1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "src/runtime/runtime-utils.h"
6 
7 #include "src/allocation-site-scopes.h"
8 #include "src/arguments.h"
9 #include "src/ast/ast.h"
10 #include "src/isolate-inl.h"
11 #include "src/parsing/parser.h"
12 #include "src/runtime/runtime.h"
13 
14 namespace v8 {
15 namespace internal {
16 
ComputeObjectLiteralMap(Handle<Context> context,Handle<FixedArray> constant_properties,bool is_strong,bool * is_result_from_cache)17 static Handle<Map> ComputeObjectLiteralMap(
18     Handle<Context> context, Handle<FixedArray> constant_properties,
19     bool is_strong, bool* is_result_from_cache) {
20   int properties_length = constant_properties->length();
21   int number_of_properties = properties_length / 2;
22 
23   for (int p = 0; p != properties_length; p += 2) {
24     Object* key = constant_properties->get(p);
25     uint32_t element_index = 0;
26     if (key->ToArrayIndex(&element_index)) {
27       // An index key does not require space in the property backing store.
28       number_of_properties--;
29     }
30   }
31   Isolate* isolate = context->GetIsolate();
32   return isolate->factory()->ObjectLiteralMapFromCache(
33       context, number_of_properties, is_strong, is_result_from_cache);
34 }
35 
36 MUST_USE_RESULT static MaybeHandle<Object> CreateLiteralBoilerplate(
37     Isolate* isolate, Handle<LiteralsArray> literals,
38     Handle<FixedArray> constant_properties, bool is_strong);
39 
40 
CreateObjectLiteralBoilerplate(Isolate * isolate,Handle<LiteralsArray> literals,Handle<FixedArray> constant_properties,bool should_have_fast_elements,bool has_function_literal,bool is_strong)41 MUST_USE_RESULT static MaybeHandle<Object> CreateObjectLiteralBoilerplate(
42     Isolate* isolate, Handle<LiteralsArray> literals,
43     Handle<FixedArray> constant_properties, bool should_have_fast_elements,
44     bool has_function_literal, bool is_strong) {
45   Handle<Context> context = isolate->native_context();
46 
47   // In case we have function literals, we want the object to be in
48   // slow properties mode for now. We don't go in the map cache because
49   // maps with constant functions can't be shared if the functions are
50   // not the same (which is the common case).
51   bool is_result_from_cache = false;
52   Handle<Map> map = has_function_literal
53       ? Handle<Map>(is_strong
54                         ? context->js_object_strong_map()
55                         : context->object_function()->initial_map())
56       : ComputeObjectLiteralMap(context, constant_properties, is_strong,
57                                 &is_result_from_cache);
58 
59   PretenureFlag pretenure_flag =
60       isolate->heap()->InNewSpace(*literals) ? NOT_TENURED : TENURED;
61 
62   Handle<JSObject> boilerplate =
63       isolate->factory()->NewJSObjectFromMap(map, pretenure_flag);
64 
65   // Normalize the elements of the boilerplate to save space if needed.
66   if (!should_have_fast_elements) JSObject::NormalizeElements(boilerplate);
67 
68   // Add the constant properties to the boilerplate.
69   int length = constant_properties->length();
70   bool should_transform =
71       !is_result_from_cache && boilerplate->HasFastProperties();
72   bool should_normalize = should_transform || has_function_literal;
73   if (should_normalize) {
74     // TODO(verwaest): We might not want to ever normalize here.
75     JSObject::NormalizeProperties(boilerplate, KEEP_INOBJECT_PROPERTIES,
76                                   length / 2, "Boilerplate");
77   }
78   // TODO(verwaest): Support tracking representations in the boilerplate.
79   for (int index = 0; index < length; index += 2) {
80     Handle<Object> key(constant_properties->get(index + 0), isolate);
81     Handle<Object> value(constant_properties->get(index + 1), isolate);
82     if (value->IsFixedArray()) {
83       // The value contains the constant_properties of a
84       // simple object or array literal.
85       Handle<FixedArray> array = Handle<FixedArray>::cast(value);
86       ASSIGN_RETURN_ON_EXCEPTION(
87           isolate, value,
88           CreateLiteralBoilerplate(isolate, literals, array, is_strong),
89           Object);
90     }
91     MaybeHandle<Object> maybe_result;
92     uint32_t element_index = 0;
93     if (key->IsInternalizedString()) {
94       if (Handle<String>::cast(key)->AsArrayIndex(&element_index)) {
95         // Array index as string (uint32).
96         if (value->IsUninitialized()) value = handle(Smi::FromInt(0), isolate);
97         maybe_result = JSObject::SetOwnElementIgnoreAttributes(
98             boilerplate, element_index, value, NONE);
99       } else {
100         Handle<String> name(String::cast(*key));
101         DCHECK(!name->AsArrayIndex(&element_index));
102         maybe_result = JSObject::SetOwnPropertyIgnoreAttributes(
103             boilerplate, name, value, NONE);
104       }
105     } else if (key->ToArrayIndex(&element_index)) {
106       // Array index (uint32).
107       if (value->IsUninitialized()) value = handle(Smi::FromInt(0), isolate);
108       maybe_result = JSObject::SetOwnElementIgnoreAttributes(
109           boilerplate, element_index, value, NONE);
110     } else {
111       // Non-uint32 number.
112       DCHECK(key->IsNumber());
113       double num = key->Number();
114       char arr[100];
115       Vector<char> buffer(arr, arraysize(arr));
116       const char* str = DoubleToCString(num, buffer);
117       Handle<String> name = isolate->factory()->NewStringFromAsciiChecked(str);
118       maybe_result = JSObject::SetOwnPropertyIgnoreAttributes(boilerplate, name,
119                                                               value, NONE);
120     }
121     // If setting the property on the boilerplate throws an
122     // exception, the exception is converted to an empty handle in
123     // the handle based operations.  In that case, we need to
124     // convert back to an exception.
125     RETURN_ON_EXCEPTION(isolate, maybe_result, Object);
126   }
127 
128   // Transform to fast properties if necessary. For object literals with
129   // containing function literals we defer this operation until after all
130   // computed properties have been assigned so that we can generate
131   // constant function properties.
132   if (should_transform && !has_function_literal) {
133     JSObject::MigrateSlowToFast(boilerplate,
134                                 boilerplate->map()->unused_property_fields(),
135                                 "FastLiteral");
136   }
137   return boilerplate;
138 }
139 
140 
CreateArrayLiteralBoilerplate(Isolate * isolate,Handle<LiteralsArray> literals,Handle<FixedArray> elements,bool is_strong)141 MaybeHandle<Object> Runtime::CreateArrayLiteralBoilerplate(
142     Isolate* isolate, Handle<LiteralsArray> literals,
143     Handle<FixedArray> elements, bool is_strong) {
144   // Create the JSArray.
145   Handle<JSFunction> constructor = isolate->array_function();
146 
147   PretenureFlag pretenure_flag =
148       isolate->heap()->InNewSpace(*literals) ? NOT_TENURED : TENURED;
149 
150   Handle<JSArray> object = Handle<JSArray>::cast(
151       isolate->factory()->NewJSObject(constructor, pretenure_flag));
152 
153   ElementsKind constant_elements_kind =
154       static_cast<ElementsKind>(Smi::cast(elements->get(0))->value());
155   Handle<FixedArrayBase> constant_elements_values(
156       FixedArrayBase::cast(elements->get(1)));
157 
158   {
159     DisallowHeapAllocation no_gc;
160     DCHECK(IsFastElementsKind(constant_elements_kind));
161     Context* native_context = isolate->context()->native_context();
162     Strength strength = is_strong ? Strength::STRONG : Strength::WEAK;
163     Object* map = native_context->get(
164         Context::ArrayMapIndex(constant_elements_kind, strength));
165     object->set_map(Map::cast(map));
166   }
167 
168   Handle<FixedArrayBase> copied_elements_values;
169   if (IsFastDoubleElementsKind(constant_elements_kind)) {
170     copied_elements_values = isolate->factory()->CopyFixedDoubleArray(
171         Handle<FixedDoubleArray>::cast(constant_elements_values));
172   } else {
173     DCHECK(IsFastSmiOrObjectElementsKind(constant_elements_kind));
174     const bool is_cow = (constant_elements_values->map() ==
175                          isolate->heap()->fixed_cow_array_map());
176     if (is_cow) {
177       copied_elements_values = constant_elements_values;
178 #if DEBUG
179       Handle<FixedArray> fixed_array_values =
180           Handle<FixedArray>::cast(copied_elements_values);
181       for (int i = 0; i < fixed_array_values->length(); i++) {
182         DCHECK(!fixed_array_values->get(i)->IsFixedArray());
183       }
184 #endif
185     } else {
186       Handle<FixedArray> fixed_array_values =
187           Handle<FixedArray>::cast(constant_elements_values);
188       Handle<FixedArray> fixed_array_values_copy =
189           isolate->factory()->CopyFixedArray(fixed_array_values);
190       copied_elements_values = fixed_array_values_copy;
191       for (int i = 0; i < fixed_array_values->length(); i++) {
192         HandleScope scope(isolate);
193         if (fixed_array_values->get(i)->IsFixedArray()) {
194           // The value contains the constant_properties of a
195           // simple object or array literal.
196           Handle<FixedArray> fa(FixedArray::cast(fixed_array_values->get(i)));
197           Handle<Object> result;
198           ASSIGN_RETURN_ON_EXCEPTION(
199               isolate, result,
200               CreateLiteralBoilerplate(isolate, literals, fa, is_strong),
201               Object);
202           fixed_array_values_copy->set(i, *result);
203         }
204       }
205     }
206   }
207   object->set_elements(*copied_elements_values);
208   object->set_length(Smi::FromInt(copied_elements_values->length()));
209 
210   JSObject::ValidateElements(object);
211   return object;
212 }
213 
214 
CreateLiteralBoilerplate(Isolate * isolate,Handle<LiteralsArray> literals,Handle<FixedArray> array,bool is_strong)215 MUST_USE_RESULT static MaybeHandle<Object> CreateLiteralBoilerplate(
216     Isolate* isolate, Handle<LiteralsArray> literals, Handle<FixedArray> array,
217     bool is_strong) {
218   Handle<FixedArray> elements = CompileTimeValue::GetElements(array);
219   const bool kHasNoFunctionLiteral = false;
220   switch (CompileTimeValue::GetLiteralType(array)) {
221     case CompileTimeValue::OBJECT_LITERAL_FAST_ELEMENTS:
222       return CreateObjectLiteralBoilerplate(isolate, literals, elements, true,
223                                             kHasNoFunctionLiteral, is_strong);
224     case CompileTimeValue::OBJECT_LITERAL_SLOW_ELEMENTS:
225       return CreateObjectLiteralBoilerplate(isolate, literals, elements, false,
226                                             kHasNoFunctionLiteral, is_strong);
227     case CompileTimeValue::ARRAY_LITERAL:
228       return Runtime::CreateArrayLiteralBoilerplate(isolate, literals,
229                                                     elements, is_strong);
230     default:
231       UNREACHABLE();
232       return MaybeHandle<Object>();
233   }
234 }
235 
236 
RUNTIME_FUNCTION(Runtime_CreateRegExpLiteral)237 RUNTIME_FUNCTION(Runtime_CreateRegExpLiteral) {
238   HandleScope scope(isolate);
239   DCHECK_EQ(4, args.length());
240   CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0);
241   CONVERT_SMI_ARG_CHECKED(index, 1);
242   CONVERT_ARG_HANDLE_CHECKED(String, pattern, 2);
243   CONVERT_SMI_ARG_CHECKED(flags, 3);
244 
245   // Check if boilerplate exists. If not, create it first.
246   Handle<Object> boilerplate(closure->literals()->literal(index), isolate);
247   if (boilerplate->IsUndefined()) {
248     ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
249         isolate, boilerplate, JSRegExp::New(pattern, JSRegExp::Flags(flags)));
250     closure->literals()->set_literal(index, *boilerplate);
251   }
252   return *JSRegExp::Copy(Handle<JSRegExp>::cast(boilerplate));
253 }
254 
255 
RUNTIME_FUNCTION(Runtime_CreateObjectLiteral)256 RUNTIME_FUNCTION(Runtime_CreateObjectLiteral) {
257   HandleScope scope(isolate);
258   DCHECK_EQ(4, args.length());
259   CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0);
260   CONVERT_SMI_ARG_CHECKED(literals_index, 1);
261   CONVERT_ARG_HANDLE_CHECKED(FixedArray, constant_properties, 2);
262   CONVERT_SMI_ARG_CHECKED(flags, 3);
263   Handle<LiteralsArray> literals(closure->literals(), isolate);
264   bool should_have_fast_elements = (flags & ObjectLiteral::kFastElements) != 0;
265   bool has_function_literal = (flags & ObjectLiteral::kHasFunction) != 0;
266   bool enable_mementos = (flags & ObjectLiteral::kDisableMementos) == 0;
267   bool is_strong = (flags & ObjectLiteral::kIsStrong) != 0;
268 
269   RUNTIME_ASSERT(literals_index >= 0 &&
270                  literals_index < literals->literals_count());
271 
272   // Check if boilerplate exists. If not, create it first.
273   Handle<Object> literal_site(literals->literal(literals_index), isolate);
274   Handle<AllocationSite> site;
275   Handle<JSObject> boilerplate;
276   if (*literal_site == isolate->heap()->undefined_value()) {
277     Handle<Object> raw_boilerplate;
278     ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
279         isolate, raw_boilerplate,
280         CreateObjectLiteralBoilerplate(isolate, literals, constant_properties,
281                                        should_have_fast_elements,
282                                        has_function_literal, is_strong));
283     boilerplate = Handle<JSObject>::cast(raw_boilerplate);
284 
285     AllocationSiteCreationContext creation_context(isolate);
286     site = creation_context.EnterNewScope();
287     RETURN_FAILURE_ON_EXCEPTION(
288         isolate, JSObject::DeepWalk(boilerplate, &creation_context));
289     creation_context.ExitScope(site, boilerplate);
290 
291     // Update the functions literal and return the boilerplate.
292     literals->set_literal(literals_index, *site);
293   } else {
294     site = Handle<AllocationSite>::cast(literal_site);
295     boilerplate =
296         Handle<JSObject>(JSObject::cast(site->transition_info()), isolate);
297   }
298 
299   AllocationSiteUsageContext usage_context(isolate, site, enable_mementos);
300   usage_context.EnterNewScope();
301   MaybeHandle<Object> maybe_copy =
302       JSObject::DeepCopy(boilerplate, &usage_context);
303   usage_context.ExitScope(site, boilerplate);
304   Handle<Object> copy;
305   ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, copy, maybe_copy);
306   return *copy;
307 }
308 
309 
GetLiteralAllocationSite(Isolate * isolate,Handle<LiteralsArray> literals,int literals_index,Handle<FixedArray> elements,bool is_strong)310 MUST_USE_RESULT static MaybeHandle<AllocationSite> GetLiteralAllocationSite(
311     Isolate* isolate, Handle<LiteralsArray> literals, int literals_index,
312     Handle<FixedArray> elements, bool is_strong) {
313   // Check if boilerplate exists. If not, create it first.
314   Handle<Object> literal_site(literals->literal(literals_index), isolate);
315   Handle<AllocationSite> site;
316   if (*literal_site == isolate->heap()->undefined_value()) {
317     DCHECK(*elements != isolate->heap()->empty_fixed_array());
318     Handle<Object> boilerplate;
319     ASSIGN_RETURN_ON_EXCEPTION(
320         isolate, boilerplate,
321         Runtime::CreateArrayLiteralBoilerplate(isolate, literals, elements,
322                                                is_strong),
323         AllocationSite);
324 
325     AllocationSiteCreationContext creation_context(isolate);
326     site = creation_context.EnterNewScope();
327     if (JSObject::DeepWalk(Handle<JSObject>::cast(boilerplate),
328                            &creation_context).is_null()) {
329       return Handle<AllocationSite>::null();
330     }
331     creation_context.ExitScope(site, Handle<JSObject>::cast(boilerplate));
332 
333     literals->set_literal(literals_index, *site);
334   } else {
335     site = Handle<AllocationSite>::cast(literal_site);
336   }
337 
338   return site;
339 }
340 
341 
CreateArrayLiteralImpl(Isolate * isolate,Handle<LiteralsArray> literals,int literals_index,Handle<FixedArray> elements,int flags)342 static MaybeHandle<JSObject> CreateArrayLiteralImpl(
343     Isolate* isolate, Handle<LiteralsArray> literals, int literals_index,
344     Handle<FixedArray> elements, int flags) {
345   RUNTIME_ASSERT_HANDLIFIED(
346       literals_index >= 0 && literals_index < literals->literals_count(),
347       JSObject);
348   Handle<AllocationSite> site;
349   bool is_strong = (flags & ArrayLiteral::kIsStrong) != 0;
350   ASSIGN_RETURN_ON_EXCEPTION(
351       isolate, site,
352       GetLiteralAllocationSite(isolate, literals, literals_index, elements,
353                                is_strong),
354       JSObject);
355 
356   bool enable_mementos = (flags & ArrayLiteral::kDisableMementos) == 0;
357   Handle<JSObject> boilerplate(JSObject::cast(site->transition_info()));
358   AllocationSiteUsageContext usage_context(isolate, site, enable_mementos);
359   usage_context.EnterNewScope();
360   JSObject::DeepCopyHints hints = (flags & ArrayLiteral::kShallowElements) == 0
361                                       ? JSObject::kNoHints
362                                       : JSObject::kObjectIsShallow;
363   MaybeHandle<JSObject> copy =
364       JSObject::DeepCopy(boilerplate, &usage_context, hints);
365   usage_context.ExitScope(site, boilerplate);
366   return copy;
367 }
368 
369 
RUNTIME_FUNCTION(Runtime_CreateArrayLiteral)370 RUNTIME_FUNCTION(Runtime_CreateArrayLiteral) {
371   HandleScope scope(isolate);
372   DCHECK_EQ(4, args.length());
373   CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0);
374   CONVERT_SMI_ARG_CHECKED(literals_index, 1);
375   CONVERT_ARG_HANDLE_CHECKED(FixedArray, elements, 2);
376   CONVERT_SMI_ARG_CHECKED(flags, 3);
377 
378   Handle<JSObject> result;
379   Handle<LiteralsArray> literals(closure->literals(), isolate);
380   ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
381       isolate, result, CreateArrayLiteralImpl(isolate, literals, literals_index,
382                                               elements, flags));
383   return *result;
384 }
385 
386 
RUNTIME_FUNCTION(Runtime_CreateArrayLiteralStubBailout)387 RUNTIME_FUNCTION(Runtime_CreateArrayLiteralStubBailout) {
388   HandleScope scope(isolate);
389   DCHECK_EQ(3, args.length());
390   CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0);
391   CONVERT_SMI_ARG_CHECKED(literals_index, 1);
392   CONVERT_ARG_HANDLE_CHECKED(FixedArray, elements, 2);
393 
394   Handle<JSObject> result;
395   Handle<LiteralsArray> literals(closure->literals(), isolate);
396   ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
397       isolate, result,
398       CreateArrayLiteralImpl(isolate, literals, literals_index, elements,
399                              ArrayLiteral::kShallowElements));
400   return *result;
401 }
402 
403 
RUNTIME_FUNCTION(Runtime_StoreArrayLiteralElement)404 RUNTIME_FUNCTION(Runtime_StoreArrayLiteralElement) {
405   HandleScope scope(isolate);
406   RUNTIME_ASSERT(args.length() == 5);
407   CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
408   CONVERT_SMI_ARG_CHECKED(store_index, 1);
409   CONVERT_ARG_HANDLE_CHECKED(Object, value, 2);
410   CONVERT_ARG_HANDLE_CHECKED(LiteralsArray, literals, 3);
411   CONVERT_SMI_ARG_CHECKED(literal_index, 4);
412 
413   Object* raw_literal_cell = literals->literal(literal_index);
414   JSArray* boilerplate = NULL;
415   if (raw_literal_cell->IsAllocationSite()) {
416     AllocationSite* site = AllocationSite::cast(raw_literal_cell);
417     boilerplate = JSArray::cast(site->transition_info());
418   } else {
419     boilerplate = JSArray::cast(raw_literal_cell);
420   }
421   Handle<JSArray> boilerplate_object(boilerplate);
422   ElementsKind elements_kind = object->GetElementsKind();
423   DCHECK(IsFastElementsKind(elements_kind));
424   // Smis should never trigger transitions.
425   DCHECK(!value->IsSmi());
426 
427   if (value->IsNumber()) {
428     DCHECK(IsFastSmiElementsKind(elements_kind));
429     ElementsKind transitioned_kind = IsFastHoleyElementsKind(elements_kind)
430                                          ? FAST_HOLEY_DOUBLE_ELEMENTS
431                                          : FAST_DOUBLE_ELEMENTS;
432     if (IsMoreGeneralElementsKindTransition(
433             boilerplate_object->GetElementsKind(), transitioned_kind)) {
434       JSObject::TransitionElementsKind(boilerplate_object, transitioned_kind);
435     }
436     JSObject::TransitionElementsKind(object, transitioned_kind);
437     DCHECK(IsFastDoubleElementsKind(object->GetElementsKind()));
438     FixedDoubleArray* double_array = FixedDoubleArray::cast(object->elements());
439     HeapNumber* number = HeapNumber::cast(*value);
440     double_array->set(store_index, number->Number());
441   } else {
442     if (!IsFastObjectElementsKind(elements_kind)) {
443       ElementsKind transitioned_kind = IsFastHoleyElementsKind(elements_kind)
444                                            ? FAST_HOLEY_ELEMENTS
445                                            : FAST_ELEMENTS;
446       JSObject::TransitionElementsKind(object, transitioned_kind);
447       if (IsMoreGeneralElementsKindTransition(
448               boilerplate_object->GetElementsKind(), transitioned_kind)) {
449         JSObject::TransitionElementsKind(boilerplate_object, transitioned_kind);
450       }
451     }
452     FixedArray* object_array = FixedArray::cast(object->elements());
453     object_array->set(store_index, *value);
454   }
455   return *object;
456 }
457 }  // namespace internal
458 }  // namespace v8
459