Line data Source code
1 : // Copyright 2012 the V8 project authors. All rights reserved.
2 : // Use of this source code is governed by a BSD-style license that can be
3 : // found in the LICENSE file.
4 :
5 : #ifndef V8_ELEMENTS_H_
6 : #define V8_ELEMENTS_H_
7 :
8 : #include "src/elements-kind.h"
9 : #include "src/keys.h"
10 : #include "src/objects.h"
11 :
12 : namespace v8 {
13 : namespace internal {
14 :
15 : class JSTypedArray;
16 :
17 : // Abstract base class for handles that can operate on objects with differing
18 : // ElementsKinds.
19 : class ElementsAccessor {
20 : public:
21 1463712 : explicit ElementsAccessor(const char* name) : name_(name) { }
22 1435992 : virtual ~ElementsAccessor() = default;
23 :
24 : const char* name() const { return name_; }
25 :
26 : // Returns a shared ElementsAccessor for the specified ElementsKind.
27 : static ElementsAccessor* ForKind(ElementsKind elements_kind) {
28 : DCHECK_LT(static_cast<int>(elements_kind), kElementsKindCount);
29 252487655 : return elements_accessors_[elements_kind];
30 : }
31 :
32 : // Checks the elements of an object for consistency, asserting when a problem
33 : // is found.
34 : virtual void Validate(JSObject obj) = 0;
35 :
36 : // Returns true if a holder contains an element with the specified index
37 : // without iterating up the prototype chain. The caller can optionally pass
38 : // in the backing store to use for the check, which must be compatible with
39 : // the ElementsKind of the ElementsAccessor. If backing_store is nullptr, the
40 : // holder->elements() is used as the backing store. If a |filter| is
41 : // specified the PropertyAttributes of the element at the given index
42 : // are compared to the given |filter|. If they match/overlap the given
43 : // index is ignored. Note that only Dictionary elements have custom
44 : // PropertyAttributes associated, hence the |filter| argument is ignored for
45 : // all but DICTIONARY_ELEMENTS and SLOW_SLOPPY_ARGUMENTS_ELEMENTS.
46 : virtual bool HasElement(JSObject holder, uint32_t index,
47 : FixedArrayBase backing_store,
48 : PropertyFilter filter = ALL_PROPERTIES) = 0;
49 :
50 : inline bool HasElement(JSObject holder, uint32_t index,
51 : PropertyFilter filter = ALL_PROPERTIES);
52 :
53 : // Note: this is currently not implemented for string wrapper and
54 : // typed array elements.
55 : virtual bool HasEntry(JSObject holder, uint32_t entry) = 0;
56 :
57 : // TODO(cbruni): HasEntry and Get should not be exposed publicly with the
58 : // entry parameter.
59 : virtual Handle<Object> Get(Handle<JSObject> holder, uint32_t entry) = 0;
60 :
61 : virtual bool HasAccessors(JSObject holder) = 0;
62 : virtual uint32_t NumberOfElements(JSObject holder) = 0;
63 :
64 : // Modifies the length data property as specified for JSArrays and resizes the
65 : // underlying backing store accordingly. The method honors the semantics of
66 : // changing array sizes as defined in EcmaScript 5.1 15.4.5.2, i.e. array that
67 : // have non-deletable elements can only be shrunk to the size of highest
68 : // element that is non-deletable.
69 : virtual void SetLength(Handle<JSArray> holder, uint32_t new_length) = 0;
70 :
71 :
72 : // If kCopyToEnd is specified as the copy_size to CopyElements, it copies all
73 : // of elements from source after source_start to the destination array.
74 : static const int kCopyToEnd = -1;
75 : // If kCopyToEndAndInitializeToHole is specified as the copy_size to
76 : // CopyElements, it copies all of elements from source after source_start to
77 : // destination array, padding any remaining uninitialized elements in the
78 : // destination array with the hole.
79 : static const int kCopyToEndAndInitializeToHole = -2;
80 :
81 : // Copy all indices that have elements from |object| into the given
82 : // KeyAccumulator. For Dictionary-based element-kinds we filter out elements
83 : // whose PropertyAttribute match |filter|.
84 : virtual void CollectElementIndices(Handle<JSObject> object,
85 : Handle<FixedArrayBase> backing_store,
86 : KeyAccumulator* keys) = 0;
87 :
88 : inline void CollectElementIndices(Handle<JSObject> object,
89 : KeyAccumulator* keys);
90 :
91 : virtual Maybe<bool> CollectValuesOrEntries(
92 : Isolate* isolate, Handle<JSObject> object,
93 : Handle<FixedArray> values_or_entries, bool get_entries, int* nof_items,
94 : PropertyFilter filter = ALL_PROPERTIES) = 0;
95 :
96 : virtual MaybeHandle<FixedArray> PrependElementIndices(
97 : Handle<JSObject> object, Handle<FixedArrayBase> backing_store,
98 : Handle<FixedArray> keys, GetKeysConversion convert,
99 : PropertyFilter filter = ALL_PROPERTIES) = 0;
100 :
101 : inline MaybeHandle<FixedArray> PrependElementIndices(
102 : Handle<JSObject> object, Handle<FixedArray> keys,
103 : GetKeysConversion convert, PropertyFilter filter = ALL_PROPERTIES);
104 :
105 : virtual void AddElementsToKeyAccumulator(Handle<JSObject> receiver,
106 : KeyAccumulator* accumulator,
107 : AddKeyConversion convert) = 0;
108 :
109 : virtual void TransitionElementsKind(Handle<JSObject> object,
110 : Handle<Map> map) = 0;
111 : virtual void GrowCapacityAndConvert(Handle<JSObject> object,
112 : uint32_t capacity) = 0;
113 : // Unlike GrowCapacityAndConvert do not attempt to convert the backing store
114 : // and simply return false in this case.
115 : virtual bool GrowCapacity(Handle<JSObject> object, uint32_t index) = 0;
116 :
117 : static void InitializeOncePerProcess();
118 : static void TearDown();
119 :
120 : virtual void Set(Handle<JSObject> holder, uint32_t entry, Object value) = 0;
121 :
122 : virtual void Add(Handle<JSObject> object, uint32_t index,
123 : Handle<Object> value, PropertyAttributes attributes,
124 : uint32_t new_capacity) = 0;
125 :
126 : static Handle<JSArray> Concat(Isolate* isolate, Arguments* args,
127 : uint32_t concat_size, uint32_t result_length);
128 :
129 : virtual uint32_t Push(Handle<JSArray> receiver, Arguments* args,
130 : uint32_t push_size) = 0;
131 :
132 : virtual uint32_t Unshift(Handle<JSArray> receiver, Arguments* args,
133 : uint32_t unshift_size) = 0;
134 :
135 : virtual Handle<JSObject> Slice(Handle<JSObject> receiver, uint32_t start,
136 : uint32_t end) = 0;
137 :
138 : virtual Handle<Object> Pop(Handle<JSArray> receiver) = 0;
139 :
140 : virtual Handle<Object> Shift(Handle<JSArray> receiver) = 0;
141 :
142 : virtual Handle<NumberDictionary> Normalize(Handle<JSObject> object) = 0;
143 :
144 : virtual uint32_t GetCapacity(JSObject holder,
145 : FixedArrayBase backing_store) = 0;
146 :
147 : virtual Object Fill(Handle<JSObject> receiver, Handle<Object> obj_value,
148 : uint32_t start, uint32_t end) = 0;
149 :
150 : // Check an Object's own elements for an element (using SameValueZero
151 : // semantics)
152 : virtual Maybe<bool> IncludesValue(Isolate* isolate, Handle<JSObject> receiver,
153 : Handle<Object> value, uint32_t start,
154 : uint32_t length) = 0;
155 :
156 : // Check an Object's own elements for the index of an element (using SameValue
157 : // semantics)
158 : virtual Maybe<int64_t> IndexOfValue(Isolate* isolate,
159 : Handle<JSObject> receiver,
160 : Handle<Object> value, uint32_t start,
161 : uint32_t length) = 0;
162 :
163 : virtual Maybe<int64_t> LastIndexOfValue(Handle<JSObject> receiver,
164 : Handle<Object> value,
165 : uint32_t start) = 0;
166 :
167 : virtual void Reverse(JSObject receiver) = 0;
168 :
169 : virtual void CopyElements(Isolate* isolate, Handle<FixedArrayBase> source,
170 : ElementsKind source_kind,
171 : Handle<FixedArrayBase> destination, int size) = 0;
172 :
173 : virtual Object CopyElements(Handle<Object> source,
174 : Handle<JSObject> destination, size_t length,
175 : uint32_t offset = 0) = 0;
176 :
177 : virtual Handle<FixedArray> CreateListFromArrayLike(Isolate* isolate,
178 : Handle<JSObject> object,
179 : uint32_t length) = 0;
180 :
181 : virtual void CopyTypedArrayElementsSlice(JSTypedArray source,
182 : JSTypedArray destination,
183 : size_t start, size_t end) = 0;
184 :
185 : protected:
186 : friend class LookupIterator;
187 :
188 : // Element handlers distinguish between entries and indices when they
189 : // manipulate elements. Entries refer to elements in terms of their location
190 : // in the underlying storage's backing store representation, and are between 0
191 : // and GetCapacity. Indices refer to elements in terms of the value that would
192 : // be specified in JavaScript to access the element. In most implementations,
193 : // indices are equivalent to entries. In the NumberDictionary
194 : // ElementsAccessor, entries are mapped to an index using the KeyAt method on
195 : // the NumberDictionary.
196 : virtual uint32_t GetEntryForIndex(Isolate* isolate, JSObject holder,
197 : FixedArrayBase backing_store,
198 : uint32_t index) = 0;
199 :
200 : virtual PropertyDetails GetDetails(JSObject holder, uint32_t entry) = 0;
201 : virtual void Reconfigure(Handle<JSObject> object,
202 : Handle<FixedArrayBase> backing_store, uint32_t entry,
203 : Handle<Object> value,
204 : PropertyAttributes attributes) = 0;
205 :
206 : // Deletes an element in an object.
207 : virtual void Delete(Handle<JSObject> holder, uint32_t entry) = 0;
208 :
209 : // NOTE: this method violates the handlified function signature convention:
210 : // raw pointer parameter |source_holder| in the function that allocates.
211 : // This is done intentionally to avoid ArrayConcat() builtin performance
212 : // degradation.
213 : virtual void CopyElements(JSObject source_holder, uint32_t source_start,
214 : ElementsKind source_kind,
215 : Handle<FixedArrayBase> destination,
216 : uint32_t destination_start, int copy_size) = 0;
217 :
218 : private:
219 : static ElementsAccessor** elements_accessors_;
220 : const char* name_;
221 :
222 : DISALLOW_COPY_AND_ASSIGN(ElementsAccessor);
223 : };
224 :
225 : void CheckArrayAbuse(Handle<JSObject> obj, const char* op, uint32_t index,
226 : bool allow_appending = false);
227 :
228 : V8_WARN_UNUSED_RESULT MaybeHandle<Object> ArrayConstructInitializeElements(
229 : Handle<JSArray> array, Arguments* args);
230 :
231 : // Called directly from CSA.
232 : // {raw_context}: Context pointer.
233 : // {raw_source}: JSArray pointer.
234 : // {raw_destination}: JSTypedArray pointer.
235 : void CopyFastNumberJSArrayElementsToTypedArray(Address raw_context,
236 : Address raw_source,
237 : Address raw_destination,
238 : uintptr_t length,
239 : uintptr_t offset);
240 : // {raw_source}, {raw_destination}: JSTypedArray pointers.
241 : void CopyTypedArrayElementsToTypedArray(Address raw_source,
242 : Address raw_destination,
243 : uintptr_t length, uintptr_t offset);
244 : // {raw_source}, {raw_destination}: JSTypedArray pointers.
245 : void CopyTypedArrayElementsSlice(Address raw_source, Address raw_destination,
246 : uintptr_t start, uintptr_t end);
247 :
248 : } // namespace internal
249 : } // namespace v8
250 :
251 : #endif // V8_ELEMENTS_H_
|
