Weak points:
- alignof
- js problems
Todo:
- make js work with C++ and mozjs-17
- then mozjs-24
- then mozjs-52
- then mozjs-60
- decrease number of warnings
Currently, it is possible for the JSObject that wraps a struct view_state
to outlive the view_state. Using the properties of the JSObject wrapper
will then cause a crash.
This patch adds a smjs_detach_view_state_object function, which is called
in destroy_vs, to dissociate the struct view_state from the JSObject
wrapper. To this end, the patch modifies the struct view_state to point
the JSObject wrapper. smjs_get_view_state_object will use this pointer
if it is set, and copy_vs will copy this pointer to the new view_state.
The patch also modifies view_state_get_property and
view_state_set_property to return immediately if the view_state has been
destroyed. Finally, the patch adds a finalizer (view_state_finalize)
that clears the pointer from the struct view_state to the JSObject.
Rename src/ecmascript/spidermonkey/util.c to
src/ecmascript/spidermonkey-shared.c and compile it also when
CONFIG_SCRIPTING_SMJS is enabled but CONFIG_ECMASCRIPT_SPIDERMONKEY is
not. Then use its functions from src/scripting/smjs/ too. Move the
corresponding declarations, as well as the inline functions needed by
src/scripting/smjs/, from src/ecmascript/spidermonkey/util.h to
src/ecmascript/spidermonkey-shared.h.
ELinks is nowadays using two JSRuntimes and SpiderMonkey has bugs that
make it crash in such use. To work around them, ELinks will need to
be changed to use only one JSRuntime. I am planning to define and
initialize that JSRuntime in src/ecmascript/spidermonkey-shared.c,
now that it's compiled whenever either of the modules is enabled.
This is a further precaution against reading a pointer from the wrong
type of object. All of the JS_GetPrivate calls were already protected
with JS_InstanceOf checks if assertions are enabled, and many of them
also if assertions are not enabled.
This change does not fix any bug, but the SMJS builtin classes use
negative tinyids already, so I presume this is the preferred practice.
At least it means the tinyids won't have to be renumbered later if
some of these objects are changed to behave as arrays.
If ECMAScript code does obj[42], then the getProperty or setProperty
function of the JSClass of obj gets 42 as the property ID and must not
treat that as an internal error.
The getProperty and setProperty functions of a JSClass must not assume
that the obj parameter points to an instance of that class. It might
instead point to another object that merely has an instance of the
class in its prototype chain. Thus, do not assert that JS_InstanceOf
returns true there. Instead, run the check even with CONFIG_FASTMEM,
and just return JS_FALSE if it fails.