1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "src/bootstrapper.h"
6 
7 #include "src/accessors.h"
8 #include "src/api-inl.h"
9 #include "src/api-natives.h"
10 #include "src/base/ieee754.h"
11 #include "src/code-stubs.h"
12 #include "src/compiler.h"
13 #include "src/debug/debug.h"
14 #include "src/extensions/externalize-string-extension.h"
15 #include "src/extensions/free-buffer-extension.h"
16 #include "src/extensions/gc-extension.h"
17 #include "src/extensions/ignition-statistics-extension.h"
18 #include "src/extensions/statistics-extension.h"
19 #include "src/extensions/trigger-failure-extension.h"
20 #include "src/heap/heap.h"
21 #include "src/isolate-inl.h"
22 #include "src/objects/api-callbacks.h"
23 #include "src/objects/arguments.h"
24 #include "src/objects/hash-table-inl.h"
25 #ifdef V8_INTL_SUPPORT
26 #include "src/objects/intl-objects.h"
27 #include "src/objects/js-collator.h"
28 #include "src/objects/js-list-format.h"
29 #include "src/objects/js-locale.h"
30 #endif  // V8_INTL_SUPPORT
31 #include "src/objects/js-array-buffer-inl.h"
32 #include "src/objects/js-array-inl.h"
33 #include "src/objects/js-regexp-string-iterator.h"
34 #include "src/objects/js-regexp.h"
35 #ifdef V8_INTL_SUPPORT
36 #include "src/objects/js-plural-rules.h"
37 #include "src/objects/js-relative-time-format.h"
38 #endif  // V8_INTL_SUPPORT
39 #include "src/objects/templates.h"
40 #include "src/snapshot/natives.h"
41 #include "src/snapshot/snapshot.h"
42 #include "src/wasm/wasm-js.h"
43 
44 namespace v8 {
45 namespace internal {
46 
Initialize(Isolate * isolate,bool create_heap_objects)47 void SourceCodeCache::Initialize(Isolate* isolate, bool create_heap_objects) {
48   cache_ = create_heap_objects ? ReadOnlyRoots(isolate).empty_fixed_array()
49                                : nullptr;
50 }
51 
Lookup(Isolate * isolate,Vector<const char> name,Handle<SharedFunctionInfo> * handle)52 bool SourceCodeCache::Lookup(Isolate* isolate, Vector<const char> name,
53                              Handle<SharedFunctionInfo>* handle) {
54   for (int i = 0; i < cache_->length(); i += 2) {
55     SeqOneByteString* str = SeqOneByteString::cast(cache_->get(i));
56     if (str->IsUtf8EqualTo(name)) {
57       *handle = Handle<SharedFunctionInfo>(
58           SharedFunctionInfo::cast(cache_->get(i + 1)), isolate);
59       return true;
60     }
61   }
62   return false;
63 }
64 
Add(Isolate * isolate,Vector<const char> name,Handle<SharedFunctionInfo> shared)65 void SourceCodeCache::Add(Isolate* isolate, Vector<const char> name,
66                           Handle<SharedFunctionInfo> shared) {
67   Factory* factory = isolate->factory();
68   HandleScope scope(isolate);
69   int length = cache_->length();
70   Handle<FixedArray> new_array = factory->NewFixedArray(length + 2, TENURED);
71   cache_->CopyTo(0, *new_array, 0, cache_->length());
72   cache_ = *new_array;
73   Handle<String> str =
74       factory->NewStringFromOneByte(Vector<const uint8_t>::cast(name), TENURED)
75           .ToHandleChecked();
76   DCHECK(!str.is_null());
77   cache_->set(length, *str);
78   cache_->set(length + 1, *shared);
79   Script::cast(shared->script())->set_type(type_);
80 }
81 
Bootstrapper(Isolate * isolate)82 Bootstrapper::Bootstrapper(Isolate* isolate)
83     : isolate_(isolate),
84       nesting_(0),
85       extensions_cache_(Script::TYPE_EXTENSION) {}
86 
GetNativeSource(NativeType type,int index)87 Handle<String> Bootstrapper::GetNativeSource(NativeType type, int index) {
88   NativesExternalStringResource* resource =
89       new NativesExternalStringResource(type, index);
90   Handle<ExternalOneByteString> source_code =
91       isolate_->factory()->NewNativeSourceString(resource);
92   DCHECK(source_code->is_short());
93   return source_code;
94 }
95 
Initialize(bool create_heap_objects)96 void Bootstrapper::Initialize(bool create_heap_objects) {
97   extensions_cache_.Initialize(isolate_, create_heap_objects);
98 }
99 
100 
GCFunctionName()101 static const char* GCFunctionName() {
102   bool flag_given =
103       FLAG_expose_gc_as != nullptr && strlen(FLAG_expose_gc_as) != 0;
104   return flag_given ? FLAG_expose_gc_as : "gc";
105 }
106 
107 v8::Extension* Bootstrapper::free_buffer_extension_ = nullptr;
108 v8::Extension* Bootstrapper::gc_extension_ = nullptr;
109 v8::Extension* Bootstrapper::externalize_string_extension_ = nullptr;
110 v8::Extension* Bootstrapper::statistics_extension_ = nullptr;
111 v8::Extension* Bootstrapper::trigger_failure_extension_ = nullptr;
112 v8::Extension* Bootstrapper::ignition_statistics_extension_ = nullptr;
113 
InitializeOncePerProcess()114 void Bootstrapper::InitializeOncePerProcess() {
115   free_buffer_extension_ = new FreeBufferExtension;
116   v8::RegisterExtension(free_buffer_extension_);
117   gc_extension_ = new GCExtension(GCFunctionName());
118   v8::RegisterExtension(gc_extension_);
119   externalize_string_extension_ = new ExternalizeStringExtension;
120   v8::RegisterExtension(externalize_string_extension_);
121   statistics_extension_ = new StatisticsExtension;
122   v8::RegisterExtension(statistics_extension_);
123   trigger_failure_extension_ = new TriggerFailureExtension;
124   v8::RegisterExtension(trigger_failure_extension_);
125   ignition_statistics_extension_ = new IgnitionStatisticsExtension;
126   v8::RegisterExtension(ignition_statistics_extension_);
127 }
128 
129 
TearDownExtensions()130 void Bootstrapper::TearDownExtensions() {
131   delete free_buffer_extension_;
132   free_buffer_extension_ = nullptr;
133   delete gc_extension_;
134   gc_extension_ = nullptr;
135   delete externalize_string_extension_;
136   externalize_string_extension_ = nullptr;
137   delete statistics_extension_;
138   statistics_extension_ = nullptr;
139   delete trigger_failure_extension_;
140   trigger_failure_extension_ = nullptr;
141   delete ignition_statistics_extension_;
142   ignition_statistics_extension_ = nullptr;
143 }
144 
TearDown()145 void Bootstrapper::TearDown() {
146   extensions_cache_.Initialize(isolate_, false);  // Yes, symmetrical
147 }
148 
149 
150 class Genesis BASE_EMBEDDED {
151  public:
152   Genesis(Isolate* isolate, MaybeHandle<JSGlobalProxy> maybe_global_proxy,
153           v8::Local<v8::ObjectTemplate> global_proxy_template,
154           size_t context_snapshot_index,
155           v8::DeserializeEmbedderFieldsCallback embedder_fields_deserializer,
156           GlobalContextType context_type);
157   Genesis(Isolate* isolate, MaybeHandle<JSGlobalProxy> maybe_global_proxy,
158           v8::Local<v8::ObjectTemplate> global_proxy_template);
~Genesis()159   ~Genesis() { }
160 
isolate() const161   Isolate* isolate() const { return isolate_; }
factory() const162   Factory* factory() const { return isolate_->factory(); }
builtins() const163   Builtins* builtins() const { return isolate_->builtins(); }
heap() const164   Heap* heap() const { return isolate_->heap(); }
165 
result()166   Handle<Context> result() { return result_; }
167 
global_proxy()168   Handle<JSGlobalProxy> global_proxy() { return global_proxy_; }
169 
170  private:
native_context()171   Handle<NativeContext> native_context() { return native_context_; }
172 
173   // Creates some basic objects. Used for creating a context from scratch.
174   void CreateRoots();
175   // Creates the empty function.  Used for creating a context from scratch.
176   Handle<JSFunction> CreateEmptyFunction();
177   // Returns the %ThrowTypeError% intrinsic function.
178   // See ES#sec-%throwtypeerror% for details.
179   Handle<JSFunction> GetThrowTypeErrorIntrinsic();
180 
181   void CreateSloppyModeFunctionMaps(Handle<JSFunction> empty);
182   void CreateStrictModeFunctionMaps(Handle<JSFunction> empty);
183   void CreateObjectFunction(Handle<JSFunction> empty);
184   void CreateIteratorMaps(Handle<JSFunction> empty);
185   void CreateAsyncIteratorMaps(Handle<JSFunction> empty);
186   void CreateAsyncFunctionMaps(Handle<JSFunction> empty);
187   void CreateJSProxyMaps();
188 
189   // Make the "arguments" and "caller" properties throw a TypeError on access.
190   void AddRestrictedFunctionProperties(Handle<JSFunction> empty);
191 
192   // Creates the global objects using the global proxy and the template passed
193   // in through the API.  We call this regardless of whether we are building a
194   // context from scratch or using a deserialized one from the partial snapshot
195   // but in the latter case we don't use the objects it produces directly, as
196   // we have to use the deserialized ones that are linked together with the
197   // rest of the context snapshot. At the end we link the global proxy and the
198   // context to each other.
199   Handle<JSGlobalObject> CreateNewGlobals(
200       v8::Local<v8::ObjectTemplate> global_proxy_template,
201       Handle<JSGlobalProxy> global_proxy);
202   // Similarly, we want to use the global that has been created by the templates
203   // passed through the API.  The global from the snapshot is detached from the
204   // other objects in the snapshot.
205   void HookUpGlobalObject(Handle<JSGlobalObject> global_object);
206   // Hooks the given global proxy into the context in the case we do not
207   // replace the global object from the deserialized native context.
208   void HookUpGlobalProxy(Handle<JSGlobalProxy> global_proxy);
209   // The native context has a ScriptContextTable that store declarative bindings
210   // made in script scopes.  Add a "this" binding to that table pointing to the
211   // global proxy.
212   void InstallGlobalThisBinding();
213   // New context initialization.  Used for creating a context from scratch.
214   void InitializeGlobal(Handle<JSGlobalObject> global_object,
215                         Handle<JSFunction> empty_function,
216                         GlobalContextType context_type);
217   void InitializeExperimentalGlobal();
218   // Depending on the situation, expose and/or get rid of the utils object.
219   void ConfigureUtilsObject(GlobalContextType context_type);
220 
221 #define DECLARE_FEATURE_INITIALIZATION(id, descr) \
222   void InitializeGlobal_##id();
223 
224   HARMONY_INPROGRESS(DECLARE_FEATURE_INITIALIZATION)
225   HARMONY_STAGED(DECLARE_FEATURE_INITIALIZATION)
226   HARMONY_SHIPPING(DECLARE_FEATURE_INITIALIZATION)
227 #undef DECLARE_FEATURE_INITIALIZATION
228 
229   enum ArrayBufferKind {
230     ARRAY_BUFFER,
231     SHARED_ARRAY_BUFFER,
232   };
233   Handle<JSFunction> CreateArrayBuffer(Handle<String> name,
234                                        ArrayBufferKind array_buffer_kind);
235   Handle<JSFunction> InstallInternalArray(Handle<JSObject> target,
236                                           const char* name,
237                                           ElementsKind elements_kind);
238   bool InstallNatives(GlobalContextType context_type);
239 
240   Handle<JSFunction> InstallTypedArray(const char* name,
241                                        ElementsKind elements_kind);
242   bool InstallExtraNatives();
243   bool InstallExperimentalExtraNatives();
244   bool InstallDebuggerNatives();
245   void InstallBuiltinFunctionIds();
246   void InstallExperimentalBuiltinFunctionIds();
247   void InitializeNormalizedMapCaches();
248 
249   enum ExtensionTraversalState {
250     UNVISITED, VISITED, INSTALLED
251   };
252 
253   class ExtensionStates {
254    public:
255     ExtensionStates();
256     ExtensionTraversalState get_state(RegisteredExtension* extension);
257     void set_state(RegisteredExtension* extension,
258                    ExtensionTraversalState state);
259    private:
260     base::HashMap map_;
261     DISALLOW_COPY_AND_ASSIGN(ExtensionStates);
262   };
263 
264   // Used both for deserialized and from-scratch contexts to add the extensions
265   // provided.
266   static bool InstallExtensions(Isolate* isolate,
267                                 Handle<Context> native_context,
268                                 v8::ExtensionConfiguration* extensions);
269   static bool InstallAutoExtensions(Isolate* isolate,
270                                     ExtensionStates* extension_states);
271   static bool InstallRequestedExtensions(Isolate* isolate,
272                                          v8::ExtensionConfiguration* extensions,
273                                          ExtensionStates* extension_states);
274   static bool InstallExtension(Isolate* isolate,
275                                const char* name,
276                                ExtensionStates* extension_states);
277   static bool InstallExtension(Isolate* isolate,
278                                v8::RegisteredExtension* current,
279                                ExtensionStates* extension_states);
280   static bool InstallSpecialObjects(Isolate* isolate,
281                                     Handle<Context> native_context);
282   bool ConfigureApiObject(Handle<JSObject> object,
283                           Handle<ObjectTemplateInfo> object_template);
284   bool ConfigureGlobalObjects(
285       v8::Local<v8::ObjectTemplate> global_proxy_template);
286 
287   // Migrates all properties from the 'from' object to the 'to'
288   // object and overrides the prototype in 'to' with the one from
289   // 'from'.
290   void TransferObject(Handle<JSObject> from, Handle<JSObject> to);
291   void TransferNamedProperties(Handle<JSObject> from, Handle<JSObject> to);
292   void TransferIndexedProperties(Handle<JSObject> from, Handle<JSObject> to);
293 
294   static bool CallUtilsFunction(Isolate* isolate, const char* name);
295 
296   static bool CompileExtension(Isolate* isolate, v8::Extension* extension);
297 
298   Isolate* isolate_;
299   Handle<Context> result_;
300   Handle<NativeContext> native_context_;
301   Handle<JSGlobalProxy> global_proxy_;
302 
303   // Temporary function maps needed only during bootstrapping.
304   Handle<Map> strict_function_with_home_object_map_;
305   Handle<Map> strict_function_with_name_and_home_object_map_;
306 
307   // %ThrowTypeError%. See ES#sec-%throwtypeerror% for details.
308   Handle<JSFunction> restricted_properties_thrower_;
309 
310   BootstrapperActive active_;
311   friend class Bootstrapper;
312 };
313 
Iterate(RootVisitor * v)314 void Bootstrapper::Iterate(RootVisitor* v) {
315   extensions_cache_.Iterate(v);
316   v->Synchronize(VisitorSynchronization::kExtensions);
317 }
318 
CreateEnvironment(MaybeHandle<JSGlobalProxy> maybe_global_proxy,v8::Local<v8::ObjectTemplate> global_proxy_template,v8::ExtensionConfiguration * extensions,size_t context_snapshot_index,v8::DeserializeEmbedderFieldsCallback embedder_fields_deserializer,GlobalContextType context_type)319 Handle<Context> Bootstrapper::CreateEnvironment(
320     MaybeHandle<JSGlobalProxy> maybe_global_proxy,
321     v8::Local<v8::ObjectTemplate> global_proxy_template,
322     v8::ExtensionConfiguration* extensions, size_t context_snapshot_index,
323     v8::DeserializeEmbedderFieldsCallback embedder_fields_deserializer,
324     GlobalContextType context_type) {
325   HandleScope scope(isolate_);
326   Handle<Context> env;
327   {
328     Genesis genesis(isolate_, maybe_global_proxy, global_proxy_template,
329                     context_snapshot_index, embedder_fields_deserializer,
330                     context_type);
331     env = genesis.result();
332     if (env.is_null() || !InstallExtensions(env, extensions)) {
333       return Handle<Context>();
334     }
335   }
336   // Log all maps created during bootstrapping.
337   if (FLAG_trace_maps) LOG(isolate_, LogMaps());
338   return scope.CloseAndEscape(env);
339 }
340 
NewRemoteContext(MaybeHandle<JSGlobalProxy> maybe_global_proxy,v8::Local<v8::ObjectTemplate> global_proxy_template)341 Handle<JSGlobalProxy> Bootstrapper::NewRemoteContext(
342     MaybeHandle<JSGlobalProxy> maybe_global_proxy,
343     v8::Local<v8::ObjectTemplate> global_proxy_template) {
344   HandleScope scope(isolate_);
345   Handle<JSGlobalProxy> global_proxy;
346   {
347     Genesis genesis(isolate_, maybe_global_proxy, global_proxy_template);
348     global_proxy = genesis.global_proxy();
349     if (global_proxy.is_null()) return Handle<JSGlobalProxy>();
350   }
351   // Log all maps created during bootstrapping.
352   if (FLAG_trace_maps) LOG(isolate_, LogMaps());
353   return scope.CloseAndEscape(global_proxy);
354 }
355 
DetachGlobal(Handle<Context> env)356 void Bootstrapper::DetachGlobal(Handle<Context> env) {
357   isolate_->counters()->errors_thrown_per_context()->AddSample(
358       env->GetErrorsThrown());
359 
360   ReadOnlyRoots roots(isolate_);
361   Handle<JSGlobalProxy> global_proxy(JSGlobalProxy::cast(env->global_proxy()),
362                                      isolate_);
363   global_proxy->set_native_context(roots.null_value());
364   JSObject::ForceSetPrototype(global_proxy, isolate_->factory()->null_value());
365   global_proxy->map()->SetConstructor(roots.null_value());
366   if (FLAG_track_detached_contexts) {
367     isolate_->AddDetachedContext(env);
368   }
369 }
370 
371 namespace {
372 
SimpleCreateSharedFunctionInfo(Isolate * isolate,Builtins::Name builtin_id,Handle<String> name,int len,FunctionKind kind=FunctionKind::kNormalFunction)373 V8_NOINLINE Handle<SharedFunctionInfo> SimpleCreateSharedFunctionInfo(
374     Isolate* isolate, Builtins::Name builtin_id, Handle<String> name, int len,
375     FunctionKind kind = FunctionKind::kNormalFunction) {
376   Handle<SharedFunctionInfo> shared =
377       isolate->factory()->NewSharedFunctionInfoForBuiltin(name, builtin_id,
378                                                           kind);
379   shared->set_internal_formal_parameter_count(len);
380   shared->set_length(len);
381   return shared;
382 }
383 
SimpleCreateBuiltinSharedFunctionInfo(Isolate * isolate,Builtins::Name builtin_id,Handle<String> name,int len)384 V8_NOINLINE Handle<SharedFunctionInfo> SimpleCreateBuiltinSharedFunctionInfo(
385     Isolate* isolate, Builtins::Name builtin_id, Handle<String> name, int len) {
386   Handle<SharedFunctionInfo> shared =
387       isolate->factory()->NewSharedFunctionInfoForBuiltin(name, builtin_id,
388                                                           kNormalFunction);
389   shared->set_internal_formal_parameter_count(len);
390   shared->set_length(len);
391   return shared;
392 }
393 
InstallFunction(Isolate * isolate,Handle<JSObject> target,Handle<Name> property_name,Handle<JSFunction> function,Handle<String> function_name,PropertyAttributes attributes=DONT_ENUM)394 V8_NOINLINE void InstallFunction(Isolate* isolate, Handle<JSObject> target,
395                                  Handle<Name> property_name,
396                                  Handle<JSFunction> function,
397                                  Handle<String> function_name,
398                                  PropertyAttributes attributes = DONT_ENUM) {
399   JSObject::AddProperty(isolate, target, property_name, function, attributes);
400 }
401 
InstallFunction(Isolate * isolate,Handle<JSObject> target,Handle<JSFunction> function,Handle<Name> name,PropertyAttributes attributes=DONT_ENUM)402 V8_NOINLINE void InstallFunction(Isolate* isolate, Handle<JSObject> target,
403                                  Handle<JSFunction> function, Handle<Name> name,
404                                  PropertyAttributes attributes = DONT_ENUM) {
405   Handle<String> name_string =
406       Name::ToFunctionName(isolate, name).ToHandleChecked();
407   InstallFunction(isolate, target, name, function, name_string, attributes);
408 }
409 
CreateFunction(Isolate * isolate,Handle<String> name,InstanceType type,int instance_size,int inobject_properties,MaybeHandle<Object> maybe_prototype,Builtins::Name builtin_id)410 V8_NOINLINE Handle<JSFunction> CreateFunction(
411     Isolate* isolate, Handle<String> name, InstanceType type, int instance_size,
412     int inobject_properties, MaybeHandle<Object> maybe_prototype,
413     Builtins::Name builtin_id) {
414   Handle<Object> prototype;
415   Handle<JSFunction> result;
416 
417   if (maybe_prototype.ToHandle(&prototype)) {
418     NewFunctionArgs args = NewFunctionArgs::ForBuiltinWithPrototype(
419         name, prototype, type, instance_size, inobject_properties, builtin_id,
420         IMMUTABLE);
421 
422     result = isolate->factory()->NewFunction(args);
423     // Make the JSFunction's prototype object fast.
424     JSObject::MakePrototypesFast(handle(result->prototype(), isolate),
425                                  kStartAtReceiver, isolate);
426   } else {
427     NewFunctionArgs args = NewFunctionArgs::ForBuiltinWithoutPrototype(
428         name, builtin_id, LanguageMode::kStrict);
429     result = isolate->factory()->NewFunction(args);
430   }
431 
432   // Make the resulting JSFunction object fast.
433   JSObject::MakePrototypesFast(result, kStartAtReceiver, isolate);
434   result->shared()->set_native(true);
435   return result;
436 }
437 
InstallFunction(Isolate * isolate,Handle<JSObject> target,Handle<Name> name,InstanceType type,int instance_size,int inobject_properties,MaybeHandle<Object> maybe_prototype,Builtins::Name call,PropertyAttributes attributes)438 V8_NOINLINE Handle<JSFunction> InstallFunction(
439     Isolate* isolate, Handle<JSObject> target, Handle<Name> name,
440     InstanceType type, int instance_size, int inobject_properties,
441     MaybeHandle<Object> maybe_prototype, Builtins::Name call,
442     PropertyAttributes attributes) {
443   Handle<String> name_string =
444       Name::ToFunctionName(isolate, name).ToHandleChecked();
445   Handle<JSFunction> function =
446       CreateFunction(isolate, name_string, type, instance_size,
447                      inobject_properties, maybe_prototype, call);
448   InstallFunction(isolate, target, name, function, name_string, attributes);
449   return function;
450 }
451 
InstallFunction(Isolate * isolate,Handle<JSObject> target,const char * name,InstanceType type,int instance_size,int inobject_properties,MaybeHandle<Object> maybe_prototype,Builtins::Name call)452 V8_NOINLINE Handle<JSFunction> InstallFunction(
453     Isolate* isolate, Handle<JSObject> target, const char* name,
454     InstanceType type, int instance_size, int inobject_properties,
455     MaybeHandle<Object> maybe_prototype, Builtins::Name call) {
456   PropertyAttributes attributes = DONT_ENUM;
457   return InstallFunction(
458       isolate, target, isolate->factory()->InternalizeUtf8String(name), type,
459       instance_size, inobject_properties, maybe_prototype, call, attributes);
460 }
461 
SimpleCreateFunction(Isolate * isolate,Handle<String> name,Builtins::Name call,int len,bool adapt)462 V8_NOINLINE Handle<JSFunction> SimpleCreateFunction(Isolate* isolate,
463                                                     Handle<String> name,
464                                                     Builtins::Name call,
465                                                     int len, bool adapt) {
466   Handle<JSFunction> fun =
467       CreateFunction(isolate, name, JS_OBJECT_TYPE, JSObject::kHeaderSize, 0,
468                      MaybeHandle<JSObject>(), call);
469   if (adapt) {
470     fun->shared()->set_internal_formal_parameter_count(len);
471   } else {
472     fun->shared()->DontAdaptArguments();
473   }
474   fun->shared()->set_length(len);
475   return fun;
476 }
477 
SimpleInstallFunction(Isolate * isolate,Handle<JSObject> base,Handle<Name> property_name,Handle<String> function_name,Builtins::Name call,int len,bool adapt,PropertyAttributes attrs=DONT_ENUM,BuiltinFunctionId id=BuiltinFunctionId::kInvalidBuiltinFunctionId)478 V8_NOINLINE Handle<JSFunction> SimpleInstallFunction(
479     Isolate* isolate, Handle<JSObject> base, Handle<Name> property_name,
480     Handle<String> function_name, Builtins::Name call, int len, bool adapt,
481     PropertyAttributes attrs = DONT_ENUM,
482     BuiltinFunctionId id = BuiltinFunctionId::kInvalidBuiltinFunctionId) {
483   Handle<JSFunction> fun =
484       SimpleCreateFunction(isolate, function_name, call, len, adapt);
485   if (id != BuiltinFunctionId::kInvalidBuiltinFunctionId) {
486     fun->shared()->set_builtin_function_id(id);
487   }
488   InstallFunction(isolate, base, fun, property_name, attrs);
489   return fun;
490 }
491 
SimpleInstallFunction(Isolate * isolate,Handle<JSObject> base,Handle<String> name,Builtins::Name call,int len,bool adapt,PropertyAttributes attrs=DONT_ENUM,BuiltinFunctionId id=BuiltinFunctionId::kInvalidBuiltinFunctionId)492 V8_NOINLINE Handle<JSFunction> SimpleInstallFunction(
493     Isolate* isolate, Handle<JSObject> base, Handle<String> name,
494     Builtins::Name call, int len, bool adapt,
495     PropertyAttributes attrs = DONT_ENUM,
496     BuiltinFunctionId id = BuiltinFunctionId::kInvalidBuiltinFunctionId) {
497   return SimpleInstallFunction(isolate, base, name, name, call, len, adapt,
498                                attrs, id);
499 }
500 
SimpleInstallFunction(Isolate * isolate,Handle<JSObject> base,Handle<Name> property_name,const char * function_name,Builtins::Name call,int len,bool adapt,PropertyAttributes attrs=DONT_ENUM,BuiltinFunctionId id=BuiltinFunctionId::kInvalidBuiltinFunctionId)501 V8_NOINLINE Handle<JSFunction> SimpleInstallFunction(
502     Isolate* isolate, Handle<JSObject> base, Handle<Name> property_name,
503     const char* function_name, Builtins::Name call, int len, bool adapt,
504     PropertyAttributes attrs = DONT_ENUM,
505     BuiltinFunctionId id = BuiltinFunctionId::kInvalidBuiltinFunctionId) {
506   // Function name does not have to be internalized.
507   return SimpleInstallFunction(
508       isolate, base, property_name,
509       isolate->factory()->NewStringFromAsciiChecked(function_name), call, len,
510       adapt, attrs, id);
511 }
512 
SimpleInstallFunction(Isolate * isolate,Handle<JSObject> base,const char * name,Builtins::Name call,int len,bool adapt,PropertyAttributes attrs=DONT_ENUM,BuiltinFunctionId id=BuiltinFunctionId::kInvalidBuiltinFunctionId)513 V8_NOINLINE Handle<JSFunction> SimpleInstallFunction(
514     Isolate* isolate, Handle<JSObject> base, const char* name,
515     Builtins::Name call, int len, bool adapt,
516     PropertyAttributes attrs = DONT_ENUM,
517     BuiltinFunctionId id = BuiltinFunctionId::kInvalidBuiltinFunctionId) {
518   // Although function name does not have to be internalized the property name
519   // will be internalized during property addition anyway, so do it here now.
520   return SimpleInstallFunction(isolate, base,
521                                isolate->factory()->InternalizeUtf8String(name),
522                                call, len, adapt, attrs, id);
523 }
524 
SimpleInstallFunction(Isolate * isolate,Handle<JSObject> base,const char * name,Builtins::Name call,int len,bool adapt,BuiltinFunctionId id)525 V8_NOINLINE Handle<JSFunction> SimpleInstallFunction(
526     Isolate* isolate, Handle<JSObject> base, const char* name,
527     Builtins::Name call, int len, bool adapt, BuiltinFunctionId id) {
528   return SimpleInstallFunction(isolate, base, name, call, len, adapt, DONT_ENUM,
529                                id);
530 }
531 
SimpleInstallGetterSetter(Isolate * isolate,Handle<JSObject> base,Handle<String> name,Builtins::Name call_getter,Builtins::Name call_setter,PropertyAttributes attribs)532 V8_NOINLINE void SimpleInstallGetterSetter(Isolate* isolate,
533                                            Handle<JSObject> base,
534                                            Handle<String> name,
535                                            Builtins::Name call_getter,
536                                            Builtins::Name call_setter,
537                                            PropertyAttributes attribs) {
538   Handle<String> getter_name =
539       Name::ToFunctionName(isolate, name, isolate->factory()->get_string())
540           .ToHandleChecked();
541   Handle<JSFunction> getter =
542       SimpleCreateFunction(isolate, getter_name, call_getter, 0, true);
543 
544   Handle<String> setter_name =
545       Name::ToFunctionName(isolate, name, isolate->factory()->set_string())
546           .ToHandleChecked();
547   Handle<JSFunction> setter =
548       SimpleCreateFunction(isolate, setter_name, call_setter, 1, true);
549 
550   JSObject::DefineAccessor(base, name, getter, setter, attribs).Check();
551 }
552 
SimpleInstallGetter(Isolate * isolate,Handle<JSObject> base,Handle<Name> name,Handle<Name> property_name,Builtins::Name call,bool adapt)553 V8_NOINLINE Handle<JSFunction> SimpleInstallGetter(
554     Isolate* isolate, Handle<JSObject> base, Handle<Name> name,
555     Handle<Name> property_name, Builtins::Name call, bool adapt) {
556   Handle<String> getter_name =
557       Name::ToFunctionName(isolate, name, isolate->factory()->get_string())
558           .ToHandleChecked();
559   Handle<JSFunction> getter =
560       SimpleCreateFunction(isolate, getter_name, call, 0, adapt);
561 
562   Handle<Object> setter = isolate->factory()->undefined_value();
563 
564   JSObject::DefineAccessor(base, property_name, getter, setter, DONT_ENUM)
565       .Check();
566 
567   return getter;
568 }
569 
SimpleInstallGetter(Isolate * isolate,Handle<JSObject> base,Handle<Name> name,Builtins::Name call,bool adapt)570 V8_NOINLINE Handle<JSFunction> SimpleInstallGetter(Isolate* isolate,
571                                                    Handle<JSObject> base,
572                                                    Handle<Name> name,
573                                                    Builtins::Name call,
574                                                    bool adapt) {
575   return SimpleInstallGetter(isolate, base, name, name, call, adapt);
576 }
577 
SimpleInstallGetter(Isolate * isolate,Handle<JSObject> base,Handle<Name> name,Builtins::Name call,bool adapt,BuiltinFunctionId id)578 V8_NOINLINE Handle<JSFunction> SimpleInstallGetter(
579     Isolate* isolate, Handle<JSObject> base, Handle<Name> name,
580     Builtins::Name call, bool adapt, BuiltinFunctionId id) {
581   Handle<JSFunction> fun =
582       SimpleInstallGetter(isolate, base, name, call, adapt);
583   fun->shared()->set_builtin_function_id(id);
584   return fun;
585 }
586 
InstallConstant(Isolate * isolate,Handle<JSObject> holder,const char * name,Handle<Object> value)587 V8_NOINLINE void InstallConstant(Isolate* isolate, Handle<JSObject> holder,
588                                  const char* name, Handle<Object> value) {
589   JSObject::AddProperty(
590       isolate, holder, isolate->factory()->NewStringFromAsciiChecked(name),
591       value,
592       static_cast<PropertyAttributes>(DONT_DELETE | DONT_ENUM | READ_ONLY));
593 }
594 
InstallSpeciesGetter(Isolate * isolate,Handle<JSFunction> constructor)595 V8_NOINLINE void InstallSpeciesGetter(Isolate* isolate,
596                                       Handle<JSFunction> constructor) {
597   Factory* factory = isolate->factory();
598   // TODO(adamk): We should be able to share a SharedFunctionInfo
599   // between all these JSFunctins.
600   SimpleInstallGetter(isolate, constructor, factory->symbol_species_string(),
601                       factory->species_symbol(), Builtins::kReturnReceiver,
602                       true);
603 }
604 
605 }  // namespace
606 
CreateEmptyFunction()607 Handle<JSFunction> Genesis::CreateEmptyFunction() {
608   // Allocate the function map first and then patch the prototype later.
609   Handle<Map> empty_function_map = factory()->CreateSloppyFunctionMap(
610       FUNCTION_WITHOUT_PROTOTYPE, MaybeHandle<JSFunction>());
611   empty_function_map->set_is_prototype_map(true);
612   DCHECK(!empty_function_map->is_dictionary_map());
613 
614   // Allocate ScopeInfo for the empty function.
615   Handle<ScopeInfo> scope_info = ScopeInfo::CreateForEmptyFunction(isolate());
616 
617   // Allocate the empty function as the prototype for function according to
618   // ES#sec-properties-of-the-function-prototype-object
619   NewFunctionArgs args = NewFunctionArgs::ForBuiltin(
620       factory()->empty_string(), empty_function_map, Builtins::kEmptyFunction);
621   Handle<JSFunction> empty_function = factory()->NewFunction(args);
622   native_context()->set_empty_function(*empty_function);
623 
624   // --- E m p t y ---
625   Handle<String> source = factory()->NewStringFromStaticChars("() {}");
626   Handle<Script> script = factory()->NewScript(source);
627   script->set_type(Script::TYPE_NATIVE);
628   Handle<WeakFixedArray> infos = factory()->NewWeakFixedArray(2);
629   script->set_shared_function_infos(*infos);
630   empty_function->shared()->set_scope_info(*scope_info);
631   empty_function->shared()->DontAdaptArguments();
632   SharedFunctionInfo::SetScript(handle(empty_function->shared(), isolate()),
633                                 script, 1);
634 
635   return empty_function;
636 }
637 
CreateSloppyModeFunctionMaps(Handle<JSFunction> empty)638 void Genesis::CreateSloppyModeFunctionMaps(Handle<JSFunction> empty) {
639   Factory* factory = isolate_->factory();
640   Handle<Map> map;
641 
642   //
643   // Allocate maps for sloppy functions without prototype.
644   //
645   map = factory->CreateSloppyFunctionMap(FUNCTION_WITHOUT_PROTOTYPE, empty);
646   native_context()->set_sloppy_function_without_prototype_map(*map);
647 
648   //
649   // Allocate maps for sloppy functions with readonly prototype.
650   //
651   map =
652       factory->CreateSloppyFunctionMap(FUNCTION_WITH_READONLY_PROTOTYPE, empty);
653   native_context()->set_sloppy_function_with_readonly_prototype_map(*map);
654 
655   //
656   // Allocate maps for sloppy functions with writable prototype.
657   //
658   map = factory->CreateSloppyFunctionMap(FUNCTION_WITH_WRITEABLE_PROTOTYPE,
659                                          empty);
660   native_context()->set_sloppy_function_map(*map);
661 
662   map = factory->CreateSloppyFunctionMap(
663       FUNCTION_WITH_NAME_AND_WRITEABLE_PROTOTYPE, empty);
664   native_context()->set_sloppy_function_with_name_map(*map);
665 }
666 
GetThrowTypeErrorIntrinsic()667 Handle<JSFunction> Genesis::GetThrowTypeErrorIntrinsic() {
668   if (!restricted_properties_thrower_.is_null()) {
669     return restricted_properties_thrower_;
670   }
671   Handle<String> name = factory()->empty_string();
672   NewFunctionArgs args = NewFunctionArgs::ForBuiltinWithoutPrototype(
673       name, Builtins::kStrictPoisonPillThrower, i::LanguageMode::kStrict);
674   Handle<JSFunction> function = factory()->NewFunction(args);
675   function->shared()->DontAdaptArguments();
676 
677   // %ThrowTypeError% must not have a name property.
678   if (JSReceiver::DeleteProperty(function, factory()->name_string())
679           .IsNothing()) {
680     DCHECK(false);
681   }
682 
683   // length needs to be non configurable.
684   Handle<Object> value(Smi::FromInt(function->shared()->GetLength()),
685                        isolate());
686   JSObject::SetOwnPropertyIgnoreAttributes(
687       function, factory()->length_string(), value,
688       static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY))
689       .Assert();
690 
691   if (JSObject::PreventExtensions(function, kThrowOnError).IsNothing()) {
692     DCHECK(false);
693   }
694 
695   JSObject::MigrateSlowToFast(function, 0, "Bootstrapping");
696 
697   restricted_properties_thrower_ = function;
698   return function;
699 }
700 
CreateStrictModeFunctionMaps(Handle<JSFunction> empty)701 void Genesis::CreateStrictModeFunctionMaps(Handle<JSFunction> empty) {
702   Factory* factory = isolate_->factory();
703   Handle<Map> map;
704 
705   //
706   // Allocate maps for strict functions without prototype.
707   //
708   map = factory->CreateStrictFunctionMap(FUNCTION_WITHOUT_PROTOTYPE, empty);
709   native_context()->set_strict_function_without_prototype_map(*map);
710 
711   map = factory->CreateStrictFunctionMap(METHOD_WITH_NAME, empty);
712   native_context()->set_method_with_name_map(*map);
713 
714   map = factory->CreateStrictFunctionMap(METHOD_WITH_HOME_OBJECT, empty);
715   native_context()->set_method_with_home_object_map(*map);
716 
717   map =
718       factory->CreateStrictFunctionMap(METHOD_WITH_NAME_AND_HOME_OBJECT, empty);
719   native_context()->set_method_with_name_and_home_object_map(*map);
720 
721   //
722   // Allocate maps for strict functions with writable prototype.
723   //
724   map = factory->CreateStrictFunctionMap(FUNCTION_WITH_WRITEABLE_PROTOTYPE,
725                                          empty);
726   native_context()->set_strict_function_map(*map);
727 
728   map = factory->CreateStrictFunctionMap(
729       FUNCTION_WITH_NAME_AND_WRITEABLE_PROTOTYPE, empty);
730   native_context()->set_strict_function_with_name_map(*map);
731 
732   strict_function_with_home_object_map_ = factory->CreateStrictFunctionMap(
733       FUNCTION_WITH_HOME_OBJECT_AND_WRITEABLE_PROTOTYPE, empty);
734   strict_function_with_name_and_home_object_map_ =
735       factory->CreateStrictFunctionMap(
736           FUNCTION_WITH_NAME_AND_HOME_OBJECT_AND_WRITEABLE_PROTOTYPE, empty);
737 
738   //
739   // Allocate maps for strict functions with readonly prototype.
740   //
741   map =
742       factory->CreateStrictFunctionMap(FUNCTION_WITH_READONLY_PROTOTYPE, empty);
743   native_context()->set_strict_function_with_readonly_prototype_map(*map);
744 
745   //
746   // Allocate map for class functions.
747   //
748   map = factory->CreateClassFunctionMap(empty);
749   native_context()->set_class_function_map(*map);
750 
751   // Now that the strict mode function map is available, set up the
752   // restricted "arguments" and "caller" getters.
753   AddRestrictedFunctionProperties(empty);
754 }
755 
CreateObjectFunction(Handle<JSFunction> empty_function)756 void Genesis::CreateObjectFunction(Handle<JSFunction> empty_function) {
757   Factory* factory = isolate_->factory();
758 
759   // --- O b j e c t ---
760   int inobject_properties = JSObject::kInitialGlobalObjectUnusedPropertiesCount;
761   int instance_size =
762       JSObject::kHeaderSize + kPointerSize * inobject_properties;
763 
764   Handle<JSFunction> object_fun = CreateFunction(
765       isolate_, factory->Object_string(), JS_OBJECT_TYPE, instance_size,
766       inobject_properties, factory->null_value(), Builtins::kObjectConstructor);
767   object_fun->shared()->set_length(1);
768   object_fun->shared()->DontAdaptArguments();
769   native_context()->set_object_function(*object_fun);
770 
771   {
772     // Finish setting up Object function's initial map.
773     Map* initial_map = object_fun->initial_map();
774     initial_map->set_elements_kind(HOLEY_ELEMENTS);
775   }
776 
777   // Allocate a new prototype for the object function.
778   Handle<JSObject> object_function_prototype =
779       factory->NewFunctionPrototype(object_fun);
780 
781   Handle<Map> map =
782       Map::Copy(isolate(), handle(object_function_prototype->map(), isolate()),
783                 "EmptyObjectPrototype");
784   map->set_is_prototype_map(true);
785   // Ban re-setting Object.prototype.__proto__ to prevent Proxy security bug
786   map->set_is_immutable_proto(true);
787   object_function_prototype->set_map(*map);
788 
789   // Complete setting up empty function.
790   {
791     Handle<Map> empty_function_map(empty_function->map(), isolate_);
792     Map::SetPrototype(isolate(), empty_function_map, object_function_prototype);
793   }
794 
795   native_context()->set_initial_object_prototype(*object_function_prototype);
796   JSFunction::SetPrototype(object_fun, object_function_prototype);
797 
798   {
799     // Set up slow map for Object.create(null) instances without in-object
800     // properties.
801     Handle<Map> map(object_fun->initial_map(), isolate_);
802     map = Map::CopyInitialMapNormalized(isolate(), map);
803     Map::SetPrototype(isolate(), map, factory->null_value());
804     native_context()->set_slow_object_with_null_prototype_map(*map);
805 
806     // Set up slow map for literals with too many properties.
807     map = Map::Copy(isolate(), map, "slow_object_with_object_prototype_map");
808     Map::SetPrototype(isolate(), map, object_function_prototype);
809     native_context()->set_slow_object_with_object_prototype_map(*map);
810   }
811 }
812 
813 namespace {
814 
CreateNonConstructorMap(Isolate * isolate,Handle<Map> source_map,Handle<JSObject> prototype,const char * reason)815 Handle<Map> CreateNonConstructorMap(Isolate* isolate, Handle<Map> source_map,
816                                     Handle<JSObject> prototype,
817                                     const char* reason) {
818   Handle<Map> map = Map::Copy(isolate, source_map, reason);
819   // Ensure the resulting map has prototype slot (it is necessary for storing
820   // inital map even when the prototype property is not required).
821   if (!map->has_prototype_slot()) {
822     // Re-set the unused property fields after changing the instance size.
823     // TODO(ulan): Do not change instance size after map creation.
824     int unused_property_fields = map->UnusedPropertyFields();
825     map->set_instance_size(map->instance_size() + kPointerSize);
826     // The prototype slot shifts the in-object properties area by one slot.
827     map->SetInObjectPropertiesStartInWords(
828         map->GetInObjectPropertiesStartInWords() + 1);
829     map->set_has_prototype_slot(true);
830     map->SetInObjectUnusedPropertyFields(unused_property_fields);
831   }
832   map->set_is_constructor(false);
833   Map::SetPrototype(isolate, map, prototype);
834   return map;
835 }
836 
837 }  // namespace
838 
CreateIteratorMaps(Handle<JSFunction> empty)839 void Genesis::CreateIteratorMaps(Handle<JSFunction> empty) {
840   // Create iterator-related meta-objects.
841   Handle<JSObject> iterator_prototype =
842       factory()->NewJSObject(isolate()->object_function(), TENURED);
843 
844   SimpleInstallFunction(isolate(), iterator_prototype,
845                         factory()->iterator_symbol(), "[Symbol.iterator]",
846                         Builtins::kReturnReceiver, 0, true);
847   native_context()->set_initial_iterator_prototype(*iterator_prototype);
848 
849   Handle<JSObject> generator_object_prototype =
850       factory()->NewJSObject(isolate()->object_function(), TENURED);
851   native_context()->set_initial_generator_prototype(
852       *generator_object_prototype);
853   JSObject::ForceSetPrototype(generator_object_prototype, iterator_prototype);
854   Handle<JSObject> generator_function_prototype =
855       factory()->NewJSObject(isolate()->object_function(), TENURED);
856   JSObject::ForceSetPrototype(generator_function_prototype, empty);
857 
858   JSObject::AddProperty(
859       isolate(), generator_function_prototype,
860       factory()->to_string_tag_symbol(),
861       factory()->NewStringFromAsciiChecked("GeneratorFunction"),
862       static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
863   JSObject::AddProperty(isolate(), generator_function_prototype,
864                         factory()->prototype_string(),
865                         generator_object_prototype,
866                         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
867 
868   JSObject::AddProperty(isolate(), generator_object_prototype,
869                         factory()->constructor_string(),
870                         generator_function_prototype,
871                         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
872   JSObject::AddProperty(isolate(), generator_object_prototype,
873                         factory()->to_string_tag_symbol(),
874                         factory()->NewStringFromAsciiChecked("Generator"),
875                         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
876   SimpleInstallFunction(isolate(), generator_object_prototype, "next",
877                         Builtins::kGeneratorPrototypeNext, 1, false);
878   SimpleInstallFunction(isolate(), generator_object_prototype, "return",
879                         Builtins::kGeneratorPrototypeReturn, 1, false);
880   SimpleInstallFunction(isolate(), generator_object_prototype, "throw",
881                         Builtins::kGeneratorPrototypeThrow, 1, false);
882 
883   // Internal version of generator_prototype_next, flagged as non-native such
884   // that it doesn't show up in Error traces.
885   Handle<JSFunction> generator_next_internal =
886       SimpleCreateFunction(isolate(), factory()->next_string(),
887                            Builtins::kGeneratorPrototypeNext, 1, false);
888   generator_next_internal->shared()->set_native(false);
889   native_context()->set_generator_next_internal(*generator_next_internal);
890 
891   // Create maps for generator functions and their prototypes.  Store those
892   // maps in the native context. The "prototype" property descriptor is
893   // writable, non-enumerable, and non-configurable (as per ES6 draft
894   // 04-14-15, section 25.2.4.3).
895   // Generator functions do not have "caller" or "arguments" accessors.
896   Handle<Map> map;
897   map = CreateNonConstructorMap(isolate(), isolate()->strict_function_map(),
898                                 generator_function_prototype,
899                                 "GeneratorFunction");
900   native_context()->set_generator_function_map(*map);
901 
902   map = CreateNonConstructorMap(
903       isolate(), isolate()->strict_function_with_name_map(),
904       generator_function_prototype, "GeneratorFunction with name");
905   native_context()->set_generator_function_with_name_map(*map);
906 
907   map = CreateNonConstructorMap(
908       isolate(), strict_function_with_home_object_map_,
909       generator_function_prototype, "GeneratorFunction with home object");
910   native_context()->set_generator_function_with_home_object_map(*map);
911 
912   map = CreateNonConstructorMap(isolate(),
913                                 strict_function_with_name_and_home_object_map_,
914                                 generator_function_prototype,
915                                 "GeneratorFunction with name and home object");
916   native_context()->set_generator_function_with_name_and_home_object_map(*map);
917 
918   Handle<JSFunction> object_function(native_context()->object_function(),
919                                      isolate());
920   Handle<Map> generator_object_prototype_map = Map::Create(isolate(), 0);
921   Map::SetPrototype(isolate(), generator_object_prototype_map,
922                     generator_object_prototype);
923   native_context()->set_generator_object_prototype_map(
924       *generator_object_prototype_map);
925 }
926 
CreateAsyncIteratorMaps(Handle<JSFunction> empty)927 void Genesis::CreateAsyncIteratorMaps(Handle<JSFunction> empty) {
928   // %AsyncIteratorPrototype%
929   // proposal-async-iteration/#sec-asynciteratorprototype
930   Handle<JSObject> async_iterator_prototype =
931       factory()->NewJSObject(isolate()->object_function(), TENURED);
932 
933   SimpleInstallFunction(
934       isolate(), async_iterator_prototype, factory()->async_iterator_symbol(),
935       "[Symbol.asyncIterator]", Builtins::kReturnReceiver, 0, true);
936 
937   // %AsyncFromSyncIteratorPrototype%
938   // proposal-async-iteration/#sec-%asyncfromsynciteratorprototype%-object
939   Handle<JSObject> async_from_sync_iterator_prototype =
940       factory()->NewJSObject(isolate()->object_function(), TENURED);
941   SimpleInstallFunction(isolate(), async_from_sync_iterator_prototype,
942                         factory()->next_string(),
943                         Builtins::kAsyncFromSyncIteratorPrototypeNext, 1, true);
944   SimpleInstallFunction(
945       isolate(), async_from_sync_iterator_prototype, factory()->return_string(),
946       Builtins::kAsyncFromSyncIteratorPrototypeReturn, 1, true);
947   SimpleInstallFunction(
948       isolate(), async_from_sync_iterator_prototype, factory()->throw_string(),
949       Builtins::kAsyncFromSyncIteratorPrototypeThrow, 1, true);
950 
951   JSObject::AddProperty(
952       isolate(), async_from_sync_iterator_prototype,
953       factory()->to_string_tag_symbol(),
954       factory()->NewStringFromAsciiChecked("Async-from-Sync Iterator"),
955       static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
956 
957   JSObject::ForceSetPrototype(async_from_sync_iterator_prototype,
958                               async_iterator_prototype);
959 
960   Handle<Map> async_from_sync_iterator_map = factory()->NewMap(
961       JS_ASYNC_FROM_SYNC_ITERATOR_TYPE, JSAsyncFromSyncIterator::kSize);
962   Map::SetPrototype(isolate(), async_from_sync_iterator_map,
963                     async_from_sync_iterator_prototype);
964   native_context()->set_async_from_sync_iterator_map(
965       *async_from_sync_iterator_map);
966 
967   // Async Generators
968   Handle<String> AsyncGeneratorFunction_string =
969       factory()->NewStringFromAsciiChecked("AsyncGeneratorFunction", TENURED);
970 
971   Handle<JSObject> async_generator_object_prototype =
972       factory()->NewJSObject(isolate()->object_function(), TENURED);
973   Handle<JSObject> async_generator_function_prototype =
974       factory()->NewJSObject(isolate()->object_function(), TENURED);
975 
976   // %AsyncGenerator% / %AsyncGeneratorFunction%.prototype
977   JSObject::ForceSetPrototype(async_generator_function_prototype, empty);
978 
979   // The value of AsyncGeneratorFunction.prototype.prototype is the
980   //     %AsyncGeneratorPrototype% intrinsic object.
981   // This property has the attributes
982   //     { [[Writable]]: false, [[Enumerable]]: false, [[Configurable]]: true }.
983   JSObject::AddProperty(isolate(), async_generator_function_prototype,
984                         factory()->prototype_string(),
985                         async_generator_object_prototype,
986                         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
987   JSObject::AddProperty(isolate(), async_generator_object_prototype,
988                         factory()->constructor_string(),
989                         async_generator_function_prototype,
990                         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
991   JSObject::AddProperty(isolate(), async_generator_function_prototype,
992                         factory()->to_string_tag_symbol(),
993                         AsyncGeneratorFunction_string,
994                         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
995 
996   // %AsyncGeneratorPrototype%
997   JSObject::ForceSetPrototype(async_generator_object_prototype,
998                               async_iterator_prototype);
999   native_context()->set_initial_async_generator_prototype(
1000       *async_generator_object_prototype);
1001 
1002   JSObject::AddProperty(isolate(), async_generator_object_prototype,
1003                         factory()->to_string_tag_symbol(),
1004                         factory()->NewStringFromAsciiChecked("AsyncGenerator"),
1005                         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
1006   SimpleInstallFunction(isolate(), async_generator_object_prototype, "next",
1007                         Builtins::kAsyncGeneratorPrototypeNext, 1, false);
1008   SimpleInstallFunction(isolate(), async_generator_object_prototype, "return",
1009                         Builtins::kAsyncGeneratorPrototypeReturn, 1, false);
1010   SimpleInstallFunction(isolate(), async_generator_object_prototype, "throw",
1011                         Builtins::kAsyncGeneratorPrototypeThrow, 1, false);
1012 
1013   // Create maps for generator functions and their prototypes.  Store those
1014   // maps in the native context. The "prototype" property descriptor is
1015   // writable, non-enumerable, and non-configurable (as per ES6 draft
1016   // 04-14-15, section 25.2.4.3).
1017   // Async Generator functions do not have "caller" or "arguments" accessors.
1018   Handle<Map> map;
1019   map = CreateNonConstructorMap(isolate(), isolate()->strict_function_map(),
1020                                 async_generator_function_prototype,
1021                                 "AsyncGeneratorFunction");
1022   native_context()->set_async_generator_function_map(*map);
1023 
1024   map = CreateNonConstructorMap(
1025       isolate(), isolate()->strict_function_with_name_map(),
1026       async_generator_function_prototype, "AsyncGeneratorFunction with name");
1027   native_context()->set_async_generator_function_with_name_map(*map);
1028 
1029   map =
1030       CreateNonConstructorMap(isolate(), strict_function_with_home_object_map_,
1031                               async_generator_function_prototype,
1032                               "AsyncGeneratorFunction with home object");
1033   native_context()->set_async_generator_function_with_home_object_map(*map);
1034 
1035   map = CreateNonConstructorMap(
1036       isolate(), strict_function_with_name_and_home_object_map_,
1037       async_generator_function_prototype,
1038       "AsyncGeneratorFunction with name and home object");
1039   native_context()->set_async_generator_function_with_name_and_home_object_map(
1040       *map);
1041 
1042   Handle<JSFunction> object_function(native_context()->object_function(),
1043                                      isolate());
1044   Handle<Map> async_generator_object_prototype_map = Map::Create(isolate(), 0);
1045   Map::SetPrototype(isolate(), async_generator_object_prototype_map,
1046                     async_generator_object_prototype);
1047   native_context()->set_async_generator_object_prototype_map(
1048       *async_generator_object_prototype_map);
1049 }
1050 
CreateAsyncFunctionMaps(Handle<JSFunction> empty)1051 void Genesis::CreateAsyncFunctionMaps(Handle<JSFunction> empty) {
1052   // %AsyncFunctionPrototype% intrinsic
1053   Handle<JSObject> async_function_prototype =
1054       factory()->NewJSObject(isolate()->object_function(), TENURED);
1055   JSObject::ForceSetPrototype(async_function_prototype, empty);
1056 
1057   JSObject::AddProperty(isolate(), async_function_prototype,
1058                         factory()->to_string_tag_symbol(),
1059                         factory()->NewStringFromAsciiChecked("AsyncFunction"),
1060                         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
1061 
1062   Handle<Map> map;
1063   map = CreateNonConstructorMap(
1064       isolate(), isolate()->strict_function_without_prototype_map(),
1065       async_function_prototype, "AsyncFunction");
1066   native_context()->set_async_function_map(*map);
1067 
1068   map = CreateNonConstructorMap(isolate(), isolate()->method_with_name_map(),
1069                                 async_function_prototype,
1070                                 "AsyncFunction with name");
1071   native_context()->set_async_function_with_name_map(*map);
1072 
1073   map = CreateNonConstructorMap(
1074       isolate(), isolate()->method_with_home_object_map(),
1075       async_function_prototype, "AsyncFunction with home object");
1076   native_context()->set_async_function_with_home_object_map(*map);
1077 
1078   map = CreateNonConstructorMap(
1079       isolate(), isolate()->method_with_name_and_home_object_map(),
1080       async_function_prototype, "AsyncFunction with name and home object");
1081   native_context()->set_async_function_with_name_and_home_object_map(*map);
1082 }
1083 
CreateJSProxyMaps()1084 void Genesis::CreateJSProxyMaps() {
1085   // Allocate maps for all Proxy types.
1086   // Next to the default proxy, we need maps indicating callable and
1087   // constructable proxies.
1088   Handle<Map> proxy_map = factory()->NewMap(JS_PROXY_TYPE, JSProxy::kSize,
1089                                             TERMINAL_FAST_ELEMENTS_KIND);
1090   proxy_map->set_is_dictionary_map(true);
1091   proxy_map->set_may_have_interesting_symbols(true);
1092   native_context()->set_proxy_map(*proxy_map);
1093 
1094   Handle<Map> proxy_callable_map =
1095       Map::Copy(isolate_, proxy_map, "callable Proxy");
1096   proxy_callable_map->set_is_callable(true);
1097   native_context()->set_proxy_callable_map(*proxy_callable_map);
1098   proxy_callable_map->SetConstructor(native_context()->function_function());
1099 
1100   Handle<Map> proxy_constructor_map =
1101       Map::Copy(isolate_, proxy_callable_map, "constructor Proxy");
1102   proxy_constructor_map->set_is_constructor(true);
1103   native_context()->set_proxy_constructor_map(*proxy_constructor_map);
1104 
1105   {
1106     Handle<Map> map =
1107         factory()->NewMap(JS_OBJECT_TYPE, JSProxyRevocableResult::kSize,
1108                           TERMINAL_FAST_ELEMENTS_KIND, 2);
1109     Map::EnsureDescriptorSlack(isolate_, map, 2);
1110 
1111     {  // proxy
1112       Descriptor d = Descriptor::DataField(isolate(), factory()->proxy_string(),
1113                                            JSProxyRevocableResult::kProxyIndex,
1114                                            NONE, Representation::Tagged());
1115       map->AppendDescriptor(&d);
1116     }
1117     {  // revoke
1118       Descriptor d = Descriptor::DataField(
1119           isolate(), factory()->revoke_string(),
1120           JSProxyRevocableResult::kRevokeIndex, NONE, Representation::Tagged());
1121       map->AppendDescriptor(&d);
1122     }
1123 
1124     Map::SetPrototype(isolate(), map, isolate()->initial_object_prototype());
1125     map->SetConstructor(native_context()->object_function());
1126 
1127     native_context()->set_proxy_revocable_result_map(*map);
1128   }
1129 }
1130 
1131 namespace {
ReplaceAccessors(Isolate * isolate,Handle<Map> map,Handle<String> name,PropertyAttributes attributes,Handle<AccessorPair> accessor_pair)1132 void ReplaceAccessors(Isolate* isolate, Handle<Map> map, Handle<String> name,
1133                       PropertyAttributes attributes,
1134                       Handle<AccessorPair> accessor_pair) {
1135   DescriptorArray* descriptors = map->instance_descriptors();
1136   int idx = descriptors->SearchWithCache(isolate, *name, *map);
1137   Descriptor d = Descriptor::AccessorConstant(name, accessor_pair, attributes);
1138   descriptors->Replace(idx, &d);
1139 }
1140 }  // namespace
1141 
AddRestrictedFunctionProperties(Handle<JSFunction> empty)1142 void Genesis::AddRestrictedFunctionProperties(Handle<JSFunction> empty) {
1143   PropertyAttributes rw_attribs = static_cast<PropertyAttributes>(DONT_ENUM);
1144   Handle<JSFunction> thrower = GetThrowTypeErrorIntrinsic();
1145   Handle<AccessorPair> accessors = factory()->NewAccessorPair();
1146   accessors->set_getter(*thrower);
1147   accessors->set_setter(*thrower);
1148 
1149   Handle<Map> map(empty->map(), isolate());
1150   ReplaceAccessors(isolate(), map, factory()->arguments_string(), rw_attribs,
1151                    accessors);
1152   ReplaceAccessors(isolate(), map, factory()->caller_string(), rw_attribs,
1153                    accessors);
1154 }
1155 
AddToWeakNativeContextList(Isolate * isolate,Context * context)1156 static void AddToWeakNativeContextList(Isolate* isolate, Context* context) {
1157   DCHECK(context->IsNativeContext());
1158   Heap* heap = isolate->heap();
1159 #ifdef DEBUG
1160   { // NOLINT
1161     DCHECK(context->next_context_link()->IsUndefined(isolate));
1162     // Check that context is not in the list yet.
1163     for (Object* current = heap->native_contexts_list();
1164          !current->IsUndefined(isolate);
1165          current = Context::cast(current)->next_context_link()) {
1166       DCHECK(current != context);
1167     }
1168   }
1169 #endif
1170   context->set(Context::NEXT_CONTEXT_LINK, heap->native_contexts_list(),
1171                UPDATE_WEAK_WRITE_BARRIER);
1172   heap->set_native_contexts_list(context);
1173 }
1174 
1175 
CreateRoots()1176 void Genesis::CreateRoots() {
1177   // Allocate the native context FixedArray first and then patch the
1178   // closure and extension object later (we need the empty function
1179   // and the global object, but in order to create those, we need the
1180   // native context).
1181   native_context_ = factory()->NewNativeContext();
1182   AddToWeakNativeContextList(isolate(), *native_context());
1183   isolate()->set_context(*native_context());
1184 
1185   // Allocate the message listeners object.
1186   {
1187     Handle<TemplateList> list = TemplateList::New(isolate(), 1);
1188     native_context()->set_message_listeners(*list);
1189   }
1190 }
1191 
1192 
InstallGlobalThisBinding()1193 void Genesis::InstallGlobalThisBinding() {
1194   Handle<ScriptContextTable> script_contexts(
1195       native_context()->script_context_table(), isolate());
1196   Handle<ScopeInfo> scope_info = ScopeInfo::CreateGlobalThisBinding(isolate());
1197   Handle<Context> context =
1198       factory()->NewScriptContext(native_context(), scope_info);
1199 
1200   // Go ahead and hook it up while we're at it.
1201   int slot = scope_info->ReceiverContextSlotIndex();
1202   DCHECK_EQ(slot, Context::MIN_CONTEXT_SLOTS);
1203   context->set(slot, native_context()->global_proxy());
1204 
1205   Handle<ScriptContextTable> new_script_contexts =
1206       ScriptContextTable::Extend(script_contexts, context);
1207   native_context()->set_script_context_table(*new_script_contexts);
1208 }
1209 
1210 
CreateNewGlobals(v8::Local<v8::ObjectTemplate> global_proxy_template,Handle<JSGlobalProxy> global_proxy)1211 Handle<JSGlobalObject> Genesis::CreateNewGlobals(
1212     v8::Local<v8::ObjectTemplate> global_proxy_template,
1213     Handle<JSGlobalProxy> global_proxy) {
1214   // The argument global_proxy_template aka data is an ObjectTemplateInfo.
1215   // It has a constructor pointer that points at global_constructor which is a
1216   // FunctionTemplateInfo.
1217   // The global_proxy_constructor is used to (re)initialize the
1218   // global_proxy. The global_proxy_constructor also has a prototype_template
1219   // pointer that points at js_global_object_template which is an
1220   // ObjectTemplateInfo.
1221   // That in turn has a constructor pointer that points at
1222   // js_global_object_constructor which is a FunctionTemplateInfo.
1223   // js_global_object_constructor is used to make js_global_object_function
1224   // js_global_object_function is used to make the new global_object.
1225   //
1226   // --- G l o b a l ---
1227   // Step 1: Create a fresh JSGlobalObject.
1228   Handle<JSFunction> js_global_object_function;
1229   Handle<ObjectTemplateInfo> js_global_object_template;
1230   if (!global_proxy_template.IsEmpty()) {
1231     // Get prototype template of the global_proxy_template.
1232     Handle<ObjectTemplateInfo> data =
1233         v8::Utils::OpenHandle(*global_proxy_template);
1234     Handle<FunctionTemplateInfo> global_constructor =
1235         Handle<FunctionTemplateInfo>(
1236             FunctionTemplateInfo::cast(data->constructor()), isolate());
1237     Handle<Object> proto_template(global_constructor->prototype_template(),
1238                                   isolate());
1239     if (!proto_template->IsUndefined(isolate())) {
1240       js_global_object_template =
1241           Handle<ObjectTemplateInfo>::cast(proto_template);
1242     }
1243   }
1244 
1245   if (js_global_object_template.is_null()) {
1246     Handle<String> name = factory()->empty_string();
1247     Handle<JSObject> prototype =
1248         factory()->NewFunctionPrototype(isolate()->object_function());
1249     NewFunctionArgs args = NewFunctionArgs::ForBuiltinWithPrototype(
1250         name, prototype, JS_GLOBAL_OBJECT_TYPE, JSGlobalObject::kSize, 0,
1251         Builtins::kIllegal, MUTABLE);
1252     js_global_object_function = factory()->NewFunction(args);
1253 #ifdef DEBUG
1254     LookupIterator it(isolate(), prototype, factory()->constructor_string(),
1255                       LookupIterator::OWN_SKIP_INTERCEPTOR);
1256     Handle<Object> value = Object::GetProperty(&it).ToHandleChecked();
1257     DCHECK(it.IsFound());
1258     DCHECK_EQ(*isolate()->object_function(), *value);
1259 #endif
1260   } else {
1261     Handle<FunctionTemplateInfo> js_global_object_constructor(
1262         FunctionTemplateInfo::cast(js_global_object_template->constructor()),
1263         isolate());
1264     js_global_object_function = ApiNatives::CreateApiFunction(
1265         isolate(), js_global_object_constructor, factory()->the_hole_value(),
1266         ApiNatives::GlobalObjectType);
1267   }
1268 
1269   js_global_object_function->initial_map()->set_is_prototype_map(true);
1270   js_global_object_function->initial_map()->set_is_dictionary_map(true);
1271   js_global_object_function->initial_map()->set_may_have_interesting_symbols(
1272       true);
1273   Handle<JSGlobalObject> global_object =
1274       factory()->NewJSGlobalObject(js_global_object_function);
1275 
1276   // Step 2: (re)initialize the global proxy object.
1277   Handle<JSFunction> global_proxy_function;
1278   if (global_proxy_template.IsEmpty()) {
1279     Handle<String> name = factory()->empty_string();
1280     NewFunctionArgs args = NewFunctionArgs::ForBuiltinWithPrototype(
1281         name, factory()->the_hole_value(), JS_GLOBAL_PROXY_TYPE,
1282         JSGlobalProxy::SizeWithEmbedderFields(0), 0, Builtins::kIllegal,
1283         MUTABLE);
1284     global_proxy_function = factory()->NewFunction(args);
1285   } else {
1286     Handle<ObjectTemplateInfo> data =
1287         v8::Utils::OpenHandle(*global_proxy_template);
1288     Handle<FunctionTemplateInfo> global_constructor(
1289         FunctionTemplateInfo::cast(data->constructor()), isolate());
1290     global_proxy_function = ApiNatives::CreateApiFunction(
1291         isolate(), global_constructor, factory()->the_hole_value(),
1292         ApiNatives::GlobalProxyType);
1293   }
1294   global_proxy_function->initial_map()->set_is_access_check_needed(true);
1295   global_proxy_function->initial_map()->set_has_hidden_prototype(true);
1296   global_proxy_function->initial_map()->set_may_have_interesting_symbols(true);
1297   native_context()->set_global_proxy_function(*global_proxy_function);
1298 
1299   // Set global_proxy.__proto__ to js_global after ConfigureGlobalObjects
1300   // Return the global proxy.
1301 
1302   factory()->ReinitializeJSGlobalProxy(global_proxy, global_proxy_function);
1303 
1304   // Set the native context for the global object.
1305   global_object->set_native_context(*native_context());
1306   global_object->set_global_proxy(*global_proxy);
1307   // Set the native context of the global proxy.
1308   global_proxy->set_native_context(*native_context());
1309   // Set the global proxy of the native context. If the native context has been
1310   // deserialized, the global proxy is already correctly set up by the
1311   // deserializer. Otherwise it's undefined.
1312   DCHECK(native_context()
1313              ->get(Context::GLOBAL_PROXY_INDEX)
1314              ->IsUndefined(isolate()) ||
1315          native_context()->global_proxy() == *global_proxy);
1316   native_context()->set_global_proxy(*global_proxy);
1317 
1318   return global_object;
1319 }
1320 
HookUpGlobalProxy(Handle<JSGlobalProxy> global_proxy)1321 void Genesis::HookUpGlobalProxy(Handle<JSGlobalProxy> global_proxy) {
1322   // Re-initialize the global proxy with the global proxy function from the
1323   // snapshot, and then set up the link to the native context.
1324   Handle<JSFunction> global_proxy_function(
1325       native_context()->global_proxy_function(), isolate());
1326   factory()->ReinitializeJSGlobalProxy(global_proxy, global_proxy_function);
1327   Handle<JSObject> global_object(
1328       JSObject::cast(native_context()->global_object()), isolate());
1329   JSObject::ForceSetPrototype(global_proxy, global_object);
1330   global_proxy->set_native_context(*native_context());
1331   DCHECK(native_context()->global_proxy() == *global_proxy);
1332 }
1333 
HookUpGlobalObject(Handle<JSGlobalObject> global_object)1334 void Genesis::HookUpGlobalObject(Handle<JSGlobalObject> global_object) {
1335   Handle<JSGlobalObject> global_object_from_snapshot(
1336       JSGlobalObject::cast(native_context()->extension()), isolate());
1337   native_context()->set_extension(*global_object);
1338   native_context()->set_security_token(*global_object);
1339 
1340   TransferNamedProperties(global_object_from_snapshot, global_object);
1341   TransferIndexedProperties(global_object_from_snapshot, global_object);
1342 }
1343 
InstallWithIntrinsicDefaultProto(Isolate * isolate,Handle<JSFunction> function,int context_index)1344 static void InstallWithIntrinsicDefaultProto(Isolate* isolate,
1345                                              Handle<JSFunction> function,
1346                                              int context_index) {
1347   Handle<Smi> index(Smi::FromInt(context_index), isolate);
1348   JSObject::AddProperty(isolate, function,
1349                         isolate->factory()->native_context_index_symbol(),
1350                         index, NONE);
1351   isolate->native_context()->set(context_index, *function);
1352 }
1353 
InstallError(Isolate * isolate,Handle<JSObject> global,Handle<String> name,int context_index)1354 static void InstallError(Isolate* isolate, Handle<JSObject> global,
1355                          Handle<String> name, int context_index) {
1356   Factory* factory = isolate->factory();
1357 
1358   Handle<JSFunction> error_fun = InstallFunction(
1359       isolate, global, name, JS_ERROR_TYPE, JSObject::kHeaderSize, 0,
1360       factory->the_hole_value(), Builtins::kErrorConstructor, DONT_ENUM);
1361   error_fun->shared()->DontAdaptArguments();
1362   error_fun->shared()->set_length(1);
1363 
1364   if (context_index == Context::ERROR_FUNCTION_INDEX) {
1365     SimpleInstallFunction(isolate, error_fun, "captureStackTrace",
1366                           Builtins::kErrorCaptureStackTrace, 2, false);
1367   }
1368 
1369   InstallWithIntrinsicDefaultProto(isolate, error_fun, context_index);
1370 
1371   {
1372     // Setup %XXXErrorPrototype%.
1373     Handle<JSObject> prototype(JSObject::cast(error_fun->instance_prototype()),
1374                                isolate);
1375 
1376     JSObject::AddProperty(isolate, prototype, factory->name_string(), name,
1377                           DONT_ENUM);
1378     JSObject::AddProperty(isolate, prototype, factory->message_string(),
1379                           factory->empty_string(), DONT_ENUM);
1380 
1381     if (context_index == Context::ERROR_FUNCTION_INDEX) {
1382       Handle<JSFunction> to_string_fun =
1383           SimpleInstallFunction(isolate, prototype, factory->toString_string(),
1384                                 Builtins::kErrorPrototypeToString, 0, true);
1385       isolate->native_context()->set_error_to_string(*to_string_fun);
1386       isolate->native_context()->set_initial_error_prototype(*prototype);
1387     } else {
1388       DCHECK(isolate->native_context()->error_to_string()->IsJSFunction());
1389 
1390       InstallFunction(isolate, prototype, isolate->error_to_string(),
1391                       factory->toString_string(), DONT_ENUM);
1392 
1393       Handle<JSFunction> global_error = isolate->error_function();
1394       CHECK(JSReceiver::SetPrototype(error_fun, global_error, false,
1395                                      kThrowOnError)
1396                 .FromMaybe(false));
1397       CHECK(JSReceiver::SetPrototype(prototype,
1398                                      handle(global_error->prototype(), isolate),
1399                                      false, kThrowOnError)
1400                 .FromMaybe(false));
1401     }
1402   }
1403 
1404   Handle<Map> initial_map(error_fun->initial_map(), isolate);
1405   Map::EnsureDescriptorSlack(isolate, initial_map, 1);
1406 
1407   {
1408     Handle<AccessorInfo> info = factory->error_stack_accessor();
1409     Descriptor d = Descriptor::AccessorConstant(handle(info->name(), isolate),
1410                                                 info, DONT_ENUM);
1411     initial_map->AppendDescriptor(&d);
1412   }
1413 }
1414 
1415 namespace {
1416 
InstallMakeError(Isolate * isolate,int builtin_id,int context_index)1417 void InstallMakeError(Isolate* isolate, int builtin_id, int context_index) {
1418   NewFunctionArgs args = NewFunctionArgs::ForBuiltinWithPrototype(
1419       isolate->factory()->empty_string(), isolate->factory()->the_hole_value(),
1420       JS_OBJECT_TYPE, JSObject::kHeaderSize, 0, builtin_id, MUTABLE);
1421 
1422   Handle<JSFunction> function = isolate->factory()->NewFunction(args);
1423   function->shared()->DontAdaptArguments();
1424   isolate->native_context()->set(context_index, *function);
1425 }
1426 
1427 }  // namespace
1428 
1429 // This is only called if we are not using snapshots.  The equivalent
1430 // work in the snapshot case is done in HookUpGlobalObject.
InitializeGlobal(Handle<JSGlobalObject> global_object,Handle<JSFunction> empty_function,GlobalContextType context_type)1431 void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
1432                                Handle<JSFunction> empty_function,
1433                                GlobalContextType context_type) {
1434   // --- N a t i v e   C o n t e x t ---
1435   // Use the empty scope info.
1436   native_context()->set_scope_info(empty_function->shared()->scope_info());
1437   native_context()->set_previous(nullptr);
1438   // Set extension and global object.
1439   native_context()->set_extension(*global_object);
1440   // Security setup: Set the security token of the native context to the global
1441   // object. This makes the security check between two different contexts fail
1442   // by default even in case of global object reinitialization.
1443   native_context()->set_security_token(*global_object);
1444 
1445   Factory* factory = isolate_->factory();
1446 
1447   Handle<ScriptContextTable> script_context_table =
1448       factory->NewScriptContextTable();
1449   native_context()->set_script_context_table(*script_context_table);
1450   InstallGlobalThisBinding();
1451 
1452   {  // --- O b j e c t ---
1453     Handle<String> object_name = factory->Object_string();
1454     Handle<JSFunction> object_function = isolate_->object_function();
1455     JSObject::AddProperty(isolate_, global_object, object_name, object_function,
1456                           DONT_ENUM);
1457 
1458     SimpleInstallFunction(isolate_, object_function, factory->assign_string(),
1459                           Builtins::kObjectAssign, 2, false);
1460     SimpleInstallFunction(isolate_, object_function, "getOwnPropertyDescriptor",
1461                           Builtins::kObjectGetOwnPropertyDescriptor, 2, false);
1462     SimpleInstallFunction(isolate_, object_function,
1463                           factory->getOwnPropertyDescriptors_string(),
1464                           Builtins::kObjectGetOwnPropertyDescriptors, 1, false);
1465     SimpleInstallFunction(isolate_, object_function, "getOwnPropertyNames",
1466                           Builtins::kObjectGetOwnPropertyNames, 1, true);
1467     SimpleInstallFunction(isolate_, object_function, "getOwnPropertySymbols",
1468                           Builtins::kObjectGetOwnPropertySymbols, 1, false);
1469     SimpleInstallFunction(isolate_, object_function, "is", Builtins::kObjectIs,
1470                           2, true);
1471     SimpleInstallFunction(isolate_, object_function, "preventExtensions",
1472                           Builtins::kObjectPreventExtensions, 1, false);
1473     SimpleInstallFunction(isolate_, object_function, "seal",
1474                           Builtins::kObjectSeal, 1, false);
1475 
1476     Handle<JSFunction> object_create = SimpleInstallFunction(
1477         isolate_, object_function, factory->create_string(),
1478         Builtins::kObjectCreate, 2, false);
1479     native_context()->set_object_create(*object_create);
1480 
1481     Handle<JSFunction> object_define_properties =
1482         SimpleInstallFunction(isolate_, object_function, "defineProperties",
1483                               Builtins::kObjectDefineProperties, 2, true);
1484     native_context()->set_object_define_properties(*object_define_properties);
1485 
1486     Handle<JSFunction> object_define_property = SimpleInstallFunction(
1487         isolate_, object_function, factory->defineProperty_string(),
1488         Builtins::kObjectDefineProperty, 3, true);
1489     native_context()->set_object_define_property(*object_define_property);
1490 
1491     SimpleInstallFunction(isolate_, object_function, "freeze",
1492                           Builtins::kObjectFreeze, 1, false);
1493 
1494     Handle<JSFunction> object_get_prototype_of =
1495         SimpleInstallFunction(isolate_, object_function, "getPrototypeOf",
1496                               Builtins::kObjectGetPrototypeOf, 1, false);
1497     native_context()->set_object_get_prototype_of(*object_get_prototype_of);
1498     SimpleInstallFunction(isolate_, object_function, "setPrototypeOf",
1499                           Builtins::kObjectSetPrototypeOf, 2, false);
1500 
1501     SimpleInstallFunction(isolate_, object_function, "isExtensible",
1502                           Builtins::kObjectIsExtensible, 1, false);
1503     SimpleInstallFunction(isolate_, object_function, "isFrozen",
1504                           Builtins::kObjectIsFrozen, 1, false);
1505 
1506     Handle<JSFunction> object_is_sealed =
1507         SimpleInstallFunction(isolate_, object_function, "isSealed",
1508                               Builtins::kObjectIsSealed, 1, false);
1509     native_context()->set_object_is_sealed(*object_is_sealed);
1510 
1511     Handle<JSFunction> object_keys = SimpleInstallFunction(
1512         isolate_, object_function, "keys", Builtins::kObjectKeys, 1, true);
1513     native_context()->set_object_keys(*object_keys);
1514     SimpleInstallFunction(isolate_, object_function, factory->entries_string(),
1515                           Builtins::kObjectEntries, 1, true);
1516     SimpleInstallFunction(isolate_, object_function, factory->values_string(),
1517                           Builtins::kObjectValues, 1, true);
1518 
1519     SimpleInstallFunction(isolate_, isolate_->initial_object_prototype(),
1520                           "__defineGetter__", Builtins::kObjectDefineGetter, 2,
1521                           true);
1522     SimpleInstallFunction(isolate_, isolate_->initial_object_prototype(),
1523                           "__defineSetter__", Builtins::kObjectDefineSetter, 2,
1524                           true);
1525     SimpleInstallFunction(isolate_, isolate_->initial_object_prototype(),
1526                           "hasOwnProperty",
1527                           Builtins::kObjectPrototypeHasOwnProperty, 1, true);
1528     SimpleInstallFunction(isolate_, isolate_->initial_object_prototype(),
1529                           "__lookupGetter__", Builtins::kObjectLookupGetter, 1,
1530                           true);
1531     SimpleInstallFunction(isolate_, isolate_->initial_object_prototype(),
1532                           "__lookupSetter__", Builtins::kObjectLookupSetter, 1,
1533                           true);
1534     SimpleInstallFunction(isolate_, isolate_->initial_object_prototype(),
1535                           "isPrototypeOf",
1536                           Builtins::kObjectPrototypeIsPrototypeOf, 1, true);
1537     SimpleInstallFunction(
1538         isolate_, isolate_->initial_object_prototype(), "propertyIsEnumerable",
1539         Builtins::kObjectPrototypePropertyIsEnumerable, 1, false);
1540     Handle<JSFunction> object_to_string =
1541         SimpleInstallFunction(isolate_, isolate_->initial_object_prototype(),
1542                               factory->toString_string(),
1543                               Builtins::kObjectPrototypeToString, 0, true);
1544     native_context()->set_object_to_string(*object_to_string);
1545     Handle<JSFunction> object_value_of = SimpleInstallFunction(
1546         isolate_, isolate_->initial_object_prototype(), "valueOf",
1547         Builtins::kObjectPrototypeValueOf, 0, true);
1548     native_context()->set_object_value_of(*object_value_of);
1549 
1550     SimpleInstallGetterSetter(isolate_, isolate_->initial_object_prototype(),
1551                               factory->proto_string(),
1552                               Builtins::kObjectPrototypeGetProto,
1553                               Builtins::kObjectPrototypeSetProto, DONT_ENUM);
1554 
1555     SimpleInstallFunction(isolate_, isolate_->initial_object_prototype(),
1556                           "toLocaleString",
1557                           Builtins::kObjectPrototypeToLocaleString, 0, true);
1558   }
1559 
1560   Handle<JSObject> global(native_context()->global_object(), isolate());
1561 
1562   {  // --- F u n c t i o n ---
1563     Handle<JSFunction> prototype = empty_function;
1564     Handle<JSFunction> function_fun =
1565         InstallFunction(isolate_, global, "Function", JS_FUNCTION_TYPE,
1566                         JSFunction::kSizeWithPrototype, 0, prototype,
1567                         Builtins::kFunctionConstructor);
1568     // Function instances are sloppy by default.
1569     function_fun->set_prototype_or_initial_map(
1570         *isolate_->sloppy_function_map());
1571     function_fun->shared()->DontAdaptArguments();
1572     function_fun->shared()->set_length(1);
1573     InstallWithIntrinsicDefaultProto(isolate_, function_fun,
1574                                      Context::FUNCTION_FUNCTION_INDEX);
1575 
1576     // Setup the methods on the %FunctionPrototype%.
1577     JSObject::AddProperty(isolate_, prototype, factory->constructor_string(),
1578                           function_fun, DONT_ENUM);
1579     SimpleInstallFunction(isolate_, prototype, factory->apply_string(),
1580                           Builtins::kFunctionPrototypeApply, 2, false);
1581     SimpleInstallFunction(isolate_, prototype, factory->bind_string(),
1582                           Builtins::kFastFunctionPrototypeBind, 1, false);
1583     SimpleInstallFunction(isolate_, prototype, factory->call_string(),
1584                           Builtins::kFunctionPrototypeCall, 1, false);
1585     SimpleInstallFunction(isolate_, prototype, factory->toString_string(),
1586                           Builtins::kFunctionPrototypeToString, 0, false);
1587 
1588     // Install the @@hasInstance function.
1589     Handle<JSFunction> has_instance = SimpleInstallFunction(
1590         isolate_, prototype, factory->has_instance_symbol(),
1591         "[Symbol.hasInstance]", Builtins::kFunctionPrototypeHasInstance, 1,
1592         true,
1593         static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY),
1594         BuiltinFunctionId::kFunctionHasInstance);
1595     native_context()->set_function_has_instance(*has_instance);
1596 
1597     // Complete setting up function maps.
1598     {
1599       isolate_->sloppy_function_map()->SetConstructor(*function_fun);
1600       isolate_->sloppy_function_with_name_map()->SetConstructor(*function_fun);
1601       isolate_->sloppy_function_with_readonly_prototype_map()->SetConstructor(
1602           *function_fun);
1603 
1604       isolate_->strict_function_map()->SetConstructor(*function_fun);
1605       isolate_->strict_function_with_name_map()->SetConstructor(*function_fun);
1606       strict_function_with_home_object_map_->SetConstructor(*function_fun);
1607       strict_function_with_name_and_home_object_map_->SetConstructor(
1608           *function_fun);
1609       isolate_->strict_function_with_readonly_prototype_map()->SetConstructor(
1610           *function_fun);
1611 
1612       isolate_->class_function_map()->SetConstructor(*function_fun);
1613     }
1614   }
1615 
1616   {  // --- A s y n c F r o m S y n c I t e r a t o r
1617     Handle<SharedFunctionInfo> info = SimpleCreateSharedFunctionInfo(
1618         isolate_, Builtins::kAsyncIteratorValueUnwrap, factory->empty_string(),
1619         1);
1620     native_context()->set_async_iterator_value_unwrap_shared_fun(*info);
1621   }
1622 
1623   {  // --- A s y n c G e n e r a t o r ---
1624     Handle<JSFunction> await_caught =
1625         SimpleCreateFunction(isolate_, factory->empty_string(),
1626                              Builtins::kAsyncGeneratorAwaitCaught, 1, false);
1627     native_context()->set_async_generator_await_caught(*await_caught);
1628 
1629     Handle<JSFunction> await_uncaught =
1630         SimpleCreateFunction(isolate_, factory->empty_string(),
1631                              Builtins::kAsyncGeneratorAwaitUncaught, 1, false);
1632     native_context()->set_async_generator_await_uncaught(*await_uncaught);
1633 
1634     Handle<SharedFunctionInfo> info = SimpleCreateSharedFunctionInfo(
1635         isolate_, Builtins::kAsyncGeneratorAwaitResolveClosure,
1636         factory->empty_string(), 1);
1637     native_context()->set_async_generator_await_resolve_shared_fun(*info);
1638 
1639     info = SimpleCreateSharedFunctionInfo(
1640         isolate_, Builtins::kAsyncGeneratorAwaitRejectClosure,
1641         factory->empty_string(), 1);
1642     native_context()->set_async_generator_await_reject_shared_fun(*info);
1643 
1644     info = SimpleCreateSharedFunctionInfo(
1645         isolate_, Builtins::kAsyncGeneratorYieldResolveClosure,
1646         factory->empty_string(), 1);
1647     native_context()->set_async_generator_yield_resolve_shared_fun(*info);
1648 
1649     info = SimpleCreateSharedFunctionInfo(
1650         isolate_, Builtins::kAsyncGeneratorReturnResolveClosure,
1651         factory->empty_string(), 1);
1652     native_context()->set_async_generator_return_resolve_shared_fun(*info);
1653 
1654     info = SimpleCreateSharedFunctionInfo(
1655         isolate_, Builtins::kAsyncGeneratorReturnClosedResolveClosure,
1656         factory->empty_string(), 1);
1657     native_context()->set_async_generator_return_closed_resolve_shared_fun(
1658         *info);
1659 
1660     info = SimpleCreateSharedFunctionInfo(
1661         isolate_, Builtins::kAsyncGeneratorReturnClosedRejectClosure,
1662         factory->empty_string(), 1);
1663     native_context()->set_async_generator_return_closed_reject_shared_fun(
1664         *info);
1665   }
1666 
1667   {  // --- A r r a y ---
1668     Handle<JSFunction> array_function = InstallFunction(
1669         isolate_, global, "Array", JS_ARRAY_TYPE, JSArray::kSize, 0,
1670         isolate_->initial_object_prototype(), Builtins::kArrayConstructor);
1671     array_function->shared()->DontAdaptArguments();
1672     array_function->shared()->set_builtin_function_id(
1673         BuiltinFunctionId::kArrayConstructor);
1674 
1675     // This seems a bit hackish, but we need to make sure Array.length
1676     // is 1.
1677     array_function->shared()->set_length(1);
1678 
1679     Handle<Map> initial_map(array_function->initial_map(), isolate());
1680 
1681     // This assert protects an optimization in
1682     // HGraphBuilder::JSArrayBuilder::EmitMapCode()
1683     DCHECK(initial_map->elements_kind() == GetInitialFastElementsKind());
1684     Map::EnsureDescriptorSlack(isolate_, initial_map, 1);
1685 
1686     PropertyAttributes attribs = static_cast<PropertyAttributes>(
1687         DONT_ENUM | DONT_DELETE);
1688 
1689     STATIC_ASSERT(JSArray::kLengthDescriptorIndex == 0);
1690     {  // Add length.
1691       Descriptor d = Descriptor::AccessorConstant(
1692           factory->length_string(), factory->array_length_accessor(), attribs);
1693       initial_map->AppendDescriptor(&d);
1694     }
1695 
1696     InstallWithIntrinsicDefaultProto(isolate_, array_function,
1697                                      Context::ARRAY_FUNCTION_INDEX);
1698     InstallSpeciesGetter(isolate_, array_function);
1699 
1700     // Cache the array maps, needed by ArrayConstructorStub
1701     CacheInitialJSArrayMaps(native_context(), initial_map);
1702 
1703     // Set up %ArrayPrototype%.
1704     // The %ArrayPrototype% has TERMINAL_FAST_ELEMENTS_KIND in order to ensure
1705     // that constant functions stay constant after turning prototype to setup
1706     // mode and back when constant field tracking is enabled.
1707     Handle<JSArray> proto =
1708         factory->NewJSArray(0, TERMINAL_FAST_ELEMENTS_KIND, TENURED);
1709     JSFunction::SetPrototype(array_function, proto);
1710     native_context()->set_initial_array_prototype(*proto);
1711 
1712     Handle<JSFunction> is_arraylike = SimpleInstallFunction(
1713         isolate_, array_function, "isArray", Builtins::kArrayIsArray, 1, true);
1714     native_context()->set_is_arraylike(*is_arraylike);
1715 
1716     SimpleInstallFunction(isolate_, array_function, "from",
1717                           Builtins::kArrayFrom, 1, false);
1718     SimpleInstallFunction(isolate_, array_function, "of", Builtins::kArrayOf, 0,
1719                           false);
1720 
1721     JSObject::AddProperty(isolate_, proto, factory->constructor_string(),
1722                           array_function, DONT_ENUM);
1723 
1724     SimpleInstallFunction(isolate_, proto, "concat", Builtins::kArrayConcat, 1,
1725                           false);
1726     SimpleInstallFunction(isolate_, proto, "copyWithin",
1727                           Builtins::kArrayPrototypeCopyWithin, 2, false);
1728     SimpleInstallFunction(isolate_, proto, "fill",
1729                           Builtins::kArrayPrototypeFill, 1, false);
1730     SimpleInstallFunction(isolate_, proto, "find",
1731                           Builtins::kArrayPrototypeFind, 1, false);
1732     SimpleInstallFunction(isolate_, proto, "findIndex",
1733                           Builtins::kArrayPrototypeFindIndex, 1, false);
1734     SimpleInstallFunction(isolate_, proto, "pop", Builtins::kArrayPrototypePop,
1735                           0, false);
1736     SimpleInstallFunction(isolate_, proto, "push",
1737                           Builtins::kArrayPrototypePush, 1, false);
1738     SimpleInstallFunction(isolate_, proto, "reverse",
1739                           Builtins::kArrayPrototypeReverse, 0, false);
1740     SimpleInstallFunction(isolate_, proto, "shift",
1741                           Builtins::kArrayPrototypeShift, 0, false);
1742     SimpleInstallFunction(isolate_, proto, "unshift", Builtins::kArrayUnshift,
1743                           1, false);
1744     SimpleInstallFunction(isolate_, proto, "slice",
1745                           Builtins::kArrayPrototypeSlice, 2, false);
1746     SimpleInstallFunction(isolate_, proto, "sort",
1747                           Builtins::kArrayPrototypeSort, 1, false);
1748     if (FLAG_enable_experimental_builtins) {
1749       SimpleInstallFunction(isolate_, proto, "splice",
1750                             Builtins::kArraySpliceTorque, 2, false);
1751     } else {
1752       SimpleInstallFunction(isolate_, proto, "splice", Builtins::kArraySplice,
1753                             2, false);
1754     }
1755     SimpleInstallFunction(isolate_, proto, "includes", Builtins::kArrayIncludes,
1756                           1, false);
1757     SimpleInstallFunction(isolate_, proto, "indexOf", Builtins::kArrayIndexOf,
1758                           1, false);
1759     SimpleInstallFunction(isolate_, proto, "keys",
1760                           Builtins::kArrayPrototypeKeys, 0, true,
1761                           BuiltinFunctionId::kArrayKeys);
1762     SimpleInstallFunction(isolate_, proto, "entries",
1763                           Builtins::kArrayPrototypeEntries, 0, true,
1764                           BuiltinFunctionId::kArrayEntries);
1765     SimpleInstallFunction(isolate_, proto, factory->iterator_symbol(), "values",
1766                           Builtins::kArrayPrototypeValues, 0, true, DONT_ENUM,
1767                           BuiltinFunctionId::kArrayValues);
1768     SimpleInstallFunction(isolate_, proto, "forEach", Builtins::kArrayForEach,
1769                           1, false);
1770     SimpleInstallFunction(isolate_, proto, "filter", Builtins::kArrayFilter, 1,
1771                           false);
1772     SimpleInstallFunction(isolate_, proto, "map", Builtins::kArrayMap, 1,
1773                           false);
1774     SimpleInstallFunction(isolate_, proto, "every", Builtins::kArrayEvery, 1,
1775                           false);
1776     SimpleInstallFunction(isolate_, proto, "some", Builtins::kArraySome, 1,
1777                           false);
1778     SimpleInstallFunction(isolate_, proto, "reduce", Builtins::kArrayReduce, 1,
1779                           false);
1780     SimpleInstallFunction(isolate_, proto, "reduceRight",
1781                           Builtins::kArrayReduceRight, 1, false);
1782   }
1783 
1784   {  // --- A r r a y I t e r a t o r ---
1785     Handle<JSObject> iterator_prototype(
1786         native_context()->initial_iterator_prototype(), isolate());
1787 
1788     Handle<JSObject> array_iterator_prototype =
1789         factory->NewJSObject(isolate_->object_function(), TENURED);
1790     JSObject::ForceSetPrototype(array_iterator_prototype, iterator_prototype);
1791 
1792     JSObject::AddProperty(
1793         isolate_, array_iterator_prototype, factory->to_string_tag_symbol(),
1794         factory->ArrayIterator_string(),
1795         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
1796 
1797     SimpleInstallFunction(isolate_, array_iterator_prototype, "next",
1798                           Builtins::kArrayIteratorPrototypeNext, 0, true,
1799                           BuiltinFunctionId::kArrayIteratorNext);
1800 
1801     Handle<JSFunction> array_iterator_function =
1802         CreateFunction(isolate_, factory->ArrayIterator_string(),
1803                        JS_ARRAY_ITERATOR_TYPE, JSArrayIterator::kSize, 0,
1804                        array_iterator_prototype, Builtins::kIllegal);
1805     array_iterator_function->shared()->set_native(false);
1806 
1807     native_context()->set_initial_array_iterator_map(
1808         array_iterator_function->initial_map());
1809     native_context()->set_initial_array_iterator_prototype(
1810         *array_iterator_prototype);
1811   }
1812 
1813   {  // --- N u m b e r ---
1814     Handle<JSFunction> number_fun = InstallFunction(
1815         isolate_, global, "Number", JS_VALUE_TYPE, JSValue::kSize, 0,
1816         isolate_->initial_object_prototype(), Builtins::kNumberConstructor);
1817     number_fun->shared()->set_builtin_function_id(
1818         BuiltinFunctionId::kNumberConstructor);
1819     number_fun->shared()->DontAdaptArguments();
1820     number_fun->shared()->set_length(1);
1821     InstallWithIntrinsicDefaultProto(isolate_, number_fun,
1822                                      Context::NUMBER_FUNCTION_INDEX);
1823 
1824     // Create the %NumberPrototype%
1825     Handle<JSValue> prototype =
1826         Handle<JSValue>::cast(factory->NewJSObject(number_fun, TENURED));
1827     prototype->set_value(Smi::kZero);
1828     JSFunction::SetPrototype(number_fun, prototype);
1829 
1830     // Install the "constructor" property on the {prototype}.
1831     JSObject::AddProperty(isolate_, prototype, factory->constructor_string(),
1832                           number_fun, DONT_ENUM);
1833 
1834     // Install the Number.prototype methods.
1835     SimpleInstallFunction(isolate_, prototype, "toExponential",
1836                           Builtins::kNumberPrototypeToExponential, 1, false);
1837     SimpleInstallFunction(isolate_, prototype, "toFixed",
1838                           Builtins::kNumberPrototypeToFixed, 1, false);
1839     SimpleInstallFunction(isolate_, prototype, "toPrecision",
1840                           Builtins::kNumberPrototypeToPrecision, 1, false);
1841     SimpleInstallFunction(isolate_, prototype, "toString",
1842                           Builtins::kNumberPrototypeToString, 1, false);
1843     SimpleInstallFunction(isolate_, prototype, "valueOf",
1844                           Builtins::kNumberPrototypeValueOf, 0, true);
1845 
1846     SimpleInstallFunction(isolate_, prototype, "toLocaleString",
1847                           Builtins::kNumberPrototypeToLocaleString, 0, false);
1848 
1849     // Install the Number functions.
1850     SimpleInstallFunction(isolate_, number_fun, "isFinite",
1851                           Builtins::kNumberIsFinite, 1, true);
1852     SimpleInstallFunction(isolate_, number_fun, "isInteger",
1853                           Builtins::kNumberIsInteger, 1, true);
1854     SimpleInstallFunction(isolate_, number_fun, "isNaN", Builtins::kNumberIsNaN,
1855                           1, true);
1856     SimpleInstallFunction(isolate_, number_fun, "isSafeInteger",
1857                           Builtins::kNumberIsSafeInteger, 1, true);
1858 
1859     // Install Number.parseFloat and Global.parseFloat.
1860     Handle<JSFunction> parse_float_fun =
1861         SimpleInstallFunction(isolate_, number_fun, "parseFloat",
1862                               Builtins::kNumberParseFloat, 1, true);
1863     JSObject::AddProperty(isolate_, global_object,
1864                           factory->NewStringFromAsciiChecked("parseFloat"),
1865                           parse_float_fun, DONT_ENUM);
1866 
1867     // Install Number.parseInt and Global.parseInt.
1868     Handle<JSFunction> parse_int_fun = SimpleInstallFunction(
1869         isolate_, number_fun, "parseInt", Builtins::kNumberParseInt, 2, true);
1870     JSObject::AddProperty(isolate_, global_object,
1871                           factory->NewStringFromAsciiChecked("parseInt"),
1872                           parse_int_fun, DONT_ENUM);
1873 
1874     // Install Number constants
1875     double kMaxValue = 1.7976931348623157e+308;
1876     double kMinValue = 5e-324;
1877     double kMinSafeInteger = -kMaxSafeInteger;
1878     double kEPS = 2.220446049250313e-16;
1879 
1880     Handle<Object> infinity = factory->infinity_value();
1881     Handle<Object> nan = factory->nan_value();
1882     Handle<String> nan_name = factory->NewStringFromAsciiChecked("NaN");
1883 
1884     JSObject::AddProperty(
1885         isolate_, number_fun, factory->NewStringFromAsciiChecked("MAX_VALUE"),
1886         factory->NewNumber(kMaxValue),
1887         static_cast<PropertyAttributes>(DONT_DELETE | DONT_ENUM | READ_ONLY));
1888     JSObject::AddProperty(
1889         isolate_, number_fun, factory->NewStringFromAsciiChecked("MIN_VALUE"),
1890         factory->NewNumber(kMinValue),
1891         static_cast<PropertyAttributes>(DONT_DELETE | DONT_ENUM | READ_ONLY));
1892     JSObject::AddProperty(
1893         isolate_, number_fun, nan_name, nan,
1894         static_cast<PropertyAttributes>(DONT_DELETE | DONT_ENUM | READ_ONLY));
1895     JSObject::AddProperty(
1896         isolate_, number_fun,
1897         factory->NewStringFromAsciiChecked("NEGATIVE_INFINITY"),
1898         factory->NewNumber(-V8_INFINITY),
1899         static_cast<PropertyAttributes>(DONT_DELETE | DONT_ENUM | READ_ONLY));
1900     JSObject::AddProperty(
1901         isolate_, number_fun,
1902         factory->NewStringFromAsciiChecked("POSITIVE_INFINITY"), infinity,
1903         static_cast<PropertyAttributes>(DONT_DELETE | DONT_ENUM | READ_ONLY));
1904     JSObject::AddProperty(
1905         isolate_, number_fun,
1906         factory->NewStringFromAsciiChecked("MAX_SAFE_INTEGER"),
1907         factory->NewNumber(kMaxSafeInteger),
1908         static_cast<PropertyAttributes>(DONT_DELETE | DONT_ENUM | READ_ONLY));
1909     JSObject::AddProperty(
1910         isolate_, number_fun,
1911         factory->NewStringFromAsciiChecked("MIN_SAFE_INTEGER"),
1912         factory->NewNumber(kMinSafeInteger),
1913         static_cast<PropertyAttributes>(DONT_DELETE | DONT_ENUM | READ_ONLY));
1914     JSObject::AddProperty(
1915         isolate_, number_fun, factory->NewStringFromAsciiChecked("EPSILON"),
1916         factory->NewNumber(kEPS),
1917         static_cast<PropertyAttributes>(DONT_DELETE | DONT_ENUM | READ_ONLY));
1918 
1919     JSObject::AddProperty(
1920         isolate_, global, factory->NewStringFromAsciiChecked("Infinity"),
1921         infinity,
1922         static_cast<PropertyAttributes>(DONT_DELETE | DONT_ENUM | READ_ONLY));
1923     JSObject::AddProperty(
1924         isolate_, global, nan_name, nan,
1925         static_cast<PropertyAttributes>(DONT_DELETE | DONT_ENUM | READ_ONLY));
1926     JSObject::AddProperty(
1927         isolate_, global, factory->NewStringFromAsciiChecked("undefined"),
1928         factory->undefined_value(),
1929         static_cast<PropertyAttributes>(DONT_DELETE | DONT_ENUM | READ_ONLY));
1930   }
1931 
1932   {  // --- B o o l e a n ---
1933     Handle<JSFunction> boolean_fun = InstallFunction(
1934         isolate_, global, "Boolean", JS_VALUE_TYPE, JSValue::kSize, 0,
1935         isolate_->initial_object_prototype(), Builtins::kBooleanConstructor);
1936     boolean_fun->shared()->DontAdaptArguments();
1937     boolean_fun->shared()->set_length(1);
1938     InstallWithIntrinsicDefaultProto(isolate_, boolean_fun,
1939                                      Context::BOOLEAN_FUNCTION_INDEX);
1940 
1941     // Create the %BooleanPrototype%
1942     Handle<JSValue> prototype =
1943         Handle<JSValue>::cast(factory->NewJSObject(boolean_fun, TENURED));
1944     prototype->set_value(ReadOnlyRoots(isolate_).false_value());
1945     JSFunction::SetPrototype(boolean_fun, prototype);
1946 
1947     // Install the "constructor" property on the {prototype}.
1948     JSObject::AddProperty(isolate_, prototype, factory->constructor_string(),
1949                           boolean_fun, DONT_ENUM);
1950 
1951     // Install the Boolean.prototype methods.
1952     SimpleInstallFunction(isolate_, prototype, "toString",
1953                           Builtins::kBooleanPrototypeToString, 0, true);
1954     SimpleInstallFunction(isolate_, prototype, "valueOf",
1955                           Builtins::kBooleanPrototypeValueOf, 0, true);
1956   }
1957 
1958   {  // --- S t r i n g ---
1959     Handle<JSFunction> string_fun = InstallFunction(
1960         isolate_, global, "String", JS_VALUE_TYPE, JSValue::kSize, 0,
1961         isolate_->initial_object_prototype(), Builtins::kStringConstructor);
1962     string_fun->shared()->set_builtin_function_id(
1963         BuiltinFunctionId::kStringConstructor);
1964     string_fun->shared()->DontAdaptArguments();
1965     string_fun->shared()->set_length(1);
1966     InstallWithIntrinsicDefaultProto(isolate_, string_fun,
1967                                      Context::STRING_FUNCTION_INDEX);
1968 
1969     Handle<Map> string_map = Handle<Map>(
1970         native_context()->string_function()->initial_map(), isolate());
1971     string_map->set_elements_kind(FAST_STRING_WRAPPER_ELEMENTS);
1972     Map::EnsureDescriptorSlack(isolate_, string_map, 1);
1973 
1974     PropertyAttributes attribs = static_cast<PropertyAttributes>(
1975         DONT_ENUM | DONT_DELETE | READ_ONLY);
1976 
1977     {  // Add length.
1978       Descriptor d = Descriptor::AccessorConstant(
1979           factory->length_string(), factory->string_length_accessor(), attribs);
1980       string_map->AppendDescriptor(&d);
1981     }
1982 
1983     // Install the String.fromCharCode function.
1984     SimpleInstallFunction(isolate_, string_fun, "fromCharCode",
1985                           Builtins::kStringFromCharCode, 1, false);
1986 
1987     // Install the String.fromCodePoint function.
1988     SimpleInstallFunction(isolate_, string_fun, "fromCodePoint",
1989                           Builtins::kStringFromCodePoint, 1, false);
1990 
1991     // Install the String.raw function.
1992     SimpleInstallFunction(isolate_, string_fun, "raw", Builtins::kStringRaw, 1,
1993                           false);
1994 
1995     // Create the %StringPrototype%
1996     Handle<JSValue> prototype =
1997         Handle<JSValue>::cast(factory->NewJSObject(string_fun, TENURED));
1998     prototype->set_value(ReadOnlyRoots(isolate_).empty_string());
1999     JSFunction::SetPrototype(string_fun, prototype);
2000     native_context()->set_initial_string_prototype(*prototype);
2001 
2002     // Install the "constructor" property on the {prototype}.
2003     JSObject::AddProperty(isolate_, prototype, factory->constructor_string(),
2004                           string_fun, DONT_ENUM);
2005 
2006     // Install the String.prototype methods.
2007     SimpleInstallFunction(isolate_, prototype, "anchor",
2008                           Builtins::kStringPrototypeAnchor, 1, true);
2009     SimpleInstallFunction(isolate_, prototype, "big",
2010                           Builtins::kStringPrototypeBig, 0, true);
2011     SimpleInstallFunction(isolate_, prototype, "blink",
2012                           Builtins::kStringPrototypeBlink, 0, true);
2013     SimpleInstallFunction(isolate_, prototype, "bold",
2014                           Builtins::kStringPrototypeBold, 0, true);
2015     SimpleInstallFunction(isolate_, prototype, "charAt",
2016                           Builtins::kStringPrototypeCharAt, 1, true);
2017     SimpleInstallFunction(isolate_, prototype, "charCodeAt",
2018                           Builtins::kStringPrototypeCharCodeAt, 1, true);
2019     SimpleInstallFunction(isolate_, prototype, "codePointAt",
2020                           Builtins::kStringPrototypeCodePointAt, 1, true);
2021     SimpleInstallFunction(isolate_, prototype, "concat",
2022                           Builtins::kStringPrototypeConcat, 1, false);
2023     SimpleInstallFunction(isolate_, prototype, "endsWith",
2024                           Builtins::kStringPrototypeEndsWith, 1, false);
2025     SimpleInstallFunction(isolate_, prototype, "fontcolor",
2026                           Builtins::kStringPrototypeFontcolor, 1, true);
2027     SimpleInstallFunction(isolate_, prototype, "fontsize",
2028                           Builtins::kStringPrototypeFontsize, 1, true);
2029     SimpleInstallFunction(isolate_, prototype, "fixed",
2030                           Builtins::kStringPrototypeFixed, 0, true);
2031     SimpleInstallFunction(isolate_, prototype, "includes",
2032                           Builtins::kStringPrototypeIncludes, 1, false);
2033     SimpleInstallFunction(isolate_, prototype, "indexOf",
2034                           Builtins::kStringPrototypeIndexOf, 1, false);
2035     SimpleInstallFunction(isolate_, prototype, "italics",
2036                           Builtins::kStringPrototypeItalics, 0, true);
2037     SimpleInstallFunction(isolate_, prototype, "lastIndexOf",
2038                           Builtins::kStringPrototypeLastIndexOf, 1, false);
2039     SimpleInstallFunction(isolate_, prototype, "link",
2040                           Builtins::kStringPrototypeLink, 1, true);
2041 #ifdef V8_INTL_SUPPORT
2042     SimpleInstallFunction(isolate_, prototype, "localeCompare",
2043                           Builtins::kStringPrototypeLocaleCompare, 1, false);
2044 #else
2045     SimpleInstallFunction(isolate_, prototype, "localeCompare",
2046                           Builtins::kStringPrototypeLocaleCompare, 1, true);
2047 #endif  // V8_INTL_SUPPORT
2048     SimpleInstallFunction(isolate_, prototype, "match",
2049                           Builtins::kStringPrototypeMatch, 1, true);
2050 #ifdef V8_INTL_SUPPORT
2051     SimpleInstallFunction(isolate_, prototype, "normalize",
2052                           Builtins::kStringPrototypeNormalizeIntl, 0, false);
2053 #else
2054     SimpleInstallFunction(isolate_, prototype, "normalize",
2055                           Builtins::kStringPrototypeNormalize, 0, false);
2056 #endif  // V8_INTL_SUPPORT
2057     SimpleInstallFunction(isolate_, prototype, "padEnd",
2058                           Builtins::kStringPrototypePadEnd, 1, false);
2059     SimpleInstallFunction(isolate_, prototype, "padStart",
2060                           Builtins::kStringPrototypePadStart, 1, false);
2061     SimpleInstallFunction(isolate_, prototype, "repeat",
2062                           Builtins::kStringPrototypeRepeat, 1, true);
2063     SimpleInstallFunction(isolate_, prototype, "replace",
2064                           Builtins::kStringPrototypeReplace, 2, true);
2065     SimpleInstallFunction(isolate_, prototype, "search",
2066                           Builtins::kStringPrototypeSearch, 1, true);
2067     SimpleInstallFunction(isolate_, prototype, "slice",
2068                           Builtins::kStringPrototypeSlice, 2, false);
2069     SimpleInstallFunction(isolate_, prototype, "small",
2070                           Builtins::kStringPrototypeSmall, 0, true);
2071     SimpleInstallFunction(isolate_, prototype, "split",
2072                           Builtins::kStringPrototypeSplit, 2, false);
2073     SimpleInstallFunction(isolate_, prototype, "strike",
2074                           Builtins::kStringPrototypeStrike, 0, true);
2075     SimpleInstallFunction(isolate_, prototype, "sub",
2076                           Builtins::kStringPrototypeSub, 0, true);
2077     SimpleInstallFunction(isolate_, prototype, "substr",
2078                           Builtins::kStringPrototypeSubstr, 2, false);
2079     SimpleInstallFunction(isolate_, prototype, "substring",
2080                           Builtins::kStringPrototypeSubstring, 2, false);
2081     SimpleInstallFunction(isolate_, prototype, "sup",
2082                           Builtins::kStringPrototypeSup, 0, true);
2083     SimpleInstallFunction(isolate_, prototype, "startsWith",
2084                           Builtins::kStringPrototypeStartsWith, 1, false);
2085     SimpleInstallFunction(isolate_, prototype, "toString",
2086                           Builtins::kStringPrototypeToString, 0, true);
2087     SimpleInstallFunction(isolate_, prototype, "trim",
2088                           Builtins::kStringPrototypeTrim, 0, false);
2089     SimpleInstallFunction(isolate_, prototype, "trimLeft",
2090                           Builtins::kStringPrototypeTrimStart, 0, false);
2091     SimpleInstallFunction(isolate_, prototype, "trimRight",
2092                           Builtins::kStringPrototypeTrimEnd, 0, false);
2093     SimpleInstallFunction(isolate_, prototype, "toLocaleLowerCase",
2094                           Builtins::kStringPrototypeToLocaleLowerCase, 0,
2095                           false);
2096     SimpleInstallFunction(isolate_, prototype, "toLocaleUpperCase",
2097                           Builtins::kStringPrototypeToLocaleUpperCase, 0,
2098                           false);
2099 #ifdef V8_INTL_SUPPORT
2100     SimpleInstallFunction(isolate_, prototype, "toLowerCase",
2101                           Builtins::kStringPrototypeToLowerCaseIntl, 0, true);
2102     SimpleInstallFunction(isolate_, prototype, "toUpperCase",
2103                           Builtins::kStringPrototypeToUpperCaseIntl, 0, false);
2104 #else
2105     SimpleInstallFunction(isolate_, prototype, "toLowerCase",
2106                           Builtins::kStringPrototypeToLowerCase, 0, false);
2107     SimpleInstallFunction(isolate_, prototype, "toUpperCase",
2108                           Builtins::kStringPrototypeToUpperCase, 0, false);
2109 #endif
2110     SimpleInstallFunction(isolate_, prototype, "valueOf",
2111                           Builtins::kStringPrototypeValueOf, 0, true);
2112 
2113     SimpleInstallFunction(isolate_, prototype, factory->iterator_symbol(),
2114                           "[Symbol.iterator]",
2115                           Builtins::kStringPrototypeIterator, 0, true,
2116                           DONT_ENUM, BuiltinFunctionId::kStringIterator);
2117   }
2118 
2119   {  // --- S t r i n g I t e r a t o r ---
2120     Handle<JSObject> iterator_prototype(
2121         native_context()->initial_iterator_prototype(), isolate());
2122 
2123     Handle<JSObject> string_iterator_prototype =
2124         factory->NewJSObject(isolate_->object_function(), TENURED);
2125     JSObject::ForceSetPrototype(string_iterator_prototype, iterator_prototype);
2126 
2127     JSObject::AddProperty(
2128         isolate_, string_iterator_prototype, factory->to_string_tag_symbol(),
2129         factory->NewStringFromAsciiChecked("String Iterator"),
2130         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
2131 
2132     SimpleInstallFunction(isolate_, string_iterator_prototype, "next",
2133                           Builtins::kStringIteratorPrototypeNext, 0, true,
2134                           BuiltinFunctionId::kStringIteratorNext);
2135 
2136     Handle<JSFunction> string_iterator_function = CreateFunction(
2137         isolate_, factory->NewStringFromAsciiChecked("StringIterator"),
2138         JS_STRING_ITERATOR_TYPE, JSStringIterator::kSize, 0,
2139         string_iterator_prototype, Builtins::kIllegal);
2140     string_iterator_function->shared()->set_native(false);
2141     native_context()->set_string_iterator_map(
2142         string_iterator_function->initial_map());
2143   }
2144 
2145   {  // --- S y m b o l ---
2146     Handle<JSFunction> symbol_fun = InstallFunction(
2147         isolate_, global, "Symbol", JS_VALUE_TYPE, JSValue::kSize, 0,
2148         factory->the_hole_value(), Builtins::kSymbolConstructor);
2149     symbol_fun->shared()->set_builtin_function_id(
2150         BuiltinFunctionId::kSymbolConstructor);
2151     symbol_fun->shared()->set_length(0);
2152     symbol_fun->shared()->DontAdaptArguments();
2153     native_context()->set_symbol_function(*symbol_fun);
2154 
2155     // Install the Symbol.for and Symbol.keyFor functions.
2156     SimpleInstallFunction(isolate_, symbol_fun, "for", Builtins::kSymbolFor, 1,
2157                           false);
2158     SimpleInstallFunction(isolate_, symbol_fun, "keyFor",
2159                           Builtins::kSymbolKeyFor, 1, false);
2160 
2161     // Install well-known symbols.
2162     InstallConstant(isolate_, symbol_fun, "asyncIterator",
2163                     factory->async_iterator_symbol());
2164     InstallConstant(isolate_, symbol_fun, "hasInstance",
2165                     factory->has_instance_symbol());
2166     InstallConstant(isolate_, symbol_fun, "isConcatSpreadable",
2167                     factory->is_concat_spreadable_symbol());
2168     InstallConstant(isolate_, symbol_fun, "iterator",
2169                     factory->iterator_symbol());
2170     InstallConstant(isolate_, symbol_fun, "match", factory->match_symbol());
2171     InstallConstant(isolate_, symbol_fun, "replace", factory->replace_symbol());
2172     InstallConstant(isolate_, symbol_fun, "search", factory->search_symbol());
2173     InstallConstant(isolate_, symbol_fun, "species", factory->species_symbol());
2174     InstallConstant(isolate_, symbol_fun, "split", factory->split_symbol());
2175     InstallConstant(isolate_, symbol_fun, "toPrimitive",
2176                     factory->to_primitive_symbol());
2177     InstallConstant(isolate_, symbol_fun, "toStringTag",
2178                     factory->to_string_tag_symbol());
2179     InstallConstant(isolate_, symbol_fun, "unscopables",
2180                     factory->unscopables_symbol());
2181 
2182     // Setup %SymbolPrototype%.
2183     Handle<JSObject> prototype(JSObject::cast(symbol_fun->instance_prototype()),
2184                                isolate());
2185 
2186     // Install the @@toStringTag property on the {prototype}.
2187     JSObject::AddProperty(
2188         isolate_, prototype, factory->to_string_tag_symbol(),
2189         factory->NewStringFromAsciiChecked("Symbol"),
2190         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
2191 
2192     // Install the Symbol.prototype methods.
2193     SimpleInstallFunction(isolate_, prototype, "toString",
2194                           Builtins::kSymbolPrototypeToString, 0, true);
2195     SimpleInstallFunction(isolate_, prototype, "valueOf",
2196                           Builtins::kSymbolPrototypeValueOf, 0, true);
2197 
2198     // Install the @@toPrimitive function.
2199     Handle<JSFunction> to_primitive = InstallFunction(
2200         isolate_, prototype, factory->to_primitive_symbol(), JS_OBJECT_TYPE,
2201         JSObject::kHeaderSize, 0, MaybeHandle<JSObject>(),
2202         Builtins::kSymbolPrototypeToPrimitive,
2203         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
2204 
2205     // Set the expected parameters for @@toPrimitive to 1; required by builtin.
2206     to_primitive->shared()->set_internal_formal_parameter_count(1);
2207 
2208     // Set the length for the function to satisfy ECMA-262.
2209     to_primitive->shared()->set_length(1);
2210   }
2211 
2212   {  // --- D a t e ---
2213     Handle<JSFunction> date_fun = InstallFunction(
2214         isolate_, global, "Date", JS_DATE_TYPE, JSDate::kSize, 0,
2215         factory->the_hole_value(), Builtins::kDateConstructor);
2216     InstallWithIntrinsicDefaultProto(isolate_, date_fun,
2217                                      Context::DATE_FUNCTION_INDEX);
2218     date_fun->shared()->set_length(7);
2219     date_fun->shared()->DontAdaptArguments();
2220 
2221     // Install the Date.now, Date.parse and Date.UTC functions.
2222     SimpleInstallFunction(isolate_, date_fun, "now", Builtins::kDateNow, 0,
2223                           false);
2224     SimpleInstallFunction(isolate_, date_fun, "parse", Builtins::kDateParse, 1,
2225                           false);
2226     SimpleInstallFunction(isolate_, date_fun, "UTC", Builtins::kDateUTC, 7,
2227                           false);
2228 
2229     // Setup %DatePrototype%.
2230     Handle<JSObject> prototype(JSObject::cast(date_fun->instance_prototype()),
2231                                isolate());
2232 
2233     // Install the Date.prototype methods.
2234     SimpleInstallFunction(isolate_, prototype, "toString",
2235                           Builtins::kDatePrototypeToString, 0, false);
2236     SimpleInstallFunction(isolate_, prototype, "toDateString",
2237                           Builtins::kDatePrototypeToDateString, 0, false);
2238     SimpleInstallFunction(isolate_, prototype, "toTimeString",
2239                           Builtins::kDatePrototypeToTimeString, 0, false);
2240     SimpleInstallFunction(isolate_, prototype, "toISOString",
2241                           Builtins::kDatePrototypeToISOString, 0, false);
2242     Handle<JSFunction> to_utc_string =
2243         SimpleInstallFunction(isolate_, prototype, "toUTCString",
2244                               Builtins::kDatePrototypeToUTCString, 0, false);
2245     InstallFunction(isolate_, prototype, to_utc_string,
2246                     factory->InternalizeUtf8String("toGMTString"), DONT_ENUM);
2247     SimpleInstallFunction(isolate_, prototype, "getDate",
2248                           Builtins::kDatePrototypeGetDate, 0, true);
2249     SimpleInstallFunction(isolate_, prototype, "setDate",
2250                           Builtins::kDatePrototypeSetDate, 1, false);
2251     SimpleInstallFunction(isolate_, prototype, "getDay",
2252                           Builtins::kDatePrototypeGetDay, 0, true);
2253     SimpleInstallFunction(isolate_, prototype, "getFullYear",
2254                           Builtins::kDatePrototypeGetFullYear, 0, true);
2255     SimpleInstallFunction(isolate_, prototype, "setFullYear",
2256                           Builtins::kDatePrototypeSetFullYear, 3, false);
2257     SimpleInstallFunction(isolate_, prototype, "getHours",
2258                           Builtins::kDatePrototypeGetHours, 0, true);
2259     SimpleInstallFunction(isolate_, prototype, "setHours",
2260                           Builtins::kDatePrototypeSetHours, 4, false);
2261     SimpleInstallFunction(isolate_, prototype, "getMilliseconds",
2262                           Builtins::kDatePrototypeGetMilliseconds, 0, true);
2263     SimpleInstallFunction(isolate_, prototype, "setMilliseconds",
2264                           Builtins::kDatePrototypeSetMilliseconds, 1, false);
2265     SimpleInstallFunction(isolate_, prototype, "getMinutes",
2266                           Builtins::kDatePrototypeGetMinutes, 0, true);
2267     SimpleInstallFunction(isolate_, prototype, "setMinutes",
2268                           Builtins::kDatePrototypeSetMinutes, 3, false);
2269     SimpleInstallFunction(isolate_, prototype, "getMonth",
2270                           Builtins::kDatePrototypeGetMonth, 0, true);
2271     SimpleInstallFunction(isolate_, prototype, "setMonth",
2272                           Builtins::kDatePrototypeSetMonth, 2, false);
2273     SimpleInstallFunction(isolate_, prototype, "getSeconds",
2274                           Builtins::kDatePrototypeGetSeconds, 0, true);
2275     SimpleInstallFunction(isolate_, prototype, "setSeconds",
2276                           Builtins::kDatePrototypeSetSeconds, 2, false);
2277     SimpleInstallFunction(isolate_, prototype, "getTime",
2278                           Builtins::kDatePrototypeGetTime, 0, true);
2279     SimpleInstallFunction(isolate_, prototype, "setTime",
2280                           Builtins::kDatePrototypeSetTime, 1, false);
2281     SimpleInstallFunction(isolate_, prototype, "getTimezoneOffset",
2282                           Builtins::kDatePrototypeGetTimezoneOffset, 0, true);
2283     SimpleInstallFunction(isolate_, prototype, "getUTCDate",
2284                           Builtins::kDatePrototypeGetUTCDate, 0, true);
2285     SimpleInstallFunction(isolate_, prototype, "setUTCDate",
2286                           Builtins::kDatePrototypeSetUTCDate, 1, false);
2287     SimpleInstallFunction(isolate_, prototype, "getUTCDay",
2288                           Builtins::kDatePrototypeGetUTCDay, 0, true);
2289     SimpleInstallFunction(isolate_, prototype, "getUTCFullYear",
2290                           Builtins::kDatePrototypeGetUTCFullYear, 0, true);
2291     SimpleInstallFunction(isolate_, prototype, "setUTCFullYear",
2292                           Builtins::kDatePrototypeSetUTCFullYear, 3, false);
2293     SimpleInstallFunction(isolate_, prototype, "getUTCHours",
2294                           Builtins::kDatePrototypeGetUTCHours, 0, true);
2295     SimpleInstallFunction(isolate_, prototype, "setUTCHours",
2296                           Builtins::kDatePrototypeSetUTCHours, 4, false);
2297     SimpleInstallFunction(isolate_, prototype, "getUTCMilliseconds",
2298                           Builtins::kDatePrototypeGetUTCMilliseconds, 0, true);
2299     SimpleInstallFunction(isolate_, prototype, "setUTCMilliseconds",
2300                           Builtins::kDatePrototypeSetUTCMilliseconds, 1, false);
2301     SimpleInstallFunction(isolate_, prototype, "getUTCMinutes",
2302                           Builtins::kDatePrototypeGetUTCMinutes, 0, true);
2303     SimpleInstallFunction(isolate_, prototype, "setUTCMinutes",
2304                           Builtins::kDatePrototypeSetUTCMinutes, 3, false);
2305     SimpleInstallFunction(isolate_, prototype, "getUTCMonth",
2306                           Builtins::kDatePrototypeGetUTCMonth, 0, true);
2307     SimpleInstallFunction(isolate_, prototype, "setUTCMonth",
2308                           Builtins::kDatePrototypeSetUTCMonth, 2, false);
2309     SimpleInstallFunction(isolate_, prototype, "getUTCSeconds",
2310                           Builtins::kDatePrototypeGetUTCSeconds, 0, true);
2311     SimpleInstallFunction(isolate_, prototype, "setUTCSeconds",
2312                           Builtins::kDatePrototypeSetUTCSeconds, 2, false);
2313     SimpleInstallFunction(isolate_, prototype, "valueOf",
2314                           Builtins::kDatePrototypeValueOf, 0, true);
2315     SimpleInstallFunction(isolate_, prototype, "getYear",
2316                           Builtins::kDatePrototypeGetYear, 0, true);
2317     SimpleInstallFunction(isolate_, prototype, "setYear",
2318                           Builtins::kDatePrototypeSetYear, 1, false);
2319     SimpleInstallFunction(isolate_, prototype, "toJSON",
2320                           Builtins::kDatePrototypeToJson, 1, false);
2321 
2322     // Install Intl fallback functions.
2323     SimpleInstallFunction(isolate_, prototype, "toLocaleString",
2324                           Builtins::kDatePrototypeToString, 0, false);
2325     SimpleInstallFunction(isolate_, prototype, "toLocaleDateString",
2326                           Builtins::kDatePrototypeToDateString, 0, false);
2327     SimpleInstallFunction(isolate_, prototype, "toLocaleTimeString",
2328                           Builtins::kDatePrototypeToTimeString, 0, false);
2329 
2330     // Install the @@toPrimitive function.
2331     Handle<JSFunction> to_primitive = InstallFunction(
2332         isolate_, prototype, factory->to_primitive_symbol(), JS_OBJECT_TYPE,
2333         JSObject::kHeaderSize, 0, MaybeHandle<JSObject>(),
2334         Builtins::kDatePrototypeToPrimitive,
2335         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
2336 
2337     // Set the expected parameters for @@toPrimitive to 1; required by builtin.
2338     to_primitive->shared()->set_internal_formal_parameter_count(1);
2339 
2340     // Set the length for the function to satisfy ECMA-262.
2341     to_primitive->shared()->set_length(1);
2342   }
2343 
2344   {
2345     Handle<SharedFunctionInfo> info = SimpleCreateBuiltinSharedFunctionInfo(
2346         isolate_, Builtins::kPromiseGetCapabilitiesExecutor,
2347         factory->empty_string(), 2);
2348     native_context()->set_promise_get_capabilities_executor_shared_fun(*info);
2349   }
2350 
2351   {  // -- P r o m i s e
2352     Handle<JSFunction> promise_fun = InstallFunction(
2353         isolate_, global, "Promise", JS_PROMISE_TYPE,
2354         JSPromise::kSizeWithEmbedderFields, 0, factory->the_hole_value(),
2355         Builtins::kPromiseConstructor);
2356     InstallWithIntrinsicDefaultProto(isolate_, promise_fun,
2357                                      Context::PROMISE_FUNCTION_INDEX);
2358 
2359     Handle<SharedFunctionInfo> shared(promise_fun->shared(), isolate_);
2360     shared->set_internal_formal_parameter_count(1);
2361     shared->set_length(1);
2362 
2363     InstallSpeciesGetter(isolate_, promise_fun);
2364 
2365     SimpleInstallFunction(isolate_, promise_fun, "all", Builtins::kPromiseAll,
2366                           1, true);
2367 
2368     SimpleInstallFunction(isolate_, promise_fun, "race", Builtins::kPromiseRace,
2369                           1, true);
2370 
2371     SimpleInstallFunction(isolate_, promise_fun, "resolve",
2372                           Builtins::kPromiseResolveTrampoline, 1, true);
2373 
2374     SimpleInstallFunction(isolate_, promise_fun, "reject",
2375                           Builtins::kPromiseReject, 1, true);
2376 
2377     // Setup %PromisePrototype%.
2378     Handle<JSObject> prototype(
2379         JSObject::cast(promise_fun->instance_prototype()), isolate());
2380     native_context()->set_promise_prototype(*prototype);
2381 
2382     // Install the @@toStringTag property on the {prototype}.
2383     JSObject::AddProperty(
2384         isolate_, prototype, factory->to_string_tag_symbol(),
2385         factory->Promise_string(),
2386         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
2387 
2388     Handle<JSFunction> promise_then = SimpleInstallFunction(
2389         isolate_, prototype, isolate_->factory()->then_string(),
2390         Builtins::kPromisePrototypeThen, 2, true);
2391     native_context()->set_promise_then(*promise_then);
2392 
2393     Handle<JSFunction> promise_catch =
2394         SimpleInstallFunction(isolate_, prototype, "catch",
2395                               Builtins::kPromisePrototypeCatch, 1, true);
2396     native_context()->set_promise_catch(*promise_catch);
2397 
2398     SimpleInstallFunction(isolate_, prototype, "finally",
2399                           Builtins::kPromisePrototypeFinally, 1, true,
2400                           DONT_ENUM);
2401 
2402     {
2403       Handle<SharedFunctionInfo> info = SimpleCreateSharedFunctionInfo(
2404           isolate(), Builtins::kPromiseThenFinally,
2405           isolate_->factory()->empty_string(), 1);
2406       info->set_native(true);
2407       native_context()->set_promise_then_finally_shared_fun(*info);
2408     }
2409 
2410     {
2411       Handle<SharedFunctionInfo> info = SimpleCreateSharedFunctionInfo(
2412           isolate(), Builtins::kPromiseCatchFinally,
2413           isolate_->factory()->empty_string(), 1);
2414       info->set_native(true);
2415       native_context()->set_promise_catch_finally_shared_fun(*info);
2416     }
2417 
2418     {
2419       Handle<SharedFunctionInfo> info = SimpleCreateSharedFunctionInfo(
2420           isolate(), Builtins::kPromiseValueThunkFinally,
2421           isolate_->factory()->empty_string(), 0);
2422       native_context()->set_promise_value_thunk_finally_shared_fun(*info);
2423     }
2424 
2425     {
2426       Handle<SharedFunctionInfo> info = SimpleCreateSharedFunctionInfo(
2427           isolate(), Builtins::kPromiseThrowerFinally,
2428           isolate_->factory()->empty_string(), 0);
2429       native_context()->set_promise_thrower_finally_shared_fun(*info);
2430     }
2431 
2432     // Force the Promise constructor to fast properties, so that we can use the
2433     // fast paths for various things like
2434     //
2435     //   x instanceof Promise
2436     //
2437     // etc. We should probably come up with a more principled approach once
2438     // the JavaScript builtins are gone.
2439     JSObject::MigrateSlowToFast(Handle<JSObject>::cast(promise_fun), 0,
2440                                 "Bootstrapping");
2441 
2442     Handle<Map> prototype_map(prototype->map(), isolate());
2443     Map::SetShouldBeFastPrototypeMap(prototype_map, true, isolate_);
2444 
2445     {  // Internal: IsPromise
2446       Handle<JSFunction> function = SimpleCreateFunction(
2447           isolate_, factory->empty_string(), Builtins::kIsPromise, 1, false);
2448       native_context()->set_is_promise(*function);
2449     }
2450 
2451     {
2452       Handle<SharedFunctionInfo> info = SimpleCreateSharedFunctionInfo(
2453           isolate_, Builtins::kPromiseCapabilityDefaultResolve,
2454           factory->empty_string(), 1, FunctionKind::kConciseMethod);
2455       info->set_native(true);
2456       info->set_function_map_index(
2457           Context::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX);
2458       native_context()->set_promise_capability_default_resolve_shared_fun(
2459           *info);
2460 
2461       info = SimpleCreateSharedFunctionInfo(
2462           isolate_, Builtins::kPromiseCapabilityDefaultReject,
2463           factory->empty_string(), 1, FunctionKind::kConciseMethod);
2464       info->set_native(true);
2465       info->set_function_map_index(
2466           Context::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX);
2467       native_context()->set_promise_capability_default_reject_shared_fun(*info);
2468     }
2469 
2470     {
2471       Handle<SharedFunctionInfo> info = SimpleCreateSharedFunctionInfo(
2472           isolate_, Builtins::kPromiseAllResolveElementClosure,
2473           factory->empty_string(), 1);
2474       native_context()->set_promise_all_resolve_element_shared_fun(*info);
2475     }
2476 
2477     // Force the Promise constructor to fast properties, so that we can use the
2478     // fast paths for various things like
2479     //
2480     //   x instanceof Promise
2481     //
2482     // etc. We should probably come up with a more principled approach once
2483     // the JavaScript builtins are gone.
2484     JSObject::MigrateSlowToFast(promise_fun, 0, "Bootstrapping");
2485   }
2486 
2487   {  // -- R e g E x p
2488     // Builtin functions for RegExp.prototype.
2489     Handle<JSFunction> regexp_fun = InstallFunction(
2490         isolate_, global, "RegExp", JS_REGEXP_TYPE,
2491         JSRegExp::kSize + JSRegExp::kInObjectFieldCount * kPointerSize,
2492         JSRegExp::kInObjectFieldCount, factory->the_hole_value(),
2493         Builtins::kRegExpConstructor);
2494     InstallWithIntrinsicDefaultProto(isolate_, regexp_fun,
2495                                      Context::REGEXP_FUNCTION_INDEX);
2496 
2497     Handle<SharedFunctionInfo> shared(regexp_fun->shared(), isolate_);
2498     shared->set_internal_formal_parameter_count(2);
2499     shared->set_length(2);
2500 
2501     {
2502       // Setup %RegExpPrototype%.
2503       Handle<JSObject> prototype(
2504           JSObject::cast(regexp_fun->instance_prototype()), isolate());
2505 
2506       {
2507         Handle<JSFunction> fun = SimpleInstallFunction(
2508             isolate_, prototype, factory->exec_string(),
2509             Builtins::kRegExpPrototypeExec, 1, true, DONT_ENUM);
2510         native_context()->set_regexp_exec_function(*fun);
2511       }
2512 
2513       SimpleInstallGetter(isolate_, prototype, factory->dotAll_string(),
2514                           Builtins::kRegExpPrototypeDotAllGetter, true);
2515       SimpleInstallGetter(isolate_, prototype, factory->flags_string(),
2516                           Builtins::kRegExpPrototypeFlagsGetter, true);
2517       SimpleInstallGetter(isolate_, prototype, factory->global_string(),
2518                           Builtins::kRegExpPrototypeGlobalGetter, true);
2519       SimpleInstallGetter(isolate_, prototype, factory->ignoreCase_string(),
2520                           Builtins::kRegExpPrototypeIgnoreCaseGetter, true);
2521       SimpleInstallGetter(isolate_, prototype, factory->multiline_string(),
2522                           Builtins::kRegExpPrototypeMultilineGetter, true);
2523       SimpleInstallGetter(isolate_, prototype, factory->source_string(),
2524                           Builtins::kRegExpPrototypeSourceGetter, true);
2525       SimpleInstallGetter(isolate_, prototype, factory->sticky_string(),
2526                           Builtins::kRegExpPrototypeStickyGetter, true);
2527       SimpleInstallGetter(isolate_, prototype, factory->unicode_string(),
2528                           Builtins::kRegExpPrototypeUnicodeGetter, true);
2529 
2530       SimpleInstallFunction(isolate_, prototype, "compile",
2531                             Builtins::kRegExpPrototypeCompile, 2, true,
2532                             DONT_ENUM);
2533       SimpleInstallFunction(isolate_, prototype, factory->toString_string(),
2534                             Builtins::kRegExpPrototypeToString, 0, false,
2535                             DONT_ENUM);
2536       SimpleInstallFunction(isolate_, prototype, "test",
2537                             Builtins::kRegExpPrototypeTest, 1, true, DONT_ENUM);
2538 
2539       SimpleInstallFunction(isolate_, prototype, factory->match_symbol(),
2540                             "[Symbol.match]", Builtins::kRegExpPrototypeMatch,
2541                             1, true);
2542 
2543       SimpleInstallFunction(isolate_, prototype, factory->replace_symbol(),
2544                             "[Symbol.replace]",
2545                             Builtins::kRegExpPrototypeReplace, 2, false);
2546 
2547       SimpleInstallFunction(isolate_, prototype, factory->search_symbol(),
2548                             "[Symbol.search]", Builtins::kRegExpPrototypeSearch,
2549                             1, true);
2550 
2551       SimpleInstallFunction(isolate_, prototype, factory->split_symbol(),
2552                             "[Symbol.split]", Builtins::kRegExpPrototypeSplit,
2553                             2, false);
2554 
2555       Handle<Map> prototype_map(prototype->map(), isolate());
2556       Map::SetShouldBeFastPrototypeMap(prototype_map, true, isolate_);
2557 
2558       // Store the initial RegExp.prototype map. This is used in fast-path
2559       // checks. Do not alter the prototype after this point.
2560       native_context()->set_regexp_prototype_map(*prototype_map);
2561     }
2562 
2563     {
2564       // RegExp getters and setters.
2565 
2566       InstallSpeciesGetter(isolate_, regexp_fun);
2567 
2568       // Static properties set by a successful match.
2569 
2570       const PropertyAttributes no_enum = DONT_ENUM;
2571       SimpleInstallGetterSetter(isolate_, regexp_fun, factory->input_string(),
2572                                 Builtins::kRegExpInputGetter,
2573                                 Builtins::kRegExpInputSetter, no_enum);
2574       SimpleInstallGetterSetter(
2575           isolate_, regexp_fun, factory->InternalizeUtf8String("$_"),
2576           Builtins::kRegExpInputGetter, Builtins::kRegExpInputSetter, no_enum);
2577 
2578       SimpleInstallGetterSetter(
2579           isolate_, regexp_fun, factory->InternalizeUtf8String("lastMatch"),
2580           Builtins::kRegExpLastMatchGetter, Builtins::kEmptyFunction, no_enum);
2581       SimpleInstallGetterSetter(
2582           isolate_, regexp_fun, factory->InternalizeUtf8String("$&"),
2583           Builtins::kRegExpLastMatchGetter, Builtins::kEmptyFunction, no_enum);
2584 
2585       SimpleInstallGetterSetter(
2586           isolate_, regexp_fun, factory->InternalizeUtf8String("lastParen"),
2587           Builtins::kRegExpLastParenGetter, Builtins::kEmptyFunction, no_enum);
2588       SimpleInstallGetterSetter(
2589           isolate_, regexp_fun, factory->InternalizeUtf8String("$+"),
2590           Builtins::kRegExpLastParenGetter, Builtins::kEmptyFunction, no_enum);
2591 
2592       SimpleInstallGetterSetter(isolate_, regexp_fun,
2593                                 factory->InternalizeUtf8String("leftContext"),
2594                                 Builtins::kRegExpLeftContextGetter,
2595                                 Builtins::kEmptyFunction, no_enum);
2596       SimpleInstallGetterSetter(isolate_, regexp_fun,
2597                                 factory->InternalizeUtf8String("$`"),
2598                                 Builtins::kRegExpLeftContextGetter,
2599                                 Builtins::kEmptyFunction, no_enum);
2600 
2601       SimpleInstallGetterSetter(isolate_, regexp_fun,
2602                                 factory->InternalizeUtf8String("rightContext"),
2603                                 Builtins::kRegExpRightContextGetter,
2604                                 Builtins::kEmptyFunction, no_enum);
2605       SimpleInstallGetterSetter(isolate_, regexp_fun,
2606                                 factory->InternalizeUtf8String("$'"),
2607                                 Builtins::kRegExpRightContextGetter,
2608                                 Builtins::kEmptyFunction, no_enum);
2609 
2610 #define INSTALL_CAPTURE_GETTER(i)                                   \
2611   SimpleInstallGetterSetter(                                        \
2612       isolate_, regexp_fun, factory->InternalizeUtf8String("$" #i), \
2613       Builtins::kRegExpCapture##i##Getter, Builtins::kEmptyFunction, no_enum)
2614       INSTALL_CAPTURE_GETTER(1);
2615       INSTALL_CAPTURE_GETTER(2);
2616       INSTALL_CAPTURE_GETTER(3);
2617       INSTALL_CAPTURE_GETTER(4);
2618       INSTALL_CAPTURE_GETTER(5);
2619       INSTALL_CAPTURE_GETTER(6);
2620       INSTALL_CAPTURE_GETTER(7);
2621       INSTALL_CAPTURE_GETTER(8);
2622       INSTALL_CAPTURE_GETTER(9);
2623 #undef INSTALL_CAPTURE_GETTER
2624     }
2625 
2626     DCHECK(regexp_fun->has_initial_map());
2627     Handle<Map> initial_map(regexp_fun->initial_map(), isolate());
2628 
2629     DCHECK_EQ(1, initial_map->GetInObjectProperties());
2630 
2631     Map::EnsureDescriptorSlack(isolate_, initial_map, 1);
2632 
2633     // ECMA-262, section 15.10.7.5.
2634     PropertyAttributes writable =
2635         static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE);
2636     Descriptor d = Descriptor::DataField(isolate(), factory->lastIndex_string(),
2637                                          JSRegExp::kLastIndexFieldIndex,
2638                                          writable, Representation::Tagged());
2639     initial_map->AppendDescriptor(&d);
2640 
2641     {  // Internal: RegExpInternalMatch
2642       Handle<JSFunction> function =
2643           SimpleCreateFunction(isolate_, isolate_->factory()->empty_string(),
2644                                Builtins::kRegExpInternalMatch, 2, true);
2645       native_context()->set(Context::REGEXP_INTERNAL_MATCH, *function);
2646     }
2647 
2648     // Create the last match info. One for external use, and one for internal
2649     // use when we don't want to modify the externally visible match info.
2650     Handle<RegExpMatchInfo> last_match_info = factory->NewRegExpMatchInfo();
2651     native_context()->set_regexp_last_match_info(*last_match_info);
2652     Handle<RegExpMatchInfo> internal_match_info = factory->NewRegExpMatchInfo();
2653     native_context()->set_regexp_internal_match_info(*internal_match_info);
2654 
2655     // Force the RegExp constructor to fast properties, so that we can use the
2656     // fast paths for various things like
2657     //
2658     //   x instanceof RegExp
2659     //
2660     // etc. We should probably come up with a more principled approach once
2661     // the JavaScript builtins are gone.
2662     JSObject::MigrateSlowToFast(regexp_fun, 0, "Bootstrapping");
2663   }
2664 
2665   {  // -- E r r o r
2666     InstallError(isolate_, global, factory->Error_string(),
2667                  Context::ERROR_FUNCTION_INDEX);
2668     InstallMakeError(isolate_, Builtins::kMakeError, Context::MAKE_ERROR_INDEX);
2669   }
2670 
2671   {  // -- E v a l E r r o r
2672     InstallError(isolate_, global, factory->EvalError_string(),
2673                  Context::EVAL_ERROR_FUNCTION_INDEX);
2674   }
2675 
2676   {  // -- R a n g e E r r o r
2677     InstallError(isolate_, global, factory->RangeError_string(),
2678                  Context::RANGE_ERROR_FUNCTION_INDEX);
2679     InstallMakeError(isolate_, Builtins::kMakeRangeError,
2680                      Context::MAKE_RANGE_ERROR_INDEX);
2681   }
2682 
2683   {  // -- R e f e r e n c e E r r o r
2684     InstallError(isolate_, global, factory->ReferenceError_string(),
2685                  Context::REFERENCE_ERROR_FUNCTION_INDEX);
2686   }
2687 
2688   {  // -- S y n t a x E r r o r
2689     InstallError(isolate_, global, factory->SyntaxError_string(),
2690                  Context::SYNTAX_ERROR_FUNCTION_INDEX);
2691     InstallMakeError(isolate_, Builtins::kMakeSyntaxError,
2692                      Context::MAKE_SYNTAX_ERROR_INDEX);
2693   }
2694 
2695   {  // -- T y p e E r r o r
2696     InstallError(isolate_, global, factory->TypeError_string(),
2697                  Context::TYPE_ERROR_FUNCTION_INDEX);
2698     InstallMakeError(isolate_, Builtins::kMakeTypeError,
2699                      Context::MAKE_TYPE_ERROR_INDEX);
2700   }
2701 
2702   {  // -- U R I E r r o r
2703     InstallError(isolate_, global, factory->URIError_string(),
2704                  Context::URI_ERROR_FUNCTION_INDEX);
2705     InstallMakeError(isolate_, Builtins::kMakeURIError,
2706                      Context::MAKE_URI_ERROR_INDEX);
2707   }
2708 
2709   {  // -- C o m p i l e E r r o r
2710     Handle<JSObject> dummy = factory->NewJSObject(isolate_->object_function());
2711     InstallError(isolate_, dummy, factory->CompileError_string(),
2712                  Context::WASM_COMPILE_ERROR_FUNCTION_INDEX);
2713 
2714     // -- L i n k E r r o r
2715     InstallError(isolate_, dummy, factory->LinkError_string(),
2716                  Context::WASM_LINK_ERROR_FUNCTION_INDEX);
2717 
2718     // -- R u n t i m e E r r o r
2719     InstallError(isolate_, dummy, factory->RuntimeError_string(),
2720                  Context::WASM_RUNTIME_ERROR_FUNCTION_INDEX);
2721   }
2722 
2723   // Initialize the embedder data slot.
2724   native_context()->set_embedder_data(*factory->empty_fixed_array());
2725 
2726   {  // -- J S O N
2727     Handle<String> name = factory->InternalizeUtf8String("JSON");
2728     Handle<JSObject> json_object =
2729         factory->NewJSObject(isolate_->object_function(), TENURED);
2730     JSObject::AddProperty(isolate_, global, name, json_object, DONT_ENUM);
2731     SimpleInstallFunction(isolate_, json_object, "parse", Builtins::kJsonParse,
2732                           2, false);
2733     SimpleInstallFunction(isolate_, json_object, "stringify",
2734                           Builtins::kJsonStringify, 3, true);
2735     JSObject::AddProperty(
2736         isolate_, json_object, factory->to_string_tag_symbol(),
2737         factory->NewStringFromAsciiChecked("JSON"),
2738         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
2739   }
2740 
2741   {  // -- M a t h
2742     Handle<String> name = factory->InternalizeUtf8String("Math");
2743     Handle<JSObject> math =
2744         factory->NewJSObject(isolate_->object_function(), TENURED);
2745     JSObject::AddProperty(isolate_, global, name, math, DONT_ENUM);
2746     SimpleInstallFunction(isolate_, math, "abs", Builtins::kMathAbs, 1, true);
2747     SimpleInstallFunction(isolate_, math, "acos", Builtins::kMathAcos, 1, true);
2748     SimpleInstallFunction(isolate_, math, "acosh", Builtins::kMathAcosh, 1,
2749                           true);
2750     SimpleInstallFunction(isolate_, math, "asin", Builtins::kMathAsin, 1, true);
2751     SimpleInstallFunction(isolate_, math, "asinh", Builtins::kMathAsinh, 1,
2752                           true);
2753     SimpleInstallFunction(isolate_, math, "atan", Builtins::kMathAtan, 1, true);
2754     SimpleInstallFunction(isolate_, math, "atanh", Builtins::kMathAtanh, 1,
2755                           true);
2756     SimpleInstallFunction(isolate_, math, "atan2", Builtins::kMathAtan2, 2,
2757                           true);
2758     SimpleInstallFunction(isolate_, math, "ceil", Builtins::kMathCeil, 1, true);
2759     SimpleInstallFunction(isolate_, math, "cbrt", Builtins::kMathCbrt, 1, true);
2760     SimpleInstallFunction(isolate_, math, "expm1", Builtins::kMathExpm1, 1,
2761                           true);
2762     SimpleInstallFunction(isolate_, math, "clz32", Builtins::kMathClz32, 1,
2763                           true);
2764     SimpleInstallFunction(isolate_, math, "cos", Builtins::kMathCos, 1, true);
2765     SimpleInstallFunction(isolate_, math, "cosh", Builtins::kMathCosh, 1, true);
2766     SimpleInstallFunction(isolate_, math, "exp", Builtins::kMathExp, 1, true);
2767     Handle<JSFunction> math_floor = SimpleInstallFunction(
2768         isolate_, math, "floor", Builtins::kMathFloor, 1, true);
2769     native_context()->set_math_floor(*math_floor);
2770     SimpleInstallFunction(isolate_, math, "fround", Builtins::kMathFround, 1,
2771                           true);
2772     SimpleInstallFunction(isolate_, math, "hypot", Builtins::kMathHypot, 2,
2773                           false);
2774     SimpleInstallFunction(isolate_, math, "imul", Builtins::kMathImul, 2, true);
2775     SimpleInstallFunction(isolate_, math, "log", Builtins::kMathLog, 1, true);
2776     SimpleInstallFunction(isolate_, math, "log1p", Builtins::kMathLog1p, 1,
2777                           true);
2778     SimpleInstallFunction(isolate_, math, "log2", Builtins::kMathLog2, 1, true);
2779     SimpleInstallFunction(isolate_, math, "log10", Builtins::kMathLog10, 1,
2780                           true);
2781     SimpleInstallFunction(isolate_, math, "max", Builtins::kMathMax, 2, false);
2782     SimpleInstallFunction(isolate_, math, "min", Builtins::kMathMin, 2, false);
2783     Handle<JSFunction> math_pow = SimpleInstallFunction(
2784         isolate_, math, "pow", Builtins::kMathPow, 2, true);
2785     native_context()->set_math_pow(*math_pow);
2786     SimpleInstallFunction(isolate_, math, "random", Builtins::kMathRandom, 0,
2787                           true);
2788     SimpleInstallFunction(isolate_, math, "round", Builtins::kMathRound, 1,
2789                           true);
2790     SimpleInstallFunction(isolate_, math, "sign", Builtins::kMathSign, 1, true);
2791     SimpleInstallFunction(isolate_, math, "sin", Builtins::kMathSin, 1, true);
2792     SimpleInstallFunction(isolate_, math, "sinh", Builtins::kMathSinh, 1, true);
2793     SimpleInstallFunction(isolate_, math, "sqrt", Builtins::kMathSqrt, 1, true);
2794     SimpleInstallFunction(isolate_, math, "tan", Builtins::kMathTan, 1, true);
2795     SimpleInstallFunction(isolate_, math, "tanh", Builtins::kMathTanh, 1, true);
2796     SimpleInstallFunction(isolate_, math, "trunc", Builtins::kMathTrunc, 1,
2797                           true);
2798 
2799     // Install math constants.
2800     double const kE = base::ieee754::exp(1.0);
2801     double const kPI = 3.1415926535897932;
2802     InstallConstant(isolate_, math, "E", factory->NewNumber(kE));
2803     InstallConstant(isolate_, math, "LN10",
2804                     factory->NewNumber(base::ieee754::log(10.0)));
2805     InstallConstant(isolate_, math, "LN2",
2806                     factory->NewNumber(base::ieee754::log(2.0)));
2807     InstallConstant(isolate_, math, "LOG10E",
2808                     factory->NewNumber(base::ieee754::log10(kE)));
2809     InstallConstant(isolate_, math, "LOG2E",
2810                     factory->NewNumber(base::ieee754::log2(kE)));
2811     InstallConstant(isolate_, math, "PI", factory->NewNumber(kPI));
2812     InstallConstant(isolate_, math, "SQRT1_2",
2813                     factory->NewNumber(std::sqrt(0.5)));
2814     InstallConstant(isolate_, math, "SQRT2",
2815                     factory->NewNumber(std::sqrt(2.0)));
2816     JSObject::AddProperty(
2817         isolate_, math, factory->to_string_tag_symbol(),
2818         factory->NewStringFromAsciiChecked("Math"),
2819         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
2820   }
2821 
2822   {  // -- C o n s o l e
2823     Handle<String> name = factory->InternalizeUtf8String("console");
2824     NewFunctionArgs args = NewFunctionArgs::ForFunctionWithoutCode(
2825         name, isolate_->strict_function_map(), LanguageMode::kStrict);
2826     Handle<JSFunction> cons = factory->NewFunction(args);
2827 
2828     Handle<JSObject> empty = factory->NewJSObject(isolate_->object_function());
2829     JSFunction::SetPrototype(cons, empty);
2830 
2831     Handle<JSObject> console = factory->NewJSObject(cons, TENURED);
2832     DCHECK(console->IsJSObject());
2833     JSObject::AddProperty(isolate_, global, name, console, DONT_ENUM);
2834     SimpleInstallFunction(isolate_, console, "debug", Builtins::kConsoleDebug,
2835                           1, false, NONE);
2836     SimpleInstallFunction(isolate_, console, "error", Builtins::kConsoleError,
2837                           1, false, NONE);
2838     SimpleInstallFunction(isolate_, console, "info", Builtins::kConsoleInfo, 1,
2839                           false, NONE);
2840     SimpleInstallFunction(isolate_, console, "log", Builtins::kConsoleLog, 1,
2841                           false, NONE);
2842     SimpleInstallFunction(isolate_, console, "warn", Builtins::kConsoleWarn, 1,
2843                           false, NONE);
2844     SimpleInstallFunction(isolate_, console, "dir", Builtins::kConsoleDir, 1,
2845                           false, NONE);
2846     SimpleInstallFunction(isolate_, console, "dirxml", Builtins::kConsoleDirXml,
2847                           1, false, NONE);
2848     SimpleInstallFunction(isolate_, console, "table", Builtins::kConsoleTable,
2849                           1, false, NONE);
2850     SimpleInstallFunction(isolate_, console, "trace", Builtins::kConsoleTrace,
2851                           1, false, NONE);
2852     SimpleInstallFunction(isolate_, console, "group", Builtins::kConsoleGroup,
2853                           1, false, NONE);
2854     SimpleInstallFunction(isolate_, console, "groupCollapsed",
2855                           Builtins::kConsoleGroupCollapsed, 1, false, NONE);
2856     SimpleInstallFunction(isolate_, console, "groupEnd",
2857                           Builtins::kConsoleGroupEnd, 1, false, NONE);
2858     SimpleInstallFunction(isolate_, console, "clear", Builtins::kConsoleClear,
2859                           1, false, NONE);
2860     SimpleInstallFunction(isolate_, console, "count", Builtins::kConsoleCount,
2861                           1, false, NONE);
2862     SimpleInstallFunction(isolate_, console, "countReset",
2863                           Builtins::kConsoleCountReset, 1, false, NONE);
2864     SimpleInstallFunction(isolate_, console, "assert",
2865                           Builtins::kFastConsoleAssert, 1, false, NONE);
2866     SimpleInstallFunction(isolate_, console, "profile",
2867                           Builtins::kConsoleProfile, 1, false, NONE);
2868     SimpleInstallFunction(isolate_, console, "profileEnd",
2869                           Builtins::kConsoleProfileEnd, 1, false, NONE);
2870     SimpleInstallFunction(isolate_, console, "time", Builtins::kConsoleTime, 1,
2871                           false, NONE);
2872     SimpleInstallFunction(isolate_, console, "timeEnd",
2873                           Builtins::kConsoleTimeEnd, 1, false, NONE);
2874     SimpleInstallFunction(isolate_, console, "timeStamp",
2875                           Builtins::kConsoleTimeStamp, 1, false, NONE);
2876     SimpleInstallFunction(isolate_, console, "context",
2877                           Builtins::kConsoleContext, 1, true, NONE);
2878     JSObject::AddProperty(
2879         isolate_, console, factory->to_string_tag_symbol(),
2880         factory->NewStringFromAsciiChecked("Object"),
2881         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
2882   }
2883 
2884 #ifdef V8_INTL_SUPPORT
2885   {  // -- I n t l
2886     Handle<String> name = factory->InternalizeUtf8String("Intl");
2887     Handle<JSObject> intl =
2888         factory->NewJSObject(isolate_->object_function(), TENURED);
2889     JSObject::AddProperty(isolate_, global, name, intl, DONT_ENUM);
2890 
2891     {
2892       Handle<JSFunction> date_time_format_constructor = InstallFunction(
2893           isolate_, intl, "DateTimeFormat", JS_OBJECT_TYPE, DateFormat::kSize,
2894           0, factory->the_hole_value(), Builtins::kIllegal);
2895       native_context()->set_intl_date_time_format_function(
2896           *date_time_format_constructor);
2897 
2898       Handle<JSObject> prototype(
2899           JSObject::cast(date_time_format_constructor->prototype()), isolate_);
2900 
2901       // Install the @@toStringTag property on the {prototype}.
2902       JSObject::AddProperty(
2903           isolate_, prototype, factory->to_string_tag_symbol(),
2904           factory->Object_string(),
2905           static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
2906 
2907       SimpleInstallFunction(isolate_, prototype, "formatToParts",
2908                             Builtins::kDateTimeFormatPrototypeFormatToParts, 1,
2909                             false);
2910 
2911       SimpleInstallGetter(isolate_, prototype,
2912                           factory->InternalizeUtf8String("format"),
2913                           Builtins::kDateTimeFormatPrototypeFormat, false);
2914 
2915       {
2916         Handle<SharedFunctionInfo> info = SimpleCreateBuiltinSharedFunctionInfo(
2917             isolate_, Builtins::kDateTimeFormatInternalFormat,
2918             factory->empty_string(), 1);
2919         native_context()->set_date_format_internal_format_shared_fun(*info);
2920       }
2921     }
2922 
2923     {
2924       Handle<JSFunction> number_format_constructor = InstallFunction(
2925           isolate_, intl, "NumberFormat", JS_OBJECT_TYPE, NumberFormat::kSize,
2926           0, factory->the_hole_value(), Builtins::kIllegal);
2927       native_context()->set_intl_number_format_function(
2928           *number_format_constructor);
2929 
2930       Handle<JSObject> prototype(
2931           JSObject::cast(number_format_constructor->prototype()), isolate_);
2932 
2933       // Install the @@toStringTag property on the {prototype}.
2934       JSObject::AddProperty(
2935           isolate_, prototype, factory->to_string_tag_symbol(),
2936           factory->Object_string(),
2937           static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
2938 
2939       SimpleInstallFunction(isolate_, prototype, "formatToParts",
2940                             Builtins::kNumberFormatPrototypeFormatToParts, 1,
2941                             false);
2942       SimpleInstallGetter(isolate_, prototype,
2943                           factory->InternalizeUtf8String("format"),
2944                           Builtins::kNumberFormatPrototypeFormatNumber, false);
2945 
2946       {
2947         Handle<SharedFunctionInfo> info = SimpleCreateBuiltinSharedFunctionInfo(
2948             isolate_, Builtins::kNumberFormatInternalFormatNumber,
2949             factory->empty_string(), 1);
2950         native_context()->set_number_format_internal_format_number_shared_fun(
2951             *info);
2952       }
2953     }
2954 
2955     {
2956       Handle<JSFunction> collator_constructor = InstallFunction(
2957           isolate_, intl, "Collator", JS_INTL_COLLATOR_TYPE, JSCollator::kSize,
2958           0, factory->the_hole_value(), Builtins::kCollatorConstructor);
2959       collator_constructor->shared()->DontAdaptArguments();
2960       InstallWithIntrinsicDefaultProto(isolate_, collator_constructor,
2961                                        Context::INTL_COLLATOR_FUNCTION_INDEX);
2962 
2963       Handle<JSObject> prototype(
2964           JSObject::cast(collator_constructor->prototype()), isolate_);
2965 
2966       // Install the @@toStringTag property on the {prototype}.
2967       JSObject::AddProperty(
2968           isolate_, prototype, factory->to_string_tag_symbol(),
2969           factory->Object_string(),
2970           static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
2971 
2972       SimpleInstallGetter(isolate_, prototype,
2973                           factory->InternalizeUtf8String("compare"),
2974                           Builtins::kCollatorPrototypeCompare, false);
2975 
2976       {
2977         Handle<SharedFunctionInfo> info = SimpleCreateBuiltinSharedFunctionInfo(
2978             isolate_, Builtins::kCollatorInternalCompare,
2979             factory->empty_string(), 2);
2980         native_context()->set_collator_internal_compare_shared_fun(*info);
2981       }
2982     }
2983 
2984     {
2985       Handle<JSFunction> v8_break_iterator_constructor =
2986           InstallFunction(isolate_, intl, "v8BreakIterator", JS_OBJECT_TYPE,
2987                           V8BreakIterator::kSize, 0, factory->the_hole_value(),
2988                           Builtins::kIllegal);
2989       native_context()->set_intl_v8_break_iterator_function(
2990           *v8_break_iterator_constructor);
2991 
2992       Handle<JSObject> prototype(
2993           JSObject::cast(v8_break_iterator_constructor->prototype()), isolate_);
2994 
2995       // Install the @@toStringTag property on the {prototype}.
2996       JSObject::AddProperty(
2997           isolate_, prototype, factory->to_string_tag_symbol(),
2998           factory->Object_string(),
2999           static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
3000 
3001       SimpleInstallGetter(isolate_, prototype,
3002                           factory->InternalizeUtf8String("adoptText"),
3003                           Builtins::kBreakIteratorPrototypeAdoptText, false);
3004 
3005       {
3006         Handle<SharedFunctionInfo> info = SimpleCreateBuiltinSharedFunctionInfo(
3007             isolate_, Builtins::kBreakIteratorInternalAdoptText,
3008             factory->empty_string(), 1);
3009         native_context()->set_break_iterator_internal_adopt_text_shared_fun(
3010             *info);
3011       }
3012     }
3013 
3014     {
3015       Handle<JSFunction> plural_rules_constructor = InstallFunction(
3016           isolate_, intl, "PluralRules", JS_INTL_PLURAL_RULES_TYPE,
3017           JSPluralRules::kSize, 0, factory->the_hole_value(),
3018           Builtins::kPluralRulesConstructor);
3019       plural_rules_constructor->shared()->DontAdaptArguments();
3020       InstallWithIntrinsicDefaultProto(
3021           isolate_, plural_rules_constructor,
3022           Context::INTL_PLURAL_RULES_FUNCTION_INDEX);
3023 
3024       Handle<JSObject> prototype(
3025           JSObject::cast(plural_rules_constructor->prototype()), isolate_);
3026 
3027       // Install the @@toStringTag property on the {prototype}.
3028       JSObject::AddProperty(
3029           isolate_, prototype, factory->to_string_tag_symbol(),
3030           factory->Object_string(),
3031           static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
3032     }
3033   }
3034 #endif  // V8_INTL_SUPPORT
3035 
3036   {  // -- A r r a y B u f f e r
3037     Handle<String> name = factory->ArrayBuffer_string();
3038     Handle<JSFunction> array_buffer_fun = CreateArrayBuffer(name, ARRAY_BUFFER);
3039     JSObject::AddProperty(isolate_, global, name, array_buffer_fun, DONT_ENUM);
3040     InstallWithIntrinsicDefaultProto(isolate_, array_buffer_fun,
3041                                      Context::ARRAY_BUFFER_FUN_INDEX);
3042     InstallSpeciesGetter(isolate_, array_buffer_fun);
3043 
3044     Handle<JSFunction> array_buffer_noinit_fun = SimpleCreateFunction(
3045         isolate_,
3046         factory->NewStringFromAsciiChecked(
3047             "arrayBufferConstructor_DoNotInitialize"),
3048         Builtins::kArrayBufferConstructor_DoNotInitialize, 1, false);
3049     native_context()->set_array_buffer_noinit_fun(*array_buffer_noinit_fun);
3050   }
3051 
3052   {  // -- S h a r e d A r r a y B u f f e r
3053     Handle<String> name = factory->SharedArrayBuffer_string();
3054     Handle<JSFunction> shared_array_buffer_fun =
3055         CreateArrayBuffer(name, SHARED_ARRAY_BUFFER);
3056     InstallWithIntrinsicDefaultProto(isolate_, shared_array_buffer_fun,
3057                                      Context::SHARED_ARRAY_BUFFER_FUN_INDEX);
3058     InstallSpeciesGetter(isolate_, shared_array_buffer_fun);
3059   }
3060 
3061   {  // -- A t o m i c s
3062     Handle<JSObject> atomics_object =
3063         factory->NewJSObject(isolate_->object_function(), TENURED);
3064     native_context()->set_atomics_object(*atomics_object);
3065 
3066     SimpleInstallFunction(isolate_, atomics_object, "load",
3067                           Builtins::kAtomicsLoad, 2, true);
3068     SimpleInstallFunction(isolate_, atomics_object, "store",
3069                           Builtins::kAtomicsStore, 3, true);
3070     SimpleInstallFunction(isolate_, atomics_object, "add",
3071                           Builtins::kAtomicsAdd, 3, true);
3072     SimpleInstallFunction(isolate_, atomics_object, "sub",
3073                           Builtins::kAtomicsSub, 3, true);
3074     SimpleInstallFunction(isolate_, atomics_object, "and",
3075                           Builtins::kAtomicsAnd, 3, true);
3076     SimpleInstallFunction(isolate_, atomics_object, "or", Builtins::kAtomicsOr,
3077                           3, true);
3078     SimpleInstallFunction(isolate_, atomics_object, "xor",
3079                           Builtins::kAtomicsXor, 3, true);
3080     SimpleInstallFunction(isolate_, atomics_object, "exchange",
3081                           Builtins::kAtomicsExchange, 3, true);
3082     SimpleInstallFunction(isolate_, atomics_object, "compareExchange",
3083                           Builtins::kAtomicsCompareExchange, 4, true);
3084     SimpleInstallFunction(isolate_, atomics_object, "isLockFree",
3085                           Builtins::kAtomicsIsLockFree, 1, true);
3086     SimpleInstallFunction(isolate_, atomics_object, "wait",
3087                           Builtins::kAtomicsWait, 4, true);
3088     SimpleInstallFunction(isolate_, atomics_object, "wake",
3089                           Builtins::kAtomicsWake, 3, true);
3090     SimpleInstallFunction(isolate_, atomics_object, "notify",
3091                           Builtins::kAtomicsWake, 3, true);
3092   }
3093 
3094   {  // -- T y p e d A r r a y
3095     Handle<JSFunction> typed_array_fun = CreateFunction(
3096         isolate_, factory->InternalizeUtf8String("TypedArray"),
3097         JS_TYPED_ARRAY_TYPE, JSTypedArray::kSize, 0, factory->the_hole_value(),
3098         Builtins::kTypedArrayBaseConstructor);
3099     typed_array_fun->shared()->set_native(false);
3100     typed_array_fun->shared()->set_length(0);
3101     InstallSpeciesGetter(isolate_, typed_array_fun);
3102     native_context()->set_typed_array_function(*typed_array_fun);
3103 
3104     SimpleInstallFunction(isolate_, typed_array_fun, "of",
3105                           Builtins::kTypedArrayOf, 0, false);
3106     SimpleInstallFunction(isolate_, typed_array_fun, "from",
3107                           Builtins::kTypedArrayFrom, 1, false);
3108 
3109     // Setup %TypedArrayPrototype%.
3110     Handle<JSObject> prototype(
3111         JSObject::cast(typed_array_fun->instance_prototype()), isolate());
3112     native_context()->set_typed_array_prototype(*prototype);
3113 
3114     // Install the "buffer", "byteOffset", "byteLength", "length"
3115     // and @@toStringTag getters on the {prototype}.
3116     SimpleInstallGetter(isolate_, prototype, factory->buffer_string(),
3117                         Builtins::kTypedArrayPrototypeBuffer, false);
3118     SimpleInstallGetter(isolate_, prototype, factory->byte_length_string(),
3119                         Builtins::kTypedArrayPrototypeByteLength, true,
3120                         BuiltinFunctionId::kTypedArrayByteLength);
3121     SimpleInstallGetter(isolate_, prototype, factory->byte_offset_string(),
3122                         Builtins::kTypedArrayPrototypeByteOffset, true,
3123                         BuiltinFunctionId::kTypedArrayByteOffset);
3124     SimpleInstallGetter(isolate_, prototype, factory->length_string(),
3125                         Builtins::kTypedArrayPrototypeLength, true,
3126                         BuiltinFunctionId::kTypedArrayLength);
3127     SimpleInstallGetter(isolate_, prototype, factory->to_string_tag_symbol(),
3128                         Builtins::kTypedArrayPrototypeToStringTag, true,
3129                         BuiltinFunctionId::kTypedArrayToStringTag);
3130 
3131     // Install "keys", "values" and "entries" methods on the {prototype}.
3132     SimpleInstallFunction(isolate_, prototype, "entries",
3133                           Builtins::kTypedArrayPrototypeEntries, 0, true,
3134                           BuiltinFunctionId::kTypedArrayEntries);
3135 
3136     SimpleInstallFunction(isolate_, prototype, "keys",
3137                           Builtins::kTypedArrayPrototypeKeys, 0, true,
3138                           BuiltinFunctionId::kTypedArrayKeys);
3139 
3140     Handle<JSFunction> values = SimpleInstallFunction(
3141         isolate_, prototype, "values", Builtins::kTypedArrayPrototypeValues, 0,
3142         true, BuiltinFunctionId::kTypedArrayValues);
3143     JSObject::AddProperty(isolate_, prototype, factory->iterator_symbol(),
3144                           values, DONT_ENUM);
3145 
3146     // TODO(caitp): alphasort accessors/methods
3147     SimpleInstallFunction(isolate_, prototype, "copyWithin",
3148                           Builtins::kTypedArrayPrototypeCopyWithin, 2, false);
3149     SimpleInstallFunction(isolate_, prototype, "every",
3150                           Builtins::kTypedArrayPrototypeEvery, 1, false);
3151     SimpleInstallFunction(isolate_, prototype, "fill",
3152                           Builtins::kTypedArrayPrototypeFill, 1, false);
3153     SimpleInstallFunction(isolate_, prototype, "filter",
3154                           Builtins::kTypedArrayPrototypeFilter, 1, false);
3155     SimpleInstallFunction(isolate_, prototype, "find",
3156                           Builtins::kTypedArrayPrototypeFind, 1, false);
3157     SimpleInstallFunction(isolate_, prototype, "findIndex",
3158                           Builtins::kTypedArrayPrototypeFindIndex, 1, false);
3159     SimpleInstallFunction(isolate_, prototype, "forEach",
3160                           Builtins::kTypedArrayPrototypeForEach, 1, false);
3161     SimpleInstallFunction(isolate_, prototype, "includes",
3162                           Builtins::kTypedArrayPrototypeIncludes, 1, false);
3163     SimpleInstallFunction(isolate_, prototype, "indexOf",
3164                           Builtins::kTypedArrayPrototypeIndexOf, 1, false);
3165     SimpleInstallFunction(isolate_, prototype, "lastIndexOf",
3166                           Builtins::kTypedArrayPrototypeLastIndexOf, 1, false);
3167     SimpleInstallFunction(isolate_, prototype, "map",
3168                           Builtins::kTypedArrayPrototypeMap, 1, false);
3169     SimpleInstallFunction(isolate_, prototype, "reverse",
3170                           Builtins::kTypedArrayPrototypeReverse, 0, false);
3171     SimpleInstallFunction(isolate_, prototype, "reduce",
3172                           Builtins::kTypedArrayPrototypeReduce, 1, false);
3173     SimpleInstallFunction(isolate_, prototype, "reduceRight",
3174                           Builtins::kTypedArrayPrototypeReduceRight, 1, false);
3175     SimpleInstallFunction(isolate_, prototype, "set",
3176                           Builtins::kTypedArrayPrototypeSet, 1, false);
3177     SimpleInstallFunction(isolate_, prototype, "slice",
3178                           Builtins::kTypedArrayPrototypeSlice, 2, false);
3179     SimpleInstallFunction(isolate_, prototype, "some",
3180                           Builtins::kTypedArrayPrototypeSome, 1, false);
3181     SimpleInstallFunction(isolate_, prototype, "sort",
3182                           Builtins::kTypedArrayPrototypeSort, 1, false);
3183     SimpleInstallFunction(isolate_, prototype, "subarray",
3184                           Builtins::kTypedArrayPrototypeSubArray, 2, false);
3185   }
3186 
3187   {  // -- T y p e d A r r a y s
3188 #define INSTALL_TYPED_ARRAY(Type, type, TYPE, ctype)                   \
3189   {                                                                    \
3190     Handle<JSFunction> fun =                                           \
3191         InstallTypedArray(#Type "Array", TYPE##_ELEMENTS);             \
3192     InstallWithIntrinsicDefaultProto(isolate_, fun,                    \
3193                                      Context::TYPE##_ARRAY_FUN_INDEX); \
3194   }
3195     TYPED_ARRAYS(INSTALL_TYPED_ARRAY)
3196 #undef INSTALL_TYPED_ARRAY
3197   }
3198 
3199   {  // -- D a t a V i e w
3200     Handle<JSFunction> data_view_fun = InstallFunction(
3201         isolate_, global, "DataView", JS_DATA_VIEW_TYPE,
3202         JSDataView::kSizeWithEmbedderFields, 0, factory->the_hole_value(),
3203         Builtins::kDataViewConstructor);
3204     InstallWithIntrinsicDefaultProto(isolate_, data_view_fun,
3205                                      Context::DATA_VIEW_FUN_INDEX);
3206     data_view_fun->shared()->set_length(1);
3207     data_view_fun->shared()->DontAdaptArguments();
3208 
3209     // Setup %DataViewPrototype%.
3210     Handle<JSObject> prototype(
3211         JSObject::cast(data_view_fun->instance_prototype()), isolate());
3212 
3213     // Install the @@toStringTag property on the {prototype}.
3214     JSObject::AddProperty(
3215         isolate_, prototype, factory->to_string_tag_symbol(),
3216         factory->NewStringFromAsciiChecked("DataView"),
3217         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
3218 
3219     // Install the "buffer", "byteOffset" and "byteLength" getters
3220     // on the {prototype}.
3221     SimpleInstallGetter(isolate_, prototype, factory->buffer_string(),
3222                         Builtins::kDataViewPrototypeGetBuffer, false,
3223                         BuiltinFunctionId::kDataViewBuffer);
3224     SimpleInstallGetter(isolate_, prototype, factory->byte_length_string(),
3225                         Builtins::kDataViewPrototypeGetByteLength, false,
3226                         BuiltinFunctionId::kDataViewByteLength);
3227     SimpleInstallGetter(isolate_, prototype, factory->byte_offset_string(),
3228                         Builtins::kDataViewPrototypeGetByteOffset, false,
3229                         BuiltinFunctionId::kDataViewByteOffset);
3230 
3231     SimpleInstallFunction(isolate_, prototype, "getInt8",
3232                           Builtins::kDataViewPrototypeGetInt8, 1, false);
3233     SimpleInstallFunction(isolate_, prototype, "setInt8",
3234                           Builtins::kDataViewPrototypeSetInt8, 2, false);
3235     SimpleInstallFunction(isolate_, prototype, "getUint8",
3236                           Builtins::kDataViewPrototypeGetUint8, 1, false);
3237     SimpleInstallFunction(isolate_, prototype, "setUint8",
3238                           Builtins::kDataViewPrototypeSetUint8, 2, false);
3239     SimpleInstallFunction(isolate_, prototype, "getInt16",
3240                           Builtins::kDataViewPrototypeGetInt16, 1, false);
3241     SimpleInstallFunction(isolate_, prototype, "setInt16",
3242                           Builtins::kDataViewPrototypeSetInt16, 2, false);
3243     SimpleInstallFunction(isolate_, prototype, "getUint16",
3244                           Builtins::kDataViewPrototypeGetUint16, 1, false);
3245     SimpleInstallFunction(isolate_, prototype, "setUint16",
3246                           Builtins::kDataViewPrototypeSetUint16, 2, false);
3247     SimpleInstallFunction(isolate_, prototype, "getInt32",
3248                           Builtins::kDataViewPrototypeGetInt32, 1, false);
3249     SimpleInstallFunction(isolate_, prototype, "setInt32",
3250                           Builtins::kDataViewPrototypeSetInt32, 2, false);
3251     SimpleInstallFunction(isolate_, prototype, "getUint32",
3252                           Builtins::kDataViewPrototypeGetUint32, 1, false);
3253     SimpleInstallFunction(isolate_, prototype, "setUint32",
3254                           Builtins::kDataViewPrototypeSetUint32, 2, false);
3255     SimpleInstallFunction(isolate_, prototype, "getFloat32",
3256                           Builtins::kDataViewPrototypeGetFloat32, 1, false);
3257     SimpleInstallFunction(isolate_, prototype, "setFloat32",
3258                           Builtins::kDataViewPrototypeSetFloat32, 2, false);
3259     SimpleInstallFunction(isolate_, prototype, "getFloat64",
3260                           Builtins::kDataViewPrototypeGetFloat64, 1, false);
3261     SimpleInstallFunction(isolate_, prototype, "setFloat64",
3262                           Builtins::kDataViewPrototypeSetFloat64, 2, false);
3263   }
3264 
3265   {  // -- M a p
3266     Handle<JSFunction> js_map_fun =
3267         InstallFunction(isolate_, global, "Map", JS_MAP_TYPE, JSMap::kSize, 0,
3268                         factory->the_hole_value(), Builtins::kMapConstructor);
3269     InstallWithIntrinsicDefaultProto(isolate_, js_map_fun,
3270                                      Context::JS_MAP_FUN_INDEX);
3271 
3272     Handle<SharedFunctionInfo> shared(js_map_fun->shared(), isolate_);
3273     shared->DontAdaptArguments();
3274     shared->set_length(0);
3275 
3276     // Setup %MapPrototype%.
3277     Handle<JSObject> prototype(JSObject::cast(js_map_fun->instance_prototype()),
3278                                isolate());
3279 
3280     // Install the @@toStringTag property on the {prototype}.
3281     JSObject::AddProperty(
3282         isolate_, prototype, factory->to_string_tag_symbol(),
3283         factory->Map_string(),
3284         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
3285 
3286     Handle<JSFunction> map_get = SimpleInstallFunction(
3287         isolate_, prototype, "get", Builtins::kMapPrototypeGet, 1, true);
3288     native_context()->set_map_get(*map_get);
3289 
3290     Handle<JSFunction> map_set = SimpleInstallFunction(
3291         isolate_, prototype, "set", Builtins::kMapPrototypeSet, 2, true);
3292     native_context()->set_map_set(*map_set);
3293 
3294     Handle<JSFunction> map_has = SimpleInstallFunction(
3295         isolate_, prototype, "has", Builtins::kMapPrototypeHas, 1, true);
3296     native_context()->set_map_has(*map_has);
3297 
3298     Handle<JSFunction> map_delete = SimpleInstallFunction(
3299         isolate_, prototype, "delete", Builtins::kMapPrototypeDelete, 1, true);
3300     native_context()->set_map_delete(*map_delete);
3301 
3302     SimpleInstallFunction(isolate_, prototype, "clear",
3303                           Builtins::kMapPrototypeClear, 0, true);
3304     Handle<JSFunction> entries =
3305         SimpleInstallFunction(isolate_, prototype, "entries",
3306                               Builtins::kMapPrototypeEntries, 0, true);
3307     JSObject::AddProperty(isolate_, prototype, factory->iterator_symbol(),
3308                           entries, DONT_ENUM);
3309     SimpleInstallFunction(isolate_, prototype, "forEach",
3310                           Builtins::kMapPrototypeForEach, 1, false);
3311     SimpleInstallFunction(isolate_, prototype, "keys",
3312                           Builtins::kMapPrototypeKeys, 0, true);
3313     SimpleInstallGetter(
3314         isolate_, prototype, factory->InternalizeUtf8String("size"),
3315         Builtins::kMapPrototypeGetSize, true, BuiltinFunctionId::kMapSize);
3316     SimpleInstallFunction(isolate_, prototype, "values",
3317                           Builtins::kMapPrototypeValues, 0, true);
3318 
3319     native_context()->set_initial_map_prototype_map(prototype->map());
3320 
3321     InstallSpeciesGetter(isolate_, js_map_fun);
3322   }
3323 
3324   {  // -- S e t
3325     Handle<JSFunction> js_set_fun =
3326         InstallFunction(isolate_, global, "Set", JS_SET_TYPE, JSSet::kSize, 0,
3327                         factory->the_hole_value(), Builtins::kSetConstructor);
3328     InstallWithIntrinsicDefaultProto(isolate_, js_set_fun,
3329                                      Context::JS_SET_FUN_INDEX);
3330 
3331     Handle<SharedFunctionInfo> shared(js_set_fun->shared(), isolate_);
3332     shared->DontAdaptArguments();
3333     shared->set_length(0);
3334 
3335     // Setup %SetPrototype%.
3336     Handle<JSObject> prototype(JSObject::cast(js_set_fun->instance_prototype()),
3337                                isolate());
3338 
3339     // Install the @@toStringTag property on the {prototype}.
3340     JSObject::AddProperty(
3341         isolate_, prototype, factory->to_string_tag_symbol(),
3342         factory->Set_string(),
3343         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
3344 
3345     Handle<JSFunction> set_has = SimpleInstallFunction(
3346         isolate_, prototype, "has", Builtins::kSetPrototypeHas, 1, true);
3347     native_context()->set_set_has(*set_has);
3348 
3349     Handle<JSFunction> set_add = SimpleInstallFunction(
3350         isolate_, prototype, "add", Builtins::kSetPrototypeAdd, 1, true);
3351     native_context()->set_set_add(*set_add);
3352 
3353     Handle<JSFunction> set_delete = SimpleInstallFunction(
3354         isolate_, prototype, "delete", Builtins::kSetPrototypeDelete, 1, true);
3355     native_context()->set_set_delete(*set_delete);
3356 
3357     SimpleInstallFunction(isolate_, prototype, "clear",
3358                           Builtins::kSetPrototypeClear, 0, true);
3359     SimpleInstallFunction(isolate_, prototype, "entries",
3360                           Builtins::kSetPrototypeEntries, 0, true);
3361     SimpleInstallFunction(isolate_, prototype, "forEach",
3362                           Builtins::kSetPrototypeForEach, 1, false);
3363     SimpleInstallGetter(
3364         isolate_, prototype, factory->InternalizeUtf8String("size"),
3365         Builtins::kSetPrototypeGetSize, true, BuiltinFunctionId::kSetSize);
3366     Handle<JSFunction> values = SimpleInstallFunction(
3367         isolate_, prototype, "values", Builtins::kSetPrototypeValues, 0, true);
3368     JSObject::AddProperty(isolate_, prototype, factory->keys_string(), values,
3369                           DONT_ENUM);
3370     JSObject::AddProperty(isolate_, prototype, factory->iterator_symbol(),
3371                           values, DONT_ENUM);
3372 
3373     native_context()->set_initial_set_prototype_map(prototype->map());
3374 
3375     InstallSpeciesGetter(isolate_, js_set_fun);
3376   }
3377 
3378   {  // -- J S M o d u l e N a m e s p a c e
3379     Handle<Map> map = factory->NewMap(
3380         JS_MODULE_NAMESPACE_TYPE, JSModuleNamespace::kSize,
3381         TERMINAL_FAST_ELEMENTS_KIND, JSModuleNamespace::kInObjectFieldCount);
3382     Map::SetPrototype(isolate(), map, isolate_->factory()->null_value());
3383     Map::EnsureDescriptorSlack(isolate_, map, 1);
3384     native_context()->set_js_module_namespace_map(*map);
3385 
3386     {  // Install @@toStringTag.
3387       PropertyAttributes attribs =
3388           static_cast<PropertyAttributes>(DONT_DELETE | DONT_ENUM | READ_ONLY);
3389       Descriptor d =
3390           Descriptor::DataField(isolate(), factory->to_string_tag_symbol(),
3391                                 JSModuleNamespace::kToStringTagFieldIndex,
3392                                 attribs, Representation::Tagged());
3393       map->AppendDescriptor(&d);
3394     }
3395   }
3396 
3397   {  // -- I t e r a t o r R e s u l t
3398     Handle<Map> map = factory->NewMap(JS_OBJECT_TYPE, JSIteratorResult::kSize,
3399                                       TERMINAL_FAST_ELEMENTS_KIND, 2);
3400     Map::SetPrototype(isolate(), map, isolate_->initial_object_prototype());
3401     Map::EnsureDescriptorSlack(isolate_, map, 2);
3402 
3403     {  // value
3404       Descriptor d = Descriptor::DataField(isolate(), factory->value_string(),
3405                                            JSIteratorResult::kValueIndex, NONE,
3406                                            Representation::Tagged());
3407       map->AppendDescriptor(&d);
3408     }
3409 
3410     {  // done
3411       Descriptor d = Descriptor::DataField(isolate(), factory->done_string(),
3412                                            JSIteratorResult::kDoneIndex, NONE,
3413                                            Representation::Tagged());
3414       map->AppendDescriptor(&d);
3415     }
3416 
3417     map->SetConstructor(native_context()->object_function());
3418     native_context()->set_iterator_result_map(*map);
3419   }
3420 
3421   {  // -- W e a k M a p
3422     Handle<JSFunction> cons = InstallFunction(
3423         isolate_, global, "WeakMap", JS_WEAK_MAP_TYPE, JSWeakMap::kSize, 0,
3424         factory->the_hole_value(), Builtins::kWeakMapConstructor);
3425     InstallWithIntrinsicDefaultProto(isolate_, cons,
3426                                      Context::JS_WEAK_MAP_FUN_INDEX);
3427 
3428     Handle<SharedFunctionInfo> shared(cons->shared(), isolate_);
3429     shared->DontAdaptArguments();
3430     shared->set_length(0);
3431 
3432     // Setup %WeakMapPrototype%.
3433     Handle<JSObject> prototype(JSObject::cast(cons->instance_prototype()),
3434                                isolate());
3435 
3436     SimpleInstallFunction(isolate_, prototype, "delete",
3437                           Builtins::kWeakMapPrototypeDelete, 1, true);
3438     SimpleInstallFunction(isolate_, prototype, "get", Builtins::kWeakMapGet, 1,
3439                           true);
3440     SimpleInstallFunction(isolate_, prototype, "has", Builtins::kWeakMapHas, 1,
3441                           true);
3442     Handle<JSFunction> weakmap_set = SimpleInstallFunction(
3443         isolate_, prototype, "set", Builtins::kWeakMapPrototypeSet, 2, true);
3444     native_context()->set_weakmap_set(*weakmap_set);
3445 
3446     JSObject::AddProperty(
3447         isolate_, prototype, factory->to_string_tag_symbol(),
3448         factory->NewStringFromAsciiChecked("WeakMap"),
3449         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
3450 
3451     native_context()->set_initial_weakmap_prototype_map(prototype->map());
3452   }
3453 
3454   {  // -- W e a k S e t
3455     Handle<JSFunction> cons = InstallFunction(
3456         isolate_, global, "WeakSet", JS_WEAK_SET_TYPE, JSWeakSet::kSize, 0,
3457         factory->the_hole_value(), Builtins::kWeakSetConstructor);
3458     InstallWithIntrinsicDefaultProto(isolate_, cons,
3459                                      Context::JS_WEAK_SET_FUN_INDEX);
3460 
3461     Handle<SharedFunctionInfo> shared(cons->shared(), isolate_);
3462     shared->DontAdaptArguments();
3463     shared->set_length(0);
3464 
3465     // Setup %WeakSetPrototype%.
3466     Handle<JSObject> prototype(JSObject::cast(cons->instance_prototype()),
3467                                isolate());
3468 
3469     SimpleInstallFunction(isolate_, prototype, "delete",
3470                           Builtins::kWeakSetPrototypeDelete, 1, true);
3471     SimpleInstallFunction(isolate_, prototype, "has", Builtins::kWeakSetHas, 1,
3472                           true);
3473     Handle<JSFunction> weakset_add = SimpleInstallFunction(
3474         isolate_, prototype, "add", Builtins::kWeakSetPrototypeAdd, 1, true);
3475     native_context()->set_weakset_add(*weakset_add);
3476 
3477     JSObject::AddProperty(
3478         isolate_, prototype, factory->to_string_tag_symbol(),
3479         factory->NewStringFromAsciiChecked("WeakSet"),
3480         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
3481 
3482     native_context()->set_initial_weakset_prototype_map(prototype->map());
3483   }
3484 
3485   {  // -- P r o x y
3486     CreateJSProxyMaps();
3487     // Proxy function map has prototype slot for storing initial map but does
3488     // not have a prototype property.
3489     Handle<Map> proxy_function_map = Map::Copy(
3490         isolate_, isolate_->strict_function_without_prototype_map(), "Proxy");
3491     proxy_function_map->set_is_constructor(true);
3492 
3493     Handle<String> name = factory->Proxy_string();
3494 
3495     NewFunctionArgs args = NewFunctionArgs::ForBuiltin(
3496         name, proxy_function_map, Builtins::kProxyConstructor);
3497     Handle<JSFunction> proxy_function = factory->NewFunction(args);
3498 
3499     isolate_->proxy_map()->SetConstructor(*proxy_function);
3500 
3501     proxy_function->shared()->set_internal_formal_parameter_count(2);
3502     proxy_function->shared()->set_length(2);
3503 
3504     native_context()->set_proxy_function(*proxy_function);
3505     InstallFunction(isolate_, global, name, proxy_function,
3506                     factory->Object_string());
3507 
3508     DCHECK(!proxy_function->has_prototype_property());
3509 
3510     SimpleInstallFunction(isolate_, proxy_function, "revocable",
3511                           Builtins::kProxyRevocable, 2, true);
3512 
3513     {  // Internal: ProxyRevoke
3514       Handle<SharedFunctionInfo> info = SimpleCreateSharedFunctionInfo(
3515           isolate_, Builtins::kProxyRevoke, factory->empty_string(), 0);
3516       native_context()->set_proxy_revoke_shared_fun(*info);
3517     }
3518   }
3519 
3520   {  // -- R e f l e c t
3521     Handle<String> reflect_string = factory->InternalizeUtf8String("Reflect");
3522     Handle<JSObject> reflect =
3523         factory->NewJSObject(isolate_->object_function(), TENURED);
3524     JSObject::AddProperty(isolate_, global, reflect_string, reflect, DONT_ENUM);
3525 
3526     Handle<JSFunction> define_property = SimpleInstallFunction(
3527         isolate_, reflect, factory->defineProperty_string(),
3528         Builtins::kReflectDefineProperty, 3, true);
3529     native_context()->set_reflect_define_property(*define_property);
3530 
3531     Handle<JSFunction> delete_property = SimpleInstallFunction(
3532         isolate_, reflect, factory->deleteProperty_string(),
3533         Builtins::kReflectDeleteProperty, 2, true);
3534     native_context()->set_reflect_delete_property(*delete_property);
3535 
3536     Handle<JSFunction> apply =
3537         SimpleInstallFunction(isolate_, reflect, factory->apply_string(),
3538                               Builtins::kReflectApply, 3, false);
3539     native_context()->set_reflect_apply(*apply);
3540 
3541     Handle<JSFunction> construct =
3542         SimpleInstallFunction(isolate_, reflect, factory->construct_string(),
3543                               Builtins::kReflectConstruct, 2, false);
3544     native_context()->set_reflect_construct(*construct);
3545 
3546     SimpleInstallFunction(isolate_, reflect, factory->get_string(),
3547                           Builtins::kReflectGet, 2, false);
3548     SimpleInstallFunction(isolate_, reflect,
3549                           factory->getOwnPropertyDescriptor_string(),
3550                           Builtins::kReflectGetOwnPropertyDescriptor, 2, true);
3551     SimpleInstallFunction(isolate_, reflect, factory->getPrototypeOf_string(),
3552                           Builtins::kReflectGetPrototypeOf, 1, true);
3553     SimpleInstallFunction(isolate_, reflect, factory->has_string(),
3554                           Builtins::kReflectHas, 2, true);
3555     SimpleInstallFunction(isolate_, reflect, factory->isExtensible_string(),
3556                           Builtins::kReflectIsExtensible, 1, true);
3557     SimpleInstallFunction(isolate_, reflect, factory->ownKeys_string(),
3558                           Builtins::kReflectOwnKeys, 1, true);
3559     SimpleInstallFunction(isolate_, reflect,
3560                           factory->preventExtensions_string(),
3561                           Builtins::kReflectPreventExtensions, 1, true);
3562     SimpleInstallFunction(isolate_, reflect, factory->set_string(),
3563                           Builtins::kReflectSet, 3, false);
3564     SimpleInstallFunction(isolate_, reflect, factory->setPrototypeOf_string(),
3565                           Builtins::kReflectSetPrototypeOf, 2, true);
3566   }
3567 
3568   {  // --- B o u n d F u n c t i o n
3569     Handle<Map> map =
3570         factory->NewMap(JS_BOUND_FUNCTION_TYPE, JSBoundFunction::kSize,
3571                         TERMINAL_FAST_ELEMENTS_KIND, 0);
3572     map->SetConstructor(native_context()->object_function());
3573     map->set_is_callable(true);
3574     Map::SetPrototype(isolate(), map, empty_function);
3575 
3576     PropertyAttributes roc_attribs =
3577         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY);
3578     Map::EnsureDescriptorSlack(isolate_, map, 2);
3579 
3580     {  // length
3581       Descriptor d = Descriptor::AccessorConstant(
3582           factory->length_string(), factory->bound_function_length_accessor(),
3583           roc_attribs);
3584       map->AppendDescriptor(&d);
3585     }
3586 
3587     {  // name
3588       Descriptor d = Descriptor::AccessorConstant(
3589           factory->name_string(), factory->bound_function_name_accessor(),
3590           roc_attribs);
3591       map->AppendDescriptor(&d);
3592     }
3593     native_context()->set_bound_function_without_constructor_map(*map);
3594 
3595     map = Map::Copy(isolate_, map, "IsConstructor");
3596     map->set_is_constructor(true);
3597     native_context()->set_bound_function_with_constructor_map(*map);
3598   }
3599 
3600   {  // --- sloppy arguments map
3601     Handle<String> arguments_string = factory->Arguments_string();
3602     NewFunctionArgs args = NewFunctionArgs::ForBuiltinWithPrototype(
3603         arguments_string, isolate_->initial_object_prototype(),
3604         JS_ARGUMENTS_TYPE, JSSloppyArgumentsObject::kSize, 2,
3605         Builtins::kIllegal, MUTABLE);
3606     Handle<JSFunction> function = factory->NewFunction(args);
3607     Handle<Map> map(function->initial_map(), isolate());
3608 
3609     // Create the descriptor array for the arguments object.
3610     Map::EnsureDescriptorSlack(isolate_, map, 2);
3611 
3612     {  // length
3613       Descriptor d =
3614           Descriptor::DataField(isolate(), factory->length_string(),
3615                                 JSSloppyArgumentsObject::kLengthIndex,
3616                                 DONT_ENUM, Representation::Tagged());
3617       map->AppendDescriptor(&d);
3618     }
3619     {  // callee
3620       Descriptor d =
3621           Descriptor::DataField(isolate(), factory->callee_string(),
3622                                 JSSloppyArgumentsObject::kCalleeIndex,
3623                                 DONT_ENUM, Representation::Tagged());
3624       map->AppendDescriptor(&d);
3625     }
3626     // @@iterator method is added later.
3627 
3628     native_context()->set_sloppy_arguments_map(*map);
3629 
3630     DCHECK(!map->is_dictionary_map());
3631     DCHECK(IsObjectElementsKind(map->elements_kind()));
3632   }
3633 
3634   {  // --- fast and slow aliased arguments map
3635     Handle<Map> map = isolate_->sloppy_arguments_map();
3636     map = Map::Copy(isolate_, map, "FastAliasedArguments");
3637     map->set_elements_kind(FAST_SLOPPY_ARGUMENTS_ELEMENTS);
3638     DCHECK_EQ(2, map->GetInObjectProperties());
3639     native_context()->set_fast_aliased_arguments_map(*map);
3640 
3641     map = Map::Copy(isolate_, map, "SlowAliasedArguments");
3642     map->set_elements_kind(SLOW_SLOPPY_ARGUMENTS_ELEMENTS);
3643     DCHECK_EQ(2, map->GetInObjectProperties());
3644     native_context()->set_slow_aliased_arguments_map(*map);
3645   }
3646 
3647   {  // --- strict mode arguments map
3648     const PropertyAttributes attributes =
3649       static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY);
3650 
3651     // Create the ThrowTypeError function.
3652     Handle<AccessorPair> callee = factory->NewAccessorPair();
3653 
3654     Handle<JSFunction> poison = GetThrowTypeErrorIntrinsic();
3655 
3656     // Install the ThrowTypeError function.
3657     callee->set_getter(*poison);
3658     callee->set_setter(*poison);
3659 
3660     // Create the map. Allocate one in-object field for length.
3661     Handle<Map> map = factory->NewMap(
3662         JS_ARGUMENTS_TYPE, JSStrictArgumentsObject::kSize, PACKED_ELEMENTS, 1);
3663     // Create the descriptor array for the arguments object.
3664     Map::EnsureDescriptorSlack(isolate_, map, 2);
3665 
3666     {  // length
3667       Descriptor d =
3668           Descriptor::DataField(isolate(), factory->length_string(),
3669                                 JSStrictArgumentsObject::kLengthIndex,
3670                                 DONT_ENUM, Representation::Tagged());
3671       map->AppendDescriptor(&d);
3672     }
3673     {  // callee
3674       Descriptor d = Descriptor::AccessorConstant(factory->callee_string(),
3675                                                   callee, attributes);
3676       map->AppendDescriptor(&d);
3677     }
3678     // @@iterator method is added later.
3679 
3680     DCHECK_EQ(native_context()->object_function()->prototype(),
3681               *isolate_->initial_object_prototype());
3682     Map::SetPrototype(isolate(), map, isolate_->initial_object_prototype());
3683 
3684     // Copy constructor from the sloppy arguments boilerplate.
3685     map->SetConstructor(
3686         native_context()->sloppy_arguments_map()->GetConstructor());
3687 
3688     native_context()->set_strict_arguments_map(*map);
3689 
3690     DCHECK(!map->is_dictionary_map());
3691     DCHECK(IsObjectElementsKind(map->elements_kind()));
3692   }
3693 
3694   {  // --- context extension
3695     // Create a function for the context extension objects.
3696     Handle<JSFunction> context_extension_fun =
3697         CreateFunction(isolate_, factory->empty_string(),
3698                        JS_CONTEXT_EXTENSION_OBJECT_TYPE, JSObject::kHeaderSize,
3699                        0, factory->the_hole_value(), Builtins::kIllegal);
3700     native_context()->set_context_extension_function(*context_extension_fun);
3701   }
3702 
3703   {
3704     // Set up the call-as-function delegate.
3705     Handle<JSFunction> delegate =
3706         SimpleCreateFunction(isolate_, factory->empty_string(),
3707                              Builtins::kHandleApiCallAsFunction, 0, false);
3708     native_context()->set_call_as_function_delegate(*delegate);
3709   }
3710 
3711   {
3712     // Set up the call-as-constructor delegate.
3713     Handle<JSFunction> delegate =
3714         SimpleCreateFunction(isolate_, factory->empty_string(),
3715                              Builtins::kHandleApiCallAsConstructor, 0, false);
3716     native_context()->set_call_as_constructor_delegate(*delegate);
3717   }
3718 }  // NOLINT(readability/fn_size)
3719 
InstallTypedArray(const char * name,ElementsKind elements_kind)3720 Handle<JSFunction> Genesis::InstallTypedArray(const char* name,
3721                                               ElementsKind elements_kind) {
3722   Handle<JSObject> global =
3723       Handle<JSObject>(native_context()->global_object(), isolate());
3724 
3725   Handle<JSObject> typed_array_prototype = isolate()->typed_array_prototype();
3726   Handle<JSFunction> typed_array_function = isolate()->typed_array_function();
3727 
3728   Handle<JSFunction> result = InstallFunction(
3729       isolate(), global, name, JS_TYPED_ARRAY_TYPE,
3730       JSTypedArray::kSizeWithEmbedderFields, 0, factory()->the_hole_value(),
3731       Builtins::kTypedArrayConstructor);
3732   result->initial_map()->set_elements_kind(elements_kind);
3733 
3734   result->shared()->DontAdaptArguments();
3735   result->shared()->set_length(3);
3736 
3737   CHECK(JSObject::SetPrototype(result, typed_array_function, false, kDontThrow)
3738             .FromJust());
3739 
3740   Handle<Smi> bytes_per_element(
3741       Smi::FromInt(1 << ElementsKindToShiftSize(elements_kind)), isolate());
3742 
3743   InstallConstant(isolate(), result, "BYTES_PER_ELEMENT", bytes_per_element);
3744 
3745   // Setup prototype object.
3746   DCHECK(result->prototype()->IsJSObject());
3747   Handle<JSObject> prototype(JSObject::cast(result->prototype()), isolate());
3748 
3749   CHECK(JSObject::SetPrototype(prototype, typed_array_prototype, false,
3750                                kDontThrow)
3751             .FromJust());
3752 
3753   InstallConstant(isolate(), prototype, "BYTES_PER_ELEMENT", bytes_per_element);
3754   return result;
3755 }
3756 
3757 
InitializeExperimentalGlobal()3758 void Genesis::InitializeExperimentalGlobal() {
3759 #define FEATURE_INITIALIZE_GLOBAL(id, descr) InitializeGlobal_##id();
3760 
3761   HARMONY_INPROGRESS(FEATURE_INITIALIZE_GLOBAL)
3762   HARMONY_STAGED(FEATURE_INITIALIZE_GLOBAL)
3763   HARMONY_SHIPPING(FEATURE_INITIALIZE_GLOBAL)
3764 #undef FEATURE_INITIALIZE_GLOBAL
3765 }
3766 
CompileBuiltin(Isolate * isolate,int index)3767 bool Bootstrapper::CompileBuiltin(Isolate* isolate, int index) {
3768   Vector<const char> name = Natives::GetScriptName(index);
3769   Handle<String> source_code =
3770       isolate->bootstrapper()->GetNativeSource(CORE, index);
3771 
3772   // We pass in extras_utils so that builtin code can set it up for later use
3773   // by actual extras code, compiled with CompileExtraBuiltin.
3774   Handle<Object> global = isolate->global_object();
3775   Handle<Object> utils = isolate->natives_utils_object();
3776   Handle<Object> extras_utils = isolate->extras_utils_object();
3777   Handle<Object> args[] = {global, utils, extras_utils};
3778 
3779   return Bootstrapper::CompileNative(isolate, name, source_code,
3780                                      arraysize(args), args, NATIVES_CODE);
3781 }
3782 
3783 
CompileExtraBuiltin(Isolate * isolate,int index)3784 bool Bootstrapper::CompileExtraBuiltin(Isolate* isolate, int index) {
3785   HandleScope scope(isolate);
3786   Vector<const char> name = ExtraNatives::GetScriptName(index);
3787   Handle<String> source_code =
3788       isolate->bootstrapper()->GetNativeSource(EXTRAS, index);
3789   Handle<Object> global = isolate->global_object();
3790   Handle<Object> binding = isolate->extras_binding_object();
3791   Handle<Object> extras_utils = isolate->extras_utils_object();
3792   Handle<Object> args[] = {global, binding, extras_utils};
3793   return Bootstrapper::CompileNative(isolate, name, source_code,
3794                                      arraysize(args), args, EXTENSION_CODE);
3795 }
3796 
3797 
CompileExperimentalExtraBuiltin(Isolate * isolate,int index)3798 bool Bootstrapper::CompileExperimentalExtraBuiltin(Isolate* isolate,
3799                                                    int index) {
3800   HandleScope scope(isolate);
3801   Vector<const char> name = ExperimentalExtraNatives::GetScriptName(index);
3802   Handle<String> source_code =
3803       isolate->bootstrapper()->GetNativeSource(EXPERIMENTAL_EXTRAS, index);
3804   Handle<Object> global = isolate->global_object();
3805   Handle<Object> binding = isolate->extras_binding_object();
3806   Handle<Object> extras_utils = isolate->extras_utils_object();
3807   Handle<Object> args[] = {global, binding, extras_utils};
3808   return Bootstrapper::CompileNative(isolate, name, source_code,
3809                                      arraysize(args), args, EXTENSION_CODE);
3810 }
3811 
CompileNative(Isolate * isolate,Vector<const char> name,Handle<String> source,int argc,Handle<Object> argv[],NativesFlag natives_flag)3812 bool Bootstrapper::CompileNative(Isolate* isolate, Vector<const char> name,
3813                                  Handle<String> source, int argc,
3814                                  Handle<Object> argv[],
3815                                  NativesFlag natives_flag) {
3816   SuppressDebug compiling_natives(isolate->debug());
3817 
3818   Handle<Context> context(isolate->context(), isolate);
3819   Handle<String> script_name =
3820       isolate->factory()->NewStringFromUtf8(name).ToHandleChecked();
3821   MaybeHandle<SharedFunctionInfo> maybe_function_info =
3822       Compiler::GetSharedFunctionInfoForScript(
3823           isolate, source, Compiler::ScriptDetails(script_name),
3824           ScriptOriginOptions(), nullptr, nullptr,
3825           ScriptCompiler::kNoCompileOptions, ScriptCompiler::kNoCacheNoReason,
3826           natives_flag);
3827   Handle<SharedFunctionInfo> function_info;
3828   if (!maybe_function_info.ToHandle(&function_info)) return false;
3829 
3830   DCHECK(context->IsNativeContext());
3831 
3832   Handle<JSFunction> fun =
3833       isolate->factory()->NewFunctionFromSharedFunctionInfo(function_info,
3834                                                             context);
3835   Handle<Object> receiver = isolate->factory()->undefined_value();
3836 
3837   // For non-extension scripts, run script to get the function wrapper.
3838   Handle<Object> wrapper;
3839   if (!Execution::TryCall(isolate, fun, receiver, 0, nullptr,
3840                           Execution::MessageHandling::kKeepPending, nullptr)
3841            .ToHandle(&wrapper)) {
3842     return false;
3843   }
3844   // Then run the function wrapper.
3845   return !Execution::TryCall(isolate, Handle<JSFunction>::cast(wrapper),
3846                              receiver, argc, argv,
3847                              Execution::MessageHandling::kKeepPending, nullptr)
3848               .is_null();
3849 }
3850 
3851 
CallUtilsFunction(Isolate * isolate,const char * name)3852 bool Genesis::CallUtilsFunction(Isolate* isolate, const char* name) {
3853   Handle<JSObject> utils =
3854       Handle<JSObject>::cast(isolate->natives_utils_object());
3855   Handle<String> name_string =
3856       isolate->factory()->NewStringFromAsciiChecked(name);
3857   Handle<Object> fun = JSObject::GetDataProperty(utils, name_string);
3858   Handle<Object> receiver = isolate->factory()->undefined_value();
3859   Handle<Object> args[] = {utils};
3860   return !Execution::TryCall(isolate, fun, receiver, 1, args,
3861                              Execution::MessageHandling::kKeepPending, nullptr)
3862               .is_null();
3863 }
3864 
3865 
CompileExtension(Isolate * isolate,v8::Extension * extension)3866 bool Genesis::CompileExtension(Isolate* isolate, v8::Extension* extension) {
3867   Factory* factory = isolate->factory();
3868   HandleScope scope(isolate);
3869   Handle<SharedFunctionInfo> function_info;
3870 
3871   Handle<String> source =
3872       isolate->factory()
3873           ->NewExternalStringFromOneByte(extension->source())
3874           .ToHandleChecked();
3875   DCHECK(source->IsOneByteRepresentation());
3876 
3877   // If we can't find the function in the cache, we compile a new
3878   // function and insert it into the cache.
3879   Vector<const char> name = CStrVector(extension->name());
3880   SourceCodeCache* cache = isolate->bootstrapper()->extensions_cache();
3881   Handle<Context> context(isolate->context(), isolate);
3882   DCHECK(context->IsNativeContext());
3883 
3884   if (!cache->Lookup(isolate, name, &function_info)) {
3885     Handle<String> script_name =
3886         factory->NewStringFromUtf8(name).ToHandleChecked();
3887     MaybeHandle<SharedFunctionInfo> maybe_function_info =
3888         Compiler::GetSharedFunctionInfoForScript(
3889             isolate, source, Compiler::ScriptDetails(script_name),
3890             ScriptOriginOptions(), extension, nullptr,
3891             ScriptCompiler::kNoCompileOptions,
3892             ScriptCompiler::kNoCacheBecauseV8Extension, EXTENSION_CODE);
3893     if (!maybe_function_info.ToHandle(&function_info)) return false;
3894     cache->Add(isolate, name, function_info);
3895   }
3896 
3897   // Set up the function context. Conceptually, we should clone the
3898   // function before overwriting the context but since we're in a
3899   // single-threaded environment it is not strictly necessary.
3900   Handle<JSFunction> fun =
3901       factory->NewFunctionFromSharedFunctionInfo(function_info, context);
3902 
3903   // Call function using either the runtime object or the global
3904   // object as the receiver. Provide no parameters.
3905   Handle<Object> receiver = isolate->global_object();
3906   return !Execution::TryCall(isolate, fun, receiver, 0, nullptr,
3907                              Execution::MessageHandling::kKeepPending, nullptr)
3908               .is_null();
3909 }
3910 
ResolveBuiltinIdHolder(Isolate * isolate,Handle<Context> native_context,const char * holder_expr)3911 static Handle<JSObject> ResolveBuiltinIdHolder(Isolate* isolate,
3912                                                Handle<Context> native_context,
3913                                                const char* holder_expr) {
3914   Factory* factory = isolate->factory();
3915   Handle<JSGlobalObject> global(native_context->global_object(), isolate);
3916   const char* period_pos = strchr(holder_expr, '.');
3917   if (period_pos == nullptr) {
3918     return Handle<JSObject>::cast(
3919         Object::GetPropertyOrElement(
3920             isolate, global, factory->InternalizeUtf8String(holder_expr))
3921             .ToHandleChecked());
3922   }
3923   const char* inner = period_pos + 1;
3924   DCHECK(!strchr(inner, '.'));
3925   Vector<const char> property(holder_expr,
3926                               static_cast<int>(period_pos - holder_expr));
3927   Handle<String> property_string = factory->InternalizeUtf8String(property);
3928   DCHECK(!property_string.is_null());
3929   Handle<JSObject> object = Handle<JSObject>::cast(
3930       JSReceiver::GetProperty(isolate, global, property_string)
3931           .ToHandleChecked());
3932   if (strcmp("prototype", inner) == 0) {
3933     Handle<JSFunction> function = Handle<JSFunction>::cast(object);
3934     return Handle<JSObject>(JSObject::cast(function->prototype()), isolate);
3935   }
3936   Handle<String> inner_string = factory->InternalizeUtf8String(inner);
3937   DCHECK(!inner_string.is_null());
3938   Handle<Object> value =
3939       JSReceiver::GetProperty(isolate, object, inner_string).ToHandleChecked();
3940   return Handle<JSObject>::cast(value);
3941 }
3942 
ConfigureUtilsObject(GlobalContextType context_type)3943 void Genesis::ConfigureUtilsObject(GlobalContextType context_type) {
3944   switch (context_type) {
3945     // We still need the utils object to find debug functions.
3946     case DEBUG_CONTEXT:
3947       return;
3948     // Expose the natives in global if a valid name for it is specified.
3949     case FULL_CONTEXT: {
3950       // We still need the utils object after deserialization.
3951       if (isolate()->serializer_enabled()) return;
3952       if (FLAG_expose_natives_as == nullptr) break;
3953       if (strlen(FLAG_expose_natives_as) == 0) break;
3954       HandleScope scope(isolate());
3955       Handle<String> natives_key =
3956           factory()->InternalizeUtf8String(FLAG_expose_natives_as);
3957       uint32_t dummy_index;
3958       if (natives_key->AsArrayIndex(&dummy_index)) break;
3959       Handle<Object> utils = isolate()->natives_utils_object();
3960       Handle<JSObject> global = isolate()->global_object();
3961       JSObject::AddProperty(isolate(), global, natives_key, utils, DONT_ENUM);
3962       break;
3963     }
3964   }
3965 
3966   // The utils object can be removed for cases that reach this point.
3967   HeapObject* undefined = ReadOnlyRoots(heap()).undefined_value();
3968   native_context()->set_natives_utils_object(undefined);
3969   native_context()->set_extras_utils_object(undefined);
3970 }
3971 
3972 
ExportFromRuntime(Isolate * isolate,Handle<JSObject> container)3973 void Bootstrapper::ExportFromRuntime(Isolate* isolate,
3974                                      Handle<JSObject> container) {
3975   Factory* factory = isolate->factory();
3976   HandleScope scope(isolate);
3977   Handle<NativeContext> native_context = isolate->native_context();
3978 #define EXPORT_PRIVATE_SYMBOL(NAME)                                       \
3979   Handle<String> NAME##_name = factory->NewStringFromAsciiChecked(#NAME); \
3980   JSObject::AddProperty(isolate, container, NAME##_name, factory->NAME(), NONE);
3981   PRIVATE_SYMBOL_LIST(EXPORT_PRIVATE_SYMBOL)
3982 #undef EXPORT_PRIVATE_SYMBOL
3983 
3984 #define EXPORT_PUBLIC_SYMBOL(NAME, DESCRIPTION)                           \
3985   Handle<String> NAME##_name = factory->NewStringFromAsciiChecked(#NAME); \
3986   JSObject::AddProperty(isolate, container, NAME##_name, factory->NAME(), NONE);
3987   PUBLIC_SYMBOL_LIST(EXPORT_PUBLIC_SYMBOL)
3988   WELL_KNOWN_SYMBOL_LIST(EXPORT_PUBLIC_SYMBOL)
3989 #undef EXPORT_PUBLIC_SYMBOL
3990 
3991   Handle<JSObject> iterator_prototype(
3992       native_context->initial_iterator_prototype(), isolate);
3993 
3994   JSObject::AddProperty(isolate, container,
3995                         factory->InternalizeUtf8String("IteratorPrototype"),
3996                         iterator_prototype, NONE);
3997 
3998   {
3999     PrototypeIterator iter(isolate, native_context->generator_function_map());
4000     Handle<JSObject> generator_function_prototype(iter.GetCurrent<JSObject>(),
4001                                                   isolate);
4002 
4003     JSObject::AddProperty(
4004         isolate, container,
4005         factory->InternalizeUtf8String("GeneratorFunctionPrototype"),
4006         generator_function_prototype, NONE);
4007 
4008     Handle<JSFunction> generator_function_function = InstallFunction(
4009         isolate, container, "GeneratorFunction", JS_FUNCTION_TYPE,
4010         JSFunction::kSizeWithPrototype, 0, generator_function_prototype,
4011         Builtins::kGeneratorFunctionConstructor);
4012     generator_function_function->set_prototype_or_initial_map(
4013         native_context->generator_function_map());
4014     generator_function_function->shared()->DontAdaptArguments();
4015     generator_function_function->shared()->set_length(1);
4016     InstallWithIntrinsicDefaultProto(
4017         isolate, generator_function_function,
4018         Context::GENERATOR_FUNCTION_FUNCTION_INDEX);
4019 
4020     JSObject::ForceSetPrototype(generator_function_function,
4021                                 isolate->function_function());
4022     JSObject::AddProperty(
4023         isolate, generator_function_prototype, factory->constructor_string(),
4024         generator_function_function,
4025         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
4026 
4027     native_context->generator_function_map()->SetConstructor(
4028         *generator_function_function);
4029   }
4030 
4031   {
4032     PrototypeIterator iter(isolate,
4033                            native_context->async_generator_function_map());
4034     Handle<JSObject> async_generator_function_prototype(
4035         iter.GetCurrent<JSObject>(), isolate);
4036 
4037     Handle<JSFunction> async_generator_function_function = InstallFunction(
4038         isolate, container, "AsyncGeneratorFunction", JS_FUNCTION_TYPE,
4039         JSFunction::kSizeWithPrototype, 0, async_generator_function_prototype,
4040         Builtins::kAsyncGeneratorFunctionConstructor);
4041     async_generator_function_function->set_prototype_or_initial_map(
4042         native_context->async_generator_function_map());
4043     async_generator_function_function->shared()->DontAdaptArguments();
4044     async_generator_function_function->shared()->set_length(1);
4045     InstallWithIntrinsicDefaultProto(
4046         isolate, async_generator_function_function,
4047         Context::ASYNC_GENERATOR_FUNCTION_FUNCTION_INDEX);
4048 
4049     JSObject::ForceSetPrototype(async_generator_function_function,
4050                                 isolate->function_function());
4051 
4052     JSObject::AddProperty(
4053         isolate, async_generator_function_prototype,
4054         factory->constructor_string(), async_generator_function_function,
4055         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
4056 
4057     native_context->async_generator_function_map()->SetConstructor(
4058         *async_generator_function_function);
4059   }
4060 
4061   {  // -- S e t I t e r a t o r
4062     Handle<String> name = factory->SetIterator_string();
4063 
4064     // Setup %SetIteratorPrototype%.
4065     Handle<JSObject> prototype =
4066         factory->NewJSObject(isolate->object_function(), TENURED);
4067     JSObject::ForceSetPrototype(prototype, iterator_prototype);
4068 
4069     // Install the @@toStringTag property on the {prototype}.
4070     JSObject::AddProperty(
4071         isolate, prototype, factory->to_string_tag_symbol(), name,
4072         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
4073 
4074     // Install the next function on the {prototype}.
4075     SimpleInstallFunction(isolate, prototype, "next",
4076                           Builtins::kSetIteratorPrototypeNext, 0, true,
4077                           BuiltinFunctionId::kSetIteratorNext);
4078 
4079     // Setup SetIterator constructor.
4080     Handle<JSFunction> set_iterator_function = InstallFunction(
4081         isolate, container, "SetIterator", JS_SET_VALUE_ITERATOR_TYPE,
4082         JSSetIterator::kSize, 0, prototype, Builtins::kIllegal);
4083     set_iterator_function->shared()->set_native(false);
4084 
4085     Handle<Map> set_value_iterator_map(set_iterator_function->initial_map(),
4086                                        isolate);
4087     native_context->set_set_value_iterator_map(*set_value_iterator_map);
4088 
4089     Handle<Map> set_key_value_iterator_map = Map::Copy(
4090         isolate, set_value_iterator_map, "JS_SET_KEY_VALUE_ITERATOR_TYPE");
4091     set_key_value_iterator_map->set_instance_type(
4092         JS_SET_KEY_VALUE_ITERATOR_TYPE);
4093     native_context->set_set_key_value_iterator_map(*set_key_value_iterator_map);
4094   }
4095 
4096   {  // -- M a p I t e r a t o r
4097     Handle<String> name = factory->MapIterator_string();
4098 
4099     // Setup %MapIteratorPrototype%.
4100     Handle<JSObject> prototype =
4101         factory->NewJSObject(isolate->object_function(), TENURED);
4102     JSObject::ForceSetPrototype(prototype, iterator_prototype);
4103 
4104     // Install the @@toStringTag property on the {prototype}.
4105     JSObject::AddProperty(
4106         isolate, prototype, factory->to_string_tag_symbol(), name,
4107         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
4108 
4109     // Install the next function on the {prototype}.
4110     SimpleInstallFunction(isolate, prototype, "next",
4111                           Builtins::kMapIteratorPrototypeNext, 0, true,
4112                           BuiltinFunctionId::kMapIteratorNext);
4113 
4114     // Setup MapIterator constructor.
4115     Handle<JSFunction> map_iterator_function = InstallFunction(
4116         isolate, container, "MapIterator", JS_MAP_KEY_ITERATOR_TYPE,
4117         JSMapIterator::kSize, 0, prototype, Builtins::kIllegal);
4118     map_iterator_function->shared()->set_native(false);
4119 
4120     Handle<Map> map_key_iterator_map(map_iterator_function->initial_map(),
4121                                      isolate);
4122     native_context->set_map_key_iterator_map(*map_key_iterator_map);
4123 
4124     Handle<Map> map_key_value_iterator_map = Map::Copy(
4125         isolate, map_key_iterator_map, "JS_MAP_KEY_VALUE_ITERATOR_TYPE");
4126     map_key_value_iterator_map->set_instance_type(
4127         JS_MAP_KEY_VALUE_ITERATOR_TYPE);
4128     native_context->set_map_key_value_iterator_map(*map_key_value_iterator_map);
4129 
4130     Handle<Map> map_value_iterator_map =
4131         Map::Copy(isolate, map_key_iterator_map, "JS_MAP_VALUE_ITERATOR_TYPE");
4132     map_value_iterator_map->set_instance_type(JS_MAP_VALUE_ITERATOR_TYPE);
4133     native_context->set_map_value_iterator_map(*map_value_iterator_map);
4134   }
4135 
4136   {  // -- A s y n c F u n c t i o n
4137     // Builtin functions for AsyncFunction.
4138     PrototypeIterator iter(isolate, native_context->async_function_map());
4139     Handle<JSObject> async_function_prototype(iter.GetCurrent<JSObject>(),
4140                                               isolate);
4141 
4142     Handle<JSFunction> async_function_constructor = InstallFunction(
4143         isolate, container, "AsyncFunction", JS_FUNCTION_TYPE,
4144         JSFunction::kSizeWithPrototype, 0, async_function_prototype,
4145         Builtins::kAsyncFunctionConstructor);
4146     async_function_constructor->set_prototype_or_initial_map(
4147         native_context->async_function_map());
4148     async_function_constructor->shared()->DontAdaptArguments();
4149     async_function_constructor->shared()->set_length(1);
4150     native_context->set_async_function_constructor(*async_function_constructor);
4151     JSObject::ForceSetPrototype(async_function_constructor,
4152                                 isolate->function_function());
4153 
4154     JSObject::AddProperty(
4155         isolate, async_function_prototype, factory->constructor_string(),
4156         async_function_constructor,
4157         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
4158 
4159     JSFunction::SetPrototype(async_function_constructor,
4160                              async_function_prototype);
4161 
4162     {
4163       Handle<JSFunction> function =
4164           SimpleCreateFunction(isolate, factory->empty_string(),
4165                                Builtins::kAsyncFunctionAwaitCaught, 2, false);
4166       native_context->set_async_function_await_caught(*function);
4167     }
4168 
4169     {
4170       Handle<JSFunction> function =
4171           SimpleCreateFunction(isolate, factory->empty_string(),
4172                                Builtins::kAsyncFunctionAwaitUncaught, 2, false);
4173       native_context->set_async_function_await_uncaught(*function);
4174     }
4175 
4176     {
4177       Handle<SharedFunctionInfo> info = SimpleCreateSharedFunctionInfo(
4178           isolate, Builtins::kAsyncFunctionAwaitRejectClosure,
4179           factory->empty_string(), 1);
4180       native_context->set_async_function_await_reject_shared_fun(*info);
4181     }
4182 
4183     {
4184       Handle<SharedFunctionInfo> info = SimpleCreateSharedFunctionInfo(
4185           isolate, Builtins::kAsyncFunctionAwaitResolveClosure,
4186           factory->empty_string(), 1);
4187       native_context->set_async_function_await_resolve_shared_fun(*info);
4188     }
4189 
4190     {
4191       Handle<JSFunction> function =
4192           SimpleCreateFunction(isolate, factory->empty_string(),
4193                                Builtins::kAsyncFunctionPromiseCreate, 0, false);
4194       native_context->set_async_function_promise_create(*function);
4195     }
4196 
4197     {
4198       Handle<JSFunction> function = SimpleCreateFunction(
4199           isolate, factory->empty_string(),
4200           Builtins::kAsyncFunctionPromiseRelease, 2, false);
4201       native_context->set_async_function_promise_release(*function);
4202     }
4203   }
4204 
4205   {  // -- C a l l S i t e
4206     // Builtin functions for CallSite.
4207 
4208     // CallSites are a special case; the constructor is for our private use
4209     // only, therefore we set it up as a builtin that throws. Internally, we use
4210     // CallSiteUtils::Construct to create CallSite objects.
4211 
4212     Handle<JSFunction> callsite_fun = InstallFunction(
4213         isolate, container, "CallSite", JS_OBJECT_TYPE, JSObject::kHeaderSize,
4214         0, factory->the_hole_value(), Builtins::kUnsupportedThrower);
4215     callsite_fun->shared()->DontAdaptArguments();
4216     isolate->native_context()->set_callsite_function(*callsite_fun);
4217 
4218     {
4219       // Setup CallSite.prototype.
4220       Handle<JSObject> prototype(
4221           JSObject::cast(callsite_fun->instance_prototype()), isolate);
4222 
4223       struct FunctionInfo {
4224         const char* name;
4225         Builtins::Name id;
4226       };
4227 
4228       FunctionInfo infos[] = {
4229           {"getColumnNumber", Builtins::kCallSitePrototypeGetColumnNumber},
4230           {"getEvalOrigin", Builtins::kCallSitePrototypeGetEvalOrigin},
4231           {"getFileName", Builtins::kCallSitePrototypeGetFileName},
4232           {"getFunction", Builtins::kCallSitePrototypeGetFunction},
4233           {"getFunctionName", Builtins::kCallSitePrototypeGetFunctionName},
4234           {"getLineNumber", Builtins::kCallSitePrototypeGetLineNumber},
4235           {"getMethodName", Builtins::kCallSitePrototypeGetMethodName},
4236           {"getPosition", Builtins::kCallSitePrototypeGetPosition},
4237           {"getScriptNameOrSourceURL",
4238            Builtins::kCallSitePrototypeGetScriptNameOrSourceURL},
4239           {"getThis", Builtins::kCallSitePrototypeGetThis},
4240           {"getTypeName", Builtins::kCallSitePrototypeGetTypeName},
4241           {"isConstructor", Builtins::kCallSitePrototypeIsConstructor},
4242           {"isEval", Builtins::kCallSitePrototypeIsEval},
4243           {"isNative", Builtins::kCallSitePrototypeIsNative},
4244           {"isToplevel", Builtins::kCallSitePrototypeIsToplevel},
4245           {"toString", Builtins::kCallSitePrototypeToString}};
4246 
4247       PropertyAttributes attrs =
4248           static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY);
4249 
4250       Handle<JSFunction> fun;
4251       for (const FunctionInfo& info : infos) {
4252         SimpleInstallFunction(isolate, prototype, info.name, info.id, 0, true,
4253                               attrs);
4254       }
4255     }
4256   }
4257 }
4258 
4259 
4260 #define EMPTY_INITIALIZE_GLOBAL_FOR_FEATURE(id) \
4261   void Genesis::InitializeGlobal_##id() {}
4262 
4263 EMPTY_INITIALIZE_GLOBAL_FOR_FEATURE(harmony_do_expressions)
EMPTY_INITIALIZE_GLOBAL_FOR_FEATURE(harmony_function_tostring)4264 EMPTY_INITIALIZE_GLOBAL_FOR_FEATURE(harmony_function_tostring)
4265 EMPTY_INITIALIZE_GLOBAL_FOR_FEATURE(harmony_public_fields)
4266 EMPTY_INITIALIZE_GLOBAL_FOR_FEATURE(harmony_private_fields)
4267 EMPTY_INITIALIZE_GLOBAL_FOR_FEATURE(harmony_static_fields)
4268 EMPTY_INITIALIZE_GLOBAL_FOR_FEATURE(harmony_class_fields)
4269 EMPTY_INITIALIZE_GLOBAL_FOR_FEATURE(harmony_dynamic_import)
4270 EMPTY_INITIALIZE_GLOBAL_FOR_FEATURE(harmony_import_meta)
4271 EMPTY_INITIALIZE_GLOBAL_FOR_FEATURE(harmony_numeric_separator)
4272 
4273 #undef EMPTY_INITIALIZE_GLOBAL_FOR_FEATURE
4274 
4275 void Genesis::InitializeGlobal_harmony_global() {
4276   if (!FLAG_harmony_global) return;
4277 
4278   Factory* factory = isolate()->factory();
4279   Handle<JSGlobalObject> global(native_context()->global_object(), isolate());
4280   Handle<JSGlobalProxy> global_proxy(native_context()->global_proxy(),
4281                                      isolate());
4282   JSObject::AddProperty(isolate_, global, factory->globalThis_string(),
4283                         global_proxy, DONT_ENUM);
4284 }
4285 
InitializeGlobal_harmony_sharedarraybuffer()4286 void Genesis::InitializeGlobal_harmony_sharedarraybuffer() {
4287   if (!FLAG_harmony_sharedarraybuffer) return;
4288 
4289   Handle<JSGlobalObject> global(native_context()->global_object(), isolate());
4290   Factory* factory = isolate()->factory();
4291 
4292   {
4293     Handle<String> name = factory->InternalizeUtf8String("SharedArrayBuffer");
4294     JSObject::AddProperty(isolate_, global, name,
4295                           isolate()->shared_array_buffer_fun(), DONT_ENUM);
4296   }
4297 
4298   {
4299     Handle<String> name = factory->InternalizeUtf8String("Atomics");
4300     JSObject::AddProperty(isolate_, global, name, isolate()->atomics_object(),
4301                           DONT_ENUM);
4302     JSObject::AddProperty(
4303         isolate_, isolate()->atomics_object(), factory->to_string_tag_symbol(),
4304         name, static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
4305   }
4306 }
4307 
InitializeGlobal_harmony_string_trimming()4308 void Genesis::InitializeGlobal_harmony_string_trimming() {
4309   if (!FLAG_harmony_string_trimming) return;
4310 
4311   Handle<JSGlobalObject> global(native_context()->global_object(), isolate());
4312   Factory* factory = isolate()->factory();
4313 
4314   Handle<JSObject> string_prototype(
4315       native_context()->initial_string_prototype(), isolate());
4316 
4317   {
4318     Handle<String> trim_left_name = factory->InternalizeUtf8String("trimLeft");
4319     Handle<String> trim_start_name =
4320         factory->InternalizeUtf8String("trimStart");
4321     Handle<JSFunction> trim_left_fun = Handle<JSFunction>::cast(
4322         JSObject::GetProperty(isolate_, string_prototype, trim_left_name)
4323             .ToHandleChecked());
4324     JSObject::AddProperty(isolate_, string_prototype, trim_start_name,
4325                           trim_left_fun, DONT_ENUM);
4326     trim_left_fun->shared()->SetName(*trim_start_name);
4327   }
4328 
4329   {
4330     Handle<String> trim_right_name =
4331         factory->InternalizeUtf8String("trimRight");
4332     Handle<String> trim_end_name = factory->InternalizeUtf8String("trimEnd");
4333     Handle<JSFunction> trim_right_fun = Handle<JSFunction>::cast(
4334         JSObject::GetProperty(isolate_, string_prototype, trim_right_name)
4335             .ToHandleChecked());
4336     JSObject::AddProperty(isolate_, string_prototype, trim_end_name,
4337                           trim_right_fun, DONT_ENUM);
4338     trim_right_fun->shared()->SetName(*trim_end_name);
4339   }
4340 }
4341 
InitializeGlobal_harmony_array_prototype_values()4342 void Genesis::InitializeGlobal_harmony_array_prototype_values() {
4343   if (!FLAG_harmony_array_prototype_values) return;
4344   Handle<JSFunction> array_constructor(native_context()->array_function(),
4345                                        isolate());
4346   Handle<JSObject> array_prototype(
4347       JSObject::cast(array_constructor->instance_prototype()), isolate());
4348   Handle<Object> values_iterator =
4349       JSObject::GetProperty(isolate(), array_prototype,
4350                             factory()->iterator_symbol())
4351           .ToHandleChecked();
4352   DCHECK(values_iterator->IsJSFunction());
4353   JSObject::AddProperty(isolate(), array_prototype, factory()->values_string(),
4354                         values_iterator, DONT_ENUM);
4355 
4356   Handle<Object> unscopables =
4357       JSObject::GetProperty(isolate(), array_prototype,
4358                             factory()->unscopables_symbol())
4359           .ToHandleChecked();
4360   DCHECK(unscopables->IsJSObject());
4361   JSObject::AddProperty(isolate(), Handle<JSObject>::cast(unscopables),
4362                         factory()->values_string(), factory()->true_value(),
4363                         NONE);
4364 }
4365 
InitializeGlobal_harmony_array_flat()4366 void Genesis::InitializeGlobal_harmony_array_flat() {
4367   if (!FLAG_harmony_array_flat) return;
4368   Handle<JSFunction> array_constructor(native_context()->array_function(),
4369                                        isolate());
4370   Handle<JSObject> array_prototype(
4371       JSObject::cast(array_constructor->instance_prototype()), isolate());
4372   SimpleInstallFunction(isolate(), array_prototype, "flat",
4373                         Builtins::kArrayPrototypeFlat, 0, false, DONT_ENUM);
4374   SimpleInstallFunction(isolate(), array_prototype, "flatMap",
4375                         Builtins::kArrayPrototypeFlatMap, 1, false, DONT_ENUM);
4376 }
4377 
InitializeGlobal_harmony_symbol_description()4378 void Genesis::InitializeGlobal_harmony_symbol_description() {
4379   if (!FLAG_harmony_symbol_description) return;
4380 
4381   // Symbol.prototype.description
4382   Handle<JSFunction> symbol_fun(native_context()->symbol_function(), isolate());
4383   Handle<JSObject> symbol_prototype(
4384       JSObject::cast(symbol_fun->instance_prototype()), isolate());
4385   SimpleInstallGetter(isolate(), symbol_prototype,
4386                       factory()->InternalizeUtf8String("description"),
4387                       Builtins::kSymbolPrototypeDescriptionGetter, true);
4388 }
4389 
InitializeGlobal_harmony_string_matchall()4390 void Genesis::InitializeGlobal_harmony_string_matchall() {
4391   if (!FLAG_harmony_string_matchall) return;
4392 
4393   {  // String.prototype.matchAll
4394     Handle<JSFunction> string_fun(native_context()->string_function(),
4395                                   isolate());
4396     Handle<JSObject> string_prototype(
4397         JSObject::cast(string_fun->instance_prototype()), isolate());
4398 
4399     SimpleInstallFunction(isolate(), string_prototype, "matchAll",
4400                           Builtins::kStringPrototypeMatchAll, 1, true);
4401   }
4402 
4403   {  // RegExp.prototype[@@matchAll]
4404     Handle<JSFunction> regexp_fun(native_context()->regexp_function(),
4405                                   isolate());
4406     Handle<JSObject> regexp_prototype(
4407         JSObject::cast(regexp_fun->instance_prototype()), isolate());
4408     SimpleInstallFunction(isolate(), regexp_prototype,
4409                           factory()->match_all_symbol(), "[Symbol.matchAll]",
4410                           Builtins::kRegExpPrototypeMatchAll, 1, true);
4411     Handle<Map> regexp_prototype_map(regexp_prototype->map(), isolate());
4412     Map::SetShouldBeFastPrototypeMap(regexp_prototype_map, true, isolate());
4413     native_context()->set_regexp_prototype_map(*regexp_prototype_map);
4414   }
4415 
4416   {  // --- R e g E x p S t r i n g  I t e r a t o r ---
4417     Handle<JSObject> iterator_prototype(
4418         native_context()->initial_iterator_prototype(), isolate());
4419 
4420     Handle<JSObject> regexp_string_iterator_prototype =
4421         factory()->NewJSObject(isolate()->object_function(), TENURED);
4422     JSObject::ForceSetPrototype(regexp_string_iterator_prototype,
4423                                 iterator_prototype);
4424 
4425     JSObject::AddProperty(
4426         isolate(), regexp_string_iterator_prototype,
4427         factory()->to_string_tag_symbol(),
4428         factory()->NewStringFromAsciiChecked("RegExp String Iterator"),
4429         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
4430 
4431     SimpleInstallFunction(isolate(), regexp_string_iterator_prototype, "next",
4432                           Builtins::kRegExpStringIteratorPrototypeNext, 0,
4433                           true);
4434 
4435     Handle<JSFunction> regexp_string_iterator_function = CreateFunction(
4436         isolate(), factory()->NewStringFromAsciiChecked("RegExpStringIterator"),
4437         JS_REGEXP_STRING_ITERATOR_TYPE, JSRegExpStringIterator::kSize, 0,
4438         regexp_string_iterator_prototype, Builtins::kIllegal);
4439     regexp_string_iterator_function->shared()->set_native(false);
4440     native_context()->set_initial_regexp_string_iterator_prototype_map(
4441         regexp_string_iterator_function->initial_map());
4442   }
4443 
4444   {  // @@matchAll Symbol
4445     Handle<JSFunction> symbol_fun(native_context()->symbol_function(),
4446                                   isolate());
4447     InstallConstant(isolate(), symbol_fun, "matchAll",
4448                     factory()->match_all_symbol());
4449   }
4450 }
4451 
InitializeGlobal_harmony_bigint()4452 void Genesis::InitializeGlobal_harmony_bigint() {
4453   Factory* factory = isolate()->factory();
4454   Handle<JSGlobalObject> global(native_context()->global_object(), isolate());
4455   if (!FLAG_harmony_bigint) {
4456     // Typed arrays are installed by default; remove them if the flag is off.
4457     CHECK(JSObject::DeleteProperty(
4458               global, factory->InternalizeUtf8String("BigInt64Array"))
4459               .ToChecked());
4460     CHECK(JSObject::DeleteProperty(
4461               global, factory->InternalizeUtf8String("BigUint64Array"))
4462               .ToChecked());
4463     return;
4464   }
4465 
4466   Handle<JSFunction> bigint_fun = InstallFunction(
4467       isolate(), global, "BigInt", JS_VALUE_TYPE, JSValue::kSize, 0,
4468       factory->the_hole_value(), Builtins::kBigIntConstructor);
4469   bigint_fun->shared()->set_builtin_function_id(
4470       BuiltinFunctionId::kBigIntConstructor);
4471   bigint_fun->shared()->DontAdaptArguments();
4472   bigint_fun->shared()->set_length(1);
4473   InstallWithIntrinsicDefaultProto(isolate(), bigint_fun,
4474                                    Context::BIGINT_FUNCTION_INDEX);
4475 
4476   // Install the properties of the BigInt constructor.
4477   // asUintN(bits, bigint)
4478   SimpleInstallFunction(isolate(), bigint_fun, "asUintN",
4479                         Builtins::kBigIntAsUintN, 2, false);
4480   // asIntN(bits, bigint)
4481   SimpleInstallFunction(isolate(), bigint_fun, "asIntN",
4482                         Builtins::kBigIntAsIntN, 2, false);
4483 
4484   // Set up the %BigIntPrototype%.
4485   Handle<JSObject> prototype(JSObject::cast(bigint_fun->instance_prototype()),
4486                              isolate());
4487   JSFunction::SetPrototype(bigint_fun, prototype);
4488 
4489   // Install the properties of the BigInt.prototype.
4490   // "constructor" is created implicitly by InstallFunction() above.
4491   // toLocaleString([reserved1 [, reserved2]])
4492   SimpleInstallFunction(isolate(), prototype, "toLocaleString",
4493                         Builtins::kBigIntPrototypeToLocaleString, 0, false);
4494   // toString([radix])
4495   SimpleInstallFunction(isolate(), prototype, "toString",
4496                         Builtins::kBigIntPrototypeToString, 0, false);
4497   // valueOf()
4498   SimpleInstallFunction(isolate(), prototype, "valueOf",
4499                         Builtins::kBigIntPrototypeValueOf, 0, false);
4500   // @@toStringTag
4501   JSObject::AddProperty(isolate(), prototype, factory->to_string_tag_symbol(),
4502                         factory->BigInt_string(),
4503                         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
4504 
4505   // Install 64-bit DataView accessors.
4506   // TODO(jkummerow): Move these to the "DataView" section when dropping the
4507   // FLAG_harmony_bigint.
4508   Handle<JSObject> dataview_prototype(
4509       JSObject::cast(native_context()->data_view_fun()->instance_prototype()),
4510       isolate());
4511   SimpleInstallFunction(isolate(), dataview_prototype, "getBigInt64",
4512                         Builtins::kDataViewPrototypeGetBigInt64, 1, false);
4513   SimpleInstallFunction(isolate(), dataview_prototype, "setBigInt64",
4514                         Builtins::kDataViewPrototypeSetBigInt64, 2, false);
4515   SimpleInstallFunction(isolate(), dataview_prototype, "getBigUint64",
4516                         Builtins::kDataViewPrototypeGetBigUint64, 1, false);
4517   SimpleInstallFunction(isolate(), dataview_prototype, "setBigUint64",
4518                         Builtins::kDataViewPrototypeSetBigUint64, 2, false);
4519 }
4520 
InitializeGlobal_harmony_await_optimization()4521 void Genesis::InitializeGlobal_harmony_await_optimization() {
4522   if (!FLAG_harmony_await_optimization) return;
4523 
4524   // async/await
4525   Handle<JSFunction> await_caught_function = SimpleCreateFunction(
4526       isolate(), factory()->empty_string(),
4527       Builtins::kAsyncFunctionAwaitCaughtOptimized, 2, false);
4528   native_context()->set_async_function_await_caught(*await_caught_function);
4529 
4530   Handle<JSFunction> await_uncaught_function = SimpleCreateFunction(
4531       isolate(), factory()->empty_string(),
4532       Builtins::kAsyncFunctionAwaitUncaughtOptimized, 2, false);
4533   native_context()->set_async_function_await_uncaught(*await_uncaught_function);
4534 
4535   // async generators
4536   Handle<JSObject> async_iterator_prototype =
4537       factory()->NewJSObject(isolate()->object_function(), TENURED);
4538 
4539   SimpleInstallFunction(
4540       isolate(), async_iterator_prototype, factory()->async_iterator_symbol(),
4541       "[Symbol.asyncIterator]", Builtins::kReturnReceiver, 0, true);
4542 
4543   Handle<JSObject> async_from_sync_iterator_prototype =
4544       factory()->NewJSObject(isolate()->object_function(), TENURED);
4545   SimpleInstallFunction(
4546       isolate(), async_from_sync_iterator_prototype, factory()->next_string(),
4547       Builtins::kAsyncFromSyncIteratorPrototypeNextOptimized, 1, true);
4548   SimpleInstallFunction(
4549       isolate(), async_from_sync_iterator_prototype, factory()->return_string(),
4550       Builtins::kAsyncFromSyncIteratorPrototypeReturnOptimized, 1, true);
4551   SimpleInstallFunction(
4552       isolate(), async_from_sync_iterator_prototype, factory()->throw_string(),
4553       Builtins::kAsyncFromSyncIteratorPrototypeThrowOptimized, 1, true);
4554 
4555   JSObject::AddProperty(
4556       isolate(), async_from_sync_iterator_prototype,
4557       factory()->to_string_tag_symbol(),
4558       factory()->NewStringFromAsciiChecked("Async-from-Sync Iterator"),
4559       static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
4560 
4561   JSObject::ForceSetPrototype(async_from_sync_iterator_prototype,
4562                               async_iterator_prototype);
4563 
4564   Handle<Map> async_from_sync_iterator_map = factory()->NewMap(
4565       JS_ASYNC_FROM_SYNC_ITERATOR_TYPE, JSAsyncFromSyncIterator::kSize);
4566   Map::SetPrototype(isolate(), async_from_sync_iterator_map,
4567                     async_from_sync_iterator_prototype);
4568   native_context()->set_async_from_sync_iterator_map(
4569       *async_from_sync_iterator_map);
4570 }
4571 
4572 #ifdef V8_INTL_SUPPORT
InitializeGlobal_harmony_intl_list_format()4573 void Genesis::InitializeGlobal_harmony_intl_list_format() {
4574   if (!FLAG_harmony_intl_list_format) return;
4575   Handle<JSObject> intl = Handle<JSObject>::cast(
4576       JSReceiver::GetProperty(
4577           isolate(),
4578           Handle<JSReceiver>(native_context()->global_object(), isolate()),
4579           factory()->InternalizeUtf8String("Intl"))
4580           .ToHandleChecked());
4581 
4582   Handle<JSFunction> list_format_fun =
4583       InstallFunction(isolate(), intl, "ListFormat", JS_INTL_LIST_FORMAT_TYPE,
4584                       JSListFormat::kSize, 0, factory()->the_hole_value(),
4585                       Builtins::kListFormatConstructor);
4586   list_format_fun->shared()->set_length(0);
4587   list_format_fun->shared()->DontAdaptArguments();
4588 
4589   // Setup %ListFormatPrototype%.
4590   Handle<JSObject> prototype(
4591       JSObject::cast(list_format_fun->instance_prototype()), isolate());
4592 
4593   // Install the @@toStringTag property on the {prototype}.
4594   JSObject::AddProperty(isolate(), prototype, factory()->to_string_tag_symbol(),
4595                         factory()->NewStringFromStaticChars("Intl.ListFormat"),
4596                         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
4597 
4598   SimpleInstallFunction(isolate(), prototype, "resolvedOptions",
4599                         Builtins::kListFormatPrototypeResolvedOptions, 0,
4600                         false);
4601   SimpleInstallFunction(isolate(), prototype, "format",
4602                         Builtins::kListFormatPrototypeFormat, 1, false);
4603   SimpleInstallFunction(isolate(), prototype, "formatToParts",
4604                         Builtins::kListFormatPrototypeFormatToParts, 1, false);
4605 }
4606 
InitializeGlobal_harmony_locale()4607 void Genesis::InitializeGlobal_harmony_locale() {
4608   if (!FLAG_harmony_locale) return;
4609 
4610   Handle<JSObject> intl = Handle<JSObject>::cast(
4611       JSReceiver::GetProperty(
4612           isolate(),
4613           Handle<JSReceiver>(native_context()->global_object(), isolate()),
4614           factory()->InternalizeUtf8String("Intl"))
4615           .ToHandleChecked());
4616 
4617   Handle<JSFunction> locale_fun = InstallFunction(
4618       isolate(), intl, "Locale", JS_INTL_LOCALE_TYPE, JSLocale::kSize, 0,
4619       factory()->the_hole_value(), Builtins::kLocaleConstructor);
4620   InstallWithIntrinsicDefaultProto(isolate(), locale_fun,
4621                                    Context::INTL_LOCALE_FUNCTION_INDEX);
4622   locale_fun->shared()->set_length(1);
4623   locale_fun->shared()->DontAdaptArguments();
4624 
4625   // Setup %LocalePrototype%.
4626   Handle<JSObject> prototype(JSObject::cast(locale_fun->instance_prototype()),
4627                              isolate());
4628 
4629   // Install the @@toStringTag property on the {prototype}.
4630   JSObject::AddProperty(isolate(), prototype, factory()->to_string_tag_symbol(),
4631                         factory()->NewStringFromAsciiChecked("Locale"),
4632                         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
4633 
4634   SimpleInstallFunction(isolate(), prototype, "toString",
4635                         Builtins::kLocalePrototypeToString, 0, false);
4636   SimpleInstallFunction(isolate(), prototype, "maximize",
4637                         Builtins::kLocalePrototypeMaximize, 0, false);
4638   SimpleInstallFunction(isolate(), prototype, "minimize",
4639                         Builtins::kLocalePrototypeMinimize, 0, false);
4640   // Base locale getters.
4641   SimpleInstallGetter(isolate(), prototype,
4642                       factory()->InternalizeUtf8String("language"),
4643                       Builtins::kLocalePrototypeLanguage, true);
4644   SimpleInstallGetter(isolate(), prototype,
4645                       factory()->InternalizeUtf8String("script"),
4646                       Builtins::kLocalePrototypeScript, true);
4647   SimpleInstallGetter(isolate(), prototype,
4648                       factory()->InternalizeUtf8String("region"),
4649                       Builtins::kLocalePrototypeRegion, true);
4650   SimpleInstallGetter(isolate(), prototype,
4651                       factory()->InternalizeUtf8String("baseName"),
4652                       Builtins::kLocalePrototypeBaseName, true);
4653   // Unicode extension getters.
4654   SimpleInstallGetter(isolate(), prototype,
4655                       factory()->InternalizeUtf8String("calendar"),
4656                       Builtins::kLocalePrototypeCalendar, true);
4657   SimpleInstallGetter(isolate(), prototype,
4658                       factory()->InternalizeUtf8String("caseFirst"),
4659                       Builtins::kLocalePrototypeCaseFirst, true);
4660   SimpleInstallGetter(isolate(), prototype,
4661                       factory()->InternalizeUtf8String("collation"),
4662                       Builtins::kLocalePrototypeCollation, true);
4663   SimpleInstallGetter(isolate(), prototype,
4664                       factory()->InternalizeUtf8String("hourCycle"),
4665                       Builtins::kLocalePrototypeHourCycle, true);
4666   SimpleInstallGetter(isolate(), prototype,
4667                       factory()->InternalizeUtf8String("numeric"),
4668                       Builtins::kLocalePrototypeNumeric, true);
4669   SimpleInstallGetter(isolate(), prototype,
4670                       factory()->InternalizeUtf8String("numberingSystem"),
4671                       Builtins::kLocalePrototypeNumberingSystem, true);
4672 }
4673 
InitializeGlobal_harmony_intl_relative_time_format()4674 void Genesis::InitializeGlobal_harmony_intl_relative_time_format() {
4675   if (!FLAG_harmony_intl_relative_time_format) return;
4676   Handle<JSObject> intl = Handle<JSObject>::cast(
4677       JSReceiver::GetProperty(
4678           isolate(),
4679           Handle<JSReceiver>(native_context()->global_object(), isolate()),
4680           factory()->InternalizeUtf8String("Intl"))
4681           .ToHandleChecked());
4682 
4683   Handle<JSFunction> relative_time_format_fun = InstallFunction(
4684       isolate(), intl, "RelativeTimeFormat", JS_INTL_RELATIVE_TIME_FORMAT_TYPE,
4685       JSRelativeTimeFormat::kSize, 0, factory()->the_hole_value(),
4686       Builtins::kRelativeTimeFormatConstructor);
4687   relative_time_format_fun->shared()->set_length(0);
4688   relative_time_format_fun->shared()->DontAdaptArguments();
4689 
4690   // Setup %RelativeTimeFormatPrototype%.
4691   Handle<JSObject> prototype(
4692       JSObject::cast(relative_time_format_fun->instance_prototype()),
4693       isolate());
4694 
4695   // Install the @@toStringTag property on the {prototype}.
4696   JSObject::AddProperty(
4697       isolate(), prototype, factory()->to_string_tag_symbol(),
4698       factory()->NewStringFromStaticChars("Intl.RelativeTimeFormat"),
4699       static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
4700 
4701   SimpleInstallFunction(isolate(), prototype, "resolvedOptions",
4702                         Builtins::kRelativeTimeFormatPrototypeResolvedOptions,
4703                         0, false);
4704   SimpleInstallFunction(isolate(), prototype, "format",
4705                         Builtins::kRelativeTimeFormatPrototypeFormat, 2, false);
4706   SimpleInstallFunction(isolate(), prototype, "formatToParts",
4707                         Builtins::kRelativeTimeFormatPrototypeFormatToParts, 2,
4708                         false);
4709 }
4710 
4711 #endif  // V8_INTL_SUPPORT
4712 
CreateArrayBuffer(Handle<String> name,ArrayBufferKind array_buffer_kind)4713 Handle<JSFunction> Genesis::CreateArrayBuffer(
4714     Handle<String> name, ArrayBufferKind array_buffer_kind) {
4715   // Create the %ArrayBufferPrototype%
4716   // Setup the {prototype} with the given {name} for @@toStringTag.
4717   Handle<JSObject> prototype =
4718       factory()->NewJSObject(isolate()->object_function(), TENURED);
4719   JSObject::AddProperty(isolate(), prototype, factory()->to_string_tag_symbol(),
4720                         name,
4721                         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
4722 
4723   // Allocate the constructor with the given {prototype}.
4724   Handle<JSFunction> array_buffer_fun =
4725       CreateFunction(isolate(), name, JS_ARRAY_BUFFER_TYPE,
4726                      JSArrayBuffer::kSizeWithEmbedderFields, 0, prototype,
4727                      Builtins::kArrayBufferConstructor);
4728   array_buffer_fun->shared()->DontAdaptArguments();
4729   array_buffer_fun->shared()->set_length(1);
4730 
4731   // Install the "constructor" property on the {prototype}.
4732   JSObject::AddProperty(isolate(), prototype, factory()->constructor_string(),
4733                         array_buffer_fun, DONT_ENUM);
4734 
4735   switch (array_buffer_kind) {
4736     case ARRAY_BUFFER:
4737       SimpleInstallFunction(isolate(), array_buffer_fun,
4738                             factory()->isView_string(),
4739                             Builtins::kArrayBufferIsView, 1, true, DONT_ENUM,
4740                             BuiltinFunctionId::kArrayBufferIsView);
4741 
4742       // Install the "byteLength" getter on the {prototype}.
4743       SimpleInstallGetter(isolate(), prototype, factory()->byte_length_string(),
4744                           Builtins::kArrayBufferPrototypeGetByteLength, false,
4745                           BuiltinFunctionId::kArrayBufferByteLength);
4746 
4747       SimpleInstallFunction(isolate(), prototype, "slice",
4748                             Builtins::kArrayBufferPrototypeSlice, 2, true);
4749       break;
4750 
4751     case SHARED_ARRAY_BUFFER:
4752       // Install the "byteLength" getter on the {prototype}.
4753       SimpleInstallGetter(isolate(), prototype, factory()->byte_length_string(),
4754                           Builtins::kSharedArrayBufferPrototypeGetByteLength,
4755                           false,
4756                           BuiltinFunctionId::kSharedArrayBufferByteLength);
4757 
4758       SimpleInstallFunction(isolate(), prototype, "slice",
4759                             Builtins::kSharedArrayBufferPrototypeSlice, 2,
4760                             true);
4761       break;
4762   }
4763 
4764   return array_buffer_fun;
4765 }
4766 
4767 
InstallInternalArray(Handle<JSObject> target,const char * name,ElementsKind elements_kind)4768 Handle<JSFunction> Genesis::InstallInternalArray(Handle<JSObject> target,
4769                                                  const char* name,
4770                                                  ElementsKind elements_kind) {
4771   // --- I n t e r n a l   A r r a y ---
4772   // An array constructor on the builtins object that works like
4773   // the public Array constructor, except that its prototype
4774   // doesn't inherit from Object.prototype.
4775   // To be used only for internal work by builtins. Instances
4776   // must not be leaked to user code.
4777   Handle<JSObject> prototype =
4778       factory()->NewJSObject(isolate()->object_function(), TENURED);
4779   Handle<JSFunction> array_function =
4780       InstallFunction(isolate(), target, name, JS_ARRAY_TYPE, JSArray::kSize, 0,
4781                       prototype, Builtins::kInternalArrayConstructor);
4782 
4783   array_function->shared()->DontAdaptArguments();
4784 
4785   Handle<Map> original_map(array_function->initial_map(), isolate());
4786   Handle<Map> initial_map = Map::Copy(isolate(), original_map, "InternalArray");
4787   initial_map->set_elements_kind(elements_kind);
4788   JSFunction::SetInitialMap(array_function, initial_map, prototype);
4789 
4790   // Make "length" magic on instances.
4791   Map::EnsureDescriptorSlack(isolate(), initial_map, 1);
4792 
4793   PropertyAttributes attribs = static_cast<PropertyAttributes>(
4794       DONT_ENUM | DONT_DELETE);
4795 
4796   {  // Add length.
4797     Descriptor d = Descriptor::AccessorConstant(
4798         factory()->length_string(), factory()->array_length_accessor(),
4799         attribs);
4800     initial_map->AppendDescriptor(&d);
4801   }
4802 
4803   return array_function;
4804 }
4805 
InstallNatives(GlobalContextType context_type)4806 bool Genesis::InstallNatives(GlobalContextType context_type) {
4807   HandleScope scope(isolate());
4808 
4809   // Set up the utils object as shared container between native scripts.
4810   Handle<JSObject> utils = factory()->NewJSObject(isolate()->object_function());
4811   JSObject::NormalizeProperties(utils, CLEAR_INOBJECT_PROPERTIES, 16,
4812                                 "utils container for native scripts");
4813   native_context()->set_natives_utils_object(*utils);
4814 
4815   // Set up the extras utils object as a shared container between native
4816   // scripts and extras. (Extras consume things added there by native scripts.)
4817   Handle<JSObject> extras_utils =
4818       factory()->NewJSObject(isolate()->object_function());
4819   native_context()->set_extras_utils_object(*extras_utils);
4820 
4821   InstallInternalArray(extras_utils, "InternalPackedArray", PACKED_ELEMENTS);
4822 
4823   // v8.createPromise(parent)
4824   Handle<JSFunction> promise_internal_constructor =
4825       SimpleCreateFunction(isolate(), factory()->empty_string(),
4826                            Builtins::kPromiseInternalConstructor, 1, true);
4827   promise_internal_constructor->shared()->set_native(false);
4828   InstallFunction(isolate(), extras_utils, promise_internal_constructor,
4829                   factory()->NewStringFromAsciiChecked("createPromise"));
4830 
4831   // v8.rejectPromise(promise, reason)
4832   Handle<JSFunction> promise_internal_reject =
4833       SimpleCreateFunction(isolate(), factory()->empty_string(),
4834                            Builtins::kPromiseInternalReject, 2, true);
4835   promise_internal_reject->shared()->set_native(false);
4836   InstallFunction(isolate(), extras_utils, promise_internal_reject,
4837                   factory()->NewStringFromAsciiChecked("rejectPromise"));
4838 
4839   // v8.resolvePromise(promise, resolution)
4840   Handle<JSFunction> promise_internal_resolve =
4841       SimpleCreateFunction(isolate(), factory()->empty_string(),
4842                            Builtins::kPromiseInternalResolve, 2, true);
4843   promise_internal_resolve->shared()->set_native(false);
4844   InstallFunction(isolate(), extras_utils, promise_internal_resolve,
4845                   factory()->NewStringFromAsciiChecked("resolvePromise"));
4846 
4847   InstallFunction(isolate(), extras_utils, isolate()->is_promise(),
4848                   factory()->NewStringFromAsciiChecked("isPromise"));
4849 
4850   int builtin_index = Natives::GetDebuggerCount();
4851   // Only run prologue.js at this point.
4852   DCHECK_EQ(builtin_index, Natives::GetIndex("prologue"));
4853   if (!Bootstrapper::CompileBuiltin(isolate(), builtin_index++)) return false;
4854 
4855   {
4856     // Builtin function for OpaqueReference -- a JSValue-based object,
4857     // that keeps its field isolated from JavaScript code. It may store
4858     // objects, that JavaScript code may not access.
4859     Handle<JSObject> prototype =
4860         factory()->NewJSObject(isolate()->object_function(), TENURED);
4861     Handle<JSFunction> opaque_reference_fun =
4862         CreateFunction(isolate(), factory()->empty_string(), JS_VALUE_TYPE,
4863                        JSValue::kSize, 0, prototype, Builtins::kIllegal);
4864     native_context()->set_opaque_reference_function(*opaque_reference_fun);
4865   }
4866 
4867   // InternalArrays should not use Smi-Only array optimizations. There are too
4868   // many places in the C++ runtime code (e.g. RegEx) that assume that
4869   // elements in InternalArrays can be set to non-Smi values without going
4870   // through a common bottleneck that would make the SMI_ONLY -> FAST_ELEMENT
4871   // transition easy to trap. Moreover, they rarely are smi-only.
4872   {
4873     HandleScope scope(isolate());
4874     Handle<JSObject> utils =
4875         Handle<JSObject>::cast(isolate()->natives_utils_object());
4876     Handle<JSFunction> array_function =
4877         InstallInternalArray(utils, "InternalArray", HOLEY_ELEMENTS);
4878     native_context()->set_internal_array_function(*array_function);
4879   }
4880 
4881   // Run the rest of the native scripts.
4882   while (builtin_index < Natives::GetBuiltinsCount()) {
4883     if (!Bootstrapper::CompileBuiltin(isolate(), builtin_index++)) return false;
4884   }
4885 
4886   if (!CallUtilsFunction(isolate(), "PostNatives")) return false;
4887   auto fast_template_instantiations_cache = isolate()->factory()->NewFixedArray(
4888       TemplateInfo::kFastTemplateInstantiationsCacheSize);
4889   native_context()->set_fast_template_instantiations_cache(
4890       *fast_template_instantiations_cache);
4891 
4892   auto slow_template_instantiations_cache = SimpleNumberDictionary::New(
4893       isolate(), ApiNatives::kInitialFunctionCacheSize);
4894   native_context()->set_slow_template_instantiations_cache(
4895       *slow_template_instantiations_cache);
4896 
4897   // Store the map for the %ObjectPrototype% after the natives has been compiled
4898   // and the Object function has been set up.
4899   {
4900     Handle<JSFunction> object_function(native_context()->object_function(),
4901                                        isolate());
4902     DCHECK(JSObject::cast(object_function->initial_map()->prototype())
4903                ->HasFastProperties());
4904     native_context()->set_object_function_prototype_map(
4905         HeapObject::cast(object_function->initial_map()->prototype())->map());
4906   }
4907 
4908   // Store the map for the %StringPrototype% after the natives has been compiled
4909   // and the String function has been set up.
4910   Handle<JSFunction> string_function(native_context()->string_function(),
4911                                      isolate());
4912   JSObject* string_function_prototype =
4913       JSObject::cast(string_function->initial_map()->prototype());
4914   DCHECK(string_function_prototype->HasFastProperties());
4915   native_context()->set_string_function_prototype_map(
4916       string_function_prototype->map());
4917 
4918   Handle<JSGlobalObject> global_object =
4919       handle(native_context()->global_object(), isolate());
4920 
4921   // Install Global.decodeURI.
4922   SimpleInstallFunction(isolate(), global_object, "decodeURI",
4923                         Builtins::kGlobalDecodeURI, 1, false,
4924                         BuiltinFunctionId::kGlobalDecodeURI);
4925 
4926   // Install Global.decodeURIComponent.
4927   SimpleInstallFunction(isolate(), global_object, "decodeURIComponent",
4928                         Builtins::kGlobalDecodeURIComponent, 1, false,
4929                         BuiltinFunctionId::kGlobalDecodeURIComponent);
4930 
4931   // Install Global.encodeURI.
4932   SimpleInstallFunction(isolate(), global_object, "encodeURI",
4933                         Builtins::kGlobalEncodeURI, 1, false,
4934                         BuiltinFunctionId::kGlobalEncodeURI);
4935 
4936   // Install Global.encodeURIComponent.
4937   SimpleInstallFunction(isolate(), global_object, "encodeURIComponent",
4938                         Builtins::kGlobalEncodeURIComponent, 1, false,
4939                         BuiltinFunctionId::kGlobalEncodeURIComponent);
4940 
4941   // Install Global.escape.
4942   SimpleInstallFunction(isolate(), global_object, "escape",
4943                         Builtins::kGlobalEscape, 1, false,
4944                         BuiltinFunctionId::kGlobalEscape);
4945 
4946   // Install Global.unescape.
4947   SimpleInstallFunction(isolate(), global_object, "unescape",
4948                         Builtins::kGlobalUnescape, 1, false,
4949                         BuiltinFunctionId::kGlobalUnescape);
4950 
4951   // Install Global.eval.
4952   {
4953     Handle<JSFunction> eval = SimpleInstallFunction(
4954         isolate(), global_object, factory()->eval_string(),
4955         Builtins::kGlobalEval, 1, false);
4956     native_context()->set_global_eval_fun(*eval);
4957   }
4958 
4959   // Install Global.isFinite
4960   SimpleInstallFunction(isolate(), global_object, "isFinite",
4961                         Builtins::kGlobalIsFinite, 1, true,
4962                         BuiltinFunctionId::kGlobalIsFinite);
4963 
4964   // Install Global.isNaN
4965   SimpleInstallFunction(isolate(), global_object, "isNaN",
4966                         Builtins::kGlobalIsNaN, 1, true,
4967                         BuiltinFunctionId::kGlobalIsNaN);
4968 
4969   // Install Array builtin functions.
4970   {
4971     Handle<JSFunction> array_constructor(native_context()->array_function(),
4972                                          isolate());
4973     Handle<JSArray> proto(JSArray::cast(array_constructor->prototype()),
4974                           isolate());
4975 
4976     // Verification of important array prototype properties.
4977     Object* length = proto->length();
4978     CHECK(length->IsSmi());
4979     CHECK_EQ(Smi::ToInt(length), 0);
4980     CHECK(proto->HasSmiOrObjectElements());
4981     // This is necessary to enable fast checks for absence of elements
4982     // on Array.prototype and below.
4983     proto->set_elements(ReadOnlyRoots(heap()).empty_fixed_array());
4984   }
4985 
4986   // Install InternalArray.prototype.concat
4987   {
4988     Handle<JSFunction> array_constructor(
4989         native_context()->internal_array_function(), isolate());
4990     Handle<JSObject> proto(JSObject::cast(array_constructor->prototype()),
4991                            isolate());
4992     SimpleInstallFunction(isolate(), proto, "concat", Builtins::kArrayConcat, 1,
4993                           false);
4994   }
4995 
4996   InstallBuiltinFunctionIds();
4997 
4998   // Create a map for accessor property descriptors (a variant of JSObject
4999   // that predefines four properties get, set, configurable and enumerable).
5000   {
5001     // AccessorPropertyDescriptor initial map.
5002     Handle<Map> map =
5003         factory()->NewMap(JS_OBJECT_TYPE, JSAccessorPropertyDescriptor::kSize,
5004                           TERMINAL_FAST_ELEMENTS_KIND, 4);
5005     // Create the descriptor array for the property descriptor object.
5006     Map::EnsureDescriptorSlack(isolate(), map, 4);
5007 
5008     {  // get
5009       Descriptor d =
5010           Descriptor::DataField(isolate(), factory()->get_string(),
5011                                 JSAccessorPropertyDescriptor::kGetIndex, NONE,
5012                                 Representation::Tagged());
5013       map->AppendDescriptor(&d);
5014     }
5015     {  // set
5016       Descriptor d =
5017           Descriptor::DataField(isolate(), factory()->set_string(),
5018                                 JSAccessorPropertyDescriptor::kSetIndex, NONE,
5019                                 Representation::Tagged());
5020       map->AppendDescriptor(&d);
5021     }
5022     {  // enumerable
5023       Descriptor d =
5024           Descriptor::DataField(isolate(), factory()->enumerable_string(),
5025                                 JSAccessorPropertyDescriptor::kEnumerableIndex,
5026                                 NONE, Representation::Tagged());
5027       map->AppendDescriptor(&d);
5028     }
5029     {  // configurable
5030       Descriptor d = Descriptor::DataField(
5031           isolate(), factory()->configurable_string(),
5032           JSAccessorPropertyDescriptor::kConfigurableIndex, NONE,
5033           Representation::Tagged());
5034       map->AppendDescriptor(&d);
5035     }
5036 
5037     Map::SetPrototype(isolate(), map, isolate()->initial_object_prototype());
5038     map->SetConstructor(native_context()->object_function());
5039 
5040     native_context()->set_accessor_property_descriptor_map(*map);
5041   }
5042 
5043   // Create a map for data property descriptors (a variant of JSObject
5044   // that predefines four properties value, writable, configurable and
5045   // enumerable).
5046   {
5047     // DataPropertyDescriptor initial map.
5048     Handle<Map> map =
5049         factory()->NewMap(JS_OBJECT_TYPE, JSDataPropertyDescriptor::kSize,
5050                           TERMINAL_FAST_ELEMENTS_KIND, 4);
5051     // Create the descriptor array for the property descriptor object.
5052     Map::EnsureDescriptorSlack(isolate(), map, 4);
5053 
5054     {  // value
5055       Descriptor d =
5056           Descriptor::DataField(isolate(), factory()->value_string(),
5057                                 JSDataPropertyDescriptor::kValueIndex, NONE,
5058                                 Representation::Tagged());
5059       map->AppendDescriptor(&d);
5060     }
5061     {  // writable
5062       Descriptor d =
5063           Descriptor::DataField(isolate(), factory()->writable_string(),
5064                                 JSDataPropertyDescriptor::kWritableIndex, NONE,
5065                                 Representation::Tagged());
5066       map->AppendDescriptor(&d);
5067     }
5068     {  // enumerable
5069       Descriptor d =
5070           Descriptor::DataField(isolate(), factory()->enumerable_string(),
5071                                 JSDataPropertyDescriptor::kEnumerableIndex,
5072                                 NONE, Representation::Tagged());
5073       map->AppendDescriptor(&d);
5074     }
5075     {  // configurable
5076       Descriptor d =
5077           Descriptor::DataField(isolate(), factory()->configurable_string(),
5078                                 JSDataPropertyDescriptor::kConfigurableIndex,
5079                                 NONE, Representation::Tagged());
5080       map->AppendDescriptor(&d);
5081     }
5082 
5083     Map::SetPrototype(isolate(), map, isolate()->initial_object_prototype());
5084     map->SetConstructor(native_context()->object_function());
5085 
5086     native_context()->set_data_property_descriptor_map(*map);
5087   }
5088 
5089   // Create a constructor for RegExp results (a variant of Array that
5090   // predefines the properties index, input, and groups).
5091   {
5092     // JSRegExpResult initial map.
5093 
5094     // Find global.Array.prototype to inherit from.
5095     Handle<JSFunction> array_constructor(native_context()->array_function(),
5096                                          isolate());
5097     Handle<JSObject> array_prototype(
5098         JSObject::cast(array_constructor->instance_prototype()), isolate());
5099 
5100     // Add initial map.
5101     Handle<Map> initial_map = factory()->NewMap(
5102         JS_ARRAY_TYPE, JSRegExpResult::kSize, TERMINAL_FAST_ELEMENTS_KIND,
5103         JSRegExpResult::kInObjectPropertyCount);
5104     initial_map->SetConstructor(*array_constructor);
5105 
5106     // Set prototype on map.
5107     initial_map->set_has_non_instance_prototype(false);
5108     Map::SetPrototype(isolate(), initial_map, array_prototype);
5109 
5110     // Update map with length accessor from Array and add "index", "input" and
5111     // "groups".
5112     Map::EnsureDescriptorSlack(isolate(), initial_map,
5113                                JSRegExpResult::kInObjectPropertyCount + 1);
5114 
5115     // length descriptor.
5116     {
5117       JSFunction* array_function = native_context()->array_function();
5118       Handle<DescriptorArray> array_descriptors(
5119           array_function->initial_map()->instance_descriptors(), isolate());
5120       Handle<String> length = factory()->length_string();
5121       int old = array_descriptors->SearchWithCache(
5122           isolate(), *length, array_function->initial_map());
5123       DCHECK_NE(old, DescriptorArray::kNotFound);
5124       Descriptor d = Descriptor::AccessorConstant(
5125           length, handle(array_descriptors->GetStrongValue(old), isolate()),
5126           array_descriptors->GetDetails(old).attributes());
5127       initial_map->AppendDescriptor(&d);
5128     }
5129 
5130     // index descriptor.
5131     {
5132       Descriptor d = Descriptor::DataField(isolate(), factory()->index_string(),
5133                                            JSRegExpResult::kIndexIndex, NONE,
5134                                            Representation::Tagged());
5135       initial_map->AppendDescriptor(&d);
5136     }
5137 
5138     // input descriptor.
5139     {
5140       Descriptor d = Descriptor::DataField(isolate(), factory()->input_string(),
5141                                            JSRegExpResult::kInputIndex, NONE,
5142                                            Representation::Tagged());
5143       initial_map->AppendDescriptor(&d);
5144     }
5145 
5146     // groups descriptor.
5147     {
5148       Descriptor d = Descriptor::DataField(
5149           isolate(), factory()->groups_string(), JSRegExpResult::kGroupsIndex,
5150           NONE, Representation::Tagged());
5151       initial_map->AppendDescriptor(&d);
5152     }
5153 
5154     native_context()->set_regexp_result_map(*initial_map);
5155   }
5156 
5157   // Add @@iterator method to the arguments object maps.
5158   {
5159     PropertyAttributes attribs = DONT_ENUM;
5160     Handle<AccessorInfo> arguments_iterator =
5161         factory()->arguments_iterator_accessor();
5162     {
5163       Descriptor d = Descriptor::AccessorConstant(factory()->iterator_symbol(),
5164                                                   arguments_iterator, attribs);
5165       Handle<Map> map(native_context()->sloppy_arguments_map(), isolate());
5166       Map::EnsureDescriptorSlack(isolate(), map, 1);
5167       map->AppendDescriptor(&d);
5168     }
5169     {
5170       Descriptor d = Descriptor::AccessorConstant(factory()->iterator_symbol(),
5171                                                   arguments_iterator, attribs);
5172       Handle<Map> map(native_context()->fast_aliased_arguments_map(),
5173                       isolate());
5174       Map::EnsureDescriptorSlack(isolate(), map, 1);
5175       map->AppendDescriptor(&d);
5176     }
5177     {
5178       Descriptor d = Descriptor::AccessorConstant(factory()->iterator_symbol(),
5179                                                   arguments_iterator, attribs);
5180       Handle<Map> map(native_context()->slow_aliased_arguments_map(),
5181                       isolate());
5182       Map::EnsureDescriptorSlack(isolate(), map, 1);
5183       map->AppendDescriptor(&d);
5184     }
5185     {
5186       Descriptor d = Descriptor::AccessorConstant(factory()->iterator_symbol(),
5187                                                   arguments_iterator, attribs);
5188       Handle<Map> map(native_context()->strict_arguments_map(), isolate());
5189       Map::EnsureDescriptorSlack(isolate(), map, 1);
5190       map->AppendDescriptor(&d);
5191     }
5192   }
5193 
5194   return true;
5195 }
5196 
InstallExtraNatives()5197 bool Genesis::InstallExtraNatives() {
5198   HandleScope scope(isolate());
5199 
5200   Handle<JSObject> extras_binding =
5201       factory()->NewJSObject(isolate()->object_function());
5202 
5203   // binding.isTraceCategoryEnabled(category)
5204   SimpleInstallFunction(isolate(), extras_binding, "isTraceCategoryEnabled",
5205                         Builtins::kIsTraceCategoryEnabled, 1, true);
5206 
5207   // binding.trace(phase, category, name, id, data)
5208   SimpleInstallFunction(isolate(), extras_binding, "trace", Builtins::kTrace, 5,
5209                         true);
5210 
5211   native_context()->set_extras_binding_object(*extras_binding);
5212 
5213   for (int i = ExtraNatives::GetDebuggerCount();
5214        i < ExtraNatives::GetBuiltinsCount(); i++) {
5215     if (!Bootstrapper::CompileExtraBuiltin(isolate(), i)) return false;
5216   }
5217 
5218   return true;
5219 }
5220 
5221 
InstallExperimentalExtraNatives()5222 bool Genesis::InstallExperimentalExtraNatives() {
5223   for (int i = ExperimentalExtraNatives::GetDebuggerCount();
5224        i < ExperimentalExtraNatives::GetBuiltinsCount(); i++) {
5225     if (!Bootstrapper::CompileExperimentalExtraBuiltin(isolate(), i))
5226       return false;
5227   }
5228 
5229   return true;
5230 }
5231 
5232 
InstallDebuggerNatives()5233 bool Genesis::InstallDebuggerNatives() {
5234   for (int i = 0; i < Natives::GetDebuggerCount(); ++i) {
5235     if (!Bootstrapper::CompileBuiltin(isolate(), i)) return false;
5236   }
5237   return true;
5238 }
5239 
InstallBuiltinFunctionId(Isolate * isolate,Handle<JSObject> holder,const char * function_name,BuiltinFunctionId id)5240 static void InstallBuiltinFunctionId(Isolate* isolate, Handle<JSObject> holder,
5241                                      const char* function_name,
5242                                      BuiltinFunctionId id) {
5243   Handle<Object> function_object =
5244       JSReceiver::GetProperty(isolate, holder, function_name).ToHandleChecked();
5245   Handle<JSFunction> function = Handle<JSFunction>::cast(function_object);
5246   function->shared()->set_builtin_function_id(id);
5247 }
5248 
5249 #define INSTALL_BUILTIN_ID(holder_expr, fun_name, name) \
5250   {#holder_expr, #fun_name, BuiltinFunctionId::k##name},
5251 
InstallBuiltinFunctionIds()5252 void Genesis::InstallBuiltinFunctionIds() {
5253   HandleScope scope(isolate());
5254   struct BuiltinFunctionIds {
5255     const char* holder_expr;
5256     const char* fun_name;
5257     BuiltinFunctionId id;
5258   };
5259 
5260   const BuiltinFunctionIds builtins[] = {
5261       FUNCTIONS_WITH_ID_LIST(INSTALL_BUILTIN_ID)};
5262 
5263   for (const BuiltinFunctionIds& builtin : builtins) {
5264     Handle<JSObject> holder = ResolveBuiltinIdHolder(
5265         isolate(), native_context(), builtin.holder_expr);
5266     InstallBuiltinFunctionId(isolate(), holder, builtin.fun_name, builtin.id);
5267   }
5268 }
5269 
5270 #undef INSTALL_BUILTIN_ID
5271 
5272 
InitializeNormalizedMapCaches()5273 void Genesis::InitializeNormalizedMapCaches() {
5274   Handle<NormalizedMapCache> cache = NormalizedMapCache::New(isolate());
5275   native_context()->set_normalized_map_cache(*cache);
5276 }
5277 
5278 
InstallExtensions(Handle<Context> native_context,v8::ExtensionConfiguration * extensions)5279 bool Bootstrapper::InstallExtensions(Handle<Context> native_context,
5280                                      v8::ExtensionConfiguration* extensions) {
5281   // Don't install extensions into the snapshot.
5282   if (isolate_->serializer_enabled()) return true;
5283   BootstrapperActive active(this);
5284   SaveContext saved_context(isolate_);
5285   isolate_->set_context(*native_context);
5286   return Genesis::InstallExtensions(isolate_, native_context, extensions) &&
5287          Genesis::InstallSpecialObjects(isolate_, native_context);
5288 }
5289 
InstallSpecialObjects(Isolate * isolate,Handle<Context> native_context)5290 bool Genesis::InstallSpecialObjects(Isolate* isolate,
5291                                     Handle<Context> native_context) {
5292   HandleScope scope(isolate);
5293 
5294   Handle<JSObject> Error = isolate->error_function();
5295   Handle<String> name = isolate->factory()->stackTraceLimit_string();
5296   Handle<Smi> stack_trace_limit(Smi::FromInt(FLAG_stack_trace_limit), isolate);
5297   JSObject::AddProperty(isolate, Error, name, stack_trace_limit, NONE);
5298 
5299   if (FLAG_expose_wasm) {
5300     // Install the internal data structures into the isolate and expose on
5301     // the global object.
5302     WasmJs::Install(isolate, true);
5303   } else if (FLAG_validate_asm) {
5304     // Install the internal data structures only; these are needed for asm.js
5305     // translated to WASM to work correctly.
5306     WasmJs::Install(isolate, false);
5307   }
5308 
5309   return true;
5310 }
5311 
5312 
Hash(RegisteredExtension * extension)5313 static uint32_t Hash(RegisteredExtension* extension) {
5314   return v8::internal::ComputePointerHash(extension);
5315 }
5316 
ExtensionStates()5317 Genesis::ExtensionStates::ExtensionStates() : map_(8) {}
5318 
get_state(RegisteredExtension * extension)5319 Genesis::ExtensionTraversalState Genesis::ExtensionStates::get_state(
5320     RegisteredExtension* extension) {
5321   base::HashMap::Entry* entry = map_.Lookup(extension, Hash(extension));
5322   if (entry == nullptr) {
5323     return UNVISITED;
5324   }
5325   return static_cast<ExtensionTraversalState>(
5326       reinterpret_cast<intptr_t>(entry->value));
5327 }
5328 
set_state(RegisteredExtension * extension,ExtensionTraversalState state)5329 void Genesis::ExtensionStates::set_state(RegisteredExtension* extension,
5330                                          ExtensionTraversalState state) {
5331   map_.LookupOrInsert(extension, Hash(extension))->value =
5332       reinterpret_cast<void*>(static_cast<intptr_t>(state));
5333 }
5334 
InstallExtensions(Isolate * isolate,Handle<Context> native_context,v8::ExtensionConfiguration * extensions)5335 bool Genesis::InstallExtensions(Isolate* isolate,
5336                                 Handle<Context> native_context,
5337                                 v8::ExtensionConfiguration* extensions) {
5338   ExtensionStates extension_states;  // All extensions have state UNVISITED.
5339   return InstallAutoExtensions(isolate, &extension_states) &&
5340          (!FLAG_expose_free_buffer ||
5341           InstallExtension(isolate, "v8/free-buffer", &extension_states)) &&
5342          (!FLAG_expose_gc ||
5343           InstallExtension(isolate, "v8/gc", &extension_states)) &&
5344          (!FLAG_expose_externalize_string ||
5345           InstallExtension(isolate, "v8/externalize", &extension_states)) &&
5346          (!FLAG_gc_stats ||
5347           InstallExtension(isolate, "v8/statistics", &extension_states)) &&
5348          (!FLAG_expose_trigger_failure ||
5349           InstallExtension(isolate, "v8/trigger-failure", &extension_states)) &&
5350          (!FLAG_trace_ignition_dispatches ||
5351           InstallExtension(isolate, "v8/ignition-statistics",
5352                            &extension_states)) &&
5353          InstallRequestedExtensions(isolate, extensions, &extension_states);
5354 }
5355 
5356 
InstallAutoExtensions(Isolate * isolate,ExtensionStates * extension_states)5357 bool Genesis::InstallAutoExtensions(Isolate* isolate,
5358                                     ExtensionStates* extension_states) {
5359   for (v8::RegisteredExtension* it = v8::RegisteredExtension::first_extension();
5360        it != nullptr; it = it->next()) {
5361     if (it->extension()->auto_enable() &&
5362         !InstallExtension(isolate, it, extension_states)) {
5363       return false;
5364     }
5365   }
5366   return true;
5367 }
5368 
5369 
InstallRequestedExtensions(Isolate * isolate,v8::ExtensionConfiguration * extensions,ExtensionStates * extension_states)5370 bool Genesis::InstallRequestedExtensions(Isolate* isolate,
5371                                          v8::ExtensionConfiguration* extensions,
5372                                          ExtensionStates* extension_states) {
5373   for (const char** it = extensions->begin(); it != extensions->end(); ++it) {
5374     if (!InstallExtension(isolate, *it, extension_states)) return false;
5375   }
5376   return true;
5377 }
5378 
5379 
5380 // Installs a named extension.  This methods is unoptimized and does
5381 // not scale well if we want to support a large number of extensions.
InstallExtension(Isolate * isolate,const char * name,ExtensionStates * extension_states)5382 bool Genesis::InstallExtension(Isolate* isolate,
5383                                const char* name,
5384                                ExtensionStates* extension_states) {
5385   for (v8::RegisteredExtension* it = v8::RegisteredExtension::first_extension();
5386        it != nullptr; it = it->next()) {
5387     if (strcmp(name, it->extension()->name()) == 0) {
5388       return InstallExtension(isolate, it, extension_states);
5389     }
5390   }
5391   return Utils::ApiCheck(false,
5392                          "v8::Context::New()",
5393                          "Cannot find required extension");
5394 }
5395 
5396 
InstallExtension(Isolate * isolate,v8::RegisteredExtension * current,ExtensionStates * extension_states)5397 bool Genesis::InstallExtension(Isolate* isolate,
5398                                v8::RegisteredExtension* current,
5399                                ExtensionStates* extension_states) {
5400   HandleScope scope(isolate);
5401 
5402   if (extension_states->get_state(current) == INSTALLED) return true;
5403   // The current node has already been visited so there must be a
5404   // cycle in the dependency graph; fail.
5405   if (!Utils::ApiCheck(extension_states->get_state(current) != VISITED,
5406                        "v8::Context::New()",
5407                        "Circular extension dependency")) {
5408     return false;
5409   }
5410   DCHECK(extension_states->get_state(current) == UNVISITED);
5411   extension_states->set_state(current, VISITED);
5412   v8::Extension* extension = current->extension();
5413   // Install the extension's dependencies
5414   for (int i = 0; i < extension->dependency_count(); i++) {
5415     if (!InstallExtension(isolate,
5416                           extension->dependencies()[i],
5417                           extension_states)) {
5418       return false;
5419     }
5420   }
5421   // We do not expect this to throw an exception. Change this if it does.
5422   bool result = CompileExtension(isolate, extension);
5423   DCHECK(isolate->has_pending_exception() != result);
5424   if (!result) {
5425     // We print out the name of the extension that fail to install.
5426     // When an error is thrown during bootstrapping we automatically print
5427     // the line number at which this happened to the console in the isolate
5428     // error throwing functionality.
5429     base::OS::PrintError("Error installing extension '%s'.\n",
5430                          current->extension()->name());
5431     isolate->clear_pending_exception();
5432   }
5433   extension_states->set_state(current, INSTALLED);
5434   return result;
5435 }
5436 
5437 
ConfigureGlobalObjects(v8::Local<v8::ObjectTemplate> global_proxy_template)5438 bool Genesis::ConfigureGlobalObjects(
5439     v8::Local<v8::ObjectTemplate> global_proxy_template) {
5440   Handle<JSObject> global_proxy(
5441       JSObject::cast(native_context()->global_proxy()), isolate());
5442   Handle<JSObject> global_object(
5443       JSObject::cast(native_context()->global_object()), isolate());
5444 
5445   if (!global_proxy_template.IsEmpty()) {
5446     // Configure the global proxy object.
5447     Handle<ObjectTemplateInfo> global_proxy_data =
5448         v8::Utils::OpenHandle(*global_proxy_template);
5449     if (!ConfigureApiObject(global_proxy, global_proxy_data)) return false;
5450 
5451     // Configure the global object.
5452     Handle<FunctionTemplateInfo> proxy_constructor(
5453         FunctionTemplateInfo::cast(global_proxy_data->constructor()),
5454         isolate());
5455     if (!proxy_constructor->prototype_template()->IsUndefined(isolate())) {
5456       Handle<ObjectTemplateInfo> global_object_data(
5457           ObjectTemplateInfo::cast(proxy_constructor->prototype_template()),
5458           isolate());
5459       if (!ConfigureApiObject(global_object, global_object_data)) return false;
5460     }
5461   }
5462 
5463   JSObject::ForceSetPrototype(global_proxy, global_object);
5464 
5465   native_context()->set_array_buffer_map(
5466       native_context()->array_buffer_fun()->initial_map());
5467 
5468   Handle<JSFunction> js_map_fun(native_context()->js_map_fun(), isolate());
5469   Handle<JSFunction> js_set_fun(native_context()->js_set_fun(), isolate());
5470   // Force the Map/Set constructor to fast properties, so that we can use the
5471   // fast paths for various things like
5472   //
5473   //   x instanceof Map
5474   //   x instanceof Set
5475   //
5476   // etc. We should probably come up with a more principled approach once
5477   // the JavaScript builtins are gone.
5478   JSObject::MigrateSlowToFast(js_map_fun, 0, "Bootstrapping");
5479   JSObject::MigrateSlowToFast(js_set_fun, 0, "Bootstrapping");
5480 
5481   native_context()->set_js_map_map(js_map_fun->initial_map());
5482   native_context()->set_js_set_map(js_set_fun->initial_map());
5483 
5484   return true;
5485 }
5486 
5487 
ConfigureApiObject(Handle<JSObject> object,Handle<ObjectTemplateInfo> object_template)5488 bool Genesis::ConfigureApiObject(Handle<JSObject> object,
5489                                  Handle<ObjectTemplateInfo> object_template) {
5490   DCHECK(!object_template.is_null());
5491   DCHECK(FunctionTemplateInfo::cast(object_template->constructor())
5492              ->IsTemplateFor(object->map()));;
5493 
5494   MaybeHandle<JSObject> maybe_obj =
5495       ApiNatives::InstantiateObject(object->GetIsolate(), object_template);
5496   Handle<JSObject> obj;
5497   if (!maybe_obj.ToHandle(&obj)) {
5498     DCHECK(isolate()->has_pending_exception());
5499     isolate()->clear_pending_exception();
5500     return false;
5501   }
5502   TransferObject(obj, object);
5503   return true;
5504 }
5505 
5506 
TransferNamedProperties(Handle<JSObject> from,Handle<JSObject> to)5507 void Genesis::TransferNamedProperties(Handle<JSObject> from,
5508                                       Handle<JSObject> to) {
5509   // If JSObject::AddProperty asserts due to already existing property,
5510   // it is likely due to both global objects sharing property name(s).
5511   // Merging those two global objects is impossible.
5512   // The global template must not create properties that already exist
5513   // in the snapshotted global object.
5514   if (from->HasFastProperties()) {
5515     Handle<DescriptorArray> descs =
5516         Handle<DescriptorArray>(from->map()->instance_descriptors(), isolate());
5517     for (int i = 0; i < from->map()->NumberOfOwnDescriptors(); i++) {
5518       PropertyDetails details = descs->GetDetails(i);
5519       if (details.location() == kField) {
5520         if (details.kind() == kData) {
5521           HandleScope inner(isolate());
5522           Handle<Name> key = Handle<Name>(descs->GetKey(i), isolate());
5523           FieldIndex index = FieldIndex::ForDescriptor(from->map(), i);
5524           Handle<Object> value =
5525               JSObject::FastPropertyAt(from, details.representation(), index);
5526           JSObject::AddProperty(isolate(), to, key, value,
5527                                 details.attributes());
5528         } else {
5529           DCHECK_EQ(kAccessor, details.kind());
5530           UNREACHABLE();
5531         }
5532 
5533       } else {
5534         DCHECK_EQ(kDescriptor, details.location());
5535         if (details.kind() == kData) {
5536           DCHECK(!FLAG_track_constant_fields);
5537           HandleScope inner(isolate());
5538           Handle<Name> key = Handle<Name>(descs->GetKey(i), isolate());
5539           Handle<Object> value(descs->GetStrongValue(i), isolate());
5540           JSObject::AddProperty(isolate(), to, key, value,
5541                                 details.attributes());
5542         } else {
5543           DCHECK_EQ(kAccessor, details.kind());
5544           Handle<Name> key(descs->GetKey(i), isolate());
5545           LookupIterator it(isolate(), to, key,
5546                             LookupIterator::OWN_SKIP_INTERCEPTOR);
5547           CHECK_NE(LookupIterator::ACCESS_CHECK, it.state());
5548           // If the property is already there we skip it
5549           if (it.IsFound()) continue;
5550           HandleScope inner(isolate());
5551           DCHECK(!to->HasFastProperties());
5552           // Add to dictionary.
5553           Handle<Object> value(descs->GetStrongValue(i), isolate());
5554           PropertyDetails d(kAccessor, details.attributes(),
5555                             PropertyCellType::kMutable);
5556           JSObject::SetNormalizedProperty(to, key, value, d);
5557         }
5558       }
5559     }
5560   } else if (from->IsJSGlobalObject()) {
5561     // Copy all keys and values in enumeration order.
5562     Handle<GlobalDictionary> properties(
5563         JSGlobalObject::cast(*from)->global_dictionary(), isolate());
5564     Handle<FixedArray> indices =
5565         GlobalDictionary::IterationIndices(isolate(), properties);
5566     for (int i = 0; i < indices->length(); i++) {
5567       int index = Smi::ToInt(indices->get(i));
5568       // If the property is already there we skip it.
5569       Handle<PropertyCell> cell(properties->CellAt(index), isolate());
5570       Handle<Name> key(cell->name(), isolate());
5571       LookupIterator it(isolate(), to, key,
5572                         LookupIterator::OWN_SKIP_INTERCEPTOR);
5573       CHECK_NE(LookupIterator::ACCESS_CHECK, it.state());
5574       if (it.IsFound()) continue;
5575       // Set the property.
5576       Handle<Object> value(cell->value(), isolate());
5577       if (value->IsTheHole(isolate())) continue;
5578       PropertyDetails details = cell->property_details();
5579       if (details.kind() != kData) continue;
5580       JSObject::AddProperty(isolate(), to, key, value, details.attributes());
5581     }
5582   } else {
5583     // Copy all keys and values in enumeration order.
5584     Handle<NameDictionary> properties =
5585         Handle<NameDictionary>(from->property_dictionary(), isolate());
5586     Handle<FixedArray> key_indices =
5587         NameDictionary::IterationIndices(isolate(), properties);
5588     ReadOnlyRoots roots(isolate());
5589     for (int i = 0; i < key_indices->length(); i++) {
5590       int key_index = Smi::ToInt(key_indices->get(i));
5591       Object* raw_key = properties->KeyAt(key_index);
5592       DCHECK(properties->IsKey(roots, raw_key));
5593       DCHECK(raw_key->IsName());
5594       // If the property is already there we skip it.
5595       Handle<Name> key(Name::cast(raw_key), isolate());
5596       LookupIterator it(isolate(), to, key,
5597                         LookupIterator::OWN_SKIP_INTERCEPTOR);
5598       CHECK_NE(LookupIterator::ACCESS_CHECK, it.state());
5599       if (it.IsFound()) continue;
5600       // Set the property.
5601       Handle<Object> value =
5602           Handle<Object>(properties->ValueAt(key_index), isolate());
5603       DCHECK(!value->IsCell());
5604       DCHECK(!value->IsTheHole(isolate()));
5605       PropertyDetails details = properties->DetailsAt(key_index);
5606       DCHECK_EQ(kData, details.kind());
5607       JSObject::AddProperty(isolate(), to, key, value, details.attributes());
5608     }
5609   }
5610 }
5611 
5612 
TransferIndexedProperties(Handle<JSObject> from,Handle<JSObject> to)5613 void Genesis::TransferIndexedProperties(Handle<JSObject> from,
5614                                         Handle<JSObject> to) {
5615   // Cloning the elements array is sufficient.
5616   Handle<FixedArray> from_elements =
5617       Handle<FixedArray>(FixedArray::cast(from->elements()), isolate());
5618   Handle<FixedArray> to_elements = factory()->CopyFixedArray(from_elements);
5619   to->set_elements(*to_elements);
5620 }
5621 
5622 
TransferObject(Handle<JSObject> from,Handle<JSObject> to)5623 void Genesis::TransferObject(Handle<JSObject> from, Handle<JSObject> to) {
5624   HandleScope outer(isolate());
5625 
5626   DCHECK(!from->IsJSArray());
5627   DCHECK(!to->IsJSArray());
5628 
5629   TransferNamedProperties(from, to);
5630   TransferIndexedProperties(from, to);
5631 
5632   // Transfer the prototype (new map is needed).
5633   Handle<Object> proto(from->map()->prototype(), isolate());
5634   JSObject::ForceSetPrototype(to, proto);
5635 }
5636 
5637 
Genesis(Isolate * isolate,MaybeHandle<JSGlobalProxy> maybe_global_proxy,v8::Local<v8::ObjectTemplate> global_proxy_template,size_t context_snapshot_index,v8::DeserializeEmbedderFieldsCallback embedder_fields_deserializer,GlobalContextType context_type)5638 Genesis::Genesis(
5639     Isolate* isolate, MaybeHandle<JSGlobalProxy> maybe_global_proxy,
5640     v8::Local<v8::ObjectTemplate> global_proxy_template,
5641     size_t context_snapshot_index,
5642     v8::DeserializeEmbedderFieldsCallback embedder_fields_deserializer,
5643     GlobalContextType context_type)
5644     : isolate_(isolate), active_(isolate->bootstrapper()) {
5645   result_ = Handle<Context>::null();
5646   global_proxy_ = Handle<JSGlobalProxy>::null();
5647 
5648   // Before creating the roots we must save the context and restore it
5649   // on all function exits.
5650   SaveContext saved_context(isolate);
5651 
5652   // The deserializer needs to hook up references to the global proxy.
5653   // Create an uninitialized global proxy now if we don't have one
5654   // and initialize it later in CreateNewGlobals.
5655   Handle<JSGlobalProxy> global_proxy;
5656   if (!maybe_global_proxy.ToHandle(&global_proxy)) {
5657     int instance_size = 0;
5658     if (context_snapshot_index > 0) {
5659       // The global proxy function to reinitialize this global proxy is in the
5660       // context that is yet to be deserialized. We need to prepare a global
5661       // proxy of the correct size.
5662       Object* size = isolate->heap()->serialized_global_proxy_sizes()->get(
5663           static_cast<int>(context_snapshot_index) - 1);
5664       instance_size = Smi::ToInt(size);
5665     } else {
5666       instance_size = JSGlobalProxy::SizeWithEmbedderFields(
5667           global_proxy_template.IsEmpty()
5668               ? 0
5669               : global_proxy_template->InternalFieldCount());
5670     }
5671     global_proxy =
5672         isolate->factory()->NewUninitializedJSGlobalProxy(instance_size);
5673   }
5674 
5675   // We can only de-serialize a context if the isolate was initialized from
5676   // a snapshot. Otherwise we have to build the context from scratch.
5677   // Also create a context from scratch to expose natives, if required by flag.
5678   DCHECK(native_context_.is_null());
5679   if (isolate->initialized_from_snapshot()) {
5680     Handle<Context> context;
5681     if (Snapshot::NewContextFromSnapshot(isolate, global_proxy,
5682                                          context_snapshot_index,
5683                                          embedder_fields_deserializer)
5684             .ToHandle(&context)) {
5685       native_context_ = Handle<NativeContext>::cast(context);
5686     }
5687   }
5688 
5689   if (!native_context().is_null()) {
5690     AddToWeakNativeContextList(isolate, *native_context());
5691     isolate->set_context(*native_context());
5692     isolate->counters()->contexts_created_by_snapshot()->Increment();
5693 
5694     if (context_snapshot_index == 0) {
5695       Handle<JSGlobalObject> global_object =
5696           CreateNewGlobals(global_proxy_template, global_proxy);
5697       HookUpGlobalObject(global_object);
5698 
5699       if (!ConfigureGlobalObjects(global_proxy_template)) return;
5700     } else {
5701       // The global proxy needs to be integrated into the native context.
5702       HookUpGlobalProxy(global_proxy);
5703     }
5704     DCHECK(!global_proxy->IsDetachedFrom(native_context()->global_object()));
5705   } else {
5706     base::ElapsedTimer timer;
5707     if (FLAG_profile_deserialization) timer.Start();
5708     DCHECK_EQ(0u, context_snapshot_index);
5709     // We get here if there was no context snapshot.
5710     CreateRoots();
5711     Handle<JSFunction> empty_function = CreateEmptyFunction();
5712     CreateSloppyModeFunctionMaps(empty_function);
5713     CreateStrictModeFunctionMaps(empty_function);
5714     CreateObjectFunction(empty_function);
5715     CreateIteratorMaps(empty_function);
5716     CreateAsyncIteratorMaps(empty_function);
5717     CreateAsyncFunctionMaps(empty_function);
5718     Handle<JSGlobalObject> global_object =
5719         CreateNewGlobals(global_proxy_template, global_proxy);
5720     InitializeGlobal(global_object, empty_function, context_type);
5721     InitializeNormalizedMapCaches();
5722 
5723     if (!InstallNatives(context_type)) return;
5724     if (!InstallExtraNatives()) return;
5725     if (!ConfigureGlobalObjects(global_proxy_template)) return;
5726 
5727     isolate->counters()->contexts_created_from_scratch()->Increment();
5728 
5729     if (FLAG_profile_deserialization) {
5730       double ms = timer.Elapsed().InMillisecondsF();
5731       i::PrintF("[Initializing context from scratch took %0.3f ms]\n", ms);
5732     }
5733   }
5734 
5735   // Install experimental natives. Do not include them into the
5736   // snapshot as we should be able to turn them off at runtime. Re-installing
5737   // them after they have already been deserialized would also fail.
5738   if (context_type == FULL_CONTEXT) {
5739     if (!isolate->serializer_enabled()) {
5740       InitializeExperimentalGlobal();
5741 
5742       if (FLAG_experimental_extras) {
5743         if (!InstallExperimentalExtraNatives()) return;
5744       }
5745 
5746       // Store String.prototype's map again in case it has been changed by
5747       // experimental natives.
5748       Handle<JSFunction> string_function(native_context()->string_function(),
5749                                          isolate);
5750       JSObject* string_function_prototype =
5751           JSObject::cast(string_function->initial_map()->prototype());
5752       DCHECK(string_function_prototype->HasFastProperties());
5753       native_context()->set_string_function_prototype_map(
5754           string_function_prototype->map());
5755     }
5756   } else if (context_type == DEBUG_CONTEXT) {
5757     DCHECK(!isolate->serializer_enabled());
5758     InitializeExperimentalGlobal();
5759     if (!InstallDebuggerNatives()) return;
5760   }
5761 
5762   if (FLAG_disallow_code_generation_from_strings) {
5763     native_context()->set_allow_code_gen_from_strings(
5764         ReadOnlyRoots(isolate).false_value());
5765   }
5766 
5767   ConfigureUtilsObject(context_type);
5768 
5769   // We created new functions, which may require debug instrumentation.
5770   if (isolate->debug()->is_active()) {
5771     isolate->debug()->InstallDebugBreakTrampoline();
5772   }
5773 
5774   native_context()->ResetErrorsThrown();
5775   result_ = native_context();
5776 }
5777 
Genesis(Isolate * isolate,MaybeHandle<JSGlobalProxy> maybe_global_proxy,v8::Local<v8::ObjectTemplate> global_proxy_template)5778 Genesis::Genesis(Isolate* isolate,
5779                  MaybeHandle<JSGlobalProxy> maybe_global_proxy,
5780                  v8::Local<v8::ObjectTemplate> global_proxy_template)
5781     : isolate_(isolate), active_(isolate->bootstrapper()) {
5782   result_ = Handle<Context>::null();
5783   global_proxy_ = Handle<JSGlobalProxy>::null();
5784 
5785   // Before creating the roots we must save the context and restore it
5786   // on all function exits.
5787   SaveContext saved_context(isolate);
5788 
5789   const int proxy_size = JSGlobalProxy::SizeWithEmbedderFields(
5790       global_proxy_template->InternalFieldCount());
5791 
5792   Handle<JSGlobalProxy> global_proxy;
5793   if (!maybe_global_proxy.ToHandle(&global_proxy)) {
5794     global_proxy = factory()->NewUninitializedJSGlobalProxy(proxy_size);
5795   }
5796 
5797   // Create a remote object as the global object.
5798   Handle<ObjectTemplateInfo> global_proxy_data =
5799       Utils::OpenHandle(*global_proxy_template);
5800   Handle<FunctionTemplateInfo> global_constructor(
5801       FunctionTemplateInfo::cast(global_proxy_data->constructor()), isolate);
5802 
5803   Handle<ObjectTemplateInfo> global_object_template(
5804       ObjectTemplateInfo::cast(global_constructor->prototype_template()),
5805       isolate);
5806   Handle<JSObject> global_object =
5807       ApiNatives::InstantiateRemoteObject(
5808           global_object_template).ToHandleChecked();
5809 
5810   // (Re)initialize the global proxy object.
5811   DCHECK_EQ(global_proxy_data->embedder_field_count(),
5812             global_proxy_template->InternalFieldCount());
5813   Handle<Map> global_proxy_map = isolate->factory()->NewMap(
5814       JS_GLOBAL_PROXY_TYPE, proxy_size, TERMINAL_FAST_ELEMENTS_KIND);
5815   global_proxy_map->set_is_access_check_needed(true);
5816   global_proxy_map->set_has_hidden_prototype(true);
5817   global_proxy_map->set_may_have_interesting_symbols(true);
5818 
5819   // A remote global proxy has no native context.
5820   global_proxy->set_native_context(ReadOnlyRoots(heap()).null_value());
5821 
5822   // Configure the hidden prototype chain of the global proxy.
5823   JSObject::ForceSetPrototype(global_proxy, global_object);
5824   global_proxy->map()->SetConstructor(*global_constructor);
5825   // TODO(dcheng): This is a hack. Why does this need to be manually called
5826   // here? Line 4812 should have taken care of it?
5827   global_proxy->map()->set_has_hidden_prototype(true);
5828 
5829   global_proxy_ = global_proxy;
5830 }
5831 
5832 // Support for thread preemption.
5833 
5834 // Reserve space for statics needing saving and restoring.
ArchiveSpacePerThread()5835 int Bootstrapper::ArchiveSpacePerThread() {
5836   return sizeof(NestingCounterType);
5837 }
5838 
5839 
5840 // Archive statics that are thread-local.
ArchiveState(char * to)5841 char* Bootstrapper::ArchiveState(char* to) {
5842   *reinterpret_cast<NestingCounterType*>(to) = nesting_;
5843   nesting_ = 0;
5844   return to + sizeof(NestingCounterType);
5845 }
5846 
5847 
5848 // Restore statics that are thread-local.
RestoreState(char * from)5849 char* Bootstrapper::RestoreState(char* from) {
5850   nesting_ = *reinterpret_cast<NestingCounterType*>(from);
5851   return from + sizeof(NestingCounterType);
5852 }
5853 
5854 
5855 // Called when the top-level V8 mutex is destroyed.
FreeThreadResources()5856 void Bootstrapper::FreeThreadResources() {
5857   DCHECK(!IsActive());
5858 }
5859 
5860 }  // namespace internal
5861 }  // namespace v8
5862