Introduce a PrototypeIterator template and use it all over the place

src/runtime.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stdlib.h>
 #include <limits>
 
 #include "src/v8.h"
 
 #include "src/accessors.h"
@@ skipping 16 matching lines @@
 #include "src/global-handles.h"
 #include "src/isolate-inl.h"
 #include "src/json-parser.h"
 #include "src/json-stringifier.h"
 #include "src/jsregexp-inl.h"
 #include "src/jsregexp.h"
 #include "src/liveedit.h"
 #include "src/misc-intrinsics.h"
 #include "src/parser.h"
 #include "src/platform.h"
+#include "src/prototype-iterator.h"
 #include "src/runtime.h"
 #include "src/runtime-profiler.h"
 #include "src/scopeinfo.h"
 #include "src/smart-pointers.h"
 #include "src/string-search.h"
 #include "src/stub-cache.h"
 #include "src/uri.h"
 #include "src/v8threads.h"
 #include "src/vm-state-inl.h"
 
@@ skipping 1755 matching lines @@
   return JSObject::cast(obj)->class_name();
 }
 
 
 RUNTIME_FUNCTION(Runtime_GetPrototype) {
   HandleScope scope(isolate);
   ASSERT(args.length() == 1);
   CONVERT_ARG_HANDLE_CHECKED(Object, obj, 0);
   // We don't expect access checks to be needed on JSProxy objects.
   ASSERT(!obj->IsAccessCheckNeeded() || obj->IsJSObject());
+  PrototypeIterator<STORE_AS_HANDLE, TYPE_BASED_WALK, END_AT_NON_HIDDEN> iter(
+      isolate, obj);
   do {
-    if (obj->IsAccessCheckNeeded() &&
-        !isolate->MayNamedAccess(Handle<JSObject>::cast(obj),
+    if (iter.GetCurrent()->IsAccessCheckNeeded() &&
+        !isolate->MayNamedAccess(Handle<JSObject>::cast(iter.GetCurrent()),
                                  isolate->factory()->proto_string(),
                                  v8::ACCESS_GET)) {
-      isolate->ReportFailedAccessCheck(Handle<JSObject>::cast(obj),
-                                       v8::ACCESS_GET);
+      isolate->ReportFailedAccessCheck(
+          Handle<JSObject>::cast(iter.GetCurrent()), v8::ACCESS_GET);
       RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
       return isolate->heap()->undefined_value();
     }
-    obj = Object::GetPrototype(isolate, obj);
-  } while (obj->IsJSObject() &&
-           JSObject::cast(*obj)->map()->is_hidden_prototype());
-  return *obj;
+    iter.Advance();
+  } while (!iter.IsAtEnd());
+  return *iter.GetCurrent();
 }
 
 
 static inline Handle<Object> GetPrototypeSkipHiddenPrototypes(
     Isolate* isolate, Handle<Object> receiver) {
-  Handle<Object> current = Object::GetPrototype(isolate, receiver);
-  while (current->IsJSObject() &&
-         JSObject::cast(*current)->map()->is_hidden_prototype()) {
-    current = Object::GetPrototype(isolate, current);
-  }
-  return current;
+  PrototypeIterator<STORE_AS_HANDLE, TYPE_BASED_WALK, END_AT_NON_HIDDEN> iter(
+      isolate, receiver);
+  while (!iter.IsAtEnd()) iter.Advance();
+  return iter.GetCurrent();
 }
 
 
 RUNTIME_FUNCTION(Runtime_SetPrototype) {
   HandleScope scope(isolate);
   ASSERT(args.length() == 2);
   CONVERT_ARG_HANDLE_CHECKED(JSObject, obj, 0);
   CONVERT_ARG_HANDLE_CHECKED(Object, prototype, 1);
   if (obj->IsAccessCheckNeeded() &&
       !isolate->MayNamedAccess(
@@ skipping 24 matching lines @@
   return *result;
 }
 
 
 RUNTIME_FUNCTION(Runtime_IsInPrototypeChain) {
   HandleScope shs(isolate);
   ASSERT(args.length() == 2);
   // See ECMA-262, section 15.3.5.3, page 88 (steps 5 - 8).
   CONVERT_ARG_HANDLE_CHECKED(Object, O, 0);
   CONVERT_ARG_HANDLE_CHECKED(Object, V, 1);
-  while (true) {
-    Handle<Object> prototype = Object::GetPrototype(isolate, V);
-    if (prototype->IsNull()) return isolate->heap()->false_value();
-    if (*O == *prototype) return isolate->heap()->true_value();
-    V = prototype;
-  }
+  PrototypeIterator<STORE_AS_HANDLE, TYPE_BASED_WALK, END_AT_GIVEN_OBJECT> iter(
+      isolate, V, O);
+  while (!iter.IsAtEnd()) iter.Advance();
+  if (iter.GetCurrent()->IsNull()) return isolate->heap()->false_value();
+  return isolate->heap()->true_value();
 }
 
 
 // Enumerator used as indices into the array returned from GetOwnProperty
 enum PropertyDescriptorIndices {
   IS_ACCESSOR_INDEX,
   VALUE_INDEX,
   GETTER_INDEX,
   SETTER_INDEX,
   WRITABLE_INDEX,
@@ skipping 102 matching lines @@
       isolate, result, JSObject::PreventExtensions(obj));
   return *result;
 }
 
 
 RUNTIME_FUNCTION(Runtime_IsExtensible) {
   SealHandleScope shs(isolate);
   ASSERT(args.length() == 1);
   CONVERT_ARG_CHECKED(JSObject, obj, 0);
   if (obj->IsJSGlobalProxy()) {
-    Object* proto = obj->GetPrototype();
+    Object* proto = SAFE_GET_PROTOTYPE_FAST(obj);
     if (proto->IsNull()) return isolate->heap()->false_value();
     ASSERT(proto->IsJSGlobalObject());
     obj = JSObject::cast(proto);
   }
   return isolate->heap()->ToBoolean(obj->map()->is_extensible());
 }
 
 
 RUNTIME_FUNCTION(Runtime_RegExpCompile) {
   HandleScope scope(isolate);
@@ skipping 2806 matching lines @@
   // Handle [] indexing on String objects
   if (object->IsStringObjectWithCharacterAt(index)) {
     Handle<JSValue> js_value = Handle<JSValue>::cast(object);
     Handle<Object> result =
         GetCharAt(Handle<String>(String::cast(js_value->value())), index);
     if (!result->IsUndefined()) return result;
   }
 
   Handle<Object> result;
   if (object->IsString() || object->IsNumber() || object->IsBoolean()) {
-    Handle<Object> proto(object->GetPrototype(isolate), isolate);
+    Handle<Object> proto(SAFE_GET_PROTOTYPE(isolate, *object), isolate);
     return Object::GetElement(isolate, proto, index);
   } else {
     return Object::GetElement(isolate, object, index);
   }
 }
 
 
 MUST_USE_RESULT
 static MaybeHandle<Name> ToName(Isolate* isolate, Handle<Object> key) {
   if (key->IsName()) {
@@ skipping 243 matching lines @@
   // to not worry about changing the instance_descriptor and creating a new
   // map. The current version of SetObjectProperty does not handle attributes
   // correctly in the case where a property is a field and is reset with
   // new attributes.
   if (lookup.IsFound() &&
       (attr != lookup.GetAttributes() || lookup.IsPropertyCallbacks())) {
     // New attributes - normalize to avoid writing to instance descriptor
     if (js_object->IsJSGlobalProxy()) {
       // Since the result is a property, the prototype will exist so
       // we don't have to check for null.
-      js_object = Handle<JSObject>(JSObject::cast(js_object->GetPrototype()));
+      js_object =
+          Handle<JSObject>(JSObject::cast(SAFE_GET_PROTOTYPE_FAST(*js_object)));
     }
 
     if (attr != lookup.GetAttributes() ||
         (lookup.IsPropertyCallbacks() &&
          !lookup.GetCallbackObject()->IsAccessorInfo())) {
       JSObject::NormalizeProperties(js_object, CLEAR_INOBJECT_PROPERTIES, 0);
     }
 
     // Use IgnoreAttributes version since a readonly property may be
     // overridden and SetProperty does not allow this.
@@ skipping 454 matching lines @@
 
 static Object* HasOwnPropertyImplementation(Isolate* isolate,
                                             Handle<JSObject> object,
                                             Handle<Name> key) {
   if (JSReceiver::HasOwnProperty(object, key)) {
     return isolate->heap()->true_value();
   }
   // Handle hidden prototypes.  If there's a hidden prototype above this thing
   // then we have to check it for properties, because they are supposed to
   // look like they are on this object.
-  Handle<Object> proto(object->GetPrototype(), isolate);
+  Handle<Object> proto(SAFE_GET_PROTOTYPE_FAST(*object), isolate);
   if (proto->IsJSObject() &&
       Handle<JSObject>::cast(proto)->map()->is_hidden_prototype()) {
     return HasOwnPropertyImplementation(isolate,
                                         Handle<JSObject>::cast(proto),
                                         key);
   }
   RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
   return isolate->heap()->false_value();
 }
 
@@ skipping 121 matching lines @@
   if (object->IsSimpleEnum()) return object->map();
 
   return *content;
 }
 
 
 // Find the length of the prototype chain that is to be handled as one. If a
 // prototype object is hidden it is to be viewed as part of the the object it
 // is prototype for.
 static int OwnPrototypeChainLength(JSObject* obj) {
-  int count = 1;
-  Object* proto = obj->GetPrototype();
-  while (proto->IsJSObject() &&
-         JSObject::cast(proto)->map()->is_hidden_prototype()) {
-    count++;
-    proto = JSObject::cast(proto)->GetPrototype();
+  int count = 0;
+  for (PrototypeIterator<STORE_AS_POINTER, MAP_BASED_WALK, END_AT_NON_HIDDEN>
+           iter(obj); !iter.IsAtEnd(); iter.Advance()) {
+    ++count;
   }
   return count;
 }
 
 
 // Return the names of the own named properties.
 // args[0]: object
 // args[1]: PropertyAttributes as int
 RUNTIME_FUNCTION(Runtime_GetOwnPropertyNames) {
   HandleScope scope(isolate);
   ASSERT(args.length() == 2);
   if (!args[0]->IsJSObject()) {
     return isolate->heap()->undefined_value();
   }
   CONVERT_ARG_HANDLE_CHECKED(JSObject, obj, 0);
   CONVERT_SMI_ARG_CHECKED(filter_value, 1);
   PropertyAttributes filter = static_cast<PropertyAttributes>(filter_value);
 
   // Skip the global proxy as it has no properties and always delegates to the
   // real global object.
   if (obj->IsJSGlobalProxy()) {
     // Only collect names if access is permitted.
     if (obj->IsAccessCheckNeeded() &&
         !isolate->MayNamedAccess(
             obj, isolate->factory()->undefined_value(), v8::ACCESS_KEYS)) {
       isolate->ReportFailedAccessCheck(obj, v8::ACCESS_KEYS);
       RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
       return *isolate->factory()->NewJSArray(0);
     }
-    obj = Handle<JSObject>(JSObject::cast(obj->GetPrototype()));
+    obj = Handle<JSObject>(JSObject::cast(SAFE_GET_PROTOTYPE_FAST(*obj)));
   }
 
   // Find the number of objects making up this.
   int length = OwnPrototypeChainLength(*obj);
 
   // Find the number of own properties for each of the objects.
   ScopedVector<int> own_property_count(length);
   int total_property_count = 0;
   Handle<JSObject> jsproto = obj;
   for (int i = 0; i < length; i++) {
     // Only collect names if access is permitted.
     if (jsproto->IsAccessCheckNeeded() &&
         !isolate->MayNamedAccess(
             jsproto, isolate->factory()->undefined_value(), v8::ACCESS_KEYS)) {
       isolate->ReportFailedAccessCheck(jsproto, v8::ACCESS_KEYS);
       RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
       return *isolate->factory()->NewJSArray(0);
     }
     int n;
     n = jsproto->NumberOfOwnProperties(filter);
     own_property_count[i] = n;
     total_property_count += n;
     if (i < length - 1) {
-      jsproto = Handle<JSObject>(JSObject::cast(jsproto->GetPrototype()));
+      jsproto =
+          Handle<JSObject>(JSObject::cast(SAFE_GET_PROTOTYPE_FAST(*jsproto)));
     }
   }
 
   // Allocate an array with storage for all the property names.
   Handle<FixedArray> names =
       isolate->factory()->NewFixedArray(total_property_count);
 
   // Get the property names.
   jsproto = obj;
   int next_copy_index = 0;
@@ skipping 20 matching lines @@
         }
       }
     }
     next_copy_index += own_property_count[i];
 
     // Hidden properties only show up if the filter does not skip strings.
     if ((filter & STRING) == 0 && JSObject::HasHiddenProperties(jsproto)) {
       hidden_strings++;
     }
     if (i < length - 1) {
-      jsproto = Handle<JSObject>(JSObject::cast(jsproto->GetPrototype()));
+      jsproto =
+          Handle<JSObject>(JSObject::cast(SAFE_GET_PROTOTYPE_FAST(*jsproto)));
     }
   }
 
   // Filter out name of hidden properties object and
   // hidden prototype duplicates.
   if (hidden_strings > 0) {
     Handle<FixedArray> old_names = names;
     names = isolate->factory()->NewFixedArray(
         names->length() - hidden_strings);
     int dest_pos = 0;
@@ skipping 90 matching lines @@
   if (object->IsJSGlobalProxy()) {
     // Do access checks before going to the global object.
     if (object->IsAccessCheckNeeded() &&
         !isolate->MayNamedAccess(
             object, isolate->factory()->undefined_value(), v8::ACCESS_KEYS)) {
       isolate->ReportFailedAccessCheck(object, v8::ACCESS_KEYS);
       RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
       return *isolate->factory()->NewJSArray(0);
     }
 
-    Handle<Object> proto(object->GetPrototype(), isolate);
+    Handle<Object> proto(SAFE_GET_PROTOTYPE_FAST(*object), isolate);
     // If proxy is detached we simply return an empty array.
     if (proto->IsNull()) return *isolate->factory()->NewJSArray(0);
     object = Handle<JSObject>::cast(proto);
   }
 
   Handle<FixedArray> contents;
   ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
       isolate, contents,
       JSReceiver::GetKeys(object, JSReceiver::OWN_ONLY));
 
@@ skipping 4266 matching lines @@
         indices->Clear();
       }
       for (uint32_t i = 0; i < length; i++) {
         indices->Add(i);
       }
       if (length == range) return;  // All indices accounted for already.
       break;
     }
   }
 
-  Handle<Object> prototype(object->GetPrototype(), isolate);
+  Handle<Object> prototype(SAFE_GET_PROTOTYPE_FAST(*object), isolate);
   if (prototype->IsJSObject()) {
     // The prototype will usually have no inherited element indices,
     // but we have to check.
     CollectElementIndices(Handle<JSObject>::cast(prototype), range, indices);
   }
 }
 
 
 /**
  * A helper function that visits elements of a JSArray in numerical
@@ skipping 412 matching lines @@
 // or undefined) or a number representing the positive length of an interval
 // starting at index 0.
 // Intervals can span over some keys that are not in the object.
 RUNTIME_FUNCTION(Runtime_GetArrayKeys) {
   HandleScope scope(isolate);
   ASSERT(args.length() == 2);
   CONVERT_ARG_HANDLE_CHECKED(JSObject, array, 0);
   CONVERT_NUMBER_CHECKED(uint32_t, length, Uint32, args[1]);
   if (array->elements()->IsDictionary()) {
     Handle<FixedArray> keys = isolate->factory()->empty_fixed_array();
-    for (Handle<Object> p = array;
-         !p->IsNull();
-         p = Handle<Object>(p->GetPrototype(isolate), isolate)) {
-      if (p->IsJSProxy() || JSObject::cast(*p)->HasIndexedInterceptor()) {
+    for (PrototypeIterator<STORE_AS_HANDLE, TYPE_BASED_WALK, END_AT_NULL_VALUE>
+             iter(isolate, array); !iter.IsAtEnd(); iter.Advance()) {
+      if (iter.GetCurrent()->IsJSProxy() ||
+          JSObject::cast(*iter.GetCurrent())->HasIndexedInterceptor()) {
         // Bail out if we find a proxy or interceptor, likely not worth
         // collecting keys in that case.
         return *isolate->factory()->NewNumberFromUint(length);
       }
-      Handle<JSObject> current = Handle<JSObject>::cast(p);
+      Handle<JSObject> current = Handle<JSObject>::cast(iter.GetCurrent());
       Handle<FixedArray> current_keys =
           isolate->factory()->NewFixedArray(current->NumberOfOwnElements(NONE));
       current->GetOwnElementKeys(*current_keys, NONE);
       ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
           isolate, keys, FixedArray::UnionOfKeys(keys, current_keys));
     }
     // Erase any keys >= length.
     // TODO(adamk): Remove this step when the contract of %GetArrayKeys
     // is changed to let this happen on the JS side.
     for (int i = 0; i < keys->length(); i++) {
@@ skipping 198 matching lines @@
       if (has_js_accessors) {
         AccessorPair* accessors = AccessorPair::cast(*result_callback_obj);
         details->set(2, isolate->heap()->ToBoolean(has_caught));
         details->set(3, accessors->GetComponent(ACCESSOR_GETTER));
         details->set(4, accessors->GetComponent(ACCESSOR_SETTER));
       }
 
       return *isolate->factory()->NewJSArrayWithElements(details);
     }
     if (i < length - 1) {
-      jsproto = Handle<JSObject>(JSObject::cast(jsproto->GetPrototype()));
+      jsproto =
+          Handle<JSObject>(JSObject::cast(SAFE_GET_PROTOTYPE_FAST(*jsproto)));
     }
   }
 
   return isolate->heap()->undefined_value();
 }
 
 
 RUNTIME_FUNCTION(Runtime_DebugGetProperty) {
   HandleScope scope(isolate);
 
@@ skipping 1927 matching lines @@
 
   Handle<Object> result;
   ASSIGN_RETURN_ON_EXCEPTION(
       isolate, result,
       Execution::Call(isolate, eval_fun, receiver, 0, NULL),
       Object);
 
   // Skip the global proxy as it has no properties and always delegates to the
   // real global object.
   if (result->IsJSGlobalProxy()) {
-    result = Handle<JSObject>(JSObject::cast(result->GetPrototype(isolate)));
+    result =
+        Handle<JSObject>(JSObject::cast(SAFE_GET_PROTOTYPE(isolate, *result)));
   }
 
   // Clear the oneshot breakpoints so that the debugger does not step further.
   isolate->debug()->ClearStepping();
   return result;
 }
 
 
 // Evaluate a piece of JavaScript in the context of a stack frame for
 // debugging.  Things that need special attention are:
@@ skipping 155 matching lines @@
       if (obj->IsJSContextExtensionObject() ||
           obj->map()->constructor() == arguments_function) {
         continue;
       }
 
       // Check if the JS object has a reference to the object looked for.
       if (obj->ReferencesObject(target)) {
         // Check instance filter if supplied. This is normally used to avoid
         // references from mirror objects (see Runtime_IsInPrototypeChain).
         if (!instance_filter->IsUndefined()) {
-          Object* V = obj;
-          while (true) {
-            Object* prototype = V->GetPrototype(isolate);
-            if (prototype->IsNull()) {
+          for (PrototypeIterator<STORE_AS_POINTER, TYPE_BASED_WALK,
+                                 END_AT_NULL_VALUE> iter(isolate, obj);
+               !iter.IsAtEnd(); iter.Advance()) {
+            if (instance_filter == iter.GetCurrent()) {
+              obj = NULL;
               break;
             }
-            if (instance_filter == prototype) {
-              obj = NULL;  // Don't add this object.
-              break;
-            }
-            V = prototype;
           }
         }
 
         if (obj != NULL) {
           // Valid reference found add to instance array if supplied an update
           // count.
           if (instances != NULL && count < instances_size) {
             instances->set(count, obj);
           }
           last = obj;
@@ skipping 2089 matching lines @@
   }
   return NULL;
 }
 
 
 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) {
   return &(kIntrinsicFunctions[static_cast<int>(id)]);
 }
 
 } }  // namespace v8::internal