Closed
Bug 1234038
Opened 9 years ago
Closed 9 years ago
Self-host ArrayBuffer.prototype.slice.
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla46
| Tracking | Status | |
|---|---|---|
| firefox46 | --- | fixed |
People
(Reporter: arai, Assigned: arai)
References
Details
Attachments
(1 file)
|
15.98 KB,
patch
|
lth
:
review+
|
Details | Diff | Splinter Review |
derived from bug 1165053.
Before supporting @@species in ArrayBuffer.prototype.slice, it should be better to self-host it.
|
Assignee | |
Comment 1•9 years ago
|
||
GetBuiltinConstructor("ArrayBuffer") is needed :)
Depends on: 1226762
|
|
Assignee | |
Comment 2•9 years ago
|
||
Moved implementation to TypedArray.js, with 3 additional selfhost intrinsics:
* ArrayBufferByteLength -- get [[ArrayBufferByteLength]] slot
* ArrayBufferCopyData -- perform CopyDataBlockBytes-like things on arraybuffers
* CallArrayBufferMethodIfWrapped -- almost same as CallTypedArrayMethodIfWrapped, but for ArrayBuffer
Also, added 3 messages related to species constructor (24.1.4.3 steps 13, 15, and 16 [1]), so, they won't be thrown for now.
Almost green on try run: https://treeherder.mozilla.org/#/jobs?repo=try&revision=46afb6a71ba3
[1] https://tc39.github.io/ecma262/#sec-arraybuffer.prototype.slice
Assignee: nobody → arai.unmht
Attachment #8700418 -
Flags: review?(lhansen)
|
||
Comment 3•9 years ago
|
||
Comment on attachment 8700418 [details] [diff] [review]
Self-host ArrayBuffer.prototype.slice.
Review of attachment 8700418 [details] [diff] [review]:
-----------------------------------------------------------------
::: js/src/builtin/TypedArray.js
@@ +1169,5 @@
> +
> +// ES 2016 draft Dec 10, 2015 24.1.4.3.
> +function ArrayBufferSlice(start, end) {
> + // Step 1.
> + var O = this;
Out of curiosity - it doesn't matter here - why "var" instead of "let" or (better) "const", for these immutable bindings?
@@ +1189,5 @@
> + // Step 6.
> + var relativeStart = ToInteger(start);
> +
> + // Step 7.
> + var first = relativeStart < 0 ? std_Math_max(len + relativeStart, 0)
Actually step 8 because you skipped ReturnIfAbrupt(). Several similar errors below.
::: js/src/vm/SelfHosting.cpp
@@ +658,5 @@
> + size_t byteLength = args[0].toObject().as<ArrayBufferObject>().byteLength();
> + if (byteLength <= INT32_MAX)
> + args.rval().setInt32(byteLength);
> + else
> + args.rval().setNumber((double)byteLength);
I believe the bytelength actually needs to be constrained to INT32_MAX for correctness. Please check, and/or ask Waldo. There is certainly such a constraint on TypedArray, and eg Int8Array would not make sense if the constraint did not apply to ArrayBuffer too.
Attachment #8700418 -
Flags: review?(lhansen) → review+
|
||
Comment 4•9 years ago
|
||
(In reply to Lars T Hansen [:lth] from comment #3)
> ::: js/src/vm/SelfHosting.cpp
> @@ +658,5 @@
> > + size_t byteLength = args[0].toObject().as<ArrayBufferObject>().byteLength();
> > + if (byteLength <= INT32_MAX)
> > + args.rval().setInt32(byteLength);
> > + else
> > + args.rval().setNumber((double)byteLength);
>
> I believe the bytelength actually needs to be constrained to INT32_MAX for
> correctness. Please check, and/or ask Waldo. There is certainly such a
> constraint on TypedArray, and eg Int8Array would not make sense if the
> constraint did not apply to ArrayBuffer too.
Logic to create ArrayBuffers of unconstrained length, verifies the byte length is <= INT32_MAX. Ditto for creating typed arrays conceptually backed by ArrayBuffers whose byte lengths might transgress such a limit. This partly enables storing length, byte length, and byte offset as int32_t. There's also one additional, deeper reason for this that currently escapes my mind, that I'd find if I searched a little. (I've thought about extending this restriction to uint32_t to make negatives impossible, but this extra reason I'm forgetting makes it tricky enough I haven't done it.)
In this case, the created ArrayBuffer isn't quite of unconstrained length, because it's slicing an existing ArrayBuffer, so its byte length must be <= the byte length of every other ArrayBuffer, ergo <= INT32_MAX already. So just do
args.rval().setInt32(mozilla::AssertedCast<int32_t>(byteLength));
|
|
Assignee | |
Comment 5•9 years ago
|
||
Thank you for reviewing :)
(In reply to Lars T Hansen [:lth] from comment #3)
> Comment on attachment 8700418 [details] [diff] [review]
> Self-host ArrayBuffer.prototype.slice.
>
> Review of attachment 8700418 [details] [diff] [review]:
> -----------------------------------------------------------------
>
> ::: js/src/builtin/TypedArray.js
> @@ +1169,5 @@
> > +
> > +// ES 2016 draft Dec 10, 2015 24.1.4.3.
> > +function ArrayBufferSlice(start, end) {
> > + // Step 1.
> > + var O = this;
>
> Out of curiosity - it doesn't matter here - why "var" instead of "let" or
> (better) "const", for these immutable bindings?
Oh, I haven't thought of that. I just followed that other self-hosted functions are using var.
> @@ +1189,5 @@
> > + // Step 6.
> > + var relativeStart = ToInteger(start);
> > +
> > + // Step 7.
> > + var first = relativeStart < 0 ? std_Math_max(len + relativeStart, 0)
>
> Actually step 8 because you skipped ReturnIfAbrupt(). Several similar
> errors below.
I should've noted that I referred ES 2016 draft spec, it changes |ReturnIfAbrupt| with |?| notation, and step numbers are changed from ES6.
https://tc39.github.io/ecma262/#sec-arraybuffer.prototype.slice
> ::: js/src/vm/SelfHosting.cpp
> @@ +658,5 @@
> > + size_t byteLength = args[0].toObject().as<ArrayBufferObject>().byteLength();
> > + if (byteLength <= INT32_MAX)
> > + args.rval().setInt32(byteLength);
> > + else
> > + args.rval().setNumber((double)byteLength);
>
> I believe the bytelength actually needs to be constrained to INT32_MAX for
> correctness. Please check, and/or ask Waldo. There is certainly such a
> constraint on TypedArray, and eg Int8Array would not make sense if the
> constraint did not apply to ArrayBuffer too.
thank you lth and Waldo, I'll fix it :)
|
|
||
Comment 6•9 years ago
|
||
(In reply to Tooru Fujisawa [:arai] from comment #5)
> Thank you for reviewing :)
>
> (In reply to Lars T Hansen [:lth] from comment #3)
> > Comment on attachment 8700418 [details] [diff] [review]
> > Self-host ArrayBuffer.prototype.slice.
> >
> > @@ +1189,5 @@
> > > + // Step 6.
> > > + var relativeStart = ToInteger(start);
> > > +
> > > + // Step 7.
> > > + var first = relativeStart < 0 ? std_Math_max(len + relativeStart, 0)
> >
> > Actually step 8 because you skipped ReturnIfAbrupt(). Several similar
> > errors below.
>
> I should've noted that I referred ES 2016 draft spec, it changes
> |ReturnIfAbrupt| with |?| notation, and step numbers are changed from ES6.
>
> https://tc39.github.io/ecma262/#sec-arraybuffer.prototype.slice
Actually I now see that your patch has a comment to that effect above the function, I just did not notice it. My fault.
IMO it would be better to stick to a currently ratified spec text instead of a future draft when implementing a function, whenever reasonable, ie, it would be better to reference ES2015 here. But I don't know what the tradition is for that within the team; perhaps better to ask somebody with longer tenure if you want to address this remark (not required).
|
|
Assignee | |
Comment 7•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/ed77e0bf3f711d794de5ca572f2230abef9ea497
Bug 1234038 - Self-host ArrayBuffer.prototype.slice. r=lth
|
|
||
Comment 8•9 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla46
You need to log in
before you can comment on or make changes to this bug.
Description
•