goto type_error;
4922 }
4923 getter = h_get;
4924 }
4925 is_acc_desc = 1;
4926 defprop_flags |= DUK_DEFPROP_HAVE_GETTER;
4927 /* Leave 'getter' on stack */
4928 } else {
4929 duk_pop(ctx);
4930 }
4931
4932 if (duk_get_prop_stridx(ctx, idx_in, DUK_STRIDX_SET)) {
4933 duk_tval *tv = duk_require_tval(ctx, -1);
4934 duk_hobject *h_set;
4935
4936 if (DUK_TVAL_IS_UNDEFINED(tv)) {
4937 /* undefined is accepted */
4938 DUK_ASSERT(setter == NULL);
4939 } else {
4940 /* NOTE: lightfuncs are coerced to full functions because
4941 * lightfuncs don't fit into a property value slot. This
4942 * has some side effects, see test-dev-lightfunc-accessor.js.
4943 */
4944 h_set = duk_get_hobject_or_lfunc_coerce(ctx, -1);
4945 if (h_set == NULL || !DUK_HOBJECT_IS_CALLABLE(h_set)) {
4946 goto type_error;
4947 }
4948 setter = h_set;
4949 }
4950 is_acc_desc = 1;
4951 defprop_flags |= DUK_DEFPROP_HAVE_SETTER;
4952 /* Leave 'setter' on stack */
4953 } else {
4954 duk_pop(ctx);
4955 }
4956
4957 if (duk_get_prop_stridx(ctx, idx_in, DUK_STRIDX_ENUMERABLE)) {
4958 if (duk_to_boolean(ctx, -1)) {
4959 defprop_flags |= DUK_DEFPROP_HAVE_ENUMERABLE | DUK_DEFPROP_ENUMERABLE;
4960 } else {
4961 defprop_flags |= DUK_DEFPROP_HAVE_ENUMERABLE;
4962 }
4963 }
4964 duk_pop(ctx);
4965
4966 if (duk_get_prop_stridx(ctx, idx_in, DUK_STRIDX_CONFIGURABLE)) {
4967 if (duk_to_boolean(ctx, -1)) {
4968 defprop_flags |= DUK_DEFPROP_HAVE_CONFIGURABLE | DUK_DEFPROP_CONFIGURABLE;
4969 } else {
4970 defprop_flags |= DUK_DEFPROP_HAVE_CONFIGURABLE;
4971 }
4972 }
4973 duk_pop(ctx);
4974
4975 if (is_data_desc && is_acc_desc) {
4976 goto type_error;
4977 }
4978
4979 *out_defprop_flags = defprop_flags;
4980 *out_idx_value = idx_value;
4981 *out_getter = getter;
4982 *out_setter = setter;
4983
4984 /* [ ... value? getter? setter? ] */
4985 return;
4986
4987 type_error:
4988 DUK_ERROR_TYPE(thr, DUK_STR_INVALID_DESCRIPTOR);
4989 }
4990
4991 /*
4992 * Object.defineProperty() related helper (E5 Section 15.2.3.6)
4993 *
4994 * Inlines all [[DefineOwnProperty]] exotic behaviors.
4995 *
4996 * Note: Ecmascript compliant [[DefineOwnProperty]](P, Desc, Throw) is not
4997 * implemented directly, but Object.defineProperty() serves its purpose.
4998 * We don't need the [[DefineOwnProperty]] internally and we don't have a
4999 * property descriptor with 'missing values' so it's easier to avoid it
5000 * entirely.
5001 *
5002 * Note: this is only called for actual objects, not primitive values.
5003 * This must support virtual properties for full objects (e.g. Strings)
5004 * but not for plain values (e.g. strings). Lightfuncs, even though
5005 * primitive in a sense, are treated like objects and accepted as target
5006 * values.
5007 */
5008
5009 /* XXX: this is a major target for size optimization */
5010 DUK_INTERNAL
5011 void duk_hobject_define_property_helper(duk_context *ctx,
5012 duk_uint_t defprop_flags,
5013 duk_hobject *obj,
5014 duk_hstring *key,
5015 duk_idx_t idx_value,
5016 duk_hobject *get,
5017 duk_hobject *set) {
5018 duk_hthread *thr = (duk_hthread *) ctx;
5019 duk_uint32_t arr_idx;
5020 duk_tval tv;
5021 duk_bool_t has_enumerable;
5022 duk_bool_t has_configurable;
5023 duk_bool_t has_writable;
5024 duk_bool_t has_value;
5025 duk_bool_t has_get;
5026 duk_bool_t has_set;
5027 duk_bool_t is_enumerable;
5028 duk_bool_t is_configurable;
5029 duk_bool_t is_writable;
5030 duk_bool_t throw_flag;
5031 duk_bool_t force_flag;
5032 duk_small_uint_t new_flags;
5033 duk_propdesc curr;
5034 duk_uint32_t arridx_new_array_length; /* != 0 => post-update for array 'length' (used when key is an array index) */
5035 duk_uint32_t arrlen_old_len;
5036 duk_uint32_t arrlen_new_len;
5037 duk_bool_t pending_write_protect;
5038
5039 DUK_ASSERT(thr != NULL);
5040 DUK_ASSERT(thr->heap != NULL);
5041 DUK_ASSERT(ctx != NULL);
5042 DUK_ASSERT(obj != NULL);
5043 DUK_ASSERT(key != NULL);
5044 /* idx_value may be < 0 (no value), set and get may be NULL */
5045
5046 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
5047
5048 /* All the flags fit in 16 bits, so will fit into duk_bool_t. */
5049
5050 has_writable = (defprop_flags & DUK_DEFPROP_HAVE_WRITABLE);
5051 has_enumerable = (defprop_flags & DUK_DEFPROP_HAVE_ENUMERABLE);
5052 has_configurable = (defprop_flags & DUK_DEFPROP_HAVE_CONFIGURABLE);
5053 has_value = (defprop_flags & DUK_DEFPROP_HAVE_VALUE);
5054 has_get = (defprop_flags & DUK_DEFPROP_HAVE_GETTER);
5055 has_set = (defprop_flags & DUK_DEFPROP_HAVE_SETTER);
5056 is_writable = (defprop_flags & DUK_DEFPROP_WRITABLE);
5057 is_enumerable = (defprop_flags & DUK_DEFPROP_ENUMERABLE);
5058 is_configurable = (defprop_flags & DUK_DEFPROP_CONFIGURABLE);
5059 throw_flag = 1; /* Object.defineProperty() calls [[DefineOwnProperty]] with Throw=true */
5060 force_flag = (defprop_flags & DUK_DEFPROP_FORCE);
5061
5062 arr_idx = DUK_HSTRING_GET_ARRIDX_SLOW(key);
5063
5064 arridx_new_array_length = 0;
5065 pending_write_protect = 0;
5066 arrlen_old_len = 0;
5067 arrlen_new_len = 0;
5068
5069 DUK_DDD(DUK_DDDPRINT("has_enumerable=%ld is_enumerable=%ld "
5070 "has_configurable=%ld is_configurable=%ld "
5071 "has_writable=%ld is_writable=%ld "
5072 "has_value=%ld value=%!T "
5073 "has_get=%ld get=%p=%!O "
5074 "has_set=%ld set=%p=%!O "
5075 "arr_idx=%ld",
5076 (long) has_enumerable, (long) is_enumerable,
5077 (long) has_configurable, (long) is_configurable,
5078 (long) has_writable, (long) is_writable,
5079 (long) has_value, (duk_tval *) (idx_value >= 0 ? duk_get_tval(ctx, idx_value) : NULL),
5080 (long) has_get, (void *) get, (duk_heaphdr *) get,
5081 (long) has_set, (void *) set, (duk_heaphdr *) set,
5082 (long) arr_idx));
5083
5084 /*
5085 * Array exotic behaviors can be implemented at this point. The local variables
5086 * are essentially a 'value copy' of the input descriptor (Desc), which is modified
5087 * by the Array [[DefineOwnProperty]] (E5 Section 15.4.5.1).
5088 */
5089
5090 if (!DUK_HOBJECT_HAS_EXOTIC_ARRAY(obj)) {
5091 goto skip_array_exotic;
5092 }
5093
5094 if (key == DUK_HTHREAD_STRING_LENGTH(thr)) {
5095 /* E5 Section 15.4.5.1, step 3, steps a - i are implemented here, j - n at the end */
5096 if (!has_value) {
5097 DUK_DDD(DUK_DDDPRINT("exotic array behavior for 'length', but no value in descriptor -> normal behavior"));
5098 goto skip_array_exotic;
5099 }
5100
5101 DUK_DDD(DUK_DDDPRINT("exotic array behavior for 'length', value present in descriptor -> exotic behavior"));
5102
5103 /*
5104 * Get old and new length
5105 */
5106
5107 /* Note: reuse 'curr' as a temp propdesc */
5108 arrlen_old_len = duk__get_old_array_length(thr, obj, &curr);
5109
5110 duk_dup(ctx, idx_value);
5111 arrlen_new_len = duk__to_new_array_length_checked(thr);
5112 duk_push_u32(ctx, arrlen_new_len);
5113 duk_replace(ctx, idx_value); /* step 3.e: replace 'Desc.[[Value]]' */
5114
5115 DUK_DDD(DUK_DDDPRINT("old_len=%ld, new_len=%ld", (long) arrlen_old_len, (long) arrlen_new_len));
5116
5117 if (arrlen_new_len >= arrlen_old_len) {
5118 /* standard behavior, step 3.f.i */
5119 DUK_DDD(DUK_DDDPRINT("new length is same or higher as previous => standard behavior"));
5120 goto skip_array_exotic;
5121 }
5122 DUK_DDD(DUK_DDDPRINT("new length is smaller than previous => exotic post behavior"));
5123
5124 /* XXX: consolidated algorithm step 15.f -> redundant? */
5125 if (!(curr.flags & DUK_PROPDESC_FLAG_WRITABLE) && !force_flag) {
5126 /* Note: 'curr' refers to 'length' propdesc */
5127 goto fail_not_writable_array_length;
5128 }
5129
5130 /* steps 3.h and 3.i */
5131 if (has_writable && !is_writable) {
5132 DUK_DDD(DUK_DDDPRINT("desc writable is false, force it back to true, and flag pending write protect"));
5133 is_writable = 1;
5134 pending_write_protect = 1;
5135 }
5136
5137 /* remaining actual steps are carried out if standard DefineOwnProperty succeeds */
5138 } else if (arr_idx != DUK__NO_ARRAY_INDEX) {
5139 /* XXX: any chance of unifying this with the 'length' key handling? */
5140
5141 /* E5 Section 15.4.5.1, step 4 */
5142 duk_uint32_t old_len;
5143
5144 /* Note: use 'curr' as a temp propdesc */
5145 old_len = duk__get_old_array_length(thr, obj, &curr);
5146
5147 if (arr_idx >= old_len) {
5148 DUK_DDD(DUK_DDDPRINT("defineProperty requires array length update "
5149 "(arr_idx=%ld, old_len=%ld)",
5150 (long) arr_idx, (long) old_len));
5151
5152 if (!(curr.flags & DUK_PROPDESC_FLAG_WRITABLE)) {
5153 /* Note: 'curr' refers to 'length' propdesc */
5154 goto fail_not_writable_array_length;
5155 }
5156
5157 /* actual update happens once write has been completed without
5158 * error below.
5159 */
5160 DUK_ASSERT(arr_idx != 0xffffffffUL);
5161 arridx_new_array_length = arr_idx + 1;
5162 } else {
5163 DUK_DDD(DUK_DDDPRINT("defineProperty does not require length update "
5164 "(arr_idx=%ld, old_len=%ld) -> standard behavior",
5165 (long) arr_idx, (long) old_len));
5166 }
5167 }
5168 skip_array_exotic:
5169
5170 /* XXX: There is currently no support for writing buffer object
5171 * indexed elements here. Attempt to do so will succeed and
5172 * write a concrete property into the buffer object. This should
5173 * be fixed at some point but because buffers are a custom feature
5174 * anyway, this is relatively unimportant.
5175 */
5176
5177 /*
5178 * Actual Object.defineProperty() default algorithm.
5179 */
5180
5181 /*
5182 * First check whether property exists; if not, simple case. This covers
5183 * steps 1-4.
5184 */
5185
5186 if (!duk__get_own_propdesc_raw(thr, obj, key, arr_idx, &curr, DUK_GETDESC_FLAG_PUSH_VALUE)) {
5187 DUK_DDD(DUK_DDDPRINT("property does not exist"));
5188
5189 if (!DUK_HOBJECT_HAS_EXTENSIBLE(obj) && !force_flag) {
5190 goto fail_not_extensible;
5191 }
5192
5193 /* XXX: share final setting code for value and flags? difficult because
5194 * refcount code is different. Share entry allocation? But can't allocate
5195 * until array index checked.
5196 */
5197
5198 /* steps 4.a and 4.b are tricky */
5199 if (has_set || has_get) {
5200 duk_int_t e_idx;
5201
5202 DUK_DDD(DUK_DDDPRINT("create new accessor property"));
5203
5204 DUK_ASSERT(has_set || set == NULL);
5205 DUK_ASSERT(has_get || get == NULL);
5206 DUK_ASSERT(!has_value);
5207 DUK_ASSERT(!has_writable);
5208
5209 new_flags = DUK_PROPDESC_FLAG_ACCESSOR; /* defaults, E5 Section 8.6.1, Table 7 */
5210 if (has_enumerable && is_enumerable) {
5211 new_flags |= DUK_PROPDESC_FLAG_ENUMERABLE;
5212 }
5213 if (has_configurable && is_configurable) {
5214 new_flags |= DUK_PROPDESC_FLAG_CONFIGURABLE;
5215 }
5216
5217 if (arr_idx != DUK__NO_ARRAY_INDEX && DUK_HOBJECT_HAS_ARRAY_PART(obj)) {
5218 DUK_DDD(DUK_DDDPRINT("accessor cannot go to array part, abandon array"));
5219 duk__abandon_array_checked(thr, obj);
5220 }
5221
5222 /* write to entry part */
5223 e_idx = duk__alloc_entry_checked(thr, obj, key);
5224 DUK_ASSERT(e_idx >= 0);
5225
5226 DUK_HOBJECT_E_SET_VALUE_GETTER(thr->heap, obj, e_idx, get);
5227 DUK_HOBJECT_E_SET_VALUE_SETTER(thr->heap, obj, e_idx, set);
5228 DUK_HOBJECT_INCREF_ALLOWNULL(thr, get);
5229 DUK_HOBJECT_INCREF_ALLOWNULL(thr, set);
5230
5231 DUK_HOBJECT_E_SET_FLAGS(thr->heap, obj, e_idx, new_flags);
5232 goto success_exotics;
5233 } else {
5234 duk_int_t e_idx;
5235 duk_tval *tv2;
5236
5237 DUK_DDD(DUK_DDDPRINT("create new data property"));
5238
5239 DUK_ASSERT(!has_set);
5240 DUK_ASSERT(!has_get);
5241
5242 new_flags = 0; /* defaults, E5 Section 8.6.1, Table 7 */
5243 if (has_writable && is_writable) {
5244 new_flags |= DUK_PROPDESC_FLAG_WRITABLE;
5245 }
5246 if (has_enumerable && is_enumerable) {
5247 new_flags |= DUK_PROPDESC_FLAG_ENUMERABLE;
5248 }
5249 if (has_configurable && is_configurable) {
5250 new_flags |= DUK_PROPDESC_FLAG_CONFIGURABLE;
5251 }
5252 if (has_value) {
5253 duk_tval *tv_tmp = duk_require_tval(ctx, idx_value);
5254 DUK_TVAL_SET_TVAL(&tv, tv_tmp);
5255 } else {
5256 DUK_TVAL_SET_UNDEFINED(&tv); /* default value */
5257 }
5258
5259 if (arr_idx != DUK__NO_ARRAY_INDEX && DUK_HOBJECT_HAS_ARRAY_PART(obj)) {
5260 if (new_flags == DUK_PROPDESC_FLAGS_WEC) {
5261 #if 0
5262 DUK_DDD(DUK_DDDPRINT("new data property attributes match array defaults, attempt to write to array part"));
5263 /* may become sparse...*/
5264 #endif
5265 /* XXX: handling for array part missing now; this doesn't affect
5266 * compliance but causes array entry writes using defineProperty()
5267 * to always abandon array part.
5268 */
5269 }
5270 DUK_DDD(DUK_DDDPRINT("new data property cannot go to array part, abandon array"));
5271 duk__abandon_array_checked(thr, obj);
5272 /* fall through */
5273 }
5274
5275 /* write to entry part */
5276 e_idx = duk__alloc_entry_checked(thr, obj, key);
5277 DUK_ASSERT(e_idx >= 0);
5278 tv2 = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, obj, e_idx);
5279 DUK_TVAL_SET_TVAL(tv2, &tv);
5280 DUK_TVAL_INCREF(thr, tv2);
5281
5282 DUK_HOBJECT_E_SET_FLAGS(thr->heap, obj, e_idx, new_flags);
5283 goto success_exotics;
5284 }
5285 DUK_UNREACHABLE();
5286 }
5287
5288 /* we currently assume virtual properties are not configurable (as none of them are) */
5289 DUK_ASSERT((curr.e_idx >= 0 || curr.a_idx >= 0) || !(curr.flags & DUK_PROPDESC_FLAG_CONFIGURABLE));
5290
5291 /* [obj key desc value get set curr_value] */
5292
5293 /*
5294 * Property already exists. Steps 5-6 detect whether any changes need
5295 * to be made.
5296 */
5297
5298 if (has_enumerable) {
5299 if (is_enumerable) {
5300 if (!(curr.flags & DUK_PROPDESC_FLAG_ENUMERABLE)) {
5301 goto need_check;
5302 }
5303 } else {
5304 if (curr.flags & DUK_PROPDESC_FLAG_ENUMERABLE) {
5305 goto need_check;
5306 }
5307 }
5308 }
5309 if (has_configurable) {
5310 if (is_configurable) {
5311 if (!(curr.flags & DUK_PROPDESC_FLAG_CONFIGURABLE)) {
5312 goto need_check;
5313 }
5314 } else {
5315 if (curr.flags & DUK_PROPDESC_FLAG_CONFIGURABLE) {
5316 goto need_check;
5317 }
5318 }
5319 }
5320 if (has_value) {
5321 duk_tval *tmp1;
5322 duk_tval *tmp2;
5323
5324 /* attempt to change from accessor to data property */
5325 if (curr.flags & DUK_PROPDESC_FLAG_ACCESSOR) {
5326 goto need_check;
5327 }
5328
5329 tmp1 = duk_require_tval(ctx, -1); /* curr value */
5330 tmp2 = duk_require_tval(ctx, idx_value); /* new value */
5331 if (!duk_js_samevalue(tmp1, tmp2)) {
5332 goto need_check;
5333 }
5334 }
5335 if (has_writable) {
5336 /* attempt to change from accessor to data property */
5337 if (curr.flags & DUK_PROPDESC_FLAG_ACCESSOR) {
5338 goto need_check;
5339 }
5340
5341 if (is_writable) {
5342 if (!(curr.flags & DUK_PROPDESC_FLAG_WRITABLE)) {
5343 goto need_check;
5344 }
5345 } else {
5346 if (curr.flags & DUK_PROPDESC_FLAG_WRITABLE) {
5347 goto need_check;
5348 }
5349 }
5350 }
5351 if (has_set) {
5352 if (curr.flags & DUK_PROPDESC_FLAG_ACCESSOR) {
5353 if (set != curr.set) {
5354 goto need_check;
5355 }
5356 } else {
5357 goto need_check;
5358 }
5359 }
5360 if (has_get) {
5361 if (curr.flags & DUK_PROPDESC_FLAG_ACCESSOR) {
5362 if (get != curr.get) {
5363 goto need_check;
5364 }
5365 } else {
5366 goto need_check;
5367 }
5368 }
5369
5370 /* property exists, either 'desc' is empty, or all values
5371 * match (SameValue)
5372 */
5373 goto success_no_exotics;
5374
5375 need_check:
5376
5377 /*
5378 * Some change(s) need to be made. Steps 7-11.
5379 */
5380
5381 /* shared checks for all descriptor types */
5382 if (!(curr.flags & DUK_PROPDESC_FLAG_CONFIGURABLE) && !force_flag) {
5383 if (has_configurable && is_configurable) {
5384 goto fail_not_configurable;
5385 }
5386 if (has_enumerable) {
5387 if (curr.flags & DUK_PROPDESC_FLAG_ENUMERABLE) {
5388 if (!is_enumerable) {
5389 goto fail_not_configurable;
5390 }
5391 } else {
5392 if (is_enumerable) {
5393 goto fail_not_configurable;
5394 }
5395 }
5396 }
5397 }
5398
5399 /* Reject attempt to change virtual properties: not part of the
5400 * standard algorithm, applies currently to e.g. virtual index
5401 * properties of buffer objects (which are virtual but writable).
5402 * (Cannot "force" modification of a virtual property.)
5403 */
5404 if (curr.flags & DUK_PROPDESC_FLAG_VIRTUAL) {
5405 goto fail_virtual;
5406 }
5407
5408 /* Reject attempt to change a read-only object. */
5409 #if defined(DUK_USE_ROM_OBJECTS)
5410 if (DUK_HEAPHDR_HAS_READONLY((duk_heaphdr *) obj)) {
5411 DUK_DD(DUK_DDPRINT("attempt to define property on read-only target object"));
5412 goto fail_not_configurable;
5413 }
5414 #endif
5415
5416 /* descriptor type specific checks */
5417 if (has_set || has_get) {
5418 /* IsAccessorDescriptor(desc) == true */
5419 DUK_ASSERT(!has_writable);
5420 DUK_ASSERT(!has_value);
5421
5422 if (curr.flags & DUK_PROPDESC_FLAG_ACCESSOR) {
5423 /* curr and desc are accessors */
5424 if (!(curr.flags & DUK_PROPDESC_FLAG_CONFIGURABLE) && !force_flag) {
5425 if (has_set && set != curr.set) {
5426 goto fail_not_configurable;
5427 }
5428 if (has_get && get != curr.get) {
5429 goto fail_not_configurable;
5430 }
5431 }
5432 } else {
5433 duk_bool_t rc;
5434 duk_tval *tv1;
5435 duk_tval tv_tmp;
5436
5437 /* curr is data, desc is accessor */
5438 if (!(curr.flags & DUK_PROPDESC_FLAG_CONFIGURABLE) && !force_flag) {
5439 goto fail_not_configurable;
5440 }
5441
5442 DUK_DDD(DUK_DDDPRINT("convert property to accessor property"));
5443 if (curr.a_idx >= 0) {
5444 DUK_DDD(DUK_DDDPRINT("property to convert is stored in an array entry, abandon array and re-lookup"));
5445 duk__abandon_array_checked(thr, obj);
5446 duk_pop(ctx); /* remove old value */
5447 rc = duk__get_own_propdesc_raw(thr, obj, key, arr_idx, &curr, DUK_GETDESC_FLAG_PUSH_VALUE);
5448 DUK_UNREF(rc);
5449 DUK_ASSERT(rc != 0);
5450 DUK_ASSERT(curr.e_idx >= 0 && curr.a_idx < 0);
5451 }
5452
5453 DUK_ASSERT(!DUK_HOBJECT_E_SLOT_IS_ACCESSOR(thr->heap, obj, curr.e_idx));
5454
5455 /* Avoid side effects that might disturb curr.e_idx until
5456 * we're done editing the slot.
5457 */
5458 tv1 = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, obj, curr.e_idx);
5459 DUK_TVAL_SET_TVAL(&tv_tmp, tv1);
5460 DUK_TVAL_SET_UNDEFINED(tv1);
5461
5462 DUK_HOBJECT_E_SET_VALUE_GETTER(thr->heap, obj, curr.e_idx, NULL);
5463 DUK_HOBJECT_E_SET_VALUE_SETTER(thr->heap, obj, curr.e_idx, NULL);
5464 DUK_HOBJECT_E_SLOT_CLEAR_WRITABLE(thr->heap, obj, curr.e_idx);
5465 DUK_HOBJECT_E_SLOT_SET_ACCESSOR(thr->heap, obj, curr.e_idx);
5466
5467 DUK_DDD(DUK_DDDPRINT("flags after data->accessor conversion: 0x%02lx",
5468 (unsigned long) DUK_HOBJECT_E_GET_FLAGS(thr->heap, obj, curr.e_idx)));
5469
5470 DUK_TVAL_DECREF(thr, &tv_tmp); /* side effects */
5471
5472 /* re-lookup to update curr.flags
5473 * XXX: would be faster to update directly
5474 */
5475 duk_pop(ctx); /* remove old value */
5476 rc = duk__get_own_propdesc_raw(thr, obj, key, arr_idx, &curr, DUK_GETDESC_FLAG_PUSH_VALUE);
5477 DUK_UNREF(rc);
5478 DUK_ASSERT(rc != 0);
5479 }
5480 } else if (has_value || has_writable) {
5481 /* IsDataDescriptor(desc) == true */
5482 DUK_ASSERT(!has_set);
5483 DUK_ASSERT(!has_get);
5484
5485 if (curr.flags & DUK_PROPDESC_FLAG_ACCESSOR) {
5486 duk_bool_t rc;
5487 duk_hobject *h_get;
5488 duk_hobject *h_set;
5489
5490 /* curr is accessor, desc is data */
5491 if (!(curr.flags & DUK_PROPDESC_FLAG_CONFIGURABLE) && !force_flag) {
5492 goto fail_not_configurable;
5493 }
5494
5495 /* curr is accessor -> cannot be in array part */
5496 DUK_ASSERT(curr.e_idx >= 0 && curr.a_idx < 0);
5497
5498 DUK_DDD(DUK_DDDPRINT("convert property to data property"));
5499
5500 /* Avoid side effects that might disturb curr.e_idx until
5501 * we're done editing the slot.
5502 */
5503 DUK_ASSERT(DUK_HOBJECT_E_SLOT_IS_ACCESSOR(thr->heap, obj, curr.e_idx));
5504 h_get = DUK_HOBJECT_E_GET_VALUE_GETTER(thr->heap, obj, curr.e_idx);
5505 DUK_HOBJECT_E_SET_VALUE_GETTER(thr->heap, obj, curr.e_idx, NULL);
5506 h_set = DUK_HOBJECT_E_GET_VALUE_SETTER(thr->heap, obj, curr.e_idx);
5507 DUK_HOBJECT_E_SET_VALUE_SETTER(thr->heap, obj, curr.e_idx, NULL);
5508
5509 DUK_TVAL_SET_UNDEFINED(DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, obj, curr.e_idx));
5510 DUK_HOBJECT_E_SLOT_CLEAR_WRITABLE(thr->heap, obj, curr.e_idx);
5511 DUK_HOBJECT_E_SLOT_CLEAR_ACCESSOR(thr->heap, obj, curr.e_idx);
5512
5513 DUK_DDD(DUK_DDDPRINT("flags after accessor->data conversion: 0x%02lx",
5514 (unsigned long) DUK_HOBJECT_E_GET_FLAGS(thr->heap, obj, curr.e_idx)));
5515
5516 DUK_HOBJECT_DECREF_ALLOWNULL(thr, h_get); /* side effects */
5517 DUK_HOBJECT_DECREF_ALLOWNULL(thr, h_set); /* side effects */
5518
5519 /* re-lookup to update curr.flags
5520 * XXX: would be faster to update directly
5521 */
5522 duk_pop(ctx); /* remove old value */
5523 rc = duk__get_own_propdesc_raw(thr, obj, key, arr_idx, &curr, DUK_GETDESC_FLAG_PUSH_VALUE);
5524 DUK_UNREF(rc);
5525 DUK_ASSERT(rc != 0);
5526 } else {
5527 /* curr and desc are data */
5528 if (!(curr.flags & DUK_PROPDESC_FLAG_CONFIGURABLE) && !force_flag) {
5529 if (!(curr.flags & DUK_PROPDESC_FLAG_WRITABLE) && has_writable && is_writable) {
5530 goto fail_not_configurable;
5531 }
5532 /* Note: changing from writable to non-writable is OK */
5533 if (!(curr.flags & DUK_PROPDESC_FLAG_WRITABLE) && has_value) {
5534 duk_tval *tmp1 = duk_require_tval(ctx, -1); /* curr value */
5535 duk_tval *tmp2 = duk_require_tval(ctx, idx_value); /* new value */
5536 if (!duk_js_samevalue(tmp1, tmp2)) {
5537 goto fail_not_configurable;
5538 }
5539 }
5540 }
5541 }
5542 } else {
5543 /* IsGenericDescriptor(desc) == true; this means in practice that 'desc'
5544 * only has [[Enumerable]] or [[Configurable]] flag updates, which are
5545 * allowed at this point.
5546 */
5547
5548 DUK_ASSERT(!has_value && !has_writable && !has_get && !has_set);
5549 }
5550
5551 /*
5552 * Start doing property attributes updates. Steps 12-13.
5553 *
5554 * Start by computing new attribute flags without writing yet.
5555 * Property type conversion is done above if necessary.
5556 */
5557
5558 new_flags = curr.flags;
5559
5560 if (has_enumerable) {
5561 if (is_enumerable) {
5562 new_flags |= DUK_PROPDESC_FLAG_ENUMERABLE;
5563 } else {
5564 new_flags &= ~DUK_PROPDESC_FLAG_ENUMERABLE;
5565 }
5566 }
5567 if (has_configurable) {
5568 if (is_configurable) {
5569 new_flags |= DUK_PROPDESC_FLAG_CONFIGURABLE;
5570 } else {
5571 new_flags &= ~DUK_PROPDESC_FLAG_CONFIGURABLE;
5572 }
5573 }
5574 if (has_writable) {
5575 if (is_writable) {
5576 new_flags |= DUK_PROPDESC_FLAG_WRITABLE;
5577 } else {
5578 new_flags &= ~DUK_PROPDESC_FLAG_WRITABLE;
5579 }
5580 }
5581
5582 /* XXX: write protect after flag? -> any chance of handling it here? */
5583
5584 DUK_DDD(DUK_DDDPRINT("new flags that we want to write: 0x%02lx",
5585 (unsigned long) new_flags));
5586
5587 /*
5588 * Check whether we need to abandon an array part (if it exists)
5589 */
5590
5591 if (curr.a_idx >= 0) {
5592 duk_bool_t rc;
5593
5594 DUK_ASSERT(curr.e_idx < 0);
5595
5596 if (new_flags == DUK_PROPDESC_FLAGS_WEC) {
5597 duk_tval *tv1, *tv2;
5598
5599 DUK_DDD(DUK_DDDPRINT("array index, new property attributes match array defaults, update in-place"));
5600
5601 DUK_ASSERT(curr.flags == DUK_PROPDESC_FLAGS_WEC); /* must have been, since in array part */
5602 DUK_ASSERT(!has_set);
5603 DUK_ASSERT(!has_get);
5604
5605 tv2 = duk_require_tval(ctx, idx_value);
5606 tv1 = DUK_HOBJECT_A_GET_VALUE_PTR(thr->heap, obj, curr.a_idx);
5607 DUK_TVAL_SET_TVAL_UPDREF(thr, tv1, tv2); /* side effects */
5608 goto success_exotics;
5609 }
5610
5611 DUK_DDD(DUK_DDDPRINT("array index, new property attributes do not match array defaults, abandon array and re-lookup"));
5612 duk__abandon_array_checked(thr, obj);
5613 duk_pop(ctx); /* remove old value */
5614 rc = duk__get_own_propdesc_raw(thr, obj, key, arr_idx, &curr, DUK_GETDESC_FLAG_PUSH_VALUE);
5615 DUK_UNREF(rc);
5616 DUK_ASSERT(rc != 0);
5617 DUK_ASSERT(curr.e_idx >= 0 && curr.a_idx < 0);
5618 }
5619
5620 DUK_DDD(DUK_DDDPRINT("updating existing property in entry part"));
5621
5622 /* array case is handled comprehensively above */
5623 DUK_ASSERT(curr.e_idx >= 0 && curr.a_idx < 0);
5624
5625 DUK_DDD(DUK_DDDPRINT("update existing property attributes"));
5626 DUK_HOBJECT_E_SET_FLAGS(thr->heap, obj, curr.e_idx, new_flags);
5627
5628 if (has_set) {
5629 duk_hobject *tmp;
5630
5631 DUK_DDD(DUK_DDDPRINT("update existing property setter"));
5632 DUK_ASSERT(DUK_HOBJECT_E_SLOT_IS_ACCESSOR(thr->heap, obj, curr.e_idx));
5633
5634 tmp = DUK_HOBJECT_E_GET_VALUE_SETTER(thr->heap, obj, curr.e_idx);
5635 DUK_UNREF(tmp);
5636 DUK_HOBJECT_E_SET_VALUE_SETTER(thr->heap, obj, curr.e_idx, set);
5637 DUK_HOBJECT_INCREF_ALLOWNULL(thr, set);
5638 DUK_HOBJECT_DECREF_ALLOWNULL(thr, tmp); /* side effects */
5639 }
5640 if (has_get) {
5641 duk_hobject *tmp;
5642
5643 DUK_DDD(DUK_DDDPRINT("update existing property getter"));
5644 DUK_ASSERT(DUK_HOBJECT_E_SLOT_IS_ACCESSOR(thr->heap, obj, curr.e_idx));
5645
5646 tmp = DUK_HOBJECT_E_GET_VALUE_GETTER(thr->heap, obj, curr.e_idx);
5647 DUK_UNREF(tmp);
5648 DUK_HOBJECT_E_SET_VALUE_GETTER(thr->heap, obj, curr.e_idx, get);
5649 DUK_HOBJECT_INCREF_ALLOWNULL(thr, get);
5650 DUK_HOBJECT_DECREF_ALLOWNULL(thr, tmp); /* side effects */
5651 }
5652 if (has_value) {
5653 duk_tval *tv1, *tv2;
5654
5655 DUK_DDD(DUK_DDDPRINT("update existing property value"));
5656 DUK_ASSERT(!DUK_HOBJECT_E_SLOT_IS_ACCESSOR(thr->heap, obj, curr.e_idx));
5657
5658 tv2 = duk_require_tval(ctx, idx_value);
5659 tv1 = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, obj, curr.e_idx);
5660 DUK_TVAL_SET_TVAL_UPDREF(thr, tv1, tv2); /* side effects */
5661 }
5662
5663 /*
5664 * Standard algorithm succeeded without errors, check for exotic post-behaviors.
5665 *
5666 * Arguments exotic behavior in E5 Section 10.6 occurs after the standard
5667 * [[DefineOwnProperty]] has completed successfully.
5668 *
5669 * Array exotic behavior in E5 Section 15.4.5.1 is implemented partly
5670 * prior to the default [[DefineOwnProperty]], but:
5671 * - for an array index key (e.g. "10") the final 'length' update occurs here
5672 * - for 'length' key the element deletion and 'length' update occurs here
5673 */
5674
5675 success_exotics:
5676
5677 /* [obj key desc value get set curr_value] */
5678
5679 if (DUK_HOBJECT_HAS_EXOTIC_ARRAY(obj)) {
5680 if (arridx_new_array_length > 0) {
5681 duk_tval *tmp;
5682 duk_bool_t rc;
5683
5684 /*
5685 * Note: zero works as a "no update" marker because the new length
5686 * can never be zero after a new property is written.
5687 */
5688
5689 /* E5 Section 15.4.5.1, steps 4.e.i - 4.e.ii */
5690
5691 DUK_DDD(DUK_DDDPRINT("defineProperty successful, pending array length update to: %ld",
5692 (long) arridx_new_array_length));
5693
5694 /* Note: reuse 'curr' */
5695 rc = duk__get_own_propdesc_raw(thr, obj, DUK_HTHREAD_STRING_LENGTH(thr), DUK__NO_ARRAY_INDEX, &curr, 0 /*flags*/); /* don't push value */
5696 DUK_UNREF(rc);
5697 DUK_ASSERT(rc != 0);
5698 DUK_ASSERT(curr.e_idx >= 0);
5699
5700 tmp = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, obj, curr.e_idx);
5701 DUK_ASSERT(DUK_TVAL_IS_NUMBER(tmp));
5702 /* no need for decref/incref because value is a number */
5703 DUK_TVAL_SET_FASTINT_U32(tmp, arridx_new_array_length);
5704 }
5705 if (key == DUK_HTHREAD_STRING_LENGTH(thr) && arrlen_new_len < arrlen_old_len) {
5706 /*
5707 * E5 Section 15.4.5.1, steps 3.k - 3.n. The order at the end combines
5708 * the error case 3.l.iii and the success case 3.m-3.n.
5709 *
5710 * Note: 'length' is always in entries part, so no array abandon issues for
5711 * 'writable' update.
5712 */
5713
5714 /* XXX: investigate whether write protect can be handled above, if we
5715 * just update length here while ignoring its protected status
5716 */
5717
5718 duk_tval *tmp;
5719 duk_uint32_t result_len;
5720 duk_bool_t rc;
5721
5722 DUK_DDD(DUK_DDDPRINT("defineProperty successful, key is 'length', exotic array behavior, "
5723 "doing array element deletion and length update"));
5724
5725 rc = duk__handle_put_array_length_smaller(thr, obj, arrlen_old_len, arrlen_new_len, force_flag, &result_len);
5726
5727 /* update length (curr points to length, and we assume it's still valid) */
5728 DUK_ASSERT(result_len >= arrlen_new_len && result_len <= arrlen_old_len);
5729
5730 DUK_ASSERT(curr.e_idx >= 0);
5731 DUK_ASSERT(!DUK_HOBJECT_E_SLOT_IS_ACCESSOR(thr->heap, obj, curr.e_idx));
5732 tmp = DUK_HOBJECT_E_GET_VALUE_TVAL_PTR(thr->heap, obj, curr.e_idx);
5733 DUK_ASSERT(DUK_TVAL_IS_NUMBER(tmp));
5734 /* no decref needed for a number */
5735 DUK_TVAL_SET_FASTINT_U32(tmp, result_len);
5736 DUK_ASSERT(DUK_TVAL_IS_NUMBER(tmp));
5737
5738 if (pending_write_protect) {
5739 DUK_DDD(DUK_DDDPRINT("setting array length non-writable (pending writability update)"));
5740 DUK_HOBJECT_E_SLOT_CLEAR_WRITABLE(thr->heap, obj, curr.e_idx);
5741 }
5742
5743 /*
5744 * XXX: shrink array allocation or entries compaction here?
5745 */
5746
5747 if (!rc) {
5748 goto fail_array_length_partial;
5749 }
5750 }
5751 } else if (arr_idx != DUK__NO_ARRAY_INDEX && DUK_HOBJECT_HAS_EXOTIC_ARGUMENTS(obj)) {
5752 duk_hobject *map;
5753 duk_hobject *varenv;
5754
5755 DUK_ASSERT(arridx_new_array_length == 0);
5756 DUK_ASSERT(!DUK_HOBJECT_HAS_EXOTIC_ARRAY(obj)); /* traits are separate; in particular, arguments not an array */
5757
5758 map = NULL;
5759 varenv = NULL;
5760 if (!duk__lookup_arguments_map(thr, obj, key, &curr, &map, &varenv)) {
5761 goto success_no_exotics;
5762 }
5763 DUK_ASSERT(map != NULL);
5764 DUK_ASSERT(varenv != NULL);
5765
5766 /* [obj key desc value get set curr_value varname] */
5767
5768 if (has_set || has_get) {
5769 /* = IsAccessorDescriptor(Desc) */
5770 DUK_DDD(DUK_DDDPRINT("defineProperty successful, key mapped to arguments 'map' "
5771 "changed to an accessor, delete arguments binding"));
5772
5773 (void) duk_hobject_delprop_raw(thr, map, key, 0); /* ignore result */
5774 } else {
5775 /* Note: this order matters (final value before deleting map entry must be done) */
5776 DUK_DDD(DUK_DDDPRINT("defineProperty successful, key mapped to arguments 'map', "
5777 "check for value update / binding deletion"));
5778
5779 if (has_value) {
5780 duk_hstring *varname;
5781
5782 DUK_DDD(DUK_DDDPRINT("defineProperty successful, key mapped to arguments 'map', "
5783 "update bound value (variable/argument)"));
5784
5785 varname = duk_require_hstring(ctx, -1);
5786 DUK_ASSERT(varname != NULL);
5787
5788 DUK_DDD(DUK_DDDPRINT("arguments object automatic putvar for a bound variable; "
5789 "key=%!O, varname=%!O, value=%!T",
5790 (duk_heaphdr *) key,
5791 (duk_heaphdr *) varname,
5792 (duk_tval *) duk_require_tval(ctx, idx_value)));
5793
5794 /* strict flag for putvar comes from our caller (currently: fixed) */
5795 duk_js_putvar_envrec(thr, varenv, varname, duk_require_tval(ctx, idx_value), throw_flag);
5796 }
5797 if (has_writable && !is_writable) {
5798 DUK_DDD(DUK_DDDPRINT("defineProperty successful, key mapped to arguments 'map', "
5799 "changed to non-writable, delete arguments binding"));
5800
5801 (void) duk_hobject_delprop_raw(thr, map, key, 0); /* ignore result */
5802 }
5803 }
5804
5805 /* 'varname' is in stack in this else branch, leaving an unbalanced stack below,
5806 * but this doesn't matter now.
5807 */
5808 }
5809
5810 success_no_exotics:
5811 return;
5812
5813 fail_virtual:
5814 DUK_ERROR_TYPE(thr, DUK_STR_PROPERTY_IS_VIRTUAL);
5815 return;
5816
5817 fail_not_writable_array_length:
5818 DUK_ERROR_TYPE(thr, DUK_STR_ARRAY_LENGTH_NOT_WRITABLE);
5819 return;
5820
5821 fail_not_extensible:
5822 DUK_ERROR_TYPE(thr, DUK_STR_NOT_EXTENSIBLE);
5823 return;
5824
5825 fail_not_configurable:
5826 DUK_ERROR_TYPE(thr, DUK_STR_NOT_CONFIGURABLE);
5827 return;
5828
5829 fail_array_length_partial:
5830 DUK_ERROR_TYPE(thr, DUK_STR_ARRAY_LENGTH_WRITE_FAILED);
5831 return;
5832 }
5833
5834 /*
5835 * Object.prototype.hasOwnProperty() and Object.prototype.propertyIsEnumerable().
5836 */
5837
5838 DUK_INTERNAL duk_bool_t duk_hobject_object_ownprop_helper(duk_context *ctx, duk_small_uint_t required_desc_flags) {
5839 duk_hthread *thr = (duk_hthread *) ctx;
5840 duk_hstring *h_v;
5841 duk_hobject *h_obj;
5842 duk_propdesc desc;
5843 duk_bool_t ret;
5844
5845 /* coercion order matters */
5846 h_v = duk_to_hstring(ctx, 0);
5847 DUK_ASSERT(h_v != NULL);
5848
5849 h_obj = duk_push_this_coercible_to_object(ctx);
5850 DUK_ASSERT(h_obj != NULL);
5851
5852 ret = duk_hobject_get_own_propdesc(thr, h_obj, h_v, &desc, 0 /*flags*/); /* don't push value */
5853
5854 duk_push_boolean(ctx, ret && ((desc.flags & required_desc_flags) == required_desc_flags));
5855 return 1;
5856 }
5857
5858 /*
5859 * Object.seal() and Object.freeze() (E5 Sections 15.2.3.8 and 15.2.3.9)
5860 *
5861 * Since the algorithms are similar, a helper provides both functions.
5862 * Freezing is essentially sealing + making plain properties non-writable.
5863 *
5864 * Note: virtual (non-concrete) properties which are non-configurable but
5865 * writable would pose some problems, but such properties do not currently
5866 * exist (all virtual properties are non-configurable and non-writable).
5867 * If they did exist, the non-configurability does NOT prevent them from
5868 * becoming non-writable. However, this change should be recorded somehow
5869 * so that it would turn up (e.g. when getting the property descriptor),
5870 * requiring some additional flags in the object.
5871 */
5872
5873 DUK_INTERNAL void duk_hobject_object_seal_freeze_helper(duk_hthread *thr, duk_hobject *obj, duk_bool_t is_freeze) {
5874 duk_uint_fast32_t i;
5875
5876 DUK_ASSERT(thr != NULL);
5877 DUK_ASSERT(thr->heap != NULL);
5878 DUK_ASSERT(obj != NULL);
5879
5880 DUK_ASSERT_VALSTACK_SPACE(thr, DUK__VALSTACK_SPACE);
5881
5882 #if defined(DUK_USE_ROM_OBJECTS)
5883 if (DUK_HEAPHDR_HAS_READONLY((duk_heaphdr *) obj)) {
5884 DUK_DD(DUK_DDPRINT("attempt to seal/freeze a readonly object, reject"));
5885 DUK_ERROR_TYPE(thr, DUK_STR_NOT_CONFIGURABLE);
5886 }
5887 #endif
5888
5889 /*
5890 * Abandon array part because all properties must become non-configurable.
5891 * Note that this is now done regardless of whether this is always the case
5892 * (skips check, but performance problem if caller would do this many times
5893 * for the same object; not likely).
5894 */
5895
5896 duk__abandon_array_checked(thr, obj);
5897 DUK_ASSERT(DUK_HOBJECT_GET_ASIZE(obj) == 0);
5898
5899 for (i = 0; i < DUK_HOBJECT_GET_ENEXT(obj); i++) {
5900 duk_uint8_t *fp;
5901
5902 /* since duk__abandon_array_checked() causes a resize, there should be no gaps in keys */
5903 DUK_ASSERT(DUK_HOBJECT_E_GET_KEY(thr->heap, obj, i) != NULL);
5904
5905 /* avoid multiple computations of flags address; bypasses macros */
5906 fp = DUK_HOBJECT_E_GET_FLAGS_PTR(thr->heap, obj, i);
5907 if (is_freeze && !((*fp) & DUK_PROPDESC_FLAG_ACCESSOR)) {
5908 *fp &= ~(DUK_PROPDESC_FLAG_WRITABLE | DUK_PROPDESC_FLAG_CONFIGURABLE);
5909 } else {
5910 *fp &= ~DUK_PROPDESC_FLAG_CONFIGURABLE;
5911 }
5912 }
5913
5914 DUK_HOBJECT_CLEAR_EXTENSIBLE(obj);
5915
5916 /* no need to compact since we already did that in duk__abandon_array_checked()
5917 * (regardless of whether an array part existed or not.
5918 */
5919
5920 return;
5921 }
5922
5923 /*
5924 * Object.isSealed() and Object.isFrozen() (E5 Sections 15.2.3.11, 15.2.3.13)
5925 *
5926 * Since the algorithms are similar, a helper provides both functions.
5927 * Freezing is essentially sealing + making plain properties non-writable.
5928 *
5929 * Note: all virtual (non-concrete) properties are currently non-configurable
5930 * and non-writable (and there are no accessor virtual properties), so they don't
5931 * need to be considered here now.
5932 */
5933
5934 DUK_INTERNAL duk_bool_t duk_hobject_object_is_sealed_frozen_helper(duk_hthread *thr, duk_hobject *obj, duk_bool_t is_frozen) {
5935 duk_uint_fast32_t i;
5936
5937 DUK_ASSERT(obj != NULL);
5938 DUK_UNREF(thr);
5939
5940 /* Note: no allocation pressure, no need to check refcounts etc */
5941
5942 /* must not be extensible */
5943 if (DUK_HOBJECT_HAS_EXTENSIBLE(obj)) {
5944 return 0;
5945 }
5946
5947 /* all virtual properties are non-configurable and non-writable */
5948
5949 /* entry part must not contain any configurable properties, or
5950 * writable properties (if is_frozen).
5951 */
5952 for (i = 0; i < DUK_HOBJECT_GET_ENEXT(obj); i++) {
5953 duk_small_uint_t flags;
5954
5955 if (!DUK_HOBJECT_E_GET_KEY(thr->heap, obj, i)) {
5956 continue;
5957 }
5958
5959 /* avoid multiple computations of flags address; bypasses macros */
5960 flags = (duk_small_uint_t) DUK_HOBJECT_E_GET_FLAGS(thr->heap, obj, i);
5961
5962 if (flags & DUK_PROPDESC_FLAG_CONFIGURABLE) {
5963 return 0;
5964 }
5965 if (is_frozen &&
5966 !(flags & DUK_PROPDESC_FLAG_ACCESSOR) &&
5967 (flags & DUK_PROPDESC_FLAG_WRITABLE)) {
5968 return 0;
5969 }
5970 }
5971
5972 /* array part must not contain any non-unused properties, as they would
5973 * be configurable and writable.
5974 */
5975 for (i = 0; i < DUK_HOBJECT_GET_ASIZE(obj); i++) {
5976 duk_tval *tv = DUK_HOBJECT_A_GET_VALUE_PTR(thr->heap, obj, i);
5977 if (!DUK_TVAL_IS_UNUSED(tv)) {
5978 return 0;
5979 }
5980 }
5981
5982 return 1;
5983 }
5984
5985 /*
5986 * Object.preventExtensions() and Object.isExtensible() (E5 Sections 15.2.3.10, 15.2.3.13)
5987 *
5988 * Not needed, implemented by macros DUK_HOBJECT_{HAS,CLEAR,SET}_EXTENSIBLE
5989 * and the Object built-in bindings.
5990 */
5991
5992 /* Undefine local defines */
5993
5994 #undef DUK__NO_ARRAY_INDEX
5995 #undef DUK__HASH_INITIAL
5996 #undef DUK__HASH_PROBE_STEP
5997 #undef DUK__HASH_UNUSED
5998 #undef DUK__HASH_DELETED
5999 #undef DUK__VALSTACK_SPACE
Ceph