1 // Copyright 2014 the V8 project authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "src/runtime/runtime-utils.h" 6 7 #include "src/allocation-site-scopes.h" 8 #include "src/arguments.h" 9 #include "src/ast/ast.h" 10 #include "src/isolate-inl.h" 11 #include "src/parsing/parser.h" 12 #include "src/runtime/runtime.h" 13 14 namespace v8 { 15 namespace internal { 16 17 static Handle<Map> ComputeObjectLiteralMap( 18 Handle<Context> context, Handle<FixedArray> constant_properties, 19 bool is_strong, bool* is_result_from_cache) { 20 int properties_length = constant_properties->length(); 21 int number_of_properties = properties_length / 2; 22 23 for (int p = 0; p != properties_length; p += 2) { 24 Object* key = constant_properties->get(p); 25 uint32_t element_index = 0; 26 if (key->ToArrayIndex(&element_index)) { 27 // An index key does not require space in the property backing store. 28 number_of_properties--; 29 } 30 } 31 Isolate* isolate = context->GetIsolate(); 32 return isolate->factory()->ObjectLiteralMapFromCache( 33 context, number_of_properties, is_strong, is_result_from_cache); 34 } 35 36 MUST_USE_RESULT static MaybeHandle<Object> CreateLiteralBoilerplate( 37 Isolate* isolate, Handle<LiteralsArray> literals, 38 Handle<FixedArray> constant_properties, bool is_strong); 39 40 41 MUST_USE_RESULT static MaybeHandle<Object> CreateObjectLiteralBoilerplate( 42 Isolate* isolate, Handle<LiteralsArray> literals, 43 Handle<FixedArray> constant_properties, bool should_have_fast_elements, 44 bool has_function_literal, bool is_strong) { 45 Handle<Context> context = isolate->native_context(); 46 47 // In case we have function literals, we want the object to be in 48 // slow properties mode for now. We don't go in the map cache because 49 // maps with constant functions can't be shared if the functions are 50 // not the same (which is the common case). 51 bool is_result_from_cache = false; 52 Handle<Map> map = has_function_literal 53 ? Handle<Map>(is_strong 54 ? context->js_object_strong_map() 55 : context->object_function()->initial_map()) 56 : ComputeObjectLiteralMap(context, constant_properties, is_strong, 57 &is_result_from_cache); 58 59 PretenureFlag pretenure_flag = 60 isolate->heap()->InNewSpace(*literals) ? NOT_TENURED : TENURED; 61 62 Handle<JSObject> boilerplate = 63 isolate->factory()->NewJSObjectFromMap(map, pretenure_flag); 64 65 // Normalize the elements of the boilerplate to save space if needed. 66 if (!should_have_fast_elements) JSObject::NormalizeElements(boilerplate); 67 68 // Add the constant properties to the boilerplate. 69 int length = constant_properties->length(); 70 bool should_transform = 71 !is_result_from_cache && boilerplate->HasFastProperties(); 72 bool should_normalize = should_transform || has_function_literal; 73 if (should_normalize) { 74 // TODO(verwaest): We might not want to ever normalize here. 75 JSObject::NormalizeProperties(boilerplate, KEEP_INOBJECT_PROPERTIES, 76 length / 2, "Boilerplate"); 77 } 78 // TODO(verwaest): Support tracking representations in the boilerplate. 79 for (int index = 0; index < length; index += 2) { 80 Handle<Object> key(constant_properties->get(index + 0), isolate); 81 Handle<Object> value(constant_properties->get(index + 1), isolate); 82 if (value->IsFixedArray()) { 83 // The value contains the constant_properties of a 84 // simple object or array literal. 85 Handle<FixedArray> array = Handle<FixedArray>::cast(value); 86 ASSIGN_RETURN_ON_EXCEPTION( 87 isolate, value, 88 CreateLiteralBoilerplate(isolate, literals, array, is_strong), 89 Object); 90 } 91 MaybeHandle<Object> maybe_result; 92 uint32_t element_index = 0; 93 if (key->IsInternalizedString()) { 94 if (Handle<String>::cast(key)->AsArrayIndex(&element_index)) { 95 // Array index as string (uint32). 96 if (value->IsUninitialized()) value = handle(Smi::FromInt(0), isolate); 97 maybe_result = JSObject::SetOwnElementIgnoreAttributes( 98 boilerplate, element_index, value, NONE); 99 } else { 100 Handle<String> name(String::cast(*key)); 101 DCHECK(!name->AsArrayIndex(&element_index)); 102 maybe_result = JSObject::SetOwnPropertyIgnoreAttributes( 103 boilerplate, name, value, NONE); 104 } 105 } else if (key->ToArrayIndex(&element_index)) { 106 // Array index (uint32). 107 if (value->IsUninitialized()) value = handle(Smi::FromInt(0), isolate); 108 maybe_result = JSObject::SetOwnElementIgnoreAttributes( 109 boilerplate, element_index, value, NONE); 110 } else { 111 // Non-uint32 number. 112 DCHECK(key->IsNumber()); 113 double num = key->Number(); 114 char arr[100]; 115 Vector<char> buffer(arr, arraysize(arr)); 116 const char* str = DoubleToCString(num, buffer); 117 Handle<String> name = isolate->factory()->NewStringFromAsciiChecked(str); 118 maybe_result = JSObject::SetOwnPropertyIgnoreAttributes(boilerplate, name, 119 value, NONE); 120 } 121 // If setting the property on the boilerplate throws an 122 // exception, the exception is converted to an empty handle in 123 // the handle based operations. In that case, we need to 124 // convert back to an exception. 125 RETURN_ON_EXCEPTION(isolate, maybe_result, Object); 126 } 127 128 // Transform to fast properties if necessary. For object literals with 129 // containing function literals we defer this operation until after all 130 // computed properties have been assigned so that we can generate 131 // constant function properties. 132 if (should_transform && !has_function_literal) { 133 JSObject::MigrateSlowToFast(boilerplate, 134 boilerplate->map()->unused_property_fields(), 135 "FastLiteral"); 136 } 137 return boilerplate; 138 } 139 140 141 MaybeHandle<Object> Runtime::CreateArrayLiteralBoilerplate( 142 Isolate* isolate, Handle<LiteralsArray> literals, 143 Handle<FixedArray> elements, bool is_strong) { 144 // Create the JSArray. 145 Handle<JSFunction> constructor = isolate->array_function(); 146 147 PretenureFlag pretenure_flag = 148 isolate->heap()->InNewSpace(*literals) ? NOT_TENURED : TENURED; 149 150 Handle<JSArray> object = Handle<JSArray>::cast( 151 isolate->factory()->NewJSObject(constructor, pretenure_flag)); 152 153 ElementsKind constant_elements_kind = 154 static_cast<ElementsKind>(Smi::cast(elements->get(0))->value()); 155 Handle<FixedArrayBase> constant_elements_values( 156 FixedArrayBase::cast(elements->get(1))); 157 158 { 159 DisallowHeapAllocation no_gc; 160 DCHECK(IsFastElementsKind(constant_elements_kind)); 161 Context* native_context = isolate->context()->native_context(); 162 Strength strength = is_strong ? Strength::STRONG : Strength::WEAK; 163 Object* map = native_context->get( 164 Context::ArrayMapIndex(constant_elements_kind, strength)); 165 object->set_map(Map::cast(map)); 166 } 167 168 Handle<FixedArrayBase> copied_elements_values; 169 if (IsFastDoubleElementsKind(constant_elements_kind)) { 170 copied_elements_values = isolate->factory()->CopyFixedDoubleArray( 171 Handle<FixedDoubleArray>::cast(constant_elements_values)); 172 } else { 173 DCHECK(IsFastSmiOrObjectElementsKind(constant_elements_kind)); 174 const bool is_cow = (constant_elements_values->map() == 175 isolate->heap()->fixed_cow_array_map()); 176 if (is_cow) { 177 copied_elements_values = constant_elements_values; 178 #if DEBUG 179 Handle<FixedArray> fixed_array_values = 180 Handle<FixedArray>::cast(copied_elements_values); 181 for (int i = 0; i < fixed_array_values->length(); i++) { 182 DCHECK(!fixed_array_values->get(i)->IsFixedArray()); 183 } 184 #endif 185 } else { 186 Handle<FixedArray> fixed_array_values = 187 Handle<FixedArray>::cast(constant_elements_values); 188 Handle<FixedArray> fixed_array_values_copy = 189 isolate->factory()->CopyFixedArray(fixed_array_values); 190 copied_elements_values = fixed_array_values_copy; 191 for (int i = 0; i < fixed_array_values->length(); i++) { 192 HandleScope scope(isolate); 193 if (fixed_array_values->get(i)->IsFixedArray()) { 194 // The value contains the constant_properties of a 195 // simple object or array literal. 196 Handle<FixedArray> fa(FixedArray::cast(fixed_array_values->get(i))); 197 Handle<Object> result; 198 ASSIGN_RETURN_ON_EXCEPTION( 199 isolate, result, 200 CreateLiteralBoilerplate(isolate, literals, fa, is_strong), 201 Object); 202 fixed_array_values_copy->set(i, *result); 203 } 204 } 205 } 206 } 207 object->set_elements(*copied_elements_values); 208 object->set_length(Smi::FromInt(copied_elements_values->length())); 209 210 JSObject::ValidateElements(object); 211 return object; 212 } 213 214 215 MUST_USE_RESULT static MaybeHandle<Object> CreateLiteralBoilerplate( 216 Isolate* isolate, Handle<LiteralsArray> literals, Handle<FixedArray> array, 217 bool is_strong) { 218 Handle<FixedArray> elements = CompileTimeValue::GetElements(array); 219 const bool kHasNoFunctionLiteral = false; 220 switch (CompileTimeValue::GetLiteralType(array)) { 221 case CompileTimeValue::OBJECT_LITERAL_FAST_ELEMENTS: 222 return CreateObjectLiteralBoilerplate(isolate, literals, elements, true, 223 kHasNoFunctionLiteral, is_strong); 224 case CompileTimeValue::OBJECT_LITERAL_SLOW_ELEMENTS: 225 return CreateObjectLiteralBoilerplate(isolate, literals, elements, false, 226 kHasNoFunctionLiteral, is_strong); 227 case CompileTimeValue::ARRAY_LITERAL: 228 return Runtime::CreateArrayLiteralBoilerplate(isolate, literals, 229 elements, is_strong); 230 default: 231 UNREACHABLE(); 232 return MaybeHandle<Object>(); 233 } 234 } 235 236 237 RUNTIME_FUNCTION(Runtime_CreateRegExpLiteral) { 238 HandleScope scope(isolate); 239 DCHECK_EQ(4, args.length()); 240 CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0); 241 CONVERT_SMI_ARG_CHECKED(index, 1); 242 CONVERT_ARG_HANDLE_CHECKED(String, pattern, 2); 243 CONVERT_SMI_ARG_CHECKED(flags, 3); 244 245 // Check if boilerplate exists. If not, create it first. 246 Handle<Object> boilerplate(closure->literals()->literal(index), isolate); 247 if (boilerplate->IsUndefined()) { 248 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 249 isolate, boilerplate, JSRegExp::New(pattern, JSRegExp::Flags(flags))); 250 closure->literals()->set_literal(index, *boilerplate); 251 } 252 return *JSRegExp::Copy(Handle<JSRegExp>::cast(boilerplate)); 253 } 254 255 256 RUNTIME_FUNCTION(Runtime_CreateObjectLiteral) { 257 HandleScope scope(isolate); 258 DCHECK_EQ(4, args.length()); 259 CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0); 260 CONVERT_SMI_ARG_CHECKED(literals_index, 1); 261 CONVERT_ARG_HANDLE_CHECKED(FixedArray, constant_properties, 2); 262 CONVERT_SMI_ARG_CHECKED(flags, 3); 263 Handle<LiteralsArray> literals(closure->literals(), isolate); 264 bool should_have_fast_elements = (flags & ObjectLiteral::kFastElements) != 0; 265 bool has_function_literal = (flags & ObjectLiteral::kHasFunction) != 0; 266 bool enable_mementos = (flags & ObjectLiteral::kDisableMementos) == 0; 267 bool is_strong = (flags & ObjectLiteral::kIsStrong) != 0; 268 269 RUNTIME_ASSERT(literals_index >= 0 && 270 literals_index < literals->literals_count()); 271 272 // Check if boilerplate exists. If not, create it first. 273 Handle<Object> literal_site(literals->literal(literals_index), isolate); 274 Handle<AllocationSite> site; 275 Handle<JSObject> boilerplate; 276 if (*literal_site == isolate->heap()->undefined_value()) { 277 Handle<Object> raw_boilerplate; 278 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 279 isolate, raw_boilerplate, 280 CreateObjectLiteralBoilerplate(isolate, literals, constant_properties, 281 should_have_fast_elements, 282 has_function_literal, is_strong)); 283 boilerplate = Handle<JSObject>::cast(raw_boilerplate); 284 285 AllocationSiteCreationContext creation_context(isolate); 286 site = creation_context.EnterNewScope(); 287 RETURN_FAILURE_ON_EXCEPTION( 288 isolate, JSObject::DeepWalk(boilerplate, &creation_context)); 289 creation_context.ExitScope(site, boilerplate); 290 291 // Update the functions literal and return the boilerplate. 292 literals->set_literal(literals_index, *site); 293 } else { 294 site = Handle<AllocationSite>::cast(literal_site); 295 boilerplate = 296 Handle<JSObject>(JSObject::cast(site->transition_info()), isolate); 297 } 298 299 AllocationSiteUsageContext usage_context(isolate, site, enable_mementos); 300 usage_context.EnterNewScope(); 301 MaybeHandle<Object> maybe_copy = 302 JSObject::DeepCopy(boilerplate, &usage_context); 303 usage_context.ExitScope(site, boilerplate); 304 Handle<Object> copy; 305 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, copy, maybe_copy); 306 return *copy; 307 } 308 309 310 MUST_USE_RESULT static MaybeHandle<AllocationSite> GetLiteralAllocationSite( 311 Isolate* isolate, Handle<LiteralsArray> literals, int literals_index, 312 Handle<FixedArray> elements, bool is_strong) { 313 // Check if boilerplate exists. If not, create it first. 314 Handle<Object> literal_site(literals->literal(literals_index), isolate); 315 Handle<AllocationSite> site; 316 if (*literal_site == isolate->heap()->undefined_value()) { 317 DCHECK(*elements != isolate->heap()->empty_fixed_array()); 318 Handle<Object> boilerplate; 319 ASSIGN_RETURN_ON_EXCEPTION( 320 isolate, boilerplate, 321 Runtime::CreateArrayLiteralBoilerplate(isolate, literals, elements, 322 is_strong), 323 AllocationSite); 324 325 AllocationSiteCreationContext creation_context(isolate); 326 site = creation_context.EnterNewScope(); 327 if (JSObject::DeepWalk(Handle<JSObject>::cast(boilerplate), 328 &creation_context).is_null()) { 329 return Handle<AllocationSite>::null(); 330 } 331 creation_context.ExitScope(site, Handle<JSObject>::cast(boilerplate)); 332 333 literals->set_literal(literals_index, *site); 334 } else { 335 site = Handle<AllocationSite>::cast(literal_site); 336 } 337 338 return site; 339 } 340 341 342 static MaybeHandle<JSObject> CreateArrayLiteralImpl( 343 Isolate* isolate, Handle<LiteralsArray> literals, int literals_index, 344 Handle<FixedArray> elements, int flags) { 345 RUNTIME_ASSERT_HANDLIFIED( 346 literals_index >= 0 && literals_index < literals->literals_count(), 347 JSObject); 348 Handle<AllocationSite> site; 349 bool is_strong = (flags & ArrayLiteral::kIsStrong) != 0; 350 ASSIGN_RETURN_ON_EXCEPTION( 351 isolate, site, 352 GetLiteralAllocationSite(isolate, literals, literals_index, elements, 353 is_strong), 354 JSObject); 355 356 bool enable_mementos = (flags & ArrayLiteral::kDisableMementos) == 0; 357 Handle<JSObject> boilerplate(JSObject::cast(site->transition_info())); 358 AllocationSiteUsageContext usage_context(isolate, site, enable_mementos); 359 usage_context.EnterNewScope(); 360 JSObject::DeepCopyHints hints = (flags & ArrayLiteral::kShallowElements) == 0 361 ? JSObject::kNoHints 362 : JSObject::kObjectIsShallow; 363 MaybeHandle<JSObject> copy = 364 JSObject::DeepCopy(boilerplate, &usage_context, hints); 365 usage_context.ExitScope(site, boilerplate); 366 return copy; 367 } 368 369 370 RUNTIME_FUNCTION(Runtime_CreateArrayLiteral) { 371 HandleScope scope(isolate); 372 DCHECK_EQ(4, args.length()); 373 CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0); 374 CONVERT_SMI_ARG_CHECKED(literals_index, 1); 375 CONVERT_ARG_HANDLE_CHECKED(FixedArray, elements, 2); 376 CONVERT_SMI_ARG_CHECKED(flags, 3); 377 378 Handle<JSObject> result; 379 Handle<LiteralsArray> literals(closure->literals(), isolate); 380 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 381 isolate, result, CreateArrayLiteralImpl(isolate, literals, literals_index, 382 elements, flags)); 383 return *result; 384 } 385 386 387 RUNTIME_FUNCTION(Runtime_CreateArrayLiteralStubBailout) { 388 HandleScope scope(isolate); 389 DCHECK_EQ(3, args.length()); 390 CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0); 391 CONVERT_SMI_ARG_CHECKED(literals_index, 1); 392 CONVERT_ARG_HANDLE_CHECKED(FixedArray, elements, 2); 393 394 Handle<JSObject> result; 395 Handle<LiteralsArray> literals(closure->literals(), isolate); 396 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 397 isolate, result, 398 CreateArrayLiteralImpl(isolate, literals, literals_index, elements, 399 ArrayLiteral::kShallowElements)); 400 return *result; 401 } 402 403 404 RUNTIME_FUNCTION(Runtime_StoreArrayLiteralElement) { 405 HandleScope scope(isolate); 406 RUNTIME_ASSERT(args.length() == 5); 407 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0); 408 CONVERT_SMI_ARG_CHECKED(store_index, 1); 409 CONVERT_ARG_HANDLE_CHECKED(Object, value, 2); 410 CONVERT_ARG_HANDLE_CHECKED(LiteralsArray, literals, 3); 411 CONVERT_SMI_ARG_CHECKED(literal_index, 4); 412 413 Object* raw_literal_cell = literals->literal(literal_index); 414 JSArray* boilerplate = NULL; 415 if (raw_literal_cell->IsAllocationSite()) { 416 AllocationSite* site = AllocationSite::cast(raw_literal_cell); 417 boilerplate = JSArray::cast(site->transition_info()); 418 } else { 419 boilerplate = JSArray::cast(raw_literal_cell); 420 } 421 Handle<JSArray> boilerplate_object(boilerplate); 422 ElementsKind elements_kind = object->GetElementsKind(); 423 DCHECK(IsFastElementsKind(elements_kind)); 424 // Smis should never trigger transitions. 425 DCHECK(!value->IsSmi()); 426 427 if (value->IsNumber()) { 428 DCHECK(IsFastSmiElementsKind(elements_kind)); 429 ElementsKind transitioned_kind = IsFastHoleyElementsKind(elements_kind) 430 ? FAST_HOLEY_DOUBLE_ELEMENTS 431 : FAST_DOUBLE_ELEMENTS; 432 if (IsMoreGeneralElementsKindTransition( 433 boilerplate_object->GetElementsKind(), transitioned_kind)) { 434 JSObject::TransitionElementsKind(boilerplate_object, transitioned_kind); 435 } 436 JSObject::TransitionElementsKind(object, transitioned_kind); 437 DCHECK(IsFastDoubleElementsKind(object->GetElementsKind())); 438 FixedDoubleArray* double_array = FixedDoubleArray::cast(object->elements()); 439 HeapNumber* number = HeapNumber::cast(*value); 440 double_array->set(store_index, number->Number()); 441 } else { 442 if (!IsFastObjectElementsKind(elements_kind)) { 443 ElementsKind transitioned_kind = IsFastHoleyElementsKind(elements_kind) 444 ? FAST_HOLEY_ELEMENTS 445 : FAST_ELEMENTS; 446 JSObject::TransitionElementsKind(object, transitioned_kind); 447 if (IsMoreGeneralElementsKindTransition( 448 boilerplate_object->GetElementsKind(), transitioned_kind)) { 449 JSObject::TransitionElementsKind(boilerplate_object, transitioned_kind); 450 } 451 } 452 FixedArray* object_array = FixedArray::cast(object->elements()); 453 object_array->set(store_index, *value); 454 } 455 return *object; 456 } 457 } // namespace internal 458 } // namespace v8 459
