1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "src/allocation-site-scopes.h"
6 #include "src/arguments-inl.h"
7 #include "src/ast/ast.h"
8 #include "src/isolate-inl.h"
9 #include "src/objects/hash-table-inl.h"
10 #include "src/objects/js-regexp-inl.h"
11 #include "src/objects/literal-objects-inl.h"
12 #include "src/runtime/runtime-utils.h"
13 #include "src/runtime/runtime.h"
14
15 namespace v8 {
16 namespace internal {
17
18 namespace {
19
IsUninitializedLiteralSite(Object * literal_site)20 bool IsUninitializedLiteralSite(Object* literal_site) {
21 return literal_site == Smi::kZero;
22 }
23
HasBoilerplate(Handle<Object> literal_site)24 bool HasBoilerplate(Handle<Object> literal_site) {
25 return !literal_site->IsSmi();
26 }
27
PreInitializeLiteralSite(Handle<FeedbackVector> vector,FeedbackSlot slot)28 void PreInitializeLiteralSite(Handle<FeedbackVector> vector,
29 FeedbackSlot slot) {
30 vector->Set(slot, Smi::FromInt(1));
31 }
32
33 Handle<Object> InnerCreateBoilerplate(Isolate* isolate,
34 Handle<Object> description,
35 PretenureFlag pretenure_flag);
36
37 enum DeepCopyHints { kNoHints = 0, kObjectIsShallow = 1 };
38
39 template <class ContextObject>
40 class JSObjectWalkVisitor {
41 public:
JSObjectWalkVisitor(ContextObject * site_context,DeepCopyHints hints)42 JSObjectWalkVisitor(ContextObject* site_context, DeepCopyHints hints)
43 : site_context_(site_context), hints_(hints) {}
44
45 V8_WARN_UNUSED_RESULT MaybeHandle<JSObject> StructureWalk(
46 Handle<JSObject> object);
47
48 protected:
VisitElementOrProperty(Handle<JSObject> object,Handle<JSObject> value)49 V8_WARN_UNUSED_RESULT inline MaybeHandle<JSObject> VisitElementOrProperty(
50 Handle<JSObject> object, Handle<JSObject> value) {
51 // Dont create allocation sites for nested object literals
52 if (!value->IsJSArray()) {
53 return StructureWalk(value);
54 }
55
56 Handle<AllocationSite> current_site = site_context()->EnterNewScope();
57 MaybeHandle<JSObject> copy_of_value = StructureWalk(value);
58 site_context()->ExitScope(current_site, value);
59 return copy_of_value;
60 }
61
site_context()62 inline ContextObject* site_context() { return site_context_; }
isolate()63 inline Isolate* isolate() { return site_context()->isolate(); }
64
65 private:
66 ContextObject* site_context_;
67 const DeepCopyHints hints_;
68 };
69
70 template <class ContextObject>
StructureWalk(Handle<JSObject> object)71 MaybeHandle<JSObject> JSObjectWalkVisitor<ContextObject>::StructureWalk(
72 Handle<JSObject> object) {
73 Isolate* isolate = this->isolate();
74 bool copying = ContextObject::kCopying;
75 bool shallow = hints_ == kObjectIsShallow;
76
77 if (!shallow) {
78 StackLimitCheck check(isolate);
79
80 if (check.HasOverflowed()) {
81 isolate->StackOverflow();
82 return MaybeHandle<JSObject>();
83 }
84 }
85
86 if (object->map()->is_deprecated()) {
87 JSObject::MigrateInstance(object);
88 }
89
90 Handle<JSObject> copy;
91 if (copying) {
92 // JSFunction objects are not allowed to be in normal boilerplates at all.
93 DCHECK(!object->IsJSFunction());
94 Handle<AllocationSite> site_to_pass;
95 if (site_context()->ShouldCreateMemento(object)) {
96 site_to_pass = site_context()->current();
97 }
98 copy = isolate->factory()->CopyJSObjectWithAllocationSite(object,
99 site_to_pass);
100 } else {
101 copy = object;
102 }
103
104 DCHECK(copying || copy.is_identical_to(object));
105
106 if (shallow) return copy;
107
108 HandleScope scope(isolate);
109
110 // Deep copy own properties. Arrays only have 1 property "length".
111 if (!copy->IsJSArray()) {
112 if (copy->HasFastProperties()) {
113 Handle<DescriptorArray> descriptors(copy->map()->instance_descriptors(),
114 isolate);
115 int limit = copy->map()->NumberOfOwnDescriptors();
116 for (int i = 0; i < limit; i++) {
117 DCHECK_EQ(kField, descriptors->GetDetails(i).location());
118 DCHECK_EQ(kData, descriptors->GetDetails(i).kind());
119 FieldIndex index = FieldIndex::ForDescriptor(copy->map(), i);
120 if (copy->IsUnboxedDoubleField(index)) continue;
121 Object* raw = copy->RawFastPropertyAt(index);
122 if (raw->IsJSObject()) {
123 Handle<JSObject> value(JSObject::cast(raw), isolate);
124 ASSIGN_RETURN_ON_EXCEPTION(
125 isolate, value, VisitElementOrProperty(copy, value), JSObject);
126 if (copying) copy->FastPropertyAtPut(index, *value);
127 } else if (copying && raw->IsMutableHeapNumber()) {
128 DCHECK(descriptors->GetDetails(i).representation().IsDouble());
129 uint64_t double_value = MutableHeapNumber::cast(raw)->value_as_bits();
130 auto value =
131 isolate->factory()->NewMutableHeapNumberFromBits(double_value);
132 copy->FastPropertyAtPut(index, *value);
133 }
134 }
135 } else {
136 Handle<NameDictionary> dict(copy->property_dictionary(), isolate);
137 for (int i = 0; i < dict->Capacity(); i++) {
138 Object* raw = dict->ValueAt(i);
139 if (!raw->IsJSObject()) continue;
140 DCHECK(dict->KeyAt(i)->IsName());
141 Handle<JSObject> value(JSObject::cast(raw), isolate);
142 ASSIGN_RETURN_ON_EXCEPTION(
143 isolate, value, VisitElementOrProperty(copy, value), JSObject);
144 if (copying) dict->ValueAtPut(i, *value);
145 }
146 }
147
148 // Assume non-arrays don't end up having elements.
149 if (copy->elements()->length() == 0) return copy;
150 }
151
152 // Deep copy own elements.
153 switch (copy->GetElementsKind()) {
154 case PACKED_ELEMENTS:
155 case HOLEY_ELEMENTS: {
156 Handle<FixedArray> elements(FixedArray::cast(copy->elements()), isolate);
157 if (elements->map() == ReadOnlyRoots(isolate).fixed_cow_array_map()) {
158 #ifdef DEBUG
159 for (int i = 0; i < elements->length(); i++) {
160 DCHECK(!elements->get(i)->IsJSObject());
161 }
162 #endif
163 } else {
164 for (int i = 0; i < elements->length(); i++) {
165 Object* raw = elements->get(i);
166 if (!raw->IsJSObject()) continue;
167 Handle<JSObject> value(JSObject::cast(raw), isolate);
168 ASSIGN_RETURN_ON_EXCEPTION(
169 isolate, value, VisitElementOrProperty(copy, value), JSObject);
170 if (copying) elements->set(i, *value);
171 }
172 }
173 break;
174 }
175 case DICTIONARY_ELEMENTS: {
176 Handle<NumberDictionary> element_dictionary(copy->element_dictionary(),
177 isolate);
178 int capacity = element_dictionary->Capacity();
179 for (int i = 0; i < capacity; i++) {
180 Object* raw = element_dictionary->ValueAt(i);
181 if (!raw->IsJSObject()) continue;
182 Handle<JSObject> value(JSObject::cast(raw), isolate);
183 ASSIGN_RETURN_ON_EXCEPTION(
184 isolate, value, VisitElementOrProperty(copy, value), JSObject);
185 if (copying) element_dictionary->ValueAtPut(i, *value);
186 }
187 break;
188 }
189 case FAST_SLOPPY_ARGUMENTS_ELEMENTS:
190 case SLOW_SLOPPY_ARGUMENTS_ELEMENTS:
191 UNIMPLEMENTED();
192 break;
193 case FAST_STRING_WRAPPER_ELEMENTS:
194 case SLOW_STRING_WRAPPER_ELEMENTS:
195 UNREACHABLE();
196 break;
197
198 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype) case TYPE##_ELEMENTS:
199
200 TYPED_ARRAYS(TYPED_ARRAY_CASE)
201 #undef TYPED_ARRAY_CASE
202 // Typed elements cannot be created using an object literal.
203 UNREACHABLE();
204 break;
205
206 case PACKED_SMI_ELEMENTS:
207 case HOLEY_SMI_ELEMENTS:
208 case PACKED_DOUBLE_ELEMENTS:
209 case HOLEY_DOUBLE_ELEMENTS:
210 case NO_ELEMENTS:
211 // No contained objects, nothing to do.
212 break;
213 }
214
215 return copy;
216 }
217
218 class DeprecationUpdateContext {
219 public:
DeprecationUpdateContext(Isolate * isolate)220 explicit DeprecationUpdateContext(Isolate* isolate) { isolate_ = isolate; }
isolate()221 Isolate* isolate() { return isolate_; }
ShouldCreateMemento(Handle<JSObject> object)222 bool ShouldCreateMemento(Handle<JSObject> object) { return false; }
ExitScope(Handle<AllocationSite> scope_site,Handle<JSObject> object)223 inline void ExitScope(Handle<AllocationSite> scope_site,
224 Handle<JSObject> object) {}
EnterNewScope()225 Handle<AllocationSite> EnterNewScope() { return Handle<AllocationSite>(); }
current()226 Handle<AllocationSite> current() {
227 UNREACHABLE();
228 return Handle<AllocationSite>();
229 }
230
231 static const bool kCopying = false;
232
233 private:
234 Isolate* isolate_;
235 };
236
237 // AllocationSiteCreationContext aids in the creation of AllocationSites to
238 // accompany object literals.
239 class AllocationSiteCreationContext : public AllocationSiteContext {
240 public:
AllocationSiteCreationContext(Isolate * isolate)241 explicit AllocationSiteCreationContext(Isolate* isolate)
242 : AllocationSiteContext(isolate) {}
243
EnterNewScope()244 Handle<AllocationSite> EnterNewScope() {
245 Handle<AllocationSite> scope_site;
246 if (top().is_null()) {
247 // We are creating the top level AllocationSite as opposed to a nested
248 // AllocationSite.
249 InitializeTraversal(isolate()->factory()->NewAllocationSite(true));
250 scope_site = Handle<AllocationSite>(*top(), isolate());
251 if (FLAG_trace_creation_allocation_sites) {
252 PrintF("*** Creating top level %s AllocationSite %p\n", "Fat",
253 static_cast<void*>(*scope_site));
254 }
255 } else {
256 DCHECK(!current().is_null());
257 scope_site = isolate()->factory()->NewAllocationSite(false);
258 if (FLAG_trace_creation_allocation_sites) {
259 PrintF(
260 "*** Creating nested %s AllocationSite (top, current, new) (%p, "
261 "%p, "
262 "%p)\n",
263 "Slim", static_cast<void*>(*top()), static_cast<void*>(*current()),
264 static_cast<void*>(*scope_site));
265 }
266 current()->set_nested_site(*scope_site);
267 update_current_site(*scope_site);
268 }
269 DCHECK(!scope_site.is_null());
270 return scope_site;
271 }
ExitScope(Handle<AllocationSite> scope_site,Handle<JSObject> object)272 void ExitScope(Handle<AllocationSite> scope_site, Handle<JSObject> object) {
273 if (object.is_null()) return;
274 scope_site->set_boilerplate(*object);
275 if (FLAG_trace_creation_allocation_sites) {
276 bool top_level =
277 !scope_site.is_null() && top().is_identical_to(scope_site);
278 if (top_level) {
279 PrintF("*** Setting AllocationSite %p transition_info %p\n",
280 static_cast<void*>(*scope_site), static_cast<void*>(*object));
281 } else {
282 PrintF("*** Setting AllocationSite (%p, %p) transition_info %p\n",
283 static_cast<void*>(*top()), static_cast<void*>(*scope_site),
284 static_cast<void*>(*object));
285 }
286 }
287 }
288 static const bool kCopying = false;
289 };
290
DeepWalk(Handle<JSObject> object,DeprecationUpdateContext * site_context)291 MaybeHandle<JSObject> DeepWalk(Handle<JSObject> object,
292 DeprecationUpdateContext* site_context) {
293 JSObjectWalkVisitor<DeprecationUpdateContext> v(site_context, kNoHints);
294 MaybeHandle<JSObject> result = v.StructureWalk(object);
295 Handle<JSObject> for_assert;
296 DCHECK(!result.ToHandle(&for_assert) || for_assert.is_identical_to(object));
297 return result;
298 }
299
DeepWalk(Handle<JSObject> object,AllocationSiteCreationContext * site_context)300 MaybeHandle<JSObject> DeepWalk(Handle<JSObject> object,
301 AllocationSiteCreationContext* site_context) {
302 JSObjectWalkVisitor<AllocationSiteCreationContext> v(site_context, kNoHints);
303 MaybeHandle<JSObject> result = v.StructureWalk(object);
304 Handle<JSObject> for_assert;
305 DCHECK(!result.ToHandle(&for_assert) || for_assert.is_identical_to(object));
306 return result;
307 }
308
DeepCopy(Handle<JSObject> object,AllocationSiteUsageContext * site_context,DeepCopyHints hints)309 MaybeHandle<JSObject> DeepCopy(Handle<JSObject> object,
310 AllocationSiteUsageContext* site_context,
311 DeepCopyHints hints) {
312 JSObjectWalkVisitor<AllocationSiteUsageContext> v(site_context, hints);
313 MaybeHandle<JSObject> copy = v.StructureWalk(object);
314 Handle<JSObject> for_assert;
315 DCHECK(!copy.ToHandle(&for_assert) || !for_assert.is_identical_to(object));
316 return copy;
317 }
318
319 struct ObjectLiteralHelper {
Createv8::internal::__anon872c4cbd0111::ObjectLiteralHelper320 static Handle<JSObject> Create(Isolate* isolate,
321 Handle<HeapObject> description, int flags,
322 PretenureFlag pretenure_flag) {
323 Handle<NativeContext> native_context = isolate->native_context();
324 Handle<ObjectBoilerplateDescription> object_boilerplate_description =
325 Handle<ObjectBoilerplateDescription>::cast(description);
326 bool use_fast_elements = (flags & ObjectLiteral::kFastElements) != 0;
327 bool has_null_prototype = (flags & ObjectLiteral::kHasNullPrototype) != 0;
328
329 // In case we have function literals, we want the object to be in
330 // slow properties mode for now. We don't go in the map cache because
331 // maps with constant functions can't be shared if the functions are
332 // not the same (which is the common case).
333 int number_of_properties =
334 object_boilerplate_description->backing_store_size();
335
336 // Ignoring number_of_properties for force dictionary map with
337 // __proto__:null.
338 Handle<Map> map =
339 has_null_prototype
340 ? handle(native_context->slow_object_with_null_prototype_map(),
341 isolate)
342 : isolate->factory()->ObjectLiteralMapFromCache(
343 native_context, number_of_properties);
344
345 Handle<JSObject> boilerplate =
346 map->is_dictionary_map()
347 ? isolate->factory()->NewSlowJSObjectFromMap(
348 map, number_of_properties, pretenure_flag)
349 : isolate->factory()->NewJSObjectFromMap(map, pretenure_flag);
350
351 // Normalize the elements of the boilerplate to save space if needed.
352 if (!use_fast_elements) JSObject::NormalizeElements(boilerplate);
353
354 // Add the constant properties to the boilerplate.
355 int length = object_boilerplate_description->size();
356 // TODO(verwaest): Support tracking representations in the boilerplate.
357 for (int index = 0; index < length; index++) {
358 Handle<Object> key(object_boilerplate_description->name(index), isolate);
359 Handle<Object> value(object_boilerplate_description->value(index),
360 isolate);
361
362 if (value->IsObjectBoilerplateDescription() ||
363 value->IsArrayBoilerplateDescription()) {
364 value = InnerCreateBoilerplate(isolate, value, pretenure_flag);
365 }
366 uint32_t element_index = 0;
367 if (key->ToArrayIndex(&element_index)) {
368 // Array index (uint32).
369 if (value->IsUninitialized(isolate)) {
370 value = handle(Smi::kZero, isolate);
371 }
372 JSObject::SetOwnElementIgnoreAttributes(boilerplate, element_index,
373 value, NONE)
374 .Check();
375 } else {
376 Handle<String> name = Handle<String>::cast(key);
377 DCHECK(!name->AsArrayIndex(&element_index));
378 JSObject::SetOwnPropertyIgnoreAttributes(boilerplate, name, value, NONE)
379 .Check();
380 }
381 }
382
383 if (map->is_dictionary_map() && !has_null_prototype) {
384 // TODO(cbruni): avoid making the boilerplate fast again, the clone stub
385 // supports dict-mode objects directly.
386 JSObject::MigrateSlowToFast(boilerplate,
387 boilerplate->map()->UnusedPropertyFields(),
388 "FastLiteral");
389 }
390 return boilerplate;
391 }
392 };
393
394 struct ArrayLiteralHelper {
Createv8::internal::__anon872c4cbd0111::ArrayLiteralHelper395 static Handle<JSObject> Create(Isolate* isolate,
396 Handle<HeapObject> description, int flags,
397 PretenureFlag pretenure_flag) {
398 Handle<ArrayBoilerplateDescription> array_boilerplate_description =
399 Handle<ArrayBoilerplateDescription>::cast(description);
400
401 ElementsKind constant_elements_kind =
402 array_boilerplate_description->elements_kind();
403
404 Handle<FixedArrayBase> constant_elements_values(
405 array_boilerplate_description->constant_elements(), isolate);
406
407 // Create the JSArray.
408 Handle<FixedArrayBase> copied_elements_values;
409 if (IsDoubleElementsKind(constant_elements_kind)) {
410 copied_elements_values = isolate->factory()->CopyFixedDoubleArray(
411 Handle<FixedDoubleArray>::cast(constant_elements_values));
412 } else {
413 DCHECK(IsSmiOrObjectElementsKind(constant_elements_kind));
414 const bool is_cow = (constant_elements_values->map() ==
415 ReadOnlyRoots(isolate).fixed_cow_array_map());
416 if (is_cow) {
417 copied_elements_values = constant_elements_values;
418 #if DEBUG
419 Handle<FixedArray> fixed_array_values =
420 Handle<FixedArray>::cast(copied_elements_values);
421 for (int i = 0; i < fixed_array_values->length(); i++) {
422 DCHECK(!fixed_array_values->get(i)->IsFixedArray());
423 }
424 #endif
425 } else {
426 Handle<FixedArray> fixed_array_values =
427 Handle<FixedArray>::cast(constant_elements_values);
428 Handle<FixedArray> fixed_array_values_copy =
429 isolate->factory()->CopyFixedArray(fixed_array_values);
430 copied_elements_values = fixed_array_values_copy;
431 FOR_WITH_HANDLE_SCOPE(
432 isolate, int, i = 0, i, i < fixed_array_values->length(), i++, {
433 Handle<Object> value(fixed_array_values->get(i), isolate);
434
435 if (value->IsArrayBoilerplateDescription() ||
436 value->IsObjectBoilerplateDescription()) {
437 Handle<Object> result =
438 InnerCreateBoilerplate(isolate, value, pretenure_flag);
439 fixed_array_values_copy->set(i, *result);
440 }
441 });
442 }
443 }
444
445 return isolate->factory()->NewJSArrayWithElements(
446 copied_elements_values, constant_elements_kind,
447 copied_elements_values->length(), pretenure_flag);
448 }
449 };
450
InnerCreateBoilerplate(Isolate * isolate,Handle<Object> description,PretenureFlag pretenure_flag)451 Handle<Object> InnerCreateBoilerplate(Isolate* isolate,
452 Handle<Object> description,
453 PretenureFlag pretenure_flag) {
454 if (description->IsObjectBoilerplateDescription()) {
455 Handle<ObjectBoilerplateDescription> object_boilerplate_description =
456 Handle<ObjectBoilerplateDescription>::cast(description);
457 return ObjectLiteralHelper::Create(isolate, object_boilerplate_description,
458 object_boilerplate_description->flags(),
459 pretenure_flag);
460 } else {
461 DCHECK(description->IsArrayBoilerplateDescription());
462 Handle<ArrayBoilerplateDescription> array_boilerplate_description =
463 Handle<ArrayBoilerplateDescription>::cast(description);
464 return ArrayLiteralHelper::Create(
465 isolate, array_boilerplate_description,
466 array_boilerplate_description->elements_kind(), pretenure_flag);
467 }
468 }
469
DecodeCopyHints(int flags)470 inline DeepCopyHints DecodeCopyHints(int flags) {
471 DeepCopyHints copy_hints =
472 (flags & AggregateLiteral::kIsShallow) ? kObjectIsShallow : kNoHints;
473 if (FLAG_track_double_fields && !FLAG_unbox_double_fields) {
474 // Make sure we properly clone mutable heap numbers on 32-bit platforms.
475 copy_hints = kNoHints;
476 }
477 return copy_hints;
478 }
479
480 template <typename LiteralHelper>
CreateLiteralWithoutAllocationSite(Isolate * isolate,Handle<HeapObject> description,int flags)481 MaybeHandle<JSObject> CreateLiteralWithoutAllocationSite(
482 Isolate* isolate, Handle<HeapObject> description, int flags) {
483 Handle<JSObject> literal =
484 LiteralHelper::Create(isolate, description, flags, NOT_TENURED);
485 DeepCopyHints copy_hints = DecodeCopyHints(flags);
486 if (copy_hints == kNoHints) {
487 DeprecationUpdateContext update_context(isolate);
488 RETURN_ON_EXCEPTION(isolate, DeepWalk(literal, &update_context), JSObject);
489 }
490 return literal;
491 }
492
493 template <typename LiteralHelper>
CreateLiteral(Isolate * isolate,Handle<FeedbackVector> vector,int literals_index,Handle<HeapObject> description,int flags)494 MaybeHandle<JSObject> CreateLiteral(Isolate* isolate,
495 Handle<FeedbackVector> vector,
496 int literals_index,
497 Handle<HeapObject> description, int flags) {
498 FeedbackSlot literals_slot(FeedbackVector::ToSlot(literals_index));
499 CHECK(literals_slot.ToInt() < vector->length());
500 Handle<Object> literal_site(vector->Get(literals_slot)->ToObject(), isolate);
501 DeepCopyHints copy_hints = DecodeCopyHints(flags);
502
503 Handle<AllocationSite> site;
504 Handle<JSObject> boilerplate;
505
506 if (HasBoilerplate(literal_site)) {
507 site = Handle<AllocationSite>::cast(literal_site);
508 boilerplate = Handle<JSObject>(site->boilerplate(), isolate);
509 } else {
510 // Eagerly create AllocationSites for literals that contain an Array.
511 bool needs_initial_allocation_site =
512 (flags & AggregateLiteral::kNeedsInitialAllocationSite) != 0;
513 if (!needs_initial_allocation_site &&
514 IsUninitializedLiteralSite(*literal_site)) {
515 PreInitializeLiteralSite(vector, literals_slot);
516 return CreateLiteralWithoutAllocationSite<LiteralHelper>(
517 isolate, description, flags);
518 } else {
519 boilerplate = LiteralHelper::Create(isolate, description, flags, TENURED);
520 }
521 // Install AllocationSite objects.
522 AllocationSiteCreationContext creation_context(isolate);
523 site = creation_context.EnterNewScope();
524 RETURN_ON_EXCEPTION(isolate, DeepWalk(boilerplate, &creation_context),
525 JSObject);
526 creation_context.ExitScope(site, boilerplate);
527
528 vector->Set(literals_slot, *site);
529 }
530
531 STATIC_ASSERT(static_cast<int>(ObjectLiteral::kDisableMementos) ==
532 static_cast<int>(ArrayLiteral::kDisableMementos));
533 bool enable_mementos = (flags & ObjectLiteral::kDisableMementos) == 0;
534
535 // Copy the existing boilerplate.
536 AllocationSiteUsageContext usage_context(isolate, site, enable_mementos);
537 usage_context.EnterNewScope();
538 MaybeHandle<JSObject> copy =
539 DeepCopy(boilerplate, &usage_context, copy_hints);
540 usage_context.ExitScope(site, boilerplate);
541 return copy;
542 }
543 } // namespace
544
RUNTIME_FUNCTION(Runtime_CreateObjectLiteral)545 RUNTIME_FUNCTION(Runtime_CreateObjectLiteral) {
546 HandleScope scope(isolate);
547 DCHECK_EQ(4, args.length());
548 CONVERT_ARG_HANDLE_CHECKED(FeedbackVector, vector, 0);
549 CONVERT_SMI_ARG_CHECKED(literals_index, 1);
550 CONVERT_ARG_HANDLE_CHECKED(ObjectBoilerplateDescription, description, 2);
551 CONVERT_SMI_ARG_CHECKED(flags, 3);
552 RETURN_RESULT_OR_FAILURE(
553 isolate, CreateLiteral<ObjectLiteralHelper>(
554 isolate, vector, literals_index, description, flags));
555 }
556
RUNTIME_FUNCTION(Runtime_CreateObjectLiteralWithoutAllocationSite)557 RUNTIME_FUNCTION(Runtime_CreateObjectLiteralWithoutAllocationSite) {
558 HandleScope scope(isolate);
559 DCHECK_EQ(2, args.length());
560 CONVERT_ARG_HANDLE_CHECKED(ObjectBoilerplateDescription, description, 0);
561 CONVERT_SMI_ARG_CHECKED(flags, 1);
562 RETURN_RESULT_OR_FAILURE(
563 isolate, CreateLiteralWithoutAllocationSite<ObjectLiteralHelper>(
564 isolate, description, flags));
565 }
566
RUNTIME_FUNCTION(Runtime_CreateArrayLiteralWithoutAllocationSite)567 RUNTIME_FUNCTION(Runtime_CreateArrayLiteralWithoutAllocationSite) {
568 HandleScope scope(isolate);
569 DCHECK_EQ(2, args.length());
570 CONVERT_ARG_HANDLE_CHECKED(ArrayBoilerplateDescription, description, 0);
571 CONVERT_SMI_ARG_CHECKED(flags, 1);
572 RETURN_RESULT_OR_FAILURE(
573 isolate, CreateLiteralWithoutAllocationSite<ArrayLiteralHelper>(
574 isolate, description, flags));
575 }
576
RUNTIME_FUNCTION(Runtime_CreateArrayLiteral)577 RUNTIME_FUNCTION(Runtime_CreateArrayLiteral) {
578 HandleScope scope(isolate);
579 DCHECK_EQ(4, args.length());
580 CONVERT_ARG_HANDLE_CHECKED(FeedbackVector, vector, 0);
581 CONVERT_SMI_ARG_CHECKED(literals_index, 1);
582 CONVERT_ARG_HANDLE_CHECKED(ArrayBoilerplateDescription, elements, 2);
583 CONVERT_SMI_ARG_CHECKED(flags, 3);
584 RETURN_RESULT_OR_FAILURE(
585 isolate, CreateLiteral<ArrayLiteralHelper>(
586 isolate, vector, literals_index, elements, flags));
587 }
588
RUNTIME_FUNCTION(Runtime_CreateRegExpLiteral)589 RUNTIME_FUNCTION(Runtime_CreateRegExpLiteral) {
590 HandleScope scope(isolate);
591 DCHECK_EQ(4, args.length());
592 CONVERT_ARG_HANDLE_CHECKED(FeedbackVector, vector, 0);
593 CONVERT_SMI_ARG_CHECKED(index, 1);
594 CONVERT_ARG_HANDLE_CHECKED(String, pattern, 2);
595 CONVERT_SMI_ARG_CHECKED(flags, 3);
596
597 FeedbackSlot literal_slot(FeedbackVector::ToSlot(index));
598
599 // Check if boilerplate exists. If not, create it first.
600 Handle<Object> literal_site(vector->Get(literal_slot)->ToObject(), isolate);
601 Handle<Object> boilerplate;
602 if (!HasBoilerplate(literal_site)) {
603 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
604 isolate, boilerplate,
605 JSRegExp::New(isolate, pattern, JSRegExp::Flags(flags)));
606 if (IsUninitializedLiteralSite(*literal_site)) {
607 PreInitializeLiteralSite(vector, literal_slot);
608 return *boilerplate;
609 }
610 vector->Set(literal_slot, *boilerplate);
611 }
612 return *JSRegExp::Copy(Handle<JSRegExp>::cast(boilerplate));
613 }
614
615 } // namespace internal
616 } // namespace v8
617