[es6] implement spread calls

src/runtime/runtime-function.cc

 // Copyright 2014 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #include "src/accessors.h"
 #include "src/arguments.h"
 #include "src/compiler.h"
 #include "src/cpu-profiler.h"
@@ skipping 556 matching lines @@
   Handle<JSReceiver> hfun(fun);
   Handle<Object> hreceiver(receiver, isolate);
   Handle<Object> result;
   ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
       isolate, result,
       Execution::Call(isolate, hfun, hreceiver, argc, argv, true));
   return *result;
 }
 
 
-RUNTIME_FUNCTION(Runtime_Apply) {
+static Object* ApplyHelper(Isolate* isolate, Handle<JSReceiver> fun,
+                           Handle<Object> receiver, Handle<JSObject> arguments,
+                           int32_t offset, int32_t argc, bool is_construct) {
   HandleScope scope(isolate);
-  DCHECK(args.length() == 5);
-  CONVERT_ARG_HANDLE_CHECKED(JSReceiver, fun, 0);
-  CONVERT_ARG_HANDLE_CHECKED(Object, receiver, 1);
-  CONVERT_ARG_HANDLE_CHECKED(JSObject, arguments, 2);
-  CONVERT_INT32_ARG_CHECKED(offset, 3);
-  CONVERT_INT32_ARG_CHECKED(argc, 4);
+
   RUNTIME_ASSERT(offset >= 0);
   // Loose upper bound to allow fuzzing. We'll most likely run out of
   // stack space before hitting this limit.
   static int kMaxArgc = 1000000;
   RUNTIME_ASSERT(argc >= 0 && argc <= kMaxArgc);
 
   // If there are too many arguments, allocate argv via malloc.
   const int argv_small_size = 10;
   Handle<Object> argv_small_buffer[argv_small_size];
   SmartArrayPointer<Handle<Object> > argv_large_buffer;
   Handle<Object>* argv = argv_small_buffer;
   if (argc > argv_small_size) {
     argv = new Handle<Object>[argc];
     if (argv == NULL) return isolate->StackOverflow();
     argv_large_buffer = SmartArrayPointer<Handle<Object> >(argv);
   }
 
   for (int i = 0; i < argc; ++i) {
     ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
         isolate, argv[i], Object::GetElement(isolate, arguments, offset + i));
   }
 
   Handle<Object> result;
-  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
-      isolate, result,
-      Execution::Call(isolate, fun, receiver, argc, argv, true));
+  if (is_construct) {
+    ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
+        isolate, result, Execution::New(
+            Handle<JSFunction>::cast(fun), argc, argv));
+  } else {
+    ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
+        isolate, result,
+        Execution::Call(isolate, fun, receiver, argc, argv, true));
+  }
   return *result;
 }
 
 
+RUNTIME_FUNCTION(Runtime_Apply) {
+  HandleScope scope(isolate);
+  DCHECK(args.length() == 5);
+  CONVERT_ARG_HANDLE_CHECKED(JSReceiver, fun, 0);
+  CONVERT_ARG_HANDLE_CHECKED(Object, receiver, 1);
+  CONVERT_ARG_HANDLE_CHECKED(JSObject, arguments, 2);
+  CONVERT_INT32_ARG_CHECKED(offset, 3);
+  CONVERT_INT32_ARG_CHECKED(argc, 4);
+
+  return ApplyHelper(isolate, fun, receiver, arguments, offset, argc, false);
+}
+
+
+static bool GetObjectLength(Isolate* isolate, Handle<JSObject> obj,
+                            int32_t* length) {
+  HandleScope scope(isolate);
+  if (obj->IsJSArray()) {
+    return Handle<JSArray>::cast(obj)->length()->ToInt32(length);
+  } else {
+    Handle<Object> val;
+    Handle<Object> key(isolate->heap()->length_string(), isolate);
+    ASSIGN_RETURN_ON_EXCEPTION_VALUE(isolate, val,
+        Runtime::GetObjectProperty(isolate, obj, key), false);
+    // TODO(caitp): Support larger element indexes (up to 2^53-1).

[rossberg, 2015/02/25 14:28:19]

Ah, no. We likely won't, ever, at least not for calls -- you will never have a
stack that large anyway.

[caitp (gmail), 2015/02/25 14:49:08]

sorry, that's copy/pasted from similar code I wrote in ArrayConcat, where the
"length" property is spec'd to support up to 2^53-1. I agree the comment doesn't
really apply here.

+    if (!val->ToInt32(length)) {
+      ASSIGN_RETURN_ON_EXCEPTION_VALUE(isolate, val,

[rossberg, 2015/02/25 14:28:19]

I think it's more adequate to raise an exception here. RangeError or OOM.

[caitp (gmail), 2015/02/25 14:49:08]

The only reason ToLength() would throw is if the value is an object with a
custom toString() or valueOf() which throws, iirc. So, it wouldn't really be
representative of OOM or RangeError

There isn't really a good reason to use ToLength() here anyways, though. The
arguments object should always be a JSArray, so I guess I'll just remove the
else-case here.

+          Execution::ToLength(isolate, val), false);
+      return val->ToInt32(length);
+    }
+  }
+  return true;
+}
+
+
+RUNTIME_FUNCTION(Runtime_ApplyCall) {
+  HandleScope scope(isolate);
+  DCHECK(args.length() == 3);
+  CONVERT_ARG_HANDLE_CHECKED(Object, fun, 0);
+  CONVERT_ARG_HANDLE_CHECKED(Object, receiver, 1);
+  CONVERT_ARG_HANDLE_CHECKED(JSObject, arguments, 2);
+
+  if (!fun->IsJSFunction()) {

[rossberg, 2015/02/25 14:28:19]

Why is this needed? Isn't that already taken care of by Execution::Call?

+    ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
+        isolate, fun, Execution::TryGetFunctionDelegate(isolate, fun));
+  }
+
+  int32_t length = 0;
+  if (!GetObjectLength(isolate, arguments, &length)) {
+    if (isolate->has_pending_exception()) {
+      return isolate->heap()->exception();
+    }
+  }
+
+  return ApplyHelper(isolate, Handle<JSReceiver>::cast(fun), receiver,
+                     arguments, 0, length, false);
+}
+
+
+RUNTIME_FUNCTION(Runtime_ApplyConstruct) {
+  HandleScope scope(isolate);
+  DCHECK(args.length() == 2);
+  CONVERT_ARG_HANDLE_CHECKED(Object, fun, 0);
+  CONVERT_ARG_HANDLE_CHECKED(JSObject, arguments, 1);
+
+  if (!fun->IsJSFunction()) {

[rossberg, 2015/02/25 14:28:19]

In a similar vein, this logic belongs into Execution::New.

[caitp (gmail), 2015/02/25 14:49:08]

The problem with letting Execution::New() and Execution::Call() do it, is you
end up with an illegal instruction if they don't find something callable.

+    ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
+        isolate, fun, Execution::TryGetConstructorDelegate(isolate, fun));
+  }
+
+  int32_t length = 0;
+  if (!GetObjectLength(isolate, arguments, &length)) {
+    if (isolate->has_pending_exception()) {
+      return isolate->heap()->exception();
+    }
+  }
+
+  return ApplyHelper(isolate, Handle<JSReceiver>::cast(fun), fun, arguments, 0,
+                     length, true);
+}
+
+
 RUNTIME_FUNCTION(Runtime_GetFunctionDelegate) {
   HandleScope scope(isolate);
   DCHECK(args.length() == 1);
   CONVERT_ARG_HANDLE_CHECKED(Object, object, 0);
   RUNTIME_ASSERT(!object->IsJSFunction());
   return *Execution::GetFunctionDelegate(isolate, object);
 }
 
 
 RUNTIME_FUNCTION(Runtime_GetConstructorDelegate) {
@@ skipping 21 matching lines @@
 
 
 RUNTIME_FUNCTION(RuntimeReference_IsFunction) {
   SealHandleScope shs(isolate);
   DCHECK(args.length() == 1);
   CONVERT_ARG_CHECKED(Object, obj, 0);
   return isolate->heap()->ToBoolean(obj->IsJSFunction());
 }
 }
 }  // namespace v8::internal