1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef V8_ELEMENTS_H_
6 #define V8_ELEMENTS_H_
7 
8 #include "src/elements-kind.h"
9 #include "src/heap/heap.h"
10 #include "src/isolate.h"
11 #include "src/keys.h"
12 #include "src/objects.h"
13 
14 namespace v8 {
15 namespace internal {
16 
17 // Abstract base class for handles that can operate on objects with differing
18 // ElementsKinds.
19 class ElementsAccessor {
20  public:
ElementsAccessor(const char * name)21   explicit ElementsAccessor(const char* name) : name_(name) { }
~ElementsAccessor()22   virtual ~ElementsAccessor() { }
23 
name()24   const char* name() const { return name_; }
25 
26   // Returns a shared ElementsAccessor for the specified ElementsKind.
ForKind(ElementsKind elements_kind)27   static ElementsAccessor* ForKind(ElementsKind elements_kind) {
28     DCHECK(static_cast<int>(elements_kind) < kElementsKindCount);
29     return elements_accessors_[elements_kind];
30   }
31 
32   // Checks the elements of an object for consistency, asserting when a problem
33   // is found.
34   virtual void Validate(Handle<JSObject> obj) = 0;
35 
36   // Returns true if a holder contains an element with the specified index
37   // without iterating up the prototype chain.  The caller can optionally pass
38   // in the backing store to use for the check, which must be compatible with
39   // the ElementsKind of the ElementsAccessor. If backing_store is NULL, the
40   // holder->elements() is used as the backing store. If a |filter| is
41   // specified the PropertyAttributes of the element at the given index
42   // are compared to the given |filter|. If they match/overlap the given
43   // index is ignored. Note that only Dictionary elements have custom
44   // PropertyAttributes associated, hence the |filter| argument is ignored for
45   // all but DICTIONARY_ELEMENTS and SLOW_SLOPPY_ARGUMENTS_ELEMENTS.
46   virtual bool HasElement(Handle<JSObject> holder, uint32_t index,
47                           Handle<FixedArrayBase> backing_store,
48                           PropertyFilter filter = ALL_PROPERTIES) = 0;
49 
50   inline bool HasElement(Handle<JSObject> holder, uint32_t index,
51                          PropertyFilter filter = ALL_PROPERTIES) {
52     return HasElement(holder, index, handle(holder->elements()), filter);
53   }
54 
55   virtual Handle<Object> Get(Handle<JSObject> holder, uint32_t entry) = 0;
56 
57   virtual PropertyDetails GetDetails(JSObject* holder, uint32_t entry) = 0;
58   virtual bool HasAccessors(JSObject* holder) = 0;
59   virtual uint32_t NumberOfElements(JSObject* holder) = 0;
60 
61   // Modifies the length data property as specified for JSArrays and resizes the
62   // underlying backing store accordingly. The method honors the semantics of
63   // changing array sizes as defined in EcmaScript 5.1 15.4.5.2, i.e. array that
64   // have non-deletable elements can only be shrunk to the size of highest
65   // element that is non-deletable.
66   virtual void SetLength(Handle<JSArray> holder, uint32_t new_length) = 0;
67 
68   // Deletes an element in an object.
69   virtual void Delete(Handle<JSObject> holder, uint32_t entry) = 0;
70 
71   // If kCopyToEnd is specified as the copy_size to CopyElements, it copies all
72   // of elements from source after source_start to the destination array.
73   static const int kCopyToEnd = -1;
74   // If kCopyToEndAndInitializeToHole is specified as the copy_size to
75   // CopyElements, it copies all of elements from source after source_start to
76   // destination array, padding any remaining uninitialized elements in the
77   // destination array with the hole.
78   static const int kCopyToEndAndInitializeToHole = -2;
79 
80   // Copy all indices that have elements from |object| into the given
81   // KeyAccumulator. For Dictionary-based element-kinds we filter out elements
82   // whose PropertyAttribute match |filter|.
83   virtual void CollectElementIndices(Handle<JSObject> object,
84                                      Handle<FixedArrayBase> backing_store,
85                                      KeyAccumulator* keys) = 0;
86 
CollectElementIndices(Handle<JSObject> object,KeyAccumulator * keys)87   inline void CollectElementIndices(Handle<JSObject> object,
88                                     KeyAccumulator* keys) {
89     CollectElementIndices(object, handle(object->elements(), keys->isolate()),
90                           keys);
91   }
92 
93   virtual Maybe<bool> CollectValuesOrEntries(
94       Isolate* isolate, Handle<JSObject> object,
95       Handle<FixedArray> values_or_entries, bool get_entries, int* nof_items,
96       PropertyFilter filter = ALL_PROPERTIES) = 0;
97 
98   virtual MaybeHandle<FixedArray> PrependElementIndices(
99       Handle<JSObject> object, Handle<FixedArrayBase> backing_store,
100       Handle<FixedArray> keys, GetKeysConversion convert,
101       PropertyFilter filter = ALL_PROPERTIES) = 0;
102 
103   inline MaybeHandle<FixedArray> PrependElementIndices(
104       Handle<JSObject> object, Handle<FixedArray> keys,
105       GetKeysConversion convert, PropertyFilter filter = ALL_PROPERTIES) {
106     return PrependElementIndices(object, handle(object->elements()), keys,
107                                  convert, filter);
108   }
109 
110   virtual void AddElementsToKeyAccumulator(Handle<JSObject> receiver,
111                                            KeyAccumulator* accumulator,
112                                            AddKeyConversion convert) = 0;
113 
114   virtual void TransitionElementsKind(Handle<JSObject> object,
115                                       Handle<Map> map) = 0;
116   virtual void GrowCapacityAndConvert(Handle<JSObject> object,
117                                       uint32_t capacity) = 0;
118   // Unlike GrowCapacityAndConvert do not attempt to convert the backing store
119   // and simply return false in this case.
120   virtual bool GrowCapacity(Handle<JSObject> object, uint32_t index) = 0;
121 
122   static void InitializeOncePerProcess();
123   static void TearDown();
124 
125   virtual void Set(Handle<JSObject> holder, uint32_t entry, Object* value) = 0;
126 
127   virtual void Reconfigure(Handle<JSObject> object,
128                            Handle<FixedArrayBase> backing_store, uint32_t entry,
129                            Handle<Object> value,
130                            PropertyAttributes attributes) = 0;
131 
132   virtual void Add(Handle<JSObject> object, uint32_t index,
133                    Handle<Object> value, PropertyAttributes attributes,
134                    uint32_t new_capacity) = 0;
135 
136   static Handle<JSArray> Concat(Isolate* isolate, Arguments* args,
137                                 uint32_t concat_size, uint32_t result_length);
138 
139   virtual uint32_t Push(Handle<JSArray> receiver, Arguments* args,
140                         uint32_t push_size) = 0;
141 
142   virtual uint32_t Unshift(Handle<JSArray> receiver,
143                            Arguments* args, uint32_t unshift_size) = 0;
144 
145   virtual Handle<JSArray> Slice(Handle<JSObject> receiver,
146                                 uint32_t start, uint32_t end) = 0;
147 
148   virtual Handle<JSArray> Splice(Handle<JSArray> receiver,
149                                  uint32_t start, uint32_t delete_count,
150                                  Arguments* args, uint32_t add_count) = 0;
151 
152   virtual Handle<Object> Pop(Handle<JSArray> receiver) = 0;
153 
154   virtual Handle<Object> Shift(Handle<JSArray> receiver) = 0;
155 
156   virtual Handle<SeededNumberDictionary> Normalize(Handle<JSObject> object) = 0;
157 
158   virtual uint32_t GetCapacity(JSObject* holder,
159                                FixedArrayBase* backing_store) = 0;
160 
161   // Check an Object's own elements for an element (using SameValueZero
162   // semantics)
163   virtual Maybe<bool> IncludesValue(Isolate* isolate, Handle<JSObject> receiver,
164                                     Handle<Object> value, uint32_t start,
165                                     uint32_t length) = 0;
166 
167   // Check an Object's own elements for the index of an element (using SameValue
168   // semantics)
169   virtual Maybe<int64_t> IndexOfValue(Isolate* isolate,
170                                       Handle<JSObject> receiver,
171                                       Handle<Object> value, uint32_t start,
172                                       uint32_t length) = 0;
173 
174   virtual void CopyElements(Handle<FixedArrayBase> source,
175                             ElementsKind source_kind,
176                             Handle<FixedArrayBase> destination, int size) = 0;
177 
178  protected:
179   friend class LookupIterator;
180 
181   // Element handlers distinguish between entries and indices when they
182   // manipulate elements. Entries refer to elements in terms of their location
183   // in the underlying storage's backing store representation, and are between 0
184   // and GetCapacity. Indices refer to elements in terms of the value that would
185   // be specified in JavaScript to access the element. In most implementations,
186   // indices are equivalent to entries. In the NumberDictionary
187   // ElementsAccessor, entries are mapped to an index using the KeyAt method on
188   // the NumberDictionary.
189   virtual uint32_t GetEntryForIndex(Isolate* isolate, JSObject* holder,
190                                     FixedArrayBase* backing_store,
191                                     uint32_t index) = 0;
192 
193   // NOTE: this method violates the handlified function signature convention:
194   // raw pointer parameter |source_holder| in the function that allocates.
195   // This is done intentionally to avoid ArrayConcat() builtin performance
196   // degradation.
197   virtual void CopyElements(JSObject* source_holder, uint32_t source_start,
198                             ElementsKind source_kind,
199                             Handle<FixedArrayBase> destination,
200                             uint32_t destination_start, int copy_size) = 0;
201 
202  private:
203   static ElementsAccessor** elements_accessors_;
204   const char* name_;
205 
206   DISALLOW_COPY_AND_ASSIGN(ElementsAccessor);
207 };
208 
209 void CheckArrayAbuse(Handle<JSObject> obj, const char* op, uint32_t index,
210                      bool allow_appending = false);
211 
212 MUST_USE_RESULT MaybeHandle<Object> ArrayConstructInitializeElements(
213     Handle<JSArray> array,
214     Arguments* args);
215 
216 }  // namespace internal
217 }  // namespace v8
218 
219 #endif  // V8_ELEMENTS_H_
220