1 // Copyright 2014 the V8 project authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef V8_HEAP_FACTORY_H_ 6 #define V8_HEAP_FACTORY_H_ 7 8 // Clients of this interface shouldn't depend on lots of heap internals. 9 // Do not include anything from src/heap here! 10 #include "src/base/strings.h" 11 #include "src/base/vector.h" 12 #include "src/baseline/baseline.h" 13 #include "src/builtins/builtins.h" 14 #include "src/common/globals.h" 15 #include "src/execution/messages.h" 16 #include "src/handles/handles.h" 17 #include "src/handles/maybe-handles.h" 18 #include "src/heap/factory-base.h" 19 #include "src/heap/heap.h" 20 #include "src/objects/code.h" 21 #include "src/objects/dictionary.h" 22 #include "src/objects/js-array.h" 23 #include "src/objects/js-regexp.h" 24 #include "src/objects/shared-function-info.h" 25 #include "src/objects/string.h" 26 27 namespace v8 { 28 namespace internal { 29 30 // Forward declarations. 31 class AliasedArgumentsEntry; 32 class ObjectBoilerplateDescription; 33 class BasicBlockProfilerData; 34 class BreakPoint; 35 class BreakPointInfo; 36 class CallableTask; 37 class CallbackTask; 38 class CallHandlerInfo; 39 class CallSiteInfo; 40 class Expression; 41 class EmbedderDataArray; 42 class ArrayBoilerplateDescription; 43 class CoverageInfo; 44 class DebugInfo; 45 class EnumCache; 46 class FreshlyAllocatedBigInt; 47 class Isolate; 48 class JSArrayBufferView; 49 class JSDataView; 50 class JSGeneratorObject; 51 class JSMap; 52 class JSMapIterator; 53 class JSModuleNamespace; 54 class JSPromise; 55 class JSProxy; 56 class JSSet; 57 class JSSetIterator; 58 class JSTypedArray; 59 class JSWeakMap; 60 class LoadHandler; 61 class NativeContext; 62 class PromiseResolveThenableJobTask; 63 class RegExpMatchInfo; 64 class ScriptContextTable; 65 class SourceTextModule; 66 class StackFrameInfo; 67 class StringSet; 68 class StoreHandler; 69 class SyntheticModule; 70 class TemplateObjectDescription; 71 class WasmCapiFunctionData; 72 class WasmExportedFunctionData; 73 class WasmJSFunctionData; 74 class WeakCell; 75 #if V8_ENABLE_WEBASSEMBLY 76 namespace wasm { 77 class ArrayType; 78 class StructType; 79 class WasmValue; 80 } // namespace wasm 81 #endif 82 83 enum class SharedFlag : uint8_t; 84 enum class InitializedFlag : uint8_t; 85 86 enum FunctionMode { 87 kWithNameBit = 1 << 0, 88 kWithWritablePrototypeBit = 1 << 1, 89 kWithReadonlyPrototypeBit = 1 << 2, 90 kWithPrototypeBits = kWithWritablePrototypeBit | kWithReadonlyPrototypeBit, 91 92 // Without prototype. 93 FUNCTION_WITHOUT_PROTOTYPE = 0, 94 METHOD_WITH_NAME = kWithNameBit, 95 96 // With writable prototype. 97 FUNCTION_WITH_WRITEABLE_PROTOTYPE = kWithWritablePrototypeBit, 98 FUNCTION_WITH_NAME_AND_WRITEABLE_PROTOTYPE = 99 kWithWritablePrototypeBit | kWithNameBit, 100 101 // With readonly prototype. 102 FUNCTION_WITH_READONLY_PROTOTYPE = kWithReadonlyPrototypeBit, 103 FUNCTION_WITH_NAME_AND_READONLY_PROTOTYPE = 104 kWithReadonlyPrototypeBit | kWithNameBit, 105 }; 106 107 enum class NumberCacheMode { kIgnore, kSetOnly, kBoth }; 108 109 // Interface for handle based allocation. 110 class V8_EXPORT_PRIVATE Factory : public FactoryBase<Factory> { 111 public: 112 inline ReadOnlyRoots read_only_roots() const; 113 114 Handle<Oddball> NewOddball(Handle<Map> map, const char* to_string, 115 Handle<Object> to_number, const char* type_of, 116 byte kind); 117 118 // Marks self references within code generation. 119 Handle<Oddball> NewSelfReferenceMarker(); 120 121 // Marks references to a function's basic-block usage counters array during 122 // code generation. 123 Handle<Oddball> NewBasicBlockCountersMarker(); 124 125 // Allocates a property array initialized with undefined values. 126 Handle<PropertyArray> NewPropertyArray( 127 int length, AllocationType allocation = AllocationType::kYoung); 128 // Tries allocating a fixed array initialized with undefined values. 129 // In case of an allocation failure (OOM) an empty handle is returned. 130 // The caller has to manually signal an 131 // v8::internal::Heap::FatalProcessOutOfMemory typically by calling 132 // NewFixedArray as a fallback. 133 V8_WARN_UNUSED_RESULT 134 MaybeHandle<FixedArray> TryNewFixedArray( 135 int length, AllocationType allocation = AllocationType::kYoung); 136 137 // Allocates a closure feedback cell array whose feedback cells are 138 // initialized with undefined values. 139 Handle<ClosureFeedbackCellArray> NewClosureFeedbackCellArray(int num_slots); 140 141 // Allocates a feedback vector whose slots are initialized with undefined 142 // values. 143 Handle<FeedbackVector> NewFeedbackVector( 144 Handle<SharedFunctionInfo> shared, 145 Handle<ClosureFeedbackCellArray> closure_feedback_cell_array); 146 147 // Allocates a clean embedder data array with given capacity. 148 Handle<EmbedderDataArray> NewEmbedderDataArray(int length); 149 150 // Allocate a new fixed double array with hole values. 151 Handle<FixedArrayBase> NewFixedDoubleArrayWithHoles(int size); 152 153 // Allocates a NameDictionary with an internal capacity calculated such that 154 // |at_least_space_for| entries can be added without reallocating. 155 Handle<NameDictionary> NewNameDictionary(int at_least_space_for); 156 157 // Allocates an OrderedNameDictionary of the given capacity. This guarantees 158 // that |capacity| entries can be added without reallocating. 159 Handle<OrderedNameDictionary> NewOrderedNameDictionary( 160 int capacity = OrderedNameDictionary::kInitialCapacity); 161 162 Handle<OrderedHashSet> NewOrderedHashSet(); 163 Handle<OrderedHashMap> NewOrderedHashMap(); 164 Handle<SmallOrderedHashSet> NewSmallOrderedHashSet( 165 int capacity = kSmallOrderedHashSetMinCapacity, 166 AllocationType allocation = AllocationType::kYoung); 167 Handle<SmallOrderedHashMap> NewSmallOrderedHashMap( 168 int capacity = kSmallOrderedHashMapMinCapacity, 169 AllocationType allocation = AllocationType::kYoung); 170 Handle<SmallOrderedNameDictionary> NewSmallOrderedNameDictionary( 171 int capacity = kSmallOrderedHashMapMinCapacity, 172 AllocationType allocation = AllocationType::kYoung); 173 174 Handle<SwissNameDictionary> CreateCanonicalEmptySwissNameDictionary(); 175 176 // Create a new PrototypeInfo struct. 177 Handle<PrototypeInfo> NewPrototypeInfo(); 178 179 // Create a new EnumCache struct. 180 Handle<EnumCache> NewEnumCache(Handle<FixedArray> keys, 181 Handle<FixedArray> indices); 182 183 // Create a new Tuple2 struct. 184 Handle<Tuple2> NewTuple2(Handle<Object> value1, Handle<Object> value2, 185 AllocationType allocation); 186 187 // Create a new PropertyDescriptorObject struct. 188 Handle<PropertyDescriptorObject> NewPropertyDescriptorObject(); 189 190 // Finds the internalized copy for string in the string table. 191 // If not found, a new string is added to the table and returned. 192 Handle<String> InternalizeUtf8String(const base::Vector<const char>& str); InternalizeUtf8String(const char * str)193 Handle<String> InternalizeUtf8String(const char* str) { 194 return InternalizeUtf8String(base::CStrVector(str)); 195 } 196 197 // Import InternalizeString overloads from base class. 198 using FactoryBase::InternalizeString; 199 200 Handle<String> InternalizeString(base::Vector<const char> str, 201 bool convert_encoding = false) { 202 return InternalizeString(base::Vector<const uint8_t>::cast(str)); 203 } 204 205 template <typename SeqString> 206 Handle<String> InternalizeString(Handle<SeqString>, int from, int length, 207 bool convert_encoding = false); 208 209 // Internalized strings are created in the old generation (data space). 210 inline Handle<String> InternalizeString(Handle<String> string); 211 212 inline Handle<Name> InternalizeName(Handle<Name> name); 213 214 // String creation functions. Most of the string creation functions take 215 // an AllocationType argument to optionally request that they be 216 // allocated in the old generation. Otherwise the default is 217 // AllocationType::kYoung. 218 // 219 // Creates a new String object. There are two String encodings: one-byte and 220 // two-byte. One should choose between the three string factory functions 221 // based on the encoding of the string buffer that the string is 222 // initialized from. 223 // - ...FromOneByte initializes the string from a buffer that is Latin1 224 // encoded (it does not check that the buffer is Latin1 encoded) and 225 // the result will be Latin1 encoded. 226 // - ...FromUtf8 initializes the string from a buffer that is UTF-8 227 // encoded. If the characters are all ASCII characters, the result 228 // will be Latin1 encoded, otherwise it will converted to two-byte. 229 // - ...FromTwoByte initializes the string from a buffer that is two-byte 230 // encoded. If the characters are all Latin1 characters, the result 231 // will be converted to Latin1, otherwise it will be left as two-byte. 232 // 233 // One-byte strings are pretenured when used as keys in the SourceCodeCache. 234 V8_WARN_UNUSED_RESULT MaybeHandle<String> NewStringFromOneByte( 235 const base::Vector<const uint8_t>& str, 236 AllocationType allocation = AllocationType::kYoung); 237 238 template <size_t N> 239 inline Handle<String> NewStringFromStaticChars( 240 const char (&str)[N], 241 AllocationType allocation = AllocationType::kYoung) { 242 DCHECK_EQ(N, strlen(str) + 1); 243 return NewStringFromOneByte(base::StaticOneByteVector(str), allocation) 244 .ToHandleChecked(); 245 } 246 247 inline Handle<String> NewStringFromAsciiChecked( 248 const char* str, AllocationType allocation = AllocationType::kYoung) { 249 return NewStringFromOneByte(base::OneByteVector(str), allocation) 250 .ToHandleChecked(); 251 } 252 253 // UTF8 strings are pretenured when used for regexp literal patterns and 254 // flags in the parser. 255 V8_WARN_UNUSED_RESULT MaybeHandle<String> NewStringFromUtf8( 256 const base::Vector<const char>& str, 257 AllocationType allocation = AllocationType::kYoung); 258 259 V8_WARN_UNUSED_RESULT MaybeHandle<String> NewStringFromUtf8SubString( 260 Handle<SeqOneByteString> str, int begin, int end, 261 AllocationType allocation = AllocationType::kYoung); 262 263 V8_WARN_UNUSED_RESULT MaybeHandle<String> NewStringFromTwoByte( 264 const base::Vector<const base::uc16>& str, 265 AllocationType allocation = AllocationType::kYoung); 266 267 V8_WARN_UNUSED_RESULT MaybeHandle<String> NewStringFromTwoByte( 268 const ZoneVector<base::uc16>* str, 269 AllocationType allocation = AllocationType::kYoung); 270 271 Handle<JSStringIterator> NewJSStringIterator(Handle<String> string); 272 273 Handle<String> NewInternalizedStringImpl(Handle<String> string, int chars, 274 uint32_t hash_field); 275 276 // Compute the internalization strategy for the input string. 277 // 278 // Old-generation sequential strings can be internalized by mutating their map 279 // and return kInPlace, along with the matching internalized string map for 280 // string stored in internalized_map. 281 // 282 // Internalized strings return kAlreadyTransitioned. 283 // 284 // All other strings are internalized by flattening and copying and return 285 // kCopy. 286 V8_WARN_UNUSED_RESULT StringTransitionStrategy 287 ComputeInternalizationStrategyForString(Handle<String> string, 288 MaybeHandle<Map>* internalized_map); 289 290 // Creates an internalized copy of an external string. |string| must be 291 // of type StringClass. 292 template <class StringClass> 293 Handle<StringClass> InternalizeExternalString(Handle<String> string); 294 295 // Compute the sharing strategy for the input string. 296 // 297 // Old-generation sequential and thin strings can be shared by mutating their 298 // map and return kInPlace, along with the matching shared string map for the 299 // string stored in shared_map. 300 // 301 // Already-shared strings return kAlreadyTransitioned. 302 // 303 // All other strings are shared by flattening and copying into a sequential 304 // string then sharing that sequential string, and return kCopy. 305 V8_WARN_UNUSED_RESULT StringTransitionStrategy 306 ComputeSharingStrategyForString(Handle<String> string, 307 MaybeHandle<Map>* shared_map); 308 309 // Creates a single character string where the character has given code. 310 // A cache is used for Latin1 codes. 311 Handle<String> LookupSingleCharacterStringFromCode(uint16_t code); 312 313 // Create or lookup a single characters tring made up of a utf16 surrogate 314 // pair. 315 Handle<String> NewSurrogatePairString(uint16_t lead, uint16_t trail); 316 317 // Create a new string object which holds a proper substring of a string. 318 Handle<String> NewProperSubString(Handle<String> str, int begin, int end); 319 320 // Create a new string object which holds a substring of a string. 321 inline Handle<String> NewSubString(Handle<String> str, int begin, int end); 322 323 // Creates a new external String object. There are two String encodings 324 // in the system: one-byte and two-byte. Unlike other String types, it does 325 // not make sense to have a UTF-8 factory function for external strings, 326 // because we cannot change the underlying buffer. Note that these strings 327 // are backed by a string resource that resides outside the V8 heap. 328 V8_WARN_UNUSED_RESULT MaybeHandle<String> NewExternalStringFromOneByte( 329 const ExternalOneByteString::Resource* resource); 330 V8_WARN_UNUSED_RESULT MaybeHandle<String> NewExternalStringFromTwoByte( 331 const ExternalTwoByteString::Resource* resource); 332 333 // Create a symbol in old or read-only space. 334 Handle<Symbol> NewSymbol(AllocationType allocation = AllocationType::kOld); 335 Handle<Symbol> NewPrivateSymbol( 336 AllocationType allocation = AllocationType::kOld); 337 Handle<Symbol> NewPrivateNameSymbol(Handle<String> name); 338 339 // Create a global (but otherwise uninitialized) context. 340 Handle<NativeContext> NewNativeContext(); 341 342 // Create a script context. 343 Handle<Context> NewScriptContext(Handle<NativeContext> outer, 344 Handle<ScopeInfo> scope_info); 345 346 // Create an empty script context table. 347 Handle<ScriptContextTable> NewScriptContextTable(); 348 349 // Create a module context. 350 Handle<Context> NewModuleContext(Handle<SourceTextModule> module, 351 Handle<NativeContext> outer, 352 Handle<ScopeInfo> scope_info); 353 354 // Create a function or eval context. 355 Handle<Context> NewFunctionContext(Handle<Context> outer, 356 Handle<ScopeInfo> scope_info); 357 358 // Create a catch context. 359 Handle<Context> NewCatchContext(Handle<Context> previous, 360 Handle<ScopeInfo> scope_info, 361 Handle<Object> thrown_object); 362 363 // Create a 'with' context. 364 Handle<Context> NewWithContext(Handle<Context> previous, 365 Handle<ScopeInfo> scope_info, 366 Handle<JSReceiver> extension); 367 368 Handle<Context> NewDebugEvaluateContext(Handle<Context> previous, 369 Handle<ScopeInfo> scope_info, 370 Handle<JSReceiver> extension, 371 Handle<Context> wrapped); 372 373 // Create a block context. 374 Handle<Context> NewBlockContext(Handle<Context> previous, 375 Handle<ScopeInfo> scope_info); 376 377 // Create a context that's used by builtin functions. 378 // 379 // These are similar to function context but don't have a previous 380 // context or any scope info. These are used to store spec defined 381 // context values. 382 Handle<Context> NewBuiltinContext(Handle<NativeContext> native_context, 383 int length); 384 385 Handle<AliasedArgumentsEntry> NewAliasedArgumentsEntry( 386 int aliased_context_slot); 387 388 Handle<AccessorInfo> NewAccessorInfo(); 389 390 Handle<ErrorStackData> NewErrorStackData( 391 Handle<Object> call_site_infos_or_formatted_stack, 392 Handle<Object> limit_or_stack_frame_infos); 393 394 Handle<Script> CloneScript(Handle<Script> script); 395 396 Handle<BreakPointInfo> NewBreakPointInfo(int source_position); 397 Handle<BreakPoint> NewBreakPoint(int id, Handle<String> condition); 398 399 Handle<CallSiteInfo> NewCallSiteInfo(Handle<Object> receiver_or_instance, 400 Handle<Object> function, 401 Handle<HeapObject> code_object, 402 int code_offset_or_source_position, 403 int flags, 404 Handle<FixedArray> parameters); 405 Handle<StackFrameInfo> NewStackFrameInfo( 406 Handle<HeapObject> shared_or_script, 407 int bytecode_offset_or_source_position, Handle<String> function_name, 408 bool is_constructor); 409 410 Handle<PromiseOnStack> NewPromiseOnStack(Handle<Object> prev, 411 Handle<JSObject> promise); 412 413 // Allocate various microtasks. 414 Handle<CallableTask> NewCallableTask(Handle<JSReceiver> callable, 415 Handle<Context> context); 416 Handle<CallbackTask> NewCallbackTask(Handle<Foreign> callback, 417 Handle<Foreign> data); 418 Handle<PromiseResolveThenableJobTask> NewPromiseResolveThenableJobTask( 419 Handle<JSPromise> promise_to_resolve, Handle<JSReceiver> thenable, 420 Handle<JSReceiver> then, Handle<Context> context); 421 422 // Foreign objects are pretenured when allocated by the bootstrapper. 423 Handle<Foreign> NewForeign(Address addr); 424 425 Handle<Cell> NewCell(Handle<Object> value); 426 427 Handle<PropertyCell> NewPropertyCell( 428 Handle<Name> name, PropertyDetails details, Handle<Object> value, 429 AllocationType allocation = AllocationType::kOld); 430 Handle<PropertyCell> NewProtector(); 431 432 Handle<FeedbackCell> NewNoClosuresCell(Handle<HeapObject> value); 433 Handle<FeedbackCell> NewOneClosureCell(Handle<HeapObject> value); 434 Handle<FeedbackCell> NewManyClosuresCell(Handle<HeapObject> value); 435 436 Handle<TransitionArray> NewTransitionArray(int number_of_transitions, 437 int slack = 0); 438 439 // Allocate a tenured AllocationSite. Its payload is null. 440 Handle<AllocationSite> NewAllocationSite(bool with_weak_next); 441 442 // Allocates and initializes a new Map. 443 Handle<Map> NewMap(InstanceType type, int instance_size, 444 ElementsKind elements_kind = TERMINAL_FAST_ELEMENTS_KIND, 445 int inobject_properties = 0, 446 AllocationType allocation_type = AllocationType::kMap); 447 // Initializes the fields of a newly created Map using roots from the 448 // passed-in Heap. Exposed for tests and heap setup; other code should just 449 // call NewMap which takes care of it. 450 Map InitializeMap(Map map, InstanceType type, int instance_size, 451 ElementsKind elements_kind, int inobject_properties, 452 Heap* roots); 453 454 // Allocate a block of memory of the given AllocationType (filled with a 455 // filler). Used as a fall-back for generated code when the space is full. 456 Handle<HeapObject> NewFillerObject( 457 int size, AllocationAlignment alignment, AllocationType allocation, 458 AllocationOrigin origin = AllocationOrigin::kRuntime); 459 460 Handle<JSObject> NewFunctionPrototype(Handle<JSFunction> function); 461 462 // Returns a deep copy of the JavaScript object. 463 // Properties and elements are copied too. 464 Handle<JSObject> CopyJSObject(Handle<JSObject> object); 465 // Same as above, but also takes an AllocationSite to be appended in an 466 // AllocationMemento. 467 Handle<JSObject> CopyJSObjectWithAllocationSite(Handle<JSObject> object, 468 Handle<AllocationSite> site); 469 470 Handle<FixedArray> CopyFixedArrayWithMap(Handle<FixedArray> array, 471 Handle<Map> map); 472 473 Handle<FixedArray> CopyFixedArrayAndGrow(Handle<FixedArray> array, 474 int grow_by); 475 476 Handle<WeakArrayList> NewWeakArrayList( 477 int capacity, AllocationType allocation = AllocationType::kYoung); 478 479 Handle<WeakFixedArray> CopyWeakFixedArrayAndGrow(Handle<WeakFixedArray> array, 480 int grow_by); 481 482 Handle<WeakArrayList> CopyWeakArrayListAndGrow( 483 Handle<WeakArrayList> array, int grow_by, 484 AllocationType allocation = AllocationType::kYoung); 485 486 Handle<WeakArrayList> CompactWeakArrayList( 487 Handle<WeakArrayList> array, int new_capacity, 488 AllocationType allocation = AllocationType::kYoung); 489 490 Handle<PropertyArray> CopyPropertyArrayAndGrow(Handle<PropertyArray> array, 491 int grow_by); 492 493 Handle<FixedArray> CopyFixedArrayUpTo( 494 Handle<FixedArray> array, int new_len, 495 AllocationType allocation = AllocationType::kYoung); 496 497 Handle<FixedArray> CopyFixedArray(Handle<FixedArray> array); 498 499 Handle<FixedDoubleArray> CopyFixedDoubleArray(Handle<FixedDoubleArray> array); 500 501 // Creates a new HeapNumber in read-only space if possible otherwise old 502 // space. 503 Handle<HeapNumber> NewHeapNumberForCodeAssembler(double value); 504 505 Handle<JSObject> NewArgumentsObject(Handle<JSFunction> callee, int length); 506 507 // Allocates and initializes a new JavaScript object based on a 508 // constructor. 509 // JS objects are pretenured when allocated by the bootstrapper and 510 // runtime. 511 Handle<JSObject> NewJSObject( 512 Handle<JSFunction> constructor, 513 AllocationType allocation = AllocationType::kYoung); 514 // JSObject without a prototype. 515 Handle<JSObject> NewJSObjectWithNullProto(); 516 // JSObject without a prototype, in dictionary mode. 517 Handle<JSObject> NewSlowJSObjectWithNullProto(); 518 519 // Global objects are pretenured and initialized based on a constructor. 520 Handle<JSGlobalObject> NewJSGlobalObject(Handle<JSFunction> constructor); 521 522 // Allocates and initializes a new JavaScript object based on a map. 523 // Passing an allocation site means that a memento will be created that 524 // points to the site. 525 // JS objects are pretenured when allocated by the bootstrapper and 526 // runtime. 527 Handle<JSObject> NewJSObjectFromMap( 528 Handle<Map> map, AllocationType allocation = AllocationType::kYoung, 529 Handle<AllocationSite> allocation_site = Handle<AllocationSite>::null()); 530 // Like NewJSObjectFromMap, but includes allocating a properties dictionary. 531 Handle<JSObject> NewSlowJSObjectFromMap( 532 Handle<Map> map, 533 int number_of_slow_properties = NameDictionary::kInitialCapacity, 534 AllocationType allocation = AllocationType::kYoung, 535 Handle<AllocationSite> allocation_site = Handle<AllocationSite>::null()); 536 // Calls NewJSObjectFromMap or NewSlowJSObjectFromMap depending on whether the 537 // map is a dictionary map. 538 inline Handle<JSObject> NewFastOrSlowJSObjectFromMap( 539 Handle<Map> map, 540 int number_of_slow_properties = NameDictionary::kInitialCapacity, 541 AllocationType allocation = AllocationType::kYoung, 542 Handle<AllocationSite> allocation_site = Handle<AllocationSite>::null()); 543 // Allocates and initializes a new JavaScript object with the given 544 // {prototype} and {properties}. The newly created object will be 545 // in dictionary properties mode. The {elements} can either be the 546 // empty fixed array, in which case the resulting object will have 547 // fast elements, or a NumberDictionary, in which case the resulting 548 // object will have dictionary elements. 549 Handle<JSObject> NewSlowJSObjectWithPropertiesAndElements( 550 Handle<HeapObject> prototype, Handle<HeapObject> properties, 551 Handle<FixedArrayBase> elements); 552 553 // JS arrays are pretenured when allocated by the parser. 554 555 // Create a JSArray with a specified length and elements initialized 556 // according to the specified mode. 557 Handle<JSArray> NewJSArray( 558 ElementsKind elements_kind, int length, int capacity, 559 ArrayStorageAllocationMode mode = DONT_INITIALIZE_ARRAY_ELEMENTS, 560 AllocationType allocation = AllocationType::kYoung); 561 562 Handle<JSArray> NewJSArray( 563 int capacity, ElementsKind elements_kind = TERMINAL_FAST_ELEMENTS_KIND, 564 AllocationType allocation = AllocationType::kYoung) { 565 if (capacity != 0) { 566 elements_kind = GetHoleyElementsKind(elements_kind); 567 } 568 return NewJSArray(elements_kind, 0, capacity, 569 INITIALIZE_ARRAY_ELEMENTS_WITH_HOLE, allocation); 570 } 571 572 // Create a JSArray with the given elements. 573 Handle<JSArray> NewJSArrayWithElements( 574 Handle<FixedArrayBase> elements, ElementsKind elements_kind, int length, 575 AllocationType allocation = AllocationType::kYoung); 576 577 inline Handle<JSArray> NewJSArrayWithElements( 578 Handle<FixedArrayBase> elements, 579 ElementsKind elements_kind = TERMINAL_FAST_ELEMENTS_KIND, 580 AllocationType allocation = AllocationType::kYoung); 581 582 void NewJSArrayStorage( 583 Handle<JSArray> array, int length, int capacity, 584 ArrayStorageAllocationMode mode = DONT_INITIALIZE_ARRAY_ELEMENTS); 585 586 Handle<JSWeakMap> NewJSWeakMap(); 587 588 Handle<JSGeneratorObject> NewJSGeneratorObject(Handle<JSFunction> function); 589 590 Handle<JSModuleNamespace> NewJSModuleNamespace(); 591 592 Handle<JSWrappedFunction> NewJSWrappedFunction( 593 Handle<NativeContext> creation_context, Handle<Object> target); 594 595 #if V8_ENABLE_WEBASSEMBLY 596 Handle<WasmTypeInfo> NewWasmTypeInfo(Address type_address, 597 Handle<Map> opt_parent, 598 int instance_size_bytes, 599 Handle<WasmInstanceObject> instance); 600 Handle<WasmInternalFunction> NewWasmInternalFunction(Address opt_call_target, 601 Handle<HeapObject> ref, 602 Handle<Map> rtt); 603 Handle<WasmCapiFunctionData> NewWasmCapiFunctionData( 604 Address call_target, Handle<Foreign> embedder_data, 605 Handle<CodeT> wrapper_code, Handle<Map> rtt, 606 Handle<PodArray<wasm::ValueType>> serialized_sig); 607 Handle<WasmExportedFunctionData> NewWasmExportedFunctionData( 608 Handle<CodeT> export_wrapper, Handle<WasmInstanceObject> instance, 609 Address call_target, Handle<Object> ref, int func_index, 610 Address sig_address, int wrapper_budget, Handle<Map> rtt); 611 Handle<WasmApiFunctionRef> NewWasmApiFunctionRef( 612 Handle<JSReceiver> callable, Handle<HeapObject> suspender); 613 // {opt_call_target} is kNullAddress for JavaScript functions, and 614 // non-null for exported Wasm functions. 615 Handle<WasmJSFunctionData> NewWasmJSFunctionData( 616 Address opt_call_target, Handle<JSReceiver> callable, int return_count, 617 int parameter_count, Handle<PodArray<wasm::ValueType>> serialized_sig, 618 Handle<CodeT> wrapper_code, Handle<Map> rtt, 619 Handle<HeapObject> suspender); 620 Handle<WasmOnFulfilledData> NewWasmOnFulfilledData( 621 Handle<WasmSuspenderObject> suspender); 622 Handle<WasmStruct> NewWasmStruct(const wasm::StructType* type, 623 wasm::WasmValue* args, Handle<Map> map); 624 Handle<WasmArray> NewWasmArrayFromElements( 625 const wasm::ArrayType* type, const std::vector<wasm::WasmValue>& elements, 626 Handle<Map> map); 627 Handle<WasmArray> NewWasmArrayFromMemory(uint32_t length, Handle<Map> map, 628 Address source); 629 630 Handle<SharedFunctionInfo> NewSharedFunctionInfoForWasmExportedFunction( 631 Handle<String> name, Handle<WasmExportedFunctionData> data); 632 Handle<SharedFunctionInfo> NewSharedFunctionInfoForWasmJSFunction( 633 Handle<String> name, Handle<WasmJSFunctionData> data); 634 Handle<SharedFunctionInfo> NewSharedFunctionInfoForWasmOnFulfilled( 635 Handle<WasmOnFulfilledData> data); 636 Handle<SharedFunctionInfo> NewSharedFunctionInfoForWasmCapiFunction( 637 Handle<WasmCapiFunctionData> data); 638 #endif // V8_ENABLE_WEBASSEMBLY 639 640 Handle<SourceTextModule> NewSourceTextModule(Handle<SharedFunctionInfo> code); 641 Handle<SyntheticModule> NewSyntheticModule( 642 Handle<String> module_name, Handle<FixedArray> export_names, 643 v8::Module::SyntheticModuleEvaluationSteps evaluation_steps); 644 645 Handle<JSArrayBuffer> NewJSArrayBuffer( 646 std::shared_ptr<BackingStore> backing_store, 647 AllocationType allocation = AllocationType::kYoung); 648 649 MaybeHandle<JSArrayBuffer> NewJSArrayBufferAndBackingStore( 650 size_t byte_length, InitializedFlag initialized, 651 AllocationType allocation = AllocationType::kYoung); 652 653 Handle<JSArrayBuffer> NewJSSharedArrayBuffer( 654 std::shared_ptr<BackingStore> backing_store); 655 656 static void TypeAndSizeForElementsKind(ElementsKind kind, 657 ExternalArrayType* array_type, 658 size_t* element_size); 659 660 // Creates a new JSTypedArray with the specified buffer. 661 Handle<JSTypedArray> NewJSTypedArray(ExternalArrayType type, 662 Handle<JSArrayBuffer> buffer, 663 size_t byte_offset, size_t length); 664 665 Handle<JSDataView> NewJSDataView(Handle<JSArrayBuffer> buffer, 666 size_t byte_offset, size_t byte_length); 667 668 Handle<JSIteratorResult> NewJSIteratorResult(Handle<Object> value, bool done); 669 Handle<JSAsyncFromSyncIterator> NewJSAsyncFromSyncIterator( 670 Handle<JSReceiver> sync_iterator, Handle<Object> next); 671 672 Handle<JSMap> NewJSMap(); 673 Handle<JSSet> NewJSSet(); 674 675 // Allocates a bound function. 676 MaybeHandle<JSBoundFunction> NewJSBoundFunction( 677 Handle<JSReceiver> target_function, Handle<Object> bound_this, 678 base::Vector<Handle<Object>> bound_args); 679 680 // Allocates a Harmony proxy. 681 Handle<JSProxy> NewJSProxy(Handle<JSReceiver> target, 682 Handle<JSReceiver> handler); 683 684 // Reinitialize an JSGlobalProxy based on a constructor. The object 685 // must have the same size as objects allocated using the 686 // constructor. The object is reinitialized and behaves as an 687 // object that has been freshly allocated using the constructor. 688 void ReinitializeJSGlobalProxy(Handle<JSGlobalProxy> global, 689 Handle<JSFunction> constructor); 690 691 Handle<JSGlobalProxy> NewUninitializedJSGlobalProxy(int size); 692 693 // For testing only. Creates a sloppy function without code. 694 Handle<JSFunction> NewFunctionForTesting(Handle<String> name); 695 696 // Create an External object for V8's external API. 697 Handle<JSObject> NewExternal(void* value); 698 699 Handle<DeoptimizationLiteralArray> NewDeoptimizationLiteralArray(int length); 700 701 // Allocates a new code object and initializes it as the trampoline to the 702 // given off-heap entry point. 703 Handle<Code> NewOffHeapTrampolineFor(Handle<Code> code, 704 Address off_heap_entry); 705 706 Handle<Code> CopyCode(Handle<Code> code); 707 708 Handle<BytecodeArray> CopyBytecodeArray(Handle<BytecodeArray>); 709 710 // Interface for creating error objects. 711 Handle<JSObject> NewError(Handle<JSFunction> constructor, 712 Handle<String> message); 713 714 Handle<Object> NewInvalidStringLengthError(); 715 716 inline Handle<Object> NewURIError(); 717 718 Handle<JSObject> NewError(Handle<JSFunction> constructor, 719 MessageTemplate template_index, 720 Handle<Object> arg0 = Handle<Object>(), 721 Handle<Object> arg1 = Handle<Object>(), 722 Handle<Object> arg2 = Handle<Object>()); 723 724 #define DECLARE_ERROR(NAME) \ 725 Handle<JSObject> New##NAME(MessageTemplate template_index, \ 726 Handle<Object> arg0 = Handle<Object>(), \ 727 Handle<Object> arg1 = Handle<Object>(), \ 728 Handle<Object> arg2 = Handle<Object>()); 729 DECLARE_ERROR(Error) 730 DECLARE_ERROR(EvalError) 731 DECLARE_ERROR(RangeError) 732 DECLARE_ERROR(ReferenceError) 733 DECLARE_ERROR(SyntaxError) 734 DECLARE_ERROR(TypeError) 735 DECLARE_ERROR(WasmCompileError) 736 DECLARE_ERROR(WasmLinkError) 737 DECLARE_ERROR(WasmRuntimeError) 738 DECLARE_ERROR(WasmExceptionError) 739 #undef DECLARE_ERROR 740 741 Handle<String> NumberToString(Handle<Object> number, 742 NumberCacheMode mode = NumberCacheMode::kBoth); 743 Handle<String> SmiToString(Smi number, 744 NumberCacheMode mode = NumberCacheMode::kBoth); 745 Handle<String> HeapNumberToString( 746 Handle<HeapNumber> number, double value, 747 NumberCacheMode mode = NumberCacheMode::kBoth); 748 749 Handle<String> SizeToString(size_t value, bool check_cache = true); 750 inline Handle<String> Uint32ToString(uint32_t value, 751 bool check_cache = true) { 752 return SizeToString(value, check_cache); 753 } 754 755 #define ROOT_ACCESSOR(Type, name, CamelName) inline Handle<Type> name(); 756 ROOT_LIST(ROOT_ACCESSOR) 757 #undef ROOT_ACCESSOR 758 759 // Allocates a new SharedFunctionInfo object. 760 Handle<SharedFunctionInfo> NewSharedFunctionInfoForApiFunction( 761 MaybeHandle<String> maybe_name, 762 Handle<FunctionTemplateInfo> function_template_info, FunctionKind kind); 763 764 Handle<SharedFunctionInfo> NewSharedFunctionInfoForBuiltin( 765 MaybeHandle<String> name, Builtin builtin, 766 FunctionKind kind = FunctionKind::kNormalFunction); 767 768 Handle<SharedFunctionInfo> NewSharedFunctionInfoForWebSnapshot(); 769 IsFunctionModeWithPrototype(FunctionMode function_mode)770 static bool IsFunctionModeWithPrototype(FunctionMode function_mode) { 771 return (function_mode & kWithPrototypeBits) != 0; 772 } 773 IsFunctionModeWithWritablePrototype(FunctionMode function_mode)774 static bool IsFunctionModeWithWritablePrototype(FunctionMode function_mode) { 775 return (function_mode & kWithWritablePrototypeBit) != 0; 776 } 777 IsFunctionModeWithName(FunctionMode function_mode)778 static bool IsFunctionModeWithName(FunctionMode function_mode) { 779 return (function_mode & kWithNameBit) != 0; 780 } 781 782 Handle<Map> CreateSloppyFunctionMap( 783 FunctionMode function_mode, MaybeHandle<JSFunction> maybe_empty_function); 784 785 Handle<Map> CreateStrictFunctionMap(FunctionMode function_mode, 786 Handle<JSFunction> empty_function); 787 788 Handle<Map> CreateClassFunctionMap(Handle<JSFunction> empty_function); 789 790 // Allocates a new JSMessageObject object. 791 Handle<JSMessageObject> NewJSMessageObject( 792 MessageTemplate message, Handle<Object> argument, int start_position, 793 int end_position, Handle<SharedFunctionInfo> shared_info, 794 int bytecode_offset, Handle<Script> script, Handle<Object> stack_frames); 795 796 Handle<DebugInfo> NewDebugInfo(Handle<SharedFunctionInfo> shared); 797 798 // Return a map for given number of properties using the map cache in the 799 // native context. 800 Handle<Map> ObjectLiteralMapFromCache(Handle<NativeContext> native_context, 801 int number_of_properties); 802 803 Handle<LoadHandler> NewLoadHandler( 804 int data_count, AllocationType allocation = AllocationType::kOld); 805 Handle<StoreHandler> NewStoreHandler(int data_count); 806 Handle<MegaDomHandler> NewMegaDomHandler(MaybeObjectHandle accessor, 807 MaybeObjectHandle context); 808 Handle<RegExpMatchInfo> NewRegExpMatchInfo(); 809 810 // Creates a new FixedArray that holds the data associated with the 811 // atom regexp and stores it in the regexp. 812 void SetRegExpAtomData(Handle<JSRegExp> regexp, Handle<String> source, 813 JSRegExp::Flags flags, Handle<Object> match_pattern); 814 815 // Creates a new FixedArray that holds the data associated with the 816 // irregexp regexp and stores it in the regexp. 817 void SetRegExpIrregexpData(Handle<JSRegExp> regexp, Handle<String> source, 818 JSRegExp::Flags flags, int capture_count, 819 uint32_t backtrack_limit); 820 821 // Creates a new FixedArray that holds the data associated with the 822 // experimental regexp and stores it in the regexp. 823 void SetRegExpExperimentalData(Handle<JSRegExp> regexp, Handle<String> source, 824 JSRegExp::Flags flags, int capture_count); 825 826 // Returns the value for a known global constant (a property of the global 827 // object which is neither configurable nor writable) like 'undefined'. 828 // Returns a null handle when the given name is unknown. 829 Handle<Object> GlobalConstantFor(Handle<Name> name); 830 831 // Converts the given ToPrimitive hint to it's string representation. 832 Handle<String> ToPrimitiveHintString(ToPrimitiveHint hint); 833 834 Handle<JSPromise> NewJSPromiseWithoutHook(); 835 Handle<JSPromise> NewJSPromise(); 836 837 Handle<CallHandlerInfo> NewCallHandlerInfo(bool has_no_side_effect = false); 838 NewForTest(Handle<Map> map,AllocationType allocation)839 HeapObject NewForTest(Handle<Map> map, AllocationType allocation) { 840 return New(map, allocation); 841 } 842 843 // Helper class for creating JSFunction objects. 844 class V8_EXPORT_PRIVATE JSFunctionBuilder final { 845 public: 846 JSFunctionBuilder(Isolate* isolate, Handle<SharedFunctionInfo> sfi, 847 Handle<Context> context); 848 849 V8_WARN_UNUSED_RESULT Handle<JSFunction> Build(); 850 set_map(Handle<Map> v)851 JSFunctionBuilder& set_map(Handle<Map> v) { 852 maybe_map_ = v; 853 return *this; 854 } set_allocation_type(AllocationType v)855 JSFunctionBuilder& set_allocation_type(AllocationType v) { 856 allocation_type_ = v; 857 return *this; 858 } set_feedback_cell(Handle<FeedbackCell> v)859 JSFunctionBuilder& set_feedback_cell(Handle<FeedbackCell> v) { 860 maybe_feedback_cell_ = v; 861 return *this; 862 } 863 864 private: 865 void PrepareMap(); 866 void PrepareFeedbackCell(); 867 868 V8_WARN_UNUSED_RESULT Handle<JSFunction> BuildRaw(Handle<Code> code); 869 870 Isolate* const isolate_; 871 Handle<SharedFunctionInfo> sfi_; 872 Handle<Context> context_; 873 MaybeHandle<Map> maybe_map_; 874 MaybeHandle<FeedbackCell> maybe_feedback_cell_; 875 AllocationType allocation_type_ = AllocationType::kOld; 876 877 friend class Factory; 878 }; 879 880 // Allows creation of Code objects. It provides two build methods, one of 881 // which tries to gracefully handle allocation failure. 882 class V8_EXPORT_PRIVATE CodeBuilder final { 883 public: 884 CodeBuilder(Isolate* isolate, const CodeDesc& desc, CodeKind kind); 885 886 // TODO(victorgomes): Remove Isolate dependency from CodeBuilder. 887 CodeBuilder(LocalIsolate* local_isolate, const CodeDesc& desc, 888 CodeKind kind); 889 890 // Builds a new code object (fully initialized). All header fields of the 891 // returned object are immutable and the code object is write protected. 892 V8_WARN_UNUSED_RESULT Handle<Code> Build(); 893 // Like Build, builds a new code object. May return an empty handle if the 894 // allocation fails. 895 V8_WARN_UNUSED_RESULT MaybeHandle<Code> TryBuild(); 896 897 // Sets the self-reference object in which a reference to the code object is 898 // stored. This allows generated code to reference its own Code object by 899 // using this handle. set_self_reference(Handle<Object> self_reference)900 CodeBuilder& set_self_reference(Handle<Object> self_reference) { 901 DCHECK(!self_reference.is_null()); 902 self_reference_ = self_reference; 903 return *this; 904 } 905 set_builtin(Builtin builtin)906 CodeBuilder& set_builtin(Builtin builtin) { 907 DCHECK_IMPLIES(builtin != Builtin::kNoBuiltinId, 908 !CodeKindIsJSFunction(kind_)); 909 builtin_ = builtin; 910 return *this; 911 } 912 set_inlined_bytecode_size(uint32_t size)913 CodeBuilder& set_inlined_bytecode_size(uint32_t size) { 914 DCHECK_IMPLIES(size != 0, CodeKindIsOptimizedJSFunction(kind_)); 915 inlined_bytecode_size_ = size; 916 return *this; 917 } 918 set_source_position_table(Handle<ByteArray> table)919 CodeBuilder& set_source_position_table(Handle<ByteArray> table) { 920 DCHECK_NE(kind_, CodeKind::BASELINE); 921 DCHECK(!table.is_null()); 922 position_table_ = table; 923 return *this; 924 } 925 set_bytecode_offset_table(Handle<ByteArray> table)926 CodeBuilder& set_bytecode_offset_table(Handle<ByteArray> table) { 927 DCHECK_EQ(kind_, CodeKind::BASELINE); 928 DCHECK(!table.is_null()); 929 position_table_ = table; 930 return *this; 931 } 932 set_deoptimization_data(Handle<DeoptimizationData> deopt_data)933 CodeBuilder& set_deoptimization_data( 934 Handle<DeoptimizationData> deopt_data) { 935 DCHECK_NE(kind_, CodeKind::BASELINE); 936 DCHECK(!deopt_data.is_null()); 937 deoptimization_data_ = deopt_data; 938 return *this; 939 } 940 941 inline CodeBuilder& set_interpreter_data( 942 Handle<HeapObject> interpreter_data); 943 set_is_turbofanned()944 CodeBuilder& set_is_turbofanned() { 945 DCHECK(!CodeKindIsUnoptimizedJSFunction(kind_)); 946 is_turbofanned_ = true; 947 return *this; 948 } 949 set_is_executable(bool executable)950 CodeBuilder& set_is_executable(bool executable) { 951 DCHECK_EQ(kind_, CodeKind::BUILTIN); 952 is_executable_ = executable; 953 return *this; 954 } 955 956 // Indicates the CodeDataContainer should be allocated in read-only space. 957 // As an optimization, if the kind-specific flags match that of a canonical 958 // container, it will be used instead. set_read_only_data_container(bool read_only)959 CodeBuilder& set_read_only_data_container(bool read_only) { 960 CHECK_IMPLIES(V8_EXTERNAL_CODE_SPACE_BOOL, !read_only); 961 read_only_data_container_ = read_only; 962 return *this; 963 } 964 set_kind_specific_flags(int32_t flags)965 CodeBuilder& set_kind_specific_flags(int32_t flags) { 966 kind_specific_flags_ = flags; 967 return *this; 968 } 969 set_stack_slots(int stack_slots)970 CodeBuilder& set_stack_slots(int stack_slots) { 971 stack_slots_ = stack_slots; 972 return *this; 973 } 974 set_profiler_data(BasicBlockProfilerData * profiler_data)975 CodeBuilder& set_profiler_data(BasicBlockProfilerData* profiler_data) { 976 profiler_data_ = profiler_data; 977 return *this; 978 } 979 980 inline bool CompiledWithConcurrentBaseline() const; 981 982 private: 983 MaybeHandle<Code> BuildInternal(bool retry_allocation_or_fail); 984 MaybeHandle<Code> AllocateCode(bool retry_allocation_or_fail); 985 MaybeHandle<Code> AllocateConcurrentSparkplugCode( 986 bool retry_allocation_or_fail); 987 988 Isolate* const isolate_; 989 LocalIsolate* local_isolate_; 990 const CodeDesc& code_desc_; 991 const CodeKind kind_; 992 993 MaybeHandle<Object> self_reference_; 994 Builtin builtin_ = Builtin::kNoBuiltinId; 995 uint32_t inlined_bytecode_size_ = 0; 996 int32_t kind_specific_flags_ = 0; 997 // Either source_position_table for non-baseline code 998 // or bytecode_offset_table for baseline code. 999 Handle<ByteArray> position_table_; 1000 Handle<DeoptimizationData> deoptimization_data_ = 1001 DeoptimizationData::Empty(isolate_); 1002 Handle<HeapObject> interpreter_data_; 1003 BasicBlockProfilerData* profiler_data_ = nullptr; 1004 bool is_executable_ = true; 1005 bool read_only_data_container_ = false; 1006 bool is_turbofanned_ = false; 1007 int stack_slots_ = 0; 1008 }; 1009 1010 private: 1011 friend class FactoryBase<Factory>; 1012 1013 // ------ 1014 // Customization points for FactoryBase 1015 HeapObject AllocateRaw(int size, AllocationType allocation, 1016 AllocationAlignment alignment = kTaggedAligned); 1017 isolate()1018 Isolate* isolate() const { 1019 // Downcast to the privately inherited sub-class using c-style casts to 1020 // avoid undefined behavior (as static_cast cannot cast across private 1021 // bases). 1022 // NOLINTNEXTLINE (google-readability-casting) 1023 return (Isolate*)this; // NOLINT(readability/casting) 1024 } 1025 1026 // This is the real Isolate that will be used for allocating and accessing 1027 // external pointer entries when V8_SANDBOXED_EXTERNAL_POINTERS is enabled. isolate_for_sandbox()1028 Isolate* isolate_for_sandbox() const { 1029 #ifdef V8_SANDBOXED_EXTERNAL_POINTERS 1030 return isolate(); 1031 #else 1032 return nullptr; 1033 #endif // V8_SANDBOXED_EXTERNAL_POINTERS 1034 } 1035 1036 V8_INLINE HeapAllocator* allocator() const; 1037 1038 bool CanAllocateInReadOnlySpace(); 1039 bool EmptyStringRootIsInitialized(); 1040 AllocationType AllocationTypeForInPlaceInternalizableString(); 1041 1042 void AddToScriptList(Handle<Script> shared); 1043 // ------ 1044 1045 HeapObject AllocateRawWithAllocationSite( 1046 Handle<Map> map, AllocationType allocation, 1047 Handle<AllocationSite> allocation_site); 1048 1049 Handle<JSArrayBufferView> NewJSArrayBufferView( 1050 Handle<Map> map, Handle<FixedArrayBase> elements, 1051 Handle<JSArrayBuffer> buffer, size_t byte_offset, size_t byte_length); 1052 1053 Symbol NewSymbolInternal(AllocationType allocation = AllocationType::kOld); 1054 1055 // Allocates new context with given map, sets length and initializes the 1056 // after-header part with uninitialized values and leaves the context header 1057 // uninitialized. 1058 Context NewContextInternal(Handle<Map> map, int size, 1059 int variadic_part_length, 1060 AllocationType allocation); 1061 1062 template <typename T> 1063 Handle<T> AllocateSmallOrderedHashTable(Handle<Map> map, int capacity, 1064 AllocationType allocation); 1065 1066 // Creates a heap object based on the map. The fields of the heap object are 1067 // not initialized, it's the responsibility of the caller to do that. 1068 HeapObject New(Handle<Map> map, AllocationType allocation); 1069 1070 template <typename T> 1071 Handle<T> CopyArrayWithMap(Handle<T> src, Handle<Map> map); 1072 template <typename T> 1073 Handle<T> CopyArrayAndGrow(Handle<T> src, int grow_by, 1074 AllocationType allocation); 1075 1076 template <bool is_one_byte, typename T> 1077 Handle<String> AllocateInternalizedStringImpl(T t, int chars, 1078 uint32_t hash_field); 1079 1080 Handle<String> AllocateTwoByteInternalizedString( 1081 const base::Vector<const base::uc16>& str, uint32_t hash_field); 1082 1083 MaybeHandle<String> NewStringFromTwoByte(const base::uc16* string, int length, 1084 AllocationType allocation); 1085 1086 // Attempt to find the number in a small cache. If we finds it, return 1087 // the string representation of the number. Otherwise return undefined. 1088 V8_INLINE Handle<Object> NumberToStringCacheGet(Object number, int hash); 1089 1090 // Update the cache with a new number-string pair. 1091 V8_INLINE void NumberToStringCacheSet(Handle<Object> number, int hash, 1092 Handle<String> js_string); 1093 1094 // Creates a new JSArray with the given backing storage. Performs no 1095 // verification of the backing storage because it may not yet be filled. 1096 Handle<JSArray> NewJSArrayWithUnverifiedElements( 1097 Handle<FixedArrayBase> elements, ElementsKind elements_kind, int length, 1098 AllocationType allocation = AllocationType::kYoung); 1099 1100 // Creates the backing storage for a JSArray. This handle must be discarded 1101 // before returning the JSArray reference to code outside Factory, which might 1102 // decide to left-trim the backing store. To avoid unnecessary HandleScopes, 1103 // this method requires capacity greater than zero. 1104 Handle<FixedArrayBase> NewJSArrayStorage( 1105 ElementsKind elements_kind, int capacity, 1106 ArrayStorageAllocationMode mode = DONT_INITIALIZE_ARRAY_ELEMENTS); 1107 1108 void InitializeAllocationMemento(AllocationMemento memento, 1109 AllocationSite allocation_site); 1110 1111 // Initializes a JSObject based on its map. 1112 void InitializeJSObjectFromMap(JSObject obj, Object properties, Map map); 1113 // Initializes JSObject body starting at given offset. 1114 void InitializeJSObjectBody(JSObject obj, Map map, int start_offset); 1115 1116 Handle<WeakArrayList> NewUninitializedWeakArrayList( 1117 int capacity, AllocationType allocation = AllocationType::kYoung); 1118 }; 1119 1120 } // namespace internal 1121 } // namespace v8 1122 1123 #endif // V8_HEAP_FACTORY_H_ 1124