Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1150)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/runtime/runtime.cc

Issue 638423003: Split off remaining runtime functions in runtime.cc. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/macros.py ('k') | src/runtime/runtime-api.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/runtime/runtime.cc
diff --git a/src/runtime/runtime.cc b/src/runtime/runtime.cc
index 0860e96f7aae495dd3aa6ca2fc75bd197fb3da38..cd6f36c2339471ff69d68139f3f0bc3e03b4134d 100644
--- a/src/runtime/runtime.cc
+++ b/src/runtime/runtime.cc
@@ -2,26 +2,10 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include <stdlib.h>
-#include <limits>
-
#include "src/v8.h"
-#include "src/accessors.h"
-#include "src/api.h"
-#include "src/arguments.h"
-#include "src/bailout-reason.h"
-#include "src/base/cpu.h"
-#include "src/base/platform/platform.h"
-#include "src/bootstrapper.h"
-#include "src/conversions.h"
-#include "src/global-handles.h"
-#include "src/isolate-inl.h"
-#include "src/prototype.h"
#include "src/runtime/runtime.h"
#include "src/runtime/runtime-utils.h"
-#include "src/utils.h"
-
namespace v8 {
namespace internal {
@@ -35,6 +19,11 @@ namespace internal {
ObjectPair Runtime_##name(int args_length, Object** args_object, \
Isolate* isolate);
+// Reference implementation for inlined runtime functions. Only used when the
+// compiler does not support a certain intrinsic. Don't optimize these, but
+// implement the intrinsic in the respective compiler instead.
+// TODO(mstarzinger): These are place-holder stubs for TurboFan and will
+// eventually all have a C++ implementation and this macro will be gone.
#define I(name, number_of_args, result_size) \
Object* RuntimeReference_##name(int args_length, Object** args_object, \
Isolate* isolate);
@@ -49,3200 +38,6 @@ INLINE_FUNCTION_LIST(I)
#undef P
-MUST_USE_RESULT static MaybeHandle<Object> TransitionElements(
- Handle<Object> object, ElementsKind to_kind, Isolate* isolate) {
- HandleScope scope(isolate);
- if (!object->IsJSObject()) {
- isolate->ThrowIllegalOperation();
- return MaybeHandle<Object>();
- }
- ElementsKind from_kind =
- Handle<JSObject>::cast(object)->map()->elements_kind();
- if (Map::IsValidElementsTransition(from_kind, to_kind)) {
- JSObject::TransitionElementsKind(Handle<JSObject>::cast(object), to_kind);
- return object;
- }
- isolate->ThrowIllegalOperation();
- return MaybeHandle<Object>();
-}
-
-
-RUNTIME_FUNCTION(Runtime_GetPrototype) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(Object, obj, 0);
- // We don't expect access checks to be needed on JSProxy objects.
- DCHECK(!obj->IsAccessCheckNeeded() || obj->IsJSObject());
- PrototypeIterator iter(isolate, obj, PrototypeIterator::START_AT_RECEIVER);
- do {
- if (PrototypeIterator::GetCurrent(iter)->IsAccessCheckNeeded() &&
- !isolate->MayNamedAccess(
- Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)),
- isolate->factory()->proto_string(), v8::ACCESS_GET)) {
- isolate->ReportFailedAccessCheck(
- Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)),
- v8::ACCESS_GET);
- RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
- return isolate->heap()->undefined_value();
- }
- iter.AdvanceIgnoringProxies();
- if (PrototypeIterator::GetCurrent(iter)->IsJSProxy()) {
- return *PrototypeIterator::GetCurrent(iter);
- }
- } while (!iter.IsAtEnd(PrototypeIterator::END_AT_NON_HIDDEN));
- return *PrototypeIterator::GetCurrent(iter);
-}
-
-
-RUNTIME_FUNCTION(Runtime_InternalSetPrototype) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, obj, 0);
- CONVERT_ARG_HANDLE_CHECKED(Object, prototype, 1);
- DCHECK(!obj->IsAccessCheckNeeded());
- DCHECK(!obj->map()->is_observed());
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, result, JSObject::SetPrototype(obj, prototype, false));
- return *result;
-}
-
-
-RUNTIME_FUNCTION(Runtime_SetPrototype) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, obj, 0);
- CONVERT_ARG_HANDLE_CHECKED(Object, prototype, 1);
- if (obj->IsAccessCheckNeeded() &&
- !isolate->MayNamedAccess(obj, isolate->factory()->proto_string(),
- v8::ACCESS_SET)) {
- isolate->ReportFailedAccessCheck(obj, v8::ACCESS_SET);
- RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
- return isolate->heap()->undefined_value();
- }
- if (obj->map()->is_observed()) {
- Handle<Object> old_value =
- Object::GetPrototypeSkipHiddenPrototypes(isolate, obj);
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, result, JSObject::SetPrototype(obj, prototype, true));
-
- Handle<Object> new_value =
- Object::GetPrototypeSkipHiddenPrototypes(isolate, obj);
- if (!new_value->SameValue(*old_value)) {
- JSObject::EnqueueChangeRecord(
- obj, "setPrototype", isolate->factory()->proto_string(), old_value);
- }
- return *result;
- }
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, result, JSObject::SetPrototype(obj, prototype, true));
- return *result;
-}
-
-
-RUNTIME_FUNCTION(Runtime_IsInPrototypeChain) {
- HandleScope shs(isolate);
- DCHECK(args.length() == 2);
- // See ECMA-262, section 15.3.5.3, page 88 (steps 5 - 8).
- CONVERT_ARG_HANDLE_CHECKED(Object, O, 0);
- CONVERT_ARG_HANDLE_CHECKED(Object, V, 1);
- PrototypeIterator iter(isolate, V, PrototypeIterator::START_AT_RECEIVER);
- while (true) {
- iter.AdvanceIgnoringProxies();
- if (iter.IsAtEnd()) return isolate->heap()->false_value();
- if (iter.IsAtEnd(O)) return isolate->heap()->true_value();
- }
-}
-
-
-// Enumerator used as indices into the array returned from GetOwnProperty
-enum PropertyDescriptorIndices {
- IS_ACCESSOR_INDEX,
- VALUE_INDEX,
- GETTER_INDEX,
- SETTER_INDEX,
- WRITABLE_INDEX,
- ENUMERABLE_INDEX,
- CONFIGURABLE_INDEX,
- DESCRIPTOR_SIZE
-};
-
-
-MUST_USE_RESULT static MaybeHandle<Object> GetOwnProperty(Isolate* isolate,
- Handle<JSObject> obj,
- Handle<Name> name) {
- Heap* heap = isolate->heap();
- Factory* factory = isolate->factory();
-
- PropertyAttributes attrs;
- uint32_t index = 0;
- Handle<Object> value;
- MaybeHandle<AccessorPair> maybe_accessors;
- // TODO(verwaest): Unify once indexed properties can be handled by the
- // LookupIterator.
- if (name->AsArrayIndex(&index)) {
- // Get attributes.
- Maybe<PropertyAttributes> maybe =
- JSReceiver::GetOwnElementAttribute(obj, index);
- if (!maybe.has_value) return MaybeHandle<Object>();
- attrs = maybe.value;
- if (attrs == ABSENT) return factory->undefined_value();
-
- // Get AccessorPair if present.
- maybe_accessors = JSObject::GetOwnElementAccessorPair(obj, index);
-
- // Get value if not an AccessorPair.
- if (maybe_accessors.is_null()) {
- ASSIGN_RETURN_ON_EXCEPTION(
- isolate, value, Runtime::GetElementOrCharAt(isolate, obj, index),
- Object);
- }
- } else {
- // Get attributes.
- LookupIterator it(obj, name, LookupIterator::HIDDEN);
- Maybe<PropertyAttributes> maybe = JSObject::GetPropertyAttributes(&it);
- if (!maybe.has_value) return MaybeHandle<Object>();
- attrs = maybe.value;
- if (attrs == ABSENT) return factory->undefined_value();
-
- // Get AccessorPair if present.
- if (it.state() == LookupIterator::ACCESSOR &&
- it.GetAccessors()->IsAccessorPair()) {
- maybe_accessors = Handle<AccessorPair>::cast(it.GetAccessors());
- }
-
- // Get value if not an AccessorPair.
- if (maybe_accessors.is_null()) {
- ASSIGN_RETURN_ON_EXCEPTION(isolate, value, Object::GetProperty(&it),
- Object);
- }
- }
- DCHECK(!isolate->has_pending_exception());
- Handle<FixedArray> elms = factory->NewFixedArray(DESCRIPTOR_SIZE);
- elms->set(ENUMERABLE_INDEX, heap->ToBoolean((attrs & DONT_ENUM) == 0));
- elms->set(CONFIGURABLE_INDEX, heap->ToBoolean((attrs & DONT_DELETE) == 0));
- elms->set(IS_ACCESSOR_INDEX, heap->ToBoolean(!maybe_accessors.is_null()));
-
- Handle<AccessorPair> accessors;
- if (maybe_accessors.ToHandle(&accessors)) {
- Handle<Object> getter(accessors->GetComponent(ACCESSOR_GETTER), isolate);
- Handle<Object> setter(accessors->GetComponent(ACCESSOR_SETTER), isolate);
- elms->set(GETTER_INDEX, *getter);
- elms->set(SETTER_INDEX, *setter);
- } else {
- elms->set(WRITABLE_INDEX, heap->ToBoolean((attrs & READ_ONLY) == 0));
- elms->set(VALUE_INDEX, *value);
- }
-
- return factory->NewJSArrayWithElements(elms);
-}
-
-
-// Returns an array with the property description:
-// if args[1] is not a property on args[0]
-// returns undefined
-// if args[1] is a data property on args[0]
-// [false, value, Writeable, Enumerable, Configurable]
-// if args[1] is an accessor on args[0]
-// [true, GetFunction, SetFunction, Enumerable, Configurable]
-RUNTIME_FUNCTION(Runtime_GetOwnProperty) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, obj, 0);
- CONVERT_ARG_HANDLE_CHECKED(Name, name, 1);
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result,
- GetOwnProperty(isolate, obj, name));
- return *result;
-}
-
-
-RUNTIME_FUNCTION(Runtime_PreventExtensions) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, obj, 0);
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result,
- JSObject::PreventExtensions(obj));
- return *result;
-}
-
-
-RUNTIME_FUNCTION(Runtime_IsExtensible) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_CHECKED(JSObject, obj, 0);
- if (obj->IsJSGlobalProxy()) {
- PrototypeIterator iter(isolate, obj);
- if (iter.IsAtEnd()) return isolate->heap()->false_value();
- DCHECK(iter.GetCurrent()->IsJSGlobalObject());
- obj = JSObject::cast(iter.GetCurrent());
- }
- return isolate->heap()->ToBoolean(obj->map()->is_extensible());
-}
-
-
-RUNTIME_FUNCTION(Runtime_CreateApiFunction) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(FunctionTemplateInfo, data, 0);
- CONVERT_ARG_HANDLE_CHECKED(Object, prototype, 1);
- return *isolate->factory()->CreateApiFunction(data, prototype);
-}
-
-
-RUNTIME_FUNCTION(Runtime_IsTemplate) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(Object, arg, 0);
- bool result = arg->IsObjectTemplateInfo() || arg->IsFunctionTemplateInfo();
- return isolate->heap()->ToBoolean(result);
-}
-
-
-RUNTIME_FUNCTION(Runtime_GetTemplateField) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_CHECKED(HeapObject, templ, 0);
- CONVERT_SMI_ARG_CHECKED(index, 1);
- int offset = index * kPointerSize + HeapObject::kHeaderSize;
- InstanceType type = templ->map()->instance_type();
- RUNTIME_ASSERT(type == FUNCTION_TEMPLATE_INFO_TYPE ||
- type == OBJECT_TEMPLATE_INFO_TYPE);
- RUNTIME_ASSERT(offset > 0);
- if (type == FUNCTION_TEMPLATE_INFO_TYPE) {
- RUNTIME_ASSERT(offset < FunctionTemplateInfo::kSize);
- } else {
- RUNTIME_ASSERT(offset < ObjectTemplateInfo::kSize);
- }
- return *HeapObject::RawField(templ, offset);
-}
-
-
-RUNTIME_FUNCTION(Runtime_DisableAccessChecks) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(HeapObject, object, 0);
- Handle<Map> old_map(object->map());
- bool needs_access_checks = old_map->is_access_check_needed();
- if (needs_access_checks) {
- // Copy map so it won't interfere constructor's initial map.
- Handle<Map> new_map = Map::Copy(old_map);
- new_map->set_is_access_check_needed(false);
- JSObject::MigrateToMap(Handle<JSObject>::cast(object), new_map);
- }
- return isolate->heap()->ToBoolean(needs_access_checks);
-}
-
-
-RUNTIME_FUNCTION(Runtime_EnableAccessChecks) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
- Handle<Map> old_map(object->map());
- RUNTIME_ASSERT(!old_map->is_access_check_needed());
- // Copy map so it won't interfere constructor's initial map.
- Handle<Map> new_map = Map::Copy(old_map);
- new_map->set_is_access_check_needed(true);
- JSObject::MigrateToMap(object, new_map);
- return isolate->heap()->undefined_value();
-}
-
-
-RUNTIME_FUNCTION(Runtime_OptimizeObjectForAddingMultipleProperties) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
- CONVERT_SMI_ARG_CHECKED(properties, 1);
- // Conservative upper limit to prevent fuzz tests from going OOM.
- RUNTIME_ASSERT(properties <= 100000);
- if (object->HasFastProperties() && !object->IsJSGlobalProxy()) {
- JSObject::NormalizeProperties(object, KEEP_INOBJECT_PROPERTIES, properties);
- }
- return *object;
-}
-
-
-RUNTIME_FUNCTION(Runtime_FinishArrayPrototypeSetup) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(JSArray, prototype, 0);
- Object* length = prototype->length();
- RUNTIME_ASSERT(length->IsSmi() && Smi::cast(length)->value() == 0);
- RUNTIME_ASSERT(prototype->HasFastSmiOrObjectElements());
- // This is necessary to enable fast checks for absence of elements
- // on Array.prototype and below.
- prototype->set_elements(isolate->heap()->empty_fixed_array());
- return Smi::FromInt(0);
-}
-
-
-static void InstallBuiltin(Isolate* isolate, Handle<JSObject> holder,
- const char* name, Builtins::Name builtin_name) {
- Handle<String> key = isolate->factory()->InternalizeUtf8String(name);
- Handle<Code> code(isolate->builtins()->builtin(builtin_name));
- Handle<JSFunction> optimized =
- isolate->factory()->NewFunctionWithoutPrototype(key, code);
- optimized->shared()->DontAdaptArguments();
- JSObject::AddProperty(holder, key, optimized, NONE);
-}
-
-
-RUNTIME_FUNCTION(Runtime_SpecialArrayFunctions) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 0);
- Handle<JSObject> holder =
- isolate->factory()->NewJSObject(isolate->object_function());
-
- InstallBuiltin(isolate, holder, "pop", Builtins::kArrayPop);
- InstallBuiltin(isolate, holder, "push", Builtins::kArrayPush);
- InstallBuiltin(isolate, holder, "shift", Builtins::kArrayShift);
- InstallBuiltin(isolate, holder, "unshift", Builtins::kArrayUnshift);
- InstallBuiltin(isolate, holder, "slice", Builtins::kArraySlice);
- InstallBuiltin(isolate, holder, "splice", Builtins::kArraySplice);
- InstallBuiltin(isolate, holder, "concat", Builtins::kArrayConcat);
-
- return *holder;
-}
-
-
-RUNTIME_FUNCTION(Runtime_ObjectFreeze) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
-
- // %ObjectFreeze is a fast path and these cases are handled elsewhere.
- RUNTIME_ASSERT(!object->HasSloppyArgumentsElements() &&
- !object->map()->is_observed() && !object->IsJSProxy());
-
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, JSObject::Freeze(object));
- return *result;
-}
-
-
-// Returns a single character string where first character equals
-// string->Get(index).
-static Handle<Object> GetCharAt(Handle<String> string, uint32_t index) {
- if (index < static_cast<uint32_t>(string->length())) {
- Factory* factory = string->GetIsolate()->factory();
- return factory->LookupSingleCharacterStringFromCode(
- String::Flatten(string)->Get(index));
- }
- return Execution::CharAt(string, index);
-}
-
-
-MaybeHandle<Object> Runtime::GetElementOrCharAt(Isolate* isolate,
- Handle<Object> object,
- uint32_t index) {
- // Handle [] indexing on Strings
- if (object->IsString()) {
- Handle<Object> result = GetCharAt(Handle<String>::cast(object), index);
- if (!result->IsUndefined()) return result;
- }
-
- // Handle [] indexing on String objects
- if (object->IsStringObjectWithCharacterAt(index)) {
- Handle<JSValue> js_value = Handle<JSValue>::cast(object);
- Handle<Object> result =
- GetCharAt(Handle<String>(String::cast(js_value->value())), index);
- if (!result->IsUndefined()) return result;
- }
-
- Handle<Object> result;
- if (object->IsString() || object->IsNumber() || object->IsBoolean()) {
- PrototypeIterator iter(isolate, object);
- return Object::GetElement(isolate, PrototypeIterator::GetCurrent(iter),
- index);
- } else {
- return Object::GetElement(isolate, object, index);
- }
-}
-
-
-MaybeHandle<Name> Runtime::ToName(Isolate* isolate, Handle<Object> key) {
- if (key->IsName()) {
- return Handle<Name>::cast(key);
- } else {
- Handle<Object> converted;
- ASSIGN_RETURN_ON_EXCEPTION(isolate, converted,
- Execution::ToString(isolate, key), Name);
- return Handle<Name>::cast(converted);
- }
-}
-
-
-MaybeHandle<Object> Runtime::HasObjectProperty(Isolate* isolate,
- Handle<JSReceiver> object,
- Handle<Object> key) {
- Maybe<bool> maybe;
- // Check if the given key is an array index.
- uint32_t index;
- if (key->ToArrayIndex(&index)) {
- maybe = JSReceiver::HasElement(object, index);
- } else {
- // Convert the key to a name - possibly by calling back into JavaScript.
- Handle<Name> name;
- ASSIGN_RETURN_ON_EXCEPTION(isolate, name, ToName(isolate, key), Object);
-
- maybe = JSReceiver::HasProperty(object, name);
- }
-
- if (!maybe.has_value) return MaybeHandle<Object>();
- return isolate->factory()->ToBoolean(maybe.value);
-}
-
-
-MaybeHandle<Object> Runtime::GetObjectProperty(Isolate* isolate,
- Handle<Object> object,
- Handle<Object> key) {
- if (object->IsUndefined() || object->IsNull()) {
- Handle<Object> args[2] = {key, object};
- THROW_NEW_ERROR(isolate, NewTypeError("non_object_property_load",
- HandleVector(args, 2)),
- Object);
- }
-
- // Check if the given key is an array index.
- uint32_t index;
- if (key->ToArrayIndex(&index)) {
- return GetElementOrCharAt(isolate, object, index);
- }
-
- // Convert the key to a name - possibly by calling back into JavaScript.
- Handle<Name> name;
- ASSIGN_RETURN_ON_EXCEPTION(isolate, name, ToName(isolate, key), Object);
-
- // Check if the name is trivially convertible to an index and get
- // the element if so.
- if (name->AsArrayIndex(&index)) {
- return GetElementOrCharAt(isolate, object, index);
- } else {
- return Object::GetProperty(object, name);
- }
-}
-
-
-RUNTIME_FUNCTION(Runtime_GetProperty) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
-
- CONVERT_ARG_HANDLE_CHECKED(Object, object, 0);
- CONVERT_ARG_HANDLE_CHECKED(Object, key, 1);
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, result, Runtime::GetObjectProperty(isolate, object, key));
- return *result;
-}
-
-
-// KeyedGetProperty is called from KeyedLoadIC::GenerateGeneric.
-RUNTIME_FUNCTION(Runtime_KeyedGetProperty) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
-
- CONVERT_ARG_HANDLE_CHECKED(Object, receiver_obj, 0);
- CONVERT_ARG_HANDLE_CHECKED(Object, key_obj, 1);
-
- // Fast cases for getting named properties of the receiver JSObject
- // itself.
- //
- // The global proxy objects has to be excluded since LookupOwn on
- // the global proxy object can return a valid result even though the
- // global proxy object never has properties. This is the case
- // because the global proxy object forwards everything to its hidden
- // prototype including own lookups.
- //
- // Additionally, we need to make sure that we do not cache results
- // for objects that require access checks.
- if (receiver_obj->IsJSObject()) {
- if (!receiver_obj->IsJSGlobalProxy() &&
- !receiver_obj->IsAccessCheckNeeded() && key_obj->IsName()) {
- DisallowHeapAllocation no_allocation;
- Handle<JSObject> receiver = Handle<JSObject>::cast(receiver_obj);
- Handle<Name> key = Handle<Name>::cast(key_obj);
- if (receiver->HasFastProperties()) {
- // Attempt to use lookup cache.
- Handle<Map> receiver_map(receiver->map(), isolate);
- KeyedLookupCache* keyed_lookup_cache = isolate->keyed_lookup_cache();
- int index = keyed_lookup_cache->Lookup(receiver_map, key);
- if (index != -1) {
- // Doubles are not cached, so raw read the value.
- return receiver->RawFastPropertyAt(
- FieldIndex::ForKeyedLookupCacheIndex(*receiver_map, index));
- }
- // Lookup cache miss. Perform lookup and update the cache if
- // appropriate.
- LookupIterator it(receiver, key, LookupIterator::OWN);
- if (it.state() == LookupIterator::DATA &&
- it.property_details().type() == FIELD) {
- FieldIndex field_index = it.GetFieldIndex();
- // Do not track double fields in the keyed lookup cache. Reading
- // double values requires boxing.
- if (!it.representation().IsDouble()) {
- keyed_lookup_cache->Update(receiver_map, key,
- field_index.GetKeyedLookupCacheIndex());
- }
- AllowHeapAllocation allow_allocation;
- return *JSObject::FastPropertyAt(receiver, it.representation(),
- field_index);
- }
- } else {
- // Attempt dictionary lookup.
- NameDictionary* dictionary = receiver->property_dictionary();
- int entry = dictionary->FindEntry(key);
- if ((entry != NameDictionary::kNotFound) &&
- (dictionary->DetailsAt(entry).type() == NORMAL)) {
- Object* value = dictionary->ValueAt(entry);
- if (!receiver->IsGlobalObject()) return value;
- value = PropertyCell::cast(value)->value();
- if (!value->IsTheHole()) return value;
- // If value is the hole (meaning, absent) do the general lookup.
- }
- }
- } else if (key_obj->IsSmi()) {
- // JSObject without a name key. If the key is a Smi, check for a
- // definite out-of-bounds access to elements, which is a strong indicator
- // that subsequent accesses will also call the runtime. Proactively
- // transition elements to FAST_*_ELEMENTS to avoid excessive boxing of
- // doubles for those future calls in the case that the elements would
- // become FAST_DOUBLE_ELEMENTS.
- Handle<JSObject> js_object = Handle<JSObject>::cast(receiver_obj);
- ElementsKind elements_kind = js_object->GetElementsKind();
- if (IsFastDoubleElementsKind(elements_kind)) {
- Handle<Smi> key = Handle<Smi>::cast(key_obj);
- if (key->value() >= js_object->elements()->length()) {
- if (IsFastHoleyElementsKind(elements_kind)) {
- elements_kind = FAST_HOLEY_ELEMENTS;
- } else {
- elements_kind = FAST_ELEMENTS;
- }
- RETURN_FAILURE_ON_EXCEPTION(
- isolate, TransitionElements(js_object, elements_kind, isolate));
- }
- } else {
- DCHECK(IsFastSmiOrObjectElementsKind(elements_kind) ||
- !IsFastElementsKind(elements_kind));
- }
- }
- } else if (receiver_obj->IsString() && key_obj->IsSmi()) {
- // Fast case for string indexing using [] with a smi index.
- Handle<String> str = Handle<String>::cast(receiver_obj);
- int index = args.smi_at(1);
- if (index >= 0 && index < str->length()) {
- return *GetCharAt(str, index);
- }
- }
-
- // Fall back to GetObjectProperty.
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, result,
- Runtime::GetObjectProperty(isolate, receiver_obj, key_obj));
- return *result;
-}
-
-
-static bool IsValidAccessor(Handle<Object> obj) {
- return obj->IsUndefined() || obj->IsSpecFunction() || obj->IsNull();
-}
-
-
-// Transform getter or setter into something DefineAccessor can handle.
-static Handle<Object> InstantiateAccessorComponent(Isolate* isolate,
- Handle<Object> component) {
- if (component->IsUndefined()) return isolate->factory()->undefined_value();
- Handle<FunctionTemplateInfo> info =
- Handle<FunctionTemplateInfo>::cast(component);
- return Utils::OpenHandle(*Utils::ToLocal(info)->GetFunction());
-}
-
-
-RUNTIME_FUNCTION(Runtime_DefineApiAccessorProperty) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 5);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
- CONVERT_ARG_HANDLE_CHECKED(Name, name, 1);
- CONVERT_ARG_HANDLE_CHECKED(Object, getter, 2);
- CONVERT_ARG_HANDLE_CHECKED(Object, setter, 3);
- CONVERT_SMI_ARG_CHECKED(attribute, 4);
- RUNTIME_ASSERT(getter->IsUndefined() || getter->IsFunctionTemplateInfo());
- RUNTIME_ASSERT(setter->IsUndefined() || setter->IsFunctionTemplateInfo());
- RUNTIME_ASSERT(PropertyDetails::AttributesField::is_valid(
- static_cast<PropertyAttributes>(attribute)));
- RETURN_FAILURE_ON_EXCEPTION(
- isolate, JSObject::DefineAccessor(
- object, name, InstantiateAccessorComponent(isolate, getter),
- InstantiateAccessorComponent(isolate, setter),
- static_cast<PropertyAttributes>(attribute)));
- return isolate->heap()->undefined_value();
-}
-
-
-// Implements part of 8.12.9 DefineOwnProperty.
-// There are 3 cases that lead here:
-// Step 4b - define a new accessor property.
-// Steps 9c & 12 - replace an existing data property with an accessor property.
-// Step 12 - update an existing accessor property with an accessor or generic
-// descriptor.
-RUNTIME_FUNCTION(Runtime_DefineAccessorPropertyUnchecked) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 5);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, obj, 0);
- RUNTIME_ASSERT(!obj->IsNull());
- CONVERT_ARG_HANDLE_CHECKED(Name, name, 1);
- CONVERT_ARG_HANDLE_CHECKED(Object, getter, 2);
- RUNTIME_ASSERT(IsValidAccessor(getter));
- CONVERT_ARG_HANDLE_CHECKED(Object, setter, 3);
- RUNTIME_ASSERT(IsValidAccessor(setter));
- CONVERT_SMI_ARG_CHECKED(unchecked, 4);
- RUNTIME_ASSERT((unchecked & ~(READ_ONLY | DONT_ENUM | DONT_DELETE)) == 0);
- PropertyAttributes attr = static_cast<PropertyAttributes>(unchecked);
-
- bool fast = obj->HasFastProperties();
- RETURN_FAILURE_ON_EXCEPTION(
- isolate, JSObject::DefineAccessor(obj, name, getter, setter, attr));
- if (fast) JSObject::MigrateSlowToFast(obj, 0);
- return isolate->heap()->undefined_value();
-}
-
-
-// Implements part of 8.12.9 DefineOwnProperty.
-// There are 3 cases that lead here:
-// Step 4a - define a new data property.
-// Steps 9b & 12 - replace an existing accessor property with a data property.
-// Step 12 - update an existing data property with a data or generic
-// descriptor.
-RUNTIME_FUNCTION(Runtime_DefineDataPropertyUnchecked) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 4);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, js_object, 0);
- CONVERT_ARG_HANDLE_CHECKED(Name, name, 1);
- CONVERT_ARG_HANDLE_CHECKED(Object, obj_value, 2);
- CONVERT_SMI_ARG_CHECKED(unchecked, 3);
- RUNTIME_ASSERT((unchecked & ~(READ_ONLY | DONT_ENUM | DONT_DELETE)) == 0);
- PropertyAttributes attr = static_cast<PropertyAttributes>(unchecked);
-
- LookupIterator it(js_object, name, LookupIterator::OWN_SKIP_INTERCEPTOR);
- if (it.IsFound() && it.state() == LookupIterator::ACCESS_CHECK) {
- if (!isolate->MayNamedAccess(js_object, name, v8::ACCESS_SET)) {
- return isolate->heap()->undefined_value();
- }
- it.Next();
- }
-
- // Take special care when attributes are different and there is already
- // a property.
- if (it.state() == LookupIterator::ACCESSOR) {
- // Use IgnoreAttributes version since a readonly property may be
- // overridden and SetProperty does not allow this.
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, result,
- JSObject::SetOwnPropertyIgnoreAttributes(
- js_object, name, obj_value, attr, JSObject::DONT_FORCE_FIELD));
- return *result;
- }
-
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, result,
- Runtime::DefineObjectProperty(js_object, name, obj_value, attr));
- return *result;
-}
-
-
-// Return property without being observable by accessors or interceptors.
-RUNTIME_FUNCTION(Runtime_GetDataProperty) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
- CONVERT_ARG_HANDLE_CHECKED(Name, key, 1);
- return *JSObject::GetDataProperty(object, key);
-}
-
-
-MaybeHandle<Object> Runtime::SetObjectProperty(Isolate* isolate,
- Handle<Object> object,
- Handle<Object> key,
- Handle<Object> value,
- StrictMode strict_mode) {
- if (object->IsUndefined() || object->IsNull()) {
- Handle<Object> args[2] = {key, object};
- THROW_NEW_ERROR(isolate, NewTypeError("non_object_property_store",
- HandleVector(args, 2)),
- Object);
- }
-
- if (object->IsJSProxy()) {
- Handle<Object> name_object;
- if (key->IsSymbol()) {
- name_object = key;
- } else {
- ASSIGN_RETURN_ON_EXCEPTION(isolate, name_object,
- Execution::ToString(isolate, key), Object);
- }
- Handle<Name> name = Handle<Name>::cast(name_object);
- return Object::SetProperty(Handle<JSProxy>::cast(object), name, value,
- strict_mode);
- }
-
- // Check if the given key is an array index.
- uint32_t index;
- if (key->ToArrayIndex(&index)) {
- // TODO(verwaest): Support non-JSObject receivers.
- if (!object->IsJSObject()) return value;
- Handle<JSObject> js_object = Handle<JSObject>::cast(object);
-
- // In Firefox/SpiderMonkey, Safari and Opera you can access the characters
- // of a string using [] notation. We need to support this too in
- // JavaScript.
- // In the case of a String object we just need to redirect the assignment to
- // the underlying string if the index is in range. Since the underlying
- // string does nothing with the assignment then we can ignore such
- // assignments.
- if (js_object->IsStringObjectWithCharacterAt(index)) {
- return value;
- }
-
- JSObject::ValidateElements(js_object);
- if (js_object->HasExternalArrayElements() ||
- js_object->HasFixedTypedArrayElements()) {
- if (!value->IsNumber() && !value->IsUndefined()) {
- ASSIGN_RETURN_ON_EXCEPTION(isolate, value,
- Execution::ToNumber(isolate, value), Object);
- }
- }
-
- MaybeHandle<Object> result = JSObject::SetElement(
- js_object, index, value, NONE, strict_mode, true, SET_PROPERTY);
- JSObject::ValidateElements(js_object);
-
- return result.is_null() ? result : value;
- }
-
- if (key->IsName()) {
- Handle<Name> name = Handle<Name>::cast(key);
- if (name->AsArrayIndex(&index)) {
- // TODO(verwaest): Support non-JSObject receivers.
- if (!object->IsJSObject()) return value;
- Handle<JSObject> js_object = Handle<JSObject>::cast(object);
- if (js_object->HasExternalArrayElements()) {
- if (!value->IsNumber() && !value->IsUndefined()) {
- ASSIGN_RETURN_ON_EXCEPTION(
- isolate, value, Execution::ToNumber(isolate, value), Object);
- }
- }
- return JSObject::SetElement(js_object, index, value, NONE, strict_mode,
- true, SET_PROPERTY);
- } else {
- if (name->IsString()) name = String::Flatten(Handle<String>::cast(name));
- return Object::SetProperty(object, name, value, strict_mode);
- }
- }
-
- // Call-back into JavaScript to convert the key to a string.
- Handle<Object> converted;
- ASSIGN_RETURN_ON_EXCEPTION(isolate, converted,
- Execution::ToString(isolate, key), Object);
- Handle<String> name = Handle<String>::cast(converted);
-
- if (name->AsArrayIndex(&index)) {
- // TODO(verwaest): Support non-JSObject receivers.
- if (!object->IsJSObject()) return value;
- Handle<JSObject> js_object = Handle<JSObject>::cast(object);
- return JSObject::SetElement(js_object, index, value, NONE, strict_mode,
- true, SET_PROPERTY);
- }
- return Object::SetProperty(object, name, value, strict_mode);
-}
-
-
-MaybeHandle<Object> Runtime::DefineObjectProperty(Handle<JSObject> js_object,
- Handle<Object> key,
- Handle<Object> value,
- PropertyAttributes attr) {
- Isolate* isolate = js_object->GetIsolate();
- // Check if the given key is an array index.
- uint32_t index;
- if (key->ToArrayIndex(&index)) {
- // In Firefox/SpiderMonkey, Safari and Opera you can access the characters
- // of a string using [] notation. We need to support this too in
- // JavaScript.
- // In the case of a String object we just need to redirect the assignment to
- // the underlying string if the index is in range. Since the underlying
- // string does nothing with the assignment then we can ignore such
- // assignments.
- if (js_object->IsStringObjectWithCharacterAt(index)) {
- return value;
- }
-
- return JSObject::SetElement(js_object, index, value, attr, SLOPPY, false,
- DEFINE_PROPERTY);
- }
-
- if (key->IsName()) {
- Handle<Name> name = Handle<Name>::cast(key);
- if (name->AsArrayIndex(&index)) {
- return JSObject::SetElement(js_object, index, value, attr, SLOPPY, false,
- DEFINE_PROPERTY);
- } else {
- if (name->IsString()) name = String::Flatten(Handle<String>::cast(name));
- return JSObject::SetOwnPropertyIgnoreAttributes(js_object, name, value,
- attr);
- }
- }
-
- // Call-back into JavaScript to convert the key to a string.
- Handle<Object> converted;
- ASSIGN_RETURN_ON_EXCEPTION(isolate, converted,
- Execution::ToString(isolate, key), Object);
- Handle<String> name = Handle<String>::cast(converted);
-
- if (name->AsArrayIndex(&index)) {
- return JSObject::SetElement(js_object, index, value, attr, SLOPPY, false,
- DEFINE_PROPERTY);
- } else {
- return JSObject::SetOwnPropertyIgnoreAttributes(js_object, name, value,
- attr);
- }
-}
-
-
-MaybeHandle<Object> Runtime::DeleteObjectProperty(Isolate* isolate,
- Handle<JSReceiver> receiver,
- Handle<Object> key,
- JSReceiver::DeleteMode mode) {
- // Check if the given key is an array index.
- uint32_t index;
- if (key->ToArrayIndex(&index)) {
- // In Firefox/SpiderMonkey, Safari and Opera you can access the
- // characters of a string using [] notation. In the case of a
- // String object we just need to redirect the deletion to the
- // underlying string if the index is in range. Since the
- // underlying string does nothing with the deletion, we can ignore
- // such deletions.
- if (receiver->IsStringObjectWithCharacterAt(index)) {
- return isolate->factory()->true_value();
- }
-
- return JSReceiver::DeleteElement(receiver, index, mode);
- }
-
- Handle<Name> name;
- if (key->IsName()) {
- name = Handle<Name>::cast(key);
- } else {
- // Call-back into JavaScript to convert the key to a string.
- Handle<Object> converted;
- ASSIGN_RETURN_ON_EXCEPTION(isolate, converted,
- Execution::ToString(isolate, key), Object);
- name = Handle<String>::cast(converted);
- }
-
- if (name->IsString()) name = String::Flatten(Handle<String>::cast(name));
- return JSReceiver::DeleteProperty(receiver, name, mode);
-}
-
-
-RUNTIME_FUNCTION(Runtime_AddNamedProperty) {
- HandleScope scope(isolate);
- RUNTIME_ASSERT(args.length() == 4);
-
- CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
- CONVERT_ARG_HANDLE_CHECKED(Name, key, 1);
- CONVERT_ARG_HANDLE_CHECKED(Object, value, 2);
- CONVERT_SMI_ARG_CHECKED(unchecked_attributes, 3);
- RUNTIME_ASSERT(
- (unchecked_attributes & ~(READ_ONLY | DONT_ENUM | DONT_DELETE)) == 0);
- // Compute attributes.
- PropertyAttributes attributes =
- static_cast<PropertyAttributes>(unchecked_attributes);
-
-#ifdef DEBUG
- uint32_t index = 0;
- DCHECK(!key->ToArrayIndex(&index));
- LookupIterator it(object, key, LookupIterator::OWN_SKIP_INTERCEPTOR);
- Maybe<PropertyAttributes> maybe = JSReceiver::GetPropertyAttributes(&it);
- if (!maybe.has_value) return isolate->heap()->exception();
- RUNTIME_ASSERT(!it.IsFound());
-#endif
-
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, result,
- JSObject::SetOwnPropertyIgnoreAttributes(object, key, value, attributes));
- return *result;
-}
-
-
-RUNTIME_FUNCTION(Runtime_AddPropertyForTemplate) {
- HandleScope scope(isolate);
- RUNTIME_ASSERT(args.length() == 4);
-
- CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
- CONVERT_ARG_HANDLE_CHECKED(Object, key, 1);
- CONVERT_ARG_HANDLE_CHECKED(Object, value, 2);
- CONVERT_SMI_ARG_CHECKED(unchecked_attributes, 3);
- RUNTIME_ASSERT(
- (unchecked_attributes & ~(READ_ONLY | DONT_ENUM | DONT_DELETE)) == 0);
- // Compute attributes.
- PropertyAttributes attributes =
- static_cast<PropertyAttributes>(unchecked_attributes);
-
-#ifdef DEBUG
- bool duplicate;
- if (key->IsName()) {
- LookupIterator it(object, Handle<Name>::cast(key),
- LookupIterator::OWN_SKIP_INTERCEPTOR);
- Maybe<PropertyAttributes> maybe = JSReceiver::GetPropertyAttributes(&it);
- DCHECK(maybe.has_value);
- duplicate = it.IsFound();
- } else {
- uint32_t index = 0;
- RUNTIME_ASSERT(key->ToArrayIndex(&index));
- Maybe<bool> maybe = JSReceiver::HasOwnElement(object, index);
- if (!maybe.has_value) return isolate->heap()->exception();
- duplicate = maybe.value;
- }
- if (duplicate) {
- Handle<Object> args[1] = {key};
- THROW_NEW_ERROR_RETURN_FAILURE(
- isolate,
- NewTypeError("duplicate_template_property", HandleVector(args, 1)));
- }
-#endif
-
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, result,
- Runtime::DefineObjectProperty(object, key, value, attributes));
- return *result;
-}
-
-
-RUNTIME_FUNCTION(Runtime_SetProperty) {
- HandleScope scope(isolate);
- RUNTIME_ASSERT(args.length() == 4);
-
- CONVERT_ARG_HANDLE_CHECKED(Object, object, 0);
- CONVERT_ARG_HANDLE_CHECKED(Object, key, 1);
- CONVERT_ARG_HANDLE_CHECKED(Object, value, 2);
- CONVERT_STRICT_MODE_ARG_CHECKED(strict_mode_arg, 3);
- StrictMode strict_mode = strict_mode_arg;
-
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, result,
- Runtime::SetObjectProperty(isolate, object, key, value, strict_mode));
- return *result;
-}
-
-
-// Adds an element to an array.
-// This is used to create an indexed data property into an array.
-RUNTIME_FUNCTION(Runtime_AddElement) {
- HandleScope scope(isolate);
- RUNTIME_ASSERT(args.length() == 4);
-
- CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
- CONVERT_ARG_HANDLE_CHECKED(Object, key, 1);
- CONVERT_ARG_HANDLE_CHECKED(Object, value, 2);
- CONVERT_SMI_ARG_CHECKED(unchecked_attributes, 3);
- RUNTIME_ASSERT(
- (unchecked_attributes & ~(READ_ONLY | DONT_ENUM | DONT_DELETE)) == 0);
- // Compute attributes.
- PropertyAttributes attributes =
- static_cast<PropertyAttributes>(unchecked_attributes);
-
- uint32_t index = 0;
- key->ToArrayIndex(&index);
-
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, result, JSObject::SetElement(object, index, value, attributes,
- SLOPPY, false, DEFINE_PROPERTY));
- return *result;
-}
-
-
-RUNTIME_FUNCTION(Runtime_TransitionElementsKind) {
- HandleScope scope(isolate);
- RUNTIME_ASSERT(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(JSArray, array, 0);
- CONVERT_ARG_HANDLE_CHECKED(Map, map, 1);
- JSObject::TransitionElementsKind(array, map->elements_kind());
- return *array;
-}
-
-
-RUNTIME_FUNCTION(Runtime_DeleteProperty) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 3);
- CONVERT_ARG_HANDLE_CHECKED(JSReceiver, object, 0);
- CONVERT_ARG_HANDLE_CHECKED(Name, key, 1);
- CONVERT_STRICT_MODE_ARG_CHECKED(strict_mode, 2);
- JSReceiver::DeleteMode delete_mode = strict_mode == STRICT
- ? JSReceiver::STRICT_DELETION
- : JSReceiver::NORMAL_DELETION;
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, result, JSReceiver::DeleteProperty(object, key, delete_mode));
- return *result;
-}
-
-
-static Object* HasOwnPropertyImplementation(Isolate* isolate,
- Handle<JSObject> object,
- Handle<Name> key) {
- Maybe<bool> maybe = JSReceiver::HasOwnProperty(object, key);
- if (!maybe.has_value) return isolate->heap()->exception();
- if (maybe.value) return isolate->heap()->true_value();
- // Handle hidden prototypes. If there's a hidden prototype above this thing
- // then we have to check it for properties, because they are supposed to
- // look like they are on this object.
- PrototypeIterator iter(isolate, object);
- if (!iter.IsAtEnd() &&
- Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter))
- ->map()
- ->is_hidden_prototype()) {
- // TODO(verwaest): The recursion is not necessary for keys that are array
- // indices. Removing this.
- return HasOwnPropertyImplementation(
- isolate, Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)),
- key);
- }
- RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
- return isolate->heap()->false_value();
-}
-
-
-RUNTIME_FUNCTION(Runtime_HasOwnProperty) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(Object, object, 0)
- CONVERT_ARG_HANDLE_CHECKED(Name, key, 1);
-
- uint32_t index;
- const bool key_is_array_index = key->AsArrayIndex(&index);
-
- // Only JS objects can have properties.
- if (object->IsJSObject()) {
- Handle<JSObject> js_obj = Handle<JSObject>::cast(object);
- // Fast case: either the key is a real named property or it is not
- // an array index and there are no interceptors or hidden
- // prototypes.
- Maybe<bool> maybe = JSObject::HasRealNamedProperty(js_obj, key);
- if (!maybe.has_value) return isolate->heap()->exception();
- DCHECK(!isolate->has_pending_exception());
- if (maybe.value) {
- return isolate->heap()->true_value();
- }
- Map* map = js_obj->map();
- if (!key_is_array_index && !map->has_named_interceptor() &&
- !HeapObject::cast(map->prototype())->map()->is_hidden_prototype()) {
- return isolate->heap()->false_value();
- }
- // Slow case.
- return HasOwnPropertyImplementation(isolate, Handle<JSObject>(js_obj),
- Handle<Name>(key));
- } else if (object->IsString() && key_is_array_index) {
- // Well, there is one exception: Handle [] on strings.
- Handle<String> string = Handle<String>::cast(object);
- if (index < static_cast<uint32_t>(string->length())) {
- return isolate->heap()->true_value();
- }
- }
- return isolate->heap()->false_value();
-}
-
-
-RUNTIME_FUNCTION(Runtime_HasProperty) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(JSReceiver, receiver, 0);
- CONVERT_ARG_HANDLE_CHECKED(Name, key, 1);
-
- Maybe<bool> maybe = JSReceiver::HasProperty(receiver, key);
- if (!maybe.has_value) return isolate->heap()->exception();
- return isolate->heap()->ToBoolean(maybe.value);
-}
-
-
-RUNTIME_FUNCTION(Runtime_HasElement) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(JSReceiver, receiver, 0);
- CONVERT_SMI_ARG_CHECKED(index, 1);
-
- Maybe<bool> maybe = JSReceiver::HasElement(receiver, index);
- if (!maybe.has_value) return isolate->heap()->exception();
- return isolate->heap()->ToBoolean(maybe.value);
-}
-
-
-RUNTIME_FUNCTION(Runtime_IsPropertyEnumerable) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
-
- CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
- CONVERT_ARG_HANDLE_CHECKED(Name, key, 1);
-
- Maybe<PropertyAttributes> maybe =
- JSReceiver::GetOwnPropertyAttributes(object, key);
- if (!maybe.has_value) return isolate->heap()->exception();
- if (maybe.value == ABSENT) maybe.value = DONT_ENUM;
- return isolate->heap()->ToBoolean((maybe.value & DONT_ENUM) == 0);
-}
-
-
-RUNTIME_FUNCTION(Runtime_GetPropertyNames) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(JSReceiver, object, 0);
- Handle<JSArray> result;
-
- isolate->counters()->for_in()->Increment();
- Handle<FixedArray> elements;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, elements,
- JSReceiver::GetKeys(object, JSReceiver::INCLUDE_PROTOS));
- return *isolate->factory()->NewJSArrayWithElements(elements);
-}
-
-
-// Returns either a FixedArray as Runtime_GetPropertyNames,
-// or, if the given object has an enum cache that contains
-// all enumerable properties of the object and its prototypes
-// have none, the map of the object. This is used to speed up
-// the check for deletions during a for-in.
-RUNTIME_FUNCTION(Runtime_GetPropertyNamesFast) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
-
- CONVERT_ARG_CHECKED(JSReceiver, raw_object, 0);
-
- if (raw_object->IsSimpleEnum()) return raw_object->map();
-
- HandleScope scope(isolate);
- Handle<JSReceiver> object(raw_object);
- Handle<FixedArray> content;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, content,
- JSReceiver::GetKeys(object, JSReceiver::INCLUDE_PROTOS));
-
- // Test again, since cache may have been built by preceding call.
- if (object->IsSimpleEnum()) return object->map();
-
- return *content;
-}
-
-
-// Find the length of the prototype chain that is to be handled as one. If a
-// prototype object is hidden it is to be viewed as part of the the object it
-// is prototype for.
-static int OwnPrototypeChainLength(JSObject* obj) {
- int count = 1;
- for (PrototypeIterator iter(obj->GetIsolate(), obj);
- !iter.IsAtEnd(PrototypeIterator::END_AT_NON_HIDDEN); iter.Advance()) {
- count++;
- }
- return count;
-}
-
-
-// Return the names of the own named properties.
-// args[0]: object
-// args[1]: PropertyAttributes as int
-RUNTIME_FUNCTION(Runtime_GetOwnPropertyNames) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- if (!args[0]->IsJSObject()) {
- return isolate->heap()->undefined_value();
- }
- CONVERT_ARG_HANDLE_CHECKED(JSObject, obj, 0);
- CONVERT_SMI_ARG_CHECKED(filter_value, 1);
- PropertyAttributes filter = static_cast<PropertyAttributes>(filter_value);
-
- // Skip the global proxy as it has no properties and always delegates to the
- // real global object.
- if (obj->IsJSGlobalProxy()) {
- // Only collect names if access is permitted.
- if (obj->IsAccessCheckNeeded() &&
- !isolate->MayNamedAccess(obj, isolate->factory()->undefined_value(),
- v8::ACCESS_KEYS)) {
- isolate->ReportFailedAccessCheck(obj, v8::ACCESS_KEYS);
- RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
- return *isolate->factory()->NewJSArray(0);
- }
- PrototypeIterator iter(isolate, obj);
- obj = Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter));
- }
-
- // Find the number of objects making up this.
- int length = OwnPrototypeChainLength(*obj);
-
- // Find the number of own properties for each of the objects.
- ScopedVector<int> own_property_count(length);
- int total_property_count = 0;
- {
- PrototypeIterator iter(isolate, obj, PrototypeIterator::START_AT_RECEIVER);
- for (int i = 0; i < length; i++) {
- DCHECK(!iter.IsAtEnd());
- Handle<JSObject> jsproto =
- Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter));
- // Only collect names if access is permitted.
- if (jsproto->IsAccessCheckNeeded() &&
- !isolate->MayNamedAccess(jsproto,
- isolate->factory()->undefined_value(),
- v8::ACCESS_KEYS)) {
- isolate->ReportFailedAccessCheck(jsproto, v8::ACCESS_KEYS);
- RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
- return *isolate->factory()->NewJSArray(0);
- }
- int n;
- n = jsproto->NumberOfOwnProperties(filter);
- own_property_count[i] = n;
- total_property_count += n;
- iter.Advance();
- }
- }
-
- // Allocate an array with storage for all the property names.
- Handle<FixedArray> names =
- isolate->factory()->NewFixedArray(total_property_count);
-
- // Get the property names.
- int next_copy_index = 0;
- int hidden_strings = 0;
- {
- PrototypeIterator iter(isolate, obj, PrototypeIterator::START_AT_RECEIVER);
- for (int i = 0; i < length; i++) {
- DCHECK(!iter.IsAtEnd());
- Handle<JSObject> jsproto =
- Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter));
- jsproto->GetOwnPropertyNames(*names, next_copy_index, filter);
- if (i > 0) {
- // Names from hidden prototypes may already have been added
- // for inherited function template instances. Count the duplicates
- // and stub them out; the final copy pass at the end ignores holes.
- for (int j = next_copy_index;
- j < next_copy_index + own_property_count[i]; j++) {
- Object* name_from_hidden_proto = names->get(j);
- for (int k = 0; k < next_copy_index; k++) {
- if (names->get(k) != isolate->heap()->hidden_string()) {
- Object* name = names->get(k);
- if (name_from_hidden_proto == name) {
- names->set(j, isolate->heap()->hidden_string());
- hidden_strings++;
- break;
- }
- }
- }
- }
- }
- next_copy_index += own_property_count[i];
-
- // Hidden properties only show up if the filter does not skip strings.
- if ((filter & STRING) == 0 && JSObject::HasHiddenProperties(jsproto)) {
- hidden_strings++;
- }
- iter.Advance();
- }
- }
-
- // Filter out name of hidden properties object and
- // hidden prototype duplicates.
- if (hidden_strings > 0) {
- Handle<FixedArray> old_names = names;
- names = isolate->factory()->NewFixedArray(names->length() - hidden_strings);
- int dest_pos = 0;
- for (int i = 0; i < total_property_count; i++) {
- Object* name = old_names->get(i);
- if (name == isolate->heap()->hidden_string()) {
- hidden_strings--;
- continue;
- }
- names->set(dest_pos++, name);
- }
- DCHECK_EQ(0, hidden_strings);
- }
-
- return *isolate->factory()->NewJSArrayWithElements(names);
-}
-
-
-// Return the names of the own indexed properties.
-// args[0]: object
-RUNTIME_FUNCTION(Runtime_GetOwnElementNames) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- if (!args[0]->IsJSObject()) {
- return isolate->heap()->undefined_value();
- }
- CONVERT_ARG_HANDLE_CHECKED(JSObject, obj, 0);
-
- int n = obj->NumberOfOwnElements(static_cast<PropertyAttributes>(NONE));
- Handle<FixedArray> names = isolate->factory()->NewFixedArray(n);
- obj->GetOwnElementKeys(*names, static_cast<PropertyAttributes>(NONE));
- return *isolate->factory()->NewJSArrayWithElements(names);
-}
-
-
-// Return information on whether an object has a named or indexed interceptor.
-// args[0]: object
-RUNTIME_FUNCTION(Runtime_GetInterceptorInfo) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- if (!args[0]->IsJSObject()) {
- return Smi::FromInt(0);
- }
- CONVERT_ARG_HANDLE_CHECKED(JSObject, obj, 0);
-
- int result = 0;
- if (obj->HasNamedInterceptor()) result |= 2;
- if (obj->HasIndexedInterceptor()) result |= 1;
-
- return Smi::FromInt(result);
-}
-
-
-// Return property names from named interceptor.
-// args[0]: object
-RUNTIME_FUNCTION(Runtime_GetNamedInterceptorPropertyNames) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, obj, 0);
-
- if (obj->HasNamedInterceptor()) {
- Handle<JSObject> result;
- if (JSObject::GetKeysForNamedInterceptor(obj, obj).ToHandle(&result)) {
- return *result;
- }
- }
- return isolate->heap()->undefined_value();
-}
-
-
-// Return element names from indexed interceptor.
-// args[0]: object
-RUNTIME_FUNCTION(Runtime_GetIndexedInterceptorElementNames) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, obj, 0);
-
- if (obj->HasIndexedInterceptor()) {
- Handle<JSObject> result;
- if (JSObject::GetKeysForIndexedInterceptor(obj, obj).ToHandle(&result)) {
- return *result;
- }
- }
- return isolate->heap()->undefined_value();
-}
-
-
-RUNTIME_FUNCTION(Runtime_OwnKeys) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_CHECKED(JSObject, raw_object, 0);
- Handle<JSObject> object(raw_object);
-
- if (object->IsJSGlobalProxy()) {
- // Do access checks before going to the global object.
- if (object->IsAccessCheckNeeded() &&
- !isolate->MayNamedAccess(object, isolate->factory()->undefined_value(),
- v8::ACCESS_KEYS)) {
- isolate->ReportFailedAccessCheck(object, v8::ACCESS_KEYS);
- RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
- return *isolate->factory()->NewJSArray(0);
- }
-
- PrototypeIterator iter(isolate, object);
- // If proxy is detached we simply return an empty array.
- if (iter.IsAtEnd()) return *isolate->factory()->NewJSArray(0);
- object = Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter));
- }
-
- Handle<FixedArray> contents;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, contents, JSReceiver::GetKeys(object, JSReceiver::OWN_ONLY));
-
- // Some fast paths through GetKeysInFixedArrayFor reuse a cached
- // property array and since the result is mutable we have to create
- // a fresh clone on each invocation.
- int length = contents->length();
- Handle<FixedArray> copy = isolate->factory()->NewFixedArray(length);
- for (int i = 0; i < length; i++) {
- Object* entry = contents->get(i);
- if (entry->IsString()) {
- copy->set(i, entry);
- } else {
- DCHECK(entry->IsNumber());
- HandleScope scope(isolate);
- Handle<Object> entry_handle(entry, isolate);
- Handle<Object> entry_str =
- isolate->factory()->NumberToString(entry_handle);
- copy->set(i, *entry_str);
- }
- }
- return *isolate->factory()->NewJSArrayWithElements(copy);
-}
-
-
-RUNTIME_FUNCTION(Runtime_ToFastProperties) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(Object, object, 0);
- if (object->IsJSObject() && !object->IsGlobalObject()) {
- JSObject::MigrateSlowToFast(Handle<JSObject>::cast(object), 0);
- }
- return *object;
-}
-
-
-RUNTIME_FUNCTION(Runtime_ToBool) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_CHECKED(Object, object, 0);
-
- return isolate->heap()->ToBoolean(object->BooleanValue());
-}
-
-
-// Returns the type string of a value; see ECMA-262, 11.4.3 (p 47).
-// Possible optimizations: put the type string into the oddballs.
-RUNTIME_FUNCTION(Runtime_Typeof) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_CHECKED(Object, obj, 0);
- if (obj->IsNumber()) return isolate->heap()->number_string();
- HeapObject* heap_obj = HeapObject::cast(obj);
-
- // typeof an undetectable object is 'undefined'
- if (heap_obj->map()->is_undetectable()) {
- return isolate->heap()->undefined_string();
- }
-
- InstanceType instance_type = heap_obj->map()->instance_type();
- if (instance_type < FIRST_NONSTRING_TYPE) {
- return isolate->heap()->string_string();
- }
-
- switch (instance_type) {
- case ODDBALL_TYPE:
- if (heap_obj->IsTrue() || heap_obj->IsFalse()) {
- return isolate->heap()->boolean_string();
- }
- if (heap_obj->IsNull()) {
- return isolate->heap()->object_string();
- }
- DCHECK(heap_obj->IsUndefined());
- return isolate->heap()->undefined_string();
- case SYMBOL_TYPE:
- return isolate->heap()->symbol_string();
- case JS_FUNCTION_TYPE:
- case JS_FUNCTION_PROXY_TYPE:
- return isolate->heap()->function_string();
- default:
- // For any kind of object not handled above, the spec rule for
- // host objects gives that it is okay to return "object"
- return isolate->heap()->object_string();
- }
-}
-
-
-RUNTIME_FUNCTION(Runtime_Booleanize) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_CHECKED(Object, value_raw, 0);
- CONVERT_SMI_ARG_CHECKED(token_raw, 1);
- intptr_t value = reinterpret_cast<intptr_t>(value_raw);
- Token::Value token = static_cast<Token::Value>(token_raw);
- switch (token) {
- case Token::EQ:
- case Token::EQ_STRICT:
- return isolate->heap()->ToBoolean(value == 0);
- case Token::NE:
- case Token::NE_STRICT:
- return isolate->heap()->ToBoolean(value != 0);
- case Token::LT:
- return isolate->heap()->ToBoolean(value < 0);
- case Token::GT:
- return isolate->heap()->ToBoolean(value > 0);
- case Token::LTE:
- return isolate->heap()->ToBoolean(value <= 0);
- case Token::GTE:
- return isolate->heap()->ToBoolean(value >= 0);
- default:
- // This should only happen during natives fuzzing.
- return isolate->heap()->undefined_value();
- }
-}
-
-
-RUNTIME_FUNCTION(Runtime_NewStringWrapper) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(String, value, 0);
- return *Object::ToObject(isolate, value).ToHandleChecked();
-}
-
-
-RUNTIME_FUNCTION(Runtime_AllocateHeapNumber) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 0);
- return *isolate->factory()->NewHeapNumber(0);
-}
-
-
-static Object* Runtime_NewObjectHelper(Isolate* isolate,
- Handle<Object> constructor,
- Handle<AllocationSite> site) {
- // If the constructor isn't a proper function we throw a type error.
- if (!constructor->IsJSFunction()) {
- Vector<Handle<Object> > arguments = HandleVector(&constructor, 1);
- THROW_NEW_ERROR_RETURN_FAILURE(isolate,
- NewTypeError("not_constructor", arguments));
- }
-
- Handle<JSFunction> function = Handle<JSFunction>::cast(constructor);
-
- // If function should not have prototype, construction is not allowed. In this
- // case generated code bailouts here, since function has no initial_map.
- if (!function->should_have_prototype() && !function->shared()->bound()) {
- Vector<Handle<Object> > arguments = HandleVector(&constructor, 1);
- THROW_NEW_ERROR_RETURN_FAILURE(isolate,
- NewTypeError("not_constructor", arguments));
- }
-
- Debug* debug = isolate->debug();
- // Handle stepping into constructors if step into is active.
- if (debug->StepInActive()) {
- debug->HandleStepIn(function, Handle<Object>::null(), 0, true);
- }
-
- if (function->has_initial_map()) {
- if (function->initial_map()->instance_type() == JS_FUNCTION_TYPE) {
- // The 'Function' function ignores the receiver object when
- // called using 'new' and creates a new JSFunction object that
- // is returned. The receiver object is only used for error
- // reporting if an error occurs when constructing the new
- // JSFunction. Factory::NewJSObject() should not be used to
- // allocate JSFunctions since it does not properly initialize
- // the shared part of the function. Since the receiver is
- // ignored anyway, we use the global object as the receiver
- // instead of a new JSFunction object. This way, errors are
- // reported the same way whether or not 'Function' is called
- // using 'new'.
- return isolate->global_proxy();
- }
- }
-
- // The function should be compiled for the optimization hints to be
- // available.
- Compiler::EnsureCompiled(function, CLEAR_EXCEPTION);
-
- Handle<JSObject> result;
- if (site.is_null()) {
- result = isolate->factory()->NewJSObject(function);
- } else {
- result = isolate->factory()->NewJSObjectWithMemento(function, site);
- }
-
- isolate->counters()->constructed_objects()->Increment();
- isolate->counters()->constructed_objects_runtime()->Increment();
-
- return *result;
-}
-
-
-RUNTIME_FUNCTION(Runtime_NewObject) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(Object, constructor, 0);
- return Runtime_NewObjectHelper(isolate, constructor,
- Handle<AllocationSite>::null());
-}
-
-
-RUNTIME_FUNCTION(Runtime_NewObjectWithAllocationSite) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(Object, constructor, 1);
- CONVERT_ARG_HANDLE_CHECKED(Object, feedback, 0);
- Handle<AllocationSite> site;
- if (feedback->IsAllocationSite()) {
- // The feedback can be an AllocationSite or undefined.
- site = Handle<AllocationSite>::cast(feedback);
- }
- return Runtime_NewObjectHelper(isolate, constructor, site);
-}
-
-
-RUNTIME_FUNCTION(Runtime_FinalizeInstanceSize) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
-
- CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0);
- function->CompleteInobjectSlackTracking();
-
- return isolate->heap()->undefined_value();
-}
-
-
-RUNTIME_FUNCTION(Runtime_CheckIsBootstrapping) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 0);
- RUNTIME_ASSERT(isolate->bootstrapper()->IsActive());
- return isolate->heap()->undefined_value();
-}
-
-
-RUNTIME_FUNCTION(Runtime_GetRootNaN) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 0);
- RUNTIME_ASSERT(isolate->bootstrapper()->IsActive());
- return isolate->heap()->nan_value();
-}
-
-
-RUNTIME_FUNCTION(Runtime_Throw) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
-
- return isolate->Throw(args[0]);
-}
-
-
-RUNTIME_FUNCTION(Runtime_ReThrow) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
-
- return isolate->ReThrow(args[0]);
-}
-
-
-RUNTIME_FUNCTION(Runtime_PromoteScheduledException) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 0);
- return isolate->PromoteScheduledException();
-}
-
-
-RUNTIME_FUNCTION(Runtime_ThrowReferenceError) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(Object, name, 0);
- THROW_NEW_ERROR_RETURN_FAILURE(
- isolate, NewReferenceError("not_defined", HandleVector(&name, 1)));
-}
-
-
-RUNTIME_FUNCTION(Runtime_PromiseRejectEvent) {
- DCHECK(args.length() == 3);
- HandleScope scope(isolate);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, promise, 0);
- CONVERT_ARG_HANDLE_CHECKED(Object, value, 1);
- CONVERT_BOOLEAN_ARG_CHECKED(debug_event, 2);
- if (debug_event) isolate->debug()->OnPromiseReject(promise, value);
- Handle<Symbol> key = isolate->factory()->promise_has_handler_symbol();
- // Do not report if we actually have a handler.
- if (JSObject::GetDataProperty(promise, key)->IsUndefined()) {
- isolate->ReportPromiseReject(promise, value,
- v8::kPromiseRejectWithNoHandler);
- }
- return isolate->heap()->undefined_value();
-}
-
-
-RUNTIME_FUNCTION(Runtime_PromiseRevokeReject) {
- DCHECK(args.length() == 1);
- HandleScope scope(isolate);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, promise, 0);
- Handle<Symbol> key = isolate->factory()->promise_has_handler_symbol();
- // At this point, no revocation has been issued before
- RUNTIME_ASSERT(JSObject::GetDataProperty(promise, key)->IsUndefined());
- isolate->ReportPromiseReject(promise, Handle<Object>(),
- v8::kPromiseHandlerAddedAfterReject);
- return isolate->heap()->undefined_value();
-}
-
-
-RUNTIME_FUNCTION(Runtime_PromiseHasHandlerSymbol) {
- DCHECK(args.length() == 0);
- return isolate->heap()->promise_has_handler_symbol();
-}
-
-
-RUNTIME_FUNCTION(Runtime_StackGuard) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 0);
-
- // First check if this is a real stack overflow.
- StackLimitCheck check(isolate);
- if (check.JsHasOverflowed()) {
- return isolate->StackOverflow();
- }
-
- return isolate->stack_guard()->HandleInterrupts();
-}
-
-
-RUNTIME_FUNCTION(Runtime_Interrupt) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 0);
- return isolate->stack_guard()->HandleInterrupts();
-}
-
-
-RUNTIME_FUNCTION(Runtime_GlobalProxy) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_CHECKED(Object, global, 0);
- if (!global->IsJSGlobalObject()) return isolate->heap()->null_value();
- return JSGlobalObject::cast(global)->global_proxy();
-}
-
-
-RUNTIME_FUNCTION(Runtime_IsAttachedGlobal) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_CHECKED(Object, global, 0);
- if (!global->IsJSGlobalObject()) return isolate->heap()->false_value();
- return isolate->heap()->ToBoolean(
- !JSGlobalObject::cast(global)->IsDetached());
-}
-
-
-RUNTIME_FUNCTION(Runtime_AllocateInNewSpace) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_SMI_ARG_CHECKED(size, 0);
- RUNTIME_ASSERT(IsAligned(size, kPointerSize));
- RUNTIME_ASSERT(size > 0);
- RUNTIME_ASSERT(size <= Page::kMaxRegularHeapObjectSize);
- return *isolate->factory()->NewFillerObject(size, false, NEW_SPACE);
-}
-
-
-RUNTIME_FUNCTION(Runtime_AllocateInTargetSpace) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_SMI_ARG_CHECKED(size, 0);
- CONVERT_SMI_ARG_CHECKED(flags, 1);
- RUNTIME_ASSERT(IsAligned(size, kPointerSize));
- RUNTIME_ASSERT(size > 0);
- RUNTIME_ASSERT(size <= Page::kMaxRegularHeapObjectSize);
- bool double_align = AllocateDoubleAlignFlag::decode(flags);
- AllocationSpace space = AllocateTargetSpace::decode(flags);
- return *isolate->factory()->NewFillerObject(size, double_align, space);
-}
-
-
-// Push an object unto an array of objects if it is not already in the
-// array. Returns true if the element was pushed on the stack and
-// false otherwise.
-RUNTIME_FUNCTION(Runtime_PushIfAbsent) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(JSArray, array, 0);
- CONVERT_ARG_HANDLE_CHECKED(JSReceiver, element, 1);
- RUNTIME_ASSERT(array->HasFastSmiOrObjectElements());
- int length = Smi::cast(array->length())->value();
- FixedArray* elements = FixedArray::cast(array->elements());
- for (int i = 0; i < length; i++) {
- if (elements->get(i) == *element) return isolate->heap()->false_value();
- }
-
- // Strict not needed. Used for cycle detection in Array join implementation.
- RETURN_FAILURE_ON_EXCEPTION(
- isolate, JSObject::SetFastElement(array, length, element, SLOPPY, true));
- return isolate->heap()->true_value();
-}
-
-
-/**
- * A simple visitor visits every element of Array's.
- * The backend storage can be a fixed array for fast elements case,
- * or a dictionary for sparse array. Since Dictionary is a subtype
- * of FixedArray, the class can be used by both fast and slow cases.
- * The second parameter of the constructor, fast_elements, specifies
- * whether the storage is a FixedArray or Dictionary.
- *
- * An index limit is used to deal with the situation that a result array
- * length overflows 32-bit non-negative integer.
- */
-class ArrayConcatVisitor {
- public:
- ArrayConcatVisitor(Isolate* isolate, Handle<FixedArray> storage,
- bool fast_elements)
- : isolate_(isolate),
- storage_(Handle<FixedArray>::cast(
- isolate->global_handles()->Create(*storage))),
- index_offset_(0u),
- fast_elements_(fast_elements),
- exceeds_array_limit_(false) {}
-
- ~ArrayConcatVisitor() { clear_storage(); }
-
- void visit(uint32_t i, Handle<Object> elm) {
- if (i > JSObject::kMaxElementCount - index_offset_) {
- exceeds_array_limit_ = true;
- return;
- }
- uint32_t index = index_offset_ + i;
-
- if (fast_elements_) {
- if (index < static_cast<uint32_t>(storage_->length())) {
- storage_->set(index, *elm);
- return;
- }
- // Our initial estimate of length was foiled, possibly by
- // getters on the arrays increasing the length of later arrays
- // during iteration.
- // This shouldn't happen in anything but pathological cases.
- SetDictionaryMode();
- // Fall-through to dictionary mode.
- }
- DCHECK(!fast_elements_);
- Handle<SeededNumberDictionary> dict(
- SeededNumberDictionary::cast(*storage_));
- Handle<SeededNumberDictionary> result =
- SeededNumberDictionary::AtNumberPut(dict, index, elm);
- if (!result.is_identical_to(dict)) {
- // Dictionary needed to grow.
- clear_storage();
- set_storage(*result);
- }
- }
-
- void increase_index_offset(uint32_t delta) {
- if (JSObject::kMaxElementCount - index_offset_ < delta) {
- index_offset_ = JSObject::kMaxElementCount;
- } else {
- index_offset_ += delta;
- }
- // If the initial length estimate was off (see special case in visit()),
- // but the array blowing the limit didn't contain elements beyond the
- // provided-for index range, go to dictionary mode now.
- if (fast_elements_ &&
- index_offset_ >
- static_cast<uint32_t>(FixedArrayBase::cast(*storage_)->length())) {
- SetDictionaryMode();
- }
- }
-
- bool exceeds_array_limit() { return exceeds_array_limit_; }
-
- Handle<JSArray> ToArray() {
- Handle<JSArray> array = isolate_->factory()->NewJSArray(0);
- Handle<Object> length =
- isolate_->factory()->NewNumber(static_cast<double>(index_offset_));
- Handle<Map> map = JSObject::GetElementsTransitionMap(
- array, fast_elements_ ? FAST_HOLEY_ELEMENTS : DICTIONARY_ELEMENTS);
- array->set_map(*map);
- array->set_length(*length);
- array->set_elements(*storage_);
- return array;
- }
-
- private:
- // Convert storage to dictionary mode.
- void SetDictionaryMode() {
- DCHECK(fast_elements_);
- Handle<FixedArray> current_storage(*storage_);
- Handle<SeededNumberDictionary> slow_storage(
- SeededNumberDictionary::New(isolate_, current_storage->length()));
- uint32_t current_length = static_cast<uint32_t>(current_storage->length());
- for (uint32_t i = 0; i < current_length; i++) {
- HandleScope loop_scope(isolate_);
- Handle<Object> element(current_storage->get(i), isolate_);
- if (!element->IsTheHole()) {
- Handle<SeededNumberDictionary> new_storage =
- SeededNumberDictionary::AtNumberPut(slow_storage, i, element);
- if (!new_storage.is_identical_to(slow_storage)) {
- slow_storage = loop_scope.CloseAndEscape(new_storage);
- }
- }
- }
- clear_storage();
- set_storage(*slow_storage);
- fast_elements_ = false;
- }
-
- inline void clear_storage() {
- GlobalHandles::Destroy(Handle<Object>::cast(storage_).location());
- }
-
- inline void set_storage(FixedArray* storage) {
- storage_ =
- Handle<FixedArray>::cast(isolate_->global_handles()->Create(storage));
- }
-
- Isolate* isolate_;
- Handle<FixedArray> storage_; // Always a global handle.
- // Index after last seen index. Always less than or equal to
- // JSObject::kMaxElementCount.
- uint32_t index_offset_;
- bool fast_elements_ : 1;
- bool exceeds_array_limit_ : 1;
-};
-
-
-static uint32_t EstimateElementCount(Handle<JSArray> array) {
- uint32_t length = static_cast<uint32_t>(array->length()->Number());
- int element_count = 0;
- switch (array->GetElementsKind()) {
- case FAST_SMI_ELEMENTS:
- case FAST_HOLEY_SMI_ELEMENTS:
- case FAST_ELEMENTS:
- case FAST_HOLEY_ELEMENTS: {
- // Fast elements can't have lengths that are not representable by
- // a 32-bit signed integer.
- DCHECK(static_cast<int32_t>(FixedArray::kMaxLength) >= 0);
- int fast_length = static_cast<int>(length);
- Handle<FixedArray> elements(FixedArray::cast(array->elements()));
- for (int i = 0; i < fast_length; i++) {
- if (!elements->get(i)->IsTheHole()) element_count++;
- }
- break;
- }
- case FAST_DOUBLE_ELEMENTS:
- case FAST_HOLEY_DOUBLE_ELEMENTS: {
- // Fast elements can't have lengths that are not representable by
- // a 32-bit signed integer.
- DCHECK(static_cast<int32_t>(FixedDoubleArray::kMaxLength) >= 0);
- int fast_length = static_cast<int>(length);
- if (array->elements()->IsFixedArray()) {
- DCHECK(FixedArray::cast(array->elements())->length() == 0);
- break;
- }
- Handle<FixedDoubleArray> elements(
- FixedDoubleArray::cast(array->elements()));
- for (int i = 0; i < fast_length; i++) {
- if (!elements->is_the_hole(i)) element_count++;
- }
- break;
- }
- case DICTIONARY_ELEMENTS: {
- Handle<SeededNumberDictionary> dictionary(
- SeededNumberDictionary::cast(array->elements()));
- int capacity = dictionary->Capacity();
- for (int i = 0; i < capacity; i++) {
- Handle<Object> key(dictionary->KeyAt(i), array->GetIsolate());
- if (dictionary->IsKey(*key)) {
- element_count++;
- }
- }
- break;
- }
- case SLOPPY_ARGUMENTS_ELEMENTS:
-#define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
- case EXTERNAL_##TYPE##_ELEMENTS: \
- case TYPE##_ELEMENTS:
-
- TYPED_ARRAYS(TYPED_ARRAY_CASE)
-#undef TYPED_ARRAY_CASE
- // External arrays are always dense.
- return length;
- }
- // As an estimate, we assume that the prototype doesn't contain any
- // inherited elements.
- return element_count;
-}
-
-
-template <class ExternalArrayClass, class ElementType>
-static void IterateExternalArrayElements(Isolate* isolate,
- Handle<JSObject> receiver,
- bool elements_are_ints,
- bool elements_are_guaranteed_smis,
- ArrayConcatVisitor* visitor) {
- Handle<ExternalArrayClass> array(
- ExternalArrayClass::cast(receiver->elements()));
- uint32_t len = static_cast<uint32_t>(array->length());
-
- DCHECK(visitor != NULL);
- if (elements_are_ints) {
- if (elements_are_guaranteed_smis) {
- for (uint32_t j = 0; j < len; j++) {
- HandleScope loop_scope(isolate);
- Handle<Smi> e(Smi::FromInt(static_cast<int>(array->get_scalar(j))),
- isolate);
- visitor->visit(j, e);
- }
- } else {
- for (uint32_t j = 0; j < len; j++) {
- HandleScope loop_scope(isolate);
- int64_t val = static_cast<int64_t>(array->get_scalar(j));
- if (Smi::IsValid(static_cast<intptr_t>(val))) {
- Handle<Smi> e(Smi::FromInt(static_cast<int>(val)), isolate);
- visitor->visit(j, e);
- } else {
- Handle<Object> e =
- isolate->factory()->NewNumber(static_cast<ElementType>(val));
- visitor->visit(j, e);
- }
- }
- }
- } else {
- for (uint32_t j = 0; j < len; j++) {
- HandleScope loop_scope(isolate);
- Handle<Object> e = isolate->factory()->NewNumber(array->get_scalar(j));
- visitor->visit(j, e);
- }
- }
-}
-
-
-// Used for sorting indices in a List<uint32_t>.
-static int compareUInt32(const uint32_t* ap, const uint32_t* bp) {
- uint32_t a = *ap;
- uint32_t b = *bp;
- return (a == b) ? 0 : (a < b) ? -1 : 1;
-}
-
-
-static void CollectElementIndices(Handle<JSObject> object, uint32_t range,
- List<uint32_t>* indices) {
- Isolate* isolate = object->GetIsolate();
- ElementsKind kind = object->GetElementsKind();
- switch (kind) {
- case FAST_SMI_ELEMENTS:
- case FAST_ELEMENTS:
- case FAST_HOLEY_SMI_ELEMENTS:
- case FAST_HOLEY_ELEMENTS: {
- Handle<FixedArray> elements(FixedArray::cast(object->elements()));
- uint32_t length = static_cast<uint32_t>(elements->length());
- if (range < length) length = range;
- for (uint32_t i = 0; i < length; i++) {
- if (!elements->get(i)->IsTheHole()) {
- indices->Add(i);
- }
- }
- break;
- }
- case FAST_HOLEY_DOUBLE_ELEMENTS:
- case FAST_DOUBLE_ELEMENTS: {
- if (object->elements()->IsFixedArray()) {
- DCHECK(object->elements()->length() == 0);
- break;
- }
- Handle<FixedDoubleArray> elements(
- FixedDoubleArray::cast(object->elements()));
- uint32_t length = static_cast<uint32_t>(elements->length());
- if (range < length) length = range;
- for (uint32_t i = 0; i < length; i++) {
- if (!elements->is_the_hole(i)) {
- indices->Add(i);
- }
- }
- break;
- }
- case DICTIONARY_ELEMENTS: {
- Handle<SeededNumberDictionary> dict(
- SeededNumberDictionary::cast(object->elements()));
- uint32_t capacity = dict->Capacity();
- for (uint32_t j = 0; j < capacity; j++) {
- HandleScope loop_scope(isolate);
- Handle<Object> k(dict->KeyAt(j), isolate);
- if (dict->IsKey(*k)) {
- DCHECK(k->IsNumber());
- uint32_t index = static_cast<uint32_t>(k->Number());
- if (index < range) {
- indices->Add(index);
- }
- }
- }
- break;
- }
-#define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
- case TYPE##_ELEMENTS: \
- case EXTERNAL_##TYPE##_ELEMENTS:
-
- TYPED_ARRAYS(TYPED_ARRAY_CASE)
-#undef TYPED_ARRAY_CASE
- {
- uint32_t length = static_cast<uint32_t>(
- FixedArrayBase::cast(object->elements())->length());
- if (range <= length) {
- length = range;
- // We will add all indices, so we might as well clear it first
- // and avoid duplicates.
- indices->Clear();
- }
- for (uint32_t i = 0; i < length; i++) {
- indices->Add(i);
- }
- if (length == range) return; // All indices accounted for already.
- break;
- }
- case SLOPPY_ARGUMENTS_ELEMENTS: {
- MaybeHandle<Object> length_obj =
- Object::GetProperty(object, isolate->factory()->length_string());
- double length_num = length_obj.ToHandleChecked()->Number();
- uint32_t length = static_cast<uint32_t>(DoubleToInt32(length_num));
- ElementsAccessor* accessor = object->GetElementsAccessor();
- for (uint32_t i = 0; i < length; i++) {
- if (accessor->HasElement(object, object, i)) {
- indices->Add(i);
- }
- }
- break;
- }
- }
-
- PrototypeIterator iter(isolate, object);
- if (!iter.IsAtEnd()) {
- // The prototype will usually have no inherited element indices,
- // but we have to check.
- CollectElementIndices(
- Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)), range,
- indices);
- }
-}
-
-
-/**
- * A helper function that visits elements of a JSArray in numerical
- * order.
- *
- * The visitor argument called for each existing element in the array
- * with the element index and the element's value.
- * Afterwards it increments the base-index of the visitor by the array
- * length.
- * Returns false if any access threw an exception, otherwise true.
- */
-static bool IterateElements(Isolate* isolate, Handle<JSArray> receiver,
- ArrayConcatVisitor* visitor) {
- uint32_t length = static_cast<uint32_t>(receiver->length()->Number());
- switch (receiver->GetElementsKind()) {
- case FAST_SMI_ELEMENTS:
- case FAST_ELEMENTS:
- case FAST_HOLEY_SMI_ELEMENTS:
- case FAST_HOLEY_ELEMENTS: {
- // Run through the elements FixedArray and use HasElement and GetElement
- // to check the prototype for missing elements.
- Handle<FixedArray> elements(FixedArray::cast(receiver->elements()));
- int fast_length = static_cast<int>(length);
- DCHECK(fast_length <= elements->length());
- for (int j = 0; j < fast_length; j++) {
- HandleScope loop_scope(isolate);
- Handle<Object> element_value(elements->get(j), isolate);
- if (!element_value->IsTheHole()) {
- visitor->visit(j, element_value);
- } else {
- Maybe<bool> maybe = JSReceiver::HasElement(receiver, j);
- if (!maybe.has_value) return false;
- if (maybe.value) {
- // Call GetElement on receiver, not its prototype, or getters won't
- // have the correct receiver.
- ASSIGN_RETURN_ON_EXCEPTION_VALUE(
- isolate, element_value,
- Object::GetElement(isolate, receiver, j), false);
- visitor->visit(j, element_value);
- }
- }
- }
- break;
- }
- case FAST_HOLEY_DOUBLE_ELEMENTS:
- case FAST_DOUBLE_ELEMENTS: {
- // Empty array is FixedArray but not FixedDoubleArray.
- if (length == 0) break;
- // Run through the elements FixedArray and use HasElement and GetElement
- // to check the prototype for missing elements.
- if (receiver->elements()->IsFixedArray()) {
- DCHECK(receiver->elements()->length() == 0);
- break;
- }
- Handle<FixedDoubleArray> elements(
- FixedDoubleArray::cast(receiver->elements()));
- int fast_length = static_cast<int>(length);
- DCHECK(fast_length <= elements->length());
- for (int j = 0; j < fast_length; j++) {
- HandleScope loop_scope(isolate);
- if (!elements->is_the_hole(j)) {
- double double_value = elements->get_scalar(j);
- Handle<Object> element_value =
- isolate->factory()->NewNumber(double_value);
- visitor->visit(j, element_value);
- } else {
- Maybe<bool> maybe = JSReceiver::HasElement(receiver, j);
- if (!maybe.has_value) return false;
- if (maybe.value) {
- // Call GetElement on receiver, not its prototype, or getters won't
- // have the correct receiver.
- Handle<Object> element_value;
- ASSIGN_RETURN_ON_EXCEPTION_VALUE(
- isolate, element_value,
- Object::GetElement(isolate, receiver, j), false);
- visitor->visit(j, element_value);
- }
- }
- }
- break;
- }
- case DICTIONARY_ELEMENTS: {
- Handle<SeededNumberDictionary> dict(receiver->element_dictionary());
- List<uint32_t> indices(dict->Capacity() / 2);
- // Collect all indices in the object and the prototypes less
- // than length. This might introduce duplicates in the indices list.
- CollectElementIndices(receiver, length, &indices);
- indices.Sort(&compareUInt32);
- int j = 0;
- int n = indices.length();
- while (j < n) {
- HandleScope loop_scope(isolate);
- uint32_t index = indices[j];
- Handle<Object> element;
- ASSIGN_RETURN_ON_EXCEPTION_VALUE(
- isolate, element, Object::GetElement(isolate, receiver, index),
- false);
- visitor->visit(index, element);
- // Skip to next different index (i.e., omit duplicates).
- do {
- j++;
- } while (j < n && indices[j] == index);
- }
- break;
- }
- case EXTERNAL_UINT8_CLAMPED_ELEMENTS: {
- Handle<ExternalUint8ClampedArray> pixels(
- ExternalUint8ClampedArray::cast(receiver->elements()));
- for (uint32_t j = 0; j < length; j++) {
- Handle<Smi> e(Smi::FromInt(pixels->get_scalar(j)), isolate);
- visitor->visit(j, e);
- }
- break;
- }
- case EXTERNAL_INT8_ELEMENTS: {
- IterateExternalArrayElements<ExternalInt8Array, int8_t>(
- isolate, receiver, true, true, visitor);
- break;
- }
- case EXTERNAL_UINT8_ELEMENTS: {
- IterateExternalArrayElements<ExternalUint8Array, uint8_t>(
- isolate, receiver, true, true, visitor);
- break;
- }
- case EXTERNAL_INT16_ELEMENTS: {
- IterateExternalArrayElements<ExternalInt16Array, int16_t>(
- isolate, receiver, true, true, visitor);
- break;
- }
- case EXTERNAL_UINT16_ELEMENTS: {
- IterateExternalArrayElements<ExternalUint16Array, uint16_t>(
- isolate, receiver, true, true, visitor);
- break;
- }
- case EXTERNAL_INT32_ELEMENTS: {
- IterateExternalArrayElements<ExternalInt32Array, int32_t>(
- isolate, receiver, true, false, visitor);
- break;
- }
- case EXTERNAL_UINT32_ELEMENTS: {
- IterateExternalArrayElements<ExternalUint32Array, uint32_t>(
- isolate, receiver, true, false, visitor);
- break;
- }
- case EXTERNAL_FLOAT32_ELEMENTS: {
- IterateExternalArrayElements<ExternalFloat32Array, float>(
- isolate, receiver, false, false, visitor);
- break;
- }
- case EXTERNAL_FLOAT64_ELEMENTS: {
- IterateExternalArrayElements<ExternalFloat64Array, double>(
- isolate, receiver, false, false, visitor);
- break;
- }
- default:
- UNREACHABLE();
- break;
- }
- visitor->increase_index_offset(length);
- return true;
-}
-
-
-/**
- * Array::concat implementation.
- * See ECMAScript 262, 15.4.4.4.
- * TODO(581): Fix non-compliance for very large concatenations and update to
- * following the ECMAScript 5 specification.
- */
-RUNTIME_FUNCTION(Runtime_ArrayConcat) {
- HandleScope handle_scope(isolate);
- DCHECK(args.length() == 1);
-
- CONVERT_ARG_HANDLE_CHECKED(JSArray, arguments, 0);
- int argument_count = static_cast<int>(arguments->length()->Number());
- RUNTIME_ASSERT(arguments->HasFastObjectElements());
- Handle<FixedArray> elements(FixedArray::cast(arguments->elements()));
-
- // Pass 1: estimate the length and number of elements of the result.
- // The actual length can be larger if any of the arguments have getters
- // that mutate other arguments (but will otherwise be precise).
- // The number of elements is precise if there are no inherited elements.
-
- ElementsKind kind = FAST_SMI_ELEMENTS;
-
- uint32_t estimate_result_length = 0;
- uint32_t estimate_nof_elements = 0;
- for (int i = 0; i < argument_count; i++) {
- HandleScope loop_scope(isolate);
- Handle<Object> obj(elements->get(i), isolate);
- uint32_t length_estimate;
- uint32_t element_estimate;
- if (obj->IsJSArray()) {
- Handle<JSArray> array(Handle<JSArray>::cast(obj));
- length_estimate = static_cast<uint32_t>(array->length()->Number());
- if (length_estimate != 0) {
- ElementsKind array_kind =
- GetPackedElementsKind(array->map()->elements_kind());
- if (IsMoreGeneralElementsKindTransition(kind, array_kind)) {
- kind = array_kind;
- }
- }
- element_estimate = EstimateElementCount(array);
- } else {
- if (obj->IsHeapObject()) {
- if (obj->IsNumber()) {
- if (IsMoreGeneralElementsKindTransition(kind, FAST_DOUBLE_ELEMENTS)) {
- kind = FAST_DOUBLE_ELEMENTS;
- }
- } else if (IsMoreGeneralElementsKindTransition(kind, FAST_ELEMENTS)) {
- kind = FAST_ELEMENTS;
- }
- }
- length_estimate = 1;
- element_estimate = 1;
- }
- // Avoid overflows by capping at kMaxElementCount.
- if (JSObject::kMaxElementCount - estimate_result_length < length_estimate) {
- estimate_result_length = JSObject::kMaxElementCount;
- } else {
- estimate_result_length += length_estimate;
- }
- if (JSObject::kMaxElementCount - estimate_nof_elements < element_estimate) {
- estimate_nof_elements = JSObject::kMaxElementCount;
- } else {
- estimate_nof_elements += element_estimate;
- }
- }
-
- // If estimated number of elements is more than half of length, a
- // fixed array (fast case) is more time and space-efficient than a
- // dictionary.
- bool fast_case = (estimate_nof_elements * 2) >= estimate_result_length;
-
- if (fast_case && kind == FAST_DOUBLE_ELEMENTS) {
- Handle<FixedArrayBase> storage =
- isolate->factory()->NewFixedDoubleArray(estimate_result_length);
- int j = 0;
- bool failure = false;
- if (estimate_result_length > 0) {
- Handle<FixedDoubleArray> double_storage =
- Handle<FixedDoubleArray>::cast(storage);
- for (int i = 0; i < argument_count; i++) {
- Handle<Object> obj(elements->get(i), isolate);
- if (obj->IsSmi()) {
- double_storage->set(j, Smi::cast(*obj)->value());
- j++;
- } else if (obj->IsNumber()) {
- double_storage->set(j, obj->Number());
- j++;
- } else {
- JSArray* array = JSArray::cast(*obj);
- uint32_t length = static_cast<uint32_t>(array->length()->Number());
- switch (array->map()->elements_kind()) {
- case FAST_HOLEY_DOUBLE_ELEMENTS:
- case FAST_DOUBLE_ELEMENTS: {
- // Empty array is FixedArray but not FixedDoubleArray.
- if (length == 0) break;
- FixedDoubleArray* elements =
- FixedDoubleArray::cast(array->elements());
- for (uint32_t i = 0; i < length; i++) {
- if (elements->is_the_hole(i)) {
- // TODO(jkummerow/verwaest): We could be a bit more clever
- // here: Check if there are no elements/getters on the
- // prototype chain, and if so, allow creation of a holey
- // result array.
- // Same thing below (holey smi case).
- failure = true;
- break;
- }
- double double_value = elements->get_scalar(i);
- double_storage->set(j, double_value);
- j++;
- }
- break;
- }
- case FAST_HOLEY_SMI_ELEMENTS:
- case FAST_SMI_ELEMENTS: {
- FixedArray* elements(FixedArray::cast(array->elements()));
- for (uint32_t i = 0; i < length; i++) {
- Object* element = elements->get(i);
- if (element->IsTheHole()) {
- failure = true;
- break;
- }
- int32_t int_value = Smi::cast(element)->value();
- double_storage->set(j, int_value);
- j++;
- }
- break;
- }
- case FAST_HOLEY_ELEMENTS:
- case FAST_ELEMENTS:
- DCHECK_EQ(0, length);
- break;
- default:
- UNREACHABLE();
- }
- }
- if (failure) break;
- }
- }
- if (!failure) {
- Handle<JSArray> array = isolate->factory()->NewJSArray(0);
- Smi* length = Smi::FromInt(j);
- Handle<Map> map;
- map = JSObject::GetElementsTransitionMap(array, kind);
- array->set_map(*map);
- array->set_length(length);
- array->set_elements(*storage);
- return *array;
- }
- // In case of failure, fall through.
- }
-
- Handle<FixedArray> storage;
- if (fast_case) {
- // The backing storage array must have non-existing elements to preserve
- // holes across concat operations.
- storage =
- isolate->factory()->NewFixedArrayWithHoles(estimate_result_length);
- } else {
- // TODO(126): move 25% pre-allocation logic into Dictionary::Allocate
- uint32_t at_least_space_for =
- estimate_nof_elements + (estimate_nof_elements >> 2);
- storage = Handle<FixedArray>::cast(
- SeededNumberDictionary::New(isolate, at_least_space_for));
- }
-
- ArrayConcatVisitor visitor(isolate, storage, fast_case);
-
- for (int i = 0; i < argument_count; i++) {
- Handle<Object> obj(elements->get(i), isolate);
- if (obj->IsJSArray()) {
- Handle<JSArray> array = Handle<JSArray>::cast(obj);
- if (!IterateElements(isolate, array, &visitor)) {
- return isolate->heap()->exception();
- }
- } else {
- visitor.visit(0, obj);
- visitor.increase_index_offset(1);
- }
- }
-
- if (visitor.exceeds_array_limit()) {
- THROW_NEW_ERROR_RETURN_FAILURE(
- isolate,
- NewRangeError("invalid_array_length", HandleVector<Object>(NULL, 0)));
- }
- return *visitor.ToArray();
-}
-
-
-// Moves all own elements of an object, that are below a limit, to positions
-// starting at zero. All undefined values are placed after non-undefined values,
-// and are followed by non-existing element. Does not change the length
-// property.
-// Returns the number of non-undefined elements collected.
-// Returns -1 if hole removal is not supported by this method.
-RUNTIME_FUNCTION(Runtime_RemoveArrayHoles) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
- CONVERT_NUMBER_CHECKED(uint32_t, limit, Uint32, args[1]);
- return *JSObject::PrepareElementsForSort(object, limit);
-}
-
-
-// Move contents of argument 0 (an array) to argument 1 (an array)
-RUNTIME_FUNCTION(Runtime_MoveArrayContents) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(JSArray, from, 0);
- CONVERT_ARG_HANDLE_CHECKED(JSArray, to, 1);
- JSObject::ValidateElements(from);
- JSObject::ValidateElements(to);
-
- Handle<FixedArrayBase> new_elements(from->elements());
- ElementsKind from_kind = from->GetElementsKind();
- Handle<Map> new_map = JSObject::GetElementsTransitionMap(to, from_kind);
- JSObject::SetMapAndElements(to, new_map, new_elements);
- to->set_length(from->length());
-
- JSObject::ResetElements(from);
- from->set_length(Smi::FromInt(0));
-
- JSObject::ValidateElements(to);
- return *to;
-}
-
-
-// How many elements does this object/array have?
-RUNTIME_FUNCTION(Runtime_EstimateNumberOfElements) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(JSArray, array, 0);
- Handle<FixedArrayBase> elements(array->elements(), isolate);
- SealHandleScope shs(isolate);
- if (elements->IsDictionary()) {
- int result =
- Handle<SeededNumberDictionary>::cast(elements)->NumberOfElements();
- return Smi::FromInt(result);
- } else {
- DCHECK(array->length()->IsSmi());
- // For packed elements, we know the exact number of elements
- int length = elements->length();
- ElementsKind kind = array->GetElementsKind();
- if (IsFastPackedElementsKind(kind)) {
- return Smi::FromInt(length);
- }
- // For holey elements, take samples from the buffer checking for holes
- // to generate the estimate.
- const int kNumberOfHoleCheckSamples = 97;
- int increment = (length < kNumberOfHoleCheckSamples)
- ? 1
- : static_cast<int>(length / kNumberOfHoleCheckSamples);
- ElementsAccessor* accessor = array->GetElementsAccessor();
- int holes = 0;
- for (int i = 0; i < length; i += increment) {
- if (!accessor->HasElement(array, array, i, elements)) {
- ++holes;
- }
- }
- int estimate = static_cast<int>((kNumberOfHoleCheckSamples - holes) /
- kNumberOfHoleCheckSamples * length);
- return Smi::FromInt(estimate);
- }
-}
-
-
-// Returns an array that tells you where in the [0, length) interval an array
-// might have elements. Can either return an array of keys (positive integers
-// or undefined) or a number representing the positive length of an interval
-// starting at index 0.
-// Intervals can span over some keys that are not in the object.
-RUNTIME_FUNCTION(Runtime_GetArrayKeys) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, array, 0);
- CONVERT_NUMBER_CHECKED(uint32_t, length, Uint32, args[1]);
- if (array->elements()->IsDictionary()) {
- Handle<FixedArray> keys = isolate->factory()->empty_fixed_array();
- for (PrototypeIterator iter(isolate, array,
- PrototypeIterator::START_AT_RECEIVER);
- !iter.IsAtEnd(); iter.Advance()) {
- if (PrototypeIterator::GetCurrent(iter)->IsJSProxy() ||
- JSObject::cast(*PrototypeIterator::GetCurrent(iter))
- ->HasIndexedInterceptor()) {
- // Bail out if we find a proxy or interceptor, likely not worth
- // collecting keys in that case.
- return *isolate->factory()->NewNumberFromUint(length);
- }
- Handle<JSObject> current =
- Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter));
- Handle<FixedArray> current_keys =
- isolate->factory()->NewFixedArray(current->NumberOfOwnElements(NONE));
- current->GetOwnElementKeys(*current_keys, NONE);
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, keys, FixedArray::UnionOfKeys(keys, current_keys));
- }
- // Erase any keys >= length.
- // TODO(adamk): Remove this step when the contract of %GetArrayKeys
- // is changed to let this happen on the JS side.
- for (int i = 0; i < keys->length(); i++) {
- if (NumberToUint32(keys->get(i)) >= length) keys->set_undefined(i);
- }
- return *isolate->factory()->NewJSArrayWithElements(keys);
- } else {
- RUNTIME_ASSERT(array->HasFastSmiOrObjectElements() ||
- array->HasFastDoubleElements());
- uint32_t actual_length = static_cast<uint32_t>(array->elements()->length());
- return *isolate->factory()->NewNumberFromUint(Min(actual_length, length));
- }
-}
-
-
-RUNTIME_FUNCTION(Runtime_LookupAccessor) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 3);
- CONVERT_ARG_HANDLE_CHECKED(JSReceiver, receiver, 0);
- CONVERT_ARG_HANDLE_CHECKED(Name, name, 1);
- CONVERT_SMI_ARG_CHECKED(flag, 2);
- AccessorComponent component = flag == 0 ? ACCESSOR_GETTER : ACCESSOR_SETTER;
- if (!receiver->IsJSObject()) return isolate->heap()->undefined_value();
- Handle<Object> result;
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, result,
- JSObject::GetAccessor(Handle<JSObject>::cast(receiver), name, component));
- return *result;
-}
-
-
-// Collect the raw data for a stack trace. Returns an array of 4
-// element segments each containing a receiver, function, code and
-// native code offset.
-RUNTIME_FUNCTION(Runtime_CollectStackTrace) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, error_object, 0);
- CONVERT_ARG_HANDLE_CHECKED(Object, caller, 1);
-
- if (!isolate->bootstrapper()->IsActive()) {
- // Optionally capture a more detailed stack trace for the message.
- isolate->CaptureAndSetDetailedStackTrace(error_object);
- // Capture a simple stack trace for the stack property.
- isolate->CaptureAndSetSimpleStackTrace(error_object, caller);
- }
- return isolate->heap()->undefined_value();
-}
-
-
-RUNTIME_FUNCTION(Runtime_LoadMutableDouble) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
- CONVERT_ARG_HANDLE_CHECKED(Smi, index, 1);
- RUNTIME_ASSERT((index->value() & 1) == 1);
- FieldIndex field_index =
- FieldIndex::ForLoadByFieldIndex(object->map(), index->value());
- if (field_index.is_inobject()) {
- RUNTIME_ASSERT(field_index.property_index() <
- object->map()->inobject_properties());
- } else {
- RUNTIME_ASSERT(field_index.outobject_array_index() <
- object->properties()->length());
- }
- Handle<Object> raw_value(object->RawFastPropertyAt(field_index), isolate);
- RUNTIME_ASSERT(raw_value->IsMutableHeapNumber());
- return *Object::WrapForRead(isolate, raw_value, Representation::Double());
-}
-
-
-RUNTIME_FUNCTION(Runtime_TryMigrateInstance) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(Object, object, 0);
- if (!object->IsJSObject()) return Smi::FromInt(0);
- Handle<JSObject> js_object = Handle<JSObject>::cast(object);
- if (!js_object->map()->is_deprecated()) return Smi::FromInt(0);
- // This call must not cause lazy deopts, because it's called from deferred
- // code where we can't handle lazy deopts for lack of a suitable bailout
- // ID. So we just try migration and signal failure if necessary,
- // which will also trigger a deopt.
- if (!JSObject::TryMigrateInstance(js_object)) return Smi::FromInt(0);
- return *object;
-}
-
-
-RUNTIME_FUNCTION(Runtime_GetFromCache) {
- SealHandleScope shs(isolate);
- // This is only called from codegen, so checks might be more lax.
- CONVERT_ARG_CHECKED(JSFunctionResultCache, cache, 0);
- CONVERT_ARG_CHECKED(Object, key, 1);
-
- {
- DisallowHeapAllocation no_alloc;
-
- int finger_index = cache->finger_index();
- Object* o = cache->get(finger_index);
- if (o == key) {
- // The fastest case: hit the same place again.
- return cache->get(finger_index + 1);
- }
-
- for (int i = finger_index - 2; i >= JSFunctionResultCache::kEntriesIndex;
- i -= 2) {
- o = cache->get(i);
- if (o == key) {
- cache->set_finger_index(i);
- return cache->get(i + 1);
- }
- }
-
- int size = cache->size();
- DCHECK(size <= cache->length());
-
- for (int i = size - 2; i > finger_index; i -= 2) {
- o = cache->get(i);
- if (o == key) {
- cache->set_finger_index(i);
- return cache->get(i + 1);
- }
- }
- }
-
- // There is no value in the cache. Invoke the function and cache result.
- HandleScope scope(isolate);
-
- Handle<JSFunctionResultCache> cache_handle(cache);
- Handle<Object> key_handle(key, isolate);
- Handle<Object> value;
- {
- Handle<JSFunction> factory(JSFunction::cast(
- cache_handle->get(JSFunctionResultCache::kFactoryIndex)));
- // TODO(antonm): consider passing a receiver when constructing a cache.
- Handle<JSObject> receiver(isolate->global_proxy());
- // This handle is nor shared, nor used later, so it's safe.
- Handle<Object> argv[] = {key_handle};
- ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
- isolate, value,
- Execution::Call(isolate, factory, receiver, arraysize(argv), argv));
- }
-
-#ifdef VERIFY_HEAP
- if (FLAG_verify_heap) {
- cache_handle->JSFunctionResultCacheVerify();
- }
-#endif
-
- // Function invocation may have cleared the cache. Reread all the data.
- int finger_index = cache_handle->finger_index();
- int size = cache_handle->size();
-
- // If we have spare room, put new data into it, otherwise evict post finger
- // entry which is likely to be the least recently used.
- int index = -1;
- if (size < cache_handle->length()) {
- cache_handle->set_size(size + JSFunctionResultCache::kEntrySize);
- index = size;
- } else {
- index = finger_index + JSFunctionResultCache::kEntrySize;
- if (index == cache_handle->length()) {
- index = JSFunctionResultCache::kEntriesIndex;
- }
- }
-
- DCHECK(index % 2 == 0);
- DCHECK(index >= JSFunctionResultCache::kEntriesIndex);
- DCHECK(index < cache_handle->length());
-
- cache_handle->set(index, *key_handle);
- cache_handle->set(index + 1, *value);
- cache_handle->set_finger_index(index);
-
-#ifdef VERIFY_HEAP
- if (FLAG_verify_heap) {
- cache_handle->JSFunctionResultCacheVerify();
- }
-#endif
-
- return *value;
-}
-
-
-RUNTIME_FUNCTION(Runtime_MessageGetStartPosition) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_CHECKED(JSMessageObject, message, 0);
- return Smi::FromInt(message->start_position());
-}
-
-
-RUNTIME_FUNCTION(Runtime_MessageGetScript) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_CHECKED(JSMessageObject, message, 0);
- return message->script();
-}
-
-
-RUNTIME_FUNCTION(Runtime_IS_VAR) {
- UNREACHABLE(); // implemented as macro in the parser
- return NULL;
-}
-
-
-RUNTIME_FUNCTION(Runtime_IsJSGlobalProxy) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_CHECKED(Object, obj, 0);
- return isolate->heap()->ToBoolean(obj->IsJSGlobalProxy());
-}
-
-
-static Object* ArrayConstructorCommon(Isolate* isolate,
- Handle<JSFunction> constructor,
- Handle<AllocationSite> site,
- Arguments* caller_args) {
- Factory* factory = isolate->factory();
-
- bool holey = false;
- bool can_use_type_feedback = true;
- if (caller_args->length() == 1) {
- Handle<Object> argument_one = caller_args->at<Object>(0);
- if (argument_one->IsSmi()) {
- int value = Handle<Smi>::cast(argument_one)->value();
- if (value < 0 || value >= JSObject::kInitialMaxFastElementArray) {
- // the array is a dictionary in this case.
- can_use_type_feedback = false;
- } else if (value != 0) {
- holey = true;
- }
- } else {
- // Non-smi length argument produces a dictionary
- can_use_type_feedback = false;
- }
- }
-
- Handle<JSArray> array;
- if (!site.is_null() && can_use_type_feedback) {
- ElementsKind to_kind = site->GetElementsKind();
- if (holey && !IsFastHoleyElementsKind(to_kind)) {
- to_kind = GetHoleyElementsKind(to_kind);
- // Update the allocation site info to reflect the advice alteration.
- site->SetElementsKind(to_kind);
- }
-
- // We should allocate with an initial map that reflects the allocation site
- // advice. Therefore we use AllocateJSObjectFromMap instead of passing
- // the constructor.
- Handle<Map> initial_map(constructor->initial_map(), isolate);
- if (to_kind != initial_map->elements_kind()) {
- initial_map = Map::AsElementsKind(initial_map, to_kind);
- }
-
- // If we don't care to track arrays of to_kind ElementsKind, then
- // don't emit a memento for them.
- Handle<AllocationSite> allocation_site;
- if (AllocationSite::GetMode(to_kind) == TRACK_ALLOCATION_SITE) {
- allocation_site = site;
- }
-
- array = Handle<JSArray>::cast(factory->NewJSObjectFromMap(
- initial_map, NOT_TENURED, true, allocation_site));
- } else {
- array = Handle<JSArray>::cast(factory->NewJSObject(constructor));
-
- // We might need to transition to holey
- ElementsKind kind = constructor->initial_map()->elements_kind();
- if (holey && !IsFastHoleyElementsKind(kind)) {
- kind = GetHoleyElementsKind(kind);
- JSObject::TransitionElementsKind(array, kind);
- }
- }
-
- factory->NewJSArrayStorage(array, 0, 0, DONT_INITIALIZE_ARRAY_ELEMENTS);
-
- ElementsKind old_kind = array->GetElementsKind();
- RETURN_FAILURE_ON_EXCEPTION(
- isolate, ArrayConstructInitializeElements(array, caller_args));
- if (!site.is_null() &&
- (old_kind != array->GetElementsKind() || !can_use_type_feedback)) {
- // The arguments passed in caused a transition. This kind of complexity
- // can't be dealt with in the inlined hydrogen array constructor case.
- // We must mark the allocationsite as un-inlinable.
- site->SetDoNotInlineCall();
- }
- return *array;
-}
-
-
-RUNTIME_FUNCTION(Runtime_ArrayConstructor) {
- HandleScope scope(isolate);
- // If we get 2 arguments then they are the stub parameters (constructor, type
- // info). If we get 4, then the first one is a pointer to the arguments
- // passed by the caller, and the last one is the length of the arguments
- // passed to the caller (redundant, but useful to check on the deoptimizer
- // with an assert).
- Arguments empty_args(0, NULL);
- bool no_caller_args = args.length() == 2;
- DCHECK(no_caller_args || args.length() == 4);
- int parameters_start = no_caller_args ? 0 : 1;
- Arguments* caller_args =
- no_caller_args ? &empty_args : reinterpret_cast<Arguments*>(args[0]);
- CONVERT_ARG_HANDLE_CHECKED(JSFunction, constructor, parameters_start);
- CONVERT_ARG_HANDLE_CHECKED(Object, type_info, parameters_start + 1);
-#ifdef DEBUG
- if (!no_caller_args) {
- CONVERT_SMI_ARG_CHECKED(arg_count, parameters_start + 2);
- DCHECK(arg_count == caller_args->length());
- }
-#endif
-
- Handle<AllocationSite> site;
- if (!type_info.is_null() &&
- *type_info != isolate->heap()->undefined_value()) {
- site = Handle<AllocationSite>::cast(type_info);
- DCHECK(!site->SitePointsToLiteral());
- }
-
- return ArrayConstructorCommon(isolate, constructor, site, caller_args);
-}
-
-
-RUNTIME_FUNCTION(Runtime_InternalArrayConstructor) {
- HandleScope scope(isolate);
- Arguments empty_args(0, NULL);
- bool no_caller_args = args.length() == 1;
- DCHECK(no_caller_args || args.length() == 3);
- int parameters_start = no_caller_args ? 0 : 1;
- Arguments* caller_args =
- no_caller_args ? &empty_args : reinterpret_cast<Arguments*>(args[0]);
- CONVERT_ARG_HANDLE_CHECKED(JSFunction, constructor, parameters_start);
-#ifdef DEBUG
- if (!no_caller_args) {
- CONVERT_SMI_ARG_CHECKED(arg_count, parameters_start + 1);
- DCHECK(arg_count == caller_args->length());
- }
-#endif
- return ArrayConstructorCommon(isolate, constructor,
- Handle<AllocationSite>::null(), caller_args);
-}
-
-
-RUNTIME_FUNCTION(Runtime_NormalizeElements) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_HANDLE_CHECKED(JSObject, array, 0);
- RUNTIME_ASSERT(!array->HasExternalArrayElements() &&
- !array->HasFixedTypedArrayElements());
- JSObject::NormalizeElements(array);
- return *array;
-}
-
-
-RUNTIME_FUNCTION(Runtime_MaxSmi) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 0);
- return Smi::FromInt(Smi::kMaxValue);
-}
-
-
-// TODO(dcarney): remove this function when TurboFan supports it.
-// Takes the object to be iterated over and the result of GetPropertyNamesFast
-// Returns pair (cache_array, cache_type).
-RUNTIME_FUNCTION_RETURN_PAIR(Runtime_ForInInit) {
- SealHandleScope scope(isolate);
- DCHECK(args.length() == 2);
- // This simulates CONVERT_ARG_HANDLE_CHECKED for calls returning pairs.
- // Not worth creating a macro atm as this function should be removed.
- if (!args[0]->IsJSReceiver() || !args[1]->IsObject()) {
- Object* error = isolate->ThrowIllegalOperation();
- return MakePair(error, isolate->heap()->undefined_value());
- }
- Handle<JSReceiver> object = args.at<JSReceiver>(0);
- Handle<Object> cache_type = args.at<Object>(1);
- if (cache_type->IsMap()) {
- // Enum cache case.
- if (Map::EnumLengthBits::decode(Map::cast(*cache_type)->bit_field3()) ==
- 0) {
- // 0 length enum.
- // Can't handle this case in the graph builder,
- // so transform it into the empty fixed array case.
- return MakePair(isolate->heap()->empty_fixed_array(), Smi::FromInt(1));
- }
- return MakePair(object->map()->instance_descriptors()->GetEnumCache(),
- *cache_type);
- } else {
- // FixedArray case.
- Smi* new_cache_type = Smi::FromInt(object->IsJSProxy() ? 0 : 1);
- return MakePair(*Handle<FixedArray>::cast(cache_type), new_cache_type);
- }
-}
-
-
-// TODO(dcarney): remove this function when TurboFan supports it.
-RUNTIME_FUNCTION(Runtime_ForInCacheArrayLength) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_HANDLE_CHECKED(Object, cache_type, 0);
- CONVERT_ARG_HANDLE_CHECKED(FixedArray, array, 1);
- int length = 0;
- if (cache_type->IsMap()) {
- length = Map::cast(*cache_type)->EnumLength();
- } else {
- DCHECK(cache_type->IsSmi());
- length = array->length();
- }
- return Smi::FromInt(length);
-}
-
-
-// TODO(dcarney): remove this function when TurboFan supports it.
-// Takes (the object to be iterated over,
-// cache_array from ForInInit,
-// cache_type from ForInInit,
-// the current index)
-// Returns pair (array[index], needs_filtering).
-RUNTIME_FUNCTION_RETURN_PAIR(Runtime_ForInNext) {
- SealHandleScope scope(isolate);
- DCHECK(args.length() == 4);
- int32_t index;
- // This simulates CONVERT_ARG_HANDLE_CHECKED for calls returning pairs.
- // Not worth creating a macro atm as this function should be removed.
- if (!args[0]->IsJSReceiver() || !args[1]->IsFixedArray() ||
- !args[2]->IsObject() || !args[3]->ToInt32(&index)) {
- Object* error = isolate->ThrowIllegalOperation();
- return MakePair(error, isolate->heap()->undefined_value());
- }
- Handle<JSReceiver> object = args.at<JSReceiver>(0);
- Handle<FixedArray> array = args.at<FixedArray>(1);
- Handle<Object> cache_type = args.at<Object>(2);
- // Figure out first if a slow check is needed for this object.
- bool slow_check_needed = false;
- if (cache_type->IsMap()) {
- if (object->map() != Map::cast(*cache_type)) {
- // Object transitioned. Need slow check.
- slow_check_needed = true;
- }
- } else {
- // No slow check needed for proxies.
- slow_check_needed = Smi::cast(*cache_type)->value() == 1;
- }
- return MakePair(array->get(index),
- isolate->heap()->ToBoolean(slow_check_needed));
-}
-
-
-// ----------------------------------------------------------------------------
-// Reference implementation for inlined runtime functions. Only used when the
-// compiler does not support a certain intrinsic. Don't optimize these, but
-// implement the intrinsic in the respective compiler instead.
-
-// TODO(mstarzinger): These are place-holder stubs for TurboFan and will
-// eventually all have a C++ implementation and this macro will be gone.
-#define U(name) \
- RUNTIME_FUNCTION(RuntimeReference_##name) { \
- UNIMPLEMENTED(); \
- return NULL; \
- }
-
-U(IsStringWrapperSafeForDefaultValueOf)
-U(DebugBreakInOptimizedCode)
-
-#undef U
-
-
-RUNTIME_FUNCTION(RuntimeReference_IsArray) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_CHECKED(Object, obj, 0);
- return isolate->heap()->ToBoolean(obj->IsJSArray());
-}
-
-
-
-RUNTIME_FUNCTION(RuntimeReference_ValueOf) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_CHECKED(Object, obj, 0);
- if (!obj->IsJSValue()) return obj;
- return JSValue::cast(obj)->value();
-}
-
-
-RUNTIME_FUNCTION(RuntimeReference_SetValueOf) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_CHECKED(Object, obj, 0);
- CONVERT_ARG_CHECKED(Object, value, 1);
- if (!obj->IsJSValue()) return value;
- JSValue::cast(obj)->set_value(value);
- return value;
-}
-
-
-RUNTIME_FUNCTION(RuntimeReference_ObjectEquals) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 2);
- CONVERT_ARG_CHECKED(Object, obj1, 0);
- CONVERT_ARG_CHECKED(Object, obj2, 1);
- return isolate->heap()->ToBoolean(obj1 == obj2);
-}
-
-
-RUNTIME_FUNCTION(RuntimeReference_IsObject) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_CHECKED(Object, obj, 0);
- if (!obj->IsHeapObject()) return isolate->heap()->false_value();
- if (obj->IsNull()) return isolate->heap()->true_value();
- if (obj->IsUndetectableObject()) return isolate->heap()->false_value();
- Map* map = HeapObject::cast(obj)->map();
- bool is_non_callable_spec_object =
- map->instance_type() >= FIRST_NONCALLABLE_SPEC_OBJECT_TYPE &&
- map->instance_type() <= LAST_NONCALLABLE_SPEC_OBJECT_TYPE;
- return isolate->heap()->ToBoolean(is_non_callable_spec_object);
-}
-
-
-RUNTIME_FUNCTION(RuntimeReference_IsUndetectableObject) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_CHECKED(Object, obj, 0);
- return isolate->heap()->ToBoolean(obj->IsUndetectableObject());
-}
-
-
-RUNTIME_FUNCTION(RuntimeReference_IsSpecObject) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_CHECKED(Object, obj, 0);
- return isolate->heap()->ToBoolean(obj->IsSpecObject());
-}
-
-
-RUNTIME_FUNCTION(RuntimeReference_HasCachedArrayIndex) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- return isolate->heap()->false_value();
-}
-
-
-RUNTIME_FUNCTION(RuntimeReference_GetCachedArrayIndex) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- return isolate->heap()->undefined_value();
-}
-
-
-RUNTIME_FUNCTION(RuntimeReference_FastOneByteArrayJoin) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 2);
- return isolate->heap()->undefined_value();
-}
-
-
-RUNTIME_FUNCTION(RuntimeReference_ClassOf) {
- SealHandleScope shs(isolate);
- DCHECK(args.length() == 1);
- CONVERT_ARG_CHECKED(Object, obj, 0);
- if (!obj->IsJSReceiver()) return isolate->heap()->null_value();
- return JSReceiver::cast(obj)->class_name();
-}
-
-
-RUNTIME_FUNCTION(RuntimeReference_GetFromCache) {
- HandleScope scope(isolate);
- DCHECK(args.length() == 2);
- CONVERT_SMI_ARG_CHECKED(id, 0);
- args[0] = isolate->native_context()->jsfunction_result_caches()->get(id);
- return __RT_impl_Runtime_GetFromCache(args, isolate);
-}
-
-
-// ----------------------------------------------------------------------------
-// Implementation of Runtime
-
#define F(name, number_of_args, result_size) \
{ \
Runtime::k##name, Runtime::RUNTIME, #name, FUNCTION_ADDR(Runtime_##name), \
« no previous file with comments | « src/macros.py ('k') | src/runtime/runtime-api.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698