diff options
Diffstat (limited to 'deps/v8/src/elements.cc')
| -rw-r--r-- | deps/v8/src/elements.cc | 140 |
1 files changed, 19 insertions, 121 deletions
diff --git a/deps/v8/src/elements.cc b/deps/v8/src/elements.cc index 6c4222385c..5fad30711d 100644 --- a/deps/v8/src/elements.cc +++ b/deps/v8/src/elements.cc @@ -10,6 +10,7 @@ #include "src/heap/factory.h" #include "src/heap/heap-write-barrier-inl.h" #include "src/isolate-inl.h" +#include "src/keys.h" #include "src/messages.h" #include "src/objects-inl.h" #include "src/objects/arguments-inl.h" @@ -529,11 +530,11 @@ class InternalElementsAccessor : public ElementsAccessor { explicit InternalElementsAccessor(const char* name) : ElementsAccessor(name) {} - virtual uint32_t GetEntryForIndex(Isolate* isolate, JSObject* holder, - FixedArrayBase* backing_store, - uint32_t index) = 0; + uint32_t GetEntryForIndex(Isolate* isolate, JSObject* holder, + FixedArrayBase* backing_store, + uint32_t index) override = 0; - virtual PropertyDetails GetDetails(JSObject* holder, uint32_t entry) = 0; + PropertyDetails GetDetails(JSObject* holder, uint32_t entry) override = 0; }; // Base class for element handler implementations. Contains the @@ -724,18 +725,6 @@ class ElementsAccessorBase : public InternalElementsAccessor { UNREACHABLE(); } - Handle<JSArray> Splice(Handle<JSArray> receiver, uint32_t start, - uint32_t delete_count, Arguments* args, - uint32_t add_count) final { - return Subclass::SpliceImpl(receiver, start, delete_count, args, add_count); - } - - static Handle<JSArray> SpliceImpl(Handle<JSArray> receiver, - uint32_t start, uint32_t delete_count, - Arguments* args, uint32_t add_count) { - UNREACHABLE(); - } - Handle<Object> Pop(Handle<JSArray> receiver) final { return Subclass::PopImpl(receiver); } @@ -1026,14 +1015,14 @@ class ElementsAccessorBase : public InternalElementsAccessor { void CopyElements(Isolate* isolate, Handle<FixedArrayBase> source, ElementsKind source_kind, - Handle<FixedArrayBase> destination, int size) { + Handle<FixedArrayBase> destination, int size) override { Subclass::CopyElementsImpl(isolate, *source, 0, *destination, source_kind, 0, kPackedSizeNotKnown, size); } void CopyTypedArrayElementsSlice(JSTypedArray* source, JSTypedArray* destination, size_t start, - size_t end) { + size_t end) override { Subclass::CopyTypedArrayElementsSliceImpl(source, destination, start, end); } @@ -1068,7 +1057,7 @@ class ElementsAccessorBase : public InternalElementsAccessor { Maybe<bool> CollectValuesOrEntries(Isolate* isolate, Handle<JSObject> object, Handle<FixedArray> values_or_entries, bool get_entries, int* nof_items, - PropertyFilter filter) { + PropertyFilter filter) override { return Subclass::CollectValuesOrEntriesImpl( isolate, object, values_or_entries, get_entries, nof_items, filter); } @@ -1298,7 +1287,7 @@ class ElementsAccessorBase : public InternalElementsAccessor { } Object* Fill(Handle<JSObject> receiver, Handle<Object> obj_value, - uint32_t start, uint32_t end) { + uint32_t start, uint32_t end) override { return Subclass::FillImpl(receiver, obj_value, start, end); } @@ -2227,58 +2216,6 @@ class FastElementsAccessor : public ElementsAccessorBase<Subclass, KindTraits> { return result_array; } - static Handle<JSArray> SpliceImpl(Handle<JSArray> receiver, - uint32_t start, uint32_t delete_count, - Arguments* args, uint32_t add_count) { - Isolate* isolate = receiver->GetIsolate(); - Heap* heap = isolate->heap(); - uint32_t length = Smi::ToInt(receiver->length()); - uint32_t new_length = length - delete_count + add_count; - - ElementsKind kind = KindTraits::Kind; - if (new_length <= static_cast<uint32_t>(receiver->elements()->length()) && - IsSmiOrObjectElementsKind(kind)) { - HandleScope scope(isolate); - JSObject::EnsureWritableFastElements(receiver); - } - - Handle<FixedArrayBase> backing_store(receiver->elements(), isolate); - - if (new_length == 0) { - receiver->set_elements(ReadOnlyRoots(heap).empty_fixed_array()); - receiver->set_length(Smi::kZero); - return isolate->factory()->NewJSArrayWithElements( - backing_store, KindTraits::Kind, delete_count); - } - - // Construct the result array which holds the deleted elements. - Handle<JSArray> deleted_elements = isolate->factory()->NewJSArray( - KindTraits::Kind, delete_count, delete_count); - if (delete_count > 0) { - DisallowHeapAllocation no_gc; - Subclass::CopyElementsImpl(isolate, *backing_store, start, - deleted_elements->elements(), KindTraits::Kind, - 0, kPackedSizeNotKnown, delete_count); - } - - // Delete and move elements to make space for add_count new elements. - if (add_count < delete_count) { - Subclass::SpliceShrinkStep(isolate, receiver, backing_store, start, - delete_count, add_count, length, new_length); - } else if (add_count > delete_count) { - backing_store = - Subclass::SpliceGrowStep(isolate, receiver, backing_store, start, - delete_count, add_count, length, new_length); - } - - // Copy over the arguments. - Subclass::CopyArguments(args, backing_store, add_count, 3, start); - - receiver->set_length(Smi::FromInt(new_length)); - Subclass::TryTransitionResultArrayToPacked(deleted_elements); - return deleted_elements; - } - static void MoveElements(Isolate* isolate, Handle<JSArray> receiver, Handle<FixedArrayBase> backing_store, int dst_index, int src_index, int len, int hole_start, @@ -2503,50 +2440,6 @@ class FastElementsAccessor : public ElementsAccessorBase<Subclass, KindTraits> { return result; } - private: - // SpliceShrinkStep might modify the backing_store. - static void SpliceShrinkStep(Isolate* isolate, Handle<JSArray> receiver, - Handle<FixedArrayBase> backing_store, - uint32_t start, uint32_t delete_count, - uint32_t add_count, uint32_t len, - uint32_t new_length) { - const int move_left_count = len - delete_count - start; - const int move_left_dst_index = start + add_count; - Subclass::MoveElements(isolate, receiver, backing_store, - move_left_dst_index, start + delete_count, - move_left_count, new_length, len); - } - - // SpliceGrowStep might modify the backing_store. - static Handle<FixedArrayBase> SpliceGrowStep( - Isolate* isolate, Handle<JSArray> receiver, - Handle<FixedArrayBase> backing_store, uint32_t start, - uint32_t delete_count, uint32_t add_count, uint32_t length, - uint32_t new_length) { - // Check we do not overflow the new_length. - DCHECK((add_count - delete_count) <= (Smi::kMaxValue - length)); - // Check if backing_store is big enough. - if (new_length <= static_cast<uint32_t>(backing_store->length())) { - Subclass::MoveElements(isolate, receiver, backing_store, - start + add_count, start + delete_count, - (length - delete_count - start), 0, 0); - // MoveElements updates the backing_store in-place. - return backing_store; - } - // New backing storage is needed. - int capacity = JSObject::NewElementsCapacity(new_length); - // Partially copy all elements up to start. - Handle<FixedArrayBase> new_elms = Subclass::ConvertElementsWithCapacity( - receiver, backing_store, KindTraits::Kind, capacity, start); - // Copy the trailing elements after start + delete_count - Subclass::CopyElementsImpl(isolate, *backing_store, start + delete_count, - *new_elms, KindTraits::Kind, start + add_count, - kPackedSizeNotKnown, - ElementsAccessor::kCopyToEndAndInitializeToHole); - receiver->set_elements(*new_elms); - return new_elms; - } - static Handle<Object> RemoveElement(Handle<JSArray> receiver, Where remove_position) { Isolate* isolate = receiver->GetIsolate(); @@ -3285,8 +3178,8 @@ class TypedElementsAccessor size_t start, size_t end) { DisallowHeapAllocation no_gc; DCHECK_EQ(destination->GetElementsKind(), AccessorClass::kind()); - DCHECK(!source->WasNeutered()); - DCHECK(!destination->WasNeutered()); + CHECK(!source->WasNeutered()); + CHECK(!destination->WasNeutered()); DCHECK_LE(start, end); DCHECK_LE(end, source->length_value()); @@ -3356,6 +3249,9 @@ class TypedElementsAccessor // side-effects, as the source elements will always be a number. DisallowHeapAllocation no_gc; + CHECK(!source->WasNeutered()); + CHECK(!destination->WasNeutered()); + FixedTypedArrayBase* source_elements = FixedTypedArrayBase::cast(source->elements()); BackingStore* destination_elements = @@ -3377,8 +3273,8 @@ class TypedElementsAccessor uint8_t* source_data = static_cast<uint8_t*>(source_elements->DataPtr()); uint8_t* dest_data = static_cast<uint8_t*>(destination_elements->DataPtr()); - size_t source_byte_length = NumberToSize(source->byte_length()); - size_t dest_byte_length = NumberToSize(destination->byte_length()); + size_t source_byte_length = source->byte_length(); + size_t dest_byte_length = destination->byte_length(); // We can simply copy the backing store if the types are the same, or if // we are converting e.g. Uint8 <-> Int8, as the binary representation @@ -3446,6 +3342,8 @@ class TypedElementsAccessor DisallowHeapAllocation no_gc; DisallowJavascriptExecution no_js(isolate); + CHECK(!destination->WasNeutered()); + size_t current_length; DCHECK(source->length()->IsNumber() && TryNumberToSize(source->length(), ¤t_length) && @@ -3566,6 +3464,7 @@ class TypedElementsAccessor Handle<JSTypedArray> destination_ta = Handle<JSTypedArray>::cast(destination); DCHECK_LE(offset + length, destination_ta->length_value()); + CHECK(!destination_ta->WasNeutered()); if (length == 0) return *isolate->factory()->undefined_value(); @@ -3593,7 +3492,6 @@ class TypedElementsAccessor // If we have to copy more elements than we have in the source, we need to // do special handling and conversion; that happens in the slow case. if (length + offset <= source_ta->length_value()) { - DCHECK(length == 0 || !source_ta->WasNeutered()); CopyElementsFromTypedArray(*source_ta, *destination_ta, length, offset); return *isolate->factory()->undefined_value(); } |