Home | History | Annotate | Download | only in src 
      1 // Copyright 2012 the V8 project authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef V8_ELEMENTS_H_
      6 #define V8_ELEMENTS_H_
      7 
      8 #include "src/elements-kind.h"
      9 #include "src/keys.h"
     10 #include "src/objects.h"
     11 
     12 namespace v8 {
     13 namespace internal {
     14 
     15 class JSTypedArray;
     16 
     17 // Abstract base class for handles that can operate on objects with differing
     18 // ElementsKinds.
     19 class ElementsAccessor {
     20  public:
     21   explicit ElementsAccessor(const char* name) : name_(name) { }
     22   virtual ~ElementsAccessor() { }
     23 
     24   const char* name() const { return name_; }
     25 
     26   // Returns a shared ElementsAccessor for the specified ElementsKind.
     27   static ElementsAccessor* ForKind(ElementsKind elements_kind) {
     28     DCHECK_LT(static_cast<int>(elements_kind), kElementsKindCount);
     29     return elements_accessors_[elements_kind];
     30   }
     31 
     32   // Checks the elements of an object for consistency, asserting when a problem
     33   // is found.
     34   virtual void Validate(JSObject* obj) = 0;
     35 
     36   // Returns true if a holder contains an element with the specified index
     37   // without iterating up the prototype chain.  The caller can optionally pass
     38   // in the backing store to use for the check, which must be compatible with
     39   // the ElementsKind of the ElementsAccessor. If backing_store is nullptr, the
     40   // holder->elements() is used as the backing store. If a |filter| is
     41   // specified the PropertyAttributes of the element at the given index
     42   // are compared to the given |filter|. If they match/overlap the given
     43   // index is ignored. Note that only Dictionary elements have custom
     44   // PropertyAttributes associated, hence the |filter| argument is ignored for
     45   // all but DICTIONARY_ELEMENTS and SLOW_SLOPPY_ARGUMENTS_ELEMENTS.
     46   virtual bool HasElement(JSObject* holder, uint32_t index,
     47                           FixedArrayBase* backing_store,
     48                           PropertyFilter filter = ALL_PROPERTIES) = 0;
     49 
     50   inline bool HasElement(JSObject* holder, uint32_t index,
     51                          PropertyFilter filter = ALL_PROPERTIES);
     52 
     53   // Note: this is currently not implemented for string wrapper and
     54   // typed array elements.
     55   virtual bool HasEntry(JSObject* holder, uint32_t entry) = 0;
     56 
     57   // TODO(cbruni): HasEntry and Get should not be exposed publicly with the
     58   // entry parameter.
     59   virtual Handle<Object> Get(Handle<JSObject> holder, uint32_t entry) = 0;
     60 
     61   virtual bool HasAccessors(JSObject* holder) = 0;
     62   virtual uint32_t NumberOfElements(JSObject* holder) = 0;
     63 
     64   // Modifies the length data property as specified for JSArrays and resizes the
     65   // underlying backing store accordingly. The method honors the semantics of
     66   // changing array sizes as defined in EcmaScript 5.1 15.4.5.2, i.e. array that
     67   // have non-deletable elements can only be shrunk to the size of highest
     68   // element that is non-deletable.
     69   virtual void SetLength(Handle<JSArray> holder, uint32_t new_length) = 0;
     70 
     71 
     72   // If kCopyToEnd is specified as the copy_size to CopyElements, it copies all
     73   // of elements from source after source_start to the destination array.
     74   static const int kCopyToEnd = -1;
     75   // If kCopyToEndAndInitializeToHole is specified as the copy_size to
     76   // CopyElements, it copies all of elements from source after source_start to
     77   // destination array, padding any remaining uninitialized elements in the
     78   // destination array with the hole.
     79   static const int kCopyToEndAndInitializeToHole = -2;
     80 
     81   // Copy all indices that have elements from |object| into the given
     82   // KeyAccumulator. For Dictionary-based element-kinds we filter out elements
     83   // whose PropertyAttribute match |filter|.
     84   virtual void CollectElementIndices(Handle<JSObject> object,
     85                                      Handle<FixedArrayBase> backing_store,
     86                                      KeyAccumulator* keys) = 0;
     87 
     88   inline void CollectElementIndices(Handle<JSObject> object,
     89                                     KeyAccumulator* keys);
     90 
     91   virtual Maybe<bool> CollectValuesOrEntries(
     92       Isolate* isolate, Handle<JSObject> object,
     93       Handle<FixedArray> values_or_entries, bool get_entries, int* nof_items,
     94       PropertyFilter filter = ALL_PROPERTIES) = 0;
     95 
     96   virtual MaybeHandle<FixedArray> PrependElementIndices(
     97       Handle<JSObject> object, Handle<FixedArrayBase> backing_store,
     98       Handle<FixedArray> keys, GetKeysConversion convert,
     99       PropertyFilter filter = ALL_PROPERTIES) = 0;
    100 
    101   inline MaybeHandle<FixedArray> PrependElementIndices(
    102       Handle<JSObject> object, Handle<FixedArray> keys,
    103       GetKeysConversion convert, PropertyFilter filter = ALL_PROPERTIES);
    104 
    105   virtual void AddElementsToKeyAccumulator(Handle<JSObject> receiver,
    106                                            KeyAccumulator* accumulator,
    107                                            AddKeyConversion convert) = 0;
    108 
    109   virtual void TransitionElementsKind(Handle<JSObject> object,
    110                                       Handle<Map> map) = 0;
    111   virtual void GrowCapacityAndConvert(Handle<JSObject> object,
    112                                       uint32_t capacity) = 0;
    113   // Unlike GrowCapacityAndConvert do not attempt to convert the backing store
    114   // and simply return false in this case.
    115   virtual bool GrowCapacity(Handle<JSObject> object, uint32_t index) = 0;
    116 
    117   static void InitializeOncePerProcess();
    118   static void TearDown();
    119 
    120   virtual void Set(Handle<JSObject> holder, uint32_t entry, Object* value) = 0;
    121 
    122   virtual void Add(Handle<JSObject> object, uint32_t index,
    123                    Handle<Object> value, PropertyAttributes attributes,
    124                    uint32_t new_capacity) = 0;
    125 
    126   static Handle<JSArray> Concat(Isolate* isolate, Arguments* args,
    127                                 uint32_t concat_size, uint32_t result_length);
    128 
    129   virtual uint32_t Push(Handle<JSArray> receiver, Arguments* args,
    130                         uint32_t push_size) = 0;
    131 
    132   virtual uint32_t Unshift(Handle<JSArray> receiver, Arguments* args,
    133                            uint32_t unshift_size) = 0;
    134 
    135   virtual Handle<JSObject> Slice(Handle<JSObject> receiver, uint32_t start,
    136                                  uint32_t end) = 0;
    137 
    138   virtual Handle<JSArray> Splice(Handle<JSArray> receiver,
    139                                  uint32_t start, uint32_t delete_count,
    140                                  Arguments* args, uint32_t add_count) = 0;
    141 
    142   virtual Handle<Object> Pop(Handle<JSArray> receiver) = 0;
    143 
    144   virtual Handle<Object> Shift(Handle<JSArray> receiver) = 0;
    145 
    146   virtual Handle<NumberDictionary> Normalize(Handle<JSObject> object) = 0;
    147 
    148   virtual uint32_t GetCapacity(JSObject* holder,
    149                                FixedArrayBase* backing_store) = 0;
    150 
    151   virtual Object* Fill(Handle<JSObject> receiver, Handle<Object> obj_value,
    152                        uint32_t start, uint32_t end) = 0;
    153 
    154   // Check an Object's own elements for an element (using SameValueZero
    155   // semantics)
    156   virtual Maybe<bool> IncludesValue(Isolate* isolate, Handle<JSObject> receiver,
    157                                     Handle<Object> value, uint32_t start,
    158                                     uint32_t length) = 0;
    159 
    160   // Check an Object's own elements for the index of an element (using SameValue
    161   // semantics)
    162   virtual Maybe<int64_t> IndexOfValue(Isolate* isolate,
    163                                       Handle<JSObject> receiver,
    164                                       Handle<Object> value, uint32_t start,
    165                                       uint32_t length) = 0;
    166 
    167   virtual Maybe<int64_t> LastIndexOfValue(Handle<JSObject> receiver,
    168                                           Handle<Object> value,
    169                                           uint32_t start) = 0;
    170 
    171   virtual void Reverse(JSObject* receiver) = 0;
    172 
    173   virtual void CopyElements(Isolate* isolate, Handle<FixedArrayBase> source,
    174                             ElementsKind source_kind,
    175                             Handle<FixedArrayBase> destination, int size) = 0;
    176 
    177   virtual Object* CopyElements(Handle<Object> source,
    178                                Handle<JSObject> destination, size_t length,
    179                                uint32_t offset = 0) = 0;
    180 
    181   virtual Handle<FixedArray> CreateListFromArrayLike(Isolate* isolate,
    182                                                      Handle<JSObject> object,
    183                                                      uint32_t length) = 0;
    184 
    185   virtual void CopyTypedArrayElementsSlice(JSTypedArray* source,
    186                                            JSTypedArray* destination,
    187                                            size_t start, size_t end) = 0;
    188 
    189  protected:
    190   friend class LookupIterator;
    191 
    192   // Element handlers distinguish between entries and indices when they
    193   // manipulate elements. Entries refer to elements in terms of their location
    194   // in the underlying storage's backing store representation, and are between 0
    195   // and GetCapacity. Indices refer to elements in terms of the value that would
    196   // be specified in JavaScript to access the element. In most implementations,
    197   // indices are equivalent to entries. In the NumberDictionary
    198   // ElementsAccessor, entries are mapped to an index using the KeyAt method on
    199   // the NumberDictionary.
    200   virtual uint32_t GetEntryForIndex(Isolate* isolate, JSObject* holder,
    201                                     FixedArrayBase* backing_store,
    202                                     uint32_t index) = 0;
    203 
    204   virtual PropertyDetails GetDetails(JSObject* holder, uint32_t entry) = 0;
    205   virtual void Reconfigure(Handle<JSObject> object,
    206                            Handle<FixedArrayBase> backing_store, uint32_t entry,
    207                            Handle<Object> value,
    208                            PropertyAttributes attributes) = 0;
    209 
    210   // Deletes an element in an object.
    211   virtual void Delete(Handle<JSObject> holder, uint32_t entry) = 0;
    212 
    213   // NOTE: this method violates the handlified function signature convention:
    214   // raw pointer parameter |source_holder| in the function that allocates.
    215   // This is done intentionally to avoid ArrayConcat() builtin performance
    216   // degradation.
    217   virtual void CopyElements(JSObject* source_holder, uint32_t source_start,
    218                             ElementsKind source_kind,
    219                             Handle<FixedArrayBase> destination,
    220                             uint32_t destination_start, int copy_size) = 0;
    221 
    222  private:
    223   static ElementsAccessor** elements_accessors_;
    224   const char* name_;
    225 
    226   DISALLOW_COPY_AND_ASSIGN(ElementsAccessor);
    227 };
    228 
    229 void CheckArrayAbuse(Handle<JSObject> obj, const char* op, uint32_t index,
    230                      bool allow_appending = false);
    231 
    232 V8_WARN_UNUSED_RESULT MaybeHandle<Object> ArrayConstructInitializeElements(
    233     Handle<JSArray> array, Arguments* args);
    234 
    235 // Called directly from CSA.
    236 void CopyFastNumberJSArrayElementsToTypedArray(Context* context,
    237                                                JSArray* source,
    238                                                JSTypedArray* destination,
    239                                                uintptr_t length,
    240                                                uintptr_t offset);
    241 void CopyTypedArrayElementsToTypedArray(JSTypedArray* source,
    242                                         JSTypedArray* destination,
    243                                         uintptr_t length, uintptr_t offset);
    244 void CopyTypedArrayElementsSlice(JSTypedArray* source,
    245                                  JSTypedArray* destination, uintptr_t start,
    246                                  uintptr_t end);
    247 
    248 }  // namespace internal
    249 }  // namespace v8
    250 
    251 #endif  // V8_ELEMENTS_H_
    252