/* * ES2015 TypedArray and Node.js Buffer built-ins */ #include "third_party/duktape/duk_internal.h" /* * Helpers for buffer handling, enabled with DUK_USE_BUFFEROBJECT_SUPPORT. */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) /* Map class number (minus DUK_HOBJECT_CLASS_BUFOBJ_MIN) to a bidx for the * default internal prototype. */ static const duk_uint8_t duk__buffer_proto_from_classnum[] = { DUK_BIDX_ARRAYBUFFER_PROTOTYPE, DUK_BIDX_DATAVIEW_PROTOTYPE, DUK_BIDX_INT8ARRAY_PROTOTYPE, DUK_BIDX_UINT8ARRAY_PROTOTYPE, DUK_BIDX_UINT8CLAMPEDARRAY_PROTOTYPE, DUK_BIDX_INT16ARRAY_PROTOTYPE, DUK_BIDX_UINT16ARRAY_PROTOTYPE, DUK_BIDX_INT32ARRAY_PROTOTYPE, DUK_BIDX_UINT32ARRAY_PROTOTYPE, DUK_BIDX_FLOAT32ARRAY_PROTOTYPE, DUK_BIDX_FLOAT64ARRAY_PROTOTYPE}; /* Map DUK_HBUFOBJ_ELEM_xxx to duk_hobject class number. * Sync with duk_hbufobj.h and duk_hobject.h. */ static const duk_uint8_t duk__buffer_class_from_elemtype[9] = { DUK_HOBJECT_CLASS_UINT8ARRAY, DUK_HOBJECT_CLASS_UINT8CLAMPEDARRAY, DUK_HOBJECT_CLASS_INT8ARRAY, DUK_HOBJECT_CLASS_UINT16ARRAY, DUK_HOBJECT_CLASS_INT16ARRAY, DUK_HOBJECT_CLASS_UINT32ARRAY, DUK_HOBJECT_CLASS_INT32ARRAY, DUK_HOBJECT_CLASS_FLOAT32ARRAY, DUK_HOBJECT_CLASS_FLOAT64ARRAY}; /* Map DUK_HBUFOBJ_ELEM_xxx to prototype object built-in index. * Sync with duk_hbufobj.h. */ static const duk_uint8_t duk__buffer_proto_from_elemtype[9] = { DUK_BIDX_UINT8ARRAY_PROTOTYPE, DUK_BIDX_UINT8CLAMPEDARRAY_PROTOTYPE, DUK_BIDX_INT8ARRAY_PROTOTYPE, DUK_BIDX_UINT16ARRAY_PROTOTYPE, DUK_BIDX_INT16ARRAY_PROTOTYPE, DUK_BIDX_UINT32ARRAY_PROTOTYPE, DUK_BIDX_INT32ARRAY_PROTOTYPE, DUK_BIDX_FLOAT32ARRAY_PROTOTYPE, DUK_BIDX_FLOAT64ARRAY_PROTOTYPE}; /* Map DUK__FLD_xxx to byte size. */ static const duk_uint8_t duk__buffer_nbytes_from_fldtype[6] = { 1, /* DUK__FLD_8BIT */ 2, /* DUK__FLD_16BIT */ 4, /* DUK__FLD_32BIT */ 4, /* DUK__FLD_FLOAT */ 8, /* DUK__FLD_DOUBLE */ 0 /* DUK__FLD_VARINT; not relevant here */ }; /* Bitfield for each DUK_HBUFOBJ_ELEM_xxx indicating which element types * are compatible with a blind byte copy for the TypedArray set() method (also * used for TypedArray constructor). Array index is target buffer elem type, * bitfield indicates compatible source types. The types must have same byte * size and they must be coercion compatible. */ #if !defined(DUK_USE_PREFER_SIZE) static duk_uint16_t duk__buffer_elemtype_copy_compatible[9] = { /* xxx -> DUK_HBUFOBJ_ELEM_UINT8 */ (1U << DUK_HBUFOBJ_ELEM_UINT8) | (1U << DUK_HBUFOBJ_ELEM_UINT8CLAMPED) | (1U << DUK_HBUFOBJ_ELEM_INT8), /* xxx -> DUK_HBUFOBJ_ELEM_UINT8CLAMPED * Note: INT8 is -not- copy compatible, e.g. -1 would coerce to 0x00. */ (1U << DUK_HBUFOBJ_ELEM_UINT8) | (1U << DUK_HBUFOBJ_ELEM_UINT8CLAMPED), /* xxx -> DUK_HBUFOBJ_ELEM_INT8 */ (1U << DUK_HBUFOBJ_ELEM_UINT8) | (1U << DUK_HBUFOBJ_ELEM_UINT8CLAMPED) | (1U << DUK_HBUFOBJ_ELEM_INT8), /* xxx -> DUK_HBUFOBJ_ELEM_UINT16 */ (1U << DUK_HBUFOBJ_ELEM_UINT16) | (1U << DUK_HBUFOBJ_ELEM_INT16), /* xxx -> DUK_HBUFOBJ_ELEM_INT16 */ (1U << DUK_HBUFOBJ_ELEM_UINT16) | (1U << DUK_HBUFOBJ_ELEM_INT16), /* xxx -> DUK_HBUFOBJ_ELEM_UINT32 */ (1U << DUK_HBUFOBJ_ELEM_UINT32) | (1U << DUK_HBUFOBJ_ELEM_INT32), /* xxx -> DUK_HBUFOBJ_ELEM_INT32 */ (1U << DUK_HBUFOBJ_ELEM_UINT32) | (1U << DUK_HBUFOBJ_ELEM_INT32), /* xxx -> DUK_HBUFOBJ_ELEM_FLOAT32 */ (1U << DUK_HBUFOBJ_ELEM_FLOAT32), /* xxx -> DUK_HBUFOBJ_ELEM_FLOAT64 */ (1U << DUK_HBUFOBJ_ELEM_FLOAT64)}; #endif /* !DUK_USE_PREFER_SIZE */ DUK_LOCAL duk_hbufobj *duk__hbufobj_promote_this(duk_hthread *thr) { duk_tval *tv_dst; duk_hbufobj *res; duk_push_this(thr); DUK_ASSERT(duk_is_buffer(thr, -1)); res = (duk_hbufobj *)duk_to_hobject(thr, -1); DUK_HBUFOBJ_ASSERT_VALID(res); DUK_DD(DUK_DDPRINT("promoted 'this' automatically to an ArrayBuffer: %!iT", duk_get_tval(thr, -1))); tv_dst = duk_get_borrowed_this_tval(thr); DUK_TVAL_SET_OBJECT_UPDREF(thr, tv_dst, (duk_hobject *)res); duk_pop(thr); return res; } #define DUK__BUFOBJ_FLAG_THROW (1 << 0) #define DUK__BUFOBJ_FLAG_PROMOTE (1 << 1) /* Shared helper. When DUK__BUFOBJ_FLAG_PROMOTE is given, the return value is * always a duk_hbufobj *. Without the flag the return value can also be a * plain buffer, and the caller must check for it using DUK_HEAPHDR_IS_BUFFER(). */ DUK_LOCAL duk_heaphdr *duk__getrequire_bufobj_this(duk_hthread *thr, duk_small_uint_t flags) { duk_tval *tv; duk_hbufobj *h_this; DUK_ASSERT(thr != NULL); tv = duk_get_borrowed_this_tval(thr); DUK_ASSERT(tv != NULL); if (DUK_TVAL_IS_OBJECT(tv)) { h_this = (duk_hbufobj *)DUK_TVAL_GET_OBJECT(tv); DUK_ASSERT(h_this != NULL); if (DUK_HOBJECT_IS_BUFOBJ((duk_hobject *)h_this)) { DUK_HBUFOBJ_ASSERT_VALID(h_this); return (duk_heaphdr *)h_this; } } else if (DUK_TVAL_IS_BUFFER(tv)) { if (flags & DUK__BUFOBJ_FLAG_PROMOTE) { /* Promote a plain buffer to a Uint8Array. This is very * inefficient but allows plain buffer to be used wherever an * Uint8Array is used with very small cost; hot path functions * like index read/write calls should provide direct buffer * support to avoid promotion. */ /* XXX: make this conditional to a flag if call sites need it? */ h_this = duk__hbufobj_promote_this(thr); DUK_ASSERT(h_this != NULL); DUK_HBUFOBJ_ASSERT_VALID(h_this); return (duk_heaphdr *)h_this; } else { /* XXX: ugly, share return pointer for duk_hbuffer. */ return (duk_heaphdr *)DUK_TVAL_GET_BUFFER(tv); } } if (flags & DUK__BUFOBJ_FLAG_THROW) { DUK_ERROR_TYPE(thr, DUK_STR_NOT_BUFFER); DUK_WO_NORETURN(return NULL;); } return NULL; } /* Check that 'this' is a duk_hbufobj and return a pointer to it. */ DUK_LOCAL duk_hbufobj *duk__get_bufobj_this(duk_hthread *thr) { return (duk_hbufobj *)duk__getrequire_bufobj_this(thr, DUK__BUFOBJ_FLAG_PROMOTE); } /* Check that 'this' is a duk_hbufobj and return a pointer to it * (NULL if not). */ DUK_LOCAL duk_hbufobj *duk__require_bufobj_this(duk_hthread *thr) { return (duk_hbufobj *)duk__getrequire_bufobj_this( thr, DUK__BUFOBJ_FLAG_THROW | DUK__BUFOBJ_FLAG_PROMOTE); } /* Check that value is a duk_hbufobj and return a pointer to it. */ DUK_LOCAL duk_hbufobj *duk__require_bufobj_value(duk_hthread *thr, duk_idx_t idx) { duk_tval *tv; duk_hbufobj *h_obj; /* Don't accept relative indices now. */ DUK_ASSERT(idx >= 0); tv = duk_require_tval(thr, idx); DUK_ASSERT(tv != NULL); if (DUK_TVAL_IS_OBJECT(tv)) { h_obj = (duk_hbufobj *)DUK_TVAL_GET_OBJECT(tv); DUK_ASSERT(h_obj != NULL); if (DUK_HOBJECT_IS_BUFOBJ((duk_hobject *)h_obj)) { DUK_HBUFOBJ_ASSERT_VALID(h_obj); return h_obj; } } else if (DUK_TVAL_IS_BUFFER(tv)) { h_obj = (duk_hbufobj *)duk_to_hobject(thr, idx); DUK_ASSERT(h_obj != NULL); DUK_HBUFOBJ_ASSERT_VALID(h_obj); return h_obj; } DUK_ERROR_TYPE(thr, DUK_STR_NOT_BUFFER); DUK_WO_NORETURN(return NULL;); } DUK_LOCAL void duk__set_bufobj_buffer(duk_hthread *thr, duk_hbufobj *h_bufobj, duk_hbuffer *h_val) { DUK_ASSERT(thr != NULL); DUK_ASSERT(h_bufobj != NULL); DUK_ASSERT(h_bufobj->buf == NULL); /* no need to decref */ DUK_ASSERT(h_val != NULL); DUK_HBUFOBJ_ASSERT_VALID(h_bufobj); DUK_UNREF(thr); h_bufobj->buf = h_val; DUK_HBUFFER_INCREF(thr, h_val); h_bufobj->length = (duk_uint_t)DUK_HBUFFER_GET_SIZE(h_val); DUK_ASSERT(h_bufobj->shift == 0); DUK_ASSERT(h_bufobj->elem_type == DUK_HBUFOBJ_ELEM_UINT8); DUK_ASSERT(h_bufobj->is_typedarray == 0); DUK_HBUFOBJ_ASSERT_VALID(h_bufobj); } /* Shared offset/length coercion helper. */ DUK_LOCAL void duk__resolve_offset_opt_length( duk_hthread *thr, duk_hbufobj *h_bufarg, duk_idx_t idx_offset, duk_idx_t idx_length, duk_uint_t *out_offset, duk_uint_t *out_length, duk_bool_t throw_flag) { duk_int_t offset_signed; duk_int_t length_signed; duk_uint_t offset; duk_uint_t length; offset_signed = duk_to_int(thr, idx_offset); if (offset_signed < 0) { goto fail_range; } offset = (duk_uint_t)offset_signed; if (offset > h_bufarg->length) { goto fail_range; } DUK_ASSERT_DISABLE(offset >= 0); /* unsigned */ DUK_ASSERT(offset <= h_bufarg->length); if (duk_is_undefined(thr, idx_length)) { DUK_ASSERT(h_bufarg->length >= offset); length = h_bufarg->length - offset; /* >= 0 */ } else { length_signed = duk_to_int(thr, idx_length); if (length_signed < 0) { goto fail_range; } length = (duk_uint_t)length_signed; DUK_ASSERT(h_bufarg->length >= offset); if (length > h_bufarg->length - offset) { /* Unlike for negative arguments, some call sites * want length to be clamped if it's positive. */ if (throw_flag) { goto fail_range; } else { length = h_bufarg->length - offset; } } } DUK_ASSERT_DISABLE(length >= 0); /* unsigned */ DUK_ASSERT(offset + length <= h_bufarg->length); *out_offset = offset; *out_length = length; return; fail_range: DUK_ERROR_RANGE(thr, DUK_STR_INVALID_ARGS); DUK_WO_NORETURN(return;); } /* Shared lenient buffer length clamping helper. No negative indices, no * element/byte shifting. */ DUK_LOCAL void duk__clamp_startend_nonegidx_noshift( duk_hthread *thr, duk_int_t buffer_length, duk_idx_t idx_start, duk_idx_t idx_end, duk_int_t *out_start_offset, duk_int_t *out_end_offset) { duk_int_t start_offset; duk_int_t end_offset; DUK_ASSERT(out_start_offset != NULL); DUK_ASSERT(out_end_offset != NULL); /* undefined coerces to zero which is correct */ start_offset = duk_to_int_clamped(thr, idx_start, 0, buffer_length); if (duk_is_undefined(thr, idx_end)) { end_offset = buffer_length; } else { end_offset = duk_to_int_clamped(thr, idx_end, start_offset, buffer_length); } DUK_ASSERT(start_offset >= 0); DUK_ASSERT(start_offset <= buffer_length); DUK_ASSERT(end_offset >= 0); DUK_ASSERT(end_offset <= buffer_length); DUK_ASSERT(start_offset <= end_offset); *out_start_offset = start_offset; *out_end_offset = end_offset; } /* Shared lenient buffer length clamping helper. Indices are treated as * element indices (though output values are byte offsets) which only * really matters for TypedArray views as other buffer object have a zero * shift. Negative indices are counted from end of input slice; crossed * indices are clamped to zero length; and final indices are clamped * against input slice. Used for e.g. ArrayBuffer slice(). */ DUK_LOCAL void duk__clamp_startend_negidx_shifted( duk_hthread *thr, duk_int_t buffer_length, duk_uint8_t buffer_shift, duk_idx_t idx_start, duk_idx_t idx_end, duk_int_t *out_start_offset, duk_int_t *out_end_offset) { duk_int_t start_offset; duk_int_t end_offset; DUK_ASSERT(out_start_offset != NULL); DUK_ASSERT(out_end_offset != NULL); buffer_length >>= buffer_shift; /* as (full) elements */ /* Resolve start/end offset as element indices first; arguments * at idx_start/idx_end are element offsets. Working with element * indices first also avoids potential for wrapping. */ start_offset = duk_to_int(thr, idx_start); if (start_offset < 0) { start_offset = buffer_length + start_offset; } if (duk_is_undefined(thr, idx_end)) { end_offset = buffer_length; } else { end_offset = duk_to_int(thr, idx_end); if (end_offset < 0) { end_offset = buffer_length + end_offset; } } /* Note: start_offset/end_offset can still be < 0 here. */ if (start_offset < 0) { start_offset = 0; } else if (start_offset > buffer_length) { start_offset = buffer_length; } if (end_offset < start_offset) { end_offset = start_offset; } else if (end_offset > buffer_length) { end_offset = buffer_length; } DUK_ASSERT(start_offset >= 0); DUK_ASSERT(start_offset <= buffer_length); DUK_ASSERT(end_offset >= 0); DUK_ASSERT(end_offset <= buffer_length); DUK_ASSERT(start_offset <= end_offset); /* Convert indices to byte offsets. */ start_offset <<= buffer_shift; end_offset <<= buffer_shift; *out_start_offset = start_offset; *out_end_offset = end_offset; } DUK_INTERNAL void duk_hbufobj_promote_plain(duk_hthread *thr, duk_idx_t idx) { if (duk_is_buffer(thr, idx)) { duk_to_object(thr, idx); } } DUK_INTERNAL void duk_hbufobj_push_uint8array_from_plain(duk_hthread *thr, duk_hbuffer *h_buf) { /* Push Uint8Array which will share the same underlying buffer as * the plain buffer argument. Also create an ArrayBuffer with the * same backing for the result .buffer property. */ duk_push_hbuffer(thr, h_buf); duk_push_buffer_object(thr, -1, 0, (duk_size_t)DUK_HBUFFER_GET_SIZE(h_buf), DUK_BUFOBJ_UINT8ARRAY); duk_remove_m2(thr); #if 0 /* More verbose equivalent; maybe useful if e.g. .buffer is omitted. */ h_bufobj = duk_push_bufobj_raw(thr, DUK_HOBJECT_FLAG_EXTENSIBLE | DUK_HOBJECT_FLAG_BUFOBJ | DUK_HOBJECT_CLASS_AS_FLAGS(DUK_HOBJECT_CLASS_UINT8ARRAY), DUK_BIDX_UINT8ARRAY_PROTOTYPE); DUK_ASSERT(h_bufobj != NULL); duk__set_bufobj_buffer(thr, h_bufobj, h_buf); h_bufobj->is_typedarray = 1; DUK_HBUFOBJ_ASSERT_VALID(h_bufobj); h_arrbuf = duk_push_bufobj_raw(thr, DUK_HOBJECT_FLAG_EXTENSIBLE | DUK_HOBJECT_FLAG_BUFOBJ | DUK_HOBJECT_CLASS_AS_FLAGS(DUK_HOBJECT_CLASS_ARRAYBUFFER), DUK_BIDX_ARRAYBUFFER_PROTOTYPE); DUK_ASSERT(h_arrbuf != NULL); duk__set_bufobj_buffer(thr, h_arrbuf, h_buf); DUK_ASSERT(h_arrbuf->is_typedarray == 0); DUK_HBUFOBJ_ASSERT_VALID(h_arrbuf); DUK_ASSERT(h_bufobj->buf_prop == NULL); h_bufobj->buf_prop = (duk_hobject *) h_arrbuf; DUK_ASSERT(h_arrbuf != NULL); DUK_HBUFOBJ_INCREF(thr, h_arrbuf); duk_pop(thr); #endif } /* Indexed read helper for buffer objects, also called from outside this file. */ DUK_INTERNAL void duk_hbufobj_push_validated_read(duk_hthread *thr, duk_hbufobj *h_bufobj, duk_uint8_t *p, duk_small_uint_t elem_size) { duk_double_union du; DUK_ASSERT(elem_size > 0); duk_memcpy((void *)du.uc, (const void *)p, (size_t)elem_size); switch (h_bufobj->elem_type) { case DUK_HBUFOBJ_ELEM_UINT8: case DUK_HBUFOBJ_ELEM_UINT8CLAMPED: duk_push_uint(thr, (duk_uint_t)du.uc[0]); break; case DUK_HBUFOBJ_ELEM_INT8: duk_push_int(thr, (duk_int_t)(duk_int8_t)du.uc[0]); break; case DUK_HBUFOBJ_ELEM_UINT16: duk_push_uint(thr, (duk_uint_t)du.us[0]); break; case DUK_HBUFOBJ_ELEM_INT16: duk_push_int(thr, (duk_int_t)(duk_int16_t)du.us[0]); break; case DUK_HBUFOBJ_ELEM_UINT32: duk_push_uint(thr, (duk_uint_t)du.ui[0]); break; case DUK_HBUFOBJ_ELEM_INT32: duk_push_int(thr, (duk_int_t)(duk_int32_t)du.ui[0]); break; case DUK_HBUFOBJ_ELEM_FLOAT32: duk_push_number(thr, (duk_double_t)du.f[0]); break; case DUK_HBUFOBJ_ELEM_FLOAT64: duk_push_number(thr, (duk_double_t)du.d); break; default: DUK_UNREACHABLE(); } } /* Indexed write helper for buffer objects, also called from outside this file. */ DUK_INTERNAL void duk_hbufobj_validated_write(duk_hthread *thr, duk_hbufobj *h_bufobj, duk_uint8_t *p, duk_small_uint_t elem_size) { duk_double_union du; /* NOTE! Caller must ensure that any side effects from the * coercions below are safe. If that cannot be guaranteed * (which is normally the case), caller must coerce the * argument using duk_to_number() before any pointer * validations; the result of duk_to_number() always coerces * without side effects here. */ switch (h_bufobj->elem_type) { case DUK_HBUFOBJ_ELEM_UINT8: du.uc[0] = (duk_uint8_t)duk_to_uint32(thr, -1); break; case DUK_HBUFOBJ_ELEM_UINT8CLAMPED: du.uc[0] = (duk_uint8_t)duk_to_uint8clamped(thr, -1); break; case DUK_HBUFOBJ_ELEM_INT8: du.uc[0] = (duk_uint8_t)duk_to_int32(thr, -1); break; case DUK_HBUFOBJ_ELEM_UINT16: du.us[0] = (duk_uint16_t)duk_to_uint32(thr, -1); break; case DUK_HBUFOBJ_ELEM_INT16: du.us[0] = (duk_uint16_t)duk_to_int32(thr, -1); break; case DUK_HBUFOBJ_ELEM_UINT32: du.ui[0] = (duk_uint32_t)duk_to_uint32(thr, -1); break; case DUK_HBUFOBJ_ELEM_INT32: du.ui[0] = (duk_uint32_t)duk_to_int32(thr, -1); break; case DUK_HBUFOBJ_ELEM_FLOAT32: /* A double-to-float cast is undefined behavior in C99 if * the cast is out-of-range, so use a helper. Example: * runtime error: value -1e+100 is outside the range of representable * values of type 'float' */ du.f[0] = duk_double_to_float_t(duk_to_number_m1(thr)); break; case DUK_HBUFOBJ_ELEM_FLOAT64: du.d = (duk_double_t)duk_to_number_m1(thr); break; default: DUK_UNREACHABLE(); } DUK_ASSERT(elem_size > 0); duk_memcpy((void *)p, (const void *)du.uc, (size_t)elem_size); } /* Helper to create a fixed buffer from argument value at index 0. * Node.js and allocPlain() compatible. */ DUK_LOCAL duk_hbuffer *duk__hbufobj_fixed_from_argvalue(duk_hthread *thr) { duk_int_t len; duk_int_t i; duk_size_t buf_size; duk_uint8_t *buf; switch (duk_get_type(thr, 0)) { case DUK_TYPE_NUMBER: { len = duk_to_int_clamped(thr, 0, 0, DUK_INT_MAX); (void)duk_push_fixed_buffer_zero(thr, (duk_size_t)len); break; } case DUK_TYPE_BUFFER: { /* Treat like Uint8Array. */ goto slow_copy; } case DUK_TYPE_OBJECT: { duk_hobject *h; duk_hbufobj *h_bufobj; /* For Node.js Buffers "Passing an ArrayBuffer returns a Buffer * that shares allocated memory with the given ArrayBuffer." * https://nodejs.org/api/buffer.html#buffer_buffer_from_buffer_alloc_and_buffer_allocunsafe */ h = duk_known_hobject(thr, 0); if (DUK_HOBJECT_GET_CLASS_NUMBER(h) == DUK_HOBJECT_CLASS_ARRAYBUFFER) { DUK_ASSERT(DUK_HOBJECT_IS_BUFOBJ(h)); h_bufobj = (duk_hbufobj *)h; if (DUK_UNLIKELY(h_bufobj->buf == NULL)) { DUK_ERROR_TYPE_INVALID_ARGS(thr); DUK_WO_NORETURN(return NULL;); } if (DUK_UNLIKELY(h_bufobj->offset != 0 || h_bufobj->length != DUK_HBUFFER_GET_SIZE(h_bufobj->buf))) { /* No support for ArrayBuffers with slice * offset/length. */ DUK_ERROR_TYPE_INVALID_ARGS(thr); DUK_WO_NORETURN(return NULL;); } duk_push_hbuffer(thr, h_bufobj->buf); return h_bufobj->buf; } goto slow_copy; } case DUK_TYPE_STRING: { /* ignore encoding for now */ duk_require_hstring_notsymbol(thr, 0); duk_dup_0(thr); (void)duk_to_buffer(thr, -1, &buf_size); break; } default: DUK_ERROR_TYPE_INVALID_ARGS(thr); DUK_WO_NORETURN(return NULL;); } done: DUK_ASSERT(duk_is_buffer(thr, -1)); return duk_known_hbuffer(thr, -1); slow_copy: /* XXX: fast path for typed arrays and other buffer objects? */ (void)duk_get_prop_stridx_short(thr, 0, DUK_STRIDX_LENGTH); len = duk_to_int_clamped(thr, -1, 0, DUK_INT_MAX); duk_pop(thr); buf = (duk_uint8_t *)duk_push_fixed_buffer_nozero( thr, (duk_size_t)len); /* no zeroing, all indices get initialized */ for (i = 0; i < len; i++) { /* XXX: fast path for array or buffer arguments? */ duk_get_prop_index(thr, 0, (duk_uarridx_t)i); buf[i] = (duk_uint8_t)(duk_to_uint32(thr, -1) & 0xffU); duk_pop(thr); } goto done; } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Node.js Buffer constructor * * Node.js Buffers are just Uint8Arrays with internal prototype set to * Buffer.prototype so they're handled otherwise the same as Uint8Array. * However, the constructor arguments are very different so a separate * constructor entry point is used. */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_nodejs_buffer_constructor(duk_hthread *thr) { duk_hbuffer *h_buf; h_buf = duk__hbufobj_fixed_from_argvalue(thr); DUK_ASSERT(h_buf != NULL); duk_push_buffer_object( thr, -1, 0, DUK_HBUFFER_FIXED_GET_SIZE((duk_hbuffer_fixed *)(void *)h_buf), DUK_BUFOBJ_UINT8ARRAY); duk_push_hobject_bidx(thr, DUK_BIDX_NODEJS_BUFFER_PROTOTYPE); duk_set_prototype(thr, -2); /* XXX: a more direct implementation */ return 1; } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * ArrayBuffer, DataView, and TypedArray constructors */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_arraybuffer_constructor(duk_hthread *thr) { duk_hbufobj *h_bufobj; duk_hbuffer *h_val; duk_int_t len; DUK_CTX_ASSERT_VALID(thr); duk_require_constructor_call(thr); len = duk_to_int(thr, 0); if (len < 0) { goto fail_length; } (void)duk_push_fixed_buffer_zero(thr, (duk_size_t)len); h_val = (duk_hbuffer *)duk_known_hbuffer(thr, -1); h_bufobj = duk_push_bufobj_raw( thr, DUK_HOBJECT_FLAG_EXTENSIBLE | DUK_HOBJECT_FLAG_BUFOBJ | DUK_HOBJECT_CLASS_AS_FLAGS(DUK_HOBJECT_CLASS_ARRAYBUFFER), DUK_BIDX_ARRAYBUFFER_PROTOTYPE); DUK_ASSERT(h_bufobj != NULL); duk__set_bufobj_buffer(thr, h_bufobj, h_val); DUK_HBUFOBJ_ASSERT_VALID(h_bufobj); return 1; fail_length: DUK_DCERROR_RANGE_INVALID_LENGTH(thr); } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* Format of magic, bits: * 0...1: elem size shift (0-3) * 2...5: elem type (DUK_HBUFOBJ_ELEM_xxx) * * XXX: add prototype bidx explicitly to magic instead of using a mapping? */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_typedarray_constructor(duk_hthread *thr) { duk_tval *tv; duk_hobject *h_obj; duk_hbufobj *h_bufobj = NULL; duk_hbufobj *h_bufarg = NULL; duk_hbuffer *h_val; duk_small_uint_t magic; duk_small_uint_t shift; duk_small_uint_t elem_type; duk_small_uint_t elem_size; duk_small_uint_t class_num; duk_small_uint_t proto_bidx; duk_uint_t align_mask; duk_uint_t elem_length; duk_int_t elem_length_signed; duk_uint_t byte_length; duk_small_uint_t copy_mode; /* XXX: The same copy helpers could be shared with at least some * buffer functions. */ duk_require_constructor_call(thr); /* We could fit built-in index into magic but that'd make the magic * number dependent on built-in numbering (genbuiltins.py doesn't * handle that yet). So map both class and prototype from the * element type. */ magic = (duk_small_uint_t)duk_get_current_magic(thr); shift = magic & 0x03U; /* bits 0...1: shift */ elem_type = (magic >> 2) & 0x0fU; /* bits 2...5: type */ elem_size = 1U << shift; align_mask = elem_size - 1; DUK_ASSERT(elem_type < sizeof(duk__buffer_proto_from_elemtype) / sizeof(duk_uint8_t)); proto_bidx = duk__buffer_proto_from_elemtype[elem_type]; DUK_ASSERT(proto_bidx < DUK_NUM_BUILTINS); DUK_ASSERT(elem_type < sizeof(duk__buffer_class_from_elemtype) / sizeof(duk_uint8_t)); class_num = duk__buffer_class_from_elemtype[elem_type]; DUK_DD( DUK_DDPRINT("typedarray constructor, magic=%d, shift=%d, elem_type=%d, " "elem_size=%d, proto_bidx=%d, class_num=%d", (int)magic, (int)shift, (int)elem_type, (int)elem_size, (int)proto_bidx, (int)class_num)); /* Argument variants. When the argument is an ArrayBuffer a view to * the same buffer is created; otherwise a new ArrayBuffer is always * created. */ /* XXX: initial iteration to treat a plain buffer like an ArrayBuffer: * coerce to an ArrayBuffer object and use that as .buffer. The underlying * buffer will be the same but result .buffer !== inputPlainBuffer. */ duk_hbufobj_promote_plain(thr, 0); tv = duk_get_tval(thr, 0); DUK_ASSERT(tv != NULL); /* arg count */ if (DUK_TVAL_IS_OBJECT(tv)) { h_obj = DUK_TVAL_GET_OBJECT(tv); DUK_ASSERT(h_obj != NULL); if (DUK_HOBJECT_GET_CLASS_NUMBER(h_obj) == DUK_HOBJECT_CLASS_ARRAYBUFFER) { /* ArrayBuffer: unlike any other argument variant, create * a view into the existing buffer. */ duk_int_t byte_offset_signed; duk_uint_t byte_offset; h_bufarg = (duk_hbufobj *)h_obj; byte_offset_signed = duk_to_int(thr, 1); if (byte_offset_signed < 0) { goto fail_arguments; } byte_offset = (duk_uint_t)byte_offset_signed; if (byte_offset > h_bufarg->length || (byte_offset & align_mask) != 0) { /* Must be >= 0 and multiple of element size. */ goto fail_arguments; } if (duk_is_undefined(thr, 2)) { DUK_ASSERT(h_bufarg->length >= byte_offset); byte_length = h_bufarg->length - byte_offset; if ((byte_length & align_mask) != 0) { /* Must be element size multiple from * start offset to end of buffer. */ goto fail_arguments; } elem_length = (byte_length >> shift); } else { elem_length_signed = duk_to_int(thr, 2); if (elem_length_signed < 0) { goto fail_arguments; } elem_length = (duk_uint_t)elem_length_signed; byte_length = elem_length << shift; if ((byte_length >> shift) != elem_length) { /* Byte length would overflow. */ /* XXX: easier check with less code? */ goto fail_arguments; } DUK_ASSERT(h_bufarg->length >= byte_offset); if (byte_length > h_bufarg->length - byte_offset) { /* Not enough data. */ goto fail_arguments; } } DUK_UNREF(elem_length); DUK_ASSERT_DISABLE(byte_offset >= 0); DUK_ASSERT(byte_offset <= h_bufarg->length); DUK_ASSERT_DISABLE(byte_length >= 0); DUK_ASSERT(byte_offset + byte_length <= h_bufarg->length); DUK_ASSERT((elem_length << shift) == byte_length); h_bufobj = duk_push_bufobj_raw(thr, DUK_HOBJECT_FLAG_EXTENSIBLE | DUK_HOBJECT_FLAG_BUFOBJ | DUK_HOBJECT_CLASS_AS_FLAGS(class_num), (duk_small_int_t)proto_bidx); h_val = h_bufarg->buf; if (h_val == NULL) { DUK_DCERROR_TYPE_INVALID_ARGS(thr); } h_bufobj->buf = h_val; DUK_HBUFFER_INCREF(thr, h_val); h_bufobj->offset = h_bufarg->offset + byte_offset; h_bufobj->length = byte_length; h_bufobj->shift = (duk_uint8_t)shift; h_bufobj->elem_type = (duk_uint8_t)elem_type; h_bufobj->is_typedarray = 1; DUK_HBUFOBJ_ASSERT_VALID(h_bufobj); /* Set .buffer to the argument ArrayBuffer. */ DUK_ASSERT(h_bufobj->buf_prop == NULL); h_bufobj->buf_prop = (duk_hobject *)h_bufarg; DUK_ASSERT(h_bufarg != NULL); DUK_HBUFOBJ_INCREF(thr, h_bufarg); return 1; } else if (DUK_HOBJECT_IS_BUFOBJ(h_obj)) { /* TypedArray (or other non-ArrayBuffer duk_hbufobj). * Conceptually same behavior as for an Array-like argument, * with a few fast paths. */ h_bufarg = (duk_hbufobj *)h_obj; DUK_HBUFOBJ_ASSERT_VALID(h_bufarg); elem_length_signed = (duk_int_t)(h_bufarg->length >> h_bufarg->shift); if (h_bufarg->buf == NULL) { DUK_DCERROR_TYPE_INVALID_ARGS(thr); } /* Select copy mode. Must take into account element * compatibility and validity of the underlying source * buffer. */ DUK_DDD(DUK_DDDPRINT("selecting copy mode for bufobj arg, " "src byte_length=%ld, src shift=%d, " "src/dst elem_length=%ld; " "dst shift=%d -> dst byte_length=%ld", (long)h_bufarg->length, (int)h_bufarg->shift, (long)elem_length_signed, (int)shift, (long)(elem_length_signed << shift))); copy_mode = 2; /* default is explicit index read/write copy */ #if !defined(DUK_USE_PREFER_SIZE) /* With a size optimized build copy_mode 2 is enough. * Modes 0 and 1 are faster but conceptually the same. */ DUK_ASSERT(elem_type < sizeof(duk__buffer_elemtype_copy_compatible) / sizeof(duk_uint16_t)); if (DUK_HBUFOBJ_VALID_SLICE(h_bufarg)) { if ((duk__buffer_elemtype_copy_compatible[elem_type] & (1u << h_bufarg->elem_type)) != 0) { DUK_DDD(DUK_DDDPRINT("source/target are copy compatible, memcpy")); DUK_ASSERT(shift == h_bufarg->shift); /* byte sizes will match */ copy_mode = 0; } else { DUK_DDD(DUK_DDDPRINT( "source/target not copy compatible but valid, fast copy")); copy_mode = 1; } } #endif /* !DUK_USE_PREFER_SIZE */ } else { /* Array or Array-like */ elem_length_signed = (duk_int_t)duk_get_length(thr, 0); copy_mode = 2; } } else { /* Non-object argument is simply int coerced, matches * V8 behavior (except for "null", which we coerce to * 0 but V8 TypeErrors). */ elem_length_signed = duk_to_int(thr, 0); copy_mode = 3; } if (elem_length_signed < 0) { goto fail_arguments; } elem_length = (duk_uint_t)elem_length_signed; byte_length = (duk_uint_t)(elem_length << shift); if ((byte_length >> shift) != elem_length) { /* Byte length would overflow. */ /* XXX: easier check with less code? */ goto fail_arguments; } DUK_DDD(DUK_DDDPRINT("elem_length=%ld, byte_length=%ld", (long)elem_length, (long)byte_length)); /* ArrayBuffer argument is handled specially above; the rest of the * argument variants are handled by shared code below. * * ArrayBuffer in h_bufobj->buf_prop is intentionally left unset. * It will be automatically created by the .buffer accessor on * first access. */ /* Push the resulting view object on top of a plain fixed buffer. */ (void)duk_push_fixed_buffer(thr, byte_length); h_val = duk_known_hbuffer(thr, -1); DUK_ASSERT(h_val != NULL); h_bufobj = duk_push_bufobj_raw(thr, DUK_HOBJECT_FLAG_EXTENSIBLE | DUK_HOBJECT_FLAG_BUFOBJ | DUK_HOBJECT_CLASS_AS_FLAGS(class_num), (duk_small_int_t)proto_bidx); h_bufobj->buf = h_val; DUK_HBUFFER_INCREF(thr, h_val); DUK_ASSERT(h_bufobj->offset == 0); h_bufobj->length = byte_length; h_bufobj->shift = (duk_uint8_t)shift; h_bufobj->elem_type = (duk_uint8_t)elem_type; h_bufobj->is_typedarray = 1; DUK_HBUFOBJ_ASSERT_VALID(h_bufobj); /* Copy values, the copy method depends on the arguments. * * Copy mode decision may depend on the validity of the underlying * buffer of the source argument; there must be no harmful side effects * from there to here for copy_mode to still be valid. */ DUK_DDD(DUK_DDDPRINT("copy mode: %d", (int)copy_mode)); switch (copy_mode) { /* Copy modes 0 and 1 can be omitted in size optimized build, * copy mode 2 handles them (but more slowly). */ #if !defined(DUK_USE_PREFER_SIZE) case 0: { /* Use byte copy. */ duk_uint8_t *p_src; duk_uint8_t *p_dst; DUK_ASSERT(h_bufobj != NULL); DUK_ASSERT(h_bufobj->buf != NULL); DUK_ASSERT(DUK_HBUFOBJ_VALID_SLICE(h_bufobj)); DUK_ASSERT(h_bufarg != NULL); DUK_ASSERT(h_bufarg->buf != NULL); DUK_ASSERT(DUK_HBUFOBJ_VALID_SLICE(h_bufarg)); p_dst = DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_bufobj); p_src = DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_bufarg); DUK_DDD(DUK_DDDPRINT("using memcpy: p_src=%p, p_dst=%p, byte_length=%ld", (void *)p_src, (void *)p_dst, (long)byte_length)); duk_memcpy_unsafe((void *)p_dst, (const void *)p_src, (size_t)byte_length); break; } case 1: { /* Copy values through direct validated reads and writes. */ duk_small_uint_t src_elem_size; duk_small_uint_t dst_elem_size; duk_uint8_t *p_src; duk_uint8_t *p_src_end; duk_uint8_t *p_dst; DUK_ASSERT(h_bufobj != NULL); DUK_ASSERT(h_bufobj->buf != NULL); DUK_ASSERT(DUK_HBUFOBJ_VALID_SLICE(h_bufobj)); DUK_ASSERT(h_bufarg != NULL); DUK_ASSERT(h_bufarg->buf != NULL); DUK_ASSERT(DUK_HBUFOBJ_VALID_SLICE(h_bufarg)); src_elem_size = (duk_small_uint_t)(1U << h_bufarg->shift); dst_elem_size = elem_size; p_src = DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_bufarg); p_dst = DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_bufobj); p_src_end = p_src + h_bufarg->length; DUK_DDD(DUK_DDDPRINT("using fast copy: p_src=%p, p_src_end=%p, p_dst=%p, " "src_elem_size=%d, dst_elem_size=%d", (void *)p_src, (void *)p_src_end, (void *)p_dst, (int)src_elem_size, (int)dst_elem_size)); while (p_src != p_src_end) { DUK_DDD(DUK_DDDPRINT("fast path per element copy loop: " "p_src=%p, p_src_end=%p, p_dst=%p", (void *)p_src, (void *)p_src_end, (void *)p_dst)); /* A validated read() is always a number, so it's write coercion * is always side effect free an won't invalidate pointers etc. */ duk_hbufobj_push_validated_read(thr, h_bufarg, p_src, src_elem_size); duk_hbufobj_validated_write(thr, h_bufobj, p_dst, dst_elem_size); duk_pop(thr); p_src += src_elem_size; p_dst += dst_elem_size; } break; } #endif /* !DUK_USE_PREFER_SIZE */ case 2: { /* Copy values by index reads and writes. Let virtual * property handling take care of coercion. */ duk_uint_t i; DUK_DDD(DUK_DDDPRINT("using slow copy")); for (i = 0; i < elem_length; i++) { duk_get_prop_index(thr, 0, (duk_uarridx_t)i); duk_put_prop_index(thr, -2, (duk_uarridx_t)i); } break; } default: case 3: { /* No copy, leave zero bytes in the buffer. There's no * ambiguity with Float32/Float64 because zero bytes also * represent 0.0. */ DUK_DDD(DUK_DDDPRINT("using no copy")); break; } } return 1; fail_arguments: DUK_DCERROR_RANGE_INVALID_ARGS(thr); } #else /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* When bufferobject support is disabled, new Uint8Array() could still be * supported to create a plain fixed buffer. Disabled for now. */ #if 0 DUK_INTERNAL duk_ret_t duk_bi_typedarray_constructor(duk_hthread *thr) { duk_int_t elem_length_signed; duk_uint_t byte_length; /* XXX: The same copy helpers could be shared with at least some * buffer functions. */ duk_require_constructor_call(thr); elem_length_signed = duk_require_int(thr, 0); if (elem_length_signed < 0) { goto fail_arguments; } byte_length = (duk_uint_t) elem_length_signed; (void) duk_push_fixed_buffer_zero(thr, (duk_size_t) byte_length); return 1; fail_arguments: DUK_DCERROR_RANGE_INVALID_ARGS(thr); } #endif /* 0 */ #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_dataview_constructor(duk_hthread *thr) { duk_hbufobj *h_bufarg; duk_hbufobj *h_bufobj; duk_hbuffer *h_val; duk_uint_t offset; duk_uint_t length; length = 0; offset = 0; duk_require_constructor_call(thr); h_bufarg = duk__require_bufobj_value(thr, 0); DUK_ASSERT(h_bufarg != NULL); if (DUK_HOBJECT_GET_CLASS_NUMBER((duk_hobject *)h_bufarg) != DUK_HOBJECT_CLASS_ARRAYBUFFER) { DUK_DCERROR_TYPE_INVALID_ARGS(thr); } duk__resolve_offset_opt_length(thr, h_bufarg, 1, 2, &offset, &length, 1 /*throw_flag*/); DUK_ASSERT(offset <= h_bufarg->length); DUK_ASSERT(offset + length <= h_bufarg->length); h_bufobj = duk_push_bufobj_raw( thr, DUK_HOBJECT_FLAG_EXTENSIBLE | DUK_HOBJECT_FLAG_BUFOBJ | DUK_HOBJECT_CLASS_AS_FLAGS(DUK_HOBJECT_CLASS_DATAVIEW), DUK_BIDX_DATAVIEW_PROTOTYPE); h_val = h_bufarg->buf; if (h_val == NULL) { DUK_DCERROR_TYPE_INVALID_ARGS(thr); } h_bufobj->buf = h_val; DUK_HBUFFER_INCREF(thr, h_val); h_bufobj->offset = h_bufarg->offset + offset; h_bufobj->length = length; DUK_ASSERT(h_bufobj->shift == 0); DUK_ASSERT(h_bufobj->elem_type == DUK_HBUFOBJ_ELEM_UINT8); DUK_ASSERT(h_bufobj->is_typedarray == 0); DUK_ASSERT(h_bufobj->buf_prop == NULL); h_bufobj->buf_prop = (duk_hobject *)h_bufarg; DUK_ASSERT(h_bufarg != NULL); DUK_HBUFOBJ_INCREF(thr, h_bufarg); DUK_HBUFOBJ_ASSERT_VALID(h_bufobj); return 1; } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * ArrayBuffer.isView() */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_arraybuffer_isview(duk_hthread *thr) { duk_hobject *h_obj; duk_bool_t ret = 0; if (duk_is_buffer(thr, 0)) { ret = 1; } else { h_obj = duk_get_hobject(thr, 0); if (h_obj != NULL && DUK_HOBJECT_IS_BUFOBJ(h_obj)) { /* DataView needs special casing: ArrayBuffer.isView() is * true, but ->is_typedarray is 0. */ ret = ((duk_hbufobj *)h_obj)->is_typedarray || (DUK_HOBJECT_GET_CLASS_NUMBER(h_obj) == DUK_HOBJECT_CLASS_DATAVIEW); } } duk_push_boolean(thr, ret); return 1; } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Uint8Array.allocPlain() */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_uint8array_allocplain(duk_hthread *thr) { duk__hbufobj_fixed_from_argvalue(thr); return 1; } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Uint8Array.plainOf() */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_uint8array_plainof(duk_hthread *thr) { duk_hbufobj *h_bufobj; #if !defined(DUK_USE_PREFER_SIZE) /* Avoid churn if argument is already a plain buffer. */ if (duk_is_buffer(thr, 0)) { return 1; } #endif /* Promotes plain buffers to ArrayBuffers, so for a plain buffer * argument we'll create a pointless temporary (but still work * correctly). */ h_bufobj = duk__require_bufobj_value(thr, 0); if (h_bufobj->buf == NULL) { duk_push_undefined(thr); } else { duk_push_hbuffer(thr, h_bufobj->buf); } return 1; } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Node.js Buffer: toString([encoding], [start], [end]) */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_nodejs_buffer_tostring(duk_hthread *thr) { duk_hbufobj *h_this; duk_int_t start_offset, end_offset; duk_uint8_t *buf_slice; duk_size_t slice_length; h_this = duk__get_bufobj_this(thr); if (h_this == NULL) { /* XXX: happens e.g. when evaluating: String(Buffer.prototype). */ duk_push_literal(thr, "[object Object]"); return 1; } DUK_HBUFOBJ_ASSERT_VALID(h_this); /* Ignore encoding for now. */ duk__clamp_startend_nonegidx_noshift(thr, (duk_int_t)h_this->length, 1 /*idx_start*/, 2 /*idx_end*/, &start_offset, &end_offset); slice_length = (duk_size_t)(end_offset - start_offset); buf_slice = (duk_uint8_t *)duk_push_fixed_buffer_nozero( thr, slice_length); /* all bytes initialized below */ DUK_ASSERT(buf_slice != NULL); /* Neutered or uncovered, TypeError. */ if (h_this->buf == NULL || !DUK_HBUFOBJ_VALID_BYTEOFFSET_EXCL( h_this, (duk_size_t)start_offset + slice_length)) { DUK_DCERROR_TYPE_INVALID_ARGS(thr); } /* XXX: ideally we wouldn't make a copy but a view into the buffer for the * decoding process. Or the decoding helper could be changed to accept * the slice info (a buffer pointer is NOT a good approach because * guaranteeing its stability is difficult). */ DUK_ASSERT(DUK_HBUFOBJ_VALID_BYTEOFFSET_EXCL( h_this, (duk_size_t)start_offset + slice_length)); duk_memcpy_unsafe( (void *)buf_slice, (const void *)(DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_this) + start_offset), (size_t)slice_length); /* Use the equivalent of: new TextEncoder().encode(this) to convert the * string. Result will be valid UTF-8; non-CESU-8 inputs are currently * interpreted loosely. Value stack convention is a bit odd for now. */ duk_replace(thr, 0); duk_set_top(thr, 1); return duk_textdecoder_decode_utf8_nodejs(thr); } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Node.js Buffer.prototype: toJSON() */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_nodejs_buffer_tojson(duk_hthread *thr) { duk_hbufobj *h_this; duk_uint8_t *buf; duk_uint_t i, n; duk_tval *tv; h_this = duk__require_bufobj_this(thr); DUK_ASSERT(h_this != NULL); if (h_this->buf == NULL || !DUK_HBUFOBJ_VALID_SLICE(h_this)) { /* Serialize uncovered backing buffer as a null; doesn't * really matter as long we're memory safe. */ duk_push_null(thr); return 1; } duk_push_object(thr); duk_push_hstring_stridx(thr, DUK_STRIDX_UC_BUFFER); duk_put_prop_stridx_short(thr, -2, DUK_STRIDX_TYPE); /* XXX: uninitialized would be OK */ DUK_ASSERT_DISABLE((duk_size_t)h_this->length <= (duk_size_t)DUK_UINT32_MAX); tv = duk_push_harray_with_size_outptr( thr, (duk_uint32_t)h_this->length); /* XXX: needs revision with >4G buffers */ DUK_ASSERT(!duk_is_bare_object(thr, -1)); DUK_ASSERT(h_this->buf != NULL); buf = DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_this); for (i = 0, n = h_this->length; i < n; i++) { DUK_TVAL_SET_U32(tv + i, (duk_uint32_t)buf[i]); /* no need for decref or incref */ } duk_put_prop_stridx_short(thr, -2, DUK_STRIDX_DATA); return 1; } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Node.js Buffer.prototype.equals() * Node.js Buffer.prototype.compare() * Node.js Buffer.compare() */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_buffer_compare_shared(duk_hthread *thr) { duk_small_uint_t magic; duk_hbufobj *h_bufarg1; duk_hbufobj *h_bufarg2; duk_small_int_t comp_res; /* XXX: keep support for plain buffers and non-Node.js buffers? */ magic = (duk_small_uint_t)duk_get_current_magic(thr); if (magic & 0x02U) { /* Static call style. */ h_bufarg1 = duk__require_bufobj_value(thr, 0); h_bufarg2 = duk__require_bufobj_value(thr, 1); } else { h_bufarg1 = duk__require_bufobj_this(thr); h_bufarg2 = duk__require_bufobj_value(thr, 0); } DUK_ASSERT(h_bufarg1 != NULL); DUK_ASSERT(h_bufarg2 != NULL); /* We want to compare the slice/view areas of the arguments. * If either slice/view is invalid (underlying buffer is shorter) * ensure equals() is false, but otherwise the only thing that * matters is to be memory safe. */ if (DUK_HBUFOBJ_VALID_SLICE(h_bufarg1) && DUK_HBUFOBJ_VALID_SLICE(h_bufarg2)) { comp_res = duk_js_data_compare( (const duk_uint8_t *)DUK_HBUFFER_GET_DATA_PTR(thr->heap, h_bufarg1->buf) + h_bufarg1->offset, (const duk_uint8_t *)DUK_HBUFFER_GET_DATA_PTR(thr->heap, h_bufarg2->buf) + h_bufarg2->offset, (duk_size_t)h_bufarg1->length, (duk_size_t)h_bufarg2->length); } else { comp_res = -1; /* either nonzero value is ok */ } if (magic & 0x01U) { /* compare: similar to string comparison but for buffer data. */ duk_push_int(thr, comp_res); } else { /* equals */ duk_push_boolean(thr, (comp_res == 0)); } return 1; } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Node.js Buffer.prototype.fill() */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_nodejs_buffer_fill(duk_hthread *thr) { duk_hbufobj *h_this; const duk_uint8_t *fill_str_ptr; duk_size_t fill_str_len; duk_uint8_t fill_value; duk_int_t fill_offset; duk_int_t fill_end; duk_size_t fill_length; duk_uint8_t *p; h_this = duk__require_bufobj_this(thr); DUK_ASSERT(h_this != NULL); if (h_this->buf == NULL) { DUK_DCERROR_TYPE_INVALID_ARGS(thr); } /* [ value offset end ] */ if (duk_is_string_notsymbol(thr, 0)) { fill_str_ptr = (const duk_uint8_t *)duk_get_lstring(thr, 0, &fill_str_len); DUK_ASSERT(fill_str_ptr != NULL); } else { /* Symbols get ToNumber() coerced and cause TypeError. */ fill_value = (duk_uint8_t)duk_to_uint32(thr, 0); fill_str_ptr = (const duk_uint8_t *)&fill_value; fill_str_len = 1; } /* Fill offset handling is more lenient than in Node.js. */ duk__clamp_startend_nonegidx_noshift(thr, (duk_int_t)h_this->length, 1 /*idx_start*/, 2 /*idx_end*/, &fill_offset, &fill_end); DUK_DDD(DUK_DDDPRINT( "fill: fill_value=%02x, fill_offset=%ld, fill_end=%ld, view length=%ld", (unsigned int)fill_value, (long)fill_offset, (long)fill_end, (long)h_this->length)); DUK_ASSERT(fill_end - fill_offset >= 0); DUK_ASSERT(h_this->buf != NULL); p = (DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_this) + fill_offset); fill_length = (duk_size_t)(fill_end - fill_offset); if (fill_str_len == 1) { /* Handle single character fills as memset() even when * the fill data comes from a one-char argument. */ duk_memset_unsafe((void *)p, (int)fill_str_ptr[0], (size_t)fill_length); } else if (fill_str_len > 1) { duk_size_t i, n, t; for (i = 0, n = (duk_size_t)(fill_end - fill_offset), t = 0; i < n; i++) { p[i] = fill_str_ptr[t++]; if (t >= fill_str_len) { t = 0; } } } else { DUK_DDD(DUK_DDDPRINT("zero size fill pattern, ignore silently")); } /* Return the Buffer to allow chaining: b.fill(0x11).fill(0x22, 3, * 5).toString() */ duk_push_this(thr); return 1; } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Node.js Buffer.prototype.write(string, [offset], [length], [encoding]) */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_nodejs_buffer_write(duk_hthread *thr) { duk_hbufobj *h_this; duk_uint_t offset; duk_uint_t length; const duk_uint8_t *str_data; duk_size_t str_len; length = 0; offset = 0; /* XXX: very inefficient support for plain buffers */ h_this = duk__require_bufobj_this(thr); DUK_ASSERT(h_this != NULL); /* Argument must be a string, e.g. a buffer is not allowed. */ str_data = (const duk_uint8_t *)duk_require_lstring_notsymbol(thr, 0, &str_len); duk__resolve_offset_opt_length(thr, h_this, 1, 2, &offset, &length, 0 /*throw_flag*/); DUK_ASSERT(offset <= h_this->length); DUK_ASSERT(offset + length <= h_this->length); /* XXX: encoding is ignored now. */ if (length > str_len) { length = (duk_uint_t)str_len; } if (DUK_HBUFOBJ_VALID_SLICE(h_this)) { /* Cannot overlap. */ duk_memcpy_unsafe( (void *)(DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_this) + offset), (const void *)str_data, (size_t)length); } else { DUK_DDD( DUK_DDDPRINT("write() target buffer is not covered, silent ignore")); } duk_push_uint(thr, length); return 1; } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Node.js Buffer.prototype.copy() */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_nodejs_buffer_copy(duk_hthread *thr) { duk_hbufobj *h_this; duk_hbufobj *h_bufarg; duk_int_t source_length; duk_int_t target_length; duk_int_t target_start, source_start, source_end; duk_uint_t target_ustart, source_ustart, source_uend; duk_uint_t copy_size = 0; /* [ targetBuffer targetStart sourceStart sourceEnd ] */ h_this = duk__require_bufobj_this(thr); h_bufarg = duk__require_bufobj_value(thr, 0); DUK_ASSERT(h_this != NULL); DUK_ASSERT(h_bufarg != NULL); source_length = (duk_int_t)h_this->length; target_length = (duk_int_t)h_bufarg->length; target_start = duk_to_int(thr, 1); source_start = duk_to_int(thr, 2); if (duk_is_undefined(thr, 3)) { source_end = source_length; } else { source_end = duk_to_int(thr, 3); } DUK_DDD( DUK_DDDPRINT("checking copy args: target_start=%ld, target_length=%ld, " "source_start=%ld, source_end=%ld, source_length=%ld", (long)target_start, (long)h_bufarg->length, (long)source_start, (long)source_end, (long)source_length)); /* This behavior mostly mimics Node.js now. */ if (source_start < 0 || source_end < 0 || target_start < 0) { /* Negative offsets cause a RangeError. */ goto fail_bounds; } source_ustart = (duk_uint_t)source_start; source_uend = (duk_uint_t)source_end; target_ustart = (duk_uint_t)target_start; if (source_ustart >= source_uend || /* crossed offsets or zero size */ source_ustart >= (duk_uint_t)source_length || /* source out-of-bounds (but positive) */ target_ustart >= (duk_uint_t)target_length) { /* target out-of-bounds (but positive) */ goto silent_ignore; } if (source_uend >= (duk_uint_t)source_length) { /* Source end clamped silently to available length. */ source_uend = (duk_uint_t)source_length; } copy_size = source_uend - source_ustart; if (target_ustart + copy_size > (duk_uint_t)target_length) { /* Clamp to target's end if too long. * * NOTE: there's no overflow possibility in the comparison; * both target_ustart and copy_size are >= 0 and based on * values in duk_int_t range. Adding them as duk_uint_t * values is then guaranteed not to overflow. */ DUK_ASSERT(target_ustart + copy_size >= target_ustart); /* no overflow */ DUK_ASSERT(target_ustart + copy_size >= copy_size); /* no overflow */ copy_size = (duk_uint_t)target_length - target_ustart; } DUK_DDD(DUK_DDDPRINT( "making copy: target_ustart=%lu source_ustart=%lu copy_size=%lu", (unsigned long)target_ustart, (unsigned long)source_ustart, (unsigned long)copy_size)); DUK_ASSERT(copy_size >= 1); DUK_ASSERT(source_ustart <= (duk_uint_t)source_length); DUK_ASSERT(source_ustart + copy_size <= (duk_uint_t)source_length); DUK_ASSERT(target_ustart <= (duk_uint_t)target_length); DUK_ASSERT(target_ustart + copy_size <= (duk_uint_t)target_length); /* Ensure copy is covered by underlying buffers. */ DUK_ASSERT(h_bufarg->buf != NULL); /* length check */ DUK_ASSERT(h_this->buf != NULL); /* length check */ if (DUK_HBUFOBJ_VALID_BYTEOFFSET_EXCL(h_bufarg, target_ustart + copy_size) && DUK_HBUFOBJ_VALID_BYTEOFFSET_EXCL(h_this, source_ustart + copy_size)) { /* Must use memmove() because copy area may overlap (source and target * buffer may be the same, or from different slices. */ duk_memmove_unsafe( (void *)(DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_bufarg) + target_ustart), (const void *)(DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_this) + source_ustart), (size_t)copy_size); } else { DUK_DDD(DUK_DDDPRINT( "buffer copy not covered by underlying buffer(s), ignoring")); } silent_ignore: /* Return value is like write(), number of bytes written. * The return value matters because of code like: * "off += buf.copy(...)". */ duk_push_uint(thr, copy_size); return 1; fail_bounds: DUK_DCERROR_RANGE_INVALID_ARGS(thr); } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * TypedArray.prototype.set() * * TypedArray set() is pretty interesting to implement because: * * - The source argument may be a plain array or a typedarray. If the * source is a TypedArray, values are decoded and re-encoded into the * target (not as a plain byte copy). This may happen even when the * element byte size is the same, e.g. integer values may be re-encoded * into floats. * * - Source and target may refer to the same underlying buffer, so that * the set() operation may overlap. The specification requires that this * must work as if a copy was made before the operation. Note that this * is NOT a simple memmove() situation because the source and target * byte sizes may be different -- e.g. a 4-byte source (Int8Array) may * expand to a 16-byte target (Uint32Array) so that the target overlaps * the source both from beginning and the end (unlike in typical memmove). * * - Even if 'buf' pointers of the source and target differ, there's no * guarantee that their memory areas don't overlap. This may be the * case with external buffers. * * Even so, it is nice to optimize for the common case: * * - Source and target separate buffers or non-overlapping. * * - Source and target have a compatible type so that a plain byte copy * is possible. Note that while e.g. uint8 and int8 are compatible * (coercion one way or another doesn't change the byte representation), * e.g. int8 and uint8clamped are NOT compatible when writing int8 * values into uint8clamped typedarray (-1 would clamp to 0 for instance). * * See test-bi-typedarray-proto-set.js. */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_typedarray_set(duk_hthread *thr) { duk_hbufobj *h_this; duk_hobject *h_obj; duk_uarridx_t i, n; duk_int_t offset_signed; duk_uint_t offset_elems; duk_uint_t offset_bytes; h_this = duk__require_bufobj_this(thr); DUK_ASSERT(h_this != NULL); DUK_HBUFOBJ_ASSERT_VALID(h_this); if (h_this->buf == NULL) { DUK_DDD(DUK_DDDPRINT("source neutered, skip copy")); return 0; } duk_hbufobj_promote_plain(thr, 0); h_obj = duk_require_hobject(thr, 0); /* XXX: V8 throws a TypeError for negative values. Would it * be more useful to interpret negative offsets here from the * end of the buffer too? */ offset_signed = duk_to_int(thr, 1); if (offset_signed < 0) { /* For some reason this is a TypeError (at least in V8). */ DUK_DCERROR_TYPE_INVALID_ARGS(thr); } offset_elems = (duk_uint_t)offset_signed; offset_bytes = offset_elems << h_this->shift; if ((offset_bytes >> h_this->shift) != offset_elems) { /* Byte length would overflow. */ /* XXX: easier check with less code? */ goto fail_args; } if (offset_bytes > h_this->length) { /* Equality may be OK but >length not. Checking * this explicitly avoids some overflow cases * below. */ goto fail_args; } DUK_ASSERT(offset_bytes <= h_this->length); /* Fast path: source is a TypedArray (or any bufobj). */ if (DUK_HOBJECT_IS_BUFOBJ(h_obj)) { duk_hbufobj *h_bufarg; #if !defined(DUK_USE_PREFER_SIZE) duk_uint16_t comp_mask; #endif duk_small_int_t no_overlap = 0; duk_uint_t src_length; duk_uint_t dst_length; duk_uint_t dst_length_elems; duk_uint8_t *p_src_base; duk_uint8_t *p_src_end; duk_uint8_t *p_src; duk_uint8_t *p_dst_base; duk_uint8_t *p_dst; duk_small_uint_t src_elem_size; duk_small_uint_t dst_elem_size; h_bufarg = (duk_hbufobj *)h_obj; DUK_HBUFOBJ_ASSERT_VALID(h_bufarg); if (h_bufarg->buf == NULL) { DUK_DDD(DUK_DDDPRINT("target neutered, skip copy")); return 0; } /* Nominal size check. */ src_length = h_bufarg->length; /* bytes in source */ dst_length_elems = (src_length >> h_bufarg->shift); /* elems in source and dest */ dst_length = dst_length_elems << h_this->shift; /* bytes in dest */ if ((dst_length >> h_this->shift) != dst_length_elems) { /* Byte length would overflow. */ /* XXX: easier check with less code? */ goto fail_args; } DUK_DDD(DUK_DDDPRINT("nominal size check: src_length=%ld, dst_length=%ld", (long)src_length, (long)dst_length)); DUK_ASSERT(offset_bytes <= h_this->length); if (dst_length > h_this->length - offset_bytes) { /* Overflow not an issue because subtraction is used on the right * side and guaranteed to be >= 0. */ DUK_DDD(DUK_DDDPRINT("copy exceeds target buffer nominal length")); goto fail_args; } if (!DUK_HBUFOBJ_VALID_BYTEOFFSET_EXCL(h_this, offset_bytes + dst_length)) { DUK_DDD( DUK_DDDPRINT("copy not covered by underlying target buffer, ignore")); return 0; } p_src_base = DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_bufarg); p_dst_base = DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_this) + offset_bytes; /* Check actual underlying buffers for validity and that they * cover the copy. No side effects are allowed after the check * so that the validity status doesn't change. */ if (!DUK_HBUFOBJ_VALID_SLICE(h_this) || !DUK_HBUFOBJ_VALID_SLICE(h_bufarg)) { /* The condition could be more narrow and check for the * copy area only, but there's no need for fine grained * behavior when the underlying buffer is misconfigured. */ DUK_DDD(DUK_DDDPRINT( "source and/or target not covered by underlying buffer, skip copy")); return 0; } /* We want to do a straight memory copy if possible: this is * an important operation because .set() is the TypedArray * way to copy chunks of memory. However, because set() * conceptually works in terms of elements, not all views are * compatible with direct byte copying. * * If we do manage a direct copy, the "overlap issue" handled * below can just be solved using memmove() because the source * and destination element sizes are necessarily equal. */ #if !defined(DUK_USE_PREFER_SIZE) DUK_ASSERT(h_this->elem_type < sizeof(duk__buffer_elemtype_copy_compatible) / sizeof(duk_uint16_t)); comp_mask = duk__buffer_elemtype_copy_compatible[h_this->elem_type]; if (comp_mask & (1u << h_bufarg->elem_type)) { DUK_ASSERT(src_length == dst_length); DUK_DDD(DUK_DDDPRINT( "fast path: able to use memmove() because views are compatible")); duk_memmove_unsafe((void *)p_dst_base, (const void *)p_src_base, (size_t)dst_length); return 0; } DUK_DDD(DUK_DDDPRINT( "fast path: views are not compatible with a byte copy, copy by item")); #endif /* !DUK_USE_PREFER_SIZE */ /* We want to avoid making a copy to process set() but that's * not always possible: the source and the target may overlap * and because element sizes are different, the overlap cannot * always be handled with a memmove() or choosing the copy * direction in a certain way. For example, if source type is * uint8 and target type is uint32, the target area may exceed * the source area from both ends! * * Note that because external buffers may point to the same * memory areas, we must ultimately make this check using * pointers. * * NOTE: careful with side effects: any side effect may cause * a buffer resize (or external buffer pointer/length update)! */ DUK_DDD(DUK_DDDPRINT("overlap check: p_src_base=%p, src_length=%ld, " "p_dst_base=%p, dst_length=%ld", (void *)p_src_base, (long)src_length, (void *)p_dst_base, (long)dst_length)); if (p_src_base >= p_dst_base + dst_length || /* source starts after dest ends */ p_src_base + src_length <= p_dst_base) { /* source ends before dest starts */ no_overlap = 1; } if (!no_overlap) { /* There's overlap: the desired end result is that * conceptually a copy is made to avoid "trampling" * of source data by destination writes. We make * an actual temporary copy to handle this case. */ duk_uint8_t *p_src_copy; DUK_DDD(DUK_DDDPRINT("there is overlap, make a copy of the source")); p_src_copy = (duk_uint8_t *)duk_push_fixed_buffer_nozero(thr, src_length); DUK_ASSERT(p_src_copy != NULL); duk_memcpy_unsafe((void *)p_src_copy, (const void *)p_src_base, (size_t)src_length); p_src_base = p_src_copy; /* use p_src_base from now on */ } /* Value stack intentionally mixed size here. */ DUK_DDD(DUK_DDDPRINT("after overlap check: p_src_base=%p, src_length=%ld, " "p_dst_base=%p, dst_length=%ld, valstack top=%ld", (void *)p_src_base, (long)src_length, (void *)p_dst_base, (long)dst_length, (long)duk_get_top(thr))); /* Ready to make the copy. We must proceed element by element * and must avoid any side effects that might cause the buffer * validity check above to become invalid. * * Although we work through the value stack here, only plain * numbers are handled which should be side effect safe. */ src_elem_size = (duk_small_uint_t)(1U << h_bufarg->shift); dst_elem_size = (duk_small_uint_t)(1U << h_this->shift); p_src = p_src_base; p_dst = p_dst_base; p_src_end = p_src_base + src_length; while (p_src != p_src_end) { DUK_DDD(DUK_DDDPRINT("fast path per element copy loop: " "p_src=%p, p_src_end=%p, p_dst=%p", (void *)p_src, (void *)p_src_end, (void *)p_dst)); /* A validated read() is always a number, so it's write coercion * is always side effect free an won't invalidate pointers etc. */ duk_hbufobj_push_validated_read(thr, h_bufarg, p_src, src_elem_size); duk_hbufobj_validated_write(thr, h_this, p_dst, dst_elem_size); duk_pop(thr); p_src += src_elem_size; p_dst += dst_elem_size; } return 0; } else { /* Slow path: quite slow, but we save space by using the property code * to write coerce target values. We don't need to worry about overlap * here because the source is not a TypedArray. * * We could use the bufobj write coercion helper but since the * property read may have arbitrary side effects, full validity checks * would be needed for every element anyway. */ n = (duk_uarridx_t)duk_get_length(thr, 0); DUK_ASSERT(offset_bytes <= h_this->length); if ((n << h_this->shift) > h_this->length - offset_bytes) { /* Overflow not an issue because subtraction is used on the right * side and guaranteed to be >= 0. */ DUK_DDD(DUK_DDDPRINT("copy exceeds target buffer nominal length")); goto fail_args; } /* There's no need to check for buffer validity status for the * target here: the property access code will do that for each * element. Moreover, if we did check the validity here, side * effects from reading the source argument might invalidate * the results anyway. */ DUK_ASSERT_TOP(thr, 2); duk_push_this(thr); for (i = 0; i < n; i++) { duk_get_prop_index(thr, 0, i); duk_put_prop_index(thr, 2, offset_elems + i); } } return 0; fail_args: DUK_DCERROR_RANGE_INVALID_ARGS(thr); } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Node.js Buffer.prototype.slice([start], [end]) * ArrayBuffer.prototype.slice(begin, [end]) * TypedArray.prototype.subarray(begin, [end]) * * The API calls are almost identical; negative indices are counted from end * of buffer, and final indices are clamped (allowing crossed indices). Main * differences: * * - Copy/view behavior; Node.js .slice() and TypedArray .subarray() create * views, ArrayBuffer .slice() creates a copy * * - Resulting object has a different class and prototype depending on the * call (or 'this' argument) * * - TypedArray .subarray() arguments are element indices, not byte offsets * * - Plain buffer argument creates a plain buffer slice */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_LOCAL void duk__arraybuffer_plain_slice(duk_hthread *thr, duk_hbuffer *h_val) { duk_int_t start_offset, end_offset; duk_uint_t slice_length; duk_uint8_t *p_copy; duk_size_t copy_length; duk__clamp_startend_negidx_shifted( thr, (duk_int_t)DUK_HBUFFER_GET_SIZE(h_val), 0 /*buffer_shift*/, 0 /*idx_start*/, 1 /*idx_end*/, &start_offset, &end_offset); DUK_ASSERT(end_offset <= (duk_int_t)DUK_HBUFFER_GET_SIZE(h_val)); DUK_ASSERT(start_offset >= 0); DUK_ASSERT(end_offset >= start_offset); slice_length = (duk_uint_t)(end_offset - start_offset); p_copy = (duk_uint8_t *)duk_push_fixed_buffer_nozero( thr, (duk_size_t)slice_length); DUK_ASSERT(p_copy != NULL); copy_length = slice_length; duk_memcpy_unsafe( (void *)p_copy, (const void *)((duk_uint8_t *)DUK_HBUFFER_GET_DATA_PTR(thr->heap, h_val) + start_offset), copy_length); } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) /* Shared helper for slice/subarray operation. * Magic: 0x01=isView, 0x02=copy, 0x04=Node.js Buffer special handling. */ DUK_INTERNAL duk_ret_t duk_bi_buffer_slice_shared(duk_hthread *thr) { duk_small_int_t magic; duk_small_uint_t res_class_num; duk_small_int_t res_proto_bidx; duk_hbufobj *h_this; duk_hbufobj *h_bufobj; duk_hbuffer *h_val; duk_int_t start_offset, end_offset; duk_uint_t slice_length; duk_tval *tv; /* [ start end ] */ magic = duk_get_current_magic(thr); tv = duk_get_borrowed_this_tval(thr); DUK_ASSERT(tv != NULL); if (DUK_TVAL_IS_BUFFER(tv)) { /* For plain buffers return a plain buffer slice. */ h_val = DUK_TVAL_GET_BUFFER(tv); DUK_ASSERT(h_val != NULL); if (magic & 0x02) { /* Make copy: ArrayBuffer.prototype.slice() uses this. */ duk__arraybuffer_plain_slice(thr, h_val); return 1; } else { /* View into existing buffer: cannot be done if the * result is a plain buffer because there's no slice * info. So return an ArrayBuffer instance; coerce * the 'this' binding into an object and behave as if * the original call was for an Object-coerced plain * buffer (handled automatically by duk__require_bufobj_this()). */ DUK_DDD( DUK_DDDPRINT("slice() doesn't handle view into plain buffer, coerce " "'this' to ArrayBuffer object")); /* fall through */ } } tv = NULL; /* No longer valid nor needed. */ h_this = duk__require_bufobj_this(thr); /* Slice offsets are element (not byte) offsets, which only matters * for TypedArray views, Node.js Buffer and ArrayBuffer have shift * zero so byte and element offsets are the same. Negative indices * are counted from end of slice, crossed indices are allowed (and * result in zero length result), and final values are clamped * against the current slice. There's intentionally no check * against the underlying buffer here. */ duk__clamp_startend_negidx_shifted( thr, (duk_int_t)h_this->length, (duk_uint8_t)h_this->shift, 0 /*idx_start*/, 1 /*idx_end*/, &start_offset, &end_offset); DUK_ASSERT(end_offset >= start_offset); DUK_ASSERT(start_offset >= 0); DUK_ASSERT(end_offset >= 0); slice_length = (duk_uint_t)(end_offset - start_offset); /* The resulting buffer object gets the same class and prototype as * the buffer in 'this', e.g. if the input is a Uint8Array the * result is a Uint8Array; if the input is a Float32Array, the * result is a Float32Array. The result internal prototype should * be the default prototype for the class (e.g. initial value of * Uint8Array.prototype), not copied from the argument (Duktape 1.x * did that). * * Node.js Buffers have special handling: they're Uint8Arrays as far * as the internal class is concerned, so the new Buffer should also * be an Uint8Array but inherit from Buffer.prototype. */ res_class_num = DUK_HOBJECT_GET_CLASS_NUMBER((duk_hobject *)h_this); DUK_ASSERT(res_class_num >= DUK_HOBJECT_CLASS_BUFOBJ_MIN); /* type check guarantees */ DUK_ASSERT(res_class_num <= DUK_HOBJECT_CLASS_BUFOBJ_MAX); res_proto_bidx = duk__buffer_proto_from_classnum[res_class_num - DUK_HOBJECT_CLASS_BUFOBJ_MIN]; if (magic & 0x04) { res_proto_bidx = DUK_BIDX_NODEJS_BUFFER_PROTOTYPE; } h_bufobj = duk_push_bufobj_raw(thr, DUK_HOBJECT_FLAG_EXTENSIBLE | DUK_HOBJECT_FLAG_BUFOBJ | DUK_HOBJECT_CLASS_AS_FLAGS(res_class_num), res_proto_bidx); DUK_ASSERT(h_bufobj != NULL); DUK_ASSERT(h_bufobj->length == 0); h_bufobj->shift = h_this->shift; /* inherit */ h_bufobj->elem_type = h_this->elem_type; /* inherit */ h_bufobj->is_typedarray = magic & 0x01; DUK_ASSERT(h_bufobj->is_typedarray == 0 || h_bufobj->is_typedarray == 1); h_val = h_this->buf; if (h_val == NULL) { DUK_DCERROR_TYPE_INVALID_ARGS(thr); } if (magic & 0x02) { /* non-zero: make copy */ duk_uint8_t *p_copy; duk_size_t copy_length; p_copy = (duk_uint8_t *)duk_push_fixed_buffer_zero( thr, (duk_size_t) slice_length); /* must be zeroed, not all bytes always copied */ DUK_ASSERT(p_copy != NULL); /* Copy slice, respecting underlying buffer limits; remainder * is left as zero. */ copy_length = DUK_HBUFOBJ_CLAMP_BYTELENGTH(h_this, slice_length); duk_memcpy_unsafe( (void *)p_copy, (const void *)(DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_this) + start_offset), copy_length); h_val = duk_known_hbuffer(thr, -1); h_bufobj->buf = h_val; DUK_HBUFFER_INCREF(thr, h_val); h_bufobj->length = slice_length; DUK_ASSERT(h_bufobj->offset == 0); duk_pop(thr); /* reachable so pop OK */ } else { h_bufobj->buf = h_val; DUK_HBUFFER_INCREF(thr, h_val); h_bufobj->length = slice_length; h_bufobj->offset = h_this->offset + (duk_uint_t)start_offset; /* Copy the .buffer property, needed for TypedArray.prototype.subarray(). * * XXX: limit copy only for TypedArray classes specifically? */ DUK_ASSERT(h_bufobj->buf_prop == NULL); h_bufobj->buf_prop = h_this->buf_prop; /* may be NULL */ DUK_HOBJECT_INCREF_ALLOWNULL(thr, (duk_hobject *)h_bufobj->buf_prop); } /* unbalanced stack on purpose */ DUK_HBUFOBJ_ASSERT_VALID(h_bufobj); return 1; } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Node.js Buffer.isEncoding() */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_nodejs_buffer_is_encoding(duk_hthread *thr) { const char *encoding; /* only accept lowercase 'utf8' now. */ encoding = duk_to_string(thr, 0); DUK_ASSERT(duk_is_string(thr, 0)); /* guaranteed by duk_to_string() */ duk_push_boolean(thr, DUK_STRCMP(encoding, "utf8") == 0); return 1; } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Node.js Buffer.isBuffer() */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_nodejs_buffer_is_buffer(duk_hthread *thr) { duk_hobject *h; duk_hobject *h_proto; duk_bool_t ret = 0; DUK_ASSERT(duk_get_top(thr) >= 1); /* nargs */ h = duk_get_hobject(thr, 0); if (h != NULL) { h_proto = thr->builtins[DUK_BIDX_NODEJS_BUFFER_PROTOTYPE]; DUK_ASSERT(h_proto != NULL); h = DUK_HOBJECT_GET_PROTOTYPE(thr->heap, h); if (h != NULL) { ret = duk_hobject_prototype_chain_contains(thr, h, h_proto, 0 /*ignore_loop*/); } } duk_push_boolean(thr, ret); return 1; } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Node.js Buffer.byteLength() */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_nodejs_buffer_byte_length(duk_hthread *thr) { const char *str; duk_size_t len; /* At the moment Buffer() will just use the string bytes as * is (ignoring encoding), so we return the string length here * unconditionally. */ /* XXX: to be revised; Old Node.js behavior just coerces any buffer * values to string: * $ node * > Buffer.byteLength(new Uint32Array(10)) * 20 * > Buffer.byteLength(new Uint32Array(100)) * 20 * (The 20 comes from '[object Uint32Array]'.length */ str = duk_to_lstring(thr, 0, &len); DUK_UNREF(str); duk_push_size_t(thr, len); return 1; } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Node.js Buffer.concat() */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_INTERNAL duk_ret_t duk_bi_nodejs_buffer_concat(duk_hthread *thr) { duk_hobject *h_arg; duk_uint_t total_length; duk_hbufobj *h_bufobj; duk_hbufobj *h_bufres; duk_hbuffer *h_val; duk_uint_t i, n; duk_uint8_t *p; duk_size_t space_left; duk_size_t copy_size; /* Node.js accepts only actual Arrays. */ h_arg = duk_require_hobject(thr, 0); if (DUK_HOBJECT_GET_CLASS_NUMBER(h_arg) != DUK_HOBJECT_CLASS_ARRAY) { DUK_DCERROR_TYPE_INVALID_ARGS(thr); } /* Compute result length and validate argument buffers. */ n = (duk_uint_t)duk_get_length(thr, 0); total_length = 0; for (i = 0; i < n; i++) { /* Neutered checks not necessary here: neutered buffers have * zero 'length' so we'll effectively skip them. */ DUK_ASSERT_TOP(thr, 2); /* [ array totalLength ] */ duk_get_prop_index(thr, 0, (duk_uarridx_t)i); /* -> [ array totalLength buf ] */ h_bufobj = duk__require_bufobj_value(thr, 2); DUK_ASSERT(h_bufobj != NULL); total_length += h_bufobj->length; if (DUK_UNLIKELY(total_length < h_bufobj->length)) { DUK_DCERROR_RANGE_INVALID_ARGS(thr); /* Wrapped. */ } duk_pop(thr); } /* In Node.js v0.12.1 a 1-element array is special and won't create a * copy, this was fixed later so an explicit check no longer needed. */ /* User totalLength overrides a computed length, but we'll check * every copy in the copy loop. Note that duk_to_int() can * technically have arbitrary side effects so we need to recheck * the buffers in the copy loop. */ if (!duk_is_undefined(thr, 1) && n > 0) { /* For n == 0, Node.js ignores totalLength argument and * returns a zero length buffer. */ duk_int_t total_length_signed; total_length_signed = duk_to_int(thr, 1); if (total_length_signed < 0) { DUK_DCERROR_RANGE_INVALID_ARGS(thr); } total_length = (duk_uint_t)total_length_signed; } h_bufres = duk_push_bufobj_raw( thr, DUK_HOBJECT_FLAG_EXTENSIBLE | DUK_HOBJECT_FLAG_BUFOBJ | DUK_HOBJECT_CLASS_AS_FLAGS(DUK_HOBJECT_CLASS_UINT8ARRAY), DUK_BIDX_NODEJS_BUFFER_PROTOTYPE); DUK_ASSERT(h_bufres != NULL); p = (duk_uint8_t *)duk_push_fixed_buffer_zero( thr, total_length); /* must be zeroed, all bytes not necessarily written over */ DUK_ASSERT(p != NULL); space_left = (duk_size_t)total_length; for (i = 0; i < n; i++) { DUK_ASSERT_TOP(thr, 4); /* [ array totalLength bufres buf ] */ duk_get_prop_index(thr, 0, (duk_uarridx_t)i); h_bufobj = duk__require_bufobj_value(thr, 4); DUK_ASSERT(h_bufobj != NULL); copy_size = h_bufobj->length; if (copy_size > space_left) { copy_size = space_left; } if (h_bufobj->buf != NULL && DUK_HBUFOBJ_VALID_SLICE(h_bufobj)) { duk_memcpy_unsafe( (void *)p, (const void *)DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_bufobj), copy_size); } else { /* Just skip, leaving zeroes in the result. */ ; } p += copy_size; space_left -= copy_size; duk_pop(thr); } h_val = duk_known_hbuffer(thr, -1); duk__set_bufobj_buffer(thr, h_bufres, h_val); h_bufres->is_typedarray = 1; DUK_HBUFOBJ_ASSERT_VALID(h_bufres); duk_pop(thr); /* pop plain buffer, now reachable through h_bufres */ return 1; /* return h_bufres */ } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Shared readfield and writefield methods * * The readfield/writefield methods need support for endianness and field * types. All offsets are byte based so no offset shifting is needed. */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) /* Format of magic, bits: * 0...1: field type; 0=uint8, 1=uint16, 2=uint32, 3=float, 4=double, * 5=unused, 6=unused, 7=unused 3: endianness: 0=little, 1=big 4: signed: 1=yes, * 0=no 5: typedarray: 1=yes, 0=no */ #define DUK__FLD_8BIT 0 #define DUK__FLD_16BIT 1 #define DUK__FLD_32BIT 2 #define DUK__FLD_FLOAT 3 #define DUK__FLD_DOUBLE 4 #define DUK__FLD_VARINT 5 #define DUK__FLD_BIGENDIAN (1 << 3) #define DUK__FLD_SIGNED (1 << 4) #define DUK__FLD_TYPEDARRAY (1 << 5) /* XXX: split into separate functions for each field type? */ DUK_INTERNAL duk_ret_t duk_bi_buffer_readfield(duk_hthread *thr) { duk_small_int_t magic = (duk_small_int_t)duk_get_current_magic(thr); duk_small_int_t magic_ftype; duk_small_int_t magic_bigendian; duk_small_int_t magic_signed; duk_small_int_t magic_typedarray; duk_small_uint_t endswap; duk_hbufobj *h_this; duk_bool_t no_assert; duk_int_t offset_signed; duk_uint_t offset; duk_uint_t buffer_length; duk_uint_t check_length; duk_uint8_t *buf; duk_double_union du; magic_ftype = magic & 0x0007; magic_bigendian = magic & 0x0008; magic_signed = magic & 0x0010; magic_typedarray = magic & 0x0020; h_this = duk__require_bufobj_this( thr); /* XXX: very inefficient for plain buffers */ DUK_ASSERT(h_this != NULL); buffer_length = h_this->length; /* [ offset noAssert ], when ftype != DUK__FLD_VARINT */ /* [ offset fieldByteLength noAssert ], when ftype == DUK__FLD_VARINT */ /* [ offset littleEndian ], when DUK__FLD_TYPEDARRAY (regardless * of ftype) */ /* Handle TypedArray vs. Node.js Buffer arg differences */ if (magic_typedarray) { no_assert = 0; #if defined(DUK_USE_INTEGER_LE) endswap = !duk_to_boolean(thr, 1); /* 1=little endian */ #else endswap = duk_to_boolean(thr, 1); /* 1=little endian */ #endif } else { no_assert = duk_to_boolean(thr, (magic_ftype == DUK__FLD_VARINT) ? 2 : 1); #if defined(DUK_USE_INTEGER_LE) endswap = magic_bigendian; #else endswap = !magic_bigendian; #endif } /* Offset is coerced first to signed integer range and then to unsigned. * This ensures we can add a small byte length (1-8) to the offset in * bound checks and not wrap. */ offset_signed = duk_to_int(thr, 0); offset = (duk_uint_t)offset_signed; if (offset_signed < 0) { goto fail_bounds; } DUK_DDD(DUK_DDDPRINT( "readfield, buffer_length=%ld, offset=%ld, no_assert=%d, " "magic=%04x, magic_fieldtype=%d, magic_bigendian=%d, magic_signed=%d, " "endswap=%u", (long)buffer_length, (long)offset, (int)no_assert, (unsigned int)magic, (int)magic_ftype, (int)(magic_bigendian >> 3), (int)(magic_signed >> 4), (int)endswap)); /* Update 'buffer_length' to be the effective, safe limit which * takes into account the underlying buffer. This value will be * potentially invalidated by any side effect. */ check_length = DUK_HBUFOBJ_CLAMP_BYTELENGTH(h_this, buffer_length); DUK_DDD(DUK_DDDPRINT("buffer_length=%ld, check_length=%ld", (long)buffer_length, (long)check_length)); if (h_this->buf) { buf = DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_this); } else { /* Neutered. We could go into the switch-case safely with * buf == NULL because check_length == 0. To avoid scanbuild * warnings, fail directly instead. */ DUK_ASSERT(check_length == 0); goto fail_neutered; } DUK_ASSERT(buf != NULL); switch (magic_ftype) { case DUK__FLD_8BIT: { duk_uint8_t tmp; if (offset + 1U > check_length) { goto fail_bounds; } tmp = buf[offset]; if (magic_signed) { duk_push_int(thr, (duk_int_t)((duk_int8_t)tmp)); } else { duk_push_uint(thr, (duk_uint_t)tmp); } break; } case DUK__FLD_16BIT: { duk_uint16_t tmp; if (offset + 2U > check_length) { goto fail_bounds; } duk_memcpy((void *)du.uc, (const void *)(buf + offset), 2); tmp = du.us[0]; if (endswap) { tmp = DUK_BSWAP16(tmp); } if (magic_signed) { duk_push_int(thr, (duk_int_t)((duk_int16_t)tmp)); } else { duk_push_uint(thr, (duk_uint_t)tmp); } break; } case DUK__FLD_32BIT: { duk_uint32_t tmp; if (offset + 4U > check_length) { goto fail_bounds; } duk_memcpy((void *)du.uc, (const void *)(buf + offset), 4); tmp = du.ui[0]; if (endswap) { tmp = DUK_BSWAP32(tmp); } if (magic_signed) { duk_push_int(thr, (duk_int_t)((duk_int32_t)tmp)); } else { duk_push_uint(thr, (duk_uint_t)tmp); } break; } case DUK__FLD_FLOAT: { duk_uint32_t tmp; if (offset + 4U > check_length) { goto fail_bounds; } duk_memcpy((void *)du.uc, (const void *)(buf + offset), 4); if (endswap) { tmp = du.ui[0]; tmp = DUK_BSWAP32(tmp); du.ui[0] = tmp; } duk_push_number(thr, (duk_double_t)du.f[0]); break; } case DUK__FLD_DOUBLE: { if (offset + 8U > check_length) { goto fail_bounds; } duk_memcpy((void *)du.uc, (const void *)(buf + offset), 8); if (endswap) { DUK_DBLUNION_BSWAP64(&du); } duk_push_number(thr, (duk_double_t)du.d); break; } case DUK__FLD_VARINT: { /* Node.js Buffer variable width integer field. We don't really * care about speed here, so aim for shortest algorithm. */ duk_int_t field_bytelen; duk_int_t i, i_step, i_end; #if defined(DUK_USE_64BIT_OPS) duk_int64_t tmp; duk_small_uint_t shift_tmp; #else duk_double_t tmp; duk_small_int_t highbyte; #endif const duk_uint8_t *p; field_bytelen = duk_get_int(thr, 1); /* avoid side effects! */ if (field_bytelen < 1 || field_bytelen > 6) { goto fail_field_length; } if (offset + (duk_uint_t)field_bytelen > check_length) { goto fail_bounds; } p = (const duk_uint8_t *)(buf + offset); /* Slow gathering of value using either 64-bit arithmetic * or IEEE doubles if 64-bit types not available. Handling * of negative numbers is a bit non-obvious in both cases. */ if (magic_bigendian) { /* Gather in big endian */ i = 0; i_step = 1; i_end = field_bytelen; /* one i_step over */ } else { /* Gather in little endian */ i = field_bytelen - 1; i_step = -1; i_end = -1; /* one i_step over */ } #if defined(DUK_USE_64BIT_OPS) tmp = 0; do { DUK_ASSERT(i >= 0 && i < field_bytelen); tmp = (tmp << 8) + (duk_int64_t)p[i]; i += i_step; } while (i != i_end); if (magic_signed) { /* Shift to sign extend. Left shift must be unsigned * to avoid undefined behavior; right shift must be * signed to sign extend properly. */ shift_tmp = (duk_small_uint_t)(64U - (duk_small_uint_t)field_bytelen * 8U); tmp = (duk_int64_t)((duk_uint64_t)tmp << shift_tmp) >> shift_tmp; } duk_push_i64(thr, tmp); #else highbyte = p[i]; if (magic_signed && (highbyte & 0x80) != 0) { /* 0xff => 255 - 256 = -1; 0x80 => 128 - 256 = -128 */ tmp = (duk_double_t)(highbyte - 256); } else { tmp = (duk_double_t)highbyte; } for (;;) { i += i_step; if (i == i_end) { break; } DUK_ASSERT(i >= 0 && i < field_bytelen); tmp = (tmp * 256.0) + (duk_double_t)p[i]; } duk_push_number(thr, tmp); #endif break; } default: { /* should never happen but default here */ goto fail_bounds; } } return 1; fail_neutered: fail_field_length: fail_bounds: if (no_assert) { /* Node.js return value for noAssert out-of-bounds reads is * usually (but not always) NaN. Return NaN consistently. */ duk_push_nan(thr); return 1; } DUK_DCERROR_RANGE_INVALID_ARGS(thr); } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) /* XXX: split into separate functions for each field type? */ DUK_INTERNAL duk_ret_t duk_bi_buffer_writefield(duk_hthread *thr) { duk_small_int_t magic = (duk_small_int_t)duk_get_current_magic(thr); duk_small_int_t magic_ftype; duk_small_int_t magic_bigendian; duk_small_int_t magic_signed; duk_small_int_t magic_typedarray; duk_small_uint_t endswap; duk_hbufobj *h_this; duk_bool_t no_assert; duk_int_t offset_signed; duk_uint_t offset; duk_uint_t buffer_length; duk_uint_t check_length; duk_uint8_t *buf; duk_double_union du; duk_int_t nbytes = 0; magic_ftype = magic & 0x0007; magic_bigendian = magic & 0x0008; magic_signed = magic & 0x0010; magic_typedarray = magic & 0x0020; DUK_UNREF(magic_signed); h_this = duk__require_bufobj_this( thr); /* XXX: very inefficient for plain buffers */ DUK_ASSERT(h_this != NULL); buffer_length = h_this->length; /* [ value offset noAssert ], when ftype != DUK__FLD_VARINT */ /* [ value offset fieldByteLength noAssert ], when ftype == DUK__FLD_VARINT */ /* [ offset value littleEndian ], when DUK__FLD_TYPEDARRAY * (regardless of ftype) */ /* Handle TypedArray vs. Node.js Buffer arg differences */ if (magic_typedarray) { no_assert = 0; #if defined(DUK_USE_INTEGER_LE) endswap = !duk_to_boolean(thr, 2); /* 1=little endian */ #else endswap = duk_to_boolean(thr, 2); /* 1=little endian */ #endif duk_swap(thr, 0, 1); /* offset/value order different from Node.js */ } else { no_assert = duk_to_boolean(thr, (magic_ftype == DUK__FLD_VARINT) ? 3 : 2); #if defined(DUK_USE_INTEGER_LE) endswap = magic_bigendian; #else endswap = !magic_bigendian; #endif } /* Offset is coerced first to signed integer range and then to unsigned. * This ensures we can add a small byte length (1-8) to the offset in * bound checks and not wrap. */ offset_signed = duk_to_int(thr, 1); offset = (duk_uint_t)offset_signed; /* We need 'nbytes' even for a failed offset; return value must be * (offset + nbytes) even when write fails due to invalid offset. */ if (magic_ftype != DUK__FLD_VARINT) { DUK_ASSERT(magic_ftype >= 0 && magic_ftype < (duk_small_int_t)(sizeof(duk__buffer_nbytes_from_fldtype) / sizeof(duk_uint8_t))); nbytes = duk__buffer_nbytes_from_fldtype[magic_ftype]; } else { nbytes = duk_get_int(thr, 2); if (nbytes < 1 || nbytes > 6) { goto fail_field_length; } } DUK_ASSERT(nbytes >= 1 && nbytes <= 8); /* Now we can check offset validity. */ if (offset_signed < 0) { goto fail_bounds; } DUK_DDD(DUK_DDDPRINT( "writefield, value=%!T, buffer_length=%ld, offset=%ld, no_assert=%d, " "magic=%04x, magic_fieldtype=%d, magic_bigendian=%d, magic_signed=%d, " "endswap=%u", duk_get_tval(thr, 0), (long)buffer_length, (long)offset, (int)no_assert, (unsigned int)magic, (int)magic_ftype, (int)(magic_bigendian >> 3), (int)(magic_signed >> 4), (int)endswap)); /* Coerce value to a number before computing check_length, so that * the field type specific coercion below can't have side effects * that would invalidate check_length. */ duk_to_number(thr, 0); /* Update 'buffer_length' to be the effective, safe limit which * takes into account the underlying buffer. This value will be * potentially invalidated by any side effect. */ check_length = DUK_HBUFOBJ_CLAMP_BYTELENGTH(h_this, buffer_length); DUK_DDD(DUK_DDDPRINT("buffer_length=%ld, check_length=%ld", (long)buffer_length, (long)check_length)); if (h_this->buf) { buf = DUK_HBUFOBJ_GET_SLICE_BASE(thr->heap, h_this); } else { /* Neutered. We could go into the switch-case safely with * buf == NULL because check_length == 0. To avoid scanbuild * warnings, fail directly instead. */ DUK_ASSERT(check_length == 0); goto fail_neutered; } DUK_ASSERT(buf != NULL); switch (magic_ftype) { case DUK__FLD_8BIT: { if (offset + 1U > check_length) { goto fail_bounds; } /* sign doesn't matter when writing */ buf[offset] = (duk_uint8_t)duk_to_uint32(thr, 0); break; } case DUK__FLD_16BIT: { duk_uint16_t tmp; if (offset + 2U > check_length) { goto fail_bounds; } tmp = (duk_uint16_t)duk_to_uint32(thr, 0); if (endswap) { tmp = DUK_BSWAP16(tmp); } du.us[0] = tmp; /* sign doesn't matter when writing */ duk_memcpy((void *)(buf + offset), (const void *)du.uc, 2); break; } case DUK__FLD_32BIT: { duk_uint32_t tmp; if (offset + 4U > check_length) { goto fail_bounds; } tmp = (duk_uint32_t)duk_to_uint32(thr, 0); if (endswap) { tmp = DUK_BSWAP32(tmp); } du.ui[0] = tmp; /* sign doesn't matter when writing */ duk_memcpy((void *)(buf + offset), (const void *)du.uc, 4); break; } case DUK__FLD_FLOAT: { duk_uint32_t tmp; if (offset + 4U > check_length) { goto fail_bounds; } du.f[0] = (duk_float_t)duk_to_number(thr, 0); if (endswap) { tmp = du.ui[0]; tmp = DUK_BSWAP32(tmp); du.ui[0] = tmp; } /* sign doesn't matter when writing */ duk_memcpy((void *)(buf + offset), (const void *)du.uc, 4); break; } case DUK__FLD_DOUBLE: { if (offset + 8U > check_length) { goto fail_bounds; } du.d = (duk_double_t)duk_to_number(thr, 0); if (endswap) { DUK_DBLUNION_BSWAP64(&du); } /* sign doesn't matter when writing */ duk_memcpy((void *)(buf + offset), (const void *)du.uc, 8); break; } case DUK__FLD_VARINT: { /* Node.js Buffer variable width integer field. We don't really * care about speed here, so aim for shortest algorithm. */ duk_int_t field_bytelen; duk_int_t i, i_step, i_end; #if defined(DUK_USE_64BIT_OPS) duk_int64_t tmp; #else duk_double_t tmp; #endif duk_uint8_t *p; field_bytelen = (duk_int_t)nbytes; if (offset + (duk_uint_t)field_bytelen > check_length) { goto fail_bounds; } /* Slow writing of value using either 64-bit arithmetic * or IEEE doubles if 64-bit types not available. There's * no special sign handling when writing varints. */ if (magic_bigendian) { /* Write in big endian */ i = field_bytelen; /* one i_step added at top of loop */ i_step = -1; i_end = 0; } else { /* Write in little endian */ i = -1; /* one i_step added at top of loop */ i_step = 1; i_end = field_bytelen - 1; } /* XXX: The duk_to_number() cast followed by integer coercion * is platform specific so NaN, +/- Infinity, and out-of-bounds * values result in platform specific output now. * See: test-bi-nodejs-buffer-proto-varint-special.js */ #if defined(DUK_USE_64BIT_OPS) tmp = (duk_int64_t)duk_to_number(thr, 0); p = (duk_uint8_t *)(buf + offset); do { i += i_step; DUK_ASSERT(i >= 0 && i < field_bytelen); p[i] = (duk_uint8_t)(tmp & 0xff); tmp = tmp >> 8; /* unnecessary shift for last byte */ } while (i != i_end); #else tmp = duk_to_number(thr, 0); p = (duk_uint8_t *)(buf + offset); do { i += i_step; tmp = DUK_FLOOR(tmp); DUK_ASSERT(i >= 0 && i < field_bytelen); p[i] = (duk_uint8_t)(DUK_FMOD(tmp, 256.0)); tmp = tmp / 256.0; /* unnecessary div for last byte */ } while (i != i_end); #endif break; } default: { /* should never happen but default here */ goto fail_bounds; } } /* Node.js Buffer: return offset + #bytes written (i.e. next * write offset). */ if (magic_typedarray) { /* For TypedArrays 'undefined' return value is specified * by ES2015 (matches V8). */ return 0; } duk_push_uint(thr, offset + (duk_uint_t)nbytes); return 1; fail_neutered: fail_field_length: fail_bounds: if (no_assert) { /* Node.js return value for failed writes is offset + #bytes * that would have been written. */ /* XXX: for negative input offsets, 'offset' will be a large * positive value so the result here is confusing. */ if (magic_typedarray) { return 0; } duk_push_uint(thr, offset + (duk_uint_t)nbytes); return 1; } DUK_DCERROR_RANGE_INVALID_ARGS(thr); } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* * Accessors for .buffer, .byteLength, .byteOffset */ #if defined(DUK_USE_BUFFEROBJECT_SUPPORT) DUK_LOCAL duk_hbufobj *duk__autospawn_arraybuffer(duk_hthread *thr, duk_hbuffer *h_buf) { duk_hbufobj *h_res; h_res = duk_push_bufobj_raw( thr, DUK_HOBJECT_FLAG_EXTENSIBLE | DUK_HOBJECT_FLAG_BUFOBJ | DUK_HOBJECT_CLASS_AS_FLAGS(DUK_HOBJECT_CLASS_ARRAYBUFFER), DUK_BIDX_ARRAYBUFFER_PROTOTYPE); DUK_ASSERT(h_res != NULL); DUK_UNREF(h_res); duk__set_bufobj_buffer(thr, h_res, h_buf); DUK_HBUFOBJ_ASSERT_VALID(h_res); DUK_ASSERT(h_res->buf_prop == NULL); return h_res; } DUK_INTERNAL duk_ret_t duk_bi_typedarray_buffer_getter(duk_hthread *thr) { duk_hbufobj *h_bufobj; h_bufobj = (duk_hbufobj *)duk__getrequire_bufobj_this( thr, DUK__BUFOBJ_FLAG_THROW /*flags*/); DUK_ASSERT(h_bufobj != NULL); if (DUK_HEAPHDR_IS_BUFFER((duk_heaphdr *)h_bufobj)) { DUK_DD(DUK_DDPRINT("autospawn ArrayBuffer for plain buffer")); (void)duk__autospawn_arraybuffer(thr, (duk_hbuffer *)h_bufobj); return 1; } else { if (h_bufobj->buf_prop == NULL && DUK_HOBJECT_GET_CLASS_NUMBER((duk_hobject *)h_bufobj) != DUK_HOBJECT_CLASS_ARRAYBUFFER && h_bufobj->buf != NULL) { duk_hbufobj *h_arrbuf; DUK_DD(DUK_DDPRINT("autospawn ArrayBuffer for typed array or DataView")); h_arrbuf = duk__autospawn_arraybuffer(thr, h_bufobj->buf); if (h_bufobj->buf_prop == NULL) { /* Must recheck buf_prop, in case ArrayBuffer * alloc had a side effect which already filled * it! */ /* Set ArrayBuffer's .byteOffset and .byteLength based * on the view so that Arraybuffer[view.byteOffset] * matches view[0]. */ h_arrbuf->offset = 0; DUK_ASSERT(h_bufobj->offset + h_bufobj->length >= h_bufobj->offset); /* Wrap check on creation. */ h_arrbuf->length = h_bufobj->offset + h_bufobj->length; DUK_ASSERT(h_arrbuf->buf_prop == NULL); DUK_ASSERT(h_bufobj->buf_prop == NULL); h_bufobj->buf_prop = (duk_hobject *)h_arrbuf; DUK_HBUFOBJ_INCREF(thr, h_arrbuf); /* Now reachable and accounted for. */ } /* Left on stack; pushed for the second time below (OK). */ } if (h_bufobj->buf_prop) { duk_push_hobject(thr, h_bufobj->buf_prop); return 1; } } return 0; } DUK_INTERNAL duk_ret_t duk_bi_typedarray_byteoffset_getter(duk_hthread *thr) { duk_hbufobj *h_bufobj; h_bufobj = (duk_hbufobj *)duk__getrequire_bufobj_this( thr, DUK__BUFOBJ_FLAG_THROW /*flags*/); DUK_ASSERT(h_bufobj != NULL); if (DUK_HEAPHDR_IS_BUFFER((duk_heaphdr *)h_bufobj)) { duk_push_uint(thr, 0); } else { /* If neutered must return 0; offset is zeroed during * neutering. */ duk_push_uint(thr, h_bufobj->offset); } return 1; } DUK_INTERNAL duk_ret_t duk_bi_typedarray_bytelength_getter(duk_hthread *thr) { duk_hbufobj *h_bufobj; h_bufobj = (duk_hbufobj *)duk__getrequire_bufobj_this( thr, DUK__BUFOBJ_FLAG_THROW /*flags*/); DUK_ASSERT(h_bufobj != NULL); if (DUK_HEAPHDR_IS_BUFFER((duk_heaphdr *)h_bufobj)) { duk_hbuffer *h_buf; h_buf = (duk_hbuffer *)h_bufobj; DUK_ASSERT(DUK_HBUFFER_GET_SIZE(h_buf) <= DUK_UINT_MAX); /* Buffer limits. */ duk_push_uint(thr, (duk_uint_t)DUK_HBUFFER_GET_SIZE(h_buf)); } else { /* If neutered must return 0; length is zeroed during * neutering. */ duk_push_uint(thr, h_bufobj->length); } return 1; } #else /* DUK_USE_BUFFEROBJECT_SUPPORT */ /* No .buffer getter without ArrayBuffer support. */ #if 0 DUK_INTERNAL duk_ret_t duk_bi_typedarray_buffer_getter(duk_hthread *thr) { return 0; } #endif DUK_INTERNAL duk_ret_t duk_bi_typedarray_byteoffset_getter(duk_hthread *thr) { duk_push_uint(thr, 0); return 1; } DUK_INTERNAL duk_ret_t duk_bi_typedarray_bytelength_getter(duk_hthread *thr) { duk_hbuffer *h_buf; /* XXX: helper? */ duk_push_this(thr); h_buf = duk_require_hbuffer(thr, -1); duk_push_uint(thr, DUK_HBUFFER_GET_SIZE(h_buf)); return 1; } #endif /* DUK_USE_BUFFEROBJECT_SUPPORT */