1 // Copyright 2012 the V8 project authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef V8_ELEMENTS_H_ 6 #define V8_ELEMENTS_H_ 7 8 #include "src/elements-kind.h" 9 #include "src/keys.h" 10 #include "src/objects.h" 11 12 namespace v8 { 13 namespace internal { 14 15 class JSTypedArray; 16 17 // Abstract base class for handles that can operate on objects with differing 18 // ElementsKinds. 19 class ElementsAccessor { 20 public: ElementsAccessor(const char * name)21 explicit ElementsAccessor(const char* name) : name_(name) { } ~ElementsAccessor()22 virtual ~ElementsAccessor() { } 23 name()24 const char* name() const { return name_; } 25 26 // Returns a shared ElementsAccessor for the specified ElementsKind. ForKind(ElementsKind elements_kind)27 static ElementsAccessor* ForKind(ElementsKind elements_kind) { 28 DCHECK_LT(static_cast<int>(elements_kind), kElementsKindCount); 29 return elements_accessors_[elements_kind]; 30 } 31 32 // Checks the elements of an object for consistency, asserting when a problem 33 // is found. 34 virtual void Validate(JSObject* obj) = 0; 35 36 // Returns true if a holder contains an element with the specified index 37 // without iterating up the prototype chain. The caller can optionally pass 38 // in the backing store to use for the check, which must be compatible with 39 // the ElementsKind of the ElementsAccessor. If backing_store is nullptr, the 40 // holder->elements() is used as the backing store. If a |filter| is 41 // specified the PropertyAttributes of the element at the given index 42 // are compared to the given |filter|. If they match/overlap the given 43 // index is ignored. Note that only Dictionary elements have custom 44 // PropertyAttributes associated, hence the |filter| argument is ignored for 45 // all but DICTIONARY_ELEMENTS and SLOW_SLOPPY_ARGUMENTS_ELEMENTS. 46 virtual bool HasElement(JSObject* holder, uint32_t index, 47 FixedArrayBase* backing_store, 48 PropertyFilter filter = ALL_PROPERTIES) = 0; 49 50 inline bool HasElement(JSObject* holder, uint32_t index, 51 PropertyFilter filter = ALL_PROPERTIES); 52 53 // Note: this is currently not implemented for string wrapper and 54 // typed array elements. 55 virtual bool HasEntry(JSObject* holder, uint32_t entry) = 0; 56 57 // TODO(cbruni): HasEntry and Get should not be exposed publicly with the 58 // entry parameter. 59 virtual Handle<Object> Get(Handle<JSObject> holder, uint32_t entry) = 0; 60 61 virtual bool HasAccessors(JSObject* holder) = 0; 62 virtual uint32_t NumberOfElements(JSObject* holder) = 0; 63 64 // Modifies the length data property as specified for JSArrays and resizes the 65 // underlying backing store accordingly. The method honors the semantics of 66 // changing array sizes as defined in EcmaScript 5.1 15.4.5.2, i.e. array that 67 // have non-deletable elements can only be shrunk to the size of highest 68 // element that is non-deletable. 69 virtual void SetLength(Handle<JSArray> holder, uint32_t new_length) = 0; 70 71 72 // If kCopyToEnd is specified as the copy_size to CopyElements, it copies all 73 // of elements from source after source_start to the destination array. 74 static const int kCopyToEnd = -1; 75 // If kCopyToEndAndInitializeToHole is specified as the copy_size to 76 // CopyElements, it copies all of elements from source after source_start to 77 // destination array, padding any remaining uninitialized elements in the 78 // destination array with the hole. 79 static const int kCopyToEndAndInitializeToHole = -2; 80 81 // Copy all indices that have elements from |object| into the given 82 // KeyAccumulator. For Dictionary-based element-kinds we filter out elements 83 // whose PropertyAttribute match |filter|. 84 virtual void CollectElementIndices(Handle<JSObject> object, 85 Handle<FixedArrayBase> backing_store, 86 KeyAccumulator* keys) = 0; 87 88 inline void CollectElementIndices(Handle<JSObject> object, 89 KeyAccumulator* keys); 90 91 virtual Maybe<bool> CollectValuesOrEntries( 92 Isolate* isolate, Handle<JSObject> object, 93 Handle<FixedArray> values_or_entries, bool get_entries, int* nof_items, 94 PropertyFilter filter = ALL_PROPERTIES) = 0; 95 96 virtual MaybeHandle<FixedArray> PrependElementIndices( 97 Handle<JSObject> object, Handle<FixedArrayBase> backing_store, 98 Handle<FixedArray> keys, GetKeysConversion convert, 99 PropertyFilter filter = ALL_PROPERTIES) = 0; 100 101 inline MaybeHandle<FixedArray> PrependElementIndices( 102 Handle<JSObject> object, Handle<FixedArray> keys, 103 GetKeysConversion convert, PropertyFilter filter = ALL_PROPERTIES); 104 105 virtual void AddElementsToKeyAccumulator(Handle<JSObject> receiver, 106 KeyAccumulator* accumulator, 107 AddKeyConversion convert) = 0; 108 109 virtual void TransitionElementsKind(Handle<JSObject> object, 110 Handle<Map> map) = 0; 111 virtual void GrowCapacityAndConvert(Handle<JSObject> object, 112 uint32_t capacity) = 0; 113 // Unlike GrowCapacityAndConvert do not attempt to convert the backing store 114 // and simply return false in this case. 115 virtual bool GrowCapacity(Handle<JSObject> object, uint32_t index) = 0; 116 117 static void InitializeOncePerProcess(); 118 static void TearDown(); 119 120 virtual void Set(Handle<JSObject> holder, uint32_t entry, Object* value) = 0; 121 122 virtual void Add(Handle<JSObject> object, uint32_t index, 123 Handle<Object> value, PropertyAttributes attributes, 124 uint32_t new_capacity) = 0; 125 126 static Handle<JSArray> Concat(Isolate* isolate, Arguments* args, 127 uint32_t concat_size, uint32_t result_length); 128 129 virtual uint32_t Push(Handle<JSArray> receiver, Arguments* args, 130 uint32_t push_size) = 0; 131 132 virtual uint32_t Unshift(Handle<JSArray> receiver, Arguments* args, 133 uint32_t unshift_size) = 0; 134 135 virtual Handle<JSObject> Slice(Handle<JSObject> receiver, uint32_t start, 136 uint32_t end) = 0; 137 138 virtual Handle<JSArray> Splice(Handle<JSArray> receiver, 139 uint32_t start, uint32_t delete_count, 140 Arguments* args, uint32_t add_count) = 0; 141 142 virtual Handle<Object> Pop(Handle<JSArray> receiver) = 0; 143 144 virtual Handle<Object> Shift(Handle<JSArray> receiver) = 0; 145 146 virtual Handle<NumberDictionary> Normalize(Handle<JSObject> object) = 0; 147 148 virtual uint32_t GetCapacity(JSObject* holder, 149 FixedArrayBase* backing_store) = 0; 150 151 virtual Object* Fill(Handle<JSObject> receiver, Handle<Object> obj_value, 152 uint32_t start, uint32_t end) = 0; 153 154 // Check an Object's own elements for an element (using SameValueZero 155 // semantics) 156 virtual Maybe<bool> IncludesValue(Isolate* isolate, Handle<JSObject> receiver, 157 Handle<Object> value, uint32_t start, 158 uint32_t length) = 0; 159 160 // Check an Object's own elements for the index of an element (using SameValue 161 // semantics) 162 virtual Maybe<int64_t> IndexOfValue(Isolate* isolate, 163 Handle<JSObject> receiver, 164 Handle<Object> value, uint32_t start, 165 uint32_t length) = 0; 166 167 virtual Maybe<int64_t> LastIndexOfValue(Handle<JSObject> receiver, 168 Handle<Object> value, 169 uint32_t start) = 0; 170 171 virtual void Reverse(JSObject* receiver) = 0; 172 173 virtual void CopyElements(Isolate* isolate, Handle<FixedArrayBase> source, 174 ElementsKind source_kind, 175 Handle<FixedArrayBase> destination, int size) = 0; 176 177 virtual Object* CopyElements(Handle<Object> source, 178 Handle<JSObject> destination, size_t length, 179 uint32_t offset = 0) = 0; 180 181 virtual Handle<FixedArray> CreateListFromArrayLike(Isolate* isolate, 182 Handle<JSObject> object, 183 uint32_t length) = 0; 184 185 virtual void CopyTypedArrayElementsSlice(JSTypedArray* source, 186 JSTypedArray* destination, 187 size_t start, size_t end) = 0; 188 189 protected: 190 friend class LookupIterator; 191 192 // Element handlers distinguish between entries and indices when they 193 // manipulate elements. Entries refer to elements in terms of their location 194 // in the underlying storage's backing store representation, and are between 0 195 // and GetCapacity. Indices refer to elements in terms of the value that would 196 // be specified in JavaScript to access the element. In most implementations, 197 // indices are equivalent to entries. In the NumberDictionary 198 // ElementsAccessor, entries are mapped to an index using the KeyAt method on 199 // the NumberDictionary. 200 virtual uint32_t GetEntryForIndex(Isolate* isolate, JSObject* holder, 201 FixedArrayBase* backing_store, 202 uint32_t index) = 0; 203 204 virtual PropertyDetails GetDetails(JSObject* holder, uint32_t entry) = 0; 205 virtual void Reconfigure(Handle<JSObject> object, 206 Handle<FixedArrayBase> backing_store, uint32_t entry, 207 Handle<Object> value, 208 PropertyAttributes attributes) = 0; 209 210 // Deletes an element in an object. 211 virtual void Delete(Handle<JSObject> holder, uint32_t entry) = 0; 212 213 // NOTE: this method violates the handlified function signature convention: 214 // raw pointer parameter |source_holder| in the function that allocates. 215 // This is done intentionally to avoid ArrayConcat() builtin performance 216 // degradation. 217 virtual void CopyElements(JSObject* source_holder, uint32_t source_start, 218 ElementsKind source_kind, 219 Handle<FixedArrayBase> destination, 220 uint32_t destination_start, int copy_size) = 0; 221 222 private: 223 static ElementsAccessor** elements_accessors_; 224 const char* name_; 225 226 DISALLOW_COPY_AND_ASSIGN(ElementsAccessor); 227 }; 228 229 void CheckArrayAbuse(Handle<JSObject> obj, const char* op, uint32_t index, 230 bool allow_appending = false); 231 232 V8_WARN_UNUSED_RESULT MaybeHandle<Object> ArrayConstructInitializeElements( 233 Handle<JSArray> array, Arguments* args); 234 235 // Called directly from CSA. 236 void CopyFastNumberJSArrayElementsToTypedArray(Context* context, 237 JSArray* source, 238 JSTypedArray* destination, 239 uintptr_t length, 240 uintptr_t offset); 241 void CopyTypedArrayElementsToTypedArray(JSTypedArray* source, 242 JSTypedArray* destination, 243 uintptr_t length, uintptr_t offset); 244 void CopyTypedArrayElementsSlice(JSTypedArray* source, 245 JSTypedArray* destination, uintptr_t start, 246 uintptr_t end); 247 248 } // namespace internal 249 } // namespace v8 250 251 #endif // V8_ELEMENTS_H_ 252