Line data Source code
1 : // Copyright 2014 the V8 project authors. All rights reserved.
2 : // Use of this source code is governed by a BSD-style license that can be
3 : // found in the LICENSE file.
4 :
5 : #include "src/runtime/runtime-utils.h"
6 :
7 : #include "src/allocation-site-scopes.h"
8 : #include "src/arguments.h"
9 : #include "src/ast/ast.h"
10 : #include "src/ast/compile-time-value.h"
11 : #include "src/isolate-inl.h"
12 : #include "src/runtime/runtime.h"
13 :
14 : namespace v8 {
15 : namespace internal {
16 :
17 829706 : static Handle<Map> ComputeObjectLiteralMap(
18 : Handle<Context> context,
19 : Handle<BoilerplateDescription> boilerplate_description,
20 : bool* is_result_from_cache) {
21 829706 : int number_of_properties = boilerplate_description->backing_store_size();
22 : Isolate* isolate = context->GetIsolate();
23 : return isolate->factory()->ObjectLiteralMapFromCache(
24 829706 : context, number_of_properties, is_result_from_cache);
25 : }
26 :
27 : MUST_USE_RESULT static MaybeHandle<Object> CreateLiteralBoilerplate(
28 : Isolate* isolate, Handle<FeedbackVector> vector,
29 : Handle<BoilerplateDescription> boilerplate_description);
30 :
31 829706 : MUST_USE_RESULT static MaybeHandle<Object> CreateObjectLiteralBoilerplate(
32 : Isolate* isolate, Handle<FeedbackVector> vector,
33 : Handle<BoilerplateDescription> boilerplate_description,
34 : bool should_have_fast_elements) {
35 829706 : Handle<Context> context = isolate->native_context();
36 :
37 : // In case we have function literals, we want the object to be in
38 : // slow properties mode for now. We don't go in the map cache because
39 : // maps with constant functions can't be shared if the functions are
40 : // not the same (which is the common case).
41 829706 : bool is_result_from_cache = false;
42 : Handle<Map> map = ComputeObjectLiteralMap(context, boilerplate_description,
43 829706 : &is_result_from_cache);
44 :
45 : PretenureFlag pretenure_flag =
46 829706 : isolate->heap()->InNewSpace(*vector) ? NOT_TENURED : TENURED;
47 :
48 : Handle<JSObject> boilerplate =
49 829706 : isolate->factory()->NewJSObjectFromMap(map, pretenure_flag);
50 :
51 : // Normalize the elements of the boilerplate to save space if needed.
52 829706 : if (!should_have_fast_elements) JSObject::NormalizeElements(boilerplate);
53 :
54 : // Add the constant properties to the boilerplate.
55 829706 : int length = boilerplate_description->size();
56 : bool should_transform =
57 937948 : !is_result_from_cache && boilerplate->HasFastProperties();
58 : bool should_normalize = should_transform;
59 829706 : if (should_normalize) {
60 : // TODO(verwaest): We might not want to ever normalize here.
61 : JSObject::NormalizeProperties(boilerplate, KEEP_INOBJECT_PROPERTIES, length,
62 108242 : "Boilerplate");
63 : }
64 : // TODO(verwaest): Support tracking representations in the boilerplate.
65 2810934 : for (int index = 0; index < length; index++) {
66 2810934 : Handle<Object> key(boilerplate_description->name(index), isolate);
67 2810934 : Handle<Object> value(boilerplate_description->value(index), isolate);
68 2810935 : if (value->IsBoilerplateDescription()) {
69 : // The value contains the boilerplate properties of a
70 : // simple object or array literal.
71 : Handle<BoilerplateDescription> boilerplate =
72 201956 : Handle<BoilerplateDescription>::cast(value);
73 403912 : ASSIGN_RETURN_ON_EXCEPTION(
74 : isolate, value,
75 : CreateLiteralBoilerplate(isolate, vector, boilerplate), Object);
76 : }
77 : MaybeHandle<Object> maybe_result;
78 2810935 : uint32_t element_index = 0;
79 2810934 : if (key->ToArrayIndex(&element_index)) {
80 : // Array index (uint32).
81 30544 : if (value->IsUninitialized(isolate)) {
82 : value = handle(Smi::kZero, isolate);
83 : }
84 : maybe_result = JSObject::SetOwnElementIgnoreAttributes(
85 30544 : boilerplate, element_index, value, NONE);
86 : } else {
87 : Handle<String> name = Handle<String>::cast(key);
88 : DCHECK(!name->AsArrayIndex(&element_index));
89 : maybe_result = JSObject::SetOwnPropertyIgnoreAttributes(boilerplate, name,
90 2780390 : value, NONE);
91 : }
92 2810934 : RETURN_ON_EXCEPTION(isolate, maybe_result, Object);
93 : }
94 :
95 : // Transform to fast properties if necessary. For object literals with
96 : // containing function literals we defer this operation until after all
97 : // computed properties have been assigned so that we can generate
98 : // constant function properties.
99 829705 : if (should_transform) {
100 : JSObject::MigrateSlowToFast(boilerplate,
101 : boilerplate->map()->unused_property_fields(),
102 108242 : "FastLiteral");
103 : }
104 : return boilerplate;
105 : }
106 :
107 392751 : static MaybeHandle<Object> CreateArrayLiteralBoilerplate(
108 392751 : Isolate* isolate, Handle<FeedbackVector> vector,
109 : Handle<ConstantElementsPair> elements) {
110 : // Create the JSArray.
111 392751 : Handle<JSFunction> constructor = isolate->array_function();
112 :
113 : PretenureFlag pretenure_flag =
114 392751 : isolate->heap()->InNewSpace(*vector) ? NOT_TENURED : TENURED;
115 :
116 : Handle<JSArray> object = Handle<JSArray>::cast(
117 392751 : isolate->factory()->NewJSObject(constructor, pretenure_flag));
118 :
119 : ElementsKind constant_elements_kind =
120 392751 : static_cast<ElementsKind>(elements->elements_kind());
121 : Handle<FixedArrayBase> constant_elements_values(elements->constant_values());
122 :
123 : {
124 : DisallowHeapAllocation no_gc;
125 : DCHECK(IsFastElementsKind(constant_elements_kind));
126 : Context* native_context = isolate->context()->native_context();
127 : Object* map =
128 : native_context->get(Context::ArrayMapIndex(constant_elements_kind));
129 392751 : object->set_map(Map::cast(map));
130 : }
131 :
132 : Handle<FixedArrayBase> copied_elements_values;
133 392751 : if (IsFastDoubleElementsKind(constant_elements_kind)) {
134 : copied_elements_values = isolate->factory()->CopyFixedDoubleArray(
135 4756 : Handle<FixedDoubleArray>::cast(constant_elements_values));
136 : } else {
137 : DCHECK(IsFastSmiOrObjectElementsKind(constant_elements_kind));
138 : const bool is_cow = (constant_elements_values->map() ==
139 387995 : isolate->heap()->fixed_cow_array_map());
140 387995 : if (is_cow) {
141 : copied_elements_values = constant_elements_values;
142 : #if DEBUG
143 : Handle<FixedArray> fixed_array_values =
144 : Handle<FixedArray>::cast(copied_elements_values);
145 : for (int i = 0; i < fixed_array_values->length(); i++) {
146 : DCHECK(!fixed_array_values->get(i)->IsFixedArray());
147 : }
148 : #endif
149 : } else {
150 : Handle<FixedArray> fixed_array_values =
151 : Handle<FixedArray>::cast(constant_elements_values);
152 : Handle<FixedArray> fixed_array_values_copy =
153 277349 : isolate->factory()->CopyFixedArray(fixed_array_values);
154 : copied_elements_values = fixed_array_values_copy;
155 6830168 : FOR_WITH_HANDLE_SCOPE(
156 : isolate, int, i = 0, i, i < fixed_array_values->length(), i++, {
157 : if (fixed_array_values->get(i)->IsBoilerplateDescription()) {
158 : // The value contains the boilerplate properties of a
159 : // simple object or array literal.
160 : Handle<BoilerplateDescription> boilerplate(
161 : BoilerplateDescription::cast(fixed_array_values->get(i)));
162 : Handle<Object> result;
163 : ASSIGN_RETURN_ON_EXCEPTION(
164 : isolate, result,
165 : CreateLiteralBoilerplate(isolate, vector, boilerplate),
166 : Object);
167 : fixed_array_values_copy->set(i, *result);
168 : }
169 : });
170 : }
171 : }
172 392751 : object->set_elements(*copied_elements_values);
173 : object->set_length(Smi::FromInt(copied_elements_values->length()));
174 :
175 392751 : JSObject::ValidateElements(object);
176 : return object;
177 : }
178 :
179 303576 : MUST_USE_RESULT static MaybeHandle<Object> CreateLiteralBoilerplate(
180 : Isolate* isolate, Handle<FeedbackVector> vector,
181 : Handle<BoilerplateDescription> array) {
182 303576 : Handle<HeapObject> elements = CompileTimeValue::GetElements(array);
183 303576 : switch (CompileTimeValue::GetLiteralType(array)) {
184 : case CompileTimeValue::OBJECT_LITERAL_FAST_ELEMENTS: {
185 : Handle<BoilerplateDescription> props =
186 225217 : Handle<BoilerplateDescription>::cast(elements);
187 225217 : return CreateObjectLiteralBoilerplate(isolate, vector, props, true);
188 : }
189 : case CompileTimeValue::OBJECT_LITERAL_SLOW_ELEMENTS: {
190 : Handle<BoilerplateDescription> props =
191 145 : Handle<BoilerplateDescription>::cast(elements);
192 145 : return CreateObjectLiteralBoilerplate(isolate, vector, props, false);
193 : }
194 : case CompileTimeValue::ARRAY_LITERAL: {
195 : Handle<ConstantElementsPair> elems =
196 78214 : Handle<ConstantElementsPair>::cast(elements);
197 78214 : return CreateArrayLiteralBoilerplate(isolate, vector, elems);
198 : }
199 : default:
200 0 : UNREACHABLE();
201 : return MaybeHandle<Object>();
202 : }
203 : }
204 :
205 :
206 250562 : RUNTIME_FUNCTION(Runtime_CreateRegExpLiteral) {
207 125281 : HandleScope scope(isolate);
208 : DCHECK_EQ(4, args.length());
209 250562 : CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0);
210 250562 : CONVERT_SMI_ARG_CHECKED(index, 1);
211 250562 : CONVERT_ARG_HANDLE_CHECKED(String, pattern, 2);
212 250562 : CONVERT_SMI_ARG_CHECKED(flags, 3);
213 125281 : FeedbackSlot literal_slot(FeedbackVector::ToSlot(index));
214 :
215 : // Check if boilerplate exists. If not, create it first.
216 : Handle<Object> boilerplate(closure->feedback_vector()->Get(literal_slot),
217 125281 : isolate);
218 125281 : if (boilerplate->IsUndefined(isolate)) {
219 250562 : ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
220 : isolate, boilerplate, JSRegExp::New(pattern, JSRegExp::Flags(flags)));
221 122005 : closure->feedback_vector()->Set(literal_slot, *boilerplate);
222 : }
223 244010 : return *JSRegExp::Copy(Handle<JSRegExp>::cast(boilerplate));
224 : }
225 :
226 :
227 10809508 : RUNTIME_FUNCTION(Runtime_CreateObjectLiteral) {
228 5404754 : HandleScope scope(isolate);
229 : DCHECK_EQ(4, args.length());
230 10809506 : CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0);
231 10809506 : CONVERT_SMI_ARG_CHECKED(literals_index, 1);
232 10809504 : CONVERT_ARG_HANDLE_CHECKED(BoilerplateDescription, boilerplate_description,
233 : 2);
234 10809502 : CONVERT_SMI_ARG_CHECKED(flags, 3);
235 5404751 : Handle<FeedbackVector> vector(closure->feedback_vector(), isolate);
236 5404750 : bool should_have_fast_elements = (flags & ObjectLiteral::kFastElements) != 0;
237 5404750 : bool enable_mementos = (flags & ObjectLiteral::kDisableMementos) == 0;
238 :
239 5404750 : FeedbackSlot literals_slot(FeedbackVector::ToSlot(literals_index));
240 10809500 : CHECK(literals_slot.ToInt() < vector->slot_count());
241 :
242 : // Check if boilerplate exists. If not, create it first.
243 5404751 : Handle<Object> literal_site(vector->Get(literals_slot), isolate);
244 : Handle<AllocationSite> site;
245 : Handle<JSObject> boilerplate;
246 5404754 : if (literal_site->IsUndefined(isolate)) {
247 : Handle<Object> raw_boilerplate;
248 1208688 : ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
249 : isolate, raw_boilerplate,
250 : CreateObjectLiteralBoilerplate(isolate, vector, boilerplate_description,
251 : should_have_fast_elements));
252 604344 : boilerplate = Handle<JSObject>::cast(raw_boilerplate);
253 :
254 604344 : AllocationSiteCreationContext creation_context(isolate);
255 604344 : site = creation_context.EnterNewScope();
256 604344 : RETURN_FAILURE_ON_EXCEPTION(
257 : isolate, JSObject::DeepWalk(boilerplate, &creation_context));
258 604344 : creation_context.ExitScope(site, boilerplate);
259 :
260 : // Update the functions literal and return the boilerplate.
261 604344 : vector->Set(literals_slot, *site);
262 : } else {
263 4800410 : site = Handle<AllocationSite>::cast(literal_site);
264 : boilerplate =
265 9600820 : Handle<JSObject>(JSObject::cast(site->transition_info()), isolate);
266 : }
267 :
268 5404754 : AllocationSiteUsageContext usage_context(isolate, site, enable_mementos);
269 5404754 : usage_context.EnterNewScope();
270 : MaybeHandle<Object> maybe_copy =
271 10809507 : JSObject::DeepCopy(boilerplate, &usage_context);
272 : usage_context.ExitScope(site, boilerplate);
273 10809508 : RETURN_RESULT_OR_FAILURE(isolate, maybe_copy);
274 : }
275 :
276 1923952 : MUST_USE_RESULT static MaybeHandle<AllocationSite> GetLiteralAllocationSite(
277 : Isolate* isolate, Handle<FeedbackVector> vector, FeedbackSlot literals_slot,
278 : Handle<ConstantElementsPair> elements) {
279 : // Check if boilerplate exists. If not, create it first.
280 : Handle<Object> literal_site(vector->Get(literals_slot), isolate);
281 : Handle<AllocationSite> site;
282 1923952 : if (literal_site->IsUndefined(isolate)) {
283 : Handle<Object> boilerplate;
284 629205 : ASSIGN_RETURN_ON_EXCEPTION(
285 : isolate, boilerplate,
286 : CreateArrayLiteralBoilerplate(isolate, vector, elements),
287 : AllocationSite);
288 :
289 : AllocationSiteCreationContext creation_context(isolate);
290 314537 : site = creation_context.EnterNewScope();
291 314537 : if (JSObject::DeepWalk(Handle<JSObject>::cast(boilerplate),
292 629074 : &creation_context).is_null()) {
293 : return Handle<AllocationSite>::null();
294 : }
295 314406 : creation_context.ExitScope(site, Handle<JSObject>::cast(boilerplate));
296 :
297 : vector->Set(literals_slot, *site);
298 : } else {
299 : site = Handle<AllocationSite>::cast(literal_site);
300 : }
301 :
302 : return site;
303 : }
304 :
305 1923952 : static MaybeHandle<JSObject> CreateArrayLiteralImpl(
306 : Isolate* isolate, Handle<FeedbackVector> vector, FeedbackSlot literals_slot,
307 : Handle<ConstantElementsPair> elements, int flags) {
308 1923952 : CHECK(literals_slot.ToInt() < vector->slot_count());
309 : Handle<AllocationSite> site;
310 3847904 : ASSIGN_RETURN_ON_EXCEPTION(
311 : isolate, site,
312 : GetLiteralAllocationSite(isolate, vector, literals_slot, elements),
313 : JSObject);
314 :
315 1923821 : bool enable_mementos = (flags & ArrayLiteral::kDisableMementos) == 0;
316 : Handle<JSObject> boilerplate(JSObject::cast(site->transition_info()));
317 : AllocationSiteUsageContext usage_context(isolate, site, enable_mementos);
318 1923821 : usage_context.EnterNewScope();
319 1923821 : JSObject::DeepCopyHints hints = (flags & ArrayLiteral::kShallowElements) == 0
320 : ? JSObject::kNoHints
321 1923821 : : JSObject::kObjectIsShallow;
322 : MaybeHandle<JSObject> copy =
323 1923821 : JSObject::DeepCopy(boilerplate, &usage_context, hints);
324 : usage_context.ExitScope(site, boilerplate);
325 1923821 : return copy;
326 : }
327 :
328 :
329 3847904 : RUNTIME_FUNCTION(Runtime_CreateArrayLiteral) {
330 1923952 : HandleScope scope(isolate);
331 : DCHECK_EQ(4, args.length());
332 3847904 : CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0);
333 3847904 : CONVERT_SMI_ARG_CHECKED(literals_index, 1);
334 3847904 : CONVERT_ARG_HANDLE_CHECKED(ConstantElementsPair, elements, 2);
335 3847904 : CONVERT_SMI_ARG_CHECKED(flags, 3);
336 :
337 1923952 : FeedbackSlot literals_slot(FeedbackVector::ToSlot(literals_index));
338 1923952 : Handle<FeedbackVector> vector(closure->feedback_vector(), isolate);
339 3847904 : RETURN_RESULT_OR_FAILURE(
340 : isolate,
341 1923952 : CreateArrayLiteralImpl(isolate, vector, literals_slot, elements, flags));
342 : }
343 :
344 :
345 0 : RUNTIME_FUNCTION(Runtime_CreateArrayLiteralStubBailout) {
346 0 : HandleScope scope(isolate);
347 : DCHECK_EQ(3, args.length());
348 0 : CONVERT_ARG_HANDLE_CHECKED(JSFunction, closure, 0);
349 0 : CONVERT_SMI_ARG_CHECKED(literals_index, 1);
350 0 : CONVERT_ARG_HANDLE_CHECKED(ConstantElementsPair, elements, 2);
351 :
352 0 : Handle<FeedbackVector> vector(closure->feedback_vector(), isolate);
353 0 : FeedbackSlot literals_slot(FeedbackVector::ToSlot(literals_index));
354 0 : RETURN_RESULT_OR_FAILURE(
355 : isolate, CreateArrayLiteralImpl(isolate, vector, literals_slot, elements,
356 0 : ArrayLiteral::kShallowElements));
357 : }
358 :
359 : } // namespace internal
360 : } // namespace v8
|
