| blob | 43aff5275060fb55c75edfa503ce4ebeed9045a3 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef vm_Compartment_inl_h
8 #define vm_Compartment_inl_h
12 #include <type_traits>
30 }
33 /* Only GC things have to be wrapped or copied. */
36 }
38 /*
39 * Symbols are GC things, but never need to be wrapped or copied because
40 * they are always allocated in the atoms zone. They still need to be
41 * marked in the new compartment's zone, however.
42 */
46 }
48 /* Handle strings. */
53 }
56 }
62 }
65 }
67 #ifdef ENABLE_RECORD_TUPLE
72 }
75 }
76 #endif
80 /*
81 * All that's left are objects.
82 *
83 * Object wrapping isn't the fastest thing in the world, in part because
84 * we have to unwrap and invoke the prewrap hook to find the identity
85 * object before we even start checking the cache. Neither of these
86 * operations are needed in the common case, where we're just wrapping
87 * a plain JS object from the wrappee's side of the membrane to the
88 * wrapper's side.
89 *
90 * To optimize this, we note that the cache should only ever contain
91 * identity objects - that is to say, objects that serve as the
92 * canonical representation for a unique object identity observable by
93 * script. Unwrap and prewrap are both steps that we take to get to the
94 * identity of an incoming objects, and as such, they shuld never map
95 * one identity object to another object. This means that we can safely
96 * check the cache immediately, and only risk false negatives. Do this
97 * in opt builds, and do both in debug builds so that we can assert
98 * that we get the same answer.
99 */
100 #ifdef DEBUG
103 #endif
105 #ifdef DEBUG
107 #else
110 #endif
111 }
116 }
120 }
126 }
129 }
134 /**
135 * Return the name of class T as a static null-terminated ASCII string constant
136 * (for error messages).
137 */
141 }
145 HandleValue value,
146 ErrorCallback throwTypeError) {
155 }
156 }
157 }
162 }
165 }
170 ErrorCallback throwTypeError) {
179 }
180 }
181 }
186 }
189 }
193 /**
194 * Remove all wrappers from `val` and try to downcast the result to class `T`.
195 *
196 * DANGER: The result may not be same-compartment with `cx`.
197 *
198 * This calls `throwTypeError` if the value isn't an object, cannot be
199 * unwrapped, or isn't an instance of the expected type. `throwTypeError` must
200 * in fact throw a TypeError (or OOM trying).
201 */
204 HandleValue value,
205 ErrorCallback throwTypeError) {
213 }
216 }
218 /**
219 * Remove all wrappers from |val| and try to downcast the result to an object of
220 * the class |clasp|.
221 *
222 * DANGER: The result may not be same-compartment with |cx|.
223 *
224 * This calls |throwTypeError| if the value isn't an object, cannot be
225 * unwrapped, or isn't an instance of the expected type. |throwTypeError| must
226 * in fact throw a TypeError (or OOM trying).
227 */
231 ErrorCallback throwTypeError) {
236 }
239 throwTypeError);
240 }
242 /**
243 * Remove all wrappers from `args.thisv()` and try to downcast the result to
244 * class `T`.
245 *
246 * DANGER: The result may not be same-compartment with `cx`.
247 *
248 * This throws a TypeError if the value isn't an object, cannot be unwrapped,
249 * or isn't an instance of the expected type.
250 */
260 });
261 }
263 /**
264 * Remove all wrappers from `args[argIndex]` and try to downcast the result to
265 * class `T`.
266 *
267 * DANGER: The result may not be same-compartment with `cx`.
268 *
269 * This throws a TypeError if the specified argument is missing, isn't an
270 * object, cannot be unwrapped, or isn't an instance of the expected type.
271 */
279 Int32ToCStringBuf cbuf;
285 });
286 }
288 /**
289 * Unwrap an object of a known type.
290 *
291 * If `obj` is an object of class T, this returns a pointer to that object. If
292 * `obj` is a wrapper for such an object, this tries to unwrap the object and
293 * return a pointer to it. If access is denied, or `obj` was a wrapper but has
294 * been nuked, this reports an error and returns null.
295 *
296 * In all other cases, the behavior is undefined, so call this only if `obj` is
297 * known to have been an object of class T, or a wrapper to a T, at some point.
298 */
307 JSMSG_DEAD_OBJECT);
309 }
311 // It would probably be OK to do an unchecked unwrap here, but we allow
312 // arbitrary security policies, so check anyway.
317 }
318 }
321 }
323 /**
324 * Unwrap an object of a known (but not compile-time-known) class.
325 *
326 * If |obj| is an object with class |clasp|, this returns |obj|. If |obj| is a
327 * wrapper for such an object, this tries to unwrap the object and return a
328 * pointer to it. If access is denied, or |obj| was a wrapper but has been
329 * nuked, this reports an error and returns null.
330 *
331 * In all other cases, the behavior is undefined, so call this only if |obj| is
332 * known to have had class |clasp|, or been a wrapper to such an object, at some
333 * point.
334 */
341 JSMSG_DEAD_OBJECT);
343 }
345 // It would probably be OK to do an unchecked unwrap here, but we allow
346 // arbitrary security policies, so check anyway.
351 }
352 }
356 }
358 /**
359 * Unwrap a value of a known type. See UnwrapAndDowncastObject.
360 */
365 }
367 /**
368 * Unwrap an object of a known (but not compile-time-known) class. See
369 * UnwrapAndDowncastObject.
370 */
375 }
377 /**
378 * Read a private slot that is known to point to a particular type of object.
379 *
380 * Some internal slots specified in various standards effectively have static
381 * types. For example, the [[ownerReadableStream]] slot of a stream reader is
382 * guaranteed to be a ReadableStream. However, because of compartments, we
383 * sometimes store a cross-compartment wrapper in that slot. And since wrappers
384 * can be nuked, that wrapper may become a dead object proxy.
385 *
386 * UnwrapInternalSlot() copes with the cross-compartment and dead object cases,
387 * but not plain bugs where the slot hasn't been initialized or doesn't contain
388 * the expected type of object. Call this only if the slot is certain to
389 * contain either an instance of T, a wrapper for a T, or a dead object.
390 *
391 * `cx` and `unwrappedObj` are not required to be same-compartment.
392 *
393 * DANGER: The result may not be same-compartment with either `cx` or `obj`.
394 */
403 }
405 /**
406 * Read a function slot that is known to point to a particular type of object.
407 *
408 * This is like UnwrapInternalSlot, but for extended function slots. Call this
409 * only if the specified slot is known to have been initialized with an object
410 * of class T or a wrapper for such an object.
411 *
412 * DANGER: The result may not be same-compartment with `cx`.
413 */
419 }
428 // If the list is empty, we're not iterating any objects.
431 }
433 // If the list contains a single object, check if it's |obj|.
437 }
440 }