1 // Copyright 2012 the V8 project authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef V8_ELEMENTS_H_ 6 #define V8_ELEMENTS_H_ 7 8 #include "src/elements-kind.h" 9 #include "src/heap/heap.h" 10 #include "src/isolate.h" 11 #include "src/keys.h" 12 #include "src/objects.h" 13 14 namespace v8 { 15 namespace internal { 16 17 // Abstract base class for handles that can operate on objects with differing 18 // ElementsKinds. 19 class ElementsAccessor { 20 public: ElementsAccessor(const char * name)21 explicit ElementsAccessor(const char* name) : name_(name) { } ~ElementsAccessor()22 virtual ~ElementsAccessor() { } 23 name()24 const char* name() const { return name_; } 25 26 // Returns a shared ElementsAccessor for the specified ElementsKind. ForKind(ElementsKind elements_kind)27 static ElementsAccessor* ForKind(ElementsKind elements_kind) { 28 DCHECK(static_cast<int>(elements_kind) < kElementsKindCount); 29 return elements_accessors_[elements_kind]; 30 } 31 32 // Checks the elements of an object for consistency, asserting when a problem 33 // is found. 34 virtual void Validate(Handle<JSObject> obj) = 0; 35 36 // Returns true if a holder contains an element with the specified index 37 // without iterating up the prototype chain. The caller can optionally pass 38 // in the backing store to use for the check, which must be compatible with 39 // the ElementsKind of the ElementsAccessor. If backing_store is NULL, the 40 // holder->elements() is used as the backing store. If a |filter| is 41 // specified the PropertyAttributes of the element at the given index 42 // are compared to the given |filter|. If they match/overlap the given 43 // index is ignored. Note that only Dictionary elements have custom 44 // PropertyAttributes associated, hence the |filter| argument is ignored for 45 // all but DICTIONARY_ELEMENTS and SLOW_SLOPPY_ARGUMENTS_ELEMENTS. 46 virtual bool HasElement(Handle<JSObject> holder, uint32_t index, 47 Handle<FixedArrayBase> backing_store, 48 PropertyFilter filter = ALL_PROPERTIES) = 0; 49 50 inline bool HasElement(Handle<JSObject> holder, uint32_t index, 51 PropertyFilter filter = ALL_PROPERTIES) { 52 return HasElement(holder, index, handle(holder->elements()), filter); 53 } 54 55 virtual Handle<Object> Get(Handle<JSObject> holder, uint32_t entry) = 0; 56 57 virtual bool HasAccessors(JSObject* holder) = 0; 58 virtual uint32_t NumberOfElements(JSObject* holder) = 0; 59 60 // Modifies the length data property as specified for JSArrays and resizes the 61 // underlying backing store accordingly. The method honors the semantics of 62 // changing array sizes as defined in EcmaScript 5.1 15.4.5.2, i.e. array that 63 // have non-deletable elements can only be shrunk to the size of highest 64 // element that is non-deletable. 65 virtual void SetLength(Handle<JSArray> holder, uint32_t new_length) = 0; 66 67 // If kCopyToEnd is specified as the copy_size to CopyElements, it copies all 68 // of elements from source after source_start to the destination array. 69 static const int kCopyToEnd = -1; 70 // If kCopyToEndAndInitializeToHole is specified as the copy_size to 71 // CopyElements, it copies all of elements from source after source_start to 72 // destination array, padding any remaining uninitialized elements in the 73 // destination array with the hole. 74 static const int kCopyToEndAndInitializeToHole = -2; 75 76 // Copy all indices that have elements from |object| into the given 77 // KeyAccumulator. For Dictionary-based element-kinds we filter out elements 78 // whose PropertyAttribute match |filter|. 79 virtual void CollectElementIndices(Handle<JSObject> object, 80 Handle<FixedArrayBase> backing_store, 81 KeyAccumulator* keys) = 0; 82 CollectElementIndices(Handle<JSObject> object,KeyAccumulator * keys)83 inline void CollectElementIndices(Handle<JSObject> object, 84 KeyAccumulator* keys) { 85 CollectElementIndices(object, handle(object->elements(), keys->isolate()), 86 keys); 87 } 88 89 virtual Maybe<bool> CollectValuesOrEntries( 90 Isolate* isolate, Handle<JSObject> object, 91 Handle<FixedArray> values_or_entries, bool get_entries, int* nof_items, 92 PropertyFilter filter = ALL_PROPERTIES) = 0; 93 94 virtual MaybeHandle<FixedArray> PrependElementIndices( 95 Handle<JSObject> object, Handle<FixedArrayBase> backing_store, 96 Handle<FixedArray> keys, GetKeysConversion convert, 97 PropertyFilter filter = ALL_PROPERTIES) = 0; 98 99 inline MaybeHandle<FixedArray> PrependElementIndices( 100 Handle<JSObject> object, Handle<FixedArray> keys, 101 GetKeysConversion convert, PropertyFilter filter = ALL_PROPERTIES) { 102 return PrependElementIndices(object, handle(object->elements()), keys, 103 convert, filter); 104 } 105 106 virtual void AddElementsToKeyAccumulator(Handle<JSObject> receiver, 107 KeyAccumulator* accumulator, 108 AddKeyConversion convert) = 0; 109 110 virtual void TransitionElementsKind(Handle<JSObject> object, 111 Handle<Map> map) = 0; 112 virtual void GrowCapacityAndConvert(Handle<JSObject> object, 113 uint32_t capacity) = 0; 114 // Unlike GrowCapacityAndConvert do not attempt to convert the backing store 115 // and simply return false in this case. 116 virtual bool GrowCapacity(Handle<JSObject> object, uint32_t index) = 0; 117 118 static void InitializeOncePerProcess(); 119 static void TearDown(); 120 121 virtual void Set(Handle<JSObject> holder, uint32_t entry, Object* value) = 0; 122 123 virtual void Add(Handle<JSObject> object, uint32_t index, 124 Handle<Object> value, PropertyAttributes attributes, 125 uint32_t new_capacity) = 0; 126 127 static Handle<JSArray> Concat(Isolate* isolate, Arguments* args, 128 uint32_t concat_size, uint32_t result_length); 129 130 virtual uint32_t Push(Handle<JSArray> receiver, Arguments* args, 131 uint32_t push_size) = 0; 132 133 virtual uint32_t Unshift(Handle<JSArray> receiver, 134 Arguments* args, uint32_t unshift_size) = 0; 135 136 virtual Handle<JSArray> Slice(Handle<JSObject> receiver, 137 uint32_t start, uint32_t end) = 0; 138 139 virtual Handle<JSArray> Splice(Handle<JSArray> receiver, 140 uint32_t start, uint32_t delete_count, 141 Arguments* args, uint32_t add_count) = 0; 142 143 virtual Handle<Object> Pop(Handle<JSArray> receiver) = 0; 144 145 virtual Handle<Object> Shift(Handle<JSArray> receiver) = 0; 146 147 virtual Handle<SeededNumberDictionary> Normalize(Handle<JSObject> object) = 0; 148 149 virtual uint32_t GetCapacity(JSObject* holder, 150 FixedArrayBase* backing_store) = 0; 151 152 // Check an Object's own elements for an element (using SameValueZero 153 // semantics) 154 virtual Maybe<bool> IncludesValue(Isolate* isolate, Handle<JSObject> receiver, 155 Handle<Object> value, uint32_t start, 156 uint32_t length) = 0; 157 158 // Check an Object's own elements for the index of an element (using SameValue 159 // semantics) 160 virtual Maybe<int64_t> IndexOfValue(Isolate* isolate, 161 Handle<JSObject> receiver, 162 Handle<Object> value, uint32_t start, 163 uint32_t length) = 0; 164 165 virtual void CopyElements(Handle<FixedArrayBase> source, 166 ElementsKind source_kind, 167 Handle<FixedArrayBase> destination, int size) = 0; 168 169 virtual Handle<FixedArray> CreateListFromArray(Isolate* isolate, 170 Handle<JSArray> array) = 0; 171 172 protected: 173 friend class LookupIterator; 174 175 // Element handlers distinguish between entries and indices when they 176 // manipulate elements. Entries refer to elements in terms of their location 177 // in the underlying storage's backing store representation, and are between 0 178 // and GetCapacity. Indices refer to elements in terms of the value that would 179 // be specified in JavaScript to access the element. In most implementations, 180 // indices are equivalent to entries. In the NumberDictionary 181 // ElementsAccessor, entries are mapped to an index using the KeyAt method on 182 // the NumberDictionary. 183 virtual uint32_t GetEntryForIndex(Isolate* isolate, JSObject* holder, 184 FixedArrayBase* backing_store, 185 uint32_t index) = 0; 186 187 virtual PropertyDetails GetDetails(JSObject* holder, uint32_t entry) = 0; 188 virtual void Reconfigure(Handle<JSObject> object, 189 Handle<FixedArrayBase> backing_store, uint32_t entry, 190 Handle<Object> value, 191 PropertyAttributes attributes) = 0; 192 193 // Deletes an element in an object. 194 virtual void Delete(Handle<JSObject> holder, uint32_t entry) = 0; 195 196 // NOTE: this method violates the handlified function signature convention: 197 // raw pointer parameter |source_holder| in the function that allocates. 198 // This is done intentionally to avoid ArrayConcat() builtin performance 199 // degradation. 200 virtual void CopyElements(JSObject* source_holder, uint32_t source_start, 201 ElementsKind source_kind, 202 Handle<FixedArrayBase> destination, 203 uint32_t destination_start, int copy_size) = 0; 204 205 private: 206 static ElementsAccessor** elements_accessors_; 207 const char* name_; 208 209 DISALLOW_COPY_AND_ASSIGN(ElementsAccessor); 210 }; 211 212 void CheckArrayAbuse(Handle<JSObject> obj, const char* op, uint32_t index, 213 bool allow_appending = false); 214 215 MUST_USE_RESULT MaybeHandle<Object> ArrayConstructInitializeElements( 216 Handle<JSArray> array, 217 Arguments* args); 218 219 } // namespace internal 220 } // namespace v8 221 222 #endif // V8_ELEMENTS_H_ 223