1// Copyright 2019 the V8 project authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5bitfield struct JSArrayBufferFlags extends uint32 { 6 is_external: bool: 1 bit; 7 is_detachable: bool: 1 bit; 8 was_detached: bool: 1 bit; 9 is_asm_js_memory: bool: 1 bit; 10 is_shared: bool: 1 bit; 11 is_resizable: bool: 1 bit; 12} 13 14extern class JSArrayBuffer extends JSObjectWithEmbedderSlots { 15 byte_length: uintptr; 16 max_byte_length: uintptr; 17 // A SandboxedPtr if the sandbox is enabled 18 backing_store: RawPtr; 19 extension: RawPtr; 20 bit_field: JSArrayBufferFlags; 21 // Pads header size to be a multiple of kTaggedSize. 22 @if(TAGGED_SIZE_8_BYTES) optional_padding: uint32; 23 @ifnot(TAGGED_SIZE_8_BYTES) optional_padding: void; 24} 25 26extern operator '.backing_store_ptr' macro LoadJSArrayBufferBackingStorePtr( 27 JSArrayBuffer): RawPtr; 28 29@export 30macro IsDetachedBuffer(buffer: JSArrayBuffer): bool { 31 return buffer.bit_field.was_detached; 32} 33 34@export 35macro IsSharedArrayBuffer(buffer: JSArrayBuffer): bool { 36 return buffer.bit_field.is_shared; 37} 38 39@export 40macro IsResizableArrayBuffer(buffer: JSArrayBuffer): bool { 41 return buffer.bit_field.is_resizable; 42} 43 44// We have 4 different DataViews & TypedArrays: 45// 1) Normal (backed by AB / SAB) or non-length tracking backed by GSAB (can't 46// go oob once constructed) 47// 2) Non-length tracking backed by RAB (can go oob once constructed) 48// 3) Length-tracking backed by RAB (JSArrayBuffer stores the length) 49// 4) Length-tracking backed by GSAB (BackingStore stores the length) 50bitfield struct JSArrayBufferViewFlags extends uint32 { 51 is_length_tracking: bool: 1 bit; 52 is_backed_by_rab: bool: 1 bit; 53} 54 55@abstract 56extern class JSArrayBufferView extends JSObjectWithEmbedderSlots { 57 buffer: JSArrayBuffer; 58 byte_offset: uintptr; 59 byte_length: uintptr; 60 bit_field: JSArrayBufferViewFlags; 61 // Pads header size to be a multiple of kTaggedSize. 62 @if(TAGGED_SIZE_8_BYTES) optional_padding: uint32; 63 @ifnot(TAGGED_SIZE_8_BYTES) optional_padding: void; 64} 65 66@export 67macro IsVariableLengthJSArrayBufferView(array: JSArrayBufferView): bool { 68 return array.bit_field.is_length_tracking || array.bit_field.is_backed_by_rab; 69} 70 71@export 72macro IsLengthTrackingJSArrayBufferView(array: JSArrayBufferView): bool { 73 return array.bit_field.is_length_tracking; 74} 75 76extern macro LoadVariableLengthJSArrayBufferViewByteLength( 77 JSArrayBufferView, JSArrayBuffer): uintptr labels DetachedOrOutOfBounds; 78 79macro LoadJSArrayBufferViewByteLength( 80 view: JSArrayBufferView, 81 buffer: JSArrayBuffer): uintptr labels DetachedOrOutOfBounds { 82 if (IsVariableLengthJSArrayBufferView(view)) { 83 return LoadVariableLengthJSArrayBufferViewByteLength(view, buffer) 84 otherwise DetachedOrOutOfBounds; 85 } 86 if (IsDetachedBuffer(buffer)) goto DetachedOrOutOfBounds; 87 return view.byte_length; 88} 89 90extern class JSTypedArray extends JSArrayBufferView { 91 length: uintptr; 92 // A SandboxedPtr if the sandbox is enabled 93 external_pointer: RawPtr; 94 base_pointer: ByteArray|Smi; 95} 96 97@export 98macro IsOnHeapTypedArray(array: JSTypedArray): bool { 99 // See JSTypedArray::is_on_heap() 100 return TaggedNotEqual(array.base_pointer, SmiConstant(0)); 101} 102 103extern class JSDataView extends JSArrayBufferView { 104 // A SandboxedPtr if the sandbox is enabled 105 data_pointer: RawPtr; 106} 107 108@abstract 109@doNotGenerateCast extern class TypedArrayConstructor extends JSFunction 110 generates 'TNode<JSFunction>'; 111@doNotGenerateCast 112extern class Uint8TypedArrayConstructor extends TypedArrayConstructor 113 generates 'TNode<JSFunction>'; 114@doNotGenerateCast 115extern class Int8TypedArrayConstructor extends TypedArrayConstructor 116 generates 'TNode<JSFunction>'; 117@doNotGenerateCast 118extern class Uint16TypedArrayConstructor extends TypedArrayConstructor 119 generates 'TNode<JSFunction>'; 120@doNotGenerateCast 121extern class Int16TypedArrayConstructor extends TypedArrayConstructor 122 generates 'TNode<JSFunction>'; 123@doNotGenerateCast 124extern class Uint32TypedArrayConstructor extends TypedArrayConstructor 125 generates 'TNode<JSFunction>'; 126@doNotGenerateCast 127extern class Int32TypedArrayConstructor extends TypedArrayConstructor 128 generates 'TNode<JSFunction>'; 129@doNotGenerateCast 130extern class Float32TypedArrayConstructor extends TypedArrayConstructor 131 generates 'TNode<JSFunction>'; 132@doNotGenerateCast 133extern class Float64TypedArrayConstructor extends TypedArrayConstructor 134 generates 'TNode<JSFunction>'; 135@doNotGenerateCast 136extern class Uint8ClampedTypedArrayConstructor extends TypedArrayConstructor 137 generates 'TNode<JSFunction>'; 138@doNotGenerateCast 139extern class Biguint64TypedArrayConstructor extends TypedArrayConstructor 140 generates 'TNode<JSFunction>'; 141@doNotGenerateCast 142extern class Bigint64TypedArrayConstructor extends TypedArrayConstructor 143 generates 'TNode<JSFunction>'; 144