More cleanup related to setting array.length

src/elements.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #include "src/arguments.h"
 #include "src/conversions.h"
 #include "src/elements.h"
 #include "src/messages.h"
@@ skipping 618 matching lines @@
     return ElementsAccessorSubclass::GetAccessorPairImpl(holder, key,
                                                          backing_store);
   }
 
   static MaybeHandle<AccessorPair> GetAccessorPairImpl(
       Handle<JSObject> obj, uint32_t key,
       Handle<FixedArrayBase> backing_store) {
     return MaybeHandle<AccessorPair>();
   }
 
-  MUST_USE_RESULT virtual MaybeHandle<Object> SetLength(
-      Handle<JSArray> array, Handle<Object> length) final {
-    return ElementsAccessorSubclass::SetLengthImpl(
-        array, length, handle(array->elements()));
+  virtual void SetLength(Handle<JSArray> array, uint32_t length) final {
+    ElementsAccessorSubclass::SetLengthImpl(array, length,
+                                            handle(array->elements()));
   }
 
-  MUST_USE_RESULT static MaybeHandle<Object> SetLengthImpl(
-      Handle<JSObject> obj,
-      Handle<Object> length,
-      Handle<FixedArrayBase> backing_store);
+  static void SetLengthImpl(Handle<JSArray> array, uint32_t length,
+                            Handle<FixedArrayBase> backing_store);
 
   virtual void SetCapacityAndLength(Handle<JSArray> array, int capacity,
                                     int length) final {
     ElementsAccessorSubclass::
         SetFastElementsCapacityAndLength(array, capacity, length);
   }
 
   static void SetFastElementsCapacityAndLength(
       Handle<JSObject> obj,
       int capacity,
@@ skipping 200 matching lines @@
   explicit FastElementsAccessor(const char* name)
       : ElementsAccessorBase<FastElementsAccessorSubclass,
                              KindTraits>(name) {}
  protected:
   friend class ElementsAccessorBase<FastElementsAccessorSubclass, KindTraits>;
   friend class SloppyArgumentsElementsAccessor;
 
   typedef typename KindTraits::BackingStore BackingStore;
 
   // Adjusts the length of the fast backing store.
-  static Handle<Object> SetLengthWithoutNormalize(
-      Handle<FixedArrayBase> backing_store,
-      Handle<JSArray> array,
-      Handle<Object> length_object,
+  static uint32_t SetLengthWithoutNormalize(
+      Handle<FixedArrayBase> backing_store, Handle<JSArray> array,
       uint32_t length) {
     Isolate* isolate = array->GetIsolate();
     uint32_t old_capacity = backing_store->length();
     Handle<Object> old_length(array->length(), isolate);
     bool same_or_smaller_size = old_length->IsSmi() &&
         static_cast<uint32_t>(Handle<Smi>::cast(old_length)->value()) >= length;
     ElementsKind kind = array->GetElementsKind();
 
     if (!same_or_smaller_size && IsFastElementsKind(kind) &&
         !IsFastHoleyElementsKind(kind)) {
@@ skipping 14 matching lines @@
           isolate->heap()->RightTrimFixedArray<Heap::CONCURRENT_TO_SWEEPER>(
               *backing_store, old_capacity - length);
         }
       } else {
         // Otherwise, fill the unused tail with holes.
         int old_length = FastD2IChecked(array->length()->Number());
         for (int i = length; i < old_length; i++) {
           Handle<BackingStore>::cast(backing_store)->set_the_hole(i);
         }
       }
-      return length_object;
+      return length;
     }
 
     // Check whether the backing store should be expanded.
     uint32_t min = JSObject::NewElementsCapacity(old_capacity);
     uint32_t new_capacity = length > min ? length : min;
     FastElementsAccessorSubclass::SetFastElementsCapacityAndLength(
         array, new_capacity, length);
     JSObject::ValidateElements(array);
-    return length_object;
+    return length;
   }
 
   static void DeleteCommon(Handle<JSObject> obj, uint32_t key,
                            LanguageMode language_mode) {
     DCHECK(obj->HasFastSmiOrObjectElements() ||
            obj->HasFastDoubleElements() ||
            obj->HasFastArgumentsElements());
     Isolate* isolate = obj->GetIsolate();
     Heap* heap = obj->GetHeap();
     Handle<FixedArrayBase> elements(obj->elements());
@@ skipping 337 matching lines @@
     } else {
       return backing_store->GetIsolate()->factory()->undefined_value();
     }
   }
 
   static PropertyDetails GetDetailsImpl(FixedArrayBase* backing_store,
                                         uint32_t index) {
     return PropertyDetails(DONT_DELETE, DATA, 0, PropertyCellType::kNoCell);
   }
 
-  MUST_USE_RESULT static MaybeHandle<Object> SetLengthImpl(
-      Handle<JSObject> obj,
-      Handle<Object> length,
-      Handle<FixedArrayBase> backing_store) {
+  static void SetLengthImpl(Handle<JSArray> array, uint32_t length,
+                            Handle<FixedArrayBase> backing_store) {
     // External arrays do not support changing their length.
     UNREACHABLE();
-    return obj;
   }
 
   virtual void Delete(Handle<JSObject> obj, uint32_t key,
                       LanguageMode language_mode) final {
     // External arrays always ignore deletes.
   }
 
   static uint32_t GetIndexForKeyImpl(JSObject* holder,
                                      FixedArrayBase* backing_store,
                                      uint32_t key) {
@@ skipping 29 matching lines @@
 
 
 class DictionaryElementsAccessor
     : public ElementsAccessorBase<DictionaryElementsAccessor,
                                   ElementsKindTraits<DICTIONARY_ELEMENTS> > {
  public:
   explicit DictionaryElementsAccessor(const char* name)
       : ElementsAccessorBase<DictionaryElementsAccessor,
                              ElementsKindTraits<DICTIONARY_ELEMENTS> >(name) {}
 
+  static void SetLengthImpl(Handle<JSArray> array, uint32_t length,
+                            Handle<FixedArrayBase> backing_store) {
+    uint32_t new_length =
+        SetLengthWithoutNormalize(backing_store, array, length);
+    // SetLengthWithoutNormalize does not allow length to drop below the last
+    // non-deletable element.
+    DCHECK_GE(new_length, length);
+    if (new_length <= Smi::kMaxValue) {
+      array->set_length(Smi::FromInt(new_length));
+    } else {
+      Isolate* isolate = array->GetIsolate();
+      Handle<Object> length_obj =
+          isolate->factory()->NewNumberFromUint(new_length);
+      array->set_length(*length_obj);
+    }
+  }
+
   // Adjusts the length of the dictionary backing store and returns the new
   // length according to ES5 section 15.4.5.2 behavior.
-  static Handle<Object> SetLengthWithoutNormalize(
-      Handle<FixedArrayBase> store,
-      Handle<JSArray> array,
-      Handle<Object> length_object,
-      uint32_t length) {
+  static uint32_t SetLengthWithoutNormalize(Handle<FixedArrayBase> store,
+                                            Handle<JSArray> array,
+                                            uint32_t length) {
     Handle<SeededNumberDictionary> dict =
         Handle<SeededNumberDictionary>::cast(store);
     Isolate* isolate = array->GetIsolate();
     int capacity = dict->Capacity();
-    uint32_t new_length = length;
-    uint32_t old_length = static_cast<uint32_t>(array->length()->Number());
-    if (new_length < old_length) {
+    uint32_t old_length = 0;
+    CHECK(array->length()->ToArrayLength(&old_length));
+    if (length < old_length) {
       // Find last non-deletable element in range of elements to be
       // deleted and adjust range accordingly.
       for (int i = 0; i < capacity; i++) {
         DisallowHeapAllocation no_gc;
         Object* key = dict->KeyAt(i);
         if (key->IsNumber()) {
           uint32_t number = static_cast<uint32_t>(key->Number());
-          if (new_length <= number && number < old_length) {
+          if (length <= number && number < old_length) {
             PropertyDetails details = dict->DetailsAt(i);
-            if (!details.IsConfigurable()) new_length = number + 1;
+            if (!details.IsConfigurable()) length = number + 1;
           }
         }
       }
-      if (new_length != length) {
-        length_object = isolate->factory()->NewNumberFromUint(new_length);
-      }
     }
 
-    if (new_length == 0) {
+    if (length == 0) {
       // Flush the backing store.
       JSObject::ResetElements(array);
     } else {
       DisallowHeapAllocation no_gc;
       // Remove elements that should be deleted.
       int removed_entries = 0;
       Handle<Object> the_hole_value = isolate->factory()->the_hole_value();
       for (int i = 0; i < capacity; i++) {
         Object* key = dict->KeyAt(i);
         if (key->IsNumber()) {
           uint32_t number = static_cast<uint32_t>(key->Number());
-          if (new_length <= number && number < old_length) {
+          if (length <= number && number < old_length) {
             dict->SetEntry(i, the_hole_value, the_hole_value);
             removed_entries++;
           }
         }
       }
 
       // Update the number of elements.
       dict->ElementsRemoved(removed_entries);
     }
-    return length_object;
+    return length;
   }
 
   static void DeleteCommon(Handle<JSObject> obj, uint32_t key,
                            LanguageMode language_mode) {
     Isolate* isolate = obj->GetIsolate();
     Handle<FixedArray> backing_store(FixedArray::cast(obj->elements()),
                                      isolate);
     bool is_arguments =
         (obj->GetElementsKind() == SLOPPY_ARGUMENTS_ELEMENTS);
     if (is_arguments) {
@@ skipping 164 matching lines @@
     if (!probe->IsTheHole()) {
       return MaybeHandle<AccessorPair>();
     } else {
       // If not aliased, check the arguments.
       Handle<FixedArray> arguments(FixedArray::cast(parameter_map->get(1)));
       return ElementsAccessor::ForArray(arguments)
           ->GetAccessorPair(obj, key, arguments);
     }
   }
 
-  MUST_USE_RESULT static MaybeHandle<Object> SetLengthImpl(
-      Handle<JSObject> obj,
-      Handle<Object> length,
-      Handle<FixedArrayBase> parameter_map) {
-    // TODO(mstarzinger): This was never implemented but will be used once we
-    // correctly implement [[DefineOwnProperty]] on arrays.
-    UNIMPLEMENTED();
-    return obj;
+  static void SetLengthImpl(Handle<JSArray> array, uint32_t length,
+                            Handle<FixedArrayBase> parameter_map) {
+    // Sloppy arguments objects are not arrays.
+    UNREACHABLE();
   }
 
   virtual void Delete(Handle<JSObject> obj, uint32_t key,
                       LanguageMode language_mode) final {
     Isolate* isolate = obj->GetIsolate();
     Handle<FixedArray> parameter_map(FixedArray::cast(obj->elements()));
     Handle<Object> probe(GetParameterMapArg(*parameter_map, key), isolate);
     if (!probe->IsTheHole()) {
       // TODO(kmillikin): We could check if this was the last aliased
       // parameter, and revert to normal elements in that case.  That
@@ skipping 110 matching lines @@
 void ElementsAccessor::TearDown() {
   if (elements_accessors_ == NULL) return;
 #define ACCESSOR_DELETE(Class, Kind, Store) delete elements_accessors_[Kind];
   ELEMENTS_LIST(ACCESSOR_DELETE)
 #undef ACCESSOR_DELETE
   elements_accessors_ = NULL;
 }
 
 
 template <typename ElementsAccessorSubclass, typename ElementsKindTraits>
-MUST_USE_RESULT MaybeHandle<Object> ElementsAccessorBase<
-    ElementsAccessorSubclass,
-    ElementsKindTraits>::SetLengthImpl(Handle<JSObject> obj,
-                                       Handle<Object> length_obj,
-                                       Handle<FixedArrayBase> backing_store) {
-  Handle<JSArray> array = Handle<JSArray>::cast(obj);
-
-  uint32_t length = 0;
-  CHECK(length_obj->ToArrayLength(&length));
-  // Fast case: length fits in a smi.
-  if (length <= Smi::kMaxValue) {
-    Handle<Smi> smi(Smi::FromInt(length), obj->GetIsolate());
-    Handle<Object> new_length =
-        ElementsAccessorSubclass::SetLengthWithoutNormalize(backing_store,
-                                                            array, smi, length);
-    DCHECK(!new_length.is_null());
-
-    // Even though the proposed length was a smi, new_length could
-    // still be a heap number because SetLengthWithoutNormalize doesn't
-    // allow the array length property to drop below the index of
-    // non-deletable elements.
-    DCHECK(new_length->IsSmi() || new_length->IsHeapNumber() ||
-           new_length->IsUndefined());
-    if (new_length->IsSmi()) {
-      array->set_length(*Handle<Smi>::cast(new_length));
-      return array;
-    } else if (new_length->IsHeapNumber()) {
-      array->set_length(*new_length);
-      return array;
-    }
+void ElementsAccessorBase<ElementsAccessorSubclass, ElementsKindTraits>::
+    SetLengthImpl(Handle<JSArray> array, uint32_t length,
+                  Handle<FixedArrayBase> backing_store) {
+  // Normalize if the length does not fit in a smi. Fast mode arrays only
+  // support smi length.
+  if (JSArray::SetLengthWouldNormalize(array->GetHeap(), length)) {
+    Handle<SeededNumberDictionary> dictionary =
+        JSObject::NormalizeElements(array);
+    DCHECK(!dictionary.is_null());
+    DictionaryElementsAccessor::SetLengthImpl(array, length, dictionary);
+  } else {
+#ifdef DEBUG
+    uint32_t max = Smi::kMaxValue;
+    DCHECK_LE(length, max);
+#endif
+    uint32_t new_length = ElementsAccessorSubclass::SetLengthWithoutNormalize(
+        backing_store, array, length);
+    DCHECK_EQ(length, new_length);
+    array->set_length(Smi::FromInt(new_length));
   }
-
-  // Slow case: The new length does not fit into a Smi or conversion
-  // to slow elements is needed for other reasons.
-  Handle<SeededNumberDictionary> dictionary =
-      JSObject::NormalizeElements(array);
-  DCHECK(!dictionary.is_null());
-
-  Handle<Object> new_length =
-      DictionaryElementsAccessor::SetLengthWithoutNormalize(dictionary, array,
-                                                            length_obj, length);
-  DCHECK(!new_length.is_null());
-
-  DCHECK(new_length->IsNumber());
-  array->set_length(*new_length);
-  return array;
 }
 
 
 MaybeHandle<Object> ArrayConstructInitializeElements(Handle<JSArray> array,
                                                      Arguments* args) {
   if (args->length() == 0) {
     // Optimize the case where there are no parameters passed.
     JSArray::Initialize(array, JSArray::kPreallocatedArrayElements);
     return array;
 
   } else if (args->length() == 1 && args->at<Object>(0)->IsNumber()) {
     uint32_t length;
     if (!args->at<Object>(0)->ToArrayLength(&length)) {
       return ThrowArrayLengthRangeError(array->GetIsolate());
     }
 
     // Optimize the case where there is one argument and the argument is a small
     // smi.
     if (length > 0 && length < JSObject::kInitialMaxFastElementArray) {
       ElementsKind elements_kind = array->GetElementsKind();
       JSArray::Initialize(array, length, length);
 
       if (!IsFastHoleyElementsKind(elements_kind)) {
         elements_kind = GetHoleyElementsKind(elements_kind);
         JSObject::TransitionElementsKind(array, elements_kind);
       }
-      return array;
     } else if (length == 0) {
       JSArray::Initialize(array, JSArray::kPreallocatedArrayElements);
-      return array;
+    } else {
+      // Take the argument as the length.
+      JSArray::Initialize(array, 0);
+      JSArray::SetLength(array, length);
     }
-
-    // Take the argument as the length.
-    JSArray::Initialize(array, 0);
-    return JSArray::SetElementsLength(array, args->at<Object>(0));
+    return array;
   }
 
   Factory* factory = array->GetIsolate()->factory();
 
   // Set length and elements on the array.
   int number_of_elements = args->length();
   JSObject::EnsureCanContainElements(
       array, args, 0, number_of_elements, ALLOW_CONVERTED_DOUBLE_ELEMENTS);
 
   // Allocate an appropriately typed elements array.
@@ skipping 41 matching lines @@
       break;
   }
 
   array->set_elements(*elms);
   array->set_length(Smi::FromInt(number_of_elements));
   return array;
 }
 
 }  // namespace internal
 }  // namespace v8