1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "src/runtime/runtime-utils.h"
6
7 #include "src/allocation-site-scopes.h"
8 #include "src/arguments.h"
9 #include "src/ast/ast.h"
10 #include "src/isolate-inl.h"
11 #include "src/parsing/parser.h"
12 #include "src/runtime/runtime.h"
13
14 namespace v8 {
15 namespace internal {
16
ComputeObjectLiteralMap(Handle<Context> context,Handle<FixedArray> constant_properties,bool is_strong,bool * is_result_from_cache)17 static Handle<Map> ComputeObjectLiteralMap(
18 Handle<Context> context, Handle<FixedArray> constant_properties,
19 bool is_strong, bool* is_result_from_cache) {
20 int properties_length = constant_properties->length();
21 int number_of_properties = properties_length / 2;
22
23 for (int p = 0; p != properties_length; p += 2) {
24 Object* key = constant_properties->get(p);
25 uint32_t element_index = 0;
26 if (key->ToArrayIndex(&element_index)) {
27 // An index key does not require space in the property backing store.
28 number_of_properties--;
29 }
30 }
31 Isolate* isolate = context->GetIsolate();
32 return isolate->factory()->ObjectLiteralMapFromCache(
33 context, number_of_properties, is_strong, is_result_from_cache);
34 }
35
36 MUST_USE_RESULT static MaybeHandle<Object> CreateLiteralBoilerplate(
37 Isolate* isolate, Handle<LiteralsArray> literals,
38 Handle<FixedArray> constant_properties, bool is_strong);
39
40
CreateObjectLiteralBoilerplate(Isolate * isolate,Handle<LiteralsArray> literals,Handle<FixedArray> constant_properties,bool should_have_fast_elements,bool has_function_literal,bool is_strong)41 MUST_USE_RESULT static MaybeHandle<Object> CreateObjectLiteralBoilerplate(
42 Isolate* isolate, Handle<LiteralsArray> literals,
43 Handle<FixedArray> constant_properties, bool should_have_fast_elements,
44 bool has_function_literal, bool is_strong) {
45 Handle<Context> context = isolate->native_context();
46
47 // In case we have function literals, we want the object to be in
48 // slow properties mode for now. We don't go in the map cache because
49 // maps with constant functions can't be shared if the functions are
50 // not the same (which is the common case).
51 bool is_result_from_cache = false;
52 Handle<Map> map = has_function_literal
53 ? Handle<Map>(is_strong
54 ? context->js_object_strong_map()
55 : context->object_function()->initial_map())
56 : ComputeObjectLiteralMap(context, constant_properties, is_strong,
57 &is_result_from_cache);
58
59 PretenureFlag pretenure_flag =
60 isolate->heap()->InNewSpace(*literals) ? NOT_TENURED : TENURED;
61
62 Handle<JSObject> boilerplate =
63 isolate->factory()->NewJSObjectFromMap(map, pretenure_flag);
64
65 // Normalize the elements of the boilerplate to save space if needed.
66 if (!should_have_fast_elements) JSObject::NormalizeElements(boilerplate);
67
68 // Add the constant properties to the boilerplate.
69 int length = constant_properties->length();
70 bool should_transform =
71 !is_result_from_cache && boilerplate->HasFastProperties();
72 bool should_normalize = should_transform || has_function_literal;
73 if (should_normalize) {
74 // TODO(verwaest): We might not want to ever normalize here.
75 JSObject::NormalizeProperties(boilerplate, KEEP_INOBJECT_PROPERTIES,
76 length / 2, "Boilerplate");
77 }
78 // TODO(verwaest): Support tracking representations in the boilerplate.
79 for (int index = 0; index < length; index += 2) {
80 Handle<Object> key(constant_properties->get(index + 0), isolate);
81 Handle<Object> value(constant_properties->get(index + 1), isolate);
82 if (value->IsFixedArray()) {
83 // The value contains the constant_properties of a
84 // simple object or array literal.
85 Handle<FixedArray> array = Handle<FixedArray>::cast(value);
86 ASSIGN_RETURN_ON_EXCEPTION(
87 isolate, value,
88 CreateLiteralBoilerplate(isolate, literals, array, is_strong),
89 Object);
90 }
91 MaybeHandle<Object> maybe_result;
92 uint32_t element_index = 0;
93 if (key->IsInternalizedString()) {
94 if (Handle<String>::cast(key)->AsArrayIndex(&element_index)) {
95 // Array index as string (uint32).
96 if (value->IsUninitialized()) value = handle(Smi::FromInt(0), isolate);
97 maybe_result = JSObject::SetOwnElementIgnoreAttributes(
98 boilerplate, element_index, value, NONE);
99 } else {
100 Handle<String> name(String::cast(*key));
101 DCHECK(!name->AsArrayIndex(&element_index));
102 maybe_result = JSObject::SetOwnPropertyIgnoreAttributes(
103 boilerplate, name, value, NONE);
104 }
105 } else if (key->ToArrayIndex(&element_index)) {
106 // Array index (uint32).
107 if (value->IsUninitialized()) value = handle(Smi::FromInt(0), isolate);
108 maybe_result = JSObject::SetOwnElementIgnoreAttributes(
109 boilerplate, element_index, value, NONE);
110 } else {
111 // Non-uint32 number.
112 DCHECK(key->IsNumber());
113 double num = key->Number();
114 char arr[100];
115 Vector<char> buffer(arr, arraysize(arr));
116 const char* str = DoubleToCString(num, buffer);
117 Handle<String> name = isolate->factory()->NewStringFromAsciiChecked(str);
118 maybe_result = JSObject::SetOwnPropertyIgnoreAttributes(boilerplate, name,
119 value, NONE);
120 }
121 // If setting the property on the boilerplate throws an
122 // exception, the exception is converted to an empty handle in
123 // the handle based operations. In that case, we need to
124 // convert back to an exception.
125 RETURN_ON_EXCEPTION(isolate, maybe_result, Object);
126 }
127
128 // Transform to fast properties if necessary. For object literals with
129 // containing function literals we defer this operation until after all
130 // computed properties have been assigned so that we can generate
131 // constant function properties.
132 if (should_transform && !has_function_literal) {
133 JSObject::MigrateSlowToFast(boilerplate,
134 boilerplate->map()->unused_property_fields(),
135 "FastLiteral");
136 }
137 return boilerplate;
138 }
139
140
CreateArrayLiteralBoilerplate(Isolate * isolate,Handle<LiteralsArray> literals,Handle<FixedArray> elements,bool is_strong)141 MaybeHandle<Object> Runtime::CreateArrayLiteralBoilerplate(
142 Isolate* isolate, Handle<LiteralsArray> literals,
143 Handle<FixedArray> elements, bool is_strong) {
144 // Create the JSArray.
145 Handle<JSFunction> constructor = isolate->array_function();
146
147 PretenureFlag pretenure_flag =
148 isolate->heap()->InNewSpace(*literals) ? NOT_TENURED : TENURED;
149
150 Handle<JSArray> object = Handle<JSArray>::cast(
151 isolate->factory()->NewJSObject(constructor, pretenure_flag));
152
153 ElementsKind constant_elements_kind =
154 static_cast<ElementsKind>(Smi::cast(elements->get(0))->value());
155 Handle<FixedArrayBase> constant_elements_values(
156 FixedArrayBase::cast(elements->get(1)));
157
158 {
159 DisallowHeapAllocation no_gc;
160 DCHECK(IsFastElementsKind(constant_elements_kind));
161 Context* native_context = isolate->context()->native_context();
162 Strength strength = is_strong ? Strength::STRONG : Strength::WEAK;
163 Object* map = native_context->get(
164 Context::ArrayMapIndex(constant_elements_kind, strength));
165 object->set_map(Map::cast(map));
166 }
167
168 Handle<FixedArrayBase> copied_elements_values;
169 if (IsFastDoubleElementsKind(constant_elements_kind)) {
170 copied_elements_values = isolate->factory()->CopyFixedDoubleArray(
171 Handle<FixedDoubleArray>::cast(constant_elements_values));
172 } else {
173 DCHECK(IsFastSmiOrObjectElementsKind(constant_elements_kind));
174 const bool is_cow = (constant_elements_values->map() ==
175 isolate->heap()->fixed_cow_array_map());
176 if (is_cow) {
177 copied_elements_values = constant_elements_values;
178 #if DEBUG
179 Handle<FixedArray> fixed_array_values =
180 Handle<FixedArray>::cast(copied_elements_values);
181 for (int i = 0; i < fixed_array_values->length(); i++) {
182 DCHECK(!fixed_array_values->get(i)->IsFixedArray());
183 }
184 #endif
185 } else {
186 Handle<FixedArray> fixed_array_values =
187 Handle<FixedArray>::cast(constant_elements_values);
188 Handle<FixedArray> fixed_array_values_copy =
189 isolate->factory()->CopyFixedArray(fixed_array_values);
190 copied_elements_values = fixed_array_values_copy;
191 for (int i = 0; i < fixed_array_values->length(); i++) {
192 HandleScope scope(isolate);
193 if (fixed_array_values->get(i)->IsFixedArray()) {
194 // The value contains the constant_properties of a
195 // simple object or array literal.
196 Handle<FixedArray> fa(FixedArray::cast(fixed_array_values->get(i)));
197 Handle<Object> result;
198 ASSIGN_RETURN_ON_EXCEPTION(
199 isolate, result,
200 CreateLiteralBoilerplate(isolate, literals, fa, is_strong),
201 Object);
202 fixed_array_values_copy->set(i, *result);
203 }
204 }
205 }
206 }
207 object->set_elements(*copied_elements_values);
208 object->set_length(Smi::FromInt(copied_elements_values->length()));
209
210 JSObject::ValidateElements(object);
211 return object;
212 }
213
214
CreateLiteralBoilerplate(Isolate * isolate,Handle<LiteralsArray> literals,Handle<FixedArray> array,bool is_strong)215 MUST_USE_RESULT static MaybeHandle<Object> CreateLiteralBoilerplate(
216 Isolate* isolate, Handle<LiteralsArray> literals, Handle<FixedArray> array,
217 bool is_strong) {
218 Handle<FixedArray> elements = CompileTimeValue::GetElements(array);
219 const bool kHasNoFunctionLiteral = false;
220 switch (CompileTimeValue::GetLiteralType(array)) {
221 case CompileTimeValue::OBJECT_LITERAL_FAST_ELEMENTS:
222 return CreateObjectLiteralBoilerplate(isolate, literals, elements, true,
223 kHasNoFunctionLiteral, is_strong);
224 case CompileTimeValue::OBJECT_LITERAL_SLOW_ELEMENTS:
225 return CreateObjectLiteralBoilerplate(isolate, literals, elements, false,
226 kHasNoFunctionLiteral, is_strong);
227 case CompileTimeValue::ARRAY_LITERAL:
228 return Runtime::CreateArrayLiteralBoilerplate(isolate, literals,
229 elements, is_strong);
230 default:
231 UNREACHABLE();
232 return MaybeHandle<Object>();
233 }
234 }
235
236
RUNTIME_FUNCTION(Runtime_CreateRegExpLiteral)237 RUNTIME_FUNCTION(Runtime_CreateRegExpLiteral) {
238 HandleScope scope(isolate);
239 DCHECK_EQ(4, args.length());
240 CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0);
241 CONVERT_SMI_ARG_CHECKED(index, 1);
242 CONVERT_ARG_HANDLE_CHECKED(String, pattern, 2);
243 CONVERT_SMI_ARG_CHECKED(flags, 3);
244
245 // Check if boilerplate exists. If not, create it first.
246 Handle<Object> boilerplate(closure->literals()->literal(index), isolate);
247 if (boilerplate->IsUndefined()) {
248 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
249 isolate, boilerplate, JSRegExp::New(pattern, JSRegExp::Flags(flags)));
250 closure->literals()->set_literal(index, *boilerplate);
251 }
252 return *JSRegExp::Copy(Handle<JSRegExp>::cast(boilerplate));
253 }
254
255
RUNTIME_FUNCTION(Runtime_CreateObjectLiteral)256 RUNTIME_FUNCTION(Runtime_CreateObjectLiteral) {
257 HandleScope scope(isolate);
258 DCHECK_EQ(4, args.length());
259 CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0);
260 CONVERT_SMI_ARG_CHECKED(literals_index, 1);
261 CONVERT_ARG_HANDLE_CHECKED(FixedArray, constant_properties, 2);
262 CONVERT_SMI_ARG_CHECKED(flags, 3);
263 Handle<LiteralsArray> literals(closure->literals(), isolate);
264 bool should_have_fast_elements = (flags & ObjectLiteral::kFastElements) != 0;
265 bool has_function_literal = (flags & ObjectLiteral::kHasFunction) != 0;
266 bool enable_mementos = (flags & ObjectLiteral::kDisableMementos) == 0;
267 bool is_strong = (flags & ObjectLiteral::kIsStrong) != 0;
268
269 RUNTIME_ASSERT(literals_index >= 0 &&
270 literals_index < literals->literals_count());
271
272 // Check if boilerplate exists. If not, create it first.
273 Handle<Object> literal_site(literals->literal(literals_index), isolate);
274 Handle<AllocationSite> site;
275 Handle<JSObject> boilerplate;
276 if (*literal_site == isolate->heap()->undefined_value()) {
277 Handle<Object> raw_boilerplate;
278 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
279 isolate, raw_boilerplate,
280 CreateObjectLiteralBoilerplate(isolate, literals, constant_properties,
281 should_have_fast_elements,
282 has_function_literal, is_strong));
283 boilerplate = Handle<JSObject>::cast(raw_boilerplate);
284
285 AllocationSiteCreationContext creation_context(isolate);
286 site = creation_context.EnterNewScope();
287 RETURN_FAILURE_ON_EXCEPTION(
288 isolate, JSObject::DeepWalk(boilerplate, &creation_context));
289 creation_context.ExitScope(site, boilerplate);
290
291 // Update the functions literal and return the boilerplate.
292 literals->set_literal(literals_index, *site);
293 } else {
294 site = Handle<AllocationSite>::cast(literal_site);
295 boilerplate =
296 Handle<JSObject>(JSObject::cast(site->transition_info()), isolate);
297 }
298
299 AllocationSiteUsageContext usage_context(isolate, site, enable_mementos);
300 usage_context.EnterNewScope();
301 MaybeHandle<Object> maybe_copy =
302 JSObject::DeepCopy(boilerplate, &usage_context);
303 usage_context.ExitScope(site, boilerplate);
304 Handle<Object> copy;
305 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, copy, maybe_copy);
306 return *copy;
307 }
308
309
GetLiteralAllocationSite(Isolate * isolate,Handle<LiteralsArray> literals,int literals_index,Handle<FixedArray> elements,bool is_strong)310 MUST_USE_RESULT static MaybeHandle<AllocationSite> GetLiteralAllocationSite(
311 Isolate* isolate, Handle<LiteralsArray> literals, int literals_index,
312 Handle<FixedArray> elements, bool is_strong) {
313 // Check if boilerplate exists. If not, create it first.
314 Handle<Object> literal_site(literals->literal(literals_index), isolate);
315 Handle<AllocationSite> site;
316 if (*literal_site == isolate->heap()->undefined_value()) {
317 DCHECK(*elements != isolate->heap()->empty_fixed_array());
318 Handle<Object> boilerplate;
319 ASSIGN_RETURN_ON_EXCEPTION(
320 isolate, boilerplate,
321 Runtime::CreateArrayLiteralBoilerplate(isolate, literals, elements,
322 is_strong),
323 AllocationSite);
324
325 AllocationSiteCreationContext creation_context(isolate);
326 site = creation_context.EnterNewScope();
327 if (JSObject::DeepWalk(Handle<JSObject>::cast(boilerplate),
328 &creation_context).is_null()) {
329 return Handle<AllocationSite>::null();
330 }
331 creation_context.ExitScope(site, Handle<JSObject>::cast(boilerplate));
332
333 literals->set_literal(literals_index, *site);
334 } else {
335 site = Handle<AllocationSite>::cast(literal_site);
336 }
337
338 return site;
339 }
340
341
CreateArrayLiteralImpl(Isolate * isolate,Handle<LiteralsArray> literals,int literals_index,Handle<FixedArray> elements,int flags)342 static MaybeHandle<JSObject> CreateArrayLiteralImpl(
343 Isolate* isolate, Handle<LiteralsArray> literals, int literals_index,
344 Handle<FixedArray> elements, int flags) {
345 RUNTIME_ASSERT_HANDLIFIED(
346 literals_index >= 0 && literals_index < literals->literals_count(),
347 JSObject);
348 Handle<AllocationSite> site;
349 bool is_strong = (flags & ArrayLiteral::kIsStrong) != 0;
350 ASSIGN_RETURN_ON_EXCEPTION(
351 isolate, site,
352 GetLiteralAllocationSite(isolate, literals, literals_index, elements,
353 is_strong),
354 JSObject);
355
356 bool enable_mementos = (flags & ArrayLiteral::kDisableMementos) == 0;
357 Handle<JSObject> boilerplate(JSObject::cast(site->transition_info()));
358 AllocationSiteUsageContext usage_context(isolate, site, enable_mementos);
359 usage_context.EnterNewScope();
360 JSObject::DeepCopyHints hints = (flags & ArrayLiteral::kShallowElements) == 0
361 ? JSObject::kNoHints
362 : JSObject::kObjectIsShallow;
363 MaybeHandle<JSObject> copy =
364 JSObject::DeepCopy(boilerplate, &usage_context, hints);
365 usage_context.ExitScope(site, boilerplate);
366 return copy;
367 }
368
369
RUNTIME_FUNCTION(Runtime_CreateArrayLiteral)370 RUNTIME_FUNCTION(Runtime_CreateArrayLiteral) {
371 HandleScope scope(isolate);
372 DCHECK_EQ(4, args.length());
373 CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0);
374 CONVERT_SMI_ARG_CHECKED(literals_index, 1);
375 CONVERT_ARG_HANDLE_CHECKED(FixedArray, elements, 2);
376 CONVERT_SMI_ARG_CHECKED(flags, 3);
377
378 Handle<JSObject> result;
379 Handle<LiteralsArray> literals(closure->literals(), isolate);
380 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
381 isolate, result, CreateArrayLiteralImpl(isolate, literals, literals_index,
382 elements, flags));
383 return *result;
384 }
385
386
RUNTIME_FUNCTION(Runtime_CreateArrayLiteralStubBailout)387 RUNTIME_FUNCTION(Runtime_CreateArrayLiteralStubBailout) {
388 HandleScope scope(isolate);
389 DCHECK_EQ(3, args.length());
390 CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0);
391 CONVERT_SMI_ARG_CHECKED(literals_index, 1);
392 CONVERT_ARG_HANDLE_CHECKED(FixedArray, elements, 2);
393
394 Handle<JSObject> result;
395 Handle<LiteralsArray> literals(closure->literals(), isolate);
396 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
397 isolate, result,
398 CreateArrayLiteralImpl(isolate, literals, literals_index, elements,
399 ArrayLiteral::kShallowElements));
400 return *result;
401 }
402
403
RUNTIME_FUNCTION(Runtime_StoreArrayLiteralElement)404 RUNTIME_FUNCTION(Runtime_StoreArrayLiteralElement) {
405 HandleScope scope(isolate);
406 RUNTIME_ASSERT(args.length() == 5);
407 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
408 CONVERT_SMI_ARG_CHECKED(store_index, 1);
409 CONVERT_ARG_HANDLE_CHECKED(Object, value, 2);
410 CONVERT_ARG_HANDLE_CHECKED(LiteralsArray, literals, 3);
411 CONVERT_SMI_ARG_CHECKED(literal_index, 4);
412
413 Object* raw_literal_cell = literals->literal(literal_index);
414 JSArray* boilerplate = NULL;
415 if (raw_literal_cell->IsAllocationSite()) {
416 AllocationSite* site = AllocationSite::cast(raw_literal_cell);
417 boilerplate = JSArray::cast(site->transition_info());
418 } else {
419 boilerplate = JSArray::cast(raw_literal_cell);
420 }
421 Handle<JSArray> boilerplate_object(boilerplate);
422 ElementsKind elements_kind = object->GetElementsKind();
423 DCHECK(IsFastElementsKind(elements_kind));
424 // Smis should never trigger transitions.
425 DCHECK(!value->IsSmi());
426
427 if (value->IsNumber()) {
428 DCHECK(IsFastSmiElementsKind(elements_kind));
429 ElementsKind transitioned_kind = IsFastHoleyElementsKind(elements_kind)
430 ? FAST_HOLEY_DOUBLE_ELEMENTS
431 : FAST_DOUBLE_ELEMENTS;
432 if (IsMoreGeneralElementsKindTransition(
433 boilerplate_object->GetElementsKind(), transitioned_kind)) {
434 JSObject::TransitionElementsKind(boilerplate_object, transitioned_kind);
435 }
436 JSObject::TransitionElementsKind(object, transitioned_kind);
437 DCHECK(IsFastDoubleElementsKind(object->GetElementsKind()));
438 FixedDoubleArray* double_array = FixedDoubleArray::cast(object->elements());
439 HeapNumber* number = HeapNumber::cast(*value);
440 double_array->set(store_index, number->Number());
441 } else {
442 if (!IsFastObjectElementsKind(elements_kind)) {
443 ElementsKind transitioned_kind = IsFastHoleyElementsKind(elements_kind)
444 ? FAST_HOLEY_ELEMENTS
445 : FAST_ELEMENTS;
446 JSObject::TransitionElementsKind(object, transitioned_kind);
447 if (IsMoreGeneralElementsKindTransition(
448 boilerplate_object->GetElementsKind(), transitioned_kind)) {
449 JSObject::TransitionElementsKind(boilerplate_object, transitioned_kind);
450 }
451 }
452 FixedArray* object_array = FixedArray::cast(object->elements());
453 object_array->set(store_index, *value);
454 }
455 return *object;
456 }
457 } // namespace internal
458 } // namespace v8
459