builtins.cc 54.9 KB
Newer Older
1
// Copyright 2012 the V8 project authors. All rights reserved.
2 3
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
4

5
#include "src/v8.h"
6

7
#include "src/api.h"
8
#include "src/api-natives.h"
9
#include "src/arguments.h"
10
#include "src/base/once.h"
11 12 13 14
#include "src/bootstrapper.h"
#include "src/builtins.h"
#include "src/cpu-profiler.h"
#include "src/gdb-jit.h"
15
#include "src/heap/mark-compact.h"
16
#include "src/heap-profiler.h"
17
#include "src/ic/handler-compiler.h"
18
#include "src/ic/ic.h"
19
#include "src/prototype.h"
20
#include "src/vm-state-inl.h"
21

22 23
namespace v8 {
namespace internal {
24

25 26 27 28 29 30
namespace {

// Arguments object passed to C++ builtins.
template <BuiltinExtraArguments extra_args>
class BuiltinArguments : public Arguments {
 public:
vitalyr@chromium.org's avatar
vitalyr@chromium.org committed
31 32 33
  BuiltinArguments(int length, Object** arguments)
      : Arguments(length, arguments) { }

34
  Object*& operator[] (int index) {
35
    DCHECK(index < length());
36 37 38 39
    return Arguments::operator[](index);
  }

  template <class S> Handle<S> at(int index) {
40
    DCHECK(index < length());
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
    return Arguments::at<S>(index);
  }

  Handle<Object> receiver() {
    return Arguments::at<Object>(0);
  }

  Handle<JSFunction> called_function() {
    STATIC_ASSERT(extra_args == NEEDS_CALLED_FUNCTION);
    return Arguments::at<JSFunction>(Arguments::length() - 1);
  }

  // Gets the total number of arguments including the receiver (but
  // excluding extra arguments).
  int length() const {
    STATIC_ASSERT(extra_args == NO_EXTRA_ARGUMENTS);
    return Arguments::length();
  }

#ifdef DEBUG
  void Verify() {
    // Check we have at least the receiver.
63
    DCHECK(Arguments::length() >= 1);
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79
  }
#endif
};


// Specialize BuiltinArguments for the called function extra argument.

template <>
int BuiltinArguments<NEEDS_CALLED_FUNCTION>::length() const {
  return Arguments::length() - 1;
}

#ifdef DEBUG
template <>
void BuiltinArguments<NEEDS_CALLED_FUNCTION>::Verify() {
  // Check we have at least the receiver and the called function.
80
  DCHECK(Arguments::length() >= 2);
81 82 83 84 85 86 87 88 89 90 91 92 93
  // Make sure cast to JSFunction succeeds.
  called_function();
}
#endif


#define DEF_ARG_TYPE(name, spec)                      \
  typedef BuiltinArguments<spec> name##ArgumentsType;
BUILTIN_LIST_C(DEF_ARG_TYPE)
#undef DEF_ARG_TYPE

}  // namespace

94
// ----------------------------------------------------------------------------
95
// Support macro for defining builtins in C++.
96 97 98 99
// ----------------------------------------------------------------------------
//
// A builtin function is defined by writing:
//
100
//   BUILTIN(name) {
101 102 103
//     ...
//   }
//
104 105
// In the body of the builtin function the arguments can be accessed
// through the BuiltinArguments object args.
106

107
#ifdef DEBUG
108

109
#define BUILTIN(name)                                            \
110
  MUST_USE_RESULT static Object* Builtin_Impl_##name(            \
111
      name##ArgumentsType args, Isolate* isolate);               \
112
  MUST_USE_RESULT static Object* Builtin_##name(                 \
113 114 115 116 117
      int args_length, Object** args_object, Isolate* isolate) { \
    name##ArgumentsType args(args_length, args_object);          \
    args.Verify();                                               \
    return Builtin_Impl_##name(args, isolate);                   \
  }                                                              \
118
  MUST_USE_RESULT static Object* Builtin_Impl_##name(            \
119
      name##ArgumentsType args, Isolate* isolate)
120

121
#else  // For release mode.
122

123
#define BUILTIN(name)                                            \
124
  static Object* Builtin_impl##name(                             \
125
      name##ArgumentsType args, Isolate* isolate);               \
126
  static Object* Builtin_##name(                                 \
127 128 129 130
      int args_length, Object** args_object, Isolate* isolate) { \
    name##ArgumentsType args(args_length, args_object);          \
    return Builtin_impl##name(args, isolate);                    \
  }                                                              \
131
  static Object* Builtin_impl##name(                             \
132
      name##ArgumentsType args, Isolate* isolate)
133
#endif
134 135


136
#ifdef DEBUG
137
static inline bool CalledAsConstructor(Isolate* isolate) {
138 139 140
  // Calculate the result using a full stack frame iterator and check
  // that the state of the stack is as we assume it to be in the
  // code below.
141
  StackFrameIterator it(isolate);
142
  DCHECK(it.frame()->is_exit());
143 144
  it.Advance();
  StackFrame* frame = it.frame();
145
  bool reference_result = frame->is_construct();
146
  Address fp = Isolate::c_entry_fp(isolate->thread_local_top());
147 148 149 150 151 152 153 154 155 156 157 158
  // Because we know fp points to an exit frame we can use the relevant
  // part of ExitFrame::ComputeCallerState directly.
  const int kCallerOffset = ExitFrameConstants::kCallerFPOffset;
  Address caller_fp = Memory::Address_at(fp + kCallerOffset);
  // This inlines the part of StackFrame::ComputeType that grabs the
  // type of the current frame.  Note that StackFrame::ComputeType
  // has been specialized for each architecture so if any one of them
  // changes this code has to be changed as well.
  const int kMarkerOffset = StandardFrameConstants::kMarkerOffset;
  const Smi* kConstructMarker = Smi::FromInt(StackFrame::CONSTRUCT);
  Object* marker = Memory::Object_at(caller_fp + kMarkerOffset);
  bool result = (marker == kConstructMarker);
159
  DCHECK_EQ(result, reference_result);
160
  return result;
161
}
162
#endif
163

164

165 166
// ----------------------------------------------------------------------------

167
BUILTIN(Illegal) {
168
  UNREACHABLE();
169
  return isolate->heap()->undefined_value();  // Make compiler happy.
170 171 172
}


173
BUILTIN(EmptyFunction) {
174
  return isolate->heap()->undefined_value();
175 176 177
}


178 179
static void MoveDoubleElements(FixedDoubleArray* dst, int dst_index,
                               FixedDoubleArray* src, int src_index, int len) {
180
  if (len == 0) return;
181 182
  MemMove(dst->data_start() + dst_index, src->data_start() + src_index,
          len * kDoubleSize);
183 184 185
}


186
static bool ArrayPrototypeHasNoElements(Heap* heap, PrototypeIterator* iter) {
187
  DisallowHeapAllocation no_gc;
188 189 190 191 192 193 194 195
  for (; !iter->IsAtEnd(); iter->Advance()) {
    if (iter->GetCurrent()->IsJSProxy()) return false;
    if (JSObject::cast(iter->GetCurrent())->elements() !=
        heap->empty_fixed_array()) {
      return false;
    }
  }
  return true;
196 197 198
}


199 200 201
static inline bool IsJSArrayFastElementMovingAllowed(Heap* heap,
                                                     JSArray* receiver) {
  DisallowHeapAllocation no_gc;
202 203 204 205 206 207 208 209 210 211 212 213 214 215 216
  Isolate* isolate = heap->isolate();
  if (!isolate->IsFastArrayConstructorPrototypeChainIntact()) {
    return false;
  }

  // If the array prototype chain is intact (and free of elements), and if the
  // receiver's prototype is the array prototype, then we are done.
  Object* prototype = receiver->map()->prototype();
  if (prototype->IsJSArray() &&
      isolate->is_initial_array_prototype(JSArray::cast(prototype))) {
    return true;
  }

  // Slow case.
  PrototypeIterator iter(isolate, receiver);
217
  return ArrayPrototypeHasNoElements(heap, &iter);
218 219 220
}


221
// Returns empty handle if not applicable.
222
MUST_USE_RESULT
223
static inline MaybeHandle<FixedArrayBase> EnsureJSArrayWithWritableFastElements(
224 225 226 227
    Isolate* isolate,
    Handle<Object> receiver,
    Arguments* args,
    int first_added_arg) {
228
  if (!receiver->IsJSArray()) return MaybeHandle<FixedArrayBase>();
229
  Handle<JSArray> array = Handle<JSArray>::cast(receiver);
230
  // If there may be elements accessors in the prototype chain, the fast path
231
  // cannot be used if there arguments to add to the array.
232 233
  Heap* heap = isolate->heap();
  if (args != NULL && !IsJSArrayFastElementMovingAllowed(heap, *array)) {
234 235
    return MaybeHandle<FixedArrayBase>();
  }
236 237
  if (array->map()->is_observed()) return MaybeHandle<FixedArrayBase>();
  if (!array->map()->is_extensible()) return MaybeHandle<FixedArrayBase>();
238
  Handle<FixedArrayBase> elms(array->elements(), isolate);
239 240
  Map* map = elms->map();
  if (map == heap->fixed_array_map()) {
241
    if (args == NULL || array->HasFastObjectElements()) return elms;
242
  } else if (map == heap->fixed_cow_array_map()) {
243 244
    elms = JSObject::EnsureWritableFastElements(array);
    if (args == NULL || array->HasFastObjectElements()) return elms;
245 246
  } else if (map == heap->fixed_double_array_map()) {
    if (args == NULL) return elms;
247
  } else {
248
    return MaybeHandle<FixedArrayBase>();
249
  }
250

251 252
  // Adding elements to the array prototype would break code that makes sure
  // it has no elements. Handle that elsewhere.
253
  if (isolate->IsAnyInitialArrayPrototype(array)) {
254 255 256
    return MaybeHandle<FixedArrayBase>();
  }

257 258 259
  // Need to ensure that the arguments passed in args can be contained in
  // the array.
  int args_length = args->length();
260
  if (first_added_arg >= args_length) return handle(array->elements(), isolate);
261

262
  ElementsKind origin_kind = array->map()->elements_kind();
263
  DCHECK(!IsFastObjectElementsKind(origin_kind));
264
  ElementsKind target_kind = origin_kind;
265 266 267 268 269 270 271 272 273 274 275 276 277
  {
    DisallowHeapAllocation no_gc;
    int arg_count = args->length() - first_added_arg;
    Object** arguments = args->arguments() - first_added_arg - (arg_count - 1);
    for (int i = 0; i < arg_count; i++) {
      Object* arg = arguments[i];
      if (arg->IsHeapObject()) {
        if (arg->IsHeapNumber()) {
          target_kind = FAST_DOUBLE_ELEMENTS;
        } else {
          target_kind = FAST_ELEMENTS;
          break;
        }
278 279 280 281
      }
    }
  }
  if (target_kind != origin_kind) {
282
    JSObject::TransitionElementsKind(array, target_kind);
283
    return handle(array->elements(), isolate);
284 285
  }
  return elms;
286 287 288
}


289
MUST_USE_RESULT static Object* CallJsBuiltin(
290
    Isolate* isolate,
291 292
    const char* name,
    BuiltinArguments<NO_EXTRA_ARGUMENTS> args) {
293
  HandleScope handleScope(isolate);
294

295 296 297 298
  Handle<Object> js_builtin = Object::GetProperty(
      isolate,
      handle(isolate->native_context()->builtins(), isolate),
      name).ToHandleChecked();
299 300 301 302 303
  Handle<JSFunction> function = Handle<JSFunction>::cast(js_builtin);
  int argc = args.length() - 1;
  ScopedVector<Handle<Object> > argv(argc);
  for (int i = 0; i < argc; ++i) {
    argv[i] = args.at<Object>(i + 1);
304
  }
305 306 307 308 309 310 311 312
  Handle<Object> result;
  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
      isolate, result,
      Execution::Call(isolate,
                      function,
                      args.receiver(),
                      argc,
                      argv.start()));
313 314 315 316
  return *result;
}


317
BUILTIN(ArrayPush) {
318 319
  HandleScope scope(isolate);
  Handle<Object> receiver = args.receiver();
320
  MaybeHandle<FixedArrayBase> maybe_elms_obj =
321
      EnsureJSArrayWithWritableFastElements(isolate, receiver, &args, 1);
322 323
  Handle<FixedArrayBase> elms_obj;
  if (!maybe_elms_obj.ToHandle(&elms_obj)) {
324
    return CallJsBuiltin(isolate, "$arrayPush", args);
325
  }
326 327

  Handle<JSArray> array = Handle<JSArray>::cast(receiver);
328 329 330
  int len = Smi::cast(array->length())->value();
  int to_add = args.length() - 1;
  if (to_add > 0 && JSArray::WouldChangeReadOnlyLength(array, len + to_add)) {
331
    return CallJsBuiltin(isolate, "$arrayPush", args);
332
  }
333
  DCHECK(!array->map()->is_observed());
334

335
  ElementsKind kind = array->GetElementsKind();
336

337
  if (IsFastSmiOrObjectElementsKind(kind)) {
338
    Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj);
339 340
    if (to_add == 0) {
      return Smi::FromInt(len);
341
    }
342 343
    // Currently fixed arrays cannot grow too big, so
    // we should never hit this case.
344
    DCHECK(to_add <= (Smi::kMaxValue - len));
345

346
    int new_length = len + to_add;
347

348 349 350
    if (new_length > elms->length()) {
      // New backing storage is needed.
      int capacity = new_length + (new_length >> 1) + 16;
351 352
      Handle<FixedArray> new_elms =
          isolate->factory()->NewUninitializedFixedArray(capacity);
353

354
      ElementsAccessor* accessor = array->GetElementsAccessor();
355
      accessor->CopyElements(
356 357
          elms_obj, 0, kind, new_elms, 0,
          ElementsAccessor::kCopyToEndAndInitializeToHole);
358

359 360
      elms = new_elms;
    }
361

362
    // Add the provided values.
363
    DisallowHeapAllocation no_gc;
364 365 366 367
    WriteBarrierMode mode = elms->GetWriteBarrierMode(no_gc);
    for (int index = 0; index < to_add; index++) {
      elms->set(index + len, args[index + 1], mode);
    }
368

369 370
    if (*elms != array->elements()) {
      array->set_elements(*elms);
371 372 373 374 375 376 377 378 379 380 381 382
    }

    // Set the length.
    array->set_length(Smi::FromInt(new_length));
    return Smi::FromInt(new_length);
  } else {
    int elms_len = elms_obj->length();
    if (to_add == 0) {
      return Smi::FromInt(len);
    }
    // Currently fixed arrays cannot grow too big, so
    // we should never hit this case.
383
    DCHECK(to_add <= (Smi::kMaxValue - len));
384 385 386

    int new_length = len + to_add;

387
    Handle<FixedDoubleArray> new_elms;
388 389 390 391

    if (new_length > elms_len) {
      // New backing storage is needed.
      int capacity = new_length + (new_length >> 1) + 16;
392 393 394 395
      // Create new backing store; since capacity > 0, we can
      // safely cast to FixedDoubleArray.
      new_elms = Handle<FixedDoubleArray>::cast(
          isolate->factory()->NewFixedDoubleArray(capacity));
396

397
      ElementsAccessor* accessor = array->GetElementsAccessor();
398
      accessor->CopyElements(
399 400
          elms_obj, 0, kind, new_elms, 0,
          ElementsAccessor::kCopyToEndAndInitializeToHole);
401

402 403 404
    } else {
      // to_add is > 0 and new_length <= elms_len, so elms_obj cannot be the
      // empty_fixed_array.
405
      new_elms = Handle<FixedDoubleArray>::cast(elms_obj);
406 407 408
    }

    // Add the provided values.
409
    DisallowHeapAllocation no_gc;
410 411 412 413 414 415
    int index;
    for (index = 0; index < to_add; index++) {
      Object* arg = args[index + 1];
      new_elms->set(index + len, arg->Number());
    }

416 417
    if (*new_elms != array->elements()) {
      array->set_elements(*new_elms);
418 419 420 421 422 423
    }

    // Set the length.
    array->set_length(Smi::FromInt(new_length));
    return Smi::FromInt(new_length);
  }
424 425 426
}


427
BUILTIN(ArrayPop) {
428 429
  HandleScope scope(isolate);
  Handle<Object> receiver = args.receiver();
430
  MaybeHandle<FixedArrayBase> maybe_elms_obj =
431
      EnsureJSArrayWithWritableFastElements(isolate, receiver, NULL, 0);
432 433
  Handle<FixedArrayBase> elms_obj;
  if (!maybe_elms_obj.ToHandle(&elms_obj)) {
434
    return CallJsBuiltin(isolate, "$arrayPop", args);
435
  }
436 437

  Handle<JSArray> array = Handle<JSArray>::cast(receiver);
438
  DCHECK(!array->map()->is_observed());
439

440
  int len = Smi::cast(array->length())->value();
441
  if (len == 0) return isolate->heap()->undefined_value();
442

443
  if (JSArray::HasReadOnlyLength(array)) {
444
    return CallJsBuiltin(isolate, "$arrayPop", args);
445 446
  }

447 448
  ElementsAccessor* accessor = array->GetElementsAccessor();
  int new_length = len - 1;
449 450 451
  Handle<Object> element =
      accessor->Get(array, array, new_length, elms_obj).ToHandleChecked();
  if (element->IsTheHole()) {
452
    return CallJsBuiltin(isolate, "$arrayPop", args);
453
  }
454
  RETURN_FAILURE_ON_EXCEPTION(
455 456
      isolate,
      accessor->SetLength(array, handle(Smi::FromInt(new_length), isolate)));
457
  return *element;
458 459 460
}


461
BUILTIN(ArrayShift) {
462
  HandleScope scope(isolate);
463
  Heap* heap = isolate->heap();
464
  Handle<Object> receiver = args.receiver();
465
  MaybeHandle<FixedArrayBase> maybe_elms_obj =
466
      EnsureJSArrayWithWritableFastElements(isolate, receiver, NULL, 0);
467 468
  Handle<FixedArrayBase> elms_obj;
  if (!maybe_elms_obj.ToHandle(&elms_obj) ||
469
      !IsJSArrayFastElementMovingAllowed(heap, JSArray::cast(*receiver))) {
470
    return CallJsBuiltin(isolate, "$arrayShift", args);
471
  }
472
  Handle<JSArray> array = Handle<JSArray>::cast(receiver);
473
  DCHECK(!array->map()->is_observed());
474

475
  int len = Smi::cast(array->length())->value();
476
  if (len == 0) return heap->undefined_value();
477

478
  if (JSArray::HasReadOnlyLength(array)) {
479
    return CallJsBuiltin(isolate, "$arrayShift", args);
480 481
  }

482
  // Get first element
483
  ElementsAccessor* accessor = array->GetElementsAccessor();
484 485
  Handle<Object> first =
    accessor->Get(array, array, 0, elms_obj).ToHandleChecked();
486
  if (first->IsTheHole()) {
487
    return CallJsBuiltin(isolate, "$arrayShift", args);
488
  }
489

490
  if (heap->CanMoveObjectStart(*elms_obj)) {
491
    array->set_elements(heap->LeftTrimFixedArray(*elms_obj, 1));
492 493
  } else {
    // Shift the elements.
494
    if (elms_obj->IsFixedArray()) {
495
      Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj);
496
      DisallowHeapAllocation no_gc;
497
      heap->MoveElements(*elms, 0, 1, len - 1);
498 499
      elms->set(len - 1, heap->the_hole_value());
    } else {
500 501
      Handle<FixedDoubleArray> elms = Handle<FixedDoubleArray>::cast(elms_obj);
      MoveDoubleElements(*elms, 0, *elms, 1, len - 1);
502 503
      elms->set_the_hole(len - 1);
    }
504
  }
505 506 507 508

  // Set the length.
  array->set_length(Smi::FromInt(len - 1));

509
  return *first;
510 511 512
}


513
BUILTIN(ArrayUnshift) {
514
  HandleScope scope(isolate);
515
  Heap* heap = isolate->heap();
516
  Handle<Object> receiver = args.receiver();
517
  MaybeHandle<FixedArrayBase> maybe_elms_obj =
518
      EnsureJSArrayWithWritableFastElements(isolate, receiver, &args, 1);
519
  Handle<FixedArrayBase> elms_obj;
520
  if (!maybe_elms_obj.ToHandle(&elms_obj)) {
521
    return CallJsBuiltin(isolate, "$arrayUnshift", args);
522
  }
523
  Handle<JSArray> array = Handle<JSArray>::cast(receiver);
524
  DCHECK(!array->map()->is_observed());
525
  if (!array->HasFastSmiOrObjectElements()) {
526
    return CallJsBuiltin(isolate, "$arrayUnshift", args);
527
  }
528 529 530
  int len = Smi::cast(array->length())->value();
  int to_add = args.length() - 1;
  int new_length = len + to_add;
531 532
  // Currently fixed arrays cannot grow too big, so
  // we should never hit this case.
533
  DCHECK(to_add <= (Smi::kMaxValue - len));
534

535
  if (to_add > 0 && JSArray::WouldChangeReadOnlyLength(array, len + to_add)) {
536
    return CallJsBuiltin(isolate, "$arrayUnshift", args);
537 538 539 540
  }

  Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj);

541 542 543
  if (new_length > elms->length()) {
    // New backing storage is needed.
    int capacity = new_length + (new_length >> 1) + 16;
544 545
    Handle<FixedArray> new_elms =
        isolate->factory()->NewUninitializedFixedArray(capacity);
546

547 548
    ElementsKind kind = array->GetElementsKind();
    ElementsAccessor* accessor = array->GetElementsAccessor();
549
    accessor->CopyElements(
550 551
        elms, 0, kind, new_elms, to_add,
        ElementsAccessor::kCopyToEndAndInitializeToHole);
552

553
    elms = new_elms;
554
    array->set_elements(*elms);
555
  } else {
556
    DisallowHeapAllocation no_gc;
557
    heap->MoveElements(*elms, to_add, 0, len);
558 559 560
  }

  // Add the provided values.
561
  DisallowHeapAllocation no_gc;
562 563 564 565 566 567 568 569 570 571 572
  WriteBarrierMode mode = elms->GetWriteBarrierMode(no_gc);
  for (int i = 0; i < to_add; i++) {
    elms->set(i, args[i + 1], mode);
  }

  // Set the length.
  array->set_length(Smi::FromInt(new_length));
  return Smi::FromInt(new_length);
}


573
BUILTIN(ArraySlice) {
574
  HandleScope scope(isolate);
575
  Heap* heap = isolate->heap();
576
  Handle<Object> receiver = args.receiver();
577
  int len = -1;
578 579 580 581 582 583 584 585
  int relative_start = 0;
  int relative_end = 0;
  {
    DisallowHeapAllocation no_gc;
    if (receiver->IsJSArray()) {
      JSArray* array = JSArray::cast(*receiver);
      if (!IsJSArrayFastElementMovingAllowed(heap, array)) {
        AllowHeapAllocation allow_allocation;
586
        return CallJsBuiltin(isolate, "$arraySlice", args);
587
      }
588

589 590
      if (!array->HasFastElements()) {
        AllowHeapAllocation allow_allocation;
591
        return CallJsBuiltin(isolate, "$arraySlice", args);
592
      }
593

594
      len = Smi::cast(array->length())->value();
595
    } else {
596 597
      // Array.slice(arguments, ...) is quite a common idiom (notably more
      // than 50% of invocations in Web apps).  Treat it in C++ as well.
598 599
      Map* arguments_map =
          isolate->context()->native_context()->sloppy_arguments_map();
600 601 602 603 604 605

      bool is_arguments_object_with_fast_elements =
          receiver->IsJSObject() &&
          JSObject::cast(*receiver)->map() == arguments_map;
      if (!is_arguments_object_with_fast_elements) {
        AllowHeapAllocation allow_allocation;
606
        return CallJsBuiltin(isolate, "$arraySlice", args);
607 608
      }
      JSObject* object = JSObject::cast(*receiver);
609

610 611
      if (!object->HasFastElements()) {
        AllowHeapAllocation allow_allocation;
612
        return CallJsBuiltin(isolate, "$arraySlice", args);
613
      }
614

615 616 617
      Object* len_obj = object->InObjectPropertyAt(Heap::kArgumentsLengthIndex);
      if (!len_obj->IsSmi()) {
        AllowHeapAllocation allow_allocation;
618
        return CallJsBuiltin(isolate, "$arraySlice", args);
619 620 621 622
      }
      len = Smi::cast(len_obj)->value();
      if (len > object->elements()->length()) {
        AllowHeapAllocation allow_allocation;
623
        return CallJsBuiltin(isolate, "$arraySlice", args);
624
      }
625
    }
626

627
    DCHECK(len >= 0);
628 629 630 631 632 633 634 635 636 637 638 639 640 641 642
    int n_arguments = args.length() - 1;

    // Note carefully choosen defaults---if argument is missing,
    // it's undefined which gets converted to 0 for relative_start
    // and to len for relative_end.
    relative_start = 0;
    relative_end = len;
    if (n_arguments > 0) {
      Object* arg1 = args[1];
      if (arg1->IsSmi()) {
        relative_start = Smi::cast(arg1)->value();
      } else if (arg1->IsHeapNumber()) {
        double start = HeapNumber::cast(arg1)->value();
        if (start < kMinInt || start > kMaxInt) {
          AllowHeapAllocation allow_allocation;
643
          return CallJsBuiltin(isolate, "$arraySlice", args);
644
        }
645 646 647
        relative_start = std::isnan(start) ? 0 : static_cast<int>(start);
      } else if (!arg1->IsUndefined()) {
        AllowHeapAllocation allow_allocation;
648
        return CallJsBuiltin(isolate, "$arraySlice", args);
649
      }
650 651 652 653 654 655 656 657
      if (n_arguments > 1) {
        Object* arg2 = args[2];
        if (arg2->IsSmi()) {
          relative_end = Smi::cast(arg2)->value();
        } else if (arg2->IsHeapNumber()) {
          double end = HeapNumber::cast(arg2)->value();
          if (end < kMinInt || end > kMaxInt) {
            AllowHeapAllocation allow_allocation;
658
            return CallJsBuiltin(isolate, "$arraySlice", args);
659 660 661 662
          }
          relative_end = std::isnan(end) ? 0 : static_cast<int>(end);
        } else if (!arg2->IsUndefined()) {
          AllowHeapAllocation allow_allocation;
663
          return CallJsBuiltin(isolate, "$arraySlice", args);
664 665
        }
      }
666 667 668 669
    }
  }

  // ECMAScript 232, 3rd Edition, Section 15.4.4.10, step 6.
670 671
  int k = (relative_start < 0) ? Max(len + relative_start, 0)
                               : Min(relative_start, len);
672 673

  // ECMAScript 232, 3rd Edition, Section 15.4.4.10, step 8.
674 675
  int final = (relative_end < 0) ? Max(len + relative_end, 0)
                                 : Min(relative_end, len);
676

677 678
  // Calculate the length of result array.
  int result_len = Max(final - k, 0);
679

680 681 682
  Handle<JSObject> object = Handle<JSObject>::cast(receiver);
  Handle<FixedArrayBase> elms(object->elements(), isolate);

683 684
  ElementsKind kind = object->GetElementsKind();
  if (IsHoleyElementsKind(kind)) {
685
    DisallowHeapAllocation no_gc;
686 687 688
    bool packed = true;
    ElementsAccessor* accessor = ElementsAccessor::ForKind(kind);
    for (int i = k; i < final; i++) {
689
      if (!accessor->HasElement(object, i, elms)) {
690 691 692 693 694 695 696
        packed = false;
        break;
      }
    }
    if (packed) {
      kind = GetPackedElementsKind(kind);
    } else if (!receiver->IsJSArray()) {
697
      AllowHeapAllocation allow_allocation;
698
      return CallJsBuiltin(isolate, "$arraySlice", args);
699 700 701
    }
  }

702 703
  Handle<JSArray> result_array =
      isolate->factory()->NewJSArray(kind, result_len, result_len);
704

705
  DisallowHeapAllocation no_gc;
706
  if (result_len == 0) return *result_array;
707

708
  ElementsAccessor* accessor = object->GetElementsAccessor();
709 710
  accessor->CopyElements(
      elms, k, kind, handle(result_array->elements(), isolate), 0, result_len);
711
  return *result_array;
712 713 714
}


715
BUILTIN(ArraySplice) {
716
  HandleScope scope(isolate);
717
  Heap* heap = isolate->heap();
718
  Handle<Object> receiver = args.receiver();
719
  MaybeHandle<FixedArrayBase> maybe_elms_obj =
720
      EnsureJSArrayWithWritableFastElements(isolate, receiver, &args, 3);
721
  Handle<FixedArrayBase> elms_obj;
722
  if (!maybe_elms_obj.ToHandle(&elms_obj)) {
723
    return CallJsBuiltin(isolate, "$arraySplice", args);
724
  }
725
  Handle<JSArray> array = Handle<JSArray>::cast(receiver);
726
  DCHECK(!array->map()->is_observed());
727

728 729 730 731
  int len = Smi::cast(array->length())->value();

  int n_arguments = args.length() - 1;

732
  int relative_start = 0;
733
  if (n_arguments > 0) {
734 735
    DisallowHeapAllocation no_gc;
    Object* arg1 = args[1];
736
    if (arg1->IsSmi()) {
737
      relative_start = Smi::cast(arg1)->value();
738
    } else if (arg1->IsHeapNumber()) {
739
      double start = HeapNumber::cast(arg1)->value();
740
      if (start < kMinInt || start > kMaxInt) {
741
        AllowHeapAllocation allow_allocation;
742
        return CallJsBuiltin(isolate, "$arraySplice", args);
743
      }
744
      relative_start = std::isnan(start) ? 0 : static_cast<int>(start);
745
    } else if (!arg1->IsUndefined()) {
746
      AllowHeapAllocation allow_allocation;
747
      return CallJsBuiltin(isolate, "$arraySplice", args);
748
    }
749
  }
750 751
  int actual_start = (relative_start < 0) ? Max(len + relative_start, 0)
                                          : Min(relative_start, len);
752 753

  // SpiderMonkey, TraceMonkey and JSC treat the case where no delete count is
754 755
  // given as a request to delete all the elements from the start.
  // And it differs from the case of undefined delete count.
756 757
  // This does not follow ECMA-262, but we do the same for
  // compatibility.
758 759
  int actual_delete_count;
  if (n_arguments == 1) {
760
    DCHECK(len - actual_start >= 0);
761 762 763 764
    actual_delete_count = len - actual_start;
  } else {
    int value = 0;  // ToInteger(undefined) == 0
    if (n_arguments > 1) {
765
      DisallowHeapAllocation no_gc;
766 767 768 769
      Object* arg2 = args[2];
      if (arg2->IsSmi()) {
        value = Smi::cast(arg2)->value();
      } else {
770
        AllowHeapAllocation allow_allocation;
771
        return CallJsBuiltin(isolate, "$arraySplice", args);
772
      }
773
    }
774
    actual_delete_count = Min(Max(value, 0), len - actual_start);
775 776
  }

777 778 779 780 781 782 783
  ElementsKind elements_kind = array->GetElementsKind();

  int item_count = (n_arguments > 1) ? (n_arguments - 2) : 0;
  int new_length = len - actual_delete_count + item_count;

  // For double mode we do not support changing the length.
  if (new_length > len && IsFastDoubleElementsKind(elements_kind)) {
784
    return CallJsBuiltin(isolate, "$arraySplice", args);
785 786
  }

787 788
  if (new_length != len && JSArray::HasReadOnlyLength(array)) {
    AllowHeapAllocation allow_allocation;
789
    return CallJsBuiltin(isolate, "$arraySplice", args);
790 791
  }

792
  if (new_length == 0) {
793
    Handle<JSArray> result = isolate->factory()->NewJSArrayWithElements(
794 795 796
        elms_obj, elements_kind, actual_delete_count);
    array->set_elements(heap->empty_fixed_array());
    array->set_length(Smi::FromInt(0));
797
    return *result;
798 799
  }

800 801 802 803
  Handle<JSArray> result_array =
      isolate->factory()->NewJSArray(elements_kind,
                                     actual_delete_count,
                                     actual_delete_count);
804

805
  if (actual_delete_count > 0) {
806
    DisallowHeapAllocation no_gc;
807
    ElementsAccessor* accessor = array->GetElementsAccessor();
808
    accessor->CopyElements(
809 810
        elms_obj, actual_start, elements_kind,
        handle(result_array->elements(), isolate), 0, actual_delete_count);
811
  }
812

813
  bool elms_changed = false;
814
  if (item_count < actual_delete_count) {
815
    // Shrink the array.
816
    const bool trim_array = !heap->lo_space()->Contains(*elms_obj) &&
817 818 819 820 821
      ((actual_start + item_count) <
          (len - actual_delete_count - actual_start));
    if (trim_array) {
      const int delta = actual_delete_count - item_count;

822
      if (elms_obj->IsFixedDoubleArray()) {
823 824 825
        Handle<FixedDoubleArray> elms =
            Handle<FixedDoubleArray>::cast(elms_obj);
        MoveDoubleElements(*elms, delta, *elms, 0, actual_start);
826
      } else {
827
        Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj);
828
        DisallowHeapAllocation no_gc;
829
        heap->MoveElements(*elms, delta, 0, actual_start);
830 831
      }

832 833
      if (heap->CanMoveObjectStart(*elms_obj)) {
        // On the fast path we move the start of the object in memory.
834
        elms_obj = handle(heap->LeftTrimFixedArray(*elms_obj, delta));
835 836 837 838 839 840 841
      } else {
        // This is the slow path. We are going to move the elements to the left
        // by copying them. For trimmed values we store the hole.
        if (elms_obj->IsFixedDoubleArray()) {
          Handle<FixedDoubleArray> elms =
              Handle<FixedDoubleArray>::cast(elms_obj);
          MoveDoubleElements(*elms, 0, *elms, delta, len - delta);
842
          elms->FillWithHoles(len - delta, len);
843 844 845 846
        } else {
          Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj);
          DisallowHeapAllocation no_gc;
          heap->MoveElements(*elms, 0, delta, len - delta);
847
          elms->FillWithHoles(len - delta, len);
848 849
        }
      }
850
      elms_changed = true;
851
    } else {
852
      if (elms_obj->IsFixedDoubleArray()) {
853 854 855 856
        Handle<FixedDoubleArray> elms =
            Handle<FixedDoubleArray>::cast(elms_obj);
        MoveDoubleElements(*elms, actual_start + item_count,
                           *elms, actual_start + actual_delete_count,
857
                           (len - actual_delete_count - actual_start));
858
        elms->FillWithHoles(new_length, len);
859
      } else {
860
        Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj);
861
        DisallowHeapAllocation no_gc;
862
        heap->MoveElements(*elms, actual_start + item_count,
863 864
                           actual_start + actual_delete_count,
                           (len - actual_delete_count - actual_start));
865
        elms->FillWithHoles(new_length, len);
866
      }
867
    }
868
  } else if (item_count > actual_delete_count) {
869
    Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj);
870 871
    // Currently fixed arrays cannot grow too big, so
    // we should never hit this case.
872
    DCHECK((item_count - actual_delete_count) <= (Smi::kMaxValue - len));
873

874 875 876 877
    // Check if array need to grow.
    if (new_length > elms->length()) {
      // New backing storage is needed.
      int capacity = new_length + (new_length >> 1) + 16;
878 879
      Handle<FixedArray> new_elms =
          isolate->factory()->NewUninitializedFixedArray(capacity);
880

881
      DisallowHeapAllocation no_gc;
882

883 884
      ElementsKind kind = array->GetElementsKind();
      ElementsAccessor* accessor = array->GetElementsAccessor();
885 886
      if (actual_start > 0) {
        // Copy the part before actual_start as is.
887
        accessor->CopyElements(
888
            elms, 0, kind, new_elms, 0, actual_start);
889
      }
890
      accessor->CopyElements(
891
          elms, actual_start + actual_delete_count, kind,
892
          new_elms, actual_start + item_count,
893
          ElementsAccessor::kCopyToEndAndInitializeToHole);
894

895
      elms_obj = new_elms;
896
      elms_changed = true;
897
    } else {
898
      DisallowHeapAllocation no_gc;
899
      heap->MoveElements(*elms, actual_start + item_count,
900 901
                         actual_start + actual_delete_count,
                         (len - actual_delete_count - actual_start));
902 903 904
    }
  }

905
  if (IsFastDoubleElementsKind(elements_kind)) {
906
    Handle<FixedDoubleArray> elms = Handle<FixedDoubleArray>::cast(elms_obj);
907 908 909 910 911 912 913 914 915
    for (int k = actual_start; k < actual_start + item_count; k++) {
      Object* arg = args[3 + k - actual_start];
      if (arg->IsSmi()) {
        elms->set(k, Smi::cast(arg)->value());
      } else {
        elms->set(k, HeapNumber::cast(arg)->value());
      }
    }
  } else {
916
    Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj);
917
    DisallowHeapAllocation no_gc;
918 919 920 921
    WriteBarrierMode mode = elms->GetWriteBarrierMode(no_gc);
    for (int k = actual_start; k < actual_start + item_count; k++) {
      elms->set(k, args[3 + k - actual_start], mode);
    }
922 923
  }

924
  if (elms_changed) {
925
    array->set_elements(*elms_obj);
926
  }
927 928 929
  // Set the length.
  array->set_length(Smi::FromInt(new_length));

930
  return *result_array;
931 932 933
}


934
BUILTIN(ArrayConcat) {
935
  HandleScope scope(isolate);
936

937 938
  int n_arguments = args.length();
  int result_len = 0;
939
  ElementsKind elements_kind = GetInitialFastElementsKind();
940
  bool has_double = false;
941
  {
942
    DisallowHeapAllocation no_gc;
943 944
    Heap* heap = isolate->heap();
    Context* native_context = isolate->context()->native_context();
945 946 947 948
    Object* array_proto = native_context->array_function()->prototype();
    PrototypeIterator iter(isolate, array_proto,
                           PrototypeIterator::START_AT_RECEIVER);
    if (!ArrayPrototypeHasNoElements(heap, &iter)) {
949
      AllowHeapAllocation allow_allocation;
950
      return CallJsBuiltin(isolate, "$arrayConcat", args);
951
    }
952

953 954 955 956 957
    // Iterate through all the arguments performing checks
    // and calculating total length.
    bool is_holey = false;
    for (int i = 0; i < n_arguments; i++) {
      Object* arg = args[i];
958 959 960
      PrototypeIterator iter(isolate, arg);
      if (!arg->IsJSArray() || !JSArray::cast(arg)->HasFastElements() ||
          iter.GetCurrent() != array_proto) {
961
        AllowHeapAllocation allow_allocation;
962
        return CallJsBuiltin(isolate, "$arrayConcat", args);
963 964
      }
      int len = Smi::cast(JSArray::cast(arg)->length())->value();
965

966 967 968 969 970
      // We shouldn't overflow when adding another len.
      const int kHalfOfMaxInt = 1 << (kBitsPerInt - 2);
      STATIC_ASSERT(FixedArray::kMaxLength < kHalfOfMaxInt);
      USE(kHalfOfMaxInt);
      result_len += len;
971
      DCHECK(result_len >= 0);
972

973 974
      if (result_len > FixedDoubleArray::kMaxLength) {
        AllowHeapAllocation allow_allocation;
975
        return CallJsBuiltin(isolate, "$arrayConcat", args);
976 977 978 979 980 981 982 983
      }

      ElementsKind arg_kind = JSArray::cast(arg)->map()->elements_kind();
      has_double = has_double || IsFastDoubleElementsKind(arg_kind);
      is_holey = is_holey || IsFastHoleyElementsKind(arg_kind);
      if (IsMoreGeneralElementsKindTransition(elements_kind, arg_kind)) {
        elements_kind = arg_kind;
      }
984
    }
985
    if (is_holey) elements_kind = GetHoleyElementsKind(elements_kind);
986 987
  }

988 989 990 991 992 993
  // If a double array is concatted into a fast elements array, the fast
  // elements array needs to be initialized to contain proper holes, since
  // boxing doubles may cause incremental marking.
  ArrayStorageAllocationMode mode =
      has_double && IsFastObjectElementsKind(elements_kind)
      ? INITIALIZE_ARRAY_ELEMENTS_WITH_HOLE : DONT_INITIALIZE_ARRAY_ELEMENTS;
994 995 996 997 998 999
  Handle<JSArray> result_array =
      isolate->factory()->NewJSArray(elements_kind,
                                     result_len,
                                     result_len,
                                     mode);
  if (result_len == 0) return *result_array;
1000

1001
  int j = 0;
1002
  Handle<FixedArrayBase> storage(result_array->elements(), isolate);
1003
  ElementsAccessor* accessor = ElementsAccessor::ForKind(elements_kind);
1004
  for (int i = 0; i < n_arguments; i++) {
1005 1006
    // It is crucial to keep |array| in a raw pointer form to avoid performance
    // degradation.
1007
    JSArray* array = JSArray::cast(args[i]);
1008
    int len = Smi::cast(array->length())->value();
1009
    if (len > 0) {
1010
      ElementsKind from_kind = array->GetElementsKind();
1011
      accessor->CopyElements(array, 0, from_kind, storage, j, len);
1012 1013
      j += len;
    }
1014
  }
1015

1016
  DCHECK(j == result_len);
1017

1018
  return *result_array;
1019 1020 1021
}


1022
// -----------------------------------------------------------------------------
1023 1024
// Throwers for restricted function properties and strict arguments object
// properties
1025 1026


1027
BUILTIN(RestrictedFunctionPropertiesThrower) {
1028
  HandleScope scope(isolate);
1029 1030 1031
  THROW_NEW_ERROR_RETURN_FAILURE(isolate,
                                 NewTypeError("restricted_function_properties",
                                              HandleVector<Object>(NULL, 0)));
1032 1033
}

1034

1035
BUILTIN(RestrictedStrictArgumentsPropertiesThrower) {
1036
  HandleScope scope(isolate);
1037 1038
  THROW_NEW_ERROR_RETURN_FAILURE(
      isolate,
1039
      NewTypeError("strict_poison_pill", HandleVector<Object>(NULL, 0)));
1040 1041 1042
}


1043 1044 1045 1046
// -----------------------------------------------------------------------------
//


1047
template <bool is_construct>
1048 1049
MUST_USE_RESULT static MaybeHandle<Object> HandleApiCallHelper(
    Isolate* isolate, BuiltinArguments<NEEDS_CALLED_FUNCTION>& args) {
1050
  HandleScope scope(isolate);
1051
  Handle<JSFunction> function = args.called_function();
1052 1053
  // TODO(ishell): turn this back to a DCHECK.
  CHECK(function->shared()->IsApiFunction());
1054

1055 1056
  Handle<FunctionTemplateInfo> fun_data(
      function->shared()->get_api_func_data(), isolate);
1057
  if (is_construct) {
1058
    ASSIGN_RETURN_ON_EXCEPTION(
1059
        isolate, fun_data,
1060 1061
        ApiNatives::ConfigureInstance(isolate, fun_data,
                                      Handle<JSObject>::cast(args.receiver())),
1062
        Object);
1063 1064
  }

dcarney's avatar
dcarney committed
1065 1066
  DCHECK(!args[0]->IsNull());
  if (args[0]->IsUndefined()) args[0] = function->global_proxy();
1067

1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078
  if (!is_construct && !fun_data->accept_any_receiver()) {
    Handle<Object> receiver(&args[0]);
    if (receiver->IsJSObject() && receiver->IsAccessCheckNeeded()) {
      Handle<JSObject> js_receiver = Handle<JSObject>::cast(receiver);
      if (!isolate->MayAccess(js_receiver)) {
        isolate->ReportFailedAccessCheck(js_receiver);
        RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
      }
    }
  }

1079
  Object* raw_holder = fun_data->GetCompatibleReceiver(isolate, args[0]);
1080 1081 1082

  if (raw_holder->IsNull()) {
    // This function cannot be called with the given receiver.  Abort!
1083 1084 1085
    THROW_NEW_ERROR(
        isolate, NewTypeError("illegal_invocation", HandleVector(&function, 1)),
        Object);
1086 1087 1088 1089
  }

  Object* raw_call_data = fun_data->call_code();
  if (!raw_call_data->IsUndefined()) {
1090 1091
    // TODO(ishell): remove this debugging code.
    CHECK(raw_call_data->IsCallHandlerInfo());
1092 1093
    CallHandlerInfo* call_data = CallHandlerInfo::cast(raw_call_data);
    Object* callback_obj = call_data->callback();
1094 1095
    v8::FunctionCallback callback =
        v8::ToCData<v8::FunctionCallback>(callback_obj);
1096 1097
    Object* data_obj = call_data->data();

1098
    LOG(isolate, ApiObjectAccess("call", JSObject::cast(*args.receiver())));
1099
    DCHECK(raw_holder->IsJSObject());
1100

1101 1102 1103 1104 1105 1106
    FunctionCallbackArguments custom(isolate,
                                     data_obj,
                                     *function,
                                     raw_holder,
                                     &args[0] - 1,
                                     args.length() - 1,
1107
                                     is_construct);
1108

1109
    v8::Handle<v8::Value> value = custom.Call(callback);
1110
    Handle<Object> result;
1111
    if (value.IsEmpty()) {
1112
      result = isolate->factory()->undefined_value();
1113
    } else {
1114
      result = v8::Utils::OpenHandle(*value);
1115
      result->VerifyApiCallResultType();
1116 1117
    }

1118 1119 1120 1121
    RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
    if (!is_construct || result->IsJSObject()) {
      return scope.CloseAndEscape(result);
    }
1122 1123
  }

1124
  return scope.CloseAndEscape(args.receiver());
1125 1126 1127 1128
}


BUILTIN(HandleApiCall) {
1129 1130 1131 1132 1133 1134
  HandleScope scope(isolate);
  DCHECK(!CalledAsConstructor(isolate));
  Handle<Object> result;
  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result,
                                     HandleApiCallHelper<false>(isolate, args));
  return *result;
1135 1136 1137 1138
}


BUILTIN(HandleApiCallConstruct) {
1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196
  HandleScope scope(isolate);
  DCHECK(CalledAsConstructor(isolate));
  Handle<Object> result;
  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result,
                                     HandleApiCallHelper<true>(isolate, args));
  return *result;
}


namespace {

class RelocatableArguments : public BuiltinArguments<NEEDS_CALLED_FUNCTION>,
                             public Relocatable {
 public:
  RelocatableArguments(Isolate* isolate, int length, Object** arguments)
      : BuiltinArguments<NEEDS_CALLED_FUNCTION>(length, arguments),
        Relocatable(isolate) {}

  virtual inline void IterateInstance(ObjectVisitor* v) {
    if (length() == 0) return;
    v->VisitPointers(lowest_address(), highest_address() + 1);
  }

 private:
  DISALLOW_COPY_AND_ASSIGN(RelocatableArguments);
};

}  // namespace


MaybeHandle<Object> Builtins::InvokeApiFunction(Handle<JSFunction> function,
                                                Handle<Object> receiver,
                                                int argc,
                                                Handle<Object> args[]) {
  // Construct BuiltinArguments object: function, arguments reversed, receiver.
  const int kBufferSize = 32;
  Object* small_argv[kBufferSize];
  Object** argv;
  if (argc + 2 <= kBufferSize) {
    argv = small_argv;
  } else {
    argv = new Object* [argc + 2];
  }
  argv[argc + 1] = *receiver;
  for (int i = 0; i < argc; ++i) {
    argv[argc - i] = *args[i];
  }
  argv[0] = *function;
  MaybeHandle<Object> result;
  {
    auto isolate = function->GetIsolate();
    RelocatableArguments arguments(isolate, argc + 2, &argv[argc + 1]);
    result = HandleApiCallHelper<false>(isolate, arguments);
  }
  if (argv != small_argv) {
    delete[] argv;
  }
  return result;
1197 1198 1199
}


1200 1201 1202
// Helper function to handle calls to non-function objects created through the
// API. The object can be called as either a constructor (using new) or just as
// a function (without new).
1203
MUST_USE_RESULT static Object* HandleApiCallAsFunctionOrConstructor(
1204
    Isolate* isolate,
1205 1206
    bool is_construct_call,
    BuiltinArguments<NO_EXTRA_ARGUMENTS> args) {
1207 1208
  // Non-functions are never called as constructors. Even if this is an object
  // called as a constructor the delegate call is not a construct call.
1209
  DCHECK(!CalledAsConstructor(isolate));
1210
  Heap* heap = isolate->heap();
1211

1212
  Handle<Object> receiver = args.receiver();
1213

1214
  // Get the object called.
1215
  JSObject* obj = JSObject::cast(*receiver);
1216 1217 1218

  // Get the invocation callback from the function descriptor that was
  // used to create the called object.
1219
  DCHECK(obj->map()->has_instance_call_handler());
1220
  JSFunction* constructor = JSFunction::cast(obj->map()->GetConstructor());
1221 1222
  // TODO(ishell): turn this back to a DCHECK.
  CHECK(constructor->shared()->IsApiFunction());
1223
  Object* handler =
1224
      constructor->shared()->get_api_func_data()->instance_call_handler();
1225
  DCHECK(!handler->IsUndefined());
1226 1227
  // TODO(ishell): remove this debugging code.
  CHECK(handler->IsCallHandlerInfo());
1228 1229
  CallHandlerInfo* call_data = CallHandlerInfo::cast(handler);
  Object* callback_obj = call_data->callback();
1230 1231
  v8::FunctionCallback callback =
      v8::ToCData<v8::FunctionCallback>(callback_obj);
1232 1233 1234

  // Get the data for the call and perform the callback.
  Object* result;
1235
  {
1236 1237
    HandleScope scope(isolate);
    LOG(isolate, ApiObjectAccess("call non-function", obj));
1238

1239 1240 1241 1242 1243 1244 1245
    FunctionCallbackArguments custom(isolate,
                                     call_data->data(),
                                     constructor,
                                     obj,
                                     &args[0] - 1,
                                     args.length() - 1,
                                     is_construct_call);
1246
    v8::Handle<v8::Value> value = custom.Call(callback);
1247
    if (value.IsEmpty()) {
1248
      result = heap->undefined_value();
1249 1250
    } else {
      result = *reinterpret_cast<Object**>(*value);
1251
      result->VerifyApiCallResultType();
1252 1253 1254
    }
  }
  // Check for exceptions and return result.
1255
  RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
1256 1257
  return result;
}
1258 1259 1260 1261 1262


// Handle calls to non-function objects created through the API. This delegate
// function is used when the call is a normal function call.
BUILTIN(HandleApiCallAsFunction) {
1263
  return HandleApiCallAsFunctionOrConstructor(isolate, false, args);
1264 1265 1266 1267 1268 1269
}


// Handle calls to non-function objects created through the API. This delegate
// function is used when the call is a construct call.
BUILTIN(HandleApiCallAsConstructor) {
1270
  return HandleApiCallAsFunctionOrConstructor(isolate, true, args);
1271
}
1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283


static void Generate_LoadIC_Miss(MacroAssembler* masm) {
  LoadIC::GenerateMiss(masm);
}


static void Generate_LoadIC_Normal(MacroAssembler* masm) {
  LoadIC::GenerateNormal(masm);
}


1284
static void Generate_LoadIC_Getter_ForDeopt(MacroAssembler* masm) {
1285
  NamedLoadHandlerCompiler::GenerateLoadViaGetterForDeopt(masm);
1286 1287 1288
}


1289 1290 1291 1292 1293
static void Generate_LoadIC_Slow(MacroAssembler* masm) {
  LoadIC::GenerateRuntimeGetProperty(masm);
}


1294 1295 1296 1297 1298
static void Generate_KeyedLoadIC_Initialize(MacroAssembler* masm) {
  KeyedLoadIC::GenerateInitialize(masm);
}


danno@chromium.org's avatar
danno@chromium.org committed
1299 1300 1301 1302 1303
static void Generate_KeyedLoadIC_Slow(MacroAssembler* masm) {
  KeyedLoadIC::GenerateRuntimeGetProperty(masm);
}


1304
static void Generate_KeyedLoadIC_Miss(MacroAssembler* masm) {
1305
  KeyedLoadIC::GenerateMiss(masm);
1306 1307 1308
}


1309 1310
static void Generate_KeyedLoadIC_Megamorphic(MacroAssembler* masm) {
  KeyedLoadIC::GenerateMegamorphic(masm);
1311 1312 1313 1314 1315 1316 1317
}


static void Generate_KeyedLoadIC_PreMonomorphic(MacroAssembler* masm) {
  KeyedLoadIC::GeneratePreMonomorphic(masm);
}

1318

1319 1320 1321 1322 1323
static void Generate_StoreIC_Miss(MacroAssembler* masm) {
  StoreIC::GenerateMiss(masm);
}


1324 1325 1326 1327 1328
static void Generate_StoreIC_Normal(MacroAssembler* masm) {
  StoreIC::GenerateNormal(masm);
}


1329 1330 1331 1332 1333 1334 1335 1336 1337 1338
static void Generate_StoreIC_Slow(MacroAssembler* masm) {
  NamedStoreHandlerCompiler::GenerateSlow(masm);
}


static void Generate_KeyedStoreIC_Slow(MacroAssembler* masm) {
  ElementHandlerCompiler::GenerateStoreSlow(masm);
}


1339
static void Generate_StoreIC_Setter_ForDeopt(MacroAssembler* masm) {
1340
  NamedStoreHandlerCompiler::GenerateStoreViaSetterForDeopt(masm);
1341 1342 1343
}


1344
static void Generate_KeyedStoreIC_Megamorphic(MacroAssembler* masm) {
1345
  KeyedStoreIC::GenerateMegamorphic(masm, SLOPPY);
1346 1347 1348 1349
}


static void Generate_KeyedStoreIC_Megamorphic_Strict(MacroAssembler* masm) {
1350
  KeyedStoreIC::GenerateMegamorphic(masm, STRICT);
1351 1352 1353
}


1354
static void Generate_KeyedStoreIC_Miss(MacroAssembler* masm) {
1355
  KeyedStoreIC::GenerateMiss(masm);
danno@chromium.org's avatar
danno@chromium.org committed
1356 1357 1358
}


1359 1360 1361 1362 1363
static void Generate_KeyedStoreIC_Initialize(MacroAssembler* masm) {
  KeyedStoreIC::GenerateInitialize(masm);
}


1364 1365 1366 1367
static void Generate_KeyedStoreIC_Initialize_Strict(MacroAssembler* masm) {
  KeyedStoreIC::GenerateInitialize(masm);
}

1368

1369 1370 1371 1372 1373 1374 1375 1376 1377 1378
static void Generate_KeyedStoreIC_PreMonomorphic(MacroAssembler* masm) {
  KeyedStoreIC::GeneratePreMonomorphic(masm);
}


static void Generate_KeyedStoreIC_PreMonomorphic_Strict(MacroAssembler* masm) {
  KeyedStoreIC::GeneratePreMonomorphic(masm);
}


1379 1380
static void Generate_KeyedStoreIC_SloppyArguments(MacroAssembler* masm) {
  KeyedStoreIC::GenerateSloppyArguments(masm);
1381
}
1382

1383

1384
static void Generate_CallICStub_DebugBreak(MacroAssembler* masm) {
1385
  DebugCodegen::GenerateCallICStubDebugBreak(masm);
1386 1387 1388
}


1389
static void Generate_LoadIC_DebugBreak(MacroAssembler* masm) {
1390
  DebugCodegen::GenerateLoadICDebugBreak(masm);
1391 1392 1393 1394
}


static void Generate_StoreIC_DebugBreak(MacroAssembler* masm) {
1395
  DebugCodegen::GenerateStoreICDebugBreak(masm);
1396 1397 1398 1399
}


static void Generate_KeyedLoadIC_DebugBreak(MacroAssembler* masm) {
1400
  DebugCodegen::GenerateKeyedLoadICDebugBreak(masm);
1401 1402 1403 1404
}


static void Generate_KeyedStoreIC_DebugBreak(MacroAssembler* masm) {
1405
  DebugCodegen::GenerateKeyedStoreICDebugBreak(masm);
1406 1407 1408
}


1409
static void Generate_CompareNilIC_DebugBreak(MacroAssembler* masm) {
1410
  DebugCodegen::GenerateCompareNilICDebugBreak(masm);
1411 1412 1413
}


1414
static void Generate_Return_DebugBreak(MacroAssembler* masm) {
1415
  DebugCodegen::GenerateReturnDebugBreak(masm);
1416 1417 1418
}


1419
static void Generate_CallFunctionStub_DebugBreak(MacroAssembler* masm) {
1420
  DebugCodegen::GenerateCallFunctionStubDebugBreak(masm);
1421
}
1422

1423

1424
static void Generate_CallConstructStub_DebugBreak(MacroAssembler* masm) {
1425
  DebugCodegen::GenerateCallConstructStubDebugBreak(masm);
1426 1427 1428 1429 1430
}


static void Generate_CallConstructStub_Recording_DebugBreak(
    MacroAssembler* masm) {
1431
  DebugCodegen::GenerateCallConstructStubRecordDebugBreak(masm);
1432 1433 1434
}


1435
static void Generate_Slot_DebugBreak(MacroAssembler* masm) {
1436
  DebugCodegen::GenerateSlotDebugBreak(masm);
1437 1438 1439
}


1440
static void Generate_PlainReturn_LiveEdit(MacroAssembler* masm) {
1441
  DebugCodegen::GeneratePlainReturnLiveEdit(masm);
1442 1443
}

1444

1445
static void Generate_FrameDropper_LiveEdit(MacroAssembler* masm) {
1446
  DebugCodegen::GenerateFrameDropperLiveEdit(masm);
1447
}
1448

1449 1450 1451 1452 1453 1454 1455 1456 1457 1458

Builtins::Builtins() : initialized_(false) {
  memset(builtins_, 0, sizeof(builtins_[0]) * builtin_count);
  memset(names_, 0, sizeof(names_[0]) * builtin_count);
}


Builtins::~Builtins() {
}

1459

1460
#define DEF_ENUM_C(name, ignore) FUNCTION_ADDR(Builtin_##name),
1461 1462 1463
Address const Builtins::c_functions_[cfunction_count] = {
  BUILTIN_LIST_C(DEF_ENUM_C)
};
1464 1465 1466 1467
#undef DEF_ENUM_C

#define DEF_JS_NAME(name, ignore) #name,
#define DEF_JS_ARGC(ignore, argc) argc,
1468
const char* const Builtins::javascript_names_[id_count] = {
1469 1470 1471
  BUILTINS_LIST_JS(DEF_JS_NAME)
};

1472
int const Builtins::javascript_argc_[id_count] = {
1473 1474 1475 1476 1477
  BUILTINS_LIST_JS(DEF_JS_ARGC)
};
#undef DEF_JS_NAME
#undef DEF_JS_ARGC

1478 1479 1480 1481 1482 1483 1484 1485
struct BuiltinDesc {
  byte* generator;
  byte* c_code;
  const char* s_name;  // name is only used for generating log information.
  int name;
  Code::Flags flags;
  BuiltinExtraArguments extra_args;
};
1486

1487 1488
#define BUILTIN_FUNCTION_TABLE_INIT { V8_ONCE_INIT, {} }

1489 1490
class BuiltinFunctionTable {
 public:
1491
  BuiltinDesc* functions() {
1492
    base::CallOnce(&once_, &Builtins::InitBuiltinFunctionTable);
1493
    return functions_;
1494 1495
  }

1496
  base::OnceType once_;
1497
  BuiltinDesc functions_[Builtins::builtin_count + 1];
1498 1499 1500

  friend class Builtins;
};
1501

1502 1503
static BuiltinFunctionTable builtin_function_table =
    BUILTIN_FUNCTION_TABLE_INIT;
1504 1505 1506 1507 1508 1509

// Define array of pointers to generators and C builtin functions.
// We do this in a sort of roundabout way so that we can do the initialization
// within the lexical scope of Builtins:: and within a context where
// Code::Flags names a non-abstract type.
void Builtins::InitBuiltinFunctionTable() {
1510
  BuiltinDesc* functions = builtin_function_table.functions_;
1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530
  functions[builtin_count].generator = NULL;
  functions[builtin_count].c_code = NULL;
  functions[builtin_count].s_name = NULL;
  functions[builtin_count].name = builtin_count;
  functions[builtin_count].flags = static_cast<Code::Flags>(0);
  functions[builtin_count].extra_args = NO_EXTRA_ARGUMENTS;

#define DEF_FUNCTION_PTR_C(aname, aextra_args)                         \
    functions->generator = FUNCTION_ADDR(Generate_Adaptor);            \
    functions->c_code = FUNCTION_ADDR(Builtin_##aname);                \
    functions->s_name = #aname;                                        \
    functions->name = c_##aname;                                       \
    functions->flags = Code::ComputeFlags(Code::BUILTIN);              \
    functions->extra_args = aextra_args;                               \
    ++functions;

#define DEF_FUNCTION_PTR_A(aname, kind, state, extra)                       \
    functions->generator = FUNCTION_ADDR(Generate_##aname);                 \
    functions->c_code = NULL;                                               \
    functions->s_name = #aname;                                             \
1531
    functions->name = k##aname;                                             \
1532 1533 1534 1535 1536 1537
    functions->flags = Code::ComputeFlags(Code::kind,                       \
                                          state,                            \
                                          extra);                           \
    functions->extra_args = NO_EXTRA_ARGUMENTS;                             \
    ++functions;

1538
#define DEF_FUNCTION_PTR_H(aname, kind)                                     \
1539 1540 1541 1542
    functions->generator = FUNCTION_ADDR(Generate_##aname);                 \
    functions->c_code = NULL;                                               \
    functions->s_name = #aname;                                             \
    functions->name = k##aname;                                             \
1543
    functions->flags = Code::ComputeHandlerFlags(Code::kind);               \
1544 1545 1546
    functions->extra_args = NO_EXTRA_ARGUMENTS;                             \
    ++functions;

1547 1548
  BUILTIN_LIST_C(DEF_FUNCTION_PTR_C)
  BUILTIN_LIST_A(DEF_FUNCTION_PTR_A)
1549
  BUILTIN_LIST_H(DEF_FUNCTION_PTR_H)
1550
  BUILTIN_LIST_DEBUG_A(DEF_FUNCTION_PTR_A)
1551 1552 1553

#undef DEF_FUNCTION_PTR_C
#undef DEF_FUNCTION_PTR_A
1554 1555
}

1556

1557
void Builtins::SetUp(Isolate* isolate, bool create_heap_objects) {
1558
  DCHECK(!initialized_);
1559 1560

  // Create a scope for the handles in the builtins.
1561
  HandleScope scope(isolate);
1562

1563
  const BuiltinDesc* functions = builtin_function_table.functions();
1564 1565

  // For now we generate builtin adaptor code into a stack-allocated
1566 1567
  // buffer, before copying it into individual code objects. Be careful
  // with alignment, some platforms don't like unaligned code.
1568 1569 1570 1571 1572 1573 1574
#ifdef DEBUG
  // We can generate a lot of debug code on Arm64.
  const size_t buffer_size = 32*KB;
#else
  const size_t buffer_size = 8*KB;
#endif
  union { int force_alignment; byte buffer[buffer_size]; } u;
1575 1576 1577 1578 1579

  // Traverse the list of builtins and generate an adaptor in a
  // separate code object for each one.
  for (int i = 0; i < builtin_count; i++) {
    if (create_heap_objects) {
1580
      MacroAssembler masm(isolate, u.buffer, sizeof u.buffer);
1581
      // Generate the code/adaptor.
1582
      typedef void (*Generator)(MacroAssembler*, int, BuiltinExtraArguments);
1583 1584 1585 1586
      Generator g = FUNCTION_CAST<Generator>(functions[i].generator);
      // We pass all arguments to the generator, but it may not use all of
      // them.  This works because the first arguments are on top of the
      // stack.
1587
      DCHECK(!masm.has_frame());
1588
      g(&masm, functions[i].name, functions[i].extra_args);
1589 1590 1591
      // Move the code into the object heap.
      CodeDesc desc;
      masm.GetCode(&desc);
1592
      Code::Flags flags = functions[i].flags;
1593 1594
      Handle<Code> code =
          isolate->factory()->NewCode(desc, flags, masm.CodeObject());
1595
      // Log the event and add the code to the builtins array.
1596
      PROFILE(isolate,
1597 1598
              CodeCreateEvent(Logger::BUILTIN_TAG, *code, functions[i].s_name));
      builtins_[i] = *code;
1599
      code->set_builtin_index(i);
1600
#ifdef ENABLE_DISASSEMBLER
1601
      if (FLAG_print_builtin_code) {
1602
        CodeTracer::Scope trace_scope(isolate->GetCodeTracer());
1603 1604 1605 1606
        OFStream os(trace_scope.file());
        os << "Builtin: " << functions[i].s_name << "\n";
        code->Disassemble(functions[i].s_name, os);
        os << "\n";
1607 1608
      }
#endif
1609 1610 1611 1612 1613 1614 1615 1616
    } else {
      // Deserializing. The values will be filled in during IterateBuiltins.
      builtins_[i] = NULL;
    }
    names_[i] = functions[i].s_name;
  }

  // Mark as initialized.
1617
  initialized_ = true;
1618 1619 1620 1621
}


void Builtins::TearDown() {
1622
  initialized_ = false;
1623 1624 1625 1626 1627 1628 1629 1630 1631
}


void Builtins::IterateBuiltins(ObjectVisitor* v) {
  v->VisitPointers(&builtins_[0], &builtins_[0] + builtin_count);
}


const char* Builtins::Lookup(byte* pc) {
1632 1633
  // may be called during initialization (disassembler!)
  if (initialized_) {
1634 1635 1636 1637 1638 1639 1640 1641 1642 1643
    for (int i = 0; i < builtin_count; i++) {
      Code* entry = Code::cast(builtins_[i]);
      if (entry->contains(pc)) {
        return names_[i];
      }
    }
  }
  return NULL;
}

1644

1645
void Builtins::Generate_InterruptCheck(MacroAssembler* masm) {
1646
  masm->TailCallRuntime(Runtime::kInterrupt, 0, 1);
1647 1648 1649 1650
}


void Builtins::Generate_StackCheck(MacroAssembler* masm) {
1651
  masm->TailCallRuntime(Runtime::kStackGuard, 0, 1);
1652 1653 1654
}


1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666
#define DEFINE_BUILTIN_ACCESSOR_C(name, ignore)               \
Handle<Code> Builtins::name() {                               \
  Code** code_address =                                       \
      reinterpret_cast<Code**>(builtin_address(k##name));     \
  return Handle<Code>(code_address);                          \
}
#define DEFINE_BUILTIN_ACCESSOR_A(name, kind, state, extra) \
Handle<Code> Builtins::name() {                             \
  Code** code_address =                                     \
      reinterpret_cast<Code**>(builtin_address(k##name));   \
  return Handle<Code>(code_address);                        \
}
1667
#define DEFINE_BUILTIN_ACCESSOR_H(name, kind)               \
1668 1669 1670 1671 1672
Handle<Code> Builtins::name() {                             \
  Code** code_address =                                     \
      reinterpret_cast<Code**>(builtin_address(k##name));   \
  return Handle<Code>(code_address);                        \
}
1673 1674
BUILTIN_LIST_C(DEFINE_BUILTIN_ACCESSOR_C)
BUILTIN_LIST_A(DEFINE_BUILTIN_ACCESSOR_A)
1675
BUILTIN_LIST_H(DEFINE_BUILTIN_ACCESSOR_H)
1676 1677 1678 1679 1680
BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A)
#undef DEFINE_BUILTIN_ACCESSOR_C
#undef DEFINE_BUILTIN_ACCESSOR_A


1681
} }  // namespace v8::internal