From a5f945008c2b524c5ad405275ec502e1155a7e70 Mon Sep 17 00:00:00 2001
From: Koby Boyango <koby.b@mce-sys.com>
Date: Sun, 11 Feb 2018 11:25:45 +0200
Subject: [PATCH] [JSC] Added "user controlled buffer" support to ArrayBuffers,
 to allow creating ArrayBuffers "around" user controlled buffer, without
 copying or freeing them

---
 Source/JavaScriptCore/runtime/ArrayBuffer.cpp | 13 +++++++++++++
 Source/JavaScriptCore/runtime/ArrayBuffer.h   | 17 +++++++++++++++--
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/Source/JavaScriptCore/runtime/ArrayBuffer.cpp b/Source/JavaScriptCore/runtime/ArrayBuffer.cpp
index 4171f2e1ea4b7..bf3c9c327ef6a 100644
--- a/Source/JavaScriptCore/runtime/ArrayBuffer.cpp
+++ b/Source/JavaScriptCore/runtime/ArrayBuffer.cpp
@@ -264,6 +264,7 @@ ArrayBuffer::ArrayBuffer(ArrayBufferContents&& contents)
     , m_pinCount(0)
     , m_isWasmMemory(false)
     , m_locked(false)
+	, m_isApiUserControlledBuffer(false)
 {
 }
 
@@ -297,6 +298,18 @@ void ArrayBuffer::makeWasmMemory()
     m_isWasmMemory = true;
 }
 
+void ArrayBuffer::makeApiUserControlledBuffer()
+{
+	m_isApiUserControlledBuffer = true;
+	
+	if (m_contents.m_shared) {
+		m_contents.m_shared->m_destructor = [](void*) {};
+	}
+	else {
+		m_contents.m_destructor = [](void*) {};
+	}
+}
+
 void ArrayBuffer::setSharingMode(ArrayBufferSharingMode newSharingMode)
 {
     if (newSharingMode == sharingMode())
diff --git a/Source/JavaScriptCore/runtime/ArrayBuffer.h b/Source/JavaScriptCore/runtime/ArrayBuffer.h
index 18725cc9ce75f..b07f72b65ca28 100644
--- a/Source/JavaScriptCore/runtime/ArrayBuffer.h
+++ b/Source/JavaScriptCore/runtime/ArrayBuffer.h
@@ -51,6 +51,8 @@ class SharedArrayBufferContents : public ThreadSafeRefCounted<SharedArrayBufferC
     void* data() const { return m_data.getMayBeNull(); }
     
 private:
+	friend class ArrayBuffer;
+
     CagedPtr<Gigacage::Primitive, void> m_data;
     ArrayBufferDestructorFunction m_destructor;
 };
@@ -138,6 +140,9 @@ class ArrayBuffer : public GCIncomingRefCounted<ArrayBuffer> {
     void makeWasmMemory();
     inline bool isWasmMemory();
 
+	void makeApiUserControlledBuffer();
+	inline bool isApiUserControlledBuffer() const;
+
     JS_EXPORT_PRIVATE bool transferTo(VM&, ArrayBufferContents&);
     JS_EXPORT_PRIVATE bool shareWith(ArrayBufferContents&);
 
@@ -160,12 +165,13 @@ class ArrayBuffer : public GCIncomingRefCounted<ArrayBuffer> {
     void notifyIncommingReferencesOfTransfer(VM&);
 
     ArrayBufferContents m_contents;
-    unsigned m_pinCount : 30;
+    unsigned m_pinCount : 29;
     bool m_isWasmMemory : 1;
     // m_locked == true means that some API user fetched m_contents directly from a TypedArray object,
     // the buffer is backed by a WebAssembly.Memory, or is a SharedArrayBuffer.
     bool m_locked : 1;
-
+	bool m_isApiUserControlledBuffer : 1;
+	
 public:
     Weak<JSArrayBuffer> m_wrapper;
 };
@@ -239,6 +245,13 @@ bool ArrayBuffer::isWasmMemory()
     return m_isWasmMemory;
 }
 
+bool ArrayBuffer::isApiUserControlledBuffer() const
+{
+	return m_isApiUserControlledBuffer;
+}
+
+
+
 JS_EXPORT_PRIVATE ASCIILiteral errorMesasgeForTransfer(ArrayBuffer*);
 
 } // namespace JSC