Changeset 262342 in webkit for trunk/Source/JavaScriptCore/runtime/JSBigInt.h

Timestamp:

May 30, 2020, 12:46:53 AM (5 years ago)

Author:

[email protected]

Message:

[JSC] JSBigInt allocation should be graceful for OOM
​https://bugs.webkit.org/show_bug.cgi?id=212512

Reviewed by Mark Lam.

JSTests:

• stress/bigint-can-throw-oom.js: Copied from JSTests/stress/get-function-realm-not-doing-recursion.js.

(canThrow):
(foo):
(get foo):

• stress/get-function-realm-not-doing-recursion.js:

(canThrow):

Source/JavaScriptCore:

This patch allows JSBigInt's storage allocation to fail gracefully if OOM condition happens.
We thread JSGlobalObject* instead of VM& and throw OOM error if storage allocation failed.
We also rename JSGlobalObject* globalObject parameter to JSGlobalObject* nullOrGlobalObjectForOOM
if it can be nullptr.

• jit/JITOperations.cpp:
• jsc.cpp:

(functionCreateHeapBigInt):

• parser/ParserArena.cpp:

(JSC::IdentifierArena::makeBigIntDecimalIdentifier):

• runtime/BigIntConstructor.cpp:

(JSC::toBigInt):
(JSC::callBigIntConstructor):

• runtime/BigIntPrototype.cpp:

(JSC::toThisBigIntValue):
(JSC::bigIntProtoFuncToString):
(JSC::bigIntProtoFuncToLocaleString):
(JSC::bigIntProtoFuncValueOf):

• runtime/CachedTypes.cpp:

(JSC::CachedBigInt::decode const):

• runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

• runtime/IntlNumberFormatPrototype.cpp:

(JSC::IntlNumberFormatFuncFormat):

• runtime/JSBigInt.cpp:

(JSC::JSBigInt::createZero):
(JSC::JSBigInt::tryCreateZero):
(JSC::JSBigInt::createWithLength):
(JSC::JSBigInt::tryCreateWithLength):
(JSC::JSBigInt::createFrom):
(JSC::JSBigInt::tryCreateFrom):
(JSC::JSBigInt::createFromImpl):
(JSC::JSBigInt::parseInt):
(JSC::HeapBigIntImpl::toHeapBigInt):
(JSC::Int32BigIntImpl::toHeapBigInt):
(JSC::zeroImpl):
(JSC::JSBigInt::exponentiateImpl):
(JSC::JSBigInt::multiplyImpl):
(JSC::JSBigInt::divideImpl):
(JSC::JSBigInt::copy):
(JSC::JSBigInt::unaryMinusImpl):
(JSC::JSBigInt::unaryMinus):
(JSC::JSBigInt::remainderImpl):
(JSC::JSBigInt::incImpl):
(JSC::JSBigInt::decImpl):
(JSC::JSBigInt::addImpl):
(JSC::JSBigInt::subImpl):
(JSC::JSBigInt::bitwiseAndImpl):
(JSC::JSBigInt::bitwiseOrImpl):
(JSC::JSBigInt::bitwiseXorImpl):
(JSC::JSBigInt::absoluteAdd):
(JSC::JSBigInt::absoluteSub):
(JSC::JSBigInt::absoluteDivWithDigitDivisor):
(JSC::JSBigInt::absoluteDivWithBigIntDivisor):
(JSC::JSBigInt::absoluteLeftShiftAlwaysCopy):
(JSC::JSBigInt::absoluteBitwiseOp):
(JSC::JSBigInt::absoluteAnd):
(JSC::JSBigInt::absoluteOr):
(JSC::JSBigInt::absoluteAndNot):
(JSC::JSBigInt::absoluteXor):
(JSC::JSBigInt::absoluteAddOne):
(JSC::JSBigInt::absoluteSubOne):
(JSC::JSBigInt::leftShiftByAbsolute):
(JSC::JSBigInt::rightShiftByAbsolute):
(JSC::JSBigInt::rightShiftByMaximum):
(JSC::JSBigInt::toStringBasePowerOfTwo):
(JSC::JSBigInt::toStringGeneric):
(JSC::JSBigInt::rightTrim):
(JSC::JSBigInt::tryRightTrim):
(JSC::JSBigInt::allocateFor):
(JSC::JSBigInt::asIntNImpl):
(JSC::JSBigInt::asUintNImpl):
(JSC::JSBigInt::truncateToNBits):
(JSC::JSBigInt::truncateAndSubFromPowerOfTwo):
(JSC::JSBigInt::createWithLengthUnchecked): Deleted.

• runtime/JSBigInt.h:
• runtime/JSCJSValue.cpp:

(JSC::JSValue::toThisSlowCase const):

• runtime/VM.cpp:

(JSC::VM::VM):

Source/WebCore:

• bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneDeserializer::readBigInt):

File:

• trunk/Source/JavaScriptCore/runtime/JSBigInt.h (modified) (17 diffs)

trunk/Source/JavaScriptCore/runtime/JSBigInt.h

@@ -66 +66 @@
 
     static Structure* createStructure(VM&, JSGlobalObject*, JSValue prototype);
-    JS_EXPORT_PRIVATE static JSBigInt* createZero(VM&);
-    JS_EXPORT_PRIVATE static JSBigInt* tryCreateWithLength(JSGlobalObject*, unsigned length);
-    static JSBigInt* createWithLengthUnchecked(VM&, unsigned length);
-
-    JS_EXPORT_PRIVATE static JSBigInt* createFrom(VM&, int32_t value);
-    static JSBigInt* createFrom(VM&, uint32_t value);
-    static JSBigInt* createFrom(VM&, int64_t value);
-    static JSBigInt* createFrom(VM&, uint64_t value);
-    static JSBigInt* createFrom(VM&, bool value);
-    static JSBigInt* createFrom(VM&, double value);
+    JS_EXPORT_PRIVATE static JSBigInt* createZero(JSGlobalObject*);
+    JS_EXPORT_PRIVATE static JSBigInt* tryCreateZero(VM&);
+    JS_EXPORT_PRIVATE static JSBigInt* tryCreateWithLength(VM&, unsigned length);
+    JS_EXPORT_PRIVATE static JSBigInt* createWithLength(JSGlobalObject*, unsigned length);
+
+    JS_EXPORT_PRIVATE static JSBigInt* createFrom(JSGlobalObject*, int32_t value);
+    static JSBigInt* tryCreateFrom(VM&, int32_t value);
+    static JSBigInt* createFrom(JSGlobalObject*, uint32_t value);
+    static JSBigInt* createFrom(JSGlobalObject*, int64_t value);
+    static JSBigInt* createFrom(JSGlobalObject*, uint64_t value);
+    static JSBigInt* createFrom(JSGlobalObject*, bool value);
+    static JSBigInt* createFrom(JSGlobalObject*, double value);
+
+    static JSBigInt* createFrom(JSGlobalObject*, VM&, int32_t value);
 
     static size_t offsetOfLength()
@@ -91 +95 @@
     unsigned length() const { return m_length; }
 
-    static JSValue makeHeapBigIntOrBigInt32(VM& vm, int64_t value)
+    static JSValue makeHeapBigIntOrBigInt32(JSGlobalObject* globalObject, int64_t value)
     {
 #if USE(BIGINT32)
@@ -97 +101 @@
             return jsBigInt32(static_cast<int32_t>(value));
 #endif
-        return JSBigInt::createFrom(vm, value);
-    }
-
-    static JSValue makeHeapBigIntOrBigInt32(VM& vm, double value)
+        return JSBigInt::createFrom(globalObject, value);
+    }
+
+    static JSValue makeHeapBigIntOrBigInt32(JSGlobalObject* globalObject, double value)
     {
         ASSERT(isInteger(value));
         if (std::abs(value) <= maxSafeInteger())
-            return makeHeapBigIntOrBigInt32(vm, static_cast<int64_t>(value));
-        return JSBigInt::createFrom(vm, value);
+            return makeHeapBigIntOrBigInt32(globalObject, static_cast<int64_t>(value));
+        return JSBigInt::createFrom(globalObject, value);
     }
 
@@ -159 +163 @@
     ComparisonResult static compareToDouble(JSBigInt* x, double y);
 
-    ALWAYS_INLINE static JSValue asInt32OrHeapCell(VM& vm, int64_t value)
+    ALWAYS_INLINE static JSValue asInt32OrHeapCell(JSGlobalObject* globalObject, int64_t value)
     {
 #if USE(BIGINT32)
@@ -165 +169 @@
             return jsBigInt32(static_cast<int32_t>(value));
 #endif
-        return createFrom(vm, value);
-    }
-    ALWAYS_INLINE static JSValue asInt32OrHeapCell(JSGlobalObject* globalObject, int64_t value)
-    {
-        return asInt32OrHeapCell(globalObject->vm(), value);
+        return createFrom(globalObject, value);
     }
 
@@ -185 +185 @@
     };
 private:
+    static JSBigInt* createWithLength(JSGlobalObject*, VM&, unsigned length);
+    static JSBigInt* createZero(JSGlobalObject*, VM&);
 
     template <typename BigIntImpl1, typename BigIntImpl2>
@@ -211 +213 @@
 
     template <typename BigIntImpl>
-    static ImplResult unaryMinusImpl(VM&, BigIntImpl x);
+    static ImplResult unaryMinusImpl(JSGlobalObject*, BigIntImpl x);
 
     template <typename BigIntImpl1, typename BigIntImpl2>
@@ -296 +298 @@
     {
         if (!y) {
-            auto scope = DECLARE_THROW_SCOPE(globalObject->vm());
+            auto scope = DECLARE_THROW_SCOPE(getVM(globalObject));
             throwRangeError(globalObject, scope, "0 is an invalid divisor value."_s);
             return JSValue();
@@ -311 +313 @@
     {
         if (!y) {
-            auto scope = DECLARE_THROW_SCOPE(globalObject->vm());
+            auto scope = DECLARE_THROW_SCOPE(getVM(globalObject));
             throwRangeError(globalObject, scope, "0 is an invalid divisor value."_s);
             return JSValue();
@@ -319 +321 @@
 #endif
 
-    static JSValue unaryMinus(VM&, JSBigInt* x);
-#if USE(BIGINT32)
-    static JSValue unaryMinus(VM& vm, int32_t x)
-    {
-        return asInt32OrHeapCell(vm, -static_cast<int64_t>(x));
+    static JSValue unaryMinus(JSGlobalObject*, JSBigInt* x);
+#if USE(BIGINT32)
+    static JSValue unaryMinus(JSGlobalObject* globalObject, int32_t x)
+    {
+        return asInt32OrHeapCell(globalObject, -static_cast<int64_t>(x));
     }
 #endif
@@ -424 +426 @@
     Digit digit(unsigned);
     void setDigit(unsigned, Digit); // Use only when initializing.
-    JS_EXPORT_PRIVATE JSBigInt* rightTrim(VM&);
+    JS_EXPORT_PRIVATE JSBigInt* rightTrim(JSGlobalObject*);
+    JS_EXPORT_PRIVATE JSBigInt* tryRightTrim(VM&);
 
 private:
     JSBigInt(VM&, Structure*, Digit*, unsigned length);
 
-    static JSBigInt* createFromImpl(VM&, uint64_t value, bool sign);
+    JSBigInt* rightTrim(JSGlobalObject*, VM&);
+
+    static JSBigInt* createFromImpl(JSGlobalObject*, uint64_t value, bool sign);
 
     static constexpr unsigned bitsPerByte = 8;
@@ -455 +460 @@
     static ComparisonResult absoluteCompare(BigIntImpl1 x, BigIntImpl2 y);
     template <typename BigIntImpl>
-    static void absoluteDivWithDigitDivisor(VM&, BigIntImpl x, Digit divisor, JSBigInt** quotient, Digit& remainder);
+    static bool absoluteDivWithDigitDivisor(JSGlobalObject*, VM&, BigIntImpl x, Digit divisor, JSBigInt** quotient, Digit& remainder);
     template <typename BigIntImpl>
     static void internalMultiplyAdd(BigIntImpl source, Digit factor, Digit summand, unsigned, JSBigInt* result);
@@ -490 +495 @@
 
     template<typename BigIntImpl1, typename BigIntImpl2, typename BitwiseOp>
-    static JSBigInt* absoluteBitwiseOp(VM&, BigIntImpl1 x, BigIntImpl2 y, ExtraDigitsHandling, BitwiseOp&&);
-
-    template <typename BigIntImpl1, typename BigIntImpl2>
-    static JSBigInt* absoluteAnd(VM&, BigIntImpl1 x, BigIntImpl2 y);
-    template <typename BigIntImpl1, typename BigIntImpl2>
-    static JSBigInt* absoluteOr(VM&, BigIntImpl1 x, BigIntImpl2 y);
-    template <typename BigIntImpl1, typename BigIntImpl2>
-    static JSBigInt* absoluteAndNot(VM&, BigIntImpl1 x, BigIntImpl2 y);
-    template <typename BigIntImpl1, typename BigIntImpl2>
-    static JSBigInt* absoluteXor(VM&, BigIntImpl1 x, BigIntImpl2 y);
+    static JSBigInt* absoluteBitwiseOp(JSGlobalObject*, BigIntImpl1 x, BigIntImpl2 y, ExtraDigitsHandling, BitwiseOp&&);
+
+    template <typename BigIntImpl1, typename BigIntImpl2>
+    static JSBigInt* absoluteAnd(JSGlobalObject*, BigIntImpl1 x, BigIntImpl2 y);
+    template <typename BigIntImpl1, typename BigIntImpl2>
+    static JSBigInt* absoluteOr(JSGlobalObject*, BigIntImpl1 x, BigIntImpl2 y);
+    template <typename BigIntImpl1, typename BigIntImpl2>
+    static JSBigInt* absoluteAndNot(JSGlobalObject*, BigIntImpl1 x, BigIntImpl2 y);
+    template <typename BigIntImpl1, typename BigIntImpl2>
+    static JSBigInt* absoluteXor(JSGlobalObject*, BigIntImpl1 x, BigIntImpl2 y);
 
     enum class SignOption {
@@ -536 +541 @@
 
     template <typename BigIntImpl>
-    static JSBigInt* copy(VM&, BigIntImpl x);
+    static JSBigInt* copy(JSGlobalObject*, BigIntImpl x);
 
     void inplaceMultiplyAdd(Digit multiplier, Digit part);
@@ -542 +547 @@
     static ImplResult absoluteAdd(JSGlobalObject*, BigIntImpl1 x, BigIntImpl2 y, bool resultSign);
     template <typename BigIntImpl1, typename BigIntImpl2>
-    static ImplResult absoluteSub(VM&, BigIntImpl1 x, BigIntImpl2 y, bool resultSign);
+    static ImplResult absoluteSub(JSGlobalObject*, BigIntImpl1 x, BigIntImpl2 y, bool resultSign);
 
     template <typename BigIntImpl1, typename BigIntImpl2>
@@ -549 +554 @@
     static ImplResult rightShiftByAbsolute(JSGlobalObject*, BigIntImpl1 x, BigIntImpl2 y);
 
-    static ImplResult rightShiftByMaximum(VM&, bool sign);
+    static ImplResult rightShiftByMaximum(JSGlobalObject*, bool sign);
 
     template <typename BigIntImpl>
@@ -559 +564 @@
     static ImplResult asUintNImpl(JSGlobalObject*, uint64_t, BigIntImpl);
     template <typename BigIntImpl>
-    static ImplResult truncateToNBits(VM&, int32_t, BigIntImpl);
-    template <typename BigIntImpl>
-    static ImplResult truncateAndSubFromPowerOfTwo(VM&, int32_t, BigIntImpl, bool resultSign);
+    static ImplResult truncateToNBits(JSGlobalObject*, int32_t, BigIntImpl);
+    template <typename BigIntImpl>
+    static ImplResult truncateAndSubFromPowerOfTwo(JSGlobalObject*, int32_t, BigIntImpl, bool resultSign);
 
     inline static size_t offsetOfData()