Closed Bug 1506502 Opened 6 years ago Closed 5 years ago

JS::Value Private API comments doesn't match the implementation

Categories

(Core :: JavaScript Engine, defect, P3)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1505902
Tracking Flags:
Tracking Status
firefox65 --- affected

People

(Reporter: arai, Assigned: iain)

References

Details

https://searchfox.org/mozilla-central/rev/06d5d5ae4396be85f26e8548323ee6c12e7bce4e/js/public/Value.h#858-865 > /* > * Private API > * > * Private setters/getters allow the caller to read/write arbitrary types > * that fit in the 64-bit payload. It is the caller's responsibility, after > * storing to a value with setPrivateX to read only using getPrivateX. > * Privates values are given a type which ensures they are not marked. > */ > > void setPrivate(void* ptr) { > MOZ_ASSERT((uintptr_t(ptr) & 1) == 0); > #if defined(JS_NUNBOX32) > s_.tag_ = JSValueTag(0); > s_.payload_.ptr_ = ptr; > #elif defined(JS_PUNBOX64) > asBits_ = uintptr_t(ptr) >> 1; > #endif > MOZ_ASSERT(isDouble()); > } > > void* toPrivate() const { > MOZ_ASSERT(isDouble()); > #if defined(JS_NUNBOX32) > return s_.payload_.ptr_; > #elif defined(JS_PUNBOX64) > MOZ_ASSERT((asBits_ & 0x8000000000000000ULL) == 0); > return reinterpret_cast<void*>(asBits_ << 1); > #endif > } There are at least following issues: * there are not getPrivate* methods (but toPrivate*) * it says 64-bit payload, but: * on 32-bit it only supports 32-bit (just wording issue?) * on 64-bit, it requirtes the lowest bit to be 0 (pointer to 1-byte alignment things can fail this requirement, see bug 1505902) * on 64-bit the result of (ptr >> 1) needs to match isDouble(), which means, the pointer should be <= 0xfff00001fffffffe (almost all arbitrary pointers on supported 64-bit arch matches tho) https://searchfox.org/mozilla-central/rev/06d5d5ae4396be85f26e8548323ee6c12e7bce4e/js/public/Value.h#621-627 > bool isDouble() const { > #if defined(JS_NUNBOX32) > return uint32_t(toTag()) <= uint32_t(JSVAL_TAG_CLEAR); > #elif defined(JS_PUNBOX64) > return (asBits_ | mozilla::DoubleTypeTraits::kSignBit) <= JSVAL_SHIFTED_TAG_MAX_DOUBLE; > #endif > }

I fixed these issues as part of bug 1505902.

Assignee: nobody → iireland
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.