From 0488a95df8bf30bda8a52aafecd6caa39dfb7fb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Bargull?= Date: Fri, 10 Mar 2017 23:40:17 +0100 Subject: [PATCH] Bug 1346074 - Part 2: Move ToLengthClamped into jsarray.cpp. r=shu --HG-- extra : rebase_source : a89628cae4e9b8424d2a6eef42d12a6e60a96734 --- js/src/jsarray.cpp | 35 +++++++++++++++++++++++++++++------ js/src/jsnum.cpp | 30 ------------------------------ js/src/jsnum.h | 6 ------ 3 files changed, 29 insertions(+), 42 deletions(-) diff --git a/js/src/jsarray.cpp b/js/src/jsarray.cpp index dae1101457f0..040e0d832188 100644 --- a/js/src/jsarray.cpp +++ b/js/src/jsarray.cpp @@ -98,6 +98,32 @@ JS::IsArray(JSContext* cx, HandleObject obj, bool* isArray) return true; } +// ES2017 7.1.15 ToLength, but clamped to the [0,2^32-2] range. +static bool +ToLengthClamped(JSContext* cx, HandleValue v, uint32_t* out) +{ + if (v.isInt32()) { + int32_t i = v.toInt32(); + *out = i < 0 ? 0 : i; + return true; + } + double d; + if (v.isDouble()) { + d = v.toDouble(); + } else { + if (!ToNumber(cx, v, &d)) + return false; + } + d = JS::ToInteger(d); + if (d <= 0.0) + *out = 0; + else if (d < double(UINT32_MAX - 1)) + *out = uint32_t(d); + else + *out = UINT32_MAX; + return true; +} + bool js::GetLengthProperty(JSContext* cx, HandleObject obj, uint32_t* lengthp) { @@ -123,12 +149,9 @@ js::GetLengthProperty(JSContext* cx, HandleObject obj, uint32_t* lengthp) if (!GetProperty(cx, obj, obj, cx->names().length, &value)) return false; - bool overflow; - if (!ToLengthClamped(cx, value, lengthp, &overflow)) { - if (!overflow) - return false; - *lengthp = UINT32_MAX; - } + if (!ToLengthClamped(cx, value, lengthp)) + return false; + return true; } diff --git a/js/src/jsnum.cpp b/js/src/jsnum.cpp index 077d72d71c4a..a03ab3dae81e 100644 --- a/js/src/jsnum.cpp +++ b/js/src/jsnum.cpp @@ -1770,36 +1770,6 @@ js::ToUint16Slow(JSContext* cx, const HandleValue v, uint16_t* out) return true; } -bool -js::ToLengthClamped(JSContext* cx, HandleValue v, uint32_t* out, bool* overflow) -{ - if (v.isInt32()) { - int32_t i = v.toInt32(); - *out = i < 0 ? 0 : i; - return true; - } - double d; - if (v.isDouble()) { - d = v.toDouble(); - } else { - if (!ToNumber(cx, v, &d)) { - *overflow = false; - return false; - } - } - d = JS::ToInteger(d); - if (d <= 0.0) { - *out = 0; - return true; - } - if (d >= (double)0xFFFFFFFEU) { - *overflow = true; - return false; - } - *out = (uint32_t)d; - return true; -} - bool js::NonStandardToIndex(JSContext* cx, HandleValue v, uint64_t* index) { diff --git a/js/src/jsnum.h b/js/src/jsnum.h index 62514add1526..de7fceab07f4 100644 --- a/js/src/jsnum.h +++ b/js/src/jsnum.h @@ -266,12 +266,6 @@ ToInteger(JSContext* cx, HandleValue v, double* dp) return true; } -/* ES6 7.1.15 ToLength, but clamped to the [0,2^32-2] range. If the - * return value is false then *overflow will be true iff the value was - * not clampable to uint32_t range. - */ -MOZ_MUST_USE bool ToLengthClamped(JSContext* cx, HandleValue v, uint32_t* out, bool* overflow); - /* Non-standard convert and range check an index value as for SIMD, and Atomics * operations, eg ES7 24.2.1.1, DataView's GetViewValue(): *