V8 Project
Classes | Public Types | Public Member Functions | Static Public Member Functions | Static Public Attributes | Private Member Functions | Static Private Member Functions | Friends | List of all members
v8::internal::JSObject Class Reference

#include <objects.h>

+ Inheritance diagram for v8::internal::JSObject:
+ Collaboration diagram for v8::internal::JSObject:

Classes

class  BodyDescriptor
 

Public Types

enum  ExecutableAccessorInfoHandling { DEFAULT_HANDLING , DONT_FORCE_FIELD }
 
enum  SetFastElementsCapacitySmiMode { kAllowSmiElements , kForceSmiElements , kDontAllowSmiElements }
 
enum  DeepCopyHints { kNoHints = 0 , kObjectIsShallow = 1 }
 
- Public Types inherited from v8::internal::JSReceiver
enum  DeleteMode { NORMAL_DELETION , STRICT_DELETION , FORCE_DELETION }
 
enum  KeyCollectionType { OWN_ONLY , INCLUDE_PROTOS }
 
- Public Types inherited from v8::internal::Object
enum  StoreFromKeyed { MAY_BE_STORE_FROM_KEYED , CERTAINLY_NOT_STORE_FROM_KEYED }
 
enum  StorePropertyMode { NORMAL_PROPERTY , SUPER_PROPERTY }
 

Public Member Functions

 DECL_ACCESSORS (properties, FixedArray) inline void initialize_properties()
 
bool HasFastProperties ()
 
NameDictionaryproperty_dictionary ()
 
void initialize_elements ()
 
ElementsKind GetElementsKind ()
 
ElementsAccessorGetElementsAccessor ()
 
bool HasFastSmiElements ()
 
bool HasFastObjectElements ()
 
bool HasFastSmiOrObjectElements ()
 
bool HasFastElements ()
 
bool HasFastDoubleElements ()
 
bool HasFastHoleyElements ()
 
bool HasSloppyArgumentsElements ()
 
bool HasDictionaryElements ()
 
bool HasExternalUint8ClampedElements ()
 
bool HasExternalArrayElements ()
 
bool HasExternalInt8Elements ()
 
bool HasExternalUint8Elements ()
 
bool HasExternalInt16Elements ()
 
bool HasExternalUint16Elements ()
 
bool HasExternalInt32Elements ()
 
bool HasExternalUint32Elements ()
 
bool HasExternalFloat32Elements ()
 
bool HasExternalFloat64Elements ()
 
bool HasFixedTypedArrayElements ()
 
bool HasFixedUint8ClampedElements ()
 
bool HasFixedArrayElements ()
 
bool HasFixedInt8Elements ()
 
bool HasFixedUint8Elements ()
 
bool HasFixedInt16Elements ()
 
bool HasFixedUint16Elements ()
 
bool HasFixedInt32Elements ()
 
bool HasFixedUint32Elements ()
 
bool HasFixedFloat32Elements ()
 
bool HasFixedFloat64Elements ()
 
bool HasFastArgumentsElements ()
 
bool HasDictionaryArgumentsElements ()
 
SeededNumberDictionaryelement_dictionary ()
 
InterceptorInfoGetNamedInterceptor ()
 
InterceptorInfoGetIndexedInterceptor ()
 
bool IsDirty ()
 
ObjectGetHiddenProperty (Handle< Name > key)
 
bool WouldConvertToSlowElements (Handle< Object > key)
 
bool ShouldConvertToSlowElements (int new_capacity)
 
bool ShouldConvertToFastElements ()
 
bool ShouldConvertToFastDoubleElements (bool *has_smi_only_elements)
 
bool HasNamedInterceptor ()
 
bool HasIndexedInterceptor ()
 
int GetHeaderSize ()
 
int GetInternalFieldCount ()
 
int GetInternalFieldOffset (int index)
 
ObjectGetInternalField (int index)
 
void SetInternalField (int index, Object *value)
 
void SetInternalField (int index, Smi *value)
 
int NumberOfOwnProperties (PropertyAttributes filter=NONE)
 
void GetOwnPropertyNames (FixedArray *storage, int index, PropertyAttributes filter=NONE)
 
int NumberOfOwnElements (PropertyAttributes filter)
 
int NumberOfEnumElements ()
 
int GetOwnElementKeys (FixedArray *storage, PropertyAttributes filter)
 
int GetEnumElementKeys (FixedArray *storage)
 
ObjectRawFastPropertyAt (FieldIndex index)
 
void FastPropertyAtPut (FieldIndex index, Object *value)
 
void WriteToField (int descriptor, Object *value)
 
int GetInObjectPropertyOffset (int index)
 
ObjectInObjectPropertyAt (int index)
 
ObjectInObjectPropertyAtPut (int index, Object *value, WriteBarrierMode mode=UPDATE_WRITE_BARRIER)
 
void InitializeBody (Map *map, Object *pre_allocated_value, Object *filler_value)
 
bool ReferencesObject (Object *obj)
 
void JSObjectShortPrint (StringStream *accumulator)
 
void PrintInstanceMigration (FILE *file, Map *original_map, Map *new_map)
 
ObjectSlowReverseLookup (Object *value)
 
 STATIC_ASSERT (kHeaderSize==Internals::kJSObjectHeaderSize)
 
ContextGetCreationContext ()
 
- Public Member Functions inherited from v8::internal::JSReceiver
bool IsSimpleEnum ()
 
Stringclass_name ()
 
Stringconstructor_name ()
 
ObjectGetConstructor ()
 
ObjectGetIdentityHash ()
 
- Public Member Functions inherited from v8::internal::HeapObject
Mapmap () const
 
void set_map (Map *value)
 
void set_map_no_write_barrier (Map *value)
 
Mapsynchronized_map ()
 
MapWord synchronized_map_word () const
 
void synchronized_set_map (Map *value)
 
void synchronized_set_map_no_write_barrier (Map *value)
 
void synchronized_set_map_word (MapWord map_word)
 
MapWord map_word () const
 
void set_map_word (MapWord map_word)
 
HeapGetHeap () const
 
IsolateGetIsolate () const
 
Address address ()
 
void Iterate (ObjectVisitor *v)
 
void IterateBody (InstanceType type, int object_size, ObjectVisitor *v)
 
int Size ()
 
bool MayContainRawValues ()
 
int SizeFromMap (Map *map)
 
WriteBarrierMode GetWriteBarrierMode (const DisallowHeapAllocation &promise)
 
void HeapObjectShortPrint (OStream &os)
 
 STATIC_ASSERT (kMapOffset==Internals::kHeapObjectMapOffset)
 
- Public Member Functions inherited from v8::internal::Object
bool IsObject () const
 
 INLINE (bool IsFixedArrayBase() const)
 
 INLINE (bool IsExternal() const)
 
 INLINE (bool IsAccessorInfo() const)
 
 INLINE (bool IsStruct() const)
 
 INLINE (bool IsSpecObject()) const
 
 INLINE (bool IsSpecFunction()) const
 
 INLINE (bool IsTemplateInfo()) const
 
 INLINE (bool IsNameDictionary() const)
 
 INLINE (bool IsSeededNumberDictionary() const)
 
 INLINE (bool IsUnseededNumberDictionary() const)
 
 INLINE (bool IsOrderedHashSet() const)
 
 INLINE (bool IsOrderedHashMap() const)
 
bool IsCallable () const
 
 INLINE (bool IsUndefined() const)
 
 INLINE (bool IsNull() const)
 
 INLINE (bool IsTheHole() const)
 
 INLINE (bool IsException() const)
 
 INLINE (bool IsUninitialized() const)
 
 INLINE (bool IsTrue() const)
 
 INLINE (bool IsFalse() const)
 
 INLINE (bool IsArgumentsMarker() const)
 
 INLINE (bool IsFiller() const)
 
double Number ()
 
 INLINE (bool IsNaN() const)
 
 INLINE (bool IsMinusZero() const)
 
bool ToInt32 (int32_t *value)
 
bool ToUint32 (uint32_t *value)
 
Representation OptimalRepresentation ()
 
bool FitsRepresentation (Representation representation)
 
Handle< HeapTypeOptimalType (Isolate *isolate, Representation representation)
 
bool HasValidElements ()
 
bool HasSpecificClassOf (String *name)
 
bool BooleanValue ()
 
ObjectGetHash ()
 
bool SameValue (Object *other)
 
bool SameValueZero (Object *other)
 
bool ToArrayIndex (uint32_t *index)
 
bool IsStringObjectWithCharacterAt (uint32_t index)
 
void VerifyApiCallResultType ()
 
void ShortPrint (FILE *out=stdout)
 
void ShortPrint (StringStream *accumulator)
 

Static Public Member Functions

static void ResetElements (Handle< JSObject > object)
 
static void SetMapAndElements (Handle< JSObject > object, Handle< Map > map, Handle< FixedArrayBase > elements)
 
static Handle< FixedArrayEnsureWritableFastElements (Handle< JSObject > object)
 
static Handle< ObjectPrepareElementsForSort (Handle< JSObject > object, uint32_t limit)
 
static Handle< ObjectPrepareSlowElementsForSort (Handle< JSObject > object, uint32_t limit)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetPropertyWithInterceptor (LookupIterator *it, Handle< Object > value)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetOwnPropertyIgnoreAttributes (Handle< JSObject > object, Handle< Name > key, Handle< Object > value, PropertyAttributes attributes, ExecutableAccessorInfoHandling handling=DEFAULT_HANDLING)
 
static void AddProperty (Handle< JSObject > object, Handle< Name > key, Handle< Object > value, PropertyAttributes attributes)
 
static void AllocateStorageForMap (Handle< JSObject > object, Handle< Map > map)
 
static void MigrateInstance (Handle< JSObject > instance)
 
static bool TryMigrateInstance (Handle< JSObject > instance)
 
static void SetNormalizedProperty (Handle< JSObject > object, Handle< Name > key, Handle< Object > value, PropertyDetails details)
 
static void OptimizeAsPrototype (Handle< JSObject > object, PrototypeOptimizationMode mode)
 
static void ReoptimizeIfPrototype (Handle< JSObject > object)
 
static MUST_USE_RESULT Maybe< PropertyAttributesGetPropertyAttributesWithInterceptor (Handle< JSObject > holder, Handle< Object > receiver, Handle< Name > name)
 
static MUST_USE_RESULT Maybe< PropertyAttributesGetPropertyAttributesWithFailedAccessCheck (LookupIterator *it)
 
static MUST_USE_RESULT Maybe< PropertyAttributesGetElementAttributeWithReceiver (Handle< JSObject > object, Handle< JSReceiver > receiver, uint32_t index, bool check_prototype)
 
static MUST_USE_RESULT MaybeHandle< ObjectGetAccessor (Handle< JSObject > object, Handle< Name > name, AccessorComponent component)
 
static MaybeHandle< ObjectDefineAccessor (Handle< JSObject > object, Handle< Name > name, Handle< Object > getter, Handle< Object > setter, PropertyAttributes attributes)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetAccessor (Handle< JSObject > object, Handle< AccessorInfo > info)
 
static MUST_USE_RESULT MaybeHandle< ObjectGetPropertyWithInterceptor (Handle< JSObject > object, Handle< Object > receiver, Handle< Name > name)
 
static Handle< ObjectSetHiddenProperty (Handle< JSObject > object, Handle< Name > key, Handle< Object > value)
 
static void DeleteHiddenProperty (Handle< JSObject > object, Handle< Name > key)
 
static bool HasHiddenProperties (Handle< JSObject > object)
 
static void SetIdentityHash (Handle< JSObject > object, Handle< Smi > hash)
 
static void ValidateElements (Handle< JSObject > object)
 
static void EnsureCanContainHeapObjectElements (Handle< JSObject > obj)
 
static void EnsureCanContainElements (Handle< JSObject > object, Object **elements, uint32_t count, EnsureElementsMode mode)
 
static void EnsureCanContainElements (Handle< JSObject > object, Handle< FixedArrayBase > elements, uint32_t length, EnsureElementsMode mode)
 
static void EnsureCanContainElements (Handle< JSObject > object, Arguments *arguments, uint32_t first_arg, uint32_t arg_count, EnsureElementsMode mode)
 
static int NewElementsCapacity (int old_capacity)
 
static MUST_USE_RESULT MaybeHandle< AccessorPairGetOwnElementAccessorPair (Handle< JSObject > object, uint32_t index)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetFastElement (Handle< JSObject > object, uint32_t index, Handle< Object > value, StrictMode strict_mode, bool check_prototype)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetOwnElement (Handle< JSObject > object, uint32_t index, Handle< Object > value, StrictMode strict_mode)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetElement (Handle< JSObject > object, uint32_t index, Handle< Object > value, PropertyAttributes attributes, StrictMode strict_mode, bool check_prototype=true, SetPropertyMode set_mode=SET_PROPERTY)
 
static MUST_USE_RESULT MaybeHandle< ObjectGetElementWithInterceptor (Handle< JSObject > object, Handle< Object > receiver, uint32_t index)
 
static Handle< FixedArraySetFastElementsCapacityAndLength (Handle< JSObject > object, int capacity, int length, SetFastElementsCapacitySmiMode smi_mode)
 
static void SetFastDoubleElementsCapacityAndLength (Handle< JSObject > object, int capacity, int length)
 
static MUST_USE_RESULT MaybeHandle< JSObjectGetKeysForNamedInterceptor (Handle< JSObject > object, Handle< JSReceiver > receiver)
 
static MUST_USE_RESULT MaybeHandle< JSObjectGetKeysForIndexedInterceptor (Handle< JSObject > object, Handle< JSReceiver > receiver)
 
static MUST_USE_RESULT Maybe< boolHasRealNamedProperty (Handle< JSObject > object, Handle< Name > key)
 
static MUST_USE_RESULT Maybe< boolHasRealElementProperty (Handle< JSObject > object, uint32_t index)
 
static MUST_USE_RESULT Maybe< boolHasRealNamedCallbackProperty (Handle< JSObject > object, Handle< Name > key)
 
static Handle< MapGetElementsTransitionMap (Handle< JSObject > object, ElementsKind to_kind)
 
static void TransitionElementsKind (Handle< JSObject > object, ElementsKind to_kind)
 
static void MigrateToMap (Handle< JSObject > object, Handle< Map > new_map)
 
static void NormalizeProperties (Handle< JSObject > object, PropertyNormalizationMode mode, int expected_additional_properties)
 
static Handle< SeededNumberDictionaryNormalizeElements (Handle< JSObject > object)
 
static void MigrateSlowToFast (Handle< JSObject > object, int unused_property_fields)
 
static Handle< ObjectFastPropertyAt (Handle< JSObject > object, Representation representation, FieldIndex index)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetPrototype (Handle< JSObject > object, Handle< Object > value, bool from_javascript)
 
static MUST_USE_RESULT MaybeHandle< ObjectPreventExtensions (Handle< JSObject > object)
 
static MUST_USE_RESULT MaybeHandle< ObjectFreeze (Handle< JSObject > object)
 
static void SetObserved (Handle< JSObject > object)
 
static Handle< JSObjectCopy (Handle< JSObject > object)
 
static MUST_USE_RESULT MaybeHandle< JSObjectDeepCopy (Handle< JSObject > object, AllocationSiteUsageContext *site_context, DeepCopyHints hints=kNoHints)
 
static MUST_USE_RESULT MaybeHandle< JSObjectDeepWalk (Handle< JSObject > object, AllocationSiteCreationContext *site_context)
 
static Handle< ObjectGetDataProperty (Handle< JSObject > object, Handle< Name > key)
 
static Handle< ObjectGetDataProperty (LookupIterator *it)
 
static void PrintElementsTransition (FILE *file, Handle< JSObject > object, ElementsKind from_kind, Handle< FixedArrayBase > from_elements, ElementsKind to_kind, Handle< FixedArrayBase > to_elements)
 
static void EnqueueChangeRecord (Handle< JSObject > object, const char *type, Handle< Name > name, Handle< Object > old_value)
 
static void MigrateToNewProperty (Handle< JSObject > object, Handle< Map > transition, Handle< Object > value)
 
- Static Public Member Functions inherited from v8::internal::JSReceiver
static MUST_USE_RESULT MaybeHandle< ObjectSetElement (Handle< JSReceiver > object, uint32_t index, Handle< Object > value, PropertyAttributes attributes, StrictMode strict_mode)
 
static MUST_USE_RESULT Maybe< boolHasProperty (Handle< JSReceiver > object, Handle< Name > name)
 
static MUST_USE_RESULT Maybe< boolHasOwnProperty (Handle< JSReceiver >, Handle< Name > name)
 
static MUST_USE_RESULT Maybe< boolHasElement (Handle< JSReceiver > object, uint32_t index)
 
static MUST_USE_RESULT Maybe< boolHasOwnElement (Handle< JSReceiver > object, uint32_t index)
 
static MUST_USE_RESULT MaybeHandle< ObjectDeleteProperty (Handle< JSReceiver > object, Handle< Name > name, DeleteMode mode=NORMAL_DELETION)
 
static MUST_USE_RESULT MaybeHandle< ObjectDeleteElement (Handle< JSReceiver > object, uint32_t index, DeleteMode mode=NORMAL_DELETION)
 
static MUST_USE_RESULT Maybe< PropertyAttributesGetPropertyAttributes (Handle< JSReceiver > object, Handle< Name > name)
 
static MUST_USE_RESULT Maybe< PropertyAttributesGetPropertyAttributes (LookupIterator *it)
 
static MUST_USE_RESULT Maybe< PropertyAttributesGetOwnPropertyAttributes (Handle< JSReceiver > object, Handle< Name > name)
 
static MUST_USE_RESULT Maybe< PropertyAttributesGetElementAttribute (Handle< JSReceiver > object, uint32_t index)
 
static MUST_USE_RESULT Maybe< PropertyAttributesGetOwnElementAttribute (Handle< JSReceiver > object, uint32_t index)
 
static Handle< SmiGetOrCreateIdentityHash (Handle< JSReceiver > object)
 
static MUST_USE_RESULT MaybeHandle< FixedArrayGetKeys (Handle< JSReceiver > object, KeyCollectionType type)
 
- Static Public Member Functions inherited from v8::internal::HeapObject
static HeapObjectFromAddress (Address address)
 
static Object ** RawField (HeapObject *obj, int offset)
 
static void UpdateMapCodeCache (Handle< HeapObject > object, Handle< Name > name, Handle< Code > code)
 
- Static Public Member Functions inherited from v8::internal::Object
static Handle< ObjectNewStorageFor (Isolate *isolate, Handle< Object > object, Representation representation)
 
static Handle< ObjectWrapForRead (Isolate *isolate, Handle< Object > object, Representation representation)
 
static MaybeHandle< JSReceiverToObject (Isolate *isolate, Handle< Object > object)
 
static MaybeHandle< JSReceiverToObject (Isolate *isolate, Handle< Object > object, Handle< Context > context)
 
static MUST_USE_RESULT MaybeHandle< SmiToSmi (Isolate *isolate, Handle< Object > object)
 
static MUST_USE_RESULT MaybeHandle< ObjectGetProperty (LookupIterator *it)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetProperty (Handle< Object > object, Handle< Name > key, Handle< Object > value, StrictMode strict_mode, StoreFromKeyed store_mode=MAY_BE_STORE_FROM_KEYED)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetProperty (LookupIterator *it, Handle< Object > value, StrictMode strict_mode, StoreFromKeyed store_mode, StorePropertyMode data_store_mode=NORMAL_PROPERTY)
 
static MUST_USE_RESULT MaybeHandle< ObjectWriteToReadOnlyProperty (LookupIterator *it, Handle< Object > value, StrictMode strict_mode)
 
static Handle< ObjectSetDataProperty (LookupIterator *it, Handle< Object > value)
 
static MUST_USE_RESULT MaybeHandle< ObjectAddDataProperty (LookupIterator *it, Handle< Object > value, PropertyAttributes attributes, StrictMode strict_mode, StoreFromKeyed store_mode)
 
static MUST_USE_RESULT MaybeHandle< ObjectGetPropertyOrElement (Handle< Object > object, Handle< Name > key)
 
static MUST_USE_RESULT MaybeHandle< ObjectGetProperty (Isolate *isolate, Handle< Object > object, const char *key)
 
static MUST_USE_RESULT MaybeHandle< ObjectGetProperty (Handle< Object > object, Handle< Name > key)
 
static MUST_USE_RESULT MaybeHandle< ObjectGetPropertyWithAccessor (Handle< Object > receiver, Handle< Name > name, Handle< JSObject > holder, Handle< Object > structure)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetPropertyWithAccessor (Handle< Object > receiver, Handle< Name > name, Handle< Object > value, Handle< JSObject > holder, Handle< Object > structure, StrictMode strict_mode)
 
static MUST_USE_RESULT MaybeHandle< ObjectGetPropertyWithDefinedGetter (Handle< Object > receiver, Handle< JSReceiver > getter)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetPropertyWithDefinedSetter (Handle< Object > receiver, Handle< JSReceiver > setter, Handle< Object > value)
 
static MUST_USE_RESULT MaybeHandle< ObjectGetElement (Isolate *isolate, Handle< Object > object, uint32_t index)
 
static MUST_USE_RESULT MaybeHandle< ObjectGetElementWithReceiver (Isolate *isolate, Handle< Object > object, Handle< Object > receiver, uint32_t index)
 
static Handle< SmiGetOrCreateHash (Isolate *isolate, Handle< Object > object)
 

Static Public Attributes

static const uint32_t kMaxElementCount = 0xffffffffu
 
static const uint32_t kMaxGap = 1024
 
static const int kMaxUncheckedFastElementsLength = 5000
 
static const int kMaxUncheckedOldFastElementsLength = 500
 
static const int kInitialMaxFastElementArray = 100000
 
static const int kInitialGlobalObjectUnusedPropertiesCount = 4
 
static const int kMaxInstanceSize = 255 * kPointerSize
 
static const int kFieldsAdded = 3
 
static const int kPropertiesOffset = HeapObject::kHeaderSize
 
static const int kElementsOffset = kPropertiesOffset + kPointerSize
 
static const int kHeaderSize = kElementsOffset + kPointerSize
 
- Static Public Attributes inherited from v8::internal::HeapObject
static const int kMapOffset = Object::kHeaderSize
 
static const int kHeaderSize = kMapOffset + kPointerSize
 
- Static Public Attributes inherited from v8::internal::Object
static const int kHeaderSize = 0
 

Private Member Functions

bool ReferencesObjectFromElements (FixedArray *elements, ElementsKind kind, Object *object)
 
bool HasDenseElements ()
 
void GetElementsCapacityAndUsage (int *capacity, int *used)
 
MUST_USE_RESULT ObjectGetHiddenPropertiesHashTable ()
 
MUST_USE_RESULT ObjectGetIdentityHash ()
 
 DISALLOW_IMPLICIT_CONSTRUCTORS (JSObject)
 

Static Private Member Functions

static void MigrateFastToFast (Handle< JSObject > object, Handle< Map > new_map)
 
static void MigrateFastToSlow (Handle< JSObject > object, Handle< Map > new_map, int expected_additional_properties)
 
static void GeneralizeFieldRepresentation (Handle< JSObject > object, int modify_index, Representation new_representation, Handle< HeapType > new_field_type)
 
static void UpdateAllocationSite (Handle< JSObject > object, ElementsKind to_kind)
 
static MUST_USE_RESULT MaybeHandle< ObjectGetPropertyWithFailedAccessCheck (LookupIterator *it)
 
static MUST_USE_RESULT MaybeHandle< ObjectGetElementWithCallback (Handle< JSObject > object, Handle< Object > receiver, Handle< Object > structure, uint32_t index, Handle< Object > holder)
 
static MUST_USE_RESULT Maybe< PropertyAttributesGetElementAttributeWithInterceptor (Handle< JSObject > object, Handle< JSReceiver > receiver, uint32_t index, bool continue_search)
 
static MUST_USE_RESULT Maybe< PropertyAttributesGetElementAttributeWithoutInterceptor (Handle< JSObject > object, Handle< JSReceiver > receiver, uint32_t index, bool continue_search)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetElementWithCallback (Handle< JSObject > object, Handle< Object > structure, uint32_t index, Handle< Object > value, Handle< JSObject > holder, StrictMode strict_mode)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetElementWithInterceptor (Handle< JSObject > object, uint32_t index, Handle< Object > value, PropertyAttributes attributes, StrictMode strict_mode, bool check_prototype, SetPropertyMode set_mode)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetElementWithoutInterceptor (Handle< JSObject > object, uint32_t index, Handle< Object > value, PropertyAttributes attributes, StrictMode strict_mode, bool check_prototype, SetPropertyMode set_mode)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetElementWithCallbackSetterInPrototypes (Handle< JSObject > object, uint32_t index, Handle< Object > value, bool *found, StrictMode strict_mode)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetDictionaryElement (Handle< JSObject > object, uint32_t index, Handle< Object > value, PropertyAttributes attributes, StrictMode strict_mode, bool check_prototype, SetPropertyMode set_mode=SET_PROPERTY)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetFastDoubleElement (Handle< JSObject > object, uint32_t index, Handle< Object > value, StrictMode strict_mode, bool check_prototype=true)
 
static MUST_USE_RESULT MaybeHandle< ObjectSetPropertyWithFailedAccessCheck (LookupIterator *it, Handle< Object > value, StrictMode strict_mode)
 
static void AddSlowProperty (Handle< JSObject > object, Handle< Name > name, Handle< Object > value, PropertyAttributes attributes)
 
static MUST_USE_RESULT MaybeHandle< ObjectDeleteProperty (Handle< JSObject > object, Handle< Name > name, DeleteMode mode)
 
static MUST_USE_RESULT MaybeHandle< ObjectDeletePropertyWithInterceptor (Handle< JSObject > holder, Handle< JSObject > receiver, Handle< Name > name)
 
static Handle< ObjectDeleteNormalizedProperty (Handle< JSObject > object, Handle< Name > name, DeleteMode mode)
 
static MUST_USE_RESULT MaybeHandle< ObjectDeleteElement (Handle< JSObject > object, uint32_t index, DeleteMode mode)
 
static MUST_USE_RESULT MaybeHandle< ObjectDeleteElementWithInterceptor (Handle< JSObject > object, uint32_t index)
 
static bool CanSetCallback (Handle< JSObject > object, Handle< Name > name)
 
static void SetElementCallback (Handle< JSObject > object, uint32_t index, Handle< Object > structure, PropertyAttributes attributes)
 
static void SetPropertyCallback (Handle< JSObject > object, Handle< Name > name, Handle< Object > structure, PropertyAttributes attributes)
 
static void DefineElementAccessor (Handle< JSObject > object, uint32_t index, Handle< Object > getter, Handle< Object > setter, PropertyAttributes attributes)
 
static Handle< ObjectHashTableGetOrCreateHiddenPropertiesHashtable (Handle< JSObject > object)
 
static Handle< ObjectSetHiddenPropertiesHashTable (Handle< JSObject > object, Handle< Object > value)
 
static Handle< SmiGetOrCreateIdentityHash (Handle< JSObject > object)
 

Friends

class DictionaryElementsAccessor
 
class JSReceiver
 
class Object
 

Additional Inherited Members

- Protected Member Functions inherited from v8::internal::HeapObject
void IteratePointers (ObjectVisitor *v, int start, int end)
 
void IteratePointer (ObjectVisitor *v, int offset)
 
void IterateNextCodeLink (ObjectVisitor *v, int offset)
 

Detailed Description

Definition at line 1659 of file objects.h.

Member Enumeration Documentation

◆ DeepCopyHints

enum v8::internal::JSObject::DeepCopyHints
Enumerator
kNoHints 
kObjectIsShallow 

Definition at line 2094 of file objects.h.

2094 { kNoHints = 0, kObjectIsShallow = 1 };

◆ ExecutableAccessorInfoHandling

enum v8::internal::JSObject::ExecutableAccessorInfoHandling
Enumerator
DEFAULT_HANDLING 
DONT_FORCE_FIELD 

Definition at line 1761 of file objects.h.

1761  {
1762  DEFAULT_HANDLING,
1763  DONT_FORCE_FIELD
1764  };

◆ SetFastElementsCapacitySmiMode

enum v8::internal::JSObject::SetFastElementsCapacitySmiMode
Enumerator
kAllowSmiElements 
kForceSmiElements 
kDontAllowSmiElements 

Definition at line 1951 of file objects.h.

1951  {
1952  kAllowSmiElements,
1953  kForceSmiElements,
1954  kDontAllowSmiElements
1955  };

Member Function Documentation

◆ AddProperty()

void v8::internal::JSObject::AddProperty ( Handle< JSObject object,
Handle< Name key,
Handle< Object value,
PropertyAttributes  attributes 
)
static

Definition at line 3786 of file objects.cc.

3788  {
3789  LookupIterator it(object, name, LookupIterator::OWN_SKIP_INTERCEPTOR);
3790  CHECK_NE(LookupIterator::ACCESS_CHECK, it.state());
3791 #ifdef DEBUG
3792  uint32_t index;
3793  DCHECK(!object->IsJSProxy());
3794  DCHECK(!name->AsArrayIndex(&index));
3795  Maybe<PropertyAttributes> maybe = GetPropertyAttributes(&it);
3796  DCHECK(maybe.has_value);
3797  DCHECK(!it.IsFound());
3798  DCHECK(object->map()->is_extensible() ||
3799  name.is_identical_to(it.isolate()->factory()->hidden_string()));
3800 #endif
3801  AddDataProperty(&it, value, attributes, STRICT,
3802  CERTAINLY_NOT_STORE_FROM_KEYED).Check();
3803 }
uint32_t
v8::internal::JSReceiver::GetPropertyAttributes
static MUST_USE_RESULT Maybe< PropertyAttributes > GetPropertyAttributes(Handle< JSReceiver > object, Handle< Name > name)
Definition: objects-inl.h:6670
v8::internal::Object::AddDataProperty
static MUST_USE_RESULT MaybeHandle< Object > AddDataProperty(LookupIterator *it, Handle< Object > value, PropertyAttributes attributes, StrictMode strict_mode, StoreFromKeyed store_mode)
Definition: objects.cc:2968
v8::internal::Object::LookupIterator
friend class LookupIterator
Definition: objects.h:1226
v8::internal::Object::CERTAINLY_NOT_STORE_FROM_KEYED
@ CERTAINLY_NOT_STORE_FROM_KEYED
Definition: objects.h:1007
name
enable harmony numeric enable harmony object literal extensions Optimize object Array DOM strings and string trace pretenuring decisions of HAllocate instructions Enables optimizations which favor memory size over execution speed maximum source size in bytes considered for a single inlining maximum cumulative number of AST nodes considered for inlining trace the tracking of allocation sites deoptimize every n garbage collections perform array bounds checks elimination analyze liveness of environment slots and zap dead values flushes the cache of optimized code for closures on every GC allow uint32 values on optimize frames if they are used only in safe operations track concurrent recompilation artificial compilation delay in ms do not emit check maps for constant values that have a leaf deoptimize the optimized code if the layout of the maps changes enable context specialization in TurboFan execution budget before interrupt is triggered max percentage of megamorphic generic ICs to allow optimization enable use of SAHF instruction if enable use of VFP3 instructions if available enable use of NEON instructions if enable use of SDIV and UDIV instructions if enable use of MLS instructions if enable loading bit constant by means of movw movt instruction enable unaligned accesses for enable use of d16 d31 registers on ARM this requires VFP3 force all emitted branches to be in long enable alignment of csp to bytes on platforms which prefer the register to always be expose gc extension under the specified name show built in functions in stack traces use random jit cookie to mask large constants minimum length for automatic enable preparsing CPU profiler sampling interval in microseconds trace out of bounds accesses to external arrays default size of stack region v8 is allowed to maximum length of function source code printed in a stack trace min size of a semi the new space consists of two semi spaces print one trace line following each garbage collection do not print trace line after scavenger collection print cumulative GC statistics in name
Definition: flag-definitions.h:504
CHECK_NE
#define CHECK_NE(unexpected, value)
Definition: logging.h:173
DCHECK
#define DCHECK(condition)
Definition: logging.h:205
v8::maybe
Maybe< T > maybe(T t)
Definition: v8.h:902

References v8::internal::Object::AddDataProperty(), v8::internal::Object::CERTAINLY_NOT_STORE_FROM_KEYED, CHECK_NE, DCHECK, v8::internal::Object::LookupIterator, v8::maybe(), name, and v8::internal::STRICT.

Referenced by v8::internal::Isolate::CaptureCurrentStackTrace(), and v8::internal::InstallBuiltin().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ AddSlowProperty()

void v8::internal::JSObject::AddSlowProperty ( Handle< JSObject object,
Handle< Name name,
Handle< Object value,
PropertyAttributes  attributes 
)
staticprivate

Definition at line 1762 of file objects.cc.

1765  {
1766  DCHECK(!object->HasFastProperties());
1767  Isolate* isolate = object->GetIsolate();
1768  Handle<NameDictionary> dict(object->property_dictionary());
1769  if (object->IsGlobalObject()) {
1770  // In case name is an orphaned property reuse the cell.
1771  int entry = dict->FindEntry(name);
1772  if (entry != NameDictionary::kNotFound) {
1773  Handle<PropertyCell> cell(PropertyCell::cast(dict->ValueAt(entry)));
1774  PropertyCell::SetValueInferType(cell, value);
1775  // Assign an enumeration index to the property and update
1776  // SetNextEnumerationIndex.
1777  int index = dict->NextEnumerationIndex();
1778  PropertyDetails details = PropertyDetails(attributes, NORMAL, index);
1779  dict->SetNextEnumerationIndex(index + 1);
1780  dict->SetEntry(entry, name, cell, details);
1781  return;
1782  }
1783  Handle<PropertyCell> cell = isolate->factory()->NewPropertyCell(value);
1784  PropertyCell::SetValueInferType(cell, value);
1785  value = cell;
1786  }
1787  PropertyDetails details = PropertyDetails(attributes, NORMAL, 0);
1788  Handle<NameDictionary> result =
1789  NameDictionary::Add(dict, name, value, details);
1790  if (*dict != *result) object->set_properties(*result);
1791 }
v8::internal::Dictionary< NameDictionary, NameDictionaryShape, Handle< Name > >::Add
static MUST_USE_RESULT Handle< NameDictionary > Add(Handle< NameDictionary > dictionary, Handle< Name > key, Handle< Object > value, PropertyDetails details)
Definition: objects.cc:15024
v8::internal::HashTable::kNotFound
static const int kNotFound
Definition: objects.h:3283
v8::internal::PropertyCell::SetValueInferType
static void SetValueInferType(Handle< PropertyCell > cell, Handle< Object > value)
Definition: objects.cc:16367

Referenced by v8::internal::Object::AddDataProperty().

+ Here is the caller graph for this function:

◆ AllocateStorageForMap()

void v8::internal::JSObject::AllocateStorageForMap ( Handle< JSObject object,
Handle< Map map 
)
static

Definition at line 3707 of file objects.cc.

3707  {
3708  DCHECK(object->map()->inobject_properties() == map->inobject_properties());
3709  ElementsKind obj_kind = object->map()->elements_kind();
3710  ElementsKind map_kind = map->elements_kind();
3711  if (map_kind != obj_kind) {
3712  ElementsKind to_kind = map_kind;
3713  if (IsMoreGeneralElementsKindTransition(map_kind, obj_kind) ||
3714  IsDictionaryElementsKind(obj_kind)) {
3715  to_kind = obj_kind;
3716  }
3717  if (IsDictionaryElementsKind(to_kind)) {
3718  NormalizeElements(object);
3719  } else {
3720  TransitionElementsKind(object, to_kind);
3721  }
3722  map = Map::AsElementsKind(map, to_kind);
3723  }
3724  JSObject::MigrateToMap(object, map);
3725 }
v8::internal::JSObject::TransitionElementsKind
static void TransitionElementsKind(Handle< JSObject > object, ElementsKind to_kind)
Definition: objects.cc:12706
v8::internal::JSObject::MigrateToMap
static void MigrateToMap(Handle< JSObject > object, Handle< Map > new_map)
Definition: objects.cc:1886
v8::internal::JSObject::NormalizeElements
static Handle< SeededNumberDictionary > NormalizeElements(Handle< JSObject > object)
Definition: objects.cc:4459
v8::internal::Map::elements_kind
ElementsKind elements_kind()
Definition: objects.h:5730
v8::internal::Map::AsElementsKind
static Handle< Map > AsElementsKind(Handle< Map > map, ElementsKind kind)
Definition: objects.cc:3374
v8::internal::IsMoreGeneralElementsKindTransition
bool IsMoreGeneralElementsKindTransition(ElementsKind from_kind, ElementsKind to_kind)
Definition: elements-kind.cc:157
v8::internal::IsDictionaryElementsKind
bool IsDictionaryElementsKind(ElementsKind kind)
Definition: elements-kind.h:85

References v8::internal::Map::AsElementsKind(), DCHECK, v8::internal::Map::elements_kind(), v8::internal::Map::inobject_properties(), v8::internal::IsDictionaryElementsKind(), v8::internal::IsMoreGeneralElementsKindTransition(), v8::internal::HeapObject::map(), and MigrateToMap().

+ Here is the call graph for this function:

◆ CanSetCallback()

static bool v8::internal::JSObject::CanSetCallback ( Handle< JSObject object,
Handle< Name name 
)
staticprivate

◆ Copy()

static Handle<JSObject> v8::internal::JSObject::Copy ( Handle< JSObject object)
static

◆ DECL_ACCESSORS()

v8::internal::JSObject::DECL_ACCESSORS ( properties  ,
FixedArray   
)

◆ DeepCopy()

MaybeHandle< JSObject > v8::internal::JSObject::DeepCopy ( Handle< JSObject object,
AllocationSiteUsageContext site_context,
DeepCopyHints  hints = kNoHints 
)
static

Definition at line 5593 of file objects.cc.

5596  {
5597  JSObjectWalkVisitor<AllocationSiteUsageContext> v(site_context, true, hints);
5598  MaybeHandle<JSObject> copy = v.StructureWalk(object);
5599  Handle<JSObject> for_assert;
5600  DCHECK(!copy.ToHandle(&for_assert) || !for_assert.is_identical_to(object));
5601  return copy;
5602 }

References DCHECK, and v8::internal::JSObjectWalkVisitor< ContextObject >::StructureWalk().

Referenced by v8::internal::CreateArrayLiteralImpl(), and v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ DeepWalk()

MaybeHandle< JSObject > v8::internal::JSObject::DeepWalk ( Handle< JSObject object,
AllocationSiteCreationContext site_context 
)
static

Definition at line 5581 of file objects.cc.

5583  {
5584  JSObjectWalkVisitor<AllocationSiteCreationContext> v(site_context, false,
5585  kNoHints);
5586  MaybeHandle<JSObject> result = v.StructureWalk(object);
5587  Handle<JSObject> for_assert;
5588  DCHECK(!result.ToHandle(&for_assert) || for_assert.is_identical_to(object));
5589  return result;
5590 }

References DCHECK, and v8::internal::JSObjectWalkVisitor< ContextObject >::StructureWalk().

Referenced by v8::internal::GetLiteralAllocationSite(), and v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ DefineAccessor()

MaybeHandle< Object > v8::internal::JSObject::DefineAccessor ( Handle< JSObject object,
Handle< Name name,
Handle< Object getter,
Handle< Object setter,
PropertyAttributes  attributes 
)
static

Definition at line 6095 of file objects.cc.

6099  {
6100  Isolate* isolate = object->GetIsolate();
6101  // Check access rights if needed.
6102  if (object->IsAccessCheckNeeded() &&
6103  !isolate->MayNamedAccess(object, name, v8::ACCESS_SET)) {
6104  isolate->ReportFailedAccessCheck(object, v8::ACCESS_SET);
6105  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
6106  return isolate->factory()->undefined_value();
6107  }
6108 
6109  if (object->IsJSGlobalProxy()) {
6110  PrototypeIterator iter(isolate, object);
6111  if (iter.IsAtEnd()) return isolate->factory()->undefined_value();
6112  DCHECK(PrototypeIterator::GetCurrent(iter)->IsJSGlobalObject());
6113  DefineAccessor(Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)),
6114  name, getter, setter, attributes);
6115  return isolate->factory()->undefined_value();
6116  }
6117 
6118  // Make sure that the top context does not change when doing callbacks or
6119  // interceptor calls.
6120  AssertNoContextChange ncc(isolate);
6121 
6122  // Try to flatten before operating on the string.
6123  if (name->IsString()) name = String::Flatten(Handle<String>::cast(name));
6124 
6125  uint32_t index = 0;
6126  bool is_element = name->AsArrayIndex(&index);
6127 
6128  Handle<Object> old_value = isolate->factory()->the_hole_value();
6129  bool is_observed = object->map()->is_observed() &&
6130  *name != isolate->heap()->hidden_string();
6131  bool preexists = false;
6132  if (is_observed) {
6133  if (is_element) {
6134  Maybe<bool> maybe = HasOwnElement(object, index);
6135  // Workaround for a GCC 4.4.3 bug which leads to "‘preexists’ may be used
6136  // uninitialized in this function".
6137  if (!maybe.has_value) {
6138  DCHECK(false);
6139  return isolate->factory()->undefined_value();
6140  }
6141  preexists = maybe.value;
6142  if (preexists && GetOwnElementAccessorPair(object, index).is_null()) {
6143  old_value =
6144  Object::GetElement(isolate, object, index).ToHandleChecked();
6145  }
6146  } else {
6147  LookupIterator it(object, name, LookupIterator::HIDDEN_SKIP_INTERCEPTOR);
6148  CHECK(GetPropertyAttributes(&it).has_value);
6149  preexists = it.IsFound();
6150  if (preexists && (it.state() == LookupIterator::DATA ||
6151  it.GetAccessors()->IsAccessorInfo())) {
6152  old_value = GetProperty(&it).ToHandleChecked();
6153  }
6154  }
6155  }
6156 
6157  if (is_element) {
6158  DefineElementAccessor(object, index, getter, setter, attributes);
6159  } else {
6160  DCHECK(getter->IsSpecFunction() || getter->IsUndefined() ||
6161  getter->IsNull());
6162  DCHECK(setter->IsSpecFunction() || setter->IsUndefined() ||
6163  setter->IsNull());
6164  // At least one of the accessors needs to be a new value.
6165  DCHECK(!getter->IsNull() || !setter->IsNull());
6166  LookupIterator it(object, name, LookupIterator::OWN_SKIP_INTERCEPTOR);
6167  if (it.state() == LookupIterator::ACCESS_CHECK) {
6168  // We already did an access check before. We do have access.
6169  it.Next();
6170  }
6171  if (!getter->IsNull()) {
6172  it.TransitionToAccessorProperty(ACCESSOR_GETTER, getter, attributes);
6173  }
6174  if (!setter->IsNull()) {
6175  it.TransitionToAccessorProperty(ACCESSOR_SETTER, setter, attributes);
6176  }
6177  }
6178 
6179  if (is_observed) {
6180  const char* type = preexists ? "reconfigure" : "add";
6181  EnqueueChangeRecord(object, type, name, old_value);
6182  }
6183 
6184  return isolate->factory()->undefined_value();
6185 }
v8::internal::Handle::cast
static Handle< T > cast(Handle< S > that)
Definition: handles.h:116
v8::internal::JSObject::Object
friend class Object
Definition: objects.h:2219
v8::internal::JSObject::GetOwnElementAccessorPair
static MUST_USE_RESULT MaybeHandle< AccessorPair > GetOwnElementAccessorPair(Handle< JSObject > object, uint32_t index)
Definition: objects.cc:11759
v8::internal::JSObject::EnqueueChangeRecord
static void EnqueueChangeRecord(Handle< JSObject > object, const char *type, Handle< Name > name, Handle< Object > old_value)
Definition: objects.cc:1809
v8::internal::JSObject::DefineAccessor
static MaybeHandle< Object > DefineAccessor(Handle< JSObject > object, Handle< Name > name, Handle< Object > getter, Handle< Object > setter, PropertyAttributes attributes)
Definition: objects.cc:6095
v8::internal::JSObject::DefineElementAccessor
static void DefineElementAccessor(Handle< JSObject > object, uint32_t index, Handle< Object > getter, Handle< Object > setter, PropertyAttributes attributes)
Definition: objects.cc:5937
v8::internal::JSReceiver::HasOwnElement
static MUST_USE_RESULT Maybe< bool > HasOwnElement(Handle< JSReceiver > object, uint32_t index)
Definition: objects-inl.h:6730
v8::internal::Object::PrototypeIterator
friend class PrototypeIterator
Definition: objects.h:1227
v8::internal::Object::GetElement
static MUST_USE_RESULT MaybeHandle< Object > GetElement(Isolate *isolate, Handle< Object > object, uint32_t index)
Definition: objects-inl.h:1113
v8::internal::Object::GetProperty
static MUST_USE_RESULT MaybeHandle< Object > GetProperty(LookupIterator *it)
Definition: objects.cc:109
v8::internal::PrototypeIterator::GetCurrent
Object * GetCurrent() const
Definition: prototype.h:62
v8::internal::String::Flatten
static Handle< String > Flatten(Handle< String > string, PretenureFlag pretenure=NOT_TENURED)
Definition: objects-inl.h:3354
RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION
#define RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, T)
Definition: isolate.h:120
CHECK
#define CHECK(condition)
Definition: logging.h:36
v8::internal::ACCESSOR_GETTER
@ ACCESSOR_GETTER
Definition: objects.h:1558
v8::internal::ACCESSOR_SETTER
@ ACCESSOR_SETTER
Definition: objects.h:1559
v8::ACCESS_SET
@ ACCESS_SET
Definition: v8.h:3521

References v8::ACCESS_SET, v8::internal::ACCESSOR_GETTER, v8::internal::ACCESSOR_SETTER, CHECK, DCHECK, v8::internal::Isolate::factory(), v8::internal::String::Flatten(), v8::internal::PrototypeIterator::GetCurrent(), v8::internal::Object::GetElement(), v8::internal::Object::GetProperty(), v8::internal::Isolate::heap(), v8::internal::Heap::hidden_string(), v8::internal::PrototypeIterator::IsAtEnd(), v8::internal::Object::LookupIterator, v8::maybe(), v8::internal::Isolate::MayNamedAccess(), name, v8::internal::Isolate::ReportFailedAccessCheck(), and RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION.

Referenced by v8::internal::RUNTIME_FUNCTION(), and v8::Object::SetAccessorProperty().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ DefineElementAccessor()

void v8::internal::JSObject::DefineElementAccessor ( Handle< JSObject object,
uint32_t  index,
Handle< Object getter,
Handle< Object setter,
PropertyAttributes  attributes 
)
staticprivate

Definition at line 5937 of file objects.cc.

5941  {
5942  switch (object->GetElementsKind()) {
5943  case FAST_SMI_ELEMENTS:
5944  case FAST_ELEMENTS:
5945  case FAST_DOUBLE_ELEMENTS:
5946  case FAST_HOLEY_SMI_ELEMENTS:
5947  case FAST_HOLEY_ELEMENTS:
5948  case FAST_HOLEY_DOUBLE_ELEMENTS:
5949  break;
5950 
5951 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
5952  case EXTERNAL_##TYPE##_ELEMENTS: \
5953  case TYPE##_ELEMENTS: \
5954 
5955  TYPED_ARRAYS(TYPED_ARRAY_CASE)
5956 #undef TYPED_ARRAY_CASE
5957  // Ignore getters and setters on pixel and external array elements.
5958  return;
5959 
5960  case DICTIONARY_ELEMENTS:
5961  if (UpdateGetterSetterInDictionary(object->element_dictionary(),
5962  index,
5963  *getter,
5964  *setter,
5965  attributes)) {
5966  return;
5967  }
5968  break;
5969  case SLOPPY_ARGUMENTS_ELEMENTS: {
5970  // Ascertain whether we have read-only properties or an existing
5971  // getter/setter pair in an arguments elements dictionary backing
5972  // store.
5973  FixedArray* parameter_map = FixedArray::cast(object->elements());
5974  uint32_t length = parameter_map->length();
5975  Object* probe =
5976  index < (length - 2) ? parameter_map->get(index + 2) : NULL;
5977  if (probe == NULL || probe->IsTheHole()) {
5978  FixedArray* arguments = FixedArray::cast(parameter_map->get(1));
5979  if (arguments->IsDictionary()) {
5980  SeededNumberDictionary* dictionary =
5981  SeededNumberDictionary::cast(arguments);
5982  if (UpdateGetterSetterInDictionary(dictionary,
5983  index,
5984  *getter,
5985  *setter,
5986  attributes)) {
5987  return;
5988  }
5989  }
5990  }
5991  break;
5992  }
5993  }
5994 
5995  Isolate* isolate = object->GetIsolate();
5996  Handle<AccessorPair> accessors = isolate->factory()->NewAccessorPair();
5997  accessors->SetComponents(*getter, *setter);
5998 
5999  SetElementCallback(object, index, accessors, attributes);
6000 }
v8::internal::JSObject::SetElementCallback
static void SetElementCallback(Handle< JSObject > object, uint32_t index, Handle< Object > structure, PropertyAttributes attributes)
Definition: objects.cc:6024
NULL
enable harmony numeric enable harmony object literal extensions Optimize object Array DOM strings and string trace pretenuring decisions of HAllocate instructions Enables optimizations which favor memory size over execution speed maximum source size in bytes considered for a single inlining maximum cumulative number of AST nodes considered for inlining trace the tracking of allocation sites deoptimize every n garbage collections perform array bounds checks elimination analyze liveness of environment slots and zap dead values flushes the cache of optimized code for closures on every GC allow uint32 values on optimize frames if they are used only in safe operations track concurrent recompilation artificial compilation delay in ms do not emit check maps for constant values that have a leaf deoptimize the optimized code if the layout of the maps changes enable context specialization in TurboFan execution budget before interrupt is triggered max percentage of megamorphic generic ICs to allow optimization enable use of SAHF instruction if enable use of VFP3 instructions if available enable use of NEON instructions if enable use of SDIV and UDIV instructions if enable use of MLS instructions if enable loading bit constant by means of movw movt instruction enable unaligned accesses for enable use of d16 d31 registers on ARM this requires VFP3 force all emitted branches to be in long enable alignment of csp to bytes on platforms which prefer the register to always be NULL
Definition: flag-definitions.h:407
v8::internal::FAST_HOLEY_DOUBLE_ELEMENTS
@ FAST_HOLEY_DOUBLE_ELEMENTS
Definition: elements-kind.h:27
v8::internal::SLOPPY_ARGUMENTS_ELEMENTS
@ SLOPPY_ARGUMENTS_ELEMENTS
Definition: elements-kind.h:31
v8::internal::FAST_HOLEY_SMI_ELEMENTS
@ FAST_HOLEY_SMI_ELEMENTS
Definition: elements-kind.h:17
v8::internal::UpdateGetterSetterInDictionary
static bool UpdateGetterSetterInDictionary(SeededNumberDictionary *dictionary, uint32_t index, Object *getter, Object *setter, PropertyAttributes attributes)
Definition: objects.cc:5912
TYPED_ARRAY_CASE
#define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size)
TYPED_ARRAYS
#define TYPED_ARRAYS(V)
Definition: objects.h:4433

References v8::internal::DICTIONARY_ELEMENTS, v8::internal::Isolate::factory(), v8::internal::FAST_DOUBLE_ELEMENTS, v8::internal::FAST_ELEMENTS, v8::internal::FAST_HOLEY_DOUBLE_ELEMENTS, v8::internal::FAST_HOLEY_ELEMENTS, v8::internal::FAST_HOLEY_SMI_ELEMENTS, v8::internal::FAST_SMI_ELEMENTS, v8::internal::FixedArray::get(), v8::internal::FixedArrayBase::length(), NULL, v8::internal::SLOPPY_ARGUMENTS_ELEMENTS, TYPED_ARRAY_CASE, TYPED_ARRAYS, and v8::internal::UpdateGetterSetterInDictionary().

+ Here is the call graph for this function:

◆ DeleteElement()

MaybeHandle< Object > v8::internal::JSObject::DeleteElement ( Handle< JSObject object,
uint32_t  index,
DeleteMode  mode 
)
staticprivate

Definition at line 4838 of file objects.cc.

4840  {
4841  Isolate* isolate = object->GetIsolate();
4842  Factory* factory = isolate->factory();
4843 
4844  // Check access rights if needed.
4845  if (object->IsAccessCheckNeeded() &&
4846  !isolate->MayIndexedAccess(object, index, v8::ACCESS_DELETE)) {
4847  isolate->ReportFailedAccessCheck(object, v8::ACCESS_DELETE);
4848  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
4849  return factory->false_value();
4850  }
4851 
4852  if (object->IsStringObjectWithCharacterAt(index)) {
4853  if (mode == STRICT_DELETION) {
4854  // Deleting a non-configurable property in strict mode.
4855  Handle<Object> name = factory->NewNumberFromUint(index);
4856  Handle<Object> args[2] = { name, object };
4857  THROW_NEW_ERROR(isolate, NewTypeError("strict_delete_property",
4858  HandleVector(args, 2)),
4859  Object);
4860  }
4861  return factory->false_value();
4862  }
4863 
4864  if (object->IsJSGlobalProxy()) {
4865  PrototypeIterator iter(isolate, object);
4866  if (iter.IsAtEnd()) return factory->false_value();
4867  DCHECK(PrototypeIterator::GetCurrent(iter)->IsJSGlobalObject());
4868  return DeleteElement(
4869  Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)), index,
4870  mode);
4871  }
4872 
4873  Handle<Object> old_value;
4874  bool should_enqueue_change_record = false;
4875  if (object->map()->is_observed()) {
4876  Maybe<bool> maybe = HasOwnElement(object, index);
4877  if (!maybe.has_value) return MaybeHandle<Object>();
4878  should_enqueue_change_record = maybe.value;
4879  if (should_enqueue_change_record) {
4880  if (!GetOwnElementAccessorPair(object, index).is_null()) {
4881  old_value = Handle<Object>::cast(factory->the_hole_value());
4882  } else {
4883  old_value = Object::GetElement(
4884  isolate, object, index).ToHandleChecked();
4885  }
4886  }
4887  }
4888 
4889  // Skip interceptor if forcing deletion.
4890  MaybeHandle<Object> maybe_result;
4891  if (object->HasIndexedInterceptor() && mode != FORCE_DELETION) {
4892  maybe_result = DeleteElementWithInterceptor(object, index);
4893  } else {
4894  maybe_result = object->GetElementsAccessor()->Delete(object, index, mode);
4895  }
4896  Handle<Object> result;
4897  ASSIGN_RETURN_ON_EXCEPTION(isolate, result, maybe_result, Object);
4898 
4899  if (should_enqueue_change_record) {
4900  Maybe<bool> maybe = HasOwnElement(object, index);
4901  if (!maybe.has_value) return MaybeHandle<Object>();
4902  if (!maybe.value) {
4903  Handle<String> name = factory->Uint32ToString(index);
4904  EnqueueChangeRecord(object, "delete", name, old_value);
4905  }
4906  }
4907 
4908  return result;
4909 }
v8::internal::JSObject::DeleteElement
static MUST_USE_RESULT MaybeHandle< Object > DeleteElement(Handle< JSObject > object, uint32_t index, DeleteMode mode)
Definition: objects.cc:4838
v8::internal::JSObject::DeleteElementWithInterceptor
static MUST_USE_RESULT MaybeHandle< Object > DeleteElementWithInterceptor(Handle< JSObject > object, uint32_t index)
Definition: objects.cc:4805
mode
enable harmony numeric enable harmony object literal extensions Optimize object Array DOM strings and string trace pretenuring decisions of HAllocate instructions Enables optimizations which favor memory size over execution speed maximum source size in bytes considered for a single inlining maximum cumulative number of AST nodes considered for inlining trace the tracking of allocation sites deoptimize every n garbage collections perform array bounds checks elimination analyze liveness of environment slots and zap dead values flushes the cache of optimized code for closures on every GC allow uint32 values on optimize frames if they are used only in safe operations track concurrent recompilation artificial compilation delay in ms do not emit check maps for constant values that have a leaf deoptimize the optimized code if the layout of the maps changes enable context specialization in TurboFan execution budget before interrupt is triggered max percentage of megamorphic generic ICs to allow optimization enable use of SAHF instruction if enable use of VFP3 instructions if available enable use of NEON instructions if enable use of SDIV and UDIV instructions if enable use of MLS instructions if enable loading bit constant by means of movw movt instruction enable unaligned accesses for enable use of d16 d31 registers on ARM this requires VFP3 force all emitted branches to be in long mode(MIPS only)") DEFINE_BOOL(enable_always_align_csp
ASSIGN_RETURN_ON_EXCEPTION
#define ASSIGN_RETURN_ON_EXCEPTION(isolate, dst, call, T)
Definition: isolate.h:135
THROW_NEW_ERROR
#define THROW_NEW_ERROR(isolate, call, T)
Definition: isolate.h:138
v8::internal::HandleVector
Vector< Handle< Object > > HandleVector(v8::internal::Handle< T > *elms, int length)
Definition: utils.h:1100
v8::ACCESS_DELETE
@ ACCESS_DELETE
Definition: v8.h:3523

References v8::ACCESS_DELETE, ASSIGN_RETURN_ON_EXCEPTION, v8::internal::Handle< T >::cast(), DCHECK, v8::internal::Isolate::factory(), v8::internal::PrototypeIterator::GetCurrent(), v8::internal::Object::GetElement(), v8::internal::HandleVector(), v8::internal::PrototypeIterator::IsAtEnd(), v8::maybe(), v8::internal::Isolate::MayIndexedAccess(), mode(), name, v8::internal::Isolate::ReportFailedAccessCheck(), RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION, and THROW_NEW_ERROR.

Referenced by v8::internal::JSReceiver::DeleteElement().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ DeleteElementWithInterceptor()

MaybeHandle< Object > v8::internal::JSObject::DeleteElementWithInterceptor ( Handle< JSObject object,
uint32_t  index 
)
staticprivate

Definition at line 4805 of file objects.cc.

4807  {
4808  Isolate* isolate = object->GetIsolate();
4809  Factory* factory = isolate->factory();
4810 
4811  // Make sure that the top context does not change when doing
4812  // callbacks or interceptor calls.
4813  AssertNoContextChange ncc(isolate);
4814 
4815  Handle<InterceptorInfo> interceptor(object->GetIndexedInterceptor());
4816  if (interceptor->deleter()->IsUndefined()) return factory->false_value();
4817  v8::IndexedPropertyDeleterCallback deleter =
4818  v8::ToCData<v8::IndexedPropertyDeleterCallback>(interceptor->deleter());
4819  LOG(isolate,
4820  ApiIndexedPropertyAccess("interceptor-indexed-delete", *object, index));
4821  PropertyCallbackArguments args(
4822  isolate, interceptor->data(), *object, *object);
4823  v8::Handle<v8::Boolean> result = args.Call(deleter, index);
4824  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
4825  if (!result.IsEmpty()) {
4826  DCHECK(result->IsBoolean());
4827  Handle<Object> result_internal = v8::Utils::OpenHandle(*result);
4828  result_internal->VerifyApiCallResultType();
4829  // Rebox CustomArguments::kReturnValueOffset before returning.
4830  return handle(*result_internal, isolate);
4831  }
4832  MaybeHandle<Object> delete_result = object->GetElementsAccessor()->Delete(
4833  object, index, NORMAL_DELETION);
4834  return delete_result;
4835 }
v8::Handle::IsEmpty
bool IsEmpty() const
Returns true if the handle is empty.
Definition: v8.h:228
v8::Utils::OpenHandle
static v8::internal::Handle< To > OpenHandle(v8::Local< From > handle)
Definition: api.h:288
v8::Value::IsBoolean
bool IsBoolean() const
Returns true if this value is boolean.
Definition: api.cc:2500
LOG
#define LOG(isolate, Call)
Definition: log.h:69
v8::internal::handle
Handle< T > handle(T *t, Isolate *isolate)
Definition: handles.h:146
v8::IndexedPropertyDeleterCallback
void(* IndexedPropertyDeleterCallback)(uint32_t index, const PropertyCallbackInfo< Boolean > &info)
Returns a non-empty handle if the deleter intercepts the request.
Definition: v8.h:3503

References DCHECK, v8::internal::Isolate::factory(), v8::internal::handle(), v8::Value::IsBoolean(), v8::Handle< T >::IsEmpty(), LOG, v8::Utils::OpenHandle(), and RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION.

+ Here is the call graph for this function:

◆ DeleteHiddenProperty()

void v8::internal::JSObject::DeleteHiddenProperty ( Handle< JSObject object,
Handle< Name key 
)
static

Definition at line 4673 of file objects.cc.

4673  {
4674  Isolate* isolate = object->GetIsolate();
4675  DCHECK(key->IsUniqueName());
4676 
4677  if (object->IsJSGlobalProxy()) {
4678  PrototypeIterator iter(isolate, object);
4679  if (iter.IsAtEnd()) return;
4680  DCHECK(PrototypeIterator::GetCurrent(iter)->IsJSGlobalObject());
4681  return DeleteHiddenProperty(
4682  Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)), key);
4683  }
4684 
4685  Object* inline_value = object->GetHiddenPropertiesHashTable();
4686 
4687  // We never delete (inline-stored) identity hashes.
4688  DCHECK(*key != *isolate->factory()->identity_hash_string());
4689  if (inline_value->IsUndefined() || inline_value->IsSmi()) return;
4690 
4691  Handle<ObjectHashTable> hashtable(ObjectHashTable::cast(inline_value));
4692  bool was_present = false;
4693  ObjectHashTable::Remove(hashtable, key, &was_present);
4694 }
v8::internal::JSObject::DeleteHiddenProperty
static void DeleteHiddenProperty(Handle< JSObject > object, Handle< Name > key)
Definition: objects.cc:4673
v8::internal::ObjectHashTable::Remove
static Handle< ObjectHashTable > Remove(Handle< ObjectHashTable > table, Handle< Object > key, bool *was_present)
Definition: objects.cc:15330

References DCHECK, v8::internal::Isolate::factory(), v8::internal::PrototypeIterator::GetCurrent(), v8::internal::PrototypeIterator::IsAtEnd(), and v8::internal::ObjectHashTable::Remove().

Referenced by v8::Object::DeleteHiddenValue().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ DeleteNormalizedProperty()

Handle< Object > v8::internal::JSObject::DeleteNormalizedProperty ( Handle< JSObject object,
Handle< Name name,
DeleteMode  mode 
)
staticprivate

Definition at line 692 of file objects.cc.

694  {
695  DCHECK(!object->HasFastProperties());
696  Isolate* isolate = object->GetIsolate();
697  Handle<NameDictionary> dictionary(object->property_dictionary());
698  int entry = dictionary->FindEntry(name);
699  if (entry != NameDictionary::kNotFound) {
700  // If we have a global object set the cell to the hole.
701  if (object->IsGlobalObject()) {
702  PropertyDetails details = dictionary->DetailsAt(entry);
703  if (!details.IsConfigurable()) {
704  if (mode != FORCE_DELETION) return isolate->factory()->false_value();
705  // When forced to delete global properties, we have to make a
706  // map change to invalidate any ICs that think they can load
707  // from the non-configurable cell without checking if it contains
708  // the hole value.
709  Handle<Map> new_map = Map::CopyDropDescriptors(handle(object->map()));
710  DCHECK(new_map->is_dictionary_map());
711  JSObject::MigrateToMap(object, new_map);
712  }
713  Handle<PropertyCell> cell(PropertyCell::cast(dictionary->ValueAt(entry)));
714  Handle<Object> value = isolate->factory()->the_hole_value();
715  PropertyCell::SetValueInferType(cell, value);
716  dictionary->DetailsAtPut(entry, details.AsDeleted());
717  } else {
718  Handle<Object> deleted(
719  NameDictionary::DeleteProperty(dictionary, entry, mode));
720  if (*deleted == isolate->heap()->true_value()) {
721  Handle<NameDictionary> new_properties =
722  NameDictionary::Shrink(dictionary, name);
723  object->set_properties(*new_properties);
724  }
725  return deleted;
726  }
727  }
728  return isolate->factory()->true_value();
729 }
v8::internal::Dictionary< NameDictionary, NameDictionaryShape, Handle< Name > >::DeleteProperty
static Handle< Object > DeleteProperty(Handle< NameDictionary > dictionary, int entry, JSObject::DeleteMode mode)
Definition: objects.cc:14982
v8::internal::Dictionary< NameDictionary, NameDictionaryShape, Handle< Name > >::Shrink
static MUST_USE_RESULT Handle< NameDictionary > Shrink(Handle< NameDictionary > dictionary, Handle< Name > key)
Definition: objects.h:3522
v8::internal::Map::CopyDropDescriptors
static Handle< Map > CopyDropDescriptors(Handle< Map > map)
Definition: objects.cc:6468

References v8::internal::Map::CopyDropDescriptors(), DCHECK, v8::internal::Dictionary< NameDictionary, NameDictionaryShape, Handle< Name > >::DeleteProperty(), v8::internal::Isolate::factory(), v8::internal::JSReceiver::FORCE_DELETION, v8::internal::handle(), v8::internal::Isolate::heap(), v8::internal::HashTable< Derived, Shape, Key >::kNotFound, MigrateToMap(), mode(), name, v8::internal::PropertyCell::SetValueInferType(), and v8::internal::Dictionary< NameDictionary, NameDictionaryShape, Handle< Name > >::Shrink().

+ Here is the call graph for this function:

◆ DeleteProperty()

MaybeHandle< Object > v8::internal::JSObject::DeleteProperty ( Handle< JSObject object,
Handle< Name name,
DeleteMode  mode 
)
staticprivate

Definition at line 4912 of file objects.cc.

4914  {
4915  // ECMA-262, 3rd, 8.6.2.5
4916  DCHECK(name->IsName());
4917 
4918  uint32_t index = 0;
4919  if (name->AsArrayIndex(&index)) {
4920  return DeleteElement(object, index, delete_mode);
4921  }
4922 
4923  // Skip interceptors on FORCE_DELETION.
4924  LookupIterator::Configuration config =
4925  delete_mode == FORCE_DELETION ? LookupIterator::HIDDEN_SKIP_INTERCEPTOR
4926  : LookupIterator::HIDDEN;
4927 
4928  LookupIterator it(object, name, config);
4929 
4930  bool is_observed = object->map()->is_observed() &&
4931  *name != it.isolate()->heap()->hidden_string();
4932  Handle<Object> old_value = it.isolate()->factory()->the_hole_value();
4933 
4934  for (; it.IsFound(); it.Next()) {
4935  switch (it.state()) {
4936  case LookupIterator::JSPROXY:
4937  case LookupIterator::NOT_FOUND:
4938  case LookupIterator::TRANSITION:
4939  UNREACHABLE();
4940  case LookupIterator::ACCESS_CHECK:
4941  if (it.HasAccess(v8::ACCESS_DELETE)) break;
4942  it.isolate()->ReportFailedAccessCheck(it.GetHolder<JSObject>(),
4943  v8::ACCESS_DELETE);
4944  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(it.isolate(), Object);
4945  return it.isolate()->factory()->false_value();
4946  case LookupIterator::INTERCEPTOR: {
4947  MaybeHandle<Object> maybe_result =
4948  JSObject::DeletePropertyWithInterceptor(it.GetHolder<JSObject>(),
4949  object, it.name());
4950  // Delete with interceptor succeeded. Return result.
4951  if (!maybe_result.is_null()) return maybe_result;
4952  // An exception was thrown in the interceptor. Propagate.
4953  if (it.isolate()->has_pending_exception()) return maybe_result;
4954  break;
4955  }
4956  case LookupIterator::DATA:
4957  if (is_observed) {
4958  old_value = it.GetDataValue();
4959  }
4960  // Fall through.
4961  case LookupIterator::ACCESSOR: {
4962  if (delete_mode != FORCE_DELETION && !it.IsConfigurable()) {
4963  // Fail if the property is not configurable.
4964  if (delete_mode == STRICT_DELETION) {
4965  Handle<Object> args[2] = {name, object};
4966  THROW_NEW_ERROR(it.isolate(),
4967  NewTypeError("strict_delete_property",
4968  HandleVector(args, arraysize(args))),
4969  Object);
4970  }
4971  return it.isolate()->factory()->false_value();
4972  }
4973 
4974  PropertyNormalizationMode mode = object->map()->is_prototype_map()
4975  ? KEEP_INOBJECT_PROPERTIES
4976  : CLEAR_INOBJECT_PROPERTIES;
4977  Handle<JSObject> holder = it.GetHolder<JSObject>();
4978  // TODO(verwaest): Remove this temporary compatibility hack when blink
4979  // tests are updated.
4980  if (!holder.is_identical_to(object) &&
4981  !(object->IsJSGlobalProxy() && holder->IsJSGlobalObject())) {
4982  return it.isolate()->factory()->true_value();
4983  }
4984  NormalizeProperties(holder, mode, 0);
4985  Handle<Object> result =
4986  DeleteNormalizedProperty(holder, name, delete_mode);
4987  ReoptimizeIfPrototype(holder);
4988 
4989  if (is_observed) {
4990  EnqueueChangeRecord(object, "delete", name, old_value);
4991  }
4992 
4993  return result;
4994  }
4995  }
4996  }
4997 
4998  return it.isolate()->factory()->true_value();
4999 }
v8::internal::JSObject::NormalizeProperties
static void NormalizeProperties(Handle< JSObject > object, PropertyNormalizationMode mode, int expected_additional_properties)
Definition: objects.cc:4166
v8::internal::JSObject::ReoptimizeIfPrototype
static void ReoptimizeIfPrototype(Handle< JSObject > object)
Definition: objects.cc:9349
v8::internal::JSObject::DeletePropertyWithInterceptor
static MUST_USE_RESULT MaybeHandle< Object > DeletePropertyWithInterceptor(Handle< JSObject > holder, Handle< JSObject > receiver, Handle< Name > name)
Definition: objects.cc:4776
v8::internal::JSObject::DeleteNormalizedProperty
static Handle< Object > DeleteNormalizedProperty(Handle< JSObject > object, Handle< Name > name, DeleteMode mode)
Definition: objects.cc:692
UNREACHABLE
#define UNREACHABLE()
Definition: logging.h:30
arraysize
#define arraysize(array)
Definition: macros.h:86
v8::internal::PropertyNormalizationMode
PropertyNormalizationMode
Definition: objects.h:247
v8::internal::KEEP_INOBJECT_PROPERTIES
@ KEEP_INOBJECT_PROPERTIES
Definition: objects.h:249
v8::internal::CLEAR_INOBJECT_PROPERTIES
@ CLEAR_INOBJECT_PROPERTIES
Definition: objects.h:248

References v8::ACCESS_DELETE, v8::internal::ACCESSOR, arraysize, v8::internal::CLEAR_INOBJECT_PROPERTIES, DCHECK, DeletePropertyWithInterceptor(), v8::internal::HandleVector(), v8::internal::MaybeHandle< T >::is_null(), v8::internal::KEEP_INOBJECT_PROPERTIES, v8::internal::Object::LookupIterator, mode(), name, RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION, THROW_NEW_ERROR, and UNREACHABLE.

Referenced by v8::internal::JSReceiver::DeleteProperty().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ DeletePropertyWithInterceptor()

MaybeHandle< Object > v8::internal::JSObject::DeletePropertyWithInterceptor ( Handle< JSObject holder,
Handle< JSObject receiver,
Handle< Name name 
)
staticprivate

Definition at line 4776 of file objects.cc.

4777  {
4778  Isolate* isolate = holder->GetIsolate();
4779 
4780  // TODO(rossberg): Support symbols in the API.
4781  if (name->IsSymbol()) return MaybeHandle<Object>();
4782 
4783  Handle<InterceptorInfo> interceptor(holder->GetNamedInterceptor());
4784  if (interceptor->deleter()->IsUndefined()) return MaybeHandle<Object>();
4785 
4786  v8::NamedPropertyDeleterCallback deleter =
4787  v8::ToCData<v8::NamedPropertyDeleterCallback>(interceptor->deleter());
4788  LOG(isolate,
4789  ApiNamedPropertyAccess("interceptor-named-delete", *holder, *name));
4790  PropertyCallbackArguments args(isolate, interceptor->data(), *receiver,
4791  *holder);
4792  v8::Handle<v8::Boolean> result =
4793  args.Call(deleter, v8::Utils::ToLocal(Handle<String>::cast(name)));
4794  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
4795  if (result.IsEmpty()) return MaybeHandle<Object>();
4796 
4797  DCHECK(result->IsBoolean());
4798  Handle<Object> result_internal = v8::Utils::OpenHandle(*result);
4799  result_internal->VerifyApiCallResultType();
4800  // Rebox CustomArguments::kReturnValueOffset before returning.
4801  return handle(*result_internal, isolate);
4802 }
v8::Utils::ToLocal
static Local< Context > ToLocal(v8::internal::Handle< v8::internal::Context > obj)
v8::NamedPropertyDeleterCallback
void(* NamedPropertyDeleterCallback)(Local< String > property, const PropertyCallbackInfo< Boolean > &info)
Returns a non-empty handle if the deleter intercepts the request.
Definition: v8.h:3457

References DCHECK, v8::internal::handle(), v8::Value::IsBoolean(), v8::Handle< T >::IsEmpty(), LOG, name, v8::Utils::OpenHandle(), RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION, and v8::Utils::ToLocal().

Referenced by DeleteProperty().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ DISALLOW_IMPLICIT_CONSTRUCTORS()

v8::internal::JSObject::DISALLOW_IMPLICIT_CONSTRUCTORS ( JSObject  )
private

◆ element_dictionary()

SeededNumberDictionary * v8::internal::JSObject::element_dictionary ( )
inline

Definition at line 6449 of file objects-inl.h.

6449  {
6450  DCHECK(HasDictionaryElements());
6451  return SeededNumberDictionary::cast(elements());
6452 }

References DCHECK, and HasDictionaryElements().

Referenced by v8::internal::V8HeapExplorer::ExtractElementReferences(), and GetAccessor().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ EnqueueChangeRecord()

void v8::internal::JSObject::EnqueueChangeRecord ( Handle< JSObject object,
const char *  type,
Handle< Name name,
Handle< Object old_value 
)
static

Definition at line 1809 of file objects.cc.

1812  {
1813  DCHECK(!object->IsJSGlobalProxy());
1814  DCHECK(!object->IsJSGlobalObject());
1815  Isolate* isolate = object->GetIsolate();
1816  HandleScope scope(isolate);
1817  Handle<String> type = isolate->factory()->InternalizeUtf8String(type_str);
1818  Handle<Object> args[] = { type, object, name, old_value };
1819  int argc = name.is_null() ? 2 : old_value->IsTheHole() ? 3 : 4;
1820 
1821  Execution::Call(isolate,
1822  Handle<JSFunction>(isolate->observers_notify_change()),
1823  isolate->factory()->undefined_value(),
1824  argc, args).Assert();
1825 }

Referenced by v8::internal::Object::AddDataProperty(), v8::internal::RUNTIME_FUNCTION(), v8::internal::Object::SetDataProperty(), v8::internal::JSArray::SetElementsLength(), and v8::internal::SetFunctionPrototype().

+ Here is the caller graph for this function:

◆ EnsureCanContainElements() [1/3]

void v8::internal::JSObject::EnsureCanContainElements ( Handle< JSObject object,
Arguments arguments,
uint32_t  first_arg,
uint32_t  arg_count,
EnsureElementsMode  mode 
)
static

Definition at line 11746 of file objects.cc.

11750  {
11751  // Elements in |Arguments| are ordered backwards (because they're on the
11752  // stack), but the method that's called here iterates over them in forward
11753  // direction.
11754  return EnsureCanContainElements(
11755  object, args->arguments() - first_arg - (arg_count - 1), arg_count, mode);
11756 }
v8::internal::JSObject::EnsureCanContainElements
static void EnsureCanContainElements(Handle< JSObject > object, Object **elements, uint32_t count, EnsureElementsMode mode)
Definition: objects-inl.h:1738

References mode().

+ Here is the call graph for this function:

◆ EnsureCanContainElements() [2/3]

void v8::internal::JSObject::EnsureCanContainElements ( Handle< JSObject object,
Handle< FixedArrayBase elements,
uint32_t  length,
EnsureElementsMode  mode 
)
inlinestatic

Definition at line 1780 of file objects-inl.h.

1783  {
1784  Heap* heap = object->GetHeap();
1785  if (elements->map() != heap->fixed_double_array_map()) {
1786  DCHECK(elements->map() == heap->fixed_array_map() ||
1787  elements->map() == heap->fixed_cow_array_map());
1788  if (mode == ALLOW_COPIED_DOUBLE_ELEMENTS) {
1789  mode = DONT_ALLOW_DOUBLE_ELEMENTS;
1790  }
1791  Object** objects =
1792  Handle<FixedArray>::cast(elements)->GetFirstElementAddress();
1793  EnsureCanContainElements(object, objects, length, mode);
1794  return;
1795  }
1796 
1797  DCHECK(mode == ALLOW_COPIED_DOUBLE_ELEMENTS);
1798  if (object->GetElementsKind() == FAST_HOLEY_SMI_ELEMENTS) {
1799  TransitionElementsKind(object, FAST_HOLEY_DOUBLE_ELEMENTS);
1800  } else if (object->GetElementsKind() == FAST_SMI_ELEMENTS) {
1801  Handle<FixedDoubleArray> double_array =
1802  Handle<FixedDoubleArray>::cast(elements);
1803  for (uint32_t i = 0; i < length; ++i) {
1804  if (double_array->is_the_hole(i)) {
1805  TransitionElementsKind(object, FAST_HOLEY_DOUBLE_ELEMENTS);
1806  return;
1807  }
1808  }
1809  TransitionElementsKind(object, FAST_DOUBLE_ELEMENTS);
1810  }
1811 }
v8::internal::DONT_ALLOW_DOUBLE_ELEMENTS
@ DONT_ALLOW_DOUBLE_ELEMENTS
Definition: objects.h:1540
v8::internal::ALLOW_COPIED_DOUBLE_ELEMENTS
@ ALLOW_COPIED_DOUBLE_ELEMENTS
Definition: objects.h:1541

References v8::internal::ALLOW_COPIED_DOUBLE_ELEMENTS, v8::internal::Handle< T >::cast(), DCHECK, v8::internal::DONT_ALLOW_DOUBLE_ELEMENTS, EnsureCanContainElements(), v8::internal::FAST_DOUBLE_ELEMENTS, v8::internal::FAST_HOLEY_DOUBLE_ELEMENTS, v8::internal::FAST_HOLEY_SMI_ELEMENTS, v8::internal::FAST_SMI_ELEMENTS, mode(), and TransitionElementsKind().

+ Here is the call graph for this function:

◆ EnsureCanContainElements() [3/3]

void v8::internal::JSObject::EnsureCanContainElements ( Handle< JSObject object,
Object **  elements,
uint32_t  count,
EnsureElementsMode  mode 
)
inlinestatic

Definition at line 1738 of file objects-inl.h.

1741  {
1742  ElementsKind current_kind = object->map()->elements_kind();
1743  ElementsKind target_kind = current_kind;
1744  {
1745  DisallowHeapAllocation no_allocation;
1746  DCHECK(mode != ALLOW_COPIED_DOUBLE_ELEMENTS);
1747  bool is_holey = IsFastHoleyElementsKind(current_kind);
1748  if (current_kind == FAST_HOLEY_ELEMENTS) return;
1749  Heap* heap = object->GetHeap();
1750  Object* the_hole = heap->the_hole_value();
1751  for (uint32_t i = 0; i < count; ++i) {
1752  Object* current = *objects++;
1753  if (current == the_hole) {
1754  is_holey = true;
1755  target_kind = GetHoleyElementsKind(target_kind);
1756  } else if (!current->IsSmi()) {
1757  if (mode == ALLOW_CONVERTED_DOUBLE_ELEMENTS && current->IsNumber()) {
1758  if (IsFastSmiElementsKind(target_kind)) {
1759  if (is_holey) {
1760  target_kind = FAST_HOLEY_DOUBLE_ELEMENTS;
1761  } else {
1762  target_kind = FAST_DOUBLE_ELEMENTS;
1763  }
1764  }
1765  } else if (is_holey) {
1766  target_kind = FAST_HOLEY_ELEMENTS;
1767  break;
1768  } else {
1769  target_kind = FAST_ELEMENTS;
1770  }
1771  }
1772  }
1773  }
1774  if (target_kind != current_kind) {
1775  TransitionElementsKind(object, target_kind);
1776  }
1777 }
v8::internal::ALLOW_CONVERTED_DOUBLE_ELEMENTS
@ ALLOW_CONVERTED_DOUBLE_ELEMENTS
Definition: objects.h:1542
v8::internal::IsFastHoleyElementsKind
bool IsFastHoleyElementsKind(ElementsKind kind)
Definition: elements-kind.h:168
v8::internal::DisallowHeapAllocation
PerThreadAssertScopeDebugOnly< HEAP_ALLOCATION_ASSERT, false > DisallowHeapAllocation
Definition: assert-scope.h:110
v8::internal::GetHoleyElementsKind
ElementsKind GetHoleyElementsKind(ElementsKind packed_kind)
Definition: elements-kind.h:202
v8::internal::IsFastSmiElementsKind
bool IsFastSmiElementsKind(ElementsKind kind)
Definition: elements-kind.h:156

References v8::internal::ALLOW_CONVERTED_DOUBLE_ELEMENTS, v8::internal::ALLOW_COPIED_DOUBLE_ELEMENTS, DCHECK, v8::internal::FAST_DOUBLE_ELEMENTS, v8::internal::FAST_ELEMENTS, v8::internal::FAST_HOLEY_DOUBLE_ELEMENTS, v8::internal::FAST_HOLEY_ELEMENTS, v8::internal::GetHoleyElementsKind(), v8::internal::IsFastHoleyElementsKind(), v8::internal::IsFastSmiElementsKind(), mode(), and TransitionElementsKind().

Referenced by v8::internal::ArrayConstructInitializeElements(), v8::internal::BUILTIN(), EnsureCanContainElements(), and v8::internal::JSArray::SetContent().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ EnsureCanContainHeapObjectElements()

void v8::internal::JSObject::EnsureCanContainHeapObjectElements ( Handle< JSObject obj)
inlinestatic

Definition at line 1725 of file objects-inl.h.

1725  {
1726  JSObject::ValidateElements(object);
1727  ElementsKind elements_kind = object->map()->elements_kind();
1728  if (!IsFastObjectElementsKind(elements_kind)) {
1729  if (IsFastHoleyElementsKind(elements_kind)) {
1730  TransitionElementsKind(object, FAST_HOLEY_ELEMENTS);
1731  } else {
1732  TransitionElementsKind(object, FAST_ELEMENTS);
1733  }
1734  }
1735 }
v8::internal::JSObject::ValidateElements
static void ValidateElements(Handle< JSObject > object)
Definition: objects-inl.h:1561
v8::internal::IsFastObjectElementsKind
bool IsFastObjectElementsKind(ElementsKind kind)
Definition: elements-kind.h:162

References v8::internal::FAST_ELEMENTS, v8::internal::FAST_HOLEY_ELEMENTS, v8::internal::IsFastHoleyElementsKind(), v8::internal::IsFastObjectElementsKind(), TransitionElementsKind(), and ValidateElements().

Referenced by v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ EnsureWritableFastElements()

Handle< FixedArray > v8::internal::JSObject::EnsureWritableFastElements ( Handle< JSObject object)
static

Definition at line 383 of file objects.cc.

384  {
385  DCHECK(object->HasFastSmiOrObjectElements());
386  Isolate* isolate = object->GetIsolate();
387  Handle<FixedArray> elems(FixedArray::cast(object->elements()), isolate);
388  if (elems->map() != isolate->heap()->fixed_cow_array_map()) return elems;
389  Handle<FixedArray> writable_elems = isolate->factory()->CopyFixedArrayWithMap(
390  elems, isolate->factory()->fixed_array_map());
391  object->set_elements(*writable_elems);
392  isolate->counters()->cow_arrays_converted()->Increment();
393  return writable_elems;
394 }

References v8::internal::Isolate::counters(), DCHECK, v8::internal::Isolate::factory(), and v8::internal::Isolate::heap().

Referenced by v8::internal::LiveEdit::CheckAndDropActivations(), v8::internal::FastElementsAccessor< FastElementsAccessorSubclass, KindTraits >::DeleteCommon(), v8::internal::EnsureJSArrayWithWritableFastElements(), and v8::internal::FastElementsAccessor< FastElementsAccessorSubclass, KindTraits >::SetLengthWithoutNormalize().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ FastPropertyAt()

Handle< Object > v8::internal::JSObject::FastPropertyAt ( Handle< JSObject object,
Representation  representation,
FieldIndex  index 
)
static

Definition at line 5362 of file objects.cc.

5364  {
5365  Isolate* isolate = object->GetIsolate();
5366  Handle<Object> raw_value(object->RawFastPropertyAt(index), isolate);
5367  return Object::WrapForRead(isolate, raw_value, representation);
5368 }
v8::internal::Object::WrapForRead
static Handle< Object > WrapForRead(Isolate *isolate, Handle< Object > object, Representation representation)
Definition: objects-inl.h:296

References v8::internal::Object::WrapForRead().

Referenced by v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ FastPropertyAtPut()

void v8::internal::JSObject::FastPropertyAtPut ( FieldIndex  index,
Object value 
)
inline

Definition at line 2034 of file objects-inl.h.

2034  {
2035  if (index.is_inobject()) {
2036  int offset = index.offset();
2037  WRITE_FIELD(this, offset, value);
2038  WRITE_BARRIER(GetHeap(), this, offset, value);
2039  } else {
2040  properties()->set(index.outobject_array_index(), value);
2041  }
2042 }
v8::internal::HeapObject::GetHeap
Heap * GetHeap() const
Definition: objects-inl.h:1379
WRITE_FIELD
#define WRITE_FIELD(p, offset, value)
Definition: objects-inl.h:1190
WRITE_BARRIER
#define WRITE_BARRIER(heap, object, offset, value)
Definition: objects-inl.h:1203

References v8::internal::HeapObject::GetHeap(), WRITE_BARRIER, and WRITE_FIELD.

+ Here is the call graph for this function:

◆ Freeze()

MaybeHandle< Object > v8::internal::JSObject::Freeze ( Handle< JSObject object)
static

Definition at line 5239 of file objects.cc.

5239  {
5240  // Freezing sloppy arguments should be handled elsewhere.
5241  DCHECK(!object->HasSloppyArgumentsElements());
5242  DCHECK(!object->map()->is_observed());
5243 
5244  if (object->map()->is_frozen()) return object;
5245 
5246  Isolate* isolate = object->GetIsolate();
5247  if (object->IsAccessCheckNeeded() &&
5248  !isolate->MayNamedAccess(
5249  object, isolate->factory()->undefined_value(), v8::ACCESS_KEYS)) {
5250  isolate->ReportFailedAccessCheck(object, v8::ACCESS_KEYS);
5251  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
5252  return isolate->factory()->false_value();
5253  }
5254 
5255  if (object->IsJSGlobalProxy()) {
5256  PrototypeIterator iter(isolate, object);
5257  if (iter.IsAtEnd()) return object;
5258  DCHECK(PrototypeIterator::GetCurrent(iter)->IsJSGlobalObject());
5259  return Freeze(Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)));
5260  }
5261 
5262  // It's not possible to freeze objects with external array elements
5263  if (object->HasExternalArrayElements() ||
5264  object->HasFixedTypedArrayElements()) {
5265  THROW_NEW_ERROR(isolate,
5266  NewTypeError("cant_prevent_ext_external_array_elements",
5267  HandleVector(&object, 1)),
5268  Object);
5269  }
5270 
5271  Handle<SeededNumberDictionary> new_element_dictionary;
5272  if (!object->elements()->IsDictionary()) {
5273  int length = object->IsJSArray()
5274  ? Smi::cast(Handle<JSArray>::cast(object)->length())->value()
5275  : object->elements()->length();
5276  if (length > 0) {
5277  int capacity = 0;
5278  int used = 0;
5279  object->GetElementsCapacityAndUsage(&capacity, &used);
5280  new_element_dictionary = SeededNumberDictionary::New(isolate, used);
5281 
5282  // Move elements to a dictionary; avoid calling NormalizeElements to avoid
5283  // unnecessary transitions.
5284  new_element_dictionary = CopyFastElementsToDictionary(
5285  handle(object->elements()), length, new_element_dictionary);
5286  } else {
5287  // No existing elements, use a pre-allocated empty backing store
5288  new_element_dictionary =
5289  isolate->factory()->empty_slow_element_dictionary();
5290  }
5291  }
5292 
5293  Handle<Map> old_map(object->map(), isolate);
5294  int transition_index = old_map->SearchTransition(
5295  isolate->heap()->frozen_symbol());
5296  if (transition_index != TransitionArray::kNotFound) {
5297  Handle<Map> transition_map(old_map->GetTransition(transition_index));
5298  DCHECK(transition_map->has_dictionary_elements());
5299  DCHECK(transition_map->is_frozen());
5300  DCHECK(!transition_map->is_extensible());
5301  JSObject::MigrateToMap(object, transition_map);
5302  } else if (object->HasFastProperties() && old_map->CanHaveMoreTransitions()) {
5303  // Create a new descriptor array with fully-frozen properties
5304  Handle<Map> new_map = Map::CopyForFreeze(old_map);
5305  JSObject::MigrateToMap(object, new_map);
5306  } else {
5307  DCHECK(old_map->is_dictionary_map() || !old_map->is_prototype_map());
5308  // Slow path: need to normalize properties for safety
5309  NormalizeProperties(object, CLEAR_INOBJECT_PROPERTIES, 0);
5310 
5311  // Create a new map, since other objects with this map may be extensible.
5312  // TODO(adamk): Extend the NormalizedMapCache to handle non-extensible maps.
5313  Handle<Map> new_map = Map::Copy(handle(object->map()));
5314  new_map->freeze();
5315  new_map->set_is_extensible(false);
5316  new_map->set_elements_kind(DICTIONARY_ELEMENTS);
5317  JSObject::MigrateToMap(object, new_map);
5318 
5319  // Freeze dictionary-mode properties
5320  FreezeDictionary(object->property_dictionary());
5321  }
5322 
5323  DCHECK(object->map()->has_dictionary_elements());
5324  if (!new_element_dictionary.is_null()) {
5325  object->set_elements(*new_element_dictionary);
5326  }
5327 
5328  if (object->elements() != isolate->heap()->empty_slow_element_dictionary()) {
5329  SeededNumberDictionary* dictionary = object->element_dictionary();
5330  // Make sure we never go back to the fast case
5331  dictionary->set_requires_slow_elements();
5332  // Freeze all elements in the dictionary
5333  FreezeDictionary(dictionary);
5334  }
5335 
5336  return object;
5337 }
v8::internal::Dictionary< SeededNumberDictionary, SeededNumberDictionaryShape, uint32_t >::New
static MUST_USE_RESULT Handle< SeededNumberDictionary > New(Isolate *isolate, int at_least_space_for, PretenureFlag pretenure=NOT_TENURED)
Definition: objects.cc:14899
v8::internal::JSObject::Freeze
static MUST_USE_RESULT MaybeHandle< Object > Freeze(Handle< JSObject > object)
Definition: objects.cc:5239
v8::internal::Map::Copy
static Handle< Map > Copy(Handle< Map > map)
Definition: objects.cc:6664
v8::internal::Map::CopyForFreeze
static Handle< Map > CopyForFreeze(Handle< Map > map)
Definition: objects.cc:6699
v8::internal::TransitionArray::kNotFound
static const int kNotFound
Definition: transitions.h:116
v8::internal::FreezeDictionary
static void FreezeDictionary(Dictionary *dictionary)
Definition: objects.cc:5215
v8::internal::CopyFastElementsToDictionary
static Handle< SeededNumberDictionary > CopyFastElementsToDictionary(Handle< FixedArrayBase > array, int length, Handle< SeededNumberDictionary > dictionary)
Definition: objects.cc:4429
v8::ACCESS_KEYS
@ ACCESS_KEYS
Definition: v8.h:3524

References v8::ACCESS_KEYS, v8::internal::CLEAR_INOBJECT_PROPERTIES, v8::internal::Map::Copy(), v8::internal::CopyFastElementsToDictionary(), v8::internal::Map::CopyForFreeze(), DCHECK, v8::internal::DICTIONARY_ELEMENTS, v8::internal::Isolate::factory(), v8::internal::FreezeDictionary(), v8::internal::PrototypeIterator::GetCurrent(), v8::internal::handle(), v8::internal::HandleVector(), v8::internal::Isolate::heap(), v8::internal::Handle< T >::is_null(), v8::internal::PrototypeIterator::IsAtEnd(), v8::internal::TransitionArray::kNotFound, v8::internal::Isolate::MayNamedAccess(), MigrateToMap(), v8::internal::Dictionary< SeededNumberDictionary, SeededNumberDictionaryShape, uint32_t >::New(), v8::internal::Isolate::ReportFailedAccessCheck(), RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION, v8::internal::SeededNumberDictionary::set_requires_slow_elements(), and THROW_NEW_ERROR.

Referenced by v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GeneralizeFieldRepresentation()

void v8::internal::JSObject::GeneralizeFieldRepresentation ( Handle< JSObject object,
int  modify_index,
Representation  new_representation,
Handle< HeapType new_field_type 
)
staticprivate

Definition at line 2084 of file objects.cc.

2087  {
2088  Handle<Map> new_map = Map::GeneralizeRepresentation(
2089  handle(object->map()), modify_index, new_representation, new_field_type,
2090  FORCE_FIELD);
2091  MigrateToMap(object, new_map);
2092 }
v8::internal::Map::GeneralizeRepresentation
static Handle< Map > GeneralizeRepresentation(Handle< Map > map, int modify_index, Representation new_representation, Handle< HeapType > new_field_type, StoreMode store_mode)
Definition: objects.cc:2378

References v8::internal::FORCE_FIELD, v8::internal::Map::GeneralizeRepresentation(), and v8::internal::handle().

+ Here is the call graph for this function:

◆ GetAccessor()

MaybeHandle< Object > v8::internal::JSObject::GetAccessor ( Handle< JSObject object,
Handle< Name name,
AccessorComponent  component 
)
static

Definition at line 6268 of file objects.cc.

6270  {
6271  Isolate* isolate = object->GetIsolate();
6272 
6273  // Make sure that the top context does not change when doing callbacks or
6274  // interceptor calls.
6275  AssertNoContextChange ncc(isolate);
6276 
6277  // Make the lookup and include prototypes.
6278  uint32_t index = 0;
6279  if (name->AsArrayIndex(&index)) {
6280  for (PrototypeIterator iter(isolate, object,
6281  PrototypeIterator::START_AT_RECEIVER);
6282  !iter.IsAtEnd(); iter.Advance()) {
6283  Handle<Object> current = PrototypeIterator::GetCurrent(iter);
6284  // Check access rights if needed.
6285  if (current->IsAccessCheckNeeded() &&
6286  !isolate->MayNamedAccess(Handle<JSObject>::cast(current), name,
6287  v8::ACCESS_HAS)) {
6288  isolate->ReportFailedAccessCheck(Handle<JSObject>::cast(current),
6289  v8::ACCESS_HAS);
6290  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
6291  return isolate->factory()->undefined_value();
6292  }
6293 
6294  if (current->IsJSObject() &&
6295  Handle<JSObject>::cast(current)->HasDictionaryElements()) {
6296  JSObject* js_object = JSObject::cast(*current);
6297  SeededNumberDictionary* dictionary = js_object->element_dictionary();
6298  int entry = dictionary->FindEntry(index);
6299  if (entry != SeededNumberDictionary::kNotFound) {
6300  Object* element = dictionary->ValueAt(entry);
6301  if (dictionary->DetailsAt(entry).type() == CALLBACKS &&
6302  element->IsAccessorPair()) {
6303  return handle(AccessorPair::cast(element)->GetComponent(component),
6304  isolate);
6305  }
6306  }
6307  }
6308  }
6309  } else {
6310  LookupIterator it(object, name,
6311  LookupIterator::PROTOTYPE_CHAIN_SKIP_INTERCEPTOR);
6312  for (; it.IsFound(); it.Next()) {
6313  switch (it.state()) {
6314  case LookupIterator::INTERCEPTOR:
6315  case LookupIterator::NOT_FOUND:
6316  case LookupIterator::TRANSITION:
6317  UNREACHABLE();
6318 
6319  case LookupIterator::ACCESS_CHECK:
6320  if (it.HasAccess(v8::ACCESS_HAS)) continue;
6321  isolate->ReportFailedAccessCheck(it.GetHolder<JSObject>(),
6322  v8::ACCESS_HAS);
6323  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
6324  return isolate->factory()->undefined_value();
6325 
6326  case LookupIterator::JSPROXY:
6327  return isolate->factory()->undefined_value();
6328 
6329  case LookupIterator::DATA:
6330  continue;
6331  case LookupIterator::ACCESSOR: {
6332  Handle<Object> maybe_pair = it.GetAccessors();
6333  if (maybe_pair->IsAccessorPair()) {
6334  return handle(
6335  AccessorPair::cast(*maybe_pair)->GetComponent(component),
6336  isolate);
6337  }
6338  }
6339  }
6340  }
6341  }
6342  return isolate->factory()->undefined_value();
6343 }
v8::ACCESS_HAS
@ ACCESS_HAS
Definition: v8.h:3522

References v8::ACCESS_HAS, v8::internal::ACCESSOR, v8::internal::CALLBACKS, v8::internal::Dictionary< Derived, Shape, Key >::DetailsAt(), element_dictionary(), v8::internal::Isolate::factory(), v8::internal::HashTable< Derived, Shape, Key >::FindEntry(), v8::internal::PrototypeIterator::GetCurrent(), v8::internal::handle(), v8::internal::PrototypeIterator::IsAtEnd(), v8::internal::HashTable< Derived, Shape, Key >::kNotFound, v8::internal::Object::LookupIterator, v8::internal::Isolate::MayNamedAccess(), name, v8::internal::Isolate::ReportFailedAccessCheck(), RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION, v8::internal::PrototypeIterator::START_AT_RECEIVER, UNREACHABLE, and v8::internal::Dictionary< Derived, Shape, Key >::ValueAt().

Referenced by v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetCreationContext()

Context * v8::internal::JSObject::GetCreationContext ( )

Definition at line 1794 of file objects.cc.

1794  {
1795  Object* constructor = this->map()->constructor();
1796  JSFunction* function;
1797  if (!constructor->IsJSFunction()) {
1798  // Functions have null as a constructor,
1799  // but any JSFunction knows its context immediately.
1800  function = JSFunction::cast(this);
1801  } else {
1802  function = JSFunction::cast(constructor);
1803  }
1804 
1805  return function->context()->native_context();
1806 }

◆ GetDataProperty() [1/2]

Handle< Object > v8::internal::JSObject::GetDataProperty ( Handle< JSObject object,
Handle< Name key 
)
static

Definition at line 140 of file objects.cc.

141  {
142  LookupIterator it(object, key,
143  LookupIterator::PROTOTYPE_CHAIN_SKIP_INTERCEPTOR);
144  return GetDataProperty(&it);
145 }
v8::internal::JSObject::GetDataProperty
static Handle< Object > GetDataProperty(Handle< JSObject > object, Handle< Name > key)
Definition: objects.cc:140

References v8::internal::Object::LookupIterator.

Referenced by v8::internal::HOptimizedGraphBuilder::BuildLoadNamedField(), v8::internal::Isolate::CaptureSimpleStackTrace(), v8::Function::GetDisplayName(), v8::internal::Debug::PromiseHasRejectHandler(), and v8::internal::RUNTIME_FUNCTION().

+ Here is the caller graph for this function:

◆ GetDataProperty() [2/2]

Handle< Object > v8::internal::JSObject::GetDataProperty ( LookupIterator it)
static

Definition at line 148 of file objects.cc.

148  {
149  for (; it->IsFound(); it->Next()) {
150  switch (it->state()) {
151  case LookupIterator::INTERCEPTOR:
152  case LookupIterator::NOT_FOUND:
153  case LookupIterator::TRANSITION:
154  UNREACHABLE();
155  case LookupIterator::ACCESS_CHECK:
156  if (it->HasAccess(v8::ACCESS_GET)) continue;
157  // Fall through.
158  case LookupIterator::JSPROXY:
159  it->NotFound();
160  return it->isolate()->factory()->undefined_value();
161  case LookupIterator::ACCESSOR:
162  // TODO(verwaest): For now this doesn't call into
163  // ExecutableAccessorInfo, since clients don't need it. Update once
164  // relevant.
165  it->NotFound();
166  return it->isolate()->factory()->undefined_value();
167  case LookupIterator::DATA:
168  return it->GetDataValue();
169  }
170  }
171  return it->isolate()->factory()->undefined_value();
172 }
v8::ACCESS_GET
@ ACCESS_GET
Definition: v8.h:3520

References v8::ACCESS_GET, v8::internal::ACCESSOR, and UNREACHABLE.

◆ GetElementAttributeWithInterceptor()

Maybe< PropertyAttributes > v8::internal::JSObject::GetElementAttributeWithInterceptor ( Handle< JSObject object,
Handle< JSReceiver receiver,
uint32_t  index,
bool  continue_search 
)
staticprivate

Definition at line 4059 of file objects.cc.

4061  {
4062  Isolate* isolate = object->GetIsolate();
4063  HandleScope scope(isolate);
4064 
4065  // Make sure that the top context does not change when doing
4066  // callbacks or interceptor calls.
4067  AssertNoContextChange ncc(isolate);
4068 
4069  Handle<InterceptorInfo> interceptor(object->GetIndexedInterceptor());
4070  PropertyCallbackArguments args(
4071  isolate, interceptor->data(), *receiver, *object);
4072  if (!interceptor->query()->IsUndefined()) {
4073  v8::IndexedPropertyQueryCallback query =
4074  v8::ToCData<v8::IndexedPropertyQueryCallback>(interceptor->query());
4075  LOG(isolate,
4076  ApiIndexedPropertyAccess("interceptor-indexed-has", *object, index));
4077  v8::Handle<v8::Integer> result = args.Call(query, index);
4078  if (!result.IsEmpty())
4079  return maybe(static_cast<PropertyAttributes>(result->Int32Value()));
4080  } else if (!interceptor->getter()->IsUndefined()) {
4081  v8::IndexedPropertyGetterCallback getter =
4082  v8::ToCData<v8::IndexedPropertyGetterCallback>(interceptor->getter());
4083  LOG(isolate,
4084  ApiIndexedPropertyAccess(
4085  "interceptor-indexed-get-has", *object, index));
4086  v8::Handle<v8::Value> result = args.Call(getter, index);
4087  if (!result.IsEmpty()) return maybe(NONE);
4088  }
4089 
4090  return GetElementAttributeWithoutInterceptor(
4091  object, receiver, index, check_prototype);
4092 }
v8::Value::Int32Value
int32_t Int32Value() const
Definition: api.cc:3004
v8::internal::JSObject::GetElementAttributeWithoutInterceptor
static MUST_USE_RESULT Maybe< PropertyAttributes > GetElementAttributeWithoutInterceptor(Handle< JSObject > object, Handle< JSReceiver > receiver, uint32_t index, bool continue_search)
Definition: objects.cc:4095
v8::IndexedPropertyGetterCallback
void(* IndexedPropertyGetterCallback)(uint32_t index, const PropertyCallbackInfo< Value > &info)
Returns the value of the property if the getter intercepts the request.
Definition: v8.h:3474
v8::IndexedPropertyQueryCallback
void(* IndexedPropertyQueryCallback)(uint32_t index, const PropertyCallbackInfo< Integer > &info)
Returns a non-empty handle if the interceptor intercepts the request.
Definition: v8.h:3493
PropertyAttributes
PropertyAttributes
Definition: property-details.h:13
NONE
@ NONE
Definition: property-details.h:14

References v8::Value::Int32Value(), v8::Handle< T >::IsEmpty(), LOG, v8::maybe(), and NONE.

Referenced by GetElementAttributeWithReceiver().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetElementAttributeWithoutInterceptor()

Maybe< PropertyAttributes > v8::internal::JSObject::GetElementAttributeWithoutInterceptor ( Handle< JSObject object,
Handle< JSReceiver receiver,
uint32_t  index,
bool  continue_search 
)
staticprivate

Definition at line 4095 of file objects.cc.

4097  {
4098  PropertyAttributes attr = object->GetElementsAccessor()->GetAttributes(
4099  receiver, object, index);
4100  if (attr != ABSENT) return maybe(attr);
4101 
4102  // Handle [] on String objects.
4103  if (object->IsStringObjectWithCharacterAt(index)) {
4104  return maybe(static_cast<PropertyAttributes>(READ_ONLY | DONT_DELETE));
4105  }
4106 
4107  if (!check_prototype) return maybe(ABSENT);
4108 
4109  PrototypeIterator iter(object->GetIsolate(), object);
4110  if (PrototypeIterator::GetCurrent(iter)->IsJSProxy()) {
4111  // We need to follow the spec and simulate a call to [[GetOwnProperty]].
4112  return JSProxy::GetElementAttributeWithHandler(
4113  Handle<JSProxy>::cast(PrototypeIterator::GetCurrent(iter)), receiver,
4114  index);
4115  }
4116  if (iter.IsAtEnd()) return maybe(ABSENT);
4117  return GetElementAttributeWithReceiver(
4118  Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)), receiver,
4119  index, true);
4120 }
v8::internal::JSObject::GetElementAttributeWithReceiver
static MUST_USE_RESULT Maybe< PropertyAttributes > GetElementAttributeWithReceiver(Handle< JSObject > object, Handle< JSReceiver > receiver, uint32_t index, bool check_prototype)
Definition: objects.cc:4025
v8::internal::JSProxy::GetElementAttributeWithHandler
static MUST_USE_RESULT Maybe< PropertyAttributes > GetElementAttributeWithHandler(Handle< JSProxy > proxy, Handle< JSReceiver > receiver, uint32_t index)
Definition: objects.cc:3647
DONT_DELETE
@ DONT_DELETE
Definition: property-details.h:17
ABSENT
@ ABSENT
Definition: property-details.h:27
READ_ONLY
@ READ_ONLY
Definition: property-details.h:15

References ABSENT, DONT_DELETE, v8::internal::PrototypeIterator::GetCurrent(), v8::internal::JSProxy::GetElementAttributeWithHandler(), v8::internal::PrototypeIterator::IsAtEnd(), v8::maybe(), and READ_ONLY.

+ Here is the call graph for this function:

◆ GetElementAttributeWithReceiver()

Maybe< PropertyAttributes > v8::internal::JSObject::GetElementAttributeWithReceiver ( Handle< JSObject object,
Handle< JSReceiver receiver,
uint32_t  index,
bool  check_prototype 
)
static

Definition at line 4025 of file objects.cc.

4027  {
4028  Isolate* isolate = object->GetIsolate();
4029 
4030  // Check access rights if needed.
4031  if (object->IsAccessCheckNeeded()) {
4032  if (!isolate->MayIndexedAccess(object, index, v8::ACCESS_HAS)) {
4033  isolate->ReportFailedAccessCheck(object, v8::ACCESS_HAS);
4034  RETURN_VALUE_IF_SCHEDULED_EXCEPTION(isolate, Maybe<PropertyAttributes>());
4035  return maybe(ABSENT);
4036  }
4037  }
4038 
4039  if (object->IsJSGlobalProxy()) {
4040  PrototypeIterator iter(isolate, object);
4041  if (iter.IsAtEnd()) return maybe(ABSENT);
4042  DCHECK(PrototypeIterator::GetCurrent(iter)->IsJSGlobalObject());
4043  return JSObject::GetElementAttributeWithReceiver(
4044  Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)), receiver,
4045  index, check_prototype);
4046  }
4047 
4048  // Check for lookup interceptor except when bootstrapping.
4049  if (object->HasIndexedInterceptor() && !isolate->bootstrapper()->IsActive()) {
4050  return JSObject::GetElementAttributeWithInterceptor(
4051  object, receiver, index, check_prototype);
4052  }
4053 
4054  return GetElementAttributeWithoutInterceptor(
4055  object, receiver, index, check_prototype);
4056 }
v8::internal::JSObject::GetElementAttributeWithInterceptor
static MUST_USE_RESULT Maybe< PropertyAttributes > GetElementAttributeWithInterceptor(Handle< JSObject > object, Handle< JSReceiver > receiver, uint32_t index, bool continue_search)
Definition: objects.cc:4059
RETURN_VALUE_IF_SCHEDULED_EXCEPTION
#define RETURN_VALUE_IF_SCHEDULED_EXCEPTION(isolate, value)
Definition: isolate.h:111

References ABSENT, v8::ACCESS_HAS, v8::internal::Isolate::bootstrapper(), DCHECK, v8::internal::PrototypeIterator::GetCurrent(), GetElementAttributeWithInterceptor(), v8::internal::PrototypeIterator::IsAtEnd(), v8::maybe(), v8::internal::Isolate::MayIndexedAccess(), v8::internal::Isolate::ReportFailedAccessCheck(), and RETURN_VALUE_IF_SCHEDULED_EXCEPTION.

Referenced by v8::internal::JSReceiver::GetElementAttribute(), v8::internal::JSReceiver::GetOwnElementAttribute(), v8::internal::JSReceiver::HasElement(), and v8::internal::JSReceiver::HasOwnElement().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetElementsAccessor()

ElementsAccessor * v8::internal::JSObject::GetElementsAccessor ( )
inline

Definition at line 6346 of file objects-inl.h.

6346  {
6347  return ElementsAccessor::ForKind(GetElementsKind());
6348 }
v8::internal::ElementsAccessor::ForKind
static ElementsAccessor * ForKind(ElementsKind elements_kind)
Definition: elements.h:184
v8::internal::JSObject::GetElementsKind
ElementsKind GetElementsKind()
Definition: objects-inl.h:6318

References v8::internal::ElementsAccessor::ForKind(), and GetElementsKind().

+ Here is the call graph for this function:

◆ GetElementsCapacityAndUsage()

void v8::internal::JSObject::GetElementsCapacityAndUsage ( int capacity,
int used 
)
private

Definition at line 12889 of file objects.cc.

12889  {
12890  *capacity = 0;
12891  *used = 0;
12892 
12893  FixedArrayBase* backing_store_base = FixedArrayBase::cast(elements());
12894  FixedArray* backing_store = NULL;
12895  switch (GetElementsKind()) {
12896  case SLOPPY_ARGUMENTS_ELEMENTS:
12897  backing_store_base =
12898  FixedArray::cast(FixedArray::cast(backing_store_base)->get(1));
12899  backing_store = FixedArray::cast(backing_store_base);
12900  if (backing_store->IsDictionary()) {
12901  SeededNumberDictionary* dictionary =
12902  SeededNumberDictionary::cast(backing_store);
12903  *capacity = dictionary->Capacity();
12904  *used = dictionary->NumberOfElements();
12905  break;
12906  }
12907  // Fall through.
12908  case FAST_SMI_ELEMENTS:
12909  case FAST_ELEMENTS:
12910  if (IsJSArray()) {
12911  *capacity = backing_store_base->length();
12912  *used = Smi::cast(JSArray::cast(this)->length())->value();
12913  break;
12914  }
12915  // Fall through if packing is not guaranteed.
12916  case FAST_HOLEY_SMI_ELEMENTS:
12917  case FAST_HOLEY_ELEMENTS:
12918  backing_store = FixedArray::cast(backing_store_base);
12919  *capacity = backing_store->length();
12920  for (int i = 0; i < *capacity; ++i) {
12921  if (!backing_store->get(i)->IsTheHole()) ++(*used);
12922  }
12923  break;
12924  case DICTIONARY_ELEMENTS: {
12925  SeededNumberDictionary* dictionary = element_dictionary();
12926  *capacity = dictionary->Capacity();
12927  *used = dictionary->NumberOfElements();
12928  break;
12929  }
12930  case FAST_DOUBLE_ELEMENTS:
12931  if (IsJSArray()) {
12932  *capacity = backing_store_base->length();
12933  *used = Smi::cast(JSArray::cast(this)->length())->value();
12934  break;
12935  }
12936  // Fall through if packing is not guaranteed.
12937  case FAST_HOLEY_DOUBLE_ELEMENTS: {
12938  *capacity = elements()->length();
12939  if (*capacity == 0) break;
12940  FixedDoubleArray * elms = FixedDoubleArray::cast(elements());
12941  for (int i = 0; i < *capacity; i++) {
12942  if (!elms->is_the_hole(i)) ++(*used);
12943  }
12944  break;
12945  }
12946 
12947 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
12948  case EXTERNAL_##TYPE##_ELEMENTS: \
12949  case TYPE##_ELEMENTS: \
12950 
12951  TYPED_ARRAYS(TYPED_ARRAY_CASE)
12952 #undef TYPED_ARRAY_CASE
12953  {
12954  // External arrays are considered 100% used.
12955  FixedArrayBase* external_array = FixedArrayBase::cast(elements());
12956  *capacity = external_array->length();
12957  *used = external_array->length();
12958  break;
12959  }
12960  }
12961 }
v8::internal::JSObject::element_dictionary
SeededNumberDictionary * element_dictionary()
Definition: objects-inl.h:6449

References v8::internal::HashTable< Derived, Shape, Key >::Capacity(), v8::internal::DICTIONARY_ELEMENTS, v8::internal::FAST_DOUBLE_ELEMENTS, v8::internal::FAST_ELEMENTS, v8::internal::FAST_HOLEY_DOUBLE_ELEMENTS, v8::internal::FAST_HOLEY_ELEMENTS, v8::internal::FAST_HOLEY_SMI_ELEMENTS, v8::internal::FAST_SMI_ELEMENTS, v8::internal::FixedArray::get(), v8::internal::FixedDoubleArray::is_the_hole(), v8::internal::FixedArrayBase::length(), NULL, v8::internal::HashTable< Derived, Shape, Key >::NumberOfElements(), v8::internal::SLOPPY_ARGUMENTS_ELEMENTS, TYPED_ARRAY_CASE, and TYPED_ARRAYS.

+ Here is the call graph for this function:

◆ GetElementsKind()

ElementsKind v8::internal::JSObject::GetElementsKind ( )
inline

Definition at line 6318 of file objects-inl.h.

6318  {
6319  ElementsKind kind = map()->elements_kind();
6320 #if DEBUG
6321  FixedArrayBase* fixed_array =
6322  reinterpret_cast<FixedArrayBase*>(READ_FIELD(this, kElementsOffset));
6323 
6324  // If a GC was caused while constructing this object, the elements
6325  // pointer may point to a one pointer filler map.
6326  if (ElementsAreSafeToExamine()) {
6327  Map* map = fixed_array->map();
6328  DCHECK((IsFastSmiOrObjectElementsKind(kind) &&
6329  (map == GetHeap()->fixed_array_map() ||
6330  map == GetHeap()->fixed_cow_array_map())) ||
6331  (IsFastDoubleElementsKind(kind) &&
6332  (fixed_array->IsFixedDoubleArray() ||
6333  fixed_array == GetHeap()->empty_fixed_array())) ||
6334  (kind == DICTIONARY_ELEMENTS &&
6335  fixed_array->IsFixedArray() &&
6336  fixed_array->IsDictionary()) ||
6337  (kind > DICTIONARY_ELEMENTS));
6338  DCHECK((kind != SLOPPY_ARGUMENTS_ELEMENTS) ||
6339  (elements()->IsFixedArray() && elements()->length() >= 2));
6340  }
6341 #endif
6342  return kind;
6343 }
v8::internal::JSObject::kElementsOffset
static const int kElementsOffset
Definition: objects.h:2194
v8::internal::IsFastSmiOrObjectElementsKind
bool IsFastSmiOrObjectElementsKind(ElementsKind kind)
Definition: elements-kind.h:148
v8::internal::IsFastDoubleElementsKind
bool IsFastDoubleElementsKind(ElementsKind kind)
Definition: elements-kind.h:124
READ_FIELD
#define READ_FIELD(p, offset)
Definition: objects-inl.h:1179

References DCHECK, v8::internal::DICTIONARY_ELEMENTS, v8::internal::Map::elements_kind(), v8::internal::HeapObject::GetHeap(), v8::internal::IsFastDoubleElementsKind(), v8::internal::IsFastSmiOrObjectElementsKind(), kElementsOffset, v8::internal::HeapObject::map(), READ_FIELD, and v8::internal::SLOPPY_ARGUMENTS_ELEMENTS.

Referenced by v8::internal::BUILTIN(), v8::internal::Heap::CopyJSObject(), GetElementsAccessor(), HasDictionaryElements(), HasFastDoubleElements(), HasFastElements(), HasFastHoleyElements(), HasFastObjectElements(), HasFastSmiElements(), HasFastSmiOrObjectElements(), and HasSloppyArgumentsElements().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetElementsTransitionMap()

Handle< Map > v8::internal::JSObject::GetElementsTransitionMap ( Handle< JSObject object,
ElementsKind  to_kind 
)
static

Definition at line 3385 of file objects.cc.

3386  {
3387  Handle<Map> map(object->map());
3388  return Map::TransitionElementsTo(map, to_kind);
3389 }
v8::internal::Map::TransitionElementsTo
static Handle< Map > TransitionElementsTo(Handle< Map > map, ElementsKind to_kind)
Definition: objects.cc:3321

References v8::internal::HeapObject::map(), and v8::internal::Map::TransitionElementsTo().

Referenced by v8::NewTypedArray(), NormalizeElements(), PrepareElementsForSort(), v8::anonymous_namespace{api.cc}::PrepareExternalArrayElements(), v8::internal::RUNTIME_FUNCTION(), SetFastDoubleElementsCapacityAndLength(), SetFastElementsCapacityAndLength(), and v8::internal::ArrayConcatVisitor::ToArray().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetElementWithCallback()

MaybeHandle< Object > v8::internal::JSObject::GetElementWithCallback ( Handle< JSObject object,
Handle< Object receiver,
Handle< Object structure,
uint32_t  index,
Handle< Object holder 
)
staticprivate

Definition at line 11812 of file objects.cc.

11817  {
11818  Isolate* isolate = object->GetIsolate();
11819  DCHECK(!structure->IsForeign());
11820  // api style callbacks.
11821  if (structure->IsExecutableAccessorInfo()) {
11822  Handle<ExecutableAccessorInfo> data =
11823  Handle<ExecutableAccessorInfo>::cast(structure);
11824  Object* fun_obj = data->getter();
11825  v8::AccessorNameGetterCallback call_fun =
11826  v8::ToCData<v8::AccessorNameGetterCallback>(fun_obj);
11827  if (call_fun == NULL) return isolate->factory()->undefined_value();
11828  Handle<JSObject> holder_handle = Handle<JSObject>::cast(holder);
11829  Handle<Object> number = isolate->factory()->NewNumberFromUint(index);
11830  Handle<String> key = isolate->factory()->NumberToString(number);
11831  LOG(isolate, ApiNamedPropertyAccess("load", *holder_handle, *key));
11832  PropertyCallbackArguments
11833  args(isolate, data->data(), *receiver, *holder_handle);
11834  v8::Handle<v8::Value> result = args.Call(call_fun, v8::Utils::ToLocal(key));
11835  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
11836  if (result.IsEmpty()) return isolate->factory()->undefined_value();
11837  Handle<Object> result_internal = v8::Utils::OpenHandle(*result);
11838  result_internal->VerifyApiCallResultType();
11839  // Rebox handle before return.
11840  return handle(*result_internal, isolate);
11841  }
11842 
11843  // __defineGetter__ callback
11844  if (structure->IsAccessorPair()) {
11845  Handle<Object> getter(Handle<AccessorPair>::cast(structure)->getter(),
11846  isolate);
11847  if (getter->IsSpecFunction()) {
11848  // TODO(rossberg): nicer would be to cast to some JSCallable here...
11849  return GetPropertyWithDefinedGetter(
11850  receiver, Handle<JSReceiver>::cast(getter));
11851  }
11852  // Getter is not a function.
11853  return isolate->factory()->undefined_value();
11854  }
11855 
11856  if (structure->IsDeclaredAccessorInfo()) {
11857  return GetDeclaredAccessorProperty(
11858  receiver, Handle<DeclaredAccessorInfo>::cast(structure), isolate);
11859  }
11860 
11861  UNREACHABLE();
11862  return MaybeHandle<Object>();
11863 }
v8::internal::Object::GetPropertyWithDefinedGetter
static MUST_USE_RESULT MaybeHandle< Object > GetPropertyWithDefinedGetter(Handle< Object > receiver, Handle< JSReceiver > getter)
Definition: objects.cc:536
v8::internal::GetDeclaredAccessorProperty
static Handle< Object > GetDeclaredAccessorProperty(Handle< Object > receiver, Handle< DeclaredAccessorInfo > info, Isolate *isolate)
Definition: objects.cc:329
v8::AccessorNameGetterCallback
void(* AccessorNameGetterCallback)(Local< Name > property, const PropertyCallbackInfo< Value > &info)
Definition: v8.h:2248

References v8::internal::Handle< T >::cast(), DCHECK, v8::internal::Isolate::factory(), v8::internal::GetDeclaredAccessorProperty(), v8::internal::Object::GetPropertyWithDefinedGetter(), v8::internal::handle(), v8::Handle< T >::IsEmpty(), LOG, NULL, v8::Utils::OpenHandle(), RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION, v8::Utils::ToLocal(), and UNREACHABLE.

Referenced by v8::internal::DictionaryElementsAccessor::GetImpl().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetElementWithInterceptor()

MaybeHandle< Object > v8::internal::JSObject::GetElementWithInterceptor ( Handle< JSObject object,
Handle< Object receiver,
uint32_t  index 
)
static

Definition at line 12839 of file objects.cc.

12842  {
12843  Isolate* isolate = object->GetIsolate();
12844 
12845  // Make sure that the top context does not change when doing
12846  // callbacks or interceptor calls.
12847  AssertNoContextChange ncc(isolate);
12848 
12849  Handle<InterceptorInfo> interceptor(object->GetIndexedInterceptor(), isolate);
12850  if (!interceptor->getter()->IsUndefined()) {
12851  v8::IndexedPropertyGetterCallback getter =
12852  v8::ToCData<v8::IndexedPropertyGetterCallback>(interceptor->getter());
12853  LOG(isolate,
12854  ApiIndexedPropertyAccess("interceptor-indexed-get", *object, index));
12855  PropertyCallbackArguments
12856  args(isolate, interceptor->data(), *receiver, *object);
12857  v8::Handle<v8::Value> result = args.Call(getter, index);
12858  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
12859  if (!result.IsEmpty()) {
12860  Handle<Object> result_internal = v8::Utils::OpenHandle(*result);
12861  result_internal->VerifyApiCallResultType();
12862  // Rebox handle before return.
12863  return handle(*result_internal, isolate);
12864  }
12865  }
12866 
12867  ElementsAccessor* handler = object->GetElementsAccessor();
12868  Handle<Object> result;
12869  ASSIGN_RETURN_ON_EXCEPTION(
12870  isolate, result, handler->Get(receiver, object, index),
12871  Object);
12872  if (!result->IsTheHole()) return result;
12873 
12874  PrototypeIterator iter(isolate, object);
12875  if (iter.IsAtEnd()) return isolate->factory()->undefined_value();
12876  return Object::GetElementWithReceiver(
12877  isolate, PrototypeIterator::GetCurrent(iter), receiver, index);
12878 }
v8::internal::Object::GetElementWithReceiver
static MUST_USE_RESULT MaybeHandle< Object > GetElementWithReceiver(Isolate *isolate, Handle< Object > object, Handle< Object > receiver, uint32_t index)
Definition: objects.cc:747

References ASSIGN_RETURN_ON_EXCEPTION, v8::internal::Isolate::factory(), v8::internal::ElementsAccessor::Get(), v8::internal::PrototypeIterator::GetCurrent(), v8::internal::Object::GetElementWithReceiver(), v8::internal::handle(), v8::internal::PrototypeIterator::IsAtEnd(), v8::Handle< T >::IsEmpty(), LOG, v8::Utils::OpenHandle(), and RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION.

Referenced by v8::internal::Object::GetElementWithReceiver(), and v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetEnumElementKeys()

int v8::internal::JSObject::GetEnumElementKeys ( FixedArray storage)

Definition at line 13548 of file objects.cc.

13548  {
13549  return GetOwnElementKeys(storage, static_cast<PropertyAttributes>(DONT_ENUM));
13550 }
v8::internal::JSObject::GetOwnElementKeys
int GetOwnElementKeys(FixedArray *storage, PropertyAttributes filter)
Definition: objects.cc:13422
DONT_ENUM
@ DONT_ENUM
Definition: property-details.h:16

References DONT_ENUM.

◆ GetHeaderSize()

int v8::internal::JSObject::GetHeaderSize ( )
inline

Definition at line 1919 of file objects-inl.h.

1919  {
1920  InstanceType type = map()->instance_type();
1921  // Check for the most common kind of JavaScript object before
1922  // falling into the generic switch. This speeds up the internal
1923  // field operations considerably on average.
1924  if (type == JS_OBJECT_TYPE) return JSObject::kHeaderSize;
1925  switch (type) {
1926  case JS_GENERATOR_OBJECT_TYPE:
1927  return JSGeneratorObject::kSize;
1928  case JS_MODULE_TYPE:
1929  return JSModule::kSize;
1930  case JS_GLOBAL_PROXY_TYPE:
1931  return JSGlobalProxy::kSize;
1932  case JS_GLOBAL_OBJECT_TYPE:
1933  return JSGlobalObject::kSize;
1934  case JS_BUILTINS_OBJECT_TYPE:
1935  return JSBuiltinsObject::kSize;
1936  case JS_FUNCTION_TYPE:
1937  return JSFunction::kSize;
1938  case JS_VALUE_TYPE:
1939  return JSValue::kSize;
1940  case JS_DATE_TYPE:
1941  return JSDate::kSize;
1942  case JS_ARRAY_TYPE:
1943  return JSArray::kSize;
1944  case JS_ARRAY_BUFFER_TYPE:
1945  return JSArrayBuffer::kSize;
1946  case JS_TYPED_ARRAY_TYPE:
1947  return JSTypedArray::kSize;
1948  case JS_DATA_VIEW_TYPE:
1949  return JSDataView::kSize;
1950  case JS_SET_TYPE:
1951  return JSSet::kSize;
1952  case JS_MAP_TYPE:
1953  return JSMap::kSize;
1954  case JS_SET_ITERATOR_TYPE:
1955  return JSSetIterator::kSize;
1956  case JS_MAP_ITERATOR_TYPE:
1957  return JSMapIterator::kSize;
1958  case JS_WEAK_MAP_TYPE:
1959  return JSWeakMap::kSize;
1960  case JS_WEAK_SET_TYPE:
1961  return JSWeakSet::kSize;
1962  case JS_REGEXP_TYPE:
1963  return JSRegExp::kSize;
1964  case JS_CONTEXT_EXTENSION_OBJECT_TYPE:
1965  return JSObject::kHeaderSize;
1966  case JS_MESSAGE_OBJECT_TYPE:
1967  return JSMessageObject::kSize;
1968  default:
1969  // TODO(jkummerow): Re-enable this. Blink currently hits this
1970  // from its CustomElementConstructorBuilder.
1971  // UNREACHABLE();
1972  return 0;
1973  }
1974 }
v8::internal::JSArrayBuffer::kSize
static const int kSize
Definition: objects.h:9881
v8::internal::JSArray::kSize
static const int kSize
Definition: objects.h:10073
v8::internal::JSBuiltinsObject::kSize
static const int kSize
Definition: objects.h:7517
v8::internal::JSCollection::kSize
static const int kSize
Definition: objects.h:9657
v8::internal::JSDataView::kSize
static const int kSize
Definition: objects.h:9971
v8::internal::JSDate::kSize
static const int kSize
Definition: objects.h:7632
v8::internal::JSFunction::kSize
static const int kSize
Definition: objects.h:7385
v8::internal::JSGlobalObject::kSize
static const int kSize
Definition: objects.h:7485
v8::internal::JSGlobalProxy::kSize
static const int kSize
Definition: objects.h:7429
v8::internal::JSMessageObject::kSize
static const int kSize
Definition: objects.h:7688
v8::internal::JSModule::kSize
static const int kSize
Definition: objects.h:7169
v8::internal::JSObject::kHeaderSize
static const int kHeaderSize
Definition: objects.h:2195
v8::internal::JSRegExp::kSize
static const int kSize
Definition: objects.h:7772
v8::internal::JSTypedArray::kSize
static const int kSize
Definition: objects.h:9947
v8::internal::JSValue::kSize
static const int kSize
Definition: objects.h:7547
v8::internal::JSWeakCollection::kSize
static const int kSize
Definition: objects.h:9809
v8::internal::Map::instance_type
InstanceType instance_type()
Definition: objects-inl.h:4323
v8::internal::JS_REGEXP_TYPE
@ JS_REGEXP_TYPE
Definition: objects.h:748
v8::internal::JS_VALUE_TYPE
@ JS_VALUE_TYPE
Definition: objects.h:728
v8::internal::JS_DATE_TYPE
@ JS_DATE_TYPE
Definition: objects.h:730
v8::internal::JS_GLOBAL_PROXY_TYPE
@ JS_GLOBAL_PROXY_TYPE
Definition: objects.h:737
v8::internal::JS_ARRAY_TYPE
@ JS_ARRAY_TYPE
Definition: objects.h:738
v8::internal::JS_MODULE_TYPE
@ JS_MODULE_TYPE
Definition: objects.h:734
v8::internal::JS_OBJECT_TYPE
@ JS_OBJECT_TYPE
Definition: objects.h:731
v8::internal::JS_TYPED_ARRAY_TYPE
@ JS_TYPED_ARRAY_TYPE
Definition: objects.h:740
v8::internal::JS_DATA_VIEW_TYPE
@ JS_DATA_VIEW_TYPE
Definition: objects.h:741
v8::internal::JS_GENERATOR_OBJECT_TYPE
@ JS_GENERATOR_OBJECT_TYPE
Definition: objects.h:733
v8::internal::JS_WEAK_SET_TYPE
@ JS_WEAK_SET_TYPE
Definition: objects.h:747
v8::internal::JS_CONTEXT_EXTENSION_OBJECT_TYPE
@ JS_CONTEXT_EXTENSION_OBJECT_TYPE
Definition: objects.h:732
v8::internal::JS_MAP_ITERATOR_TYPE
@ JS_MAP_ITERATOR_TYPE
Definition: objects.h:745
v8::internal::JS_MESSAGE_OBJECT_TYPE
@ JS_MESSAGE_OBJECT_TYPE
Definition: objects.h:729
v8::internal::JS_FUNCTION_TYPE
@ JS_FUNCTION_TYPE
Definition: objects.h:749
v8::internal::JS_SET_ITERATOR_TYPE
@ JS_SET_ITERATOR_TYPE
Definition: objects.h:744
v8::internal::JS_GLOBAL_OBJECT_TYPE
@ JS_GLOBAL_OBJECT_TYPE
Definition: objects.h:735
v8::internal::JS_ARRAY_BUFFER_TYPE
@ JS_ARRAY_BUFFER_TYPE
Definition: objects.h:739
v8::internal::JS_BUILTINS_OBJECT_TYPE
@ JS_BUILTINS_OBJECT_TYPE
Definition: objects.h:736
v8::internal::JS_WEAK_MAP_TYPE
@ JS_WEAK_MAP_TYPE
Definition: objects.h:746

References v8::internal::Map::instance_type(), v8::internal::JS_ARRAY_BUFFER_TYPE, v8::internal::JS_ARRAY_TYPE, v8::internal::JS_BUILTINS_OBJECT_TYPE, v8::internal::JS_CONTEXT_EXTENSION_OBJECT_TYPE, v8::internal::JS_DATA_VIEW_TYPE, v8::internal::JS_DATE_TYPE, v8::internal::JS_FUNCTION_TYPE, v8::internal::JS_GENERATOR_OBJECT_TYPE, v8::internal::JS_GLOBAL_OBJECT_TYPE, v8::internal::JS_GLOBAL_PROXY_TYPE, v8::internal::JS_MAP_ITERATOR_TYPE, v8::internal::JS_MAP_TYPE, v8::internal::JS_MESSAGE_OBJECT_TYPE, v8::internal::JS_MODULE_TYPE, v8::internal::JS_OBJECT_TYPE, v8::internal::JS_REGEXP_TYPE, v8::internal::JS_SET_ITERATOR_TYPE, v8::internal::JS_SET_TYPE, v8::internal::JS_TYPED_ARRAY_TYPE, v8::internal::JS_VALUE_TYPE, v8::internal::JS_WEAK_MAP_TYPE, v8::internal::JS_WEAK_SET_TYPE, kHeaderSize, v8::internal::JSGeneratorObject::kSize, v8::internal::JSModule::kSize, v8::internal::JSFunction::kSize, v8::internal::JSGlobalProxy::kSize, v8::internal::JSGlobalObject::kSize, v8::internal::JSBuiltinsObject::kSize, v8::internal::JSValue::kSize, v8::internal::JSDate::kSize, v8::internal::JSMessageObject::kSize, v8::internal::JSRegExp::kSize, v8::internal::JSCollection::kSize, v8::internal::OrderedHashTableIterator< JSSetIterator, OrderedHashSet >::kSize, v8::internal::OrderedHashTableIterator< JSMapIterator, OrderedHashMap >::kSize, v8::internal::JSWeakCollection::kSize, v8::internal::JSArrayBuffer::kSize, v8::internal::JSTypedArray::kSize, v8::internal::JSDataView::kSize, v8::internal::JSArray::kSize, and v8::internal::HeapObject::map().

Referenced by GetInternalField(), GetInternalFieldCount(), GetInternalFieldOffset(), and SetInternalField().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetHiddenPropertiesHashTable()

Object * v8::internal::JSObject::GetHiddenPropertiesHashTable ( )
private

Definition at line 4707 of file objects.cc.

4707  {
4708  DCHECK(!IsJSGlobalProxy());
4709  if (HasFastProperties()) {
4710  // If the object has fast properties, check whether the first slot
4711  // in the descriptor array matches the hidden string. Since the
4712  // hidden strings hash code is zero (and no other name has hash
4713  // code zero) it will always occupy the first entry if present.
4714  DescriptorArray* descriptors = this->map()->instance_descriptors();
4715  if (descriptors->number_of_descriptors() > 0) {
4716  int sorted_index = descriptors->GetSortedKeyIndex(0);
4717  if (descriptors->GetKey(sorted_index) == GetHeap()->hidden_string() &&
4718  sorted_index < map()->NumberOfOwnDescriptors()) {
4719  DCHECK(descriptors->GetType(sorted_index) == FIELD);
4720  DCHECK(descriptors->GetDetails(sorted_index).representation().
4721  IsCompatibleForLoad(Representation::Tagged()));
4722  FieldIndex index = FieldIndex::ForDescriptor(this->map(),
4723  sorted_index);
4724  return this->RawFastPropertyAt(index);
4725  } else {
4726  return GetHeap()->undefined_value();
4727  }
4728  } else {
4729  return GetHeap()->undefined_value();
4730  }
4731  } else {
4732  Isolate* isolate = GetIsolate();
4733  LookupIterator it(handle(this), isolate->factory()->hidden_string(),
4734  LookupIterator::OWN_SKIP_INTERCEPTOR);
4735  // Access check is always skipped for the hidden string anyways.
4736  return *GetDataProperty(&it);
4737  }
4738 }
v8::internal::HeapObject::GetIsolate
Isolate * GetIsolate() const
Definition: objects-inl.h:1387
v8::internal::JSObject::RawFastPropertyAt
Object * RawFastPropertyAt(FieldIndex index)
Definition: objects-inl.h:2025
v8::internal::Representation::Tagged
static Representation Tagged()
Definition: property-details.h:77

References DCHECK, v8::internal::Isolate::factory(), v8::internal::FIELD, v8::internal::DescriptorArray::GetDetails(), v8::internal::HeapObject::GetHeap(), v8::internal::HeapObject::GetIsolate(), v8::internal::DescriptorArray::GetKey(), v8::internal::DescriptorArray::GetSortedKeyIndex(), v8::internal::DescriptorArray::GetType(), v8::internal::handle(), v8::internal::Object::LookupIterator, v8::internal::HeapObject::map(), v8::internal::DescriptorArray::number_of_descriptors(), and v8::internal::Representation::Tagged().

+ Here is the call graph for this function:

◆ GetHiddenProperty()

Object * v8::internal::JSObject::GetHiddenProperty ( Handle< Name key)

Definition at line 4594 of file objects.cc.

4594  {
4595  DisallowHeapAllocation no_gc;
4596  DCHECK(key->IsUniqueName());
4597  if (IsJSGlobalProxy()) {
4598  // JSGlobalProxies store their hash internally.
4599  DCHECK(*key != GetHeap()->identity_hash_string());
4600  // For a proxy, use the prototype as target object.
4601  PrototypeIterator iter(GetIsolate(), this);
4602  // If the proxy is detached, return undefined.
4603  if (iter.IsAtEnd()) return GetHeap()->the_hole_value();
4604  DCHECK(iter.GetCurrent()->IsJSGlobalObject());
4605  return JSObject::cast(iter.GetCurrent())->GetHiddenProperty(key);
4606  }
4607  DCHECK(!IsJSGlobalProxy());
4608  Object* inline_value = GetHiddenPropertiesHashTable();
4609 
4610  if (inline_value->IsSmi()) {
4611  // Handle inline-stored identity hash.
4612  if (*key == GetHeap()->identity_hash_string()) {
4613  return inline_value;
4614  } else {
4615  return GetHeap()->the_hole_value();
4616  }
4617  }
4618 
4619  if (inline_value->IsUndefined()) return GetHeap()->the_hole_value();
4620 
4621  ObjectHashTable* hashtable = ObjectHashTable::cast(inline_value);
4622  Object* entry = hashtable->Lookup(key);
4623  return entry;
4624 }
v8::internal::JSObject::GetHiddenPropertiesHashTable
MUST_USE_RESULT Object * GetHiddenPropertiesHashTable()
Definition: objects.cc:4707

References DCHECK, v8::internal::PrototypeIterator::GetCurrent(), v8::internal::HeapObject::GetHeap(), v8::internal::HeapObject::GetIsolate(), v8::internal::PrototypeIterator::IsAtEnd(), and v8::internal::ObjectHashTable::Lookup().

+ Here is the call graph for this function:

◆ GetIdentityHash()

Object * v8::internal::JSObject::GetIdentityHash ( )
private

Definition at line 4554 of file objects.cc.

4554  {
4555  DisallowHeapAllocation no_gc;
4556  Isolate* isolate = GetIsolate();
4557  if (IsJSGlobalProxy()) {
4558  return JSGlobalProxy::cast(this)->hash();
4559  }
4560  Object* stored_value =
4561  GetHiddenProperty(isolate->factory()->identity_hash_string());
4562  return stored_value->IsSmi()
4563  ? stored_value
4564  : isolate->heap()->undefined_value();
4565 }
v8::internal::JSObject::GetHiddenProperty
Object * GetHiddenProperty(Handle< Name > key)
Definition: objects.cc:4594

References v8::internal::Isolate::factory(), v8::internal::HeapObject::GetIsolate(), and v8::internal::Isolate::heap().

+ Here is the call graph for this function:

◆ GetIndexedInterceptor()

InterceptorInfo * v8::internal::JSObject::GetIndexedInterceptor ( )

Definition at line 13112 of file objects.cc.

13112  {
13113  DCHECK(map()->has_indexed_interceptor());
13114  JSFunction* constructor = JSFunction::cast(map()->constructor());
13115  DCHECK(constructor->shared()->IsApiFunction());
13116  Object* result =
13117  constructor->shared()->get_api_func_data()->indexed_property_handler();
13118  return InterceptorInfo::cast(result);
13119 }

References DCHECK, and v8::internal::HeapObject::map().

+ Here is the call graph for this function:

◆ GetInObjectPropertyOffset()

int v8::internal::JSObject::GetInObjectPropertyOffset ( int  index)
inline

Definition at line 2045 of file objects-inl.h.

2045  {
2046  return map()->GetInObjectPropertyOffset(index);
2047 }
v8::internal::Map::GetInObjectPropertyOffset
int GetInObjectPropertyOffset(int index)
Definition: objects-inl.h:4251

References v8::internal::Map::GetInObjectPropertyOffset(), and v8::internal::HeapObject::map().

Referenced by v8::internal::V8HeapExplorer::ExtractPropertyReferences(), InObjectPropertyAt(), and InObjectPropertyAtPut().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetInternalField()

Object * v8::internal::JSObject::GetInternalField ( int  index)
inline

Definition at line 1992 of file objects-inl.h.

1992  {
1993  DCHECK(index < GetInternalFieldCount() && index >= 0);
1994  // Internal objects do follow immediately after the header, whereas in-object
1995  // properties are at the end of the object. Therefore there is no need
1996  // to adjust the index here.
1997  return READ_FIELD(this, GetHeaderSize() + (kPointerSize * index));
1998 }
v8::internal::kPointerSize
const int kPointerSize
Definition: globals.h:129

References DCHECK, GetHeaderSize(), GetInternalFieldCount(), v8::internal::kPointerSize, and READ_FIELD.

Referenced by v8::internal::V8HeapExplorer::ExtractInternalReferences().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetInternalFieldCount()

int v8::internal::JSObject::GetInternalFieldCount ( )
inline

Definition at line 1977 of file objects-inl.h.

1977  {
1978  DCHECK(1 << kPointerSizeLog2 == kPointerSize);
1979  // Make sure to adjust for the number of in-object properties. These
1980  // properties do contribute to the size, but are not internal fields.
1981  return ((Size() - GetHeaderSize()) >> kPointerSizeLog2) -
1982  map()->inobject_properties();
1983 }
v8::internal::kPointerSizeLog2
const int kPointerSizeLog2
Definition: globals.h:147

References DCHECK, GetHeaderSize(), v8::internal::Map::inobject_properties(), v8::internal::kPointerSize, v8::internal::kPointerSizeLog2, v8::internal::HeapObject::map(), and v8::internal::HeapObject::Size().

Referenced by v8::internal::V8HeapExplorer::ExtractInternalReferences(), GetInternalField(), GetInternalFieldOffset(), v8::internal::Heap::InitializeJSObjectFromMap(), and SetInternalField().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetInternalFieldOffset()

int v8::internal::JSObject::GetInternalFieldOffset ( int  index)
inline

Definition at line 1986 of file objects-inl.h.

1986  {
1987  DCHECK(index < GetInternalFieldCount() && index >= 0);
1988  return GetHeaderSize() + (kPointerSize * index);
1989 }

References DCHECK, GetHeaderSize(), GetInternalFieldCount(), and v8::internal::kPointerSize.

Referenced by v8::internal::V8HeapExplorer::ExtractInternalReferences().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetKeysForIndexedInterceptor()

MaybeHandle< JSObject > v8::internal::JSObject::GetKeysForIndexedInterceptor ( Handle< JSObject object,
Handle< JSReceiver receiver 
)
static

Definition at line 13181 of file objects.cc.

13182  {
13183  Isolate* isolate = receiver->GetIsolate();
13184  Handle<InterceptorInfo> interceptor(object->GetIndexedInterceptor());
13185  PropertyCallbackArguments
13186  args(isolate, interceptor->data(), *receiver, *object);
13187  v8::Handle<v8::Object> result;
13188  if (!interceptor->enumerator()->IsUndefined()) {
13189  v8::IndexedPropertyEnumeratorCallback enum_fun =
13190  v8::ToCData<v8::IndexedPropertyEnumeratorCallback>(
13191  interceptor->enumerator());
13192  LOG(isolate, ApiObjectAccess("interceptor-indexed-enum", *object));
13193  result = args.Call(enum_fun);
13194  }
13195  if (result.IsEmpty()) return MaybeHandle<JSObject>();
13196 #if ENABLE_EXTRA_CHECKS
13197  CHECK(v8::Utils::OpenHandle(*result)->IsJSArray() ||
13198  v8::Utils::OpenHandle(*result)->HasSloppyArgumentsElements());
13199 #endif
13200  // Rebox before returning.
13201  return handle(*v8::Utils::OpenHandle(*result), isolate);
13202 }
v8::IndexedPropertyEnumeratorCallback
void(* IndexedPropertyEnumeratorCallback)(const PropertyCallbackInfo< Array > &info)
Returns an array containing the indices of the properties the indexed property getter intercepts.
Definition: v8.h:3512

References CHECK, v8::internal::handle(), v8::Handle< T >::IsEmpty(), LOG, and v8::Utils::OpenHandle().

Referenced by v8::internal::JSReceiver::GetKeys(), and v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetKeysForNamedInterceptor()

MaybeHandle< JSObject > v8::internal::JSObject::GetKeysForNamedInterceptor ( Handle< JSObject object,
Handle< JSReceiver receiver 
)
static

Definition at line 13156 of file objects.cc.

13157  {
13158  Isolate* isolate = receiver->GetIsolate();
13159  Handle<InterceptorInfo> interceptor(object->GetNamedInterceptor());
13160  PropertyCallbackArguments
13161  args(isolate, interceptor->data(), *receiver, *object);
13162  v8::Handle<v8::Object> result;
13163  if (!interceptor->enumerator()->IsUndefined()) {
13164  v8::NamedPropertyEnumeratorCallback enum_fun =
13165  v8::ToCData<v8::NamedPropertyEnumeratorCallback>(
13166  interceptor->enumerator());
13167  LOG(isolate, ApiObjectAccess("interceptor-named-enum", *object));
13168  result = args.Call(enum_fun);
13169  }
13170  if (result.IsEmpty()) return MaybeHandle<JSObject>();
13171 #if ENABLE_EXTRA_CHECKS
13172  CHECK(v8::Utils::OpenHandle(*result)->IsJSArray() ||
13173  v8::Utils::OpenHandle(*result)->HasSloppyArgumentsElements());
13174 #endif
13175  // Rebox before returning.
13176  return handle(*v8::Utils::OpenHandle(*result), isolate);
13177 }
v8::NamedPropertyEnumeratorCallback
void(* NamedPropertyEnumeratorCallback)(const PropertyCallbackInfo< Array > &info)
Returns an array containing the names of the properties the named property getter intercepts.
Definition: v8.h:3466

References CHECK, v8::internal::handle(), v8::Handle< T >::IsEmpty(), LOG, and v8::Utils::OpenHandle().

Referenced by v8::internal::JSReceiver::GetKeys(), and v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetNamedInterceptor()

InterceptorInfo * v8::internal::JSObject::GetNamedInterceptor ( )

Definition at line 13102 of file objects.cc.

13102  {
13103  DCHECK(map()->has_named_interceptor());
13104  JSFunction* constructor = JSFunction::cast(map()->constructor());
13105  DCHECK(constructor->shared()->IsApiFunction());
13106  Object* result =
13107  constructor->shared()->get_api_func_data()->named_property_handler();
13108  return InterceptorInfo::cast(result);
13109 }

References DCHECK, and v8::internal::HeapObject::map().

+ Here is the call graph for this function:

◆ GetOrCreateHiddenPropertiesHashtable()

Handle< ObjectHashTable > v8::internal::JSObject::GetOrCreateHiddenPropertiesHashtable ( Handle< JSObject object)
staticprivate

Definition at line 4740 of file objects.cc.

4741  {
4742  Isolate* isolate = object->GetIsolate();
4743 
4744  static const int kInitialCapacity = 4;
4745  Handle<Object> inline_value(object->GetHiddenPropertiesHashTable(), isolate);
4746  if (inline_value->IsHashTable()) {
4747  return Handle<ObjectHashTable>::cast(inline_value);
4748  }
4749 
4750  Handle<ObjectHashTable> hashtable = ObjectHashTable::New(
4751  isolate, kInitialCapacity, USE_CUSTOM_MINIMUM_CAPACITY);
4752 
4753  if (inline_value->IsSmi()) {
4754  // We were storing the identity hash inline and now allocated an actual
4755  // dictionary. Put the identity hash into the new dictionary.
4756  hashtable = ObjectHashTable::Put(hashtable,
4757  isolate->factory()->identity_hash_string(),
4758  inline_value);
4759  }
4760 
4761  SetHiddenPropertiesHashTable(object, hashtable);
4762  return hashtable;
4763 }
v8::internal::HashTable< ObjectHashTable, ObjectHashTableShape, Handle< Object > >::New
static MUST_USE_RESULT Handle< ObjectHashTable > New(Isolate *isolate, int at_least_space_for, MinimumCapacity capacity_option=USE_DEFAULT_MINIMUM_CAPACITY, PretenureFlag pretenure=NOT_TENURED)
Definition: objects.cc:13756
v8::internal::JSObject::SetHiddenPropertiesHashTable
static Handle< Object > SetHiddenPropertiesHashTable(Handle< JSObject > object, Handle< Object > value)
Definition: objects.cc:4766
v8::internal::ObjectHashTable::Put
static Handle< ObjectHashTable > Put(Handle< ObjectHashTable > table, Handle< Object > key, Handle< Object > value)
Definition: objects.cc:15302
v8::internal::USE_CUSTOM_MINIMUM_CAPACITY
@ USE_CUSTOM_MINIMUM_CAPACITY
Definition: globals.h:386

References v8::internal::Handle< T >::cast(), v8::internal::Isolate::factory(), v8::internal::HashTable< ObjectHashTable, ObjectHashTableShape, Handle< Object > >::New(), v8::internal::ObjectHashTable::Put(), and v8::internal::USE_CUSTOM_MINIMUM_CAPACITY.

+ Here is the call graph for this function:

◆ GetOrCreateIdentityHash()

Handle< Smi > v8::internal::JSObject::GetOrCreateIdentityHash ( Handle< JSObject object)
staticprivate

Definition at line 4568 of file objects.cc.

4568  {
4569  if (object->IsJSGlobalProxy()) {
4570  return GetOrCreateIdentityHashHelper(Handle<JSGlobalProxy>::cast(object));
4571  }
4572 
4573  Isolate* isolate = object->GetIsolate();
4574 
4575  Handle<Object> maybe_hash(object->GetIdentityHash(), isolate);
4576  if (maybe_hash->IsSmi()) return Handle<Smi>::cast(maybe_hash);
4577 
4578  Handle<Smi> hash(GenerateIdentityHash(isolate), isolate);
4579  SetHiddenProperty(object, isolate->factory()->identity_hash_string(), hash);
4580  return hash;
4581 }
v8::internal::JSObject::SetHiddenProperty
static Handle< Object > SetHiddenProperty(Handle< JSObject > object, Handle< Name > key, Handle< Object > value)
Definition: objects.cc:4627
v8::internal::GenerateIdentityHash
static Smi * GenerateIdentityHash(Isolate *isolate)
Definition: objects.cc:4519
v8::internal::GetOrCreateIdentityHashHelper
static Handle< Smi > GetOrCreateIdentityHashHelper(Handle< ProxyType > proxy)
Definition: objects.cc:4542

References v8::internal::Handle< T >::cast(), v8::internal::Isolate::factory(), v8::internal::GenerateIdentityHash(), and v8::internal::GetOrCreateIdentityHashHelper().

Referenced by v8::internal::JSReceiver::GetOrCreateIdentityHash().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetOwnElementAccessorPair()

MaybeHandle< AccessorPair > v8::internal::JSObject::GetOwnElementAccessorPair ( Handle< JSObject object,
uint32_t  index 
)
static

Definition at line 11759 of file objects.cc.

11761  {
11762  if (object->IsJSGlobalProxy()) {
11763  PrototypeIterator iter(object->GetIsolate(), object);
11764  if (iter.IsAtEnd()) return MaybeHandle<AccessorPair>();
11765  DCHECK(PrototypeIterator::GetCurrent(iter)->IsJSGlobalObject());
11766  return GetOwnElementAccessorPair(
11767  Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)), index);
11768  }
11769 
11770  // Check for lookup interceptor.
11771  if (object->HasIndexedInterceptor()) return MaybeHandle<AccessorPair>();
11772 
11773  return object->GetElementsAccessor()->GetAccessorPair(object, object, index);
11774 }

References DCHECK, v8::internal::PrototypeIterator::GetCurrent(), and v8::internal::PrototypeIterator::IsAtEnd().

Referenced by v8::internal::GetOldValue(), and v8::internal::GetOwnProperty().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetOwnElementKeys()

int v8::internal::JSObject::GetOwnElementKeys ( FixedArray storage,
PropertyAttributes  filter 
)

Definition at line 13422 of file objects.cc.

13423  {
13424  int counter = 0;
13425  switch (GetElementsKind()) {
13426  case FAST_SMI_ELEMENTS:
13427  case FAST_ELEMENTS:
13428  case FAST_HOLEY_SMI_ELEMENTS:
13429  case FAST_HOLEY_ELEMENTS: {
13430  int length = IsJSArray() ?
13431  Smi::cast(JSArray::cast(this)->length())->value() :
13432  FixedArray::cast(elements())->length();
13433  for (int i = 0; i < length; i++) {
13434  if (!FixedArray::cast(elements())->get(i)->IsTheHole()) {
13435  if (storage != NULL) {
13436  storage->set(counter, Smi::FromInt(i));
13437  }
13438  counter++;
13439  }
13440  }
13441  DCHECK(!storage || storage->length() >= counter);
13442  break;
13443  }
13444  case FAST_DOUBLE_ELEMENTS:
13445  case FAST_HOLEY_DOUBLE_ELEMENTS: {
13446  int length = IsJSArray() ?
13447  Smi::cast(JSArray::cast(this)->length())->value() :
13448  FixedArrayBase::cast(elements())->length();
13449  for (int i = 0; i < length; i++) {
13450  if (!FixedDoubleArray::cast(elements())->is_the_hole(i)) {
13451  if (storage != NULL) {
13452  storage->set(counter, Smi::FromInt(i));
13453  }
13454  counter++;
13455  }
13456  }
13457  DCHECK(!storage || storage->length() >= counter);
13458  break;
13459  }
13460 
13461 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
13462  case EXTERNAL_##TYPE##_ELEMENTS: \
13463  case TYPE##_ELEMENTS: \
13464 
13465  TYPED_ARRAYS(TYPED_ARRAY_CASE)
13466 #undef TYPED_ARRAY_CASE
13467  {
13468  int length = FixedArrayBase::cast(elements())->length();
13469  while (counter < length) {
13470  if (storage != NULL) {
13471  storage->set(counter, Smi::FromInt(counter));
13472  }
13473  counter++;
13474  }
13475  DCHECK(!storage || storage->length() >= counter);
13476  break;
13477  }
13478 
13479  case DICTIONARY_ELEMENTS: {
13480  if (storage != NULL) {
13481  element_dictionary()->CopyKeysTo(storage,
13482  filter,
13483  SeededNumberDictionary::SORTED);
13484  }
13485  counter += element_dictionary()->NumberOfElementsFilterAttributes(filter);
13486  break;
13487  }
13488  case SLOPPY_ARGUMENTS_ELEMENTS: {
13489  FixedArray* parameter_map = FixedArray::cast(elements());
13490  int mapped_length = parameter_map->length() - 2;
13491  FixedArray* arguments = FixedArray::cast(parameter_map->get(1));
13492  if (arguments->IsDictionary()) {
13493  // Copy the keys from arguments first, because Dictionary::CopyKeysTo
13494  // will insert in storage starting at index 0.
13495  SeededNumberDictionary* dictionary =
13496  SeededNumberDictionary::cast(arguments);
13497  if (storage != NULL) {
13498  dictionary->CopyKeysTo(
13499  storage, filter, SeededNumberDictionary::UNSORTED);
13500  }
13501  counter += dictionary->NumberOfElementsFilterAttributes(filter);
13502  for (int i = 0; i < mapped_length; ++i) {
13503  if (!parameter_map->get(i + 2)->IsTheHole()) {
13504  if (storage != NULL) storage->set(counter, Smi::FromInt(i));
13505  ++counter;
13506  }
13507  }
13508  if (storage != NULL) storage->SortPairs(storage, counter);
13509 
13510  } else {
13511  int backing_length = arguments->length();
13512  int i = 0;
13513  for (; i < mapped_length; ++i) {
13514  if (!parameter_map->get(i + 2)->IsTheHole()) {
13515  if (storage != NULL) storage->set(counter, Smi::FromInt(i));
13516  ++counter;
13517  } else if (i < backing_length && !arguments->get(i)->IsTheHole()) {
13518  if (storage != NULL) storage->set(counter, Smi::FromInt(i));
13519  ++counter;
13520  }
13521  }
13522  for (; i < backing_length; ++i) {
13523  if (storage != NULL) storage->set(counter, Smi::FromInt(i));
13524  ++counter;
13525  }
13526  }
13527  break;
13528  }
13529  }
13530 
13531  if (this->IsJSValue()) {
13532  Object* val = JSValue::cast(this)->value();
13533  if (val->IsString()) {
13534  String* str = String::cast(val);
13535  if (storage) {
13536  for (int i = 0; i < str->length(); i++) {
13537  storage->set(counter + i, Smi::FromInt(i));
13538  }
13539  }
13540  counter += str->length();
13541  }
13542  }
13543  DCHECK(!storage || storage->length() == counter);
13544  return counter;
13545 }
v8::internal::Dictionary::CopyKeysTo
void CopyKeysTo(FixedArray *storage, PropertyAttributes filter, SortMode sort_mode)
v8::internal::Dictionary::NumberOfElementsFilterAttributes
int NumberOfElementsFilterAttributes(PropertyAttributes filter)
Definition: objects.cc:15160
v8::internal::Smi::FromInt
static Smi * FromInt(int value)
Definition: objects-inl.h:1321

References v8::internal::Dictionary< Derived, Shape, Key >::CopyKeysTo(), DCHECK, v8::internal::DICTIONARY_ELEMENTS, v8::internal::FAST_DOUBLE_ELEMENTS, v8::internal::FAST_ELEMENTS, v8::internal::FAST_HOLEY_DOUBLE_ELEMENTS, v8::internal::FAST_HOLEY_ELEMENTS, v8::internal::FAST_HOLEY_SMI_ELEMENTS, v8::internal::FAST_SMI_ELEMENTS, v8::internal::Smi::FromInt(), v8::internal::FixedArray::get(), v8::internal::FixedArray::is_the_hole(), v8::internal::FixedArrayBase::length(), v8::internal::String::length(), NULL, v8::internal::Dictionary< Derived, Shape, Key >::NumberOfElementsFilterAttributes(), v8::internal::FixedArray::set(), v8::internal::SLOPPY_ARGUMENTS_ELEMENTS, v8::internal::Dictionary< SeededNumberDictionary, SeededNumberDictionaryShape, uint32_t >::SORTED, v8::internal::FixedArray::SortPairs(), TYPED_ARRAY_CASE, TYPED_ARRAYS, and v8::internal::Dictionary< SeededNumberDictionary, SeededNumberDictionaryShape, uint32_t >::UNSORTED.

+ Here is the call graph for this function:

◆ GetOwnPropertyNames()

void v8::internal::JSObject::GetOwnPropertyNames ( FixedArray storage,
int  index,
PropertyAttributes  filter = NONE 
)

Definition at line 13382 of file objects.cc.

13383  {
13384  DCHECK(storage->length() >= (NumberOfOwnProperties(filter) - index));
13385  if (HasFastProperties()) {
13386  int real_size = map()->NumberOfOwnDescriptors();
13387  DescriptorArray* descs = map()->instance_descriptors();
13388  for (int i = 0; i < real_size; i++) {
13389  if ((descs->GetDetails(i).attributes() & filter) == 0 &&
13390  !FilterKey(descs->GetKey(i), filter)) {
13391  storage->set(index++, descs->GetKey(i));
13392  }
13393  }
13394  } else {
13395  property_dictionary()->CopyKeysTo(storage,
13396  index,
13397  filter,
13398  NameDictionary::UNSORTED);
13399  }
13400 }
v8::internal::JSObject::NumberOfOwnProperties
int NumberOfOwnProperties(PropertyAttributes filter=NONE)
Definition: objects.cc:13252
v8::internal::JSObject::property_dictionary
NameDictionary * property_dictionary()
Definition: objects-inl.h:6443
v8::internal::Map::NumberOfOwnDescriptors
int NumberOfOwnDescriptors()
Definition: objects.h:5944
v8::internal::FilterKey
static bool FilterKey(Object *key, PropertyAttributes filter)
Definition: objects.cc:5628

References DCHECK, v8::internal::FilterKey(), v8::internal::DescriptorArray::GetDetails(), v8::internal::DescriptorArray::GetKey(), v8::internal::FixedArrayBase::length(), v8::internal::HeapObject::map(), v8::internal::Map::NumberOfOwnDescriptors(), v8::internal::FixedArray::set(), and v8::internal::Dictionary< NameDictionary, NameDictionaryShape, Handle< Name > >::UNSORTED.

+ Here is the call graph for this function:

◆ GetPropertyAttributesWithFailedAccessCheck()

Maybe< PropertyAttributes > v8::internal::JSObject::GetPropertyAttributesWithFailedAccessCheck ( LookupIterator it)
static

Definition at line 601 of file objects.cc.

602  {
603  Handle<JSObject> checked = it->GetHolder<JSObject>();
604  if (FindAllCanReadHolder(it))
605  return maybe(it->property_details().attributes());
606  it->isolate()->ReportFailedAccessCheck(checked, v8::ACCESS_HAS);
607  RETURN_VALUE_IF_SCHEDULED_EXCEPTION(it->isolate(),
608  Maybe<PropertyAttributes>());
609  return maybe(ABSENT);
610 }
v8::internal::FindAllCanReadHolder
static bool FindAllCanReadHolder(LookupIterator *it)
Definition: objects.cc:574

References ABSENT, v8::ACCESS_HAS, v8::internal::FindAllCanReadHolder(), v8::maybe(), and RETURN_VALUE_IF_SCHEDULED_EXCEPTION.

Referenced by v8::internal::JSReceiver::GetPropertyAttributes().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetPropertyAttributesWithInterceptor()

Maybe< PropertyAttributes > v8::internal::JSObject::GetPropertyAttributesWithInterceptor ( Handle< JSObject holder,
Handle< Object receiver,
Handle< Name name 
)
static

Definition at line 3940 of file objects.cc.

3943  {
3944  // TODO(rossberg): Support symbols in the API.
3945  if (name->IsSymbol()) return maybe(ABSENT);
3946 
3947  Isolate* isolate = holder->GetIsolate();
3948  HandleScope scope(isolate);
3949 
3950  // Make sure that the top context does not change when doing
3951  // callbacks or interceptor calls.
3952  AssertNoContextChange ncc(isolate);
3953 
3954  Handle<InterceptorInfo> interceptor(holder->GetNamedInterceptor());
3955  PropertyCallbackArguments args(
3956  isolate, interceptor->data(), *receiver, *holder);
3957  if (!interceptor->query()->IsUndefined()) {
3958  v8::NamedPropertyQueryCallback query =
3959  v8::ToCData<v8::NamedPropertyQueryCallback>(interceptor->query());
3960  LOG(isolate,
3961  ApiNamedPropertyAccess("interceptor-named-has", *holder, *name));
3962  v8::Handle<v8::Integer> result =
3963  args.Call(query, v8::Utils::ToLocal(Handle<String>::cast(name)));
3964  if (!result.IsEmpty()) {
3965  DCHECK(result->IsInt32());
3966  return maybe(static_cast<PropertyAttributes>(result->Int32Value()));
3967  }
3968  } else if (!interceptor->getter()->IsUndefined()) {
3969  v8::NamedPropertyGetterCallback getter =
3970  v8::ToCData<v8::NamedPropertyGetterCallback>(interceptor->getter());
3971  LOG(isolate,
3972  ApiNamedPropertyAccess("interceptor-named-get-has", *holder, *name));
3973  v8::Handle<v8::Value> result =
3974  args.Call(getter, v8::Utils::ToLocal(Handle<String>::cast(name)));
3975  if (!result.IsEmpty()) return maybe(DONT_ENUM);
3976  }
3977 
3978  RETURN_VALUE_IF_SCHEDULED_EXCEPTION(isolate, Maybe<PropertyAttributes>());
3979  return maybe(ABSENT);
3980 }
v8::Value::IsInt32
bool IsInt32() const
Returns true if this value is a 32-bit signed integer.
Definition: api.cc:2510
v8::NamedPropertyGetterCallback
void(* NamedPropertyGetterCallback)(Local< String > property, const PropertyCallbackInfo< Value > &info)
NamedProperty[Getter|Setter] are used as interceptors on object.
Definition: v8.h:3427
v8::NamedPropertyQueryCallback
void(* NamedPropertyQueryCallback)(Local< String > property, const PropertyCallbackInfo< Integer > &info)
Returns a non-empty handle if the interceptor intercepts the request.
Definition: v8.h:3447

References ABSENT, DCHECK, DONT_ENUM, v8::Value::Int32Value(), v8::Handle< T >::IsEmpty(), v8::Value::IsInt32(), LOG, v8::maybe(), name, RETURN_VALUE_IF_SCHEDULED_EXCEPTION, and v8::Utils::ToLocal().

Referenced by v8::internal::JSReceiver::GetPropertyAttributes(), and v8::internal::Object::SetProperty().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetPropertyWithFailedAccessCheck()

MaybeHandle< Object > v8::internal::JSObject::GetPropertyWithFailedAccessCheck ( LookupIterator it)
staticprivate

Definition at line 587 of file objects.cc.

588  {
589  Handle<JSObject> checked = it->GetHolder<JSObject>();
590  if (FindAllCanReadHolder(it)) {
591  return GetPropertyWithAccessor(it->GetReceiver(), it->name(),
592  it->GetHolder<JSObject>(),
593  it->GetAccessors());
594  }
595  it->isolate()->ReportFailedAccessCheck(checked, v8::ACCESS_GET);
596  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(it->isolate(), Object);
597  return it->factory()->undefined_value();
598 }
v8::internal::Object::GetPropertyWithAccessor
static MUST_USE_RESULT MaybeHandle< Object > GetPropertyWithAccessor(Handle< Object > receiver, Handle< Name > name, Handle< JSObject > holder, Handle< Object > structure)
Definition: objects.cc:411

References v8::ACCESS_GET, v8::internal::FindAllCanReadHolder(), v8::internal::Object::GetPropertyWithAccessor(), and RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION.

Referenced by v8::internal::Object::GetProperty().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetPropertyWithInterceptor()

MaybeHandle< Object > v8::internal::JSObject::GetPropertyWithInterceptor ( Handle< JSObject object,
Handle< Object receiver,
Handle< Name name 
)
static

Definition at line 13122 of file objects.cc.

13125  {
13126  Isolate* isolate = holder->GetIsolate();
13127 
13128  // TODO(rossberg): Support symbols in the API.
13129  if (name->IsSymbol()) return isolate->factory()->undefined_value();
13130 
13131  Handle<InterceptorInfo> interceptor(holder->GetNamedInterceptor(), isolate);
13132  Handle<String> name_string = Handle<String>::cast(name);
13133 
13134  if (interceptor->getter()->IsUndefined()) return MaybeHandle<Object>();
13135 
13136  v8::NamedPropertyGetterCallback getter =
13137  v8::ToCData<v8::NamedPropertyGetterCallback>(interceptor->getter());
13138  LOG(isolate,
13139  ApiNamedPropertyAccess("interceptor-named-get", *holder, *name));
13140  PropertyCallbackArguments
13141  args(isolate, interceptor->data(), *receiver, *holder);
13142  v8::Handle<v8::Value> result =
13143  args.Call(getter, v8::Utils::ToLocal(name_string));
13144  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
13145  if (result.IsEmpty()) return MaybeHandle<Object>();
13146 
13147  Handle<Object> result_internal = v8::Utils::OpenHandle(*result);
13148  result_internal->VerifyApiCallResultType();
13149  // Rebox handle before return
13150  return handle(*result_internal, isolate);
13151 }

References v8::internal::Handle< T >::cast(), v8::internal::Isolate::factory(), v8::internal::handle(), v8::Handle< T >::IsEmpty(), LOG, name, v8::Utils::OpenHandle(), RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION, and v8::Utils::ToLocal().

Referenced by v8::internal::Object::GetProperty().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ HasDenseElements()

bool v8::internal::JSObject::HasDenseElements ( )
private

Definition at line 12881 of file objects.cc.

12881  {
12882  int capacity = 0;
12883  int used = 0;
12884  GetElementsCapacityAndUsage(&capacity, &used);
12885  return (capacity == 0) || (used > (capacity / 2));
12886 }
v8::internal::JSObject::GetElementsCapacityAndUsage
void GetElementsCapacityAndUsage(int *capacity, int *used)
Definition: objects.cc:12889

◆ HasDictionaryArgumentsElements()

bool v8::internal::JSObject::HasDictionaryArgumentsElements ( )

Definition at line 11934 of file objects.cc.

11934  {
11935  Heap* heap = GetHeap();
11936  if (!elements()->IsFixedArray()) return false;
11937  FixedArray* elements = FixedArray::cast(this->elements());
11938  if (elements->map() != heap->sloppy_arguments_elements_map()) {
11939  return false;
11940  }
11941  FixedArray* arguments = FixedArray::cast(elements->get(1));
11942  return arguments->IsDictionary();
11943 }

References v8::internal::FixedArray::get(), v8::internal::HeapObject::GetHeap(), and v8::internal::HeapObject::map().

+ Here is the call graph for this function:

◆ HasDictionaryElements()

bool v8::internal::JSObject::HasDictionaryElements ( )
inline

Definition at line 6381 of file objects-inl.h.

6381  {
6382  return GetElementsKind() == DICTIONARY_ELEMENTS;
6383 }

References v8::internal::DICTIONARY_ELEMENTS, and GetElementsKind().

Referenced by element_dictionary(), and v8::internal::V8HeapExplorer::ExtractElementReferences().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ HasExternalArrayElements()

bool v8::internal::JSObject::HasExternalArrayElements ( )
inline

Definition at line 6391 of file objects-inl.h.

6391  {
6392  HeapObject* array = elements();
6393  DCHECK(array != NULL);
6394  return array->IsExternalArray();
6395 }

References DCHECK, and NULL.

Referenced by v8::internal::Heap::AllocateJSObjectFromMap(), and v8::internal::JSArray::AllowsSetElementsLength().

+ Here is the caller graph for this function:

◆ HasExternalFloat32Elements()

bool v8::internal::JSObject::HasExternalFloat32Elements ( )
inline

◆ HasExternalFloat64Elements()

bool v8::internal::JSObject::HasExternalFloat64Elements ( )
inline

◆ HasExternalInt16Elements()

bool v8::internal::JSObject::HasExternalInt16Elements ( )
inline

◆ HasExternalInt32Elements()

bool v8::internal::JSObject::HasExternalInt32Elements ( )
inline

◆ HasExternalInt8Elements()

bool v8::internal::JSObject::HasExternalInt8Elements ( )
inline

◆ HasExternalUint16Elements()

bool v8::internal::JSObject::HasExternalUint16Elements ( )
inline

◆ HasExternalUint32Elements()

bool v8::internal::JSObject::HasExternalUint32Elements ( )
inline

◆ HasExternalUint8ClampedElements()

bool v8::internal::JSObject::HasExternalUint8ClampedElements ( )
inline

◆ HasExternalUint8Elements()

bool v8::internal::JSObject::HasExternalUint8Elements ( )
inline

◆ HasFastArgumentsElements()

bool v8::internal::JSObject::HasFastArgumentsElements ( )

Definition at line 11922 of file objects.cc.

11922  {
11923  Heap* heap = GetHeap();
11924  if (!elements()->IsFixedArray()) return false;
11925  FixedArray* elements = FixedArray::cast(this->elements());
11926  if (elements->map() != heap->sloppy_arguments_elements_map()) {
11927  return false;
11928  }
11929  FixedArray* arguments = FixedArray::cast(elements->get(1));
11930  return !arguments->IsDictionary();
11931 }

References v8::internal::FixedArray::get(), v8::internal::HeapObject::GetHeap(), and v8::internal::HeapObject::map().

+ Here is the call graph for this function:

◆ HasFastDoubleElements()

bool v8::internal::JSObject::HasFastDoubleElements ( )
inline

Definition at line 6366 of file objects-inl.h.

6366  {
6367  return IsFastDoubleElementsKind(GetElementsKind());
6368 }

References GetElementsKind(), and v8::internal::IsFastDoubleElementsKind().

Referenced by v8::internal::Heap::CopyJSObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ HasFastElements()

bool v8::internal::JSObject::HasFastElements ( )
inline

Definition at line 6376 of file objects-inl.h.

6376  {
6377  return IsFastElementsKind(GetElementsKind());
6378 }
v8::internal::IsFastElementsKind
bool IsFastElementsKind(ElementsKind kind)
Definition: elements-kind.h:113

References GetElementsKind(), and v8::internal::IsFastElementsKind().

Referenced by v8::internal::Heap::AllocateJSObjectFromMap(), and v8::internal::BUILTIN().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ HasFastHoleyElements()

bool v8::internal::JSObject::HasFastHoleyElements ( )
inline

Definition at line 6371 of file objects-inl.h.

6371  {
6372  return IsFastHoleyElementsKind(GetElementsKind());
6373 }

References GetElementsKind(), and v8::internal::IsFastHoleyElementsKind().

+ Here is the call graph for this function:

◆ HasFastObjectElements()

bool v8::internal::JSObject::HasFastObjectElements ( )
inline

Definition at line 6351 of file objects-inl.h.

6351  {
6352  return IsFastObjectElementsKind(GetElementsKind());
6353 }

References GetElementsKind(), and v8::internal::IsFastObjectElementsKind().

Referenced by v8::internal::V8HeapExplorer::ExtractElementReferences(), and IsDirty().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ HasFastProperties()

bool v8::internal::JSObject::HasFastProperties ( )
inline

Definition at line 2092 of file objects-inl.h.

2092  {
2093  DCHECK(properties()->IsDictionary() == map()->is_dictionary_map());
2094  return !properties()->IsDictionary();
2095 }

References DCHECK, and v8::internal::HeapObject::map().

Referenced by v8::internal::V8HeapExplorer::ExtractPropertyReferences(), IsDirty(), and property_dictionary().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ HasFastSmiElements()

bool v8::internal::JSObject::HasFastSmiElements ( )
inline

Definition at line 6356 of file objects-inl.h.

6356  {
6357  return IsFastSmiElementsKind(GetElementsKind());
6358 }

References GetElementsKind(), and v8::internal::IsFastSmiElementsKind().

+ Here is the call graph for this function:

◆ HasFastSmiOrObjectElements()

bool v8::internal::JSObject::HasFastSmiOrObjectElements ( )
inline

Definition at line 6361 of file objects-inl.h.

6361  {
6362  return IsFastSmiOrObjectElementsKind(GetElementsKind());
6363 }

References GetElementsKind(), and v8::internal::IsFastSmiOrObjectElementsKind().

+ Here is the call graph for this function:

◆ HasFixedArrayElements()

bool v8::internal::JSObject::HasFixedArrayElements ( )
inline

◆ HasFixedFloat32Elements()

bool v8::internal::JSObject::HasFixedFloat32Elements ( )
inline

◆ HasFixedFloat64Elements()

bool v8::internal::JSObject::HasFixedFloat64Elements ( )
inline

◆ HasFixedInt16Elements()

bool v8::internal::JSObject::HasFixedInt16Elements ( )
inline

◆ HasFixedInt32Elements()

bool v8::internal::JSObject::HasFixedInt32Elements ( )
inline

◆ HasFixedInt8Elements()

bool v8::internal::JSObject::HasFixedInt8Elements ( )
inline

◆ HasFixedTypedArrayElements()

bool v8::internal::JSObject::HasFixedTypedArrayElements ( )
inline

Definition at line 6412 of file objects-inl.h.

6412  {
6413  HeapObject* array = elements();
6414  DCHECK(array != NULL);
6415  return array->IsFixedTypedArrayBase();
6416 }

References DCHECK, and NULL.

Referenced by v8::internal::Heap::AllocateJSObjectFromMap().

+ Here is the caller graph for this function:

◆ HasFixedUint16Elements()

bool v8::internal::JSObject::HasFixedUint16Elements ( )
inline

◆ HasFixedUint32Elements()

bool v8::internal::JSObject::HasFixedUint32Elements ( )
inline

◆ HasFixedUint8ClampedElements()

bool v8::internal::JSObject::HasFixedUint8ClampedElements ( )
inline

◆ HasFixedUint8Elements()

bool v8::internal::JSObject::HasFixedUint8Elements ( )
inline

◆ HasHiddenProperties()

bool v8::internal::JSObject::HasHiddenProperties ( Handle< JSObject object)
static

Definition at line 4697 of file objects.cc.

4697  {
4698  Handle<Name> hidden = object->GetIsolate()->factory()->hidden_string();
4699  LookupIterator it(object, hidden, LookupIterator::OWN_SKIP_INTERCEPTOR);
4700  Maybe<PropertyAttributes> maybe = GetPropertyAttributes(&it);
4701  // Cannot get an exception since the hidden_string isn't accessible to JS.
4702  DCHECK(maybe.has_value);
4703  return maybe.value != ABSENT;
4704 }

References ABSENT, DCHECK, v8::internal::Object::LookupIterator, and v8::maybe().

Referenced by v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ HasIndexedInterceptor()

bool v8::internal::JSObject::HasIndexedInterceptor ( )
inline

Definition at line 6438 of file objects-inl.h.

6438  {
6439  return map()->has_indexed_interceptor();
6440 }
v8::internal::Map::has_indexed_interceptor
bool has_indexed_interceptor()
Definition: objects.h:5691

References v8::internal::Map::has_indexed_interceptor(), and v8::internal::HeapObject::map().

Referenced by v8::internal::JSReceiver::IsSimpleEnum().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ HasNamedInterceptor()

bool v8::internal::JSObject::HasNamedInterceptor ( )
inline

Definition at line 6433 of file objects-inl.h.

6433  {
6434  return map()->has_named_interceptor();
6435 }
v8::internal::Map::has_named_interceptor
bool has_named_interceptor()
Definition: objects.h:5682

References v8::internal::Map::has_named_interceptor(), and v8::internal::HeapObject::map().

Referenced by v8::internal::JSReceiver::IsSimpleEnum().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ HasRealElementProperty()

Maybe< bool > v8::internal::JSObject::HasRealElementProperty ( Handle< JSObject object,
uint32_t  index 
)
static

Definition at line 13214 of file objects.cc.

13215  {
13216  Isolate* isolate = object->GetIsolate();
13217  HandleScope scope(isolate);
13218  // Check access rights if needed.
13219  if (object->IsAccessCheckNeeded()) {
13220  if (!isolate->MayIndexedAccess(object, index, v8::ACCESS_HAS)) {
13221  isolate->ReportFailedAccessCheck(object, v8::ACCESS_HAS);
13222  RETURN_VALUE_IF_SCHEDULED_EXCEPTION(isolate, Maybe<bool>());
13223  return maybe(false);
13224  }
13225  }
13226 
13227  if (object->IsJSGlobalProxy()) {
13228  HandleScope scope(isolate);
13229  PrototypeIterator iter(isolate, object);
13230  if (iter.IsAtEnd()) return maybe(false);
13231  DCHECK(PrototypeIterator::GetCurrent(iter)->IsJSGlobalObject());
13232  return HasRealElementProperty(
13233  Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)), index);
13234  }
13235 
13236  Maybe<PropertyAttributes> result =
13237  GetElementAttributeWithoutInterceptor(object, object, index, false);
13238  if (!result.has_value) return Maybe<bool>();
13239  return maybe(result.value != ABSENT);
13240 }
v8::internal::JSObject::HasRealElementProperty
static MUST_USE_RESULT Maybe< bool > HasRealElementProperty(Handle< JSObject > object, uint32_t index)
Definition: objects.cc:13214

References ABSENT, v8::ACCESS_HAS, DCHECK, v8::internal::PrototypeIterator::GetCurrent(), v8::Maybe< T >::has_value, v8::internal::PrototypeIterator::IsAtEnd(), v8::maybe(), v8::internal::Isolate::MayIndexedAccess(), v8::internal::Isolate::ReportFailedAccessCheck(), RETURN_VALUE_IF_SCHEDULED_EXCEPTION, and v8::Maybe< T >::value.

Referenced by v8::Object::HasRealIndexedProperty().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ HasRealNamedCallbackProperty()

Maybe< bool > v8::internal::JSObject::HasRealNamedCallbackProperty ( Handle< JSObject object,
Handle< Name key 
)
static

Definition at line 13243 of file objects.cc.

13244  {
13245  LookupIterator it(object, key, LookupIterator::OWN_SKIP_INTERCEPTOR);
13246  Maybe<PropertyAttributes> maybe_result = GetPropertyAttributes(&it);
13247  if (!maybe_result.has_value) return Maybe<bool>();
13248  return maybe(it.state() == LookupIterator::ACCESSOR);
13249 }

References v8::internal::ACCESSOR, v8::Maybe< T >::has_value, v8::internal::Object::LookupIterator, and v8::maybe().

Referenced by v8::Object::HasRealNamedCallbackProperty().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ HasRealNamedProperty()

Maybe< bool > v8::internal::JSObject::HasRealNamedProperty ( Handle< JSObject object,
Handle< Name key 
)
static

Definition at line 13205 of file objects.cc.

13206  {
13207  LookupIterator it(object, key, LookupIterator::OWN_SKIP_INTERCEPTOR);
13208  Maybe<PropertyAttributes> maybe_result = GetPropertyAttributes(&it);
13209  if (!maybe_result.has_value) return Maybe<bool>();
13210  return maybe(it.IsFound());
13211 }

References v8::Maybe< T >::has_value, v8::internal::Object::LookupIterator, and v8::maybe().

Referenced by v8::Object::HasRealNamedProperty(), and v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ HasSloppyArgumentsElements()

bool v8::internal::JSObject::HasSloppyArgumentsElements ( )
inline

Definition at line 6386 of file objects-inl.h.

6386  {
6387  return GetElementsKind() == SLOPPY_ARGUMENTS_ELEMENTS;
6388 }

References GetElementsKind(), and v8::internal::SLOPPY_ARGUMENTS_ELEMENTS.

+ Here is the call graph for this function:

◆ initialize_elements()

void v8::internal::JSObject::initialize_elements ( )
inline

Definition at line 1841 of file objects-inl.h.

1841  {
1842  FixedArrayBase* elements = map()->GetInitialElements();
1843  WRITE_FIELD(this, kElementsOffset, elements);
1844 }
v8::internal::Map::GetInitialElements
FixedArrayBase * GetInitialElements()
Definition: objects-inl.h:2891

References v8::internal::Map::GetInitialElements(), kElementsOffset, v8::internal::HeapObject::map(), and WRITE_FIELD.

Referenced by v8::internal::Heap::InitializeJSObjectFromMap().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ InitializeBody()

void v8::internal::JSObject::InitializeBody ( Map map,
Object pre_allocated_value,
Object filler_value 
)
inline

Definition at line 2068 of file objects-inl.h.

2070  {
2071  DCHECK(!filler_value->IsHeapObject() ||
2072  !GetHeap()->InNewSpace(filler_value));
2073  DCHECK(!pre_allocated_value->IsHeapObject() ||
2074  !GetHeap()->InNewSpace(pre_allocated_value));
2075  int size = map->instance_size();
2076  int offset = kHeaderSize;
2077  if (filler_value != pre_allocated_value) {
2078  int pre_allocated = map->pre_allocated_property_fields();
2079  DCHECK(pre_allocated * kPointerSize + kHeaderSize <= size);
2080  for (int i = 0; i < pre_allocated; i++) {
2081  WRITE_FIELD(this, offset, pre_allocated_value);
2082  offset += kPointerSize;
2083  }
2084  }
2085  while (offset < size) {
2086  WRITE_FIELD(this, offset, filler_value);
2087  offset += kPointerSize;
2088  }
2089 }
v8::internal::Map::pre_allocated_property_fields
int pre_allocated_property_fields()
Definition: objects-inl.h:4246
size
enable harmony numeric enable harmony object literal extensions Optimize object size
Definition: flag-definitions.h:188

References DCHECK, v8::internal::HeapObject::GetHeap(), v8::internal::Map::instance_size(), kHeaderSize, v8::internal::kPointerSize, v8::internal::HeapObject::map(), v8::internal::Map::pre_allocated_property_fields(), size, and WRITE_FIELD.

Referenced by v8::internal::Heap::InitializeJSObjectFromMap().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ InObjectPropertyAt()

Object * v8::internal::JSObject::InObjectPropertyAt ( int  index)
inline

Definition at line 2050 of file objects-inl.h.

2050  {
2051  int offset = GetInObjectPropertyOffset(index);
2052  return READ_FIELD(this, offset);
2053 }
v8::internal::JSObject::GetInObjectPropertyOffset
int GetInObjectPropertyOffset(int index)
Definition: objects-inl.h:2045

References GetInObjectPropertyOffset(), and READ_FIELD.

Referenced by v8::internal::V8HeapExplorer::ExtractPropertyReferences().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ InObjectPropertyAtPut()

Object * v8::internal::JSObject::InObjectPropertyAtPut ( int  index,
Object value,
WriteBarrierMode  mode = UPDATE_WRITE_BARRIER 
)
inline

Definition at line 2056 of file objects-inl.h.

2058  {
2059  // Adjust for the number of properties stored in the object.
2060  int offset = GetInObjectPropertyOffset(index);
2061  WRITE_FIELD(this, offset, value);
2062  CONDITIONAL_WRITE_BARRIER(GetHeap(), this, offset, value, mode);
2063  return value;
2064 }
CONDITIONAL_WRITE_BARRIER
#define CONDITIONAL_WRITE_BARRIER(heap, object, offset, value, mode)
Definition: objects-inl.h:1210

References CONDITIONAL_WRITE_BARRIER, v8::internal::HeapObject::GetHeap(), GetInObjectPropertyOffset(), mode(), and WRITE_FIELD.

+ Here is the call graph for this function:

◆ IsDirty()

bool v8::internal::JSObject::IsDirty ( )

Definition at line 732 of file objects.cc.

732  {
733  Object* cons_obj = map()->constructor();
734  if (!cons_obj->IsJSFunction())
735  return true;
736  JSFunction* fun = JSFunction::cast(cons_obj);
737  if (!fun->shared()->IsApiFunction())
738  return true;
739  // If the object is fully fast case and has the same map it was
740  // created with then no changes can have been made to it.
741  return map() != fun->initial_map()
742  || !HasFastObjectElements()
743  || !HasFastProperties();
744 }

References HasFastObjectElements(), HasFastProperties(), v8::internal::JSFunction::initial_map(), and v8::internal::HeapObject::map().

+ Here is the call graph for this function:

◆ JSObjectShortPrint()

void v8::internal::JSObject::JSObjectShortPrint ( StringStream *  accumulator)

Definition at line 1185 of file objects.cc.

1185  {
1186  switch (map()->instance_type()) {
1187  case JS_ARRAY_TYPE: {
1188  double length = JSArray::cast(this)->length()->IsUndefined()
1189  ? 0
1190  : JSArray::cast(this)->length()->Number();
1191  accumulator->Add("<JS Array[%u]>", static_cast<uint32_t>(length));
1192  break;
1193  }
1194  case JS_WEAK_MAP_TYPE: {
1195  accumulator->Add("<JS WeakMap>");
1196  break;
1197  }
1198  case JS_WEAK_SET_TYPE: {
1199  accumulator->Add("<JS WeakSet>");
1200  break;
1201  }
1202  case JS_REGEXP_TYPE: {
1203  accumulator->Add("<JS RegExp>");
1204  break;
1205  }
1206  case JS_FUNCTION_TYPE: {
1207  JSFunction* function = JSFunction::cast(this);
1208  Object* fun_name = function->shared()->DebugName();
1209  bool printed = false;
1210  if (fun_name->IsString()) {
1211  String* str = String::cast(fun_name);
1212  if (str->length() > 0) {
1213  accumulator->Add("<JS Function ");
1214  accumulator->Put(str);
1215  printed = true;
1216  }
1217  }
1218  if (!printed) {
1219  accumulator->Add("<JS Function");
1220  }
1221  accumulator->Add(" (SharedFunctionInfo %p)",
1222  reinterpret_cast<void*>(function->shared()));
1223  accumulator->Put('>');
1224  break;
1225  }
1226  case JS_GENERATOR_OBJECT_TYPE: {
1227  accumulator->Add("<JS Generator>");
1228  break;
1229  }
1230  case JS_MODULE_TYPE: {
1231  accumulator->Add("<JS Module>");
1232  break;
1233  }
1234  // All other JSObjects are rather similar to each other (JSObject,
1235  // JSGlobalProxy, JSGlobalObject, JSUndetectableObject, JSValue).
1236  default: {
1237  Map* map_of_this = map();
1238  Heap* heap = GetHeap();
1239  Object* constructor = map_of_this->constructor();
1240  bool printed = false;
1241  if (constructor->IsHeapObject() &&
1242  !heap->Contains(HeapObject::cast(constructor))) {
1243  accumulator->Add("!!!INVALID CONSTRUCTOR!!!");
1244  } else {
1245  bool global_object = IsJSGlobalProxy();
1246  if (constructor->IsJSFunction()) {
1247  if (!heap->Contains(JSFunction::cast(constructor)->shared())) {
1248  accumulator->Add("!!!INVALID SHARED ON CONSTRUCTOR!!!");
1249  } else {
1250  Object* constructor_name =
1251  JSFunction::cast(constructor)->shared()->name();
1252  if (constructor_name->IsString()) {
1253  String* str = String::cast(constructor_name);
1254  if (str->length() > 0) {
1255  bool vowel = AnWord(str);
1256  accumulator->Add("<%sa%s ",
1257  global_object ? "Global Object: " : "",
1258  vowel ? "n" : "");
1259  accumulator->Put(str);
1260  accumulator->Add(" with %smap %p",
1261  map_of_this->is_deprecated() ? "deprecated " : "",
1262  map_of_this);
1263  printed = true;
1264  }
1265  }
1266  }
1267  }
1268  if (!printed) {
1269  accumulator->Add("<JS %sObject", global_object ? "Global " : "");
1270  }
1271  }
1272  if (IsJSValue()) {
1273  accumulator->Add(" value = ");
1274  JSValue::cast(this)->value()->ShortPrint(accumulator);
1275  }
1276  accumulator->Put('>');
1277  break;
1278  }
1279  }
1280 }
v8::internal::JSReceiver::constructor_name
String * constructor_name()
Definition: objects.cc:1705
v8::internal::AnWord
static bool AnWord(String *str)
Definition: objects.cc:940

References v8::internal::AnWord(), v8::internal::JSReceiver::constructor_name(), v8::internal::Heap::Contains(), v8::internal::HeapObject::GetHeap(), v8::internal::Map::is_deprecated(), v8::internal::JS_ARRAY_TYPE, v8::internal::JS_FUNCTION_TYPE, v8::internal::JS_GENERATOR_OBJECT_TYPE, v8::internal::JS_MODULE_TYPE, v8::internal::JS_REGEXP_TYPE, v8::internal::JS_WEAK_MAP_TYPE, v8::internal::JS_WEAK_SET_TYPE, v8::internal::String::length(), and v8::internal::HeapObject::map().

+ Here is the call graph for this function:

◆ MigrateFastToFast()

void v8::internal::JSObject::MigrateFastToFast ( Handle< JSObject object,
Handle< Map new_map 
)
staticprivate

Definition at line 1930 of file objects.cc.

1930  {
1931  Isolate* isolate = object->GetIsolate();
1932  Handle<Map> old_map(object->map());
1933  int old_number_of_fields;
1934  int number_of_fields = new_map->NumberOfFields();
1935  int inobject = new_map->inobject_properties();
1936  int unused = new_map->unused_property_fields();
1937 
1938  // Nothing to do if no functions were converted to fields and no smis were
1939  // converted to doubles.
1940  if (!old_map->InstancesNeedRewriting(*new_map, number_of_fields, inobject,
1941  unused, &old_number_of_fields)) {
1942  object->synchronized_set_map(*new_map);
1943  return;
1944  }
1945 
1946  int total_size = number_of_fields + unused;
1947  int external = total_size - inobject;
1948 
1949  if (number_of_fields != old_number_of_fields &&
1950  new_map->GetBackPointer() == *old_map) {
1951  PropertyDetails details = new_map->GetLastDescriptorDetails();
1952 
1953  if (old_map->unused_property_fields() > 0) {
1954  if (details.representation().IsDouble()) {
1955  Handle<Object> value = isolate->factory()->NewHeapNumber(0, MUTABLE);
1956  FieldIndex index =
1957  FieldIndex::ForDescriptor(*new_map, new_map->LastAdded());
1958  object->FastPropertyAtPut(index, *value);
1959  }
1960  object->synchronized_set_map(*new_map);
1961  return;
1962  }
1963 
1964  DCHECK(number_of_fields == old_number_of_fields + 1);
1965  // This migration is a transition from a map that has run out out property
1966  // space. Therefore it could be done by extending the backing store.
1967  Handle<FixedArray> old_storage = handle(object->properties(), isolate);
1968  Handle<FixedArray> new_storage =
1969  FixedArray::CopySize(old_storage, external);
1970 
1971  // Properly initialize newly added property.
1972  Handle<Object> value;
1973  if (details.representation().IsDouble()) {
1974  value = isolate->factory()->NewHeapNumber(0, MUTABLE);
1975  } else {
1976  value = isolate->factory()->uninitialized_value();
1977  }
1978  DCHECK(details.type() == FIELD);
1979  int target_index = details.field_index() - inobject;
1980  DCHECK(target_index >= 0); // Must be a backing store index.
1981  new_storage->set(target_index, *value);
1982 
1983  // From here on we cannot fail and we shouldn't GC anymore.
1984  DisallowHeapAllocation no_allocation;
1985 
1986  // Set the new property value and do the map transition.
1987  object->set_properties(*new_storage);
1988  object->synchronized_set_map(*new_map);
1989  return;
1990  }
1991  Handle<FixedArray> array = isolate->factory()->NewFixedArray(total_size);
1992 
1993  Handle<DescriptorArray> old_descriptors(old_map->instance_descriptors());
1994  Handle<DescriptorArray> new_descriptors(new_map->instance_descriptors());
1995  int old_nof = old_map->NumberOfOwnDescriptors();
1996  int new_nof = new_map->NumberOfOwnDescriptors();
1997 
1998  // This method only supports generalizing instances to at least the same
1999  // number of properties.
2000  DCHECK(old_nof <= new_nof);
2001 
2002  for (int i = 0; i < old_nof; i++) {
2003  PropertyDetails details = new_descriptors->GetDetails(i);
2004  if (details.type() != FIELD) continue;
2005  PropertyDetails old_details = old_descriptors->GetDetails(i);
2006  if (old_details.type() == CALLBACKS) {
2007  DCHECK(details.representation().IsTagged());
2008  continue;
2009  }
2010  DCHECK(old_details.type() == CONSTANT ||
2011  old_details.type() == FIELD);
2012  Object* raw_value = old_details.type() == CONSTANT
2013  ? old_descriptors->GetValue(i)
2014  : object->RawFastPropertyAt(FieldIndex::ForDescriptor(*old_map, i));
2015  Handle<Object> value(raw_value, isolate);
2016  if (!old_details.representation().IsDouble() &&
2017  details.representation().IsDouble()) {
2018  if (old_details.representation().IsNone()) {
2019  value = handle(Smi::FromInt(0), isolate);
2020  }
2021  value = Object::NewStorageFor(isolate, value, details.representation());
2022  } else if (old_details.representation().IsDouble() &&
2023  !details.representation().IsDouble()) {
2024  value = Object::WrapForRead(isolate, value, old_details.representation());
2025  }
2026  DCHECK(!(details.representation().IsDouble() && value->IsSmi()));
2027  int target_index = new_descriptors->GetFieldIndex(i) - inobject;
2028  if (target_index < 0) target_index += total_size;
2029  array->set(target_index, *value);
2030  }
2031 
2032  for (int i = old_nof; i < new_nof; i++) {
2033  PropertyDetails details = new_descriptors->GetDetails(i);
2034  if (details.type() != FIELD) continue;
2035  Handle<Object> value;
2036  if (details.representation().IsDouble()) {
2037  value = isolate->factory()->NewHeapNumber(0, MUTABLE);
2038  } else {
2039  value = isolate->factory()->uninitialized_value();
2040  }
2041  int target_index = new_descriptors->GetFieldIndex(i) - inobject;
2042  if (target_index < 0) target_index += total_size;
2043  array->set(target_index, *value);
2044  }
2045 
2046  // From here on we cannot fail and we shouldn't GC anymore.
2047  DisallowHeapAllocation no_allocation;
2048 
2049  // Copy (real) inobject properties. If necessary, stop at number_of_fields to
2050  // avoid overwriting |one_pointer_filler_map|.
2051  int limit = Min(inobject, number_of_fields);
2052  for (int i = 0; i < limit; i++) {
2053  FieldIndex index = FieldIndex::ForPropertyIndex(*new_map, i);
2054  object->FastPropertyAtPut(index, array->get(external + i));
2055  }
2056 
2057  Heap* heap = isolate->heap();
2058 
2059  // If there are properties in the new backing store, trim it to the correct
2060  // size and install the backing store into the object.
2061  if (external > 0) {
2062  heap->RightTrimFixedArray<Heap::FROM_MUTATOR>(*array, inobject);
2063  object->set_properties(*array);
2064  }
2065 
2066  // Create filler object past the new instance size.
2067  int new_instance_size = new_map->instance_size();
2068  int instance_size_delta = old_map->instance_size() - new_instance_size;
2069  DCHECK(instance_size_delta >= 0);
2070 
2071  if (instance_size_delta > 0) {
2072  Address address = object->address();
2073  heap->CreateFillerObjectAt(
2074  address + new_instance_size, instance_size_delta);
2075  heap->AdjustLiveBytes(address, -instance_size_delta, Heap::FROM_MUTATOR);
2076  }
2077 
2078  // We are storing the new map using release store after creating a filler for
2079  // the left-over space to avoid races with the sweeper thread.
2080  object->synchronized_set_map(*new_map);
2081 }
v8::internal::FixedArray::CopySize
static Handle< FixedArray > CopySize(Handle< FixedArray > array, int new_length, PretenureFlag pretenure=NOT_TENURED)
Definition: objects.cc:7749
v8::internal::Object::NewStorageFor
static Handle< Object > NewStorageFor(Isolate *isolate, Handle< Object > object, Representation representation)
Definition: objects-inl.h:277
v8::internal::Min
static LifetimePosition Min(LifetimePosition a, LifetimePosition b)
Definition: lithium-allocator.cc:15
v8::internal::Address
byte * Address
Definition: globals.h:101

◆ MigrateFastToSlow()

void v8::internal::JSObject::MigrateFastToSlow ( Handle< JSObject object,
Handle< Map new_map,
int  expected_additional_properties 
)
staticprivate

Definition at line 4178 of file objects.cc.

4180  {
4181  // The global object is always normalized.
4182  DCHECK(!object->IsGlobalObject());
4183  // JSGlobalProxy must never be normalized
4184  DCHECK(!object->IsJSGlobalProxy());
4185 
4186  Isolate* isolate = object->GetIsolate();
4187  HandleScope scope(isolate);
4188  Handle<Map> map(object->map());
4189 
4190  // Allocate new content.
4191  int real_size = map->NumberOfOwnDescriptors();
4192  int property_count = real_size;
4193  if (expected_additional_properties > 0) {
4194  property_count += expected_additional_properties;
4195  } else {
4196  property_count += 2; // Make space for two more properties.
4197  }
4198  Handle<NameDictionary> dictionary =
4199  NameDictionary::New(isolate, property_count);
4200 
4201  Handle<DescriptorArray> descs(map->instance_descriptors());
4202  for (int i = 0; i < real_size; i++) {
4203  PropertyDetails details = descs->GetDetails(i);
4204  switch (details.type()) {
4205  case CONSTANT: {
4206  Handle<Name> key(descs->GetKey(i));
4207  Handle<Object> value(descs->GetConstant(i), isolate);
4208  PropertyDetails d = PropertyDetails(
4209  details.attributes(), NORMAL, i + 1);
4210  dictionary = NameDictionary::Add(dictionary, key, value, d);
4211  break;
4212  }
4213  case FIELD: {
4214  Handle<Name> key(descs->GetKey(i));
4215  FieldIndex index = FieldIndex::ForDescriptor(*map, i);
4216  Handle<Object> value(
4217  object->RawFastPropertyAt(index), isolate);
4218  if (details.representation().IsDouble()) {
4219  DCHECK(value->IsMutableHeapNumber());
4220  Handle<HeapNumber> old = Handle<HeapNumber>::cast(value);
4221  value = isolate->factory()->NewHeapNumber(old->value());
4222  }
4223  PropertyDetails d =
4224  PropertyDetails(details.attributes(), NORMAL, i + 1);
4225  dictionary = NameDictionary::Add(dictionary, key, value, d);
4226  break;
4227  }
4228  case CALLBACKS: {
4229  Handle<Name> key(descs->GetKey(i));
4230  Handle<Object> value(descs->GetCallbacksObject(i), isolate);
4231  PropertyDetails d = PropertyDetails(
4232  details.attributes(), CALLBACKS, i + 1);
4233  dictionary = NameDictionary::Add(dictionary, key, value, d);
4234  break;
4235  }
4236  case NORMAL:
4237  UNREACHABLE();
4238  break;
4239  }
4240  }
4241 
4242  // Copy the next enumeration index from instance descriptor.
4243  dictionary->SetNextEnumerationIndex(real_size + 1);
4244 
4245  // From here on we cannot fail and we shouldn't GC anymore.
4246  DisallowHeapAllocation no_allocation;
4247 
4248  // Resize the object in the heap if necessary.
4249  int new_instance_size = new_map->instance_size();
4250  int instance_size_delta = map->instance_size() - new_instance_size;
4251  DCHECK(instance_size_delta >= 0);
4252 
4253  if (instance_size_delta > 0) {
4254  Heap* heap = isolate->heap();
4255  heap->CreateFillerObjectAt(object->address() + new_instance_size,
4256  instance_size_delta);
4257  heap->AdjustLiveBytes(object->address(), -instance_size_delta,
4258  Heap::FROM_MUTATOR);
4259  }
4260 
4261  // We are storing the new map using release store after creating a filler for
4262  // the left-over space to avoid races with the sweeper thread.
4263  object->synchronized_set_map(*new_map);
4264 
4265  object->set_properties(*dictionary);
4266 
4267  isolate->counters()->props_to_dictionary()->Increment();
4268 
4269 #ifdef DEBUG
4270  if (FLAG_trace_normalization) {
4271  OFStream os(stdout);
4272  os << "Object properties have been normalized:\n";
4273  object->Print(os);
4274  }
4275 #endif
4276 }

References v8::internal::Dictionary< NameDictionary, NameDictionaryShape, Handle< Name > >::Add(), v8::internal::Heap::AdjustLiveBytes(), v8::internal::CALLBACKS, v8::internal::Handle< T >::cast(), v8::internal::CONSTANT, v8::internal::Isolate::counters(), v8::internal::Heap::CreateFillerObjectAt(), DCHECK, v8::internal::Isolate::factory(), v8::internal::FIELD, v8::internal::Heap::FROM_MUTATOR, v8::internal::Isolate::heap(), v8::internal::Map::instance_size(), v8::internal::HeapObject::map(), v8::internal::Dictionary< NameDictionary, NameDictionaryShape, Handle< Name > >::New(), v8::internal::NORMAL, v8::internal::Map::NumberOfOwnDescriptors(), and UNREACHABLE.

+ Here is the call graph for this function:

◆ MigrateInstance()

void v8::internal::JSObject::MigrateInstance ( Handle< JSObject instance)
static

Definition at line 3728 of file objects.cc.

3728  {
3729  Handle<Map> original_map(object->map());
3730  Handle<Map> map = Map::Update(original_map);
3731  map->set_migration_target(true);
3732  MigrateToMap(object, map);
3733  if (FLAG_trace_migration) {
3734  object->PrintInstanceMigration(stdout, *original_map, *map);
3735  }
3736 }
v8::internal::Map::set_migration_target
void set_migration_target(bool value)
Definition: objects-inl.h:4470
v8::internal::Map::Update
static Handle< Map > Update(Handle< Map > map)
Definition: objects.cc:2705

References v8::internal::HeapObject::map(), v8::internal::Map::set_migration_target(), and v8::internal::Map::Update().

Referenced by v8::internal::MigrateDeprecated(), and v8::internal::JSObjectWalkVisitor< ContextObject >::StructureWalk().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ MigrateSlowToFast()

void v8::internal::JSObject::MigrateSlowToFast ( Handle< JSObject object,
int  unused_property_fields 
)
static

Definition at line 4279 of file objects.cc.

4280  {
4281  if (object->HasFastProperties()) return;
4282  DCHECK(!object->IsGlobalObject());
4283  Isolate* isolate = object->GetIsolate();
4284  Factory* factory = isolate->factory();
4285  Handle<NameDictionary> dictionary(object->property_dictionary());
4286 
4287  // Make sure we preserve dictionary representation if there are too many
4288  // descriptors.
4289  int number_of_elements = dictionary->NumberOfElements();
4290  if (number_of_elements > kMaxNumberOfDescriptors) return;
4291 
4292  if (number_of_elements != dictionary->NextEnumerationIndex()) {
4293  NameDictionary::DoGenerateNewEnumerationIndices(dictionary);
4294  }
4295 
4296  int instance_descriptor_length = 0;
4297  int number_of_fields = 0;
4298 
4299  // Compute the length of the instance descriptor.
4300  int capacity = dictionary->Capacity();
4301  for (int i = 0; i < capacity; i++) {
4302  Object* k = dictionary->KeyAt(i);
4303  if (dictionary->IsKey(k)) {
4304  Object* value = dictionary->ValueAt(i);
4305  PropertyType type = dictionary->DetailsAt(i).type();
4306  DCHECK(type != FIELD);
4307  instance_descriptor_length++;
4308  if (type == NORMAL && !value->IsJSFunction()) {
4309  number_of_fields += 1;
4310  }
4311  }
4312  }
4313 
4314  int inobject_props = object->map()->inobject_properties();
4315 
4316  // Allocate new map.
4317  Handle<Map> new_map = Map::CopyDropDescriptors(handle(object->map()));
4318  new_map->set_dictionary_map(false);
4319 
4320  if (instance_descriptor_length == 0) {
4321  DisallowHeapAllocation no_gc;
4322  DCHECK_LE(unused_property_fields, inobject_props);
4323  // Transform the object.
4324  new_map->set_unused_property_fields(inobject_props);
4325  object->synchronized_set_map(*new_map);
4326  object->set_properties(isolate->heap()->empty_fixed_array());
4327  // Check that it really works.
4328  DCHECK(object->HasFastProperties());
4329  return;
4330  }
4331 
4332  // Allocate the instance descriptor.
4333  Handle<DescriptorArray> descriptors = DescriptorArray::Allocate(
4334  isolate, instance_descriptor_length);
4335 
4336  int number_of_allocated_fields =
4337  number_of_fields + unused_property_fields - inobject_props;
4338  if (number_of_allocated_fields < 0) {
4339  // There is enough inobject space for all fields (including unused).
4340  number_of_allocated_fields = 0;
4341  unused_property_fields = inobject_props - number_of_fields;
4342  }
4343 
4344  // Allocate the fixed array for the fields.
4345  Handle<FixedArray> fields = factory->NewFixedArray(
4346  number_of_allocated_fields);
4347 
4348  // Fill in the instance descriptor and the fields.
4349  int current_offset = 0;
4350  for (int i = 0; i < capacity; i++) {
4351  Object* k = dictionary->KeyAt(i);
4352  if (dictionary->IsKey(k)) {
4353  Object* value = dictionary->ValueAt(i);
4354  Handle<Name> key;
4355  if (k->IsSymbol()) {
4356  key = handle(Symbol::cast(k));
4357  } else {
4358  // Ensure the key is a unique name before writing into the
4359  // instance descriptor.
4360  key = factory->InternalizeString(handle(String::cast(k)));
4361  }
4362 
4363  PropertyDetails details = dictionary->DetailsAt(i);
4364  int enumeration_index = details.dictionary_index();
4365  PropertyType type = details.type();
4366 
4367  if (value->IsJSFunction()) {
4368  ConstantDescriptor d(key,
4369  handle(value, isolate),
4370  details.attributes());
4371  descriptors->Set(enumeration_index - 1, &d);
4372  } else if (type == NORMAL) {
4373  if (current_offset < inobject_props) {
4374  object->InObjectPropertyAtPut(current_offset,
4375  value,
4376  UPDATE_WRITE_BARRIER);
4377  } else {
4378  int offset = current_offset - inobject_props;
4379  fields->set(offset, value);
4380  }
4381  FieldDescriptor d(key,
4382  current_offset++,
4383  details.attributes(),
4384  // TODO(verwaest): value->OptimalRepresentation();
4385  Representation::Tagged());
4386  descriptors->Set(enumeration_index - 1, &d);
4387  } else if (type == CALLBACKS) {
4388  CallbacksDescriptor d(key,
4389  handle(value, isolate),
4390  details.attributes());
4391  descriptors->Set(enumeration_index - 1, &d);
4392  } else {
4393  UNREACHABLE();
4394  }
4395  }
4396  }
4397  DCHECK(current_offset == number_of_fields);
4398 
4399  descriptors->Sort();
4400 
4401  DisallowHeapAllocation no_gc;
4402  new_map->InitializeDescriptors(*descriptors);
4403  new_map->set_unused_property_fields(unused_property_fields);
4404 
4405  // Transform the object.
4406  object->synchronized_set_map(*new_map);
4407 
4408  object->set_properties(*fields);
4409  DCHECK(object->IsJSObject());
4410 
4411  // Check that it really works.
4412  DCHECK(object->HasFastProperties());
4413 }
v8::internal::DescriptorArray::Allocate
static Handle< DescriptorArray > Allocate(Isolate *isolate, int number_of_descriptors, int slack=0)
Definition: objects.cc:7790
v8::internal::NameDictionary::DoGenerateNewEnumerationIndices
static void DoGenerateNewEnumerationIndices(Handle< NameDictionary > dictionary)
Definition: objects-inl.h:6883
DCHECK_LE
#define DCHECK_LE(v1, v2)
Definition: logging.h:210
v8::internal::UPDATE_WRITE_BARRIER
@ UPDATE_WRITE_BARRIER
Definition: objects.h:235
v8::internal::kMaxNumberOfDescriptors
static const int kMaxNumberOfDescriptors
Definition: property-details.h:176

References v8::internal::DescriptorArray::Allocate(), v8::internal::CALLBACKS, v8::internal::Map::CopyDropDescriptors(), DCHECK, DCHECK_LE, v8::internal::NameDictionary::DoGenerateNewEnumerationIndices(), v8::internal::Isolate::factory(), v8::internal::FIELD, v8::internal::handle(), v8::internal::Isolate::heap(), v8::internal::kMaxNumberOfDescriptors, v8::internal::NORMAL, v8::internal::Representation::Tagged(), UNREACHABLE, and v8::internal::UPDATE_WRITE_BARRIER.

Referenced by v8::internal::CreateObjectLiteralBoilerplate(), v8::ObjectSetAccessor(), OptimizeAsPrototype(), and v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ MigrateToMap()

void v8::internal::JSObject::MigrateToMap ( Handle< JSObject object,
Handle< Map new_map 
)
static

Definition at line 1886 of file objects.cc.

1886  {
1887  if (object->map() == *new_map) return;
1888  if (object->HasFastProperties()) {
1889  if (!new_map->is_dictionary_map()) {
1890  Handle<Map> old_map(object->map());
1891  MigrateFastToFast(object, new_map);
1892  if (old_map->is_prototype_map()) {
1893  // Clear out the old descriptor array to avoid problems to sharing
1894  // the descriptor array without using an explicit.
1895  old_map->InitializeDescriptors(
1896  old_map->GetHeap()->empty_descriptor_array());
1897  // Ensure that no transition was inserted for prototype migrations.
1898  DCHECK(!old_map->HasTransitionArray());
1899  DCHECK(new_map->GetBackPointer()->IsUndefined());
1900  }
1901  } else {
1902  MigrateFastToSlow(object, new_map, 0);
1903  }
1904  } else {
1905  // For slow-to-fast migrations JSObject::TransformToFastProperties()
1906  // must be used instead.
1907  CHECK(new_map->is_dictionary_map());
1908 
1909  // Slow-to-slow migration is trivial.
1910  object->set_map(*new_map);
1911  }
1912 }
v8::internal::JSObject::MigrateFastToSlow
static void MigrateFastToSlow(Handle< JSObject > object, Handle< Map > new_map, int expected_additional_properties)
Definition: objects.cc:4178
v8::internal::JSObject::MigrateFastToFast
static void MigrateFastToFast(Handle< JSObject > object, Handle< Map > new_map)
Definition: objects.cc:1930

Referenced by AllocateStorageForMap(), DeleteNormalizedProperty(), Freeze(), MigrateToNewProperty(), v8::internal::NewJSObjectWithNullProto(), NormalizeElements(), OptimizeAsPrototype(), PreventExtensions(), v8::internal::RUNTIME_FUNCTION(), SetFastElement(), SetMapAndElements(), SetObserved(), SetPropertyCallback(), v8::internal::JSFunction::SetPrototype(), SetPrototype(), TryMigrateInstance(), and v8::Object::TurnOnAccessCheck().

+ Here is the caller graph for this function:

◆ MigrateToNewProperty()

void v8::internal::JSObject::MigrateToNewProperty ( Handle< JSObject object,
Handle< Map transition,
Handle< Object value 
)
static

Definition at line 3756 of file objects.cc.

3758  {
3759  JSObject::MigrateToMap(object, map);
3760  if (map->GetLastDescriptorDetails().type() != FIELD) return;
3761  object->WriteToField(map->LastAdded(), *value);
3762 }
v8::internal::Map::GetLastDescriptorDetails
PropertyDetails GetLastDescriptorDetails()
Definition: objects-inl.h:2867

References v8::internal::FIELD, v8::internal::Map::GetLastDescriptorDetails(), v8::internal::Map::LastAdded(), v8::internal::HeapObject::map(), and MigrateToMap().

Referenced by v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ NewElementsCapacity()

static int v8::internal::JSObject::NewElementsCapacity ( int  old_capacity)
inlinestatic

Definition at line 1911 of file objects.h.

1911  {
1912  // (old_capacity + 50%) + 16
1913  return old_capacity + (old_capacity >> 1) + 16;
1914  }

Referenced by v8::internal::Isolate::CaptureSimpleStackTrace(), and v8::internal::FastElementsAccessor< FastElementsAccessorSubclass, KindTraits >::SetLengthWithoutNormalize().

+ Here is the caller graph for this function:

◆ NormalizeElements()

Handle< SeededNumberDictionary > v8::internal::JSObject::NormalizeElements ( Handle< JSObject object)
static

Definition at line 4459 of file objects.cc.

4460  {
4461  DCHECK(!object->HasExternalArrayElements() &&
4462  !object->HasFixedTypedArrayElements());
4463  Isolate* isolate = object->GetIsolate();
4464 
4465  // Find the backing store.
4466  Handle<FixedArrayBase> array(FixedArrayBase::cast(object->elements()));
4467  bool is_arguments =
4468  (array->map() == isolate->heap()->sloppy_arguments_elements_map());
4469  if (is_arguments) {
4470  array = handle(FixedArrayBase::cast(
4471  Handle<FixedArray>::cast(array)->get(1)));
4472  }
4473  if (array->IsDictionary()) return Handle<SeededNumberDictionary>::cast(array);
4474 
4475  DCHECK(object->HasFastSmiOrObjectElements() ||
4476  object->HasFastDoubleElements() ||
4477  object->HasFastArgumentsElements());
4478  // Compute the effective length and allocate a new backing store.
4479  int length = object->IsJSArray()
4480  ? Smi::cast(Handle<JSArray>::cast(object)->length())->value()
4481  : array->length();
4482  int old_capacity = 0;
4483  int used_elements = 0;
4484  object->GetElementsCapacityAndUsage(&old_capacity, &used_elements);
4485  Handle<SeededNumberDictionary> dictionary =
4486  SeededNumberDictionary::New(isolate, used_elements);
4487 
4488  dictionary = CopyFastElementsToDictionary(array, length, dictionary);
4489 
4490  // Switch to using the dictionary as the backing storage for elements.
4491  if (is_arguments) {
4492  FixedArray::cast(object->elements())->set(1, *dictionary);
4493  } else {
4494  // Set the new map first to satify the elements type assert in
4495  // set_elements().
4496  Handle<Map> new_map =
4497  JSObject::GetElementsTransitionMap(object, DICTIONARY_ELEMENTS);
4498 
4499  JSObject::MigrateToMap(object, new_map);
4500  object->set_elements(*dictionary);
4501  }
4502 
4503  isolate->counters()->elements_to_dictionary()->Increment();
4504 
4505 #ifdef DEBUG
4506  if (FLAG_trace_normalization) {
4507  OFStream os(stdout);
4508  os << "Object elements have been normalized:\n";
4509  object->Print(os);
4510  }
4511 #endif
4512 
4513  DCHECK(object->HasDictionaryElements() ||
4514  object->HasDictionaryArgumentsElements());
4515  return dictionary;
4516 }
v8::internal::JSObject::GetElementsTransitionMap
static Handle< Map > GetElementsTransitionMap(Handle< JSObject > object, ElementsKind to_kind)
Definition: objects.cc:3385

References v8::internal::Handle< T >::cast(), v8::internal::CopyFastElementsToDictionary(), v8::internal::Isolate::counters(), DCHECK, v8::internal::DICTIONARY_ELEMENTS, GetElementsTransitionMap(), v8::internal::handle(), v8::internal::Isolate::heap(), MigrateToMap(), and v8::internal::Dictionary< SeededNumberDictionary, SeededNumberDictionaryShape, uint32_t >::New().

Referenced by v8::internal::CreateObjectLiteralBoilerplate(), v8::internal::FastElementsAccessor< FastElementsAccessorSubclass, KindTraits >::DeleteCommon(), v8::internal::RUNTIME_FUNCTION(), v8::internal::JSArray::SetElementsLength(), and v8::internal::ElementsAccessorBase< ElementsAccessorSubclass, ElementsTraitsParam >::SetLengthImpl().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ NormalizeProperties()

void v8::internal::JSObject::NormalizeProperties ( Handle< JSObject object,
PropertyNormalizationMode  mode,
int  expected_additional_properties 
)
static

Definition at line 4166 of file objects.cc.

4168  {
4169  if (!object->HasFastProperties()) return;
4170 
4171  Handle<Map> map(object->map());
4172  Handle<Map> new_map = Map::Normalize(map, mode);
4173 
4174  MigrateFastToSlow(object, new_map, expected_additional_properties);
4175 }
v8::internal::Map::Normalize
static Handle< Map > Normalize(Handle< Map > map, PropertyNormalizationMode mode)
Definition: objects.cc:6398

References v8::internal::HeapObject::map(), mode(), and v8::internal::Map::Normalize().

Referenced by v8::internal::CreateObjectLiteralBoilerplate(), v8::internal::Isolate::GetSymbolRegistry(), OptimizeAsPrototype(), and v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ NumberOfEnumElements()

int v8::internal::JSObject::NumberOfEnumElements ( )

Definition at line 13408 of file objects.cc.

13408  {
13409  // Fast case for objects with no elements.
13410  if (!IsJSValue() && HasFastObjectElements()) {
13411  uint32_t length = IsJSArray() ?
13412  static_cast<uint32_t>(
13413  Smi::cast(JSArray::cast(this)->length())->value()) :
13414  static_cast<uint32_t>(FixedArray::cast(elements())->length());
13415  if (length == 0) return 0;
13416  }
13417  // Compute the number of enumerable elements.
13418  return NumberOfOwnElements(static_cast<PropertyAttributes>(DONT_ENUM));
13419 }
v8::internal::JSObject::NumberOfOwnElements
int NumberOfOwnElements(PropertyAttributes filter)
Definition: objects.cc:13403

References DONT_ENUM, and v8::internal::FixedArrayBase::length().

Referenced by v8::internal::JSReceiver::IsSimpleEnum().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ NumberOfOwnElements()

int v8::internal::JSObject::NumberOfOwnElements ( PropertyAttributes  filter)

Definition at line 13403 of file objects.cc.

13403  {
13404  return GetOwnElementKeys(NULL, filter);
13405 }

References NULL.

◆ NumberOfOwnProperties()

int v8::internal::JSObject::NumberOfOwnProperties ( PropertyAttributes  filter = NONE)

Definition at line 13252 of file objects.cc.

13252  {
13253  if (HasFastProperties()) {
13254  Map* map = this->map();
13255  if (filter == NONE) return map->NumberOfOwnDescriptors();
13256  if (filter & DONT_ENUM) {
13257  int result = map->EnumLength();
13258  if (result != kInvalidEnumCacheSentinel) return result;
13259  }
13260  return map->NumberOfDescribedProperties(OWN_DESCRIPTORS, filter);
13261  }
13262  return property_dictionary()->NumberOfElementsFilterAttributes(filter);
13263 }
v8::internal::Map::NumberOfDescribedProperties
int NumberOfDescribedProperties(DescriptorFlag which=OWN_DESCRIPTORS, PropertyAttributes filter=NONE)
Definition: objects.cc:5646
v8::internal::kInvalidEnumCacheSentinel
static const int kInvalidEnumCacheSentinel
Definition: property-details.h:178
v8::internal::OWN_DESCRIPTORS
@ OWN_DESCRIPTORS
Definition: objects.h:287

References DONT_ENUM, v8::internal::Map::EnumLength(), v8::internal::kInvalidEnumCacheSentinel, v8::internal::HeapObject::map(), NONE, v8::internal::Map::NumberOfDescribedProperties(), v8::internal::Map::NumberOfOwnDescriptors(), and v8::internal::OWN_DESCRIPTORS.

+ Here is the call graph for this function:

◆ OptimizeAsPrototype()

void v8::internal::JSObject::OptimizeAsPrototype ( Handle< JSObject object,
PrototypeOptimizationMode  mode 
)
static

Definition at line 9329 of file objects.cc.

9330  {
9331  if (object->IsGlobalObject()) return;
9332  if (object->IsJSGlobalProxy()) return;
9333  if (mode == FAST_PROTOTYPE && !object->map()->is_prototype_map()) {
9334  // First normalize to ensure all JSFunctions are CONSTANT.
9335  JSObject::NormalizeProperties(object, KEEP_INOBJECT_PROPERTIES, 0);
9336  }
9337  if (!object->HasFastProperties()) {
9338  JSObject::MigrateSlowToFast(object, 0);
9339  }
9340  if (mode == FAST_PROTOTYPE && object->HasFastProperties() &&
9341  !object->map()->is_prototype_map()) {
9342  Handle<Map> new_map = Map::Copy(handle(object->map()));
9343  JSObject::MigrateToMap(object, new_map);
9344  object->map()->set_is_prototype_map(true);
9345  }
9346 }
v8::internal::JSObject::MigrateSlowToFast
static void MigrateSlowToFast(Handle< JSObject > object, int unused_property_fields)
Definition: objects.cc:4279
v8::internal::FAST_PROTOTYPE
@ FAST_PROTOTYPE
Definition: objects.h:258

References v8::internal::Map::Copy(), v8::internal::FAST_PROTOTYPE, v8::internal::handle(), v8::internal::KEEP_INOBJECT_PROPERTIES, MigrateSlowToFast(), MigrateToMap(), mode(), and NormalizeProperties().

Referenced by ReoptimizeIfPrototype(), v8::internal::JSFunction::SetInitialMap(), and SetPrototype().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ PrepareElementsForSort()

Handle< Object > v8::internal::JSObject::PrepareElementsForSort ( Handle< JSObject object,
uint32_t  limit 
)
static

Definition at line 14245 of file objects.cc.

14246  {
14247  Isolate* isolate = object->GetIsolate();
14248  if (object->HasSloppyArgumentsElements() ||
14249  object->map()->is_observed()) {
14250  return handle(Smi::FromInt(-1), isolate);
14251  }
14252 
14253  if (object->HasDictionaryElements()) {
14254  // Convert to fast elements containing only the existing properties.
14255  // Ordering is irrelevant, since we are going to sort anyway.
14256  Handle<SeededNumberDictionary> dict(object->element_dictionary());
14257  if (object->IsJSArray() || dict->requires_slow_elements() ||
14258  dict->max_number_key() >= limit) {
14259  return JSObject::PrepareSlowElementsForSort(object, limit);
14260  }
14261  // Convert to fast elements.
14262 
14263  Handle<Map> new_map =
14264  JSObject::GetElementsTransitionMap(object, FAST_HOLEY_ELEMENTS);
14265 
14266  PretenureFlag tenure = isolate->heap()->InNewSpace(*object) ?
14267  NOT_TENURED: TENURED;
14268  Handle<FixedArray> fast_elements =
14269  isolate->factory()->NewFixedArray(dict->NumberOfElements(), tenure);
14270  dict->CopyValuesTo(*fast_elements);
14271  JSObject::ValidateElements(object);
14272 
14273  JSObject::SetMapAndElements(object, new_map, fast_elements);
14274  } else if (object->HasExternalArrayElements() ||
14275  object->HasFixedTypedArrayElements()) {
14276  // Typed arrays cannot have holes or undefined elements.
14277  return handle(Smi::FromInt(
14278  FixedArrayBase::cast(object->elements())->length()), isolate);
14279  } else if (!object->HasFastDoubleElements()) {
14280  EnsureWritableFastElements(object);
14281  }
14282  DCHECK(object->HasFastSmiOrObjectElements() ||
14283  object->HasFastDoubleElements());
14284 
14285  // Collect holes at the end, undefined before that and the rest at the
14286  // start, and return the number of non-hole, non-undefined values.
14287 
14288  Handle<FixedArrayBase> elements_base(object->elements());
14289  uint32_t elements_length = static_cast<uint32_t>(elements_base->length());
14290  if (limit > elements_length) {
14291  limit = elements_length ;
14292  }
14293  if (limit == 0) {
14294  return handle(Smi::FromInt(0), isolate);
14295  }
14296 
14297  uint32_t result = 0;
14298  if (elements_base->map() == isolate->heap()->fixed_double_array_map()) {
14299  FixedDoubleArray* elements = FixedDoubleArray::cast(*elements_base);
14300  // Split elements into defined and the_hole, in that order.
14301  unsigned int holes = limit;
14302  // Assume most arrays contain no holes and undefined values, so minimize the
14303  // number of stores of non-undefined, non-the-hole values.
14304  for (unsigned int i = 0; i < holes; i++) {
14305  if (elements->is_the_hole(i)) {
14306  holes--;
14307  } else {
14308  continue;
14309  }
14310  // Position i needs to be filled.
14311  while (holes > i) {
14312  if (elements->is_the_hole(holes)) {
14313  holes--;
14314  } else {
14315  elements->set(i, elements->get_scalar(holes));
14316  break;
14317  }
14318  }
14319  }
14320  result = holes;
14321  while (holes < limit) {
14322  elements->set_the_hole(holes);
14323  holes++;
14324  }
14325  } else {
14326  FixedArray* elements = FixedArray::cast(*elements_base);
14327  DisallowHeapAllocation no_gc;
14328 
14329  // Split elements into defined, undefined and the_hole, in that order. Only
14330  // count locations for undefined and the hole, and fill them afterwards.
14331  WriteBarrierMode write_barrier = elements->GetWriteBarrierMode(no_gc);
14332  unsigned int undefs = limit;
14333  unsigned int holes = limit;
14334  // Assume most arrays contain no holes and undefined values, so minimize the
14335  // number of stores of non-undefined, non-the-hole values.
14336  for (unsigned int i = 0; i < undefs; i++) {
14337  Object* current = elements->get(i);
14338  if (current->IsTheHole()) {
14339  holes--;
14340  undefs--;
14341  } else if (current->IsUndefined()) {
14342  undefs--;
14343  } else {
14344  continue;
14345  }
14346  // Position i needs to be filled.
14347  while (undefs > i) {
14348  current = elements->get(undefs);
14349  if (current->IsTheHole()) {
14350  holes--;
14351  undefs--;
14352  } else if (current->IsUndefined()) {
14353  undefs--;
14354  } else {
14355  elements->set(i, current, write_barrier);
14356  break;
14357  }
14358  }
14359  }
14360  result = undefs;
14361  while (undefs < holes) {
14362  elements->set_undefined(undefs);
14363  undefs++;
14364  }
14365  while (holes < limit) {
14366  elements->set_the_hole(holes);
14367  holes++;
14368  }
14369  }
14370 
14371  return isolate->factory()->NewNumberFromUint(result);
14372 }
v8::internal::JSObject::SetMapAndElements
static void SetMapAndElements(Handle< JSObject > object, Handle< Map > map, Handle< FixedArrayBase > elements)
Definition: objects-inl.h:1814
v8::internal::JSObject::PrepareSlowElementsForSort
static Handle< Object > PrepareSlowElementsForSort(Handle< JSObject > object, uint32_t limit)
Definition: objects.cc:14154
v8::internal::JSObject::EnsureWritableFastElements
static Handle< FixedArray > EnsureWritableFastElements(Handle< JSObject > object)
Definition: objects.cc:383

References DCHECK, v8::internal::Isolate::factory(), v8::internal::FAST_HOLEY_ELEMENTS, v8::internal::Smi::FromInt(), v8::internal::FixedArray::get(), v8::internal::FixedDoubleArray::get_scalar(), GetElementsTransitionMap(), v8::internal::HeapObject::GetWriteBarrierMode(), v8::internal::handle(), v8::internal::Isolate::heap(), v8::internal::Heap::InNewSpace(), v8::internal::FixedDoubleArray::is_the_hole(), v8::internal::NOT_TENURED, PrepareSlowElementsForSort(), v8::internal::FixedDoubleArray::set(), v8::internal::FixedArray::set(), v8::internal::FixedArray::set_the_hole(), v8::internal::FixedDoubleArray::set_the_hole(), v8::internal::FixedArray::set_undefined(), SetMapAndElements(), v8::internal::TENURED, and ValidateElements().

Referenced by v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ PrepareSlowElementsForSort()

Handle< Object > v8::internal::JSObject::PrepareSlowElementsForSort ( Handle< JSObject object,
uint32_t  limit 
)
static

Definition at line 14154 of file objects.cc.

14155  {
14156  DCHECK(object->HasDictionaryElements());
14157  Isolate* isolate = object->GetIsolate();
14158  // Must stay in dictionary mode, either because of requires_slow_elements,
14159  // or because we are not going to sort (and therefore compact) all of the
14160  // elements.
14161  Handle<SeededNumberDictionary> dict(object->element_dictionary(), isolate);
14162  Handle<SeededNumberDictionary> new_dict =
14163  SeededNumberDictionary::New(isolate, dict->NumberOfElements());
14164 
14165  uint32_t pos = 0;
14166  uint32_t undefs = 0;
14167  int capacity = dict->Capacity();
14168  Handle<Smi> bailout(Smi::FromInt(-1), isolate);
14169  // Entry to the new dictionary does not cause it to grow, as we have
14170  // allocated one that is large enough for all entries.
14171  DisallowHeapAllocation no_gc;
14172  for (int i = 0; i < capacity; i++) {
14173  Object* k = dict->KeyAt(i);
14174  if (!dict->IsKey(k)) continue;
14175 
14176  DCHECK(k->IsNumber());
14177  DCHECK(!k->IsSmi() || Smi::cast(k)->value() >= 0);
14178  DCHECK(!k->IsHeapNumber() || HeapNumber::cast(k)->value() >= 0);
14179  DCHECK(!k->IsHeapNumber() || HeapNumber::cast(k)->value() <= kMaxUInt32);
14180 
14181  HandleScope scope(isolate);
14182  Handle<Object> value(dict->ValueAt(i), isolate);
14183  PropertyDetails details = dict->DetailsAt(i);
14184  if (details.type() == CALLBACKS || details.IsReadOnly()) {
14185  // Bail out and do the sorting of undefineds and array holes in JS.
14186  // Also bail out if the element is not supposed to be moved.
14187  return bailout;
14188  }
14189 
14190  uint32_t key = NumberToUint32(k);
14191  if (key < limit) {
14192  if (value->IsUndefined()) {
14193  undefs++;
14194  } else if (pos > static_cast<uint32_t>(Smi::kMaxValue)) {
14195  // Adding an entry with the key beyond smi-range requires
14196  // allocation. Bailout.
14197  return bailout;
14198  } else {
14199  Handle<Object> result = SeededNumberDictionary::AddNumberEntry(
14200  new_dict, pos, value, details);
14201  DCHECK(result.is_identical_to(new_dict));
14202  USE(result);
14203  pos++;
14204  }
14205  } else if (key > static_cast<uint32_t>(Smi::kMaxValue)) {
14206  // Adding an entry with the key beyond smi-range requires
14207  // allocation. Bailout.
14208  return bailout;
14209  } else {
14210  Handle<Object> result = SeededNumberDictionary::AddNumberEntry(
14211  new_dict, key, value, details);
14212  DCHECK(result.is_identical_to(new_dict));
14213  USE(result);
14214  }
14215  }
14216 
14217  uint32_t result = pos;
14218  PropertyDetails no_details = PropertyDetails(NONE, NORMAL, 0);
14219  while (undefs > 0) {
14220  if (pos > static_cast<uint32_t>(Smi::kMaxValue)) {
14221  // Adding an entry with the key beyond smi-range requires
14222  // allocation. Bailout.
14223  return bailout;
14224  }
14225  HandleScope scope(isolate);
14226  Handle<Object> result = SeededNumberDictionary::AddNumberEntry(
14227  new_dict, pos, isolate->factory()->undefined_value(), no_details);
14228  DCHECK(result.is_identical_to(new_dict));
14229  USE(result);
14230  pos++;
14231  undefs--;
14232  }
14233 
14234  object->set_elements(*new_dict);
14235 
14236  AllowHeapAllocation allocate_return_value;
14237  return isolate->factory()->NewNumberFromUint(result);
14238 }
v8::internal::SeededNumberDictionary::AddNumberEntry
static MUST_USE_RESULT Handle< SeededNumberDictionary > AddNumberEntry(Handle< SeededNumberDictionary > dictionary, uint32_t key, Handle< Object > value, PropertyDetails details)
Definition: objects.cc:15088
v8::internal::Smi::kMaxValue
static const int kMaxValue
Definition: objects.h:1272
USE
void USE(T)
Definition: macros.h:322
v8::internal::AllowHeapAllocation
PerThreadAssertScopeDebugOnly< HEAP_ALLOCATION_ASSERT, true > AllowHeapAllocation
Definition: assert-scope.h:114
v8::internal::NumberToUint32
uint32_t NumberToUint32(Object *number)
Definition: conversions.h:195
v8::internal::kMaxUInt32
const uint32_t kMaxUInt32
Definition: globals.h:120

References v8::internal::SeededNumberDictionary::AddNumberEntry(), v8::internal::CALLBACKS, DCHECK, v8::internal::Isolate::factory(), v8::internal::Smi::FromInt(), v8::internal::kMaxUInt32, v8::internal::Smi::kMaxValue, v8::internal::Dictionary< SeededNumberDictionary, SeededNumberDictionaryShape, uint32_t >::New(), NONE, v8::internal::NORMAL, v8::internal::NumberToUint32(), and USE().

Referenced by PrepareElementsForSort().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ PreventExtensions()

MaybeHandle< Object > v8::internal::JSObject::PreventExtensions ( Handle< JSObject object)
static

Definition at line 5159 of file objects.cc.

5159  {
5160  Isolate* isolate = object->GetIsolate();
5161 
5162  if (!object->map()->is_extensible()) return object;
5163 
5164  if (object->IsAccessCheckNeeded() &&
5165  !isolate->MayNamedAccess(
5166  object, isolate->factory()->undefined_value(), v8::ACCESS_KEYS)) {
5167  isolate->ReportFailedAccessCheck(object, v8::ACCESS_KEYS);
5168  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
5169  return isolate->factory()->false_value();
5170  }
5171 
5172  if (object->IsJSGlobalProxy()) {
5173  PrototypeIterator iter(isolate, object);
5174  if (iter.IsAtEnd()) return object;
5175  DCHECK(PrototypeIterator::GetCurrent(iter)->IsJSGlobalObject());
5176  return PreventExtensions(
5177  Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)));
5178  }
5179 
5180  // It's not possible to seal objects with external array elements
5181  if (object->HasExternalArrayElements() ||
5182  object->HasFixedTypedArrayElements()) {
5183  THROW_NEW_ERROR(isolate,
5184  NewTypeError("cant_prevent_ext_external_array_elements",
5185  HandleVector(&object, 1)),
5186  Object);
5187  }
5188 
5189  // If there are fast elements we normalize.
5190  Handle<SeededNumberDictionary> dictionary = NormalizeElements(object);
5191  DCHECK(object->HasDictionaryElements() ||
5192  object->HasDictionaryArgumentsElements());
5193 
5194  // Make sure that we never go back to fast case.
5195  dictionary->set_requires_slow_elements();
5196 
5197  // Do a map transition, other objects with this map may still
5198  // be extensible.
5199  // TODO(adamk): Extend the NormalizedMapCache to handle non-extensible maps.
5200  Handle<Map> new_map = Map::Copy(handle(object->map()));
5201 
5202  new_map->set_is_extensible(false);
5203  JSObject::MigrateToMap(object, new_map);
5204  DCHECK(!object->map()->is_extensible());
5205 
5206  if (object->map()->is_observed()) {
5207  EnqueueChangeRecord(object, "preventExtensions", Handle<Name>(),
5208  isolate->factory()->the_hole_value());
5209  }
5210  return object;
5211 }
v8::internal::JSObject::PreventExtensions
static MUST_USE_RESULT MaybeHandle< Object > PreventExtensions(Handle< JSObject > object)
Definition: objects.cc:5159

References v8::ACCESS_KEYS, v8::internal::Map::Copy(), DCHECK, v8::internal::Isolate::factory(), v8::internal::PrototypeIterator::GetCurrent(), v8::internal::handle(), v8::internal::HandleVector(), v8::internal::PrototypeIterator::IsAtEnd(), v8::internal::Isolate::MayNamedAccess(), MigrateToMap(), v8::internal::Isolate::ReportFailedAccessCheck(), RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION, and THROW_NEW_ERROR.

Referenced by v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ PrintElementsTransition()

void v8::internal::JSObject::PrintElementsTransition ( FILE *  file,
Handle< JSObject object,
ElementsKind  from_kind,
Handle< FixedArrayBase from_elements,
ElementsKind  to_kind,
Handle< FixedArrayBase to_elements 
)
static

Definition at line 1283 of file objects.cc.

1286  {
1287  if (from_kind != to_kind) {
1288  OFStream os(file);
1289  os << "elements transition [" << ElementsKindToString(from_kind) << " -> "
1290  << ElementsKindToString(to_kind) << "] in ";
1291  JavaScriptFrame::PrintTop(object->GetIsolate(), file, false, true);
1292  PrintF(file, " for ");
1293  object->ShortPrint(file);
1294  PrintF(file, " from ");
1295  from_elements->ShortPrint(file);
1296  PrintF(file, " to ");
1297  to_elements->ShortPrint(file);
1298  PrintF(file, "\n");
1299  }
1300 }
v8::internal::JavaScriptFrame::PrintTop
static void PrintTop(Isolate *isolate, FILE *file, bool print_args, bool print_line_number)
Definition: frames.cc:811
file
enable harmony numeric enable harmony object literal extensions Optimize object Array DOM strings and string trace pretenuring decisions of HAllocate instructions Enables optimizations which favor memory size over execution speed maximum source size in bytes considered for a single inlining maximum cumulative number of AST nodes considered for inlining trace the tracking of allocation sites deoptimize every n garbage collections perform array bounds checks elimination analyze liveness of environment slots and zap dead values flushes the cache of optimized code for closures on every GC allow uint32 values on optimize frames if they are used only in safe operations track concurrent recompilation artificial compilation delay in ms do not emit check maps for constant values that have a leaf deoptimize the optimized code if the layout of the maps changes enable context specialization in TurboFan execution budget before interrupt is triggered max percentage of megamorphic generic ICs to allow optimization enable use of SAHF instruction if enable use of VFP3 instructions if available enable use of NEON instructions if enable use of SDIV and UDIV instructions if enable use of MLS instructions if enable loading bit constant by means of movw movt instruction enable unaligned accesses for enable use of d16 d31 registers on ARM this requires VFP3 force all emitted branches to be in long enable alignment of csp to bytes on platforms which prefer the register to always be expose gc extension under the specified name show built in functions in stack traces use random jit cookie to mask large constants minimum length for automatic enable preparsing CPU profiler sampling interval in microseconds trace out of bounds accesses to external arrays default size of stack region v8 is allowed to maximum length of function source code printed in a stack trace min size of a semi the new space consists of two semi spaces print one trace line following each garbage collection do not print trace line after scavenger collection print cumulative GC statistics in only print modified registers Trace simulator debug messages Implied by trace sim abort randomize hashes to avoid predictable hash Fixed seed to use to hash property Print the time it takes to deserialize the snapshot A filename with extra code to be included in the A file to write the raw snapshot bytes A file to write the raw context snapshot bytes Write V8 startup blob file(mksnapshot only)") DEFINE_BOOL(profile_hydrogen_code_stub_compilation
v8::internal::ElementsKindToString
const char * ElementsKindToString(ElementsKind kind)
Definition: elements-kind.cc:62
v8::internal::PrintF
void PrintF(const char *format,...)
Definition: utils.cc:80

References v8::internal::ElementsKindToString(), file(), v8::internal::PrintF(), and v8::internal::JavaScriptFrame::PrintTop().

Referenced by SetFastDoubleElementsCapacityAndLength(), and SetFastElementsCapacityAndLength().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ PrintInstanceMigration()

void v8::internal::JSObject::PrintInstanceMigration ( FILE *  file,
Map original_map,
Map new_map 
)

Definition at line 1345 of file objects.cc.

1347  {
1348  PrintF(file, "[migrating ");
1349  map()->constructor_name()->PrintOn(file);
1350  PrintF(file, "] ");
1351  DescriptorArray* o = original_map->instance_descriptors();
1352  DescriptorArray* n = new_map->instance_descriptors();
1353  for (int i = 0; i < original_map->NumberOfOwnDescriptors(); i++) {
1354  Representation o_r = o->GetDetails(i).representation();
1355  Representation n_r = n->GetDetails(i).representation();
1356  if (!o_r.Equals(n_r)) {
1357  String::cast(o->GetKey(i))->PrintOn(file);
1358  PrintF(file, ":%s->%s ", o_r.Mnemonic(), n_r.Mnemonic());
1359  } else if (o->GetDetails(i).type() == CONSTANT &&
1360  n->GetDetails(i).type() == FIELD) {
1361  Name* name = o->GetKey(i);
1362  if (name->IsString()) {
1363  String::cast(name)->PrintOn(file);
1364  } else {
1365  PrintF(file, "{symbol %p}", static_cast<void*>(name));
1366  }
1367  PrintF(file, " ");
1368  }
1369  }
1370  PrintF(file, "\n");
1371 }
v8::internal::Map::constructor_name
String * constructor_name()
Definition: objects.cc:1689
v8::internal::String::PrintOn
void PrintOn(FILE *out)
Definition: objects.cc:9005

References v8::internal::CONSTANT, v8::internal::Map::constructor_name(), v8::internal::Representation::Equals(), v8::internal::FIELD, file(), v8::internal::DescriptorArray::GetDetails(), v8::internal::DescriptorArray::GetKey(), v8::internal::HeapObject::map(), v8::internal::Representation::Mnemonic(), name, v8::internal::Map::NumberOfOwnDescriptors(), v8::internal::PrintF(), and v8::internal::String::PrintOn().

+ Here is the call graph for this function:

◆ property_dictionary()

NameDictionary * v8::internal::JSObject::property_dictionary ( )
inline

Definition at line 6443 of file objects-inl.h.

6443  {
6444  DCHECK(!HasFastProperties());
6445  return NameDictionary::cast(properties());
6446 }

References DCHECK, and HasFastProperties().

Referenced by v8::internal::V8HeapExplorer::ExtractPropertyReferences(), and SetNormalizedProperty().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ RawFastPropertyAt()

Object * v8::internal::JSObject::RawFastPropertyAt ( FieldIndex  index)
inline

Definition at line 2025 of file objects-inl.h.

2025  {
2026  if (index.is_inobject()) {
2027  return READ_FIELD(this, index.offset());
2028  } else {
2029  return properties()->get(index.outobject_array_index());
2030  }
2031 }

References READ_FIELD.

Referenced by v8::internal::V8HeapExplorer::ExtractPropertyReferences().

+ Here is the caller graph for this function:

◆ ReferencesObject()

bool v8::internal::JSObject::ReferencesObject ( Object obj)

Definition at line 5047 of file objects.cc.

5047  {
5048  Map* map_of_this = map();
5049  Heap* heap = GetHeap();
5050  DisallowHeapAllocation no_allocation;
5051 
5052  // Is the object the constructor for this object?
5053  if (map_of_this->constructor() == obj) {
5054  return true;
5055  }
5056 
5057  // Is the object the prototype for this object?
5058  if (map_of_this->prototype() == obj) {
5059  return true;
5060  }
5061 
5062  // Check if the object is among the named properties.
5063  Object* key = SlowReverseLookup(obj);
5064  if (!key->IsUndefined()) {
5065  return true;
5066  }
5067 
5068  // Check if the object is among the indexed properties.
5069  ElementsKind kind = GetElementsKind();
5070  switch (kind) {
5071  // Raw pixels and external arrays do not reference other
5072  // objects.
5073 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
5074  case EXTERNAL_##TYPE##_ELEMENTS: \
5075  case TYPE##_ELEMENTS: \
5076  break;
5077 
5078  TYPED_ARRAYS(TYPED_ARRAY_CASE)
5079 #undef TYPED_ARRAY_CASE
5080 
5081  case FAST_DOUBLE_ELEMENTS:
5082  case FAST_HOLEY_DOUBLE_ELEMENTS:
5083  break;
5084  case FAST_SMI_ELEMENTS:
5085  case FAST_HOLEY_SMI_ELEMENTS:
5086  break;
5087  case FAST_ELEMENTS:
5088  case FAST_HOLEY_ELEMENTS:
5089  case DICTIONARY_ELEMENTS: {
5090  FixedArray* elements = FixedArray::cast(this->elements());
5091  if (ReferencesObjectFromElements(elements, kind, obj)) return true;
5092  break;
5093  }
5094  case SLOPPY_ARGUMENTS_ELEMENTS: {
5095  FixedArray* parameter_map = FixedArray::cast(elements());
5096  // Check the mapped parameters.
5097  int length = parameter_map->length();
5098  for (int i = 2; i < length; ++i) {
5099  Object* value = parameter_map->get(i);
5100  if (!value->IsTheHole() && value == obj) return true;
5101  }
5102  // Check the arguments.
5103  FixedArray* arguments = FixedArray::cast(parameter_map->get(1));
5104  kind = arguments->IsDictionary() ? DICTIONARY_ELEMENTS :
5105  FAST_HOLEY_ELEMENTS;
5106  if (ReferencesObjectFromElements(arguments, kind, obj)) return true;
5107  break;
5108  }
5109  }
5110 
5111  // For functions check the context.
5112  if (IsJSFunction()) {
5113  // Get the constructor function for arguments array.
5114  Map* arguments_map =
5115  heap->isolate()->context()->native_context()->sloppy_arguments_map();
5116  JSFunction* arguments_function =
5117  JSFunction::cast(arguments_map->constructor());
5118 
5119  // Get the context and don't check if it is the native context.
5120  JSFunction* f = JSFunction::cast(this);
5121  Context* context = f->context();
5122  if (context->IsNativeContext()) {
5123  return false;
5124  }
5125 
5126  // Check the non-special context slots.
5127  for (int i = Context::MIN_CONTEXT_SLOTS; i < context->length(); i++) {
5128  // Only check JS objects.
5129  if (context->get(i)->IsJSObject()) {
5130  JSObject* ctxobj = JSObject::cast(context->get(i));
5131  // If it is an arguments array check the content.
5132  if (ctxobj->map()->constructor() == arguments_function) {
5133  if (ctxobj->ReferencesObject(obj)) {
5134  return true;
5135  }
5136  } else if (ctxobj == obj) {
5137  return true;
5138  }
5139  }
5140  }
5141 
5142  // Check the context extension (if any) if it can have references.
5143  if (context->has_extension() && !context->IsCatchContext()) {
5144  // With harmony scoping, a JSFunction may have a global context.
5145  // TODO(mvstanton): walk into the ScopeInfo.
5146  if (FLAG_harmony_scoping && context->IsGlobalContext()) {
5147  return false;
5148  }
5149 
5150  return JSObject::cast(context->extension())->ReferencesObject(obj);
5151  }
5152  }
5153 
5154  // No references to object.
5155  return false;
5156 }
v8::internal::JSObject::ReferencesObjectFromElements
bool ReferencesObjectFromElements(FixedArray *elements, ElementsKind kind, Object *object)
Definition: objects.cc:5024
v8::internal::JSObject::SlowReverseLookup
Object * SlowReverseLookup(Object *value)
Definition: objects.cc:6346

References v8::internal::Isolate::context(), v8::internal::JSFunction::context(), v8::internal::DICTIONARY_ELEMENTS, v8::internal::Context::extension(), v8::internal::FAST_DOUBLE_ELEMENTS, v8::internal::FAST_ELEMENTS, v8::internal::FAST_HOLEY_DOUBLE_ELEMENTS, v8::internal::FAST_HOLEY_ELEMENTS, v8::internal::FAST_HOLEY_SMI_ELEMENTS, v8::internal::FAST_SMI_ELEMENTS, v8::internal::FixedArray::get(), v8::internal::HeapObject::GetHeap(), v8::internal::Context::has_extension(), v8::internal::Context::IsCatchContext(), v8::internal::Context::IsGlobalContext(), v8::internal::Context::IsNativeContext(), v8::internal::Heap::isolate(), v8::internal::FixedArrayBase::length(), v8::internal::HeapObject::map(), v8::internal::Context::MIN_CONTEXT_SLOTS, v8::internal::Context::native_context(), ReferencesObject(), v8::internal::SLOPPY_ARGUMENTS_ELEMENTS, TYPED_ARRAY_CASE, and TYPED_ARRAYS.

Referenced by v8::internal::DebugReferencedBy(), and ReferencesObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ReferencesObjectFromElements()

bool v8::internal::JSObject::ReferencesObjectFromElements ( FixedArray elements,
ElementsKind  kind,
Object object 
)
private

Definition at line 5024 of file objects.cc.

5026  {
5027  DCHECK(IsFastObjectElementsKind(kind) ||
5028  kind == DICTIONARY_ELEMENTS);
5029  if (IsFastObjectElementsKind(kind)) {
5030  int length = IsJSArray()
5031  ? Smi::cast(JSArray::cast(this)->length())->value()
5032  : elements->length();
5033  for (int i = 0; i < length; ++i) {
5034  Object* element = elements->get(i);
5035  if (!element->IsTheHole() && element == object) return true;
5036  }
5037  } else {
5038  Object* key =
5039  SeededNumberDictionary::cast(elements)->SlowReverseLookup(object);
5040  if (!key->IsUndefined()) return true;
5041  }
5042  return false;
5043 }

References DCHECK, v8::internal::DICTIONARY_ELEMENTS, v8::internal::FixedArray::get(), v8::internal::IsFastObjectElementsKind(), and v8::internal::FixedArrayBase::length().

+ Here is the call graph for this function:

◆ ReoptimizeIfPrototype()

void v8::internal::JSObject::ReoptimizeIfPrototype ( Handle< JSObject object)
static

Definition at line 9349 of file objects.cc.

9349  {
9350  if (!object->map()->is_prototype_map()) return;
9351  OptimizeAsPrototype(object, FAST_PROTOTYPE);
9352 }
v8::internal::JSObject::OptimizeAsPrototype
static void OptimizeAsPrototype(Handle< JSObject > object, PrototypeOptimizationMode mode)
Definition: objects.cc:9329

References v8::internal::FAST_PROTOTYPE, and OptimizeAsPrototype().

+ Here is the call graph for this function:

◆ ResetElements()

void v8::internal::JSObject::ResetElements ( Handle< JSObject object)
static

Definition at line 4416 of file objects.cc.

4416  {
4417  Isolate* isolate = object->GetIsolate();
4418  CHECK(object->map() != isolate->heap()->sloppy_arguments_elements_map());
4419  if (object->map()->has_dictionary_elements()) {
4420  Handle<SeededNumberDictionary> new_elements =
4421  SeededNumberDictionary::New(isolate, 0);
4422  object->set_elements(*new_elements);
4423  } else {
4424  object->set_elements(object->map()->GetInitialElements());
4425  }
4426 }

References CHECK, v8::internal::Isolate::heap(), and v8::internal::Dictionary< SeededNumberDictionary, SeededNumberDictionaryShape, uint32_t >::New().

Referenced by v8::internal::RUNTIME_FUNCTION(), and v8::internal::DictionaryElementsAccessor::SetLengthWithoutNormalize().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetAccessor()

MaybeHandle< Object > v8::internal::JSObject::SetAccessor ( Handle< JSObject object,
Handle< AccessorInfo info 
)
static

Definition at line 6188 of file objects.cc.

6189  {
6190  Isolate* isolate = object->GetIsolate();
6191  Factory* factory = isolate->factory();
6192  Handle<Name> name(Name::cast(info->name()));
6193 
6194  // Check access rights if needed.
6195  if (object->IsAccessCheckNeeded() &&
6196  !isolate->MayNamedAccess(object, name, v8::ACCESS_SET)) {
6197  isolate->ReportFailedAccessCheck(object, v8::ACCESS_SET);
6198  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
6199  return factory->undefined_value();
6200  }
6201 
6202  if (object->IsJSGlobalProxy()) {
6203  PrototypeIterator iter(isolate, object);
6204  if (iter.IsAtEnd()) return object;
6205  DCHECK(PrototypeIterator::GetCurrent(iter)->IsJSGlobalObject());
6206  return SetAccessor(
6207  Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)), info);
6208  }
6209 
6210  // Make sure that the top context does not change when doing callbacks or
6211  // interceptor calls.
6212  AssertNoContextChange ncc(isolate);
6213 
6214  // Try to flatten before operating on the string.
6215  if (name->IsString()) name = String::Flatten(Handle<String>::cast(name));
6216 
6217  uint32_t index = 0;
6218  bool is_element = name->AsArrayIndex(&index);
6219 
6220  if (is_element) {
6221  if (object->IsJSArray()) return factory->undefined_value();
6222 
6223  // Accessors overwrite previous callbacks (cf. with getters/setters).
6224  switch (object->GetElementsKind()) {
6225  case FAST_SMI_ELEMENTS:
6226  case FAST_ELEMENTS:
6227  case FAST_DOUBLE_ELEMENTS:
6228  case FAST_HOLEY_SMI_ELEMENTS:
6229  case FAST_HOLEY_ELEMENTS:
6230  case FAST_HOLEY_DOUBLE_ELEMENTS:
6231  break;
6232 
6233 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
6234  case EXTERNAL_##TYPE##_ELEMENTS: \
6235  case TYPE##_ELEMENTS: \
6236 
6237  TYPED_ARRAYS(TYPED_ARRAY_CASE)
6238 #undef TYPED_ARRAY_CASE
6239  // Ignore getters and setters on pixel and external array
6240  // elements.
6241  return factory->undefined_value();
6242 
6243  case DICTIONARY_ELEMENTS:
6244  break;
6245  case SLOPPY_ARGUMENTS_ELEMENTS:
6246  UNIMPLEMENTED();
6247  break;
6248  }
6249 
6250  SetElementCallback(object, index, info, info->property_attributes());
6251  } else {
6252  // Lookup the name.
6253  LookupIterator it(object, name, LookupIterator::HIDDEN_SKIP_INTERCEPTOR);
6254  CHECK(GetPropertyAttributes(&it).has_value);
6255  // ES5 forbids turning a property into an accessor if it's not
6256  // configurable. See 8.6.1 (Table 5).
6257  if (it.IsFound() && (it.IsReadOnly() || !it.IsConfigurable())) {
6258  return factory->undefined_value();
6259  }
6260 
6261  SetPropertyCallback(object, name, info, info->property_attributes());
6262  }
6263 
6264  return object;
6265 }
v8::internal::JSObject::SetAccessor
static MUST_USE_RESULT MaybeHandle< Object > SetAccessor(Handle< JSObject > object, Handle< AccessorInfo > info)
Definition: objects.cc:6188
v8::internal::JSObject::SetPropertyCallback
static void SetPropertyCallback(Handle< JSObject > object, Handle< Name > name, Handle< Object > structure, PropertyAttributes attributes)
Definition: objects.cc:6064
UNIMPLEMENTED
#define UNIMPLEMENTED()
Definition: logging.h:28

References v8::ACCESS_SET, CHECK, DCHECK, v8::internal::DICTIONARY_ELEMENTS, v8::internal::Isolate::factory(), v8::internal::FAST_DOUBLE_ELEMENTS, v8::internal::FAST_ELEMENTS, v8::internal::FAST_HOLEY_DOUBLE_ELEMENTS, v8::internal::FAST_HOLEY_ELEMENTS, v8::internal::FAST_HOLEY_SMI_ELEMENTS, v8::internal::FAST_SMI_ELEMENTS, v8::internal::String::Flatten(), v8::internal::PrototypeIterator::GetCurrent(), v8::internal::PrototypeIterator::IsAtEnd(), v8::internal::Object::LookupIterator, v8::internal::Isolate::MayNamedAccess(), name, v8::internal::Isolate::ReportFailedAccessCheck(), RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION, v8::internal::SLOPPY_ARGUMENTS_ELEMENTS, TYPED_ARRAY_CASE, TYPED_ARRAYS, and UNIMPLEMENTED.

Referenced by v8::ObjectSetAccessor(), and v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetDictionaryElement()

MaybeHandle< Object > v8::internal::JSObject::SetDictionaryElement ( Handle< JSObject object,
uint32_t  index,
Handle< Object value,
PropertyAttributes  attributes,
StrictMode  strict_mode,
bool  check_prototype,
SetPropertyMode  set_mode = SET_PROPERTY 
)
staticprivate

Definition at line 12077 of file objects.cc.

12084  {
12085  DCHECK(object->HasDictionaryElements() ||
12086  object->HasDictionaryArgumentsElements());
12087  Isolate* isolate = object->GetIsolate();
12088 
12089  // Insert element in the dictionary.
12090  Handle<FixedArray> elements(FixedArray::cast(object->elements()));
12091  bool is_arguments =
12092  (elements->map() == isolate->heap()->sloppy_arguments_elements_map());
12093  Handle<SeededNumberDictionary> dictionary(is_arguments
12094  ? SeededNumberDictionary::cast(elements->get(1))
12095  : SeededNumberDictionary::cast(*elements));
12096 
12097  int entry = dictionary->FindEntry(index);
12098  if (entry != SeededNumberDictionary::kNotFound) {
12099  Handle<Object> element(dictionary->ValueAt(entry), isolate);
12100  PropertyDetails details = dictionary->DetailsAt(entry);
12101  if (details.type() == CALLBACKS && set_mode == SET_PROPERTY) {
12102  return SetElementWithCallback(object, element, index, value, object,
12103  strict_mode);
12104  } else {
12105  dictionary->UpdateMaxNumberKey(index);
12106  // If a value has not been initialized we allow writing to it even if it
12107  // is read-only (a declared const that has not been initialized). If a
12108  // value is being defined we skip attribute checks completely.
12109  if (set_mode == DEFINE_PROPERTY) {
12110  details = PropertyDetails(
12111  attributes, NORMAL, details.dictionary_index());
12112  dictionary->DetailsAtPut(entry, details);
12113  } else if (details.IsReadOnly() && !element->IsTheHole()) {
12114  if (strict_mode == SLOPPY) {
12115  return isolate->factory()->undefined_value();
12116  } else {
12117  Handle<Object> number = isolate->factory()->NewNumberFromUint(index);
12118  Handle<Object> args[2] = { number, object };
12119  THROW_NEW_ERROR(isolate, NewTypeError("strict_read_only_property",
12120  HandleVector(args, 2)),
12121  Object);
12122  }
12123  }
12124  // Elements of the arguments object in slow mode might be slow aliases.
12125  if (is_arguments && element->IsAliasedArgumentsEntry()) {
12126  Handle<AliasedArgumentsEntry> entry =
12127  Handle<AliasedArgumentsEntry>::cast(element);
12128  Handle<Context> context(Context::cast(elements->get(0)));
12129  int context_index = entry->aliased_context_slot();
12130  DCHECK(!context->get(context_index)->IsTheHole());
12131  context->set(context_index, *value);
12132  // For elements that are still writable we keep slow aliasing.
12133  if (!details.IsReadOnly()) value = element;
12134  }
12135  dictionary->ValueAtPut(entry, *value);
12136  }
12137  } else {
12138  // Index not already used. Look for an accessor in the prototype chain.
12139  // Can cause GC!
12140  if (check_prototype) {
12141  bool found;
12142  MaybeHandle<Object> result = SetElementWithCallbackSetterInPrototypes(
12143  object, index, value, &found, strict_mode);
12144  if (found) return result;
12145  }
12146 
12147  // When we set the is_extensible flag to false we always force the
12148  // element into dictionary mode (and force them to stay there).
12149  if (!object->map()->is_extensible()) {
12150  if (strict_mode == SLOPPY) {
12151  return isolate->factory()->undefined_value();
12152  } else {
12153  Handle<Object> number = isolate->factory()->NewNumberFromUint(index);
12154  Handle<String> name = isolate->factory()->NumberToString(number);
12155  Handle<Object> args[1] = { name };
12156  THROW_NEW_ERROR(isolate, NewTypeError("object_not_extensible",
12157  HandleVector(args, 1)),
12158  Object);
12159  }
12160  }
12161 
12162  PropertyDetails details = PropertyDetails(attributes, NORMAL, 0);
12163  Handle<SeededNumberDictionary> new_dictionary =
12164  SeededNumberDictionary::AddNumberEntry(dictionary, index, value,
12165  details);
12166  if (*dictionary != *new_dictionary) {
12167  if (is_arguments) {
12168  elements->set(1, *new_dictionary);
12169  } else {
12170  object->set_elements(*new_dictionary);
12171  }
12172  dictionary = new_dictionary;
12173  }
12174  }
12175 
12176  // Update the array length if this JSObject is an array.
12177  if (object->IsJSArray()) {
12178  JSArray::JSArrayUpdateLengthFromIndex(Handle<JSArray>::cast(object), index,
12179  value);
12180  }
12181 
12182  // Attempt to put this object back in fast case.
12183  if (object->ShouldConvertToFastElements()) {
12184  uint32_t new_length = 0;
12185  if (object->IsJSArray()) {
12186  CHECK(Handle<JSArray>::cast(object)->length()->ToArrayIndex(&new_length));
12187  } else {
12188  new_length = dictionary->max_number_key() + 1;
12189  }
12190  bool has_smi_only_elements = false;
12191  bool should_convert_to_fast_double_elements =
12192  object->ShouldConvertToFastDoubleElements(&has_smi_only_elements);
12193  SetFastElementsCapacitySmiMode smi_mode =
12194  has_smi_only_elements ? kForceSmiElements : kAllowSmiElements;
12195 
12196  if (should_convert_to_fast_double_elements) {
12197  SetFastDoubleElementsCapacityAndLength(object, new_length, new_length);
12198  } else {
12199  SetFastElementsCapacityAndLength(object, new_length, new_length,
12200  smi_mode);
12201  }
12202  JSObject::ValidateElements(object);
12203 #ifdef DEBUG
12204  if (FLAG_trace_normalization) {
12205  OFStream os(stdout);
12206  os << "Object elements are fast case again:\n";
12207  object->Print(os);
12208  }
12209 #endif
12210  }
12211  return value;
12212 }
v8::internal::Context::cast
static Context * cast(Object *context)
Definition: contexts.h:255
v8::internal::JSArray::JSArrayUpdateLengthFromIndex
static void JSArrayUpdateLengthFromIndex(Handle< JSArray > array, uint32_t index, Handle< Object > value)
Definition: objects.cc:12788
v8::internal::JSObject::SetElementWithCallback
static MUST_USE_RESULT MaybeHandle< Object > SetElementWithCallback(Handle< JSObject > object, Handle< Object > structure, uint32_t index, Handle< Object > value, Handle< JSObject > holder, StrictMode strict_mode)
Definition: objects.cc:11866
v8::internal::JSObject::SetFastElementsCapacityAndLength
static Handle< FixedArray > SetFastElementsCapacityAndLength(Handle< JSObject > object, int capacity, int length, SetFastElementsCapacitySmiMode smi_mode)
Definition: objects.cc:10982
v8::internal::JSObject::SetFastDoubleElementsCapacityAndLength
static void SetFastDoubleElementsCapacityAndLength(Handle< JSObject > object, int capacity, int length)
Definition: objects.cc:11044
v8::internal::JSObject::SetElementWithCallbackSetterInPrototypes
static MUST_USE_RESULT MaybeHandle< Object > SetElementWithCallbackSetterInPrototypes(Handle< JSObject > object, uint32_t index, Handle< Object > value, bool *found, StrictMode strict_mode)
Definition: objects.cc:3020
v8::internal::Object::ToArrayIndex
bool ToArrayIndex(uint32_t *index)
Definition: objects-inl.h:2116
v8::internal::DEFINE_PROPERTY
@ DEFINE_PROPERTY
Definition: objects.h:1552

References v8::internal::SeededNumberDictionary::AddNumberEntry(), v8::internal::CALLBACKS, v8::internal::Handle< T >::cast(), v8::internal::Context::cast(), CHECK, DCHECK, v8::internal::DEFINE_PROPERTY, v8::internal::Isolate::factory(), v8::internal::HandleVector(), v8::internal::Isolate::heap(), v8::internal::JSArray::JSArrayUpdateLengthFromIndex(), v8::internal::HashTable< Derived, Shape, Key >::kNotFound, v8::internal::FixedArrayBase::length(), name, v8::internal::NORMAL, v8::internal::SET_PROPERTY, v8::internal::SLOPPY, THROW_NEW_ERROR, v8::internal::Object::ToArrayIndex(), and ValidateElements().

+ Here is the call graph for this function:

◆ SetElement()

MaybeHandle< Object > v8::internal::JSObject::SetElement ( Handle< JSObject object,
uint32_t  index,
Handle< Object value,
PropertyAttributes  attributes,
StrictMode  strict_mode,
bool  check_prototype = true,
SetPropertyMode  set_mode = SET_PROPERTY 
)
static

Definition at line 12336 of file objects.cc.

12342  {
12343  Isolate* isolate = object->GetIsolate();
12344 
12345  if (object->HasExternalArrayElements() ||
12346  object->HasFixedTypedArrayElements()) {
12347  if (!value->IsNumber() && !value->IsUndefined()) {
12348  ASSIGN_RETURN_ON_EXCEPTION(
12349  isolate, value,
12350  Execution::ToNumber(isolate, value), Object);
12351  }
12352  }
12353 
12354  // Check access rights if needed.
12355  if (object->IsAccessCheckNeeded()) {
12356  if (!isolate->MayIndexedAccess(object, index, v8::ACCESS_SET)) {
12357  isolate->ReportFailedAccessCheck(object, v8::ACCESS_SET);
12358  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
12359  return value;
12360  }
12361  }
12362 
12363  if (object->IsJSGlobalProxy()) {
12364  PrototypeIterator iter(isolate, object);
12365  if (iter.IsAtEnd()) return value;
12366  DCHECK(PrototypeIterator::GetCurrent(iter)->IsJSGlobalObject());
12367  return SetElement(
12368  Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)), index,
12369  value, attributes, strict_mode, check_prototype, set_mode);
12370  }
12371 
12372  // Don't allow element properties to be redefined for external arrays.
12373  if ((object->HasExternalArrayElements() ||
12374  object->HasFixedTypedArrayElements()) &&
12375  set_mode == DEFINE_PROPERTY) {
12376  Handle<Object> number = isolate->factory()->NewNumberFromUint(index);
12377  Handle<Object> args[] = { object, number };
12378  THROW_NEW_ERROR(isolate, NewTypeError("redef_external_array_element",
12379  HandleVector(args, arraysize(args))),
12380  Object);
12381  }
12382 
12383  // Normalize the elements to enable attributes on the property.
12384  if ((attributes & (DONT_DELETE | DONT_ENUM | READ_ONLY)) != 0) {
12385  Handle<SeededNumberDictionary> dictionary = NormalizeElements(object);
12386  // Make sure that we never go back to fast case.
12387  dictionary->set_requires_slow_elements();
12388  }
12389 
12390  if (!object->map()->is_observed()) {
12391  return object->HasIndexedInterceptor()
12392  ? SetElementWithInterceptor(object, index, value, attributes,
12393  strict_mode, check_prototype, set_mode)
12394  : SetElementWithoutInterceptor(object, index, value, attributes,
12395  strict_mode, check_prototype, set_mode);
12396  }
12397 
12398  Maybe<PropertyAttributes> maybe =
12399  JSReceiver::GetOwnElementAttribute(object, index);
12400  if (!maybe.has_value) return MaybeHandle<Object>();
12401  PropertyAttributes old_attributes = maybe.value;
12402 
12403  Handle<Object> old_value = isolate->factory()->the_hole_value();
12404  Handle<Object> old_length_handle;
12405  Handle<Object> new_length_handle;
12406 
12407  if (old_attributes != ABSENT) {
12408  if (GetOwnElementAccessorPair(object, index).is_null()) {
12409  old_value = Object::GetElement(isolate, object, index).ToHandleChecked();
12410  }
12411  } else if (object->IsJSArray()) {
12412  // Store old array length in case adding an element grows the array.
12413  old_length_handle = handle(Handle<JSArray>::cast(object)->length(),
12414  isolate);
12415  }
12416 
12417  // Check for lookup interceptor
12418  Handle<Object> result;
12419  ASSIGN_RETURN_ON_EXCEPTION(
12420  isolate, result,
12421  object->HasIndexedInterceptor()
12422  ? SetElementWithInterceptor(
12423  object, index, value, attributes,
12424  strict_mode, check_prototype, set_mode)
12425  : SetElementWithoutInterceptor(
12426  object, index, value, attributes,
12427  strict_mode, check_prototype, set_mode),
12428  Object);
12429 
12430  Handle<String> name = isolate->factory()->Uint32ToString(index);
12431  maybe = GetOwnElementAttribute(object, index);
12432  if (!maybe.has_value) return MaybeHandle<Object>();
12433  PropertyAttributes new_attributes = maybe.value;
12434 
12435  if (old_attributes == ABSENT) {
12436  if (object->IsJSArray() &&
12437  !old_length_handle->SameValue(
12438  Handle<JSArray>::cast(object)->length())) {
12439  new_length_handle = handle(Handle<JSArray>::cast(object)->length(),
12440  isolate);
12441  uint32_t old_length = 0;
12442  uint32_t new_length = 0;
12443  CHECK(old_length_handle->ToArrayIndex(&old_length));
12444  CHECK(new_length_handle->ToArrayIndex(&new_length));
12445 
12446  BeginPerformSplice(Handle<JSArray>::cast(object));
12447  EnqueueChangeRecord(object, "add", name, old_value);
12448  EnqueueChangeRecord(object, "update", isolate->factory()->length_string(),
12449  old_length_handle);
12450  EndPerformSplice(Handle<JSArray>::cast(object));
12451  Handle<JSArray> deleted = isolate->factory()->NewJSArray(0);
12452  EnqueueSpliceRecord(Handle<JSArray>::cast(object), old_length, deleted,
12453  new_length - old_length);
12454  } else {
12455  EnqueueChangeRecord(object, "add", name, old_value);
12456  }
12457  } else if (old_value->IsTheHole()) {
12458  EnqueueChangeRecord(object, "reconfigure", name, old_value);
12459  } else {
12460  Handle<Object> new_value =
12461  Object::GetElement(isolate, object, index).ToHandleChecked();
12462  bool value_changed = !old_value->SameValue(*new_value);
12463  if (old_attributes != new_attributes) {
12464  if (!value_changed) old_value = isolate->factory()->the_hole_value();
12465  EnqueueChangeRecord(object, "reconfigure", name, old_value);
12466  } else if (value_changed) {
12467  EnqueueChangeRecord(object, "update", name, old_value);
12468  }
12469  }
12470 
12471  return result;
12472 }
v8::internal::JSObject::SetElement
static MUST_USE_RESULT MaybeHandle< Object > SetElement(Handle< JSObject > object, uint32_t index, Handle< Object > value, PropertyAttributes attributes, StrictMode strict_mode, bool check_prototype=true, SetPropertyMode set_mode=SET_PROPERTY)
Definition: objects.cc:12336
v8::internal::JSObject::SetElementWithoutInterceptor
static MUST_USE_RESULT MaybeHandle< Object > SetElementWithoutInterceptor(Handle< JSObject > object, uint32_t index, Handle< Object > value, PropertyAttributes attributes, StrictMode strict_mode, bool check_prototype, SetPropertyMode set_mode)
Definition: objects.cc:12475
v8::internal::JSObject::SetElementWithInterceptor
static MUST_USE_RESULT MaybeHandle< Object > SetElementWithInterceptor(Handle< JSObject > object, uint32_t index, Handle< Object > value, PropertyAttributes attributes, StrictMode strict_mode, bool check_prototype, SetPropertyMode set_mode)
Definition: objects.cc:11777
v8::internal::JSReceiver::GetOwnElementAttribute
static MUST_USE_RESULT Maybe< PropertyAttributes > GetOwnElementAttribute(Handle< JSReceiver > object, uint32_t index)
Definition: objects-inl.h:6743
v8::internal::ToNumber
int ToNumber(Register reg)
v8::internal::EndPerformSplice
static void EndPerformSplice(Handle< JSArray > object)
Definition: objects.cc:11154
v8::internal::BeginPerformSplice
static void BeginPerformSplice(Handle< JSArray > object)
Definition: objects.cc:11141
v8::internal::EnqueueSpliceRecord
static void EnqueueSpliceRecord(Handle< JSArray > object, uint32_t index, Handle< JSArray > deleted, uint32_t add_count)
Definition: objects.cc:11120

References ABSENT, v8::ACCESS_SET, arraysize, ASSIGN_RETURN_ON_EXCEPTION, v8::internal::BeginPerformSplice(), CHECK, DCHECK, v8::internal::DEFINE_PROPERTY, DONT_DELETE, DONT_ENUM, v8::internal::EndPerformSplice(), v8::internal::EnqueueSpliceRecord(), v8::internal::Isolate::factory(), v8::internal::PrototypeIterator::GetCurrent(), v8::internal::Object::GetElement(), v8::internal::JSReceiver::GetOwnElementAttribute(), v8::internal::handle(), v8::internal::HandleVector(), v8::internal::PrototypeIterator::IsAtEnd(), v8::internal::FixedArrayBase::length(), v8::maybe(), v8::internal::Isolate::MayIndexedAccess(), name, READ_ONLY, v8::internal::Isolate::ReportFailedAccessCheck(), RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION, THROW_NEW_ERROR, and v8::internal::ToNumber().

Referenced by v8::internal::Runtime::DefineObjectProperty(), v8::internal::Scope::ResolveVariable(), v8::internal::RUNTIME_FUNCTION(), v8::Object::Set(), v8::internal::JSReceiver::SetElement(), v8::internal::JSArray::SetElementsLength(), v8::internal::SetElementSloppy(), v8::internal::JSArrayBasedStruct< S >::SetField(), v8::internal::Runtime::SetObjectProperty(), SetOwnElement(), and v8::internal::StoreIC::Store().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetElementCallback()

void v8::internal::JSObject::SetElementCallback ( Handle< JSObject object,
uint32_t  index,
Handle< Object structure,
PropertyAttributes  attributes 
)
staticprivate

Definition at line 6024 of file objects.cc.

6027  {
6028  Heap* heap = object->GetHeap();
6029  PropertyDetails details = PropertyDetails(attributes, CALLBACKS, 0);
6030 
6031  // Normalize elements to make this operation simple.
6032  bool had_dictionary_elements = object->HasDictionaryElements();
6033  Handle<SeededNumberDictionary> dictionary = NormalizeElements(object);
6034  DCHECK(object->HasDictionaryElements() ||
6035  object->HasDictionaryArgumentsElements());
6036  // Update the dictionary with the new CALLBACKS property.
6037  dictionary = SeededNumberDictionary::Set(dictionary, index, structure,
6038  details);
6039  dictionary->set_requires_slow_elements();
6040 
6041  // Update the dictionary backing store on the object.
6042  if (object->elements()->map() == heap->sloppy_arguments_elements_map()) {
6043  // Also delete any parameter alias.
6044  //
6045  // TODO(kmillikin): when deleting the last parameter alias we could
6046  // switch to a direct backing store without the parameter map. This
6047  // would allow GC of the context.
6048  FixedArray* parameter_map = FixedArray::cast(object->elements());
6049  if (index < static_cast<uint32_t>(parameter_map->length()) - 2) {
6050  parameter_map->set(index + 2, heap->the_hole_value());
6051  }
6052  parameter_map->set(1, *dictionary);
6053  } else {
6054  object->set_elements(*dictionary);
6055 
6056  if (!had_dictionary_elements) {
6057  // KeyedStoreICs (at least the non-generic ones) need a reset.
6058  heap->ClearAllICsByKind(Code::KEYED_STORE_IC);
6059  }
6060  }
6061 }
v8::internal::SeededNumberDictionary::Set
static MUST_USE_RESULT Handle< SeededNumberDictionary > Set(Handle< SeededNumberDictionary > dictionary, uint32_t key, Handle< Object > value, PropertyDetails details)
Definition: objects.cc:15125

References v8::internal::CALLBACKS, v8::internal::Heap::ClearAllICsByKind(), DCHECK, v8::internal::FixedArrayBase::length(), v8::internal::SeededNumberDictionary::Set(), and v8::internal::FixedArray::set().

+ Here is the call graph for this function:

◆ SetElementWithCallback()

MaybeHandle< Object > v8::internal::JSObject::SetElementWithCallback ( Handle< JSObject object,
Handle< Object structure,
uint32_t  index,
Handle< Object value,
Handle< JSObject holder,
StrictMode  strict_mode 
)
staticprivate

Definition at line 11866 of file objects.cc.

11871  {
11872  Isolate* isolate = object->GetIsolate();
11873 
11874  // We should never get here to initialize a const with the hole
11875  // value since a const declaration would conflict with the setter.
11876  DCHECK(!value->IsTheHole());
11877  DCHECK(!structure->IsForeign());
11878  if (structure->IsExecutableAccessorInfo()) {
11879  // api style callbacks
11880  Handle<ExecutableAccessorInfo> data =
11881  Handle<ExecutableAccessorInfo>::cast(structure);
11882  Object* call_obj = data->setter();
11883  v8::AccessorNameSetterCallback call_fun =
11884  v8::ToCData<v8::AccessorNameSetterCallback>(call_obj);
11885  if (call_fun == NULL) return value;
11886  Handle<Object> number = isolate->factory()->NewNumberFromUint(index);
11887  Handle<String> key(isolate->factory()->NumberToString(number));
11888  LOG(isolate, ApiNamedPropertyAccess("store", *object, *key));
11889  PropertyCallbackArguments
11890  args(isolate, data->data(), *object, *holder);
11891  args.Call(call_fun,
11892  v8::Utils::ToLocal(key),
11893  v8::Utils::ToLocal(value));
11894  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
11895  return value;
11896  }
11897 
11898  if (structure->IsAccessorPair()) {
11899  Handle<Object> setter(AccessorPair::cast(*structure)->setter(), isolate);
11900  if (setter->IsSpecFunction()) {
11901  // TODO(rossberg): nicer would be to cast to some JSCallable here...
11902  return SetPropertyWithDefinedSetter(
11903  object, Handle<JSReceiver>::cast(setter), value);
11904  } else {
11905  if (strict_mode == SLOPPY) return value;
11906  Handle<Object> key(isolate->factory()->NewNumberFromUint(index));
11907  Handle<Object> args[2] = { key, holder };
11908  THROW_NEW_ERROR(
11909  isolate, NewTypeError("no_setter_in_callback", HandleVector(args, 2)),
11910  Object);
11911  }
11912  }
11913 
11914  // TODO(dcarney): Handle correctly.
11915  if (structure->IsDeclaredAccessorInfo()) return value;
11916 
11917  UNREACHABLE();
11918  return MaybeHandle<Object>();
11919 }
v8::internal::Object::SetPropertyWithDefinedSetter
static MUST_USE_RESULT MaybeHandle< Object > SetPropertyWithDefinedSetter(Handle< Object > receiver, Handle< JSReceiver > setter, Handle< Object > value)
Definition: objects.cc:552
v8::AccessorNameSetterCallback
void(* AccessorNameSetterCallback)(Local< Name > property, Local< Value > value, const PropertyCallbackInfo< void > &info)
Definition: v8.h:2257

References v8::internal::Handle< T >::cast(), DCHECK, v8::internal::Isolate::factory(), v8::internal::HandleVector(), LOG, NULL, RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION, v8::internal::Object::SetPropertyWithDefinedSetter(), v8::internal::SLOPPY, THROW_NEW_ERROR, v8::Utils::ToLocal(), and UNREACHABLE.

+ Here is the call graph for this function:

◆ SetElementWithCallbackSetterInPrototypes()

MaybeHandle< Object > v8::internal::JSObject::SetElementWithCallbackSetterInPrototypes ( Handle< JSObject object,
uint32_t  index,
Handle< Object value,
bool found,
StrictMode  strict_mode 
)
staticprivate

Definition at line 3020 of file objects.cc.

3025  {
3026  Isolate *isolate = object->GetIsolate();
3027  for (PrototypeIterator iter(isolate, object); !iter.IsAtEnd();
3028  iter.Advance()) {
3029  if (PrototypeIterator::GetCurrent(iter)->IsJSProxy()) {
3030  return JSProxy::SetPropertyViaPrototypesWithHandler(
3031  Handle<JSProxy>::cast(PrototypeIterator::GetCurrent(iter)), object,
3032  isolate->factory()->Uint32ToString(index), // name
3033  value, strict_mode, found);
3034  }
3035  Handle<JSObject> js_proto =
3036  Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter));
3037  if (!js_proto->HasDictionaryElements()) {
3038  continue;
3039  }
3040  Handle<SeededNumberDictionary> dictionary(js_proto->element_dictionary());
3041  int entry = dictionary->FindEntry(index);
3042  if (entry != SeededNumberDictionary::kNotFound) {
3043  PropertyDetails details = dictionary->DetailsAt(entry);
3044  if (details.type() == CALLBACKS) {
3045  *found = true;
3046  Handle<Object> structure(dictionary->ValueAt(entry), isolate);
3047  return SetElementWithCallback(object, structure, index, value, js_proto,
3048  strict_mode);
3049  }
3050  }
3051  }
3052  *found = false;
3053  return isolate->factory()->the_hole_value();
3054 }
v8::internal::JSProxy::SetPropertyViaPrototypesWithHandler
static MUST_USE_RESULT MaybeHandle< Object > SetPropertyViaPrototypesWithHandler(Handle< JSProxy > proxy, Handle< Object > receiver, Handle< Name > name, Handle< Object > value, StrictMode strict_mode, bool *done)
Definition: objects.cc:3434

References v8::internal::CALLBACKS, v8::internal::Handle< T >::cast(), v8::internal::Isolate::factory(), v8::internal::PrototypeIterator::GetCurrent(), v8::internal::PrototypeIterator::IsAtEnd(), v8::internal::HashTable< Derived, Shape, Key >::kNotFound, and v8::internal::JSProxy::SetPropertyViaPrototypesWithHandler().

+ Here is the call graph for this function:

◆ SetElementWithInterceptor()

MaybeHandle< Object > v8::internal::JSObject::SetElementWithInterceptor ( Handle< JSObject object,
uint32_t  index,
Handle< Object value,
PropertyAttributes  attributes,
StrictMode  strict_mode,
bool  check_prototype,
SetPropertyMode  set_mode 
)
staticprivate

Definition at line 11777 of file objects.cc.

11784  {
11785  Isolate* isolate = object->GetIsolate();
11786 
11787  // Make sure that the top context does not change when doing
11788  // callbacks or interceptor calls.
11789  AssertNoContextChange ncc(isolate);
11790 
11791  Handle<InterceptorInfo> interceptor(object->GetIndexedInterceptor());
11792  if (!interceptor->setter()->IsUndefined()) {
11793  v8::IndexedPropertySetterCallback setter =
11794  v8::ToCData<v8::IndexedPropertySetterCallback>(interceptor->setter());
11795  LOG(isolate,
11796  ApiIndexedPropertyAccess("interceptor-indexed-set", *object, index));
11797  PropertyCallbackArguments args(isolate, interceptor->data(), *object,
11798  *object);
11799  v8::Handle<v8::Value> result =
11800  args.Call(setter, index, v8::Utils::ToLocal(value));
11801  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
11802  if (!result.IsEmpty()) return value;
11803  }
11804 
11805  return SetElementWithoutInterceptor(object, index, value, attributes,
11806  strict_mode,
11807  check_prototype,
11808  set_mode);
11809 }
v8::IndexedPropertySetterCallback
void(* IndexedPropertySetterCallback)(uint32_t index, Local< Value > value, const PropertyCallbackInfo< Value > &info)
Returns the value if the setter intercepts the request.
Definition: v8.h:3483

References v8::Handle< T >::IsEmpty(), LOG, RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION, and v8::Utils::ToLocal().

+ Here is the call graph for this function:

◆ SetElementWithoutInterceptor()

MaybeHandle< Object > v8::internal::JSObject::SetElementWithoutInterceptor ( Handle< JSObject object,
uint32_t  index,
Handle< Object value,
PropertyAttributes  attributes,
StrictMode  strict_mode,
bool  check_prototype,
SetPropertyMode  set_mode 
)
staticprivate

Definition at line 12475 of file objects.cc.

12482  {
12483  DCHECK(object->HasDictionaryElements() ||
12484  object->HasDictionaryArgumentsElements() ||
12485  (attributes & (DONT_DELETE | DONT_ENUM | READ_ONLY)) == 0);
12486  Isolate* isolate = object->GetIsolate();
12487  if (FLAG_trace_external_array_abuse &&
12488  IsExternalArrayElementsKind(object->GetElementsKind())) {
12489  CheckArrayAbuse(object, "external elements write", index);
12490  }
12491  if (FLAG_trace_js_array_abuse &&
12492  !IsExternalArrayElementsKind(object->GetElementsKind())) {
12493  if (object->IsJSArray()) {
12494  CheckArrayAbuse(object, "elements write", index, true);
12495  }
12496  }
12497  if (object->IsJSArray() && JSArray::WouldChangeReadOnlyLength(
12498  Handle<JSArray>::cast(object), index)) {
12499  if (strict_mode == SLOPPY) {
12500  return value;
12501  } else {
12502  return JSArray::ReadOnlyLengthError(Handle<JSArray>::cast(object));
12503  }
12504  }
12505  switch (object->GetElementsKind()) {
12506  case FAST_SMI_ELEMENTS:
12507  case FAST_ELEMENTS:
12508  case FAST_HOLEY_SMI_ELEMENTS:
12509  case FAST_HOLEY_ELEMENTS:
12510  return SetFastElement(object, index, value, strict_mode, check_prototype);
12511  case FAST_DOUBLE_ELEMENTS:
12512  case FAST_HOLEY_DOUBLE_ELEMENTS:
12513  return SetFastDoubleElement(object, index, value, strict_mode,
12514  check_prototype);
12515 
12516 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
12517  case EXTERNAL_##TYPE##_ELEMENTS: { \
12518  Handle<External##Type##Array> array( \
12519  External##Type##Array::cast(object->elements())); \
12520  return External##Type##Array::SetValue(array, index, value); \
12521  } \
12522  case TYPE##_ELEMENTS: { \
12523  Handle<Fixed##Type##Array> array( \
12524  Fixed##Type##Array::cast(object->elements())); \
12525  return Fixed##Type##Array::SetValue(array, index, value); \
12526  }
12527 
12528  TYPED_ARRAYS(TYPED_ARRAY_CASE)
12529 
12530 #undef TYPED_ARRAY_CASE
12531 
12532  case DICTIONARY_ELEMENTS:
12533  return SetDictionaryElement(object, index, value, attributes, strict_mode,
12534  check_prototype,
12535  set_mode);
12536  case SLOPPY_ARGUMENTS_ELEMENTS: {
12537  Handle<FixedArray> parameter_map(FixedArray::cast(object->elements()));
12538  uint32_t length = parameter_map->length();
12539  Handle<Object> probe = index < length - 2 ?
12540  Handle<Object>(parameter_map->get(index + 2), isolate) :
12541  Handle<Object>();
12542  if (!probe.is_null() && !probe->IsTheHole()) {
12543  Handle<Context> context(Context::cast(parameter_map->get(0)));
12544  int context_index = Handle<Smi>::cast(probe)->value();
12545  DCHECK(!context->get(context_index)->IsTheHole());
12546  context->set(context_index, *value);
12547  // Redefining attributes of an aliased element destroys fast aliasing.
12548  if (set_mode == SET_PROPERTY || attributes == NONE) return value;
12549  parameter_map->set_the_hole(index + 2);
12550  // For elements that are still writable we re-establish slow aliasing.
12551  if ((attributes & READ_ONLY) == 0) {
12552  value = Handle<Object>::cast(
12553  isolate->factory()->NewAliasedArgumentsEntry(context_index));
12554  }
12555  }
12556  Handle<FixedArray> arguments(FixedArray::cast(parameter_map->get(1)));
12557  if (arguments->IsDictionary()) {
12558  return SetDictionaryElement(object, index, value, attributes,
12559  strict_mode,
12560  check_prototype,
12561  set_mode);
12562  } else {
12563  return SetFastElement(object, index, value, strict_mode,
12564  check_prototype);
12565  }
12566  }
12567  }
12568  // All possible cases have been handled above. Add a return to avoid the
12569  // complaints from the compiler.
12570  UNREACHABLE();
12571  return isolate->factory()->null_value();
12572 }
v8::internal::JSArray::ReadOnlyLengthError
static MaybeHandle< Object > ReadOnlyLengthError(Handle< JSArray > array)
Definition: objects.cc:12829
v8::internal::JSArray::WouldChangeReadOnlyLength
static bool WouldChangeReadOnlyLength(Handle< JSArray > array, uint32_t index)
Definition: objects.cc:12813
v8::internal::JSObject::SetFastElement
static MUST_USE_RESULT MaybeHandle< Object > SetFastElement(Handle< JSObject > object, uint32_t index, Handle< Object > value, StrictMode strict_mode, bool check_prototype)
Definition: objects.cc:11949
v8::internal::JSObject::SetDictionaryElement
static MUST_USE_RESULT MaybeHandle< Object > SetDictionaryElement(Handle< JSObject > object, uint32_t index, Handle< Object > value, PropertyAttributes attributes, StrictMode strict_mode, bool check_prototype, SetPropertyMode set_mode=SET_PROPERTY)
Definition: objects.cc:12077
v8::internal::JSObject::SetFastDoubleElement
static MUST_USE_RESULT MaybeHandle< Object > SetFastDoubleElement(Handle< JSObject > object, uint32_t index, Handle< Object > value, StrictMode strict_mode, bool check_prototype=true)
Definition: objects.cc:12214
v8::internal::IsExternalArrayElementsKind
bool IsExternalArrayElementsKind(ElementsKind kind)
Definition: elements-kind.h:95
v8::internal::CheckArrayAbuse
void CheckArrayAbuse(Handle< JSObject > obj, const char *op, uint32_t key, bool allow_appending)
Definition: elements.cc:496

References v8::internal::Handle< T >::cast(), v8::internal::Context::cast(), v8::internal::CheckArrayAbuse(), DCHECK, v8::internal::DICTIONARY_ELEMENTS, DONT_DELETE, DONT_ENUM, v8::internal::Isolate::factory(), v8::internal::FAST_DOUBLE_ELEMENTS, v8::internal::FAST_ELEMENTS, v8::internal::FAST_HOLEY_DOUBLE_ELEMENTS, v8::internal::FAST_HOLEY_ELEMENTS, v8::internal::FAST_HOLEY_SMI_ELEMENTS, v8::internal::FAST_SMI_ELEMENTS, v8::internal::Handle< T >::is_null(), v8::internal::IsExternalArrayElementsKind(), v8::internal::FixedArrayBase::length(), NONE, READ_ONLY, v8::internal::JSArray::ReadOnlyLengthError(), v8::internal::SET_PROPERTY, v8::internal::SLOPPY, v8::internal::SLOPPY_ARGUMENTS_ELEMENTS, TYPED_ARRAY_CASE, TYPED_ARRAYS, UNREACHABLE, and v8::internal::JSArray::WouldChangeReadOnlyLength().

+ Here is the call graph for this function:

◆ SetFastDoubleElement()

MaybeHandle< Object > v8::internal::JSObject::SetFastDoubleElement ( Handle< JSObject object,
uint32_t  index,
Handle< Object value,
StrictMode  strict_mode,
bool  check_prototype = true 
)
staticprivate

Definition at line 12214 of file objects.cc.

12219  {
12220  DCHECK(object->HasFastDoubleElements());
12221 
12222  Handle<FixedArrayBase> base_elms(FixedArrayBase::cast(object->elements()));
12223  uint32_t elms_length = static_cast<uint32_t>(base_elms->length());
12224 
12225  // If storing to an element that isn't in the array, pass the store request
12226  // up the prototype chain before storing in the receiver's elements.
12227  if (check_prototype &&
12228  (index >= elms_length ||
12229  Handle<FixedDoubleArray>::cast(base_elms)->is_the_hole(index))) {
12230  bool found;
12231  MaybeHandle<Object> result = SetElementWithCallbackSetterInPrototypes(
12232  object, index, value, &found, strict_mode);
12233  if (found) return result;
12234  }
12235 
12236  // If the value object is not a heap number, switch to fast elements and try
12237  // again.
12238  bool value_is_smi = value->IsSmi();
12239  bool introduces_holes = true;
12240  uint32_t length = elms_length;
12241  if (object->IsJSArray()) {
12242  CHECK(Handle<JSArray>::cast(object)->length()->ToArrayIndex(&length));
12243  introduces_holes = index > length;
12244  } else {
12245  introduces_holes = index >= elms_length;
12246  }
12247 
12248  if (!value->IsNumber()) {
12249  SetFastElementsCapacityAndLength(object, elms_length, length,
12250  kDontAllowSmiElements);
12251  Handle<Object> result;
12252  ASSIGN_RETURN_ON_EXCEPTION(
12253  object->GetIsolate(), result,
12254  SetFastElement(object, index, value, strict_mode, check_prototype),
12255  Object);
12256  JSObject::ValidateElements(object);
12257  return result;
12258  }
12259 
12260  double double_value = value_is_smi
12261  ? static_cast<double>(Handle<Smi>::cast(value)->value())
12262  : Handle<HeapNumber>::cast(value)->value();
12263 
12264  // If the array is growing, and it's not growth by a single element at the
12265  // end, make sure that the ElementsKind is HOLEY.
12266  ElementsKind elements_kind = object->GetElementsKind();
12267  if (introduces_holes && !IsFastHoleyElementsKind(elements_kind)) {
12268  ElementsKind transitioned_kind = GetHoleyElementsKind(elements_kind);
12269  TransitionElementsKind(object, transitioned_kind);
12270  }
12271 
12272  // Check whether there is extra space in the fixed array.
12273  if (index < elms_length) {
12274  Handle<FixedDoubleArray> elms(FixedDoubleArray::cast(object->elements()));
12275  elms->set(index, double_value);
12276  if (object->IsJSArray()) {
12277  // Update the length of the array if needed.
12278  uint32_t array_length = 0;
12279  CHECK(
12280  Handle<JSArray>::cast(object)->length()->ToArrayIndex(&array_length));
12281  if (index >= array_length) {
12282  Handle<JSArray>::cast(object)->set_length(Smi::FromInt(index + 1));
12283  }
12284  }
12285  return value;
12286  }
12287 
12288  // Allow gap in fast case.
12289  if ((index - elms_length) < kMaxGap) {
12290  // Try allocating extra space.
12291  int new_capacity = NewElementsCapacity(index+1);
12292  if (!object->ShouldConvertToSlowElements(new_capacity)) {
12293  DCHECK(static_cast<uint32_t>(new_capacity) > index);
12294  SetFastDoubleElementsCapacityAndLength(object, new_capacity, index + 1);
12295  FixedDoubleArray::cast(object->elements())->set(index, double_value);
12296  JSObject::ValidateElements(object);
12297  return value;
12298  }
12299  }
12300 
12301  // Otherwise default to slow case.
12302  DCHECK(object->HasFastDoubleElements());
12303  DCHECK(object->map()->has_fast_double_elements());
12304  DCHECK(object->elements()->IsFixedDoubleArray() ||
12305  object->elements()->length() == 0);
12306 
12307  NormalizeElements(object);
12308  DCHECK(object->HasDictionaryElements());
12309  return SetElement(object, index, value, NONE, strict_mode, check_prototype);
12310 }
v8::internal::JSObject::kMaxGap
static const uint32_t kMaxGap
Definition: objects.h:2168
v8::internal::JSObject::NewElementsCapacity
static int NewElementsCapacity(int old_capacity)
Definition: objects.h:1911

References ASSIGN_RETURN_ON_EXCEPTION, v8::internal::Handle< T >::cast(), CHECK, DCHECK, v8::internal::Smi::FromInt(), v8::internal::GetHoleyElementsKind(), v8::internal::FixedArray::is_the_hole(), v8::internal::IsFastHoleyElementsKind(), v8::internal::FixedArrayBase::length(), NONE, v8::internal::Object::ToArrayIndex(), and ValidateElements().

+ Here is the call graph for this function:

◆ SetFastDoubleElementsCapacityAndLength()

void v8::internal::JSObject::SetFastDoubleElementsCapacityAndLength ( Handle< JSObject object,
int  capacity,
int  length 
)
static

Definition at line 11044 of file objects.cc.

11046  {
11047  // We should never end in here with a pixel or external array.
11048  DCHECK(!object->HasExternalArrayElements());
11049 
11050  Handle<FixedArrayBase> elems =
11051  object->GetIsolate()->factory()->NewFixedDoubleArray(capacity);
11052 
11053  ElementsKind elements_kind = object->GetElementsKind();
11054  CHECK(elements_kind != SLOPPY_ARGUMENTS_ELEMENTS);
11055  ElementsKind new_elements_kind = elements_kind;
11056  if (IsHoleyElementsKind(elements_kind)) {
11057  new_elements_kind = FAST_HOLEY_DOUBLE_ELEMENTS;
11058  } else {
11059  new_elements_kind = FAST_DOUBLE_ELEMENTS;
11060  }
11061 
11062  Handle<Map> new_map = GetElementsTransitionMap(object, new_elements_kind);
11063 
11064  Handle<FixedArrayBase> old_elements(object->elements());
11065  ElementsAccessor* accessor = ElementsAccessor::ForKind(FAST_DOUBLE_ELEMENTS);
11066  accessor->CopyElements(object, elems, elements_kind);
11067 
11068  JSObject::ValidateElements(object);
11069  JSObject::SetMapAndElements(object, new_map, elems);
11070 
11071  if (FLAG_trace_elements_transitions) {
11072  PrintElementsTransition(stdout, object, elements_kind, old_elements,
11073  object->GetElementsKind(), elems);
11074  }
11075 
11076  if (object->IsJSArray()) {
11077  Handle<JSArray>::cast(object)->set_length(Smi::FromInt(length));
11078  }
11079 }
v8::internal::JSObject::PrintElementsTransition
static void PrintElementsTransition(FILE *file, Handle< JSObject > object, ElementsKind from_kind, Handle< FixedArrayBase > from_elements, ElementsKind to_kind, Handle< FixedArrayBase > to_elements)
Definition: objects.cc:1283
v8::internal::IsHoleyElementsKind
bool IsHoleyElementsKind(ElementsKind kind)
Definition: elements-kind.h:175

References v8::internal::Handle< T >::cast(), CHECK, v8::internal::ElementsAccessor::CopyElements(), DCHECK, v8::internal::FAST_DOUBLE_ELEMENTS, v8::internal::FAST_HOLEY_DOUBLE_ELEMENTS, v8::internal::ElementsAccessor::ForKind(), v8::internal::Smi::FromInt(), GetElementsTransitionMap(), v8::internal::IsHoleyElementsKind(), PrintElementsTransition(), SetMapAndElements(), v8::internal::SLOPPY_ARGUMENTS_ELEMENTS, and ValidateElements().

Referenced by v8::internal::FastDoubleElementsAccessor< FastElementsAccessorSubclass, KindTraits >::SetFastElementsCapacityAndLength().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetFastElement()

MaybeHandle< Object > v8::internal::JSObject::SetFastElement ( Handle< JSObject object,
uint32_t  index,
Handle< Object value,
StrictMode  strict_mode,
bool  check_prototype 
)
static

Definition at line 11949 of file objects.cc.

11953  {
11954  DCHECK(object->HasFastSmiOrObjectElements() ||
11955  object->HasFastArgumentsElements());
11956 
11957  Isolate* isolate = object->GetIsolate();
11958 
11959  // Array optimizations rely on the prototype lookups of Array objects always
11960  // returning undefined. If there is a store to the initial prototype object,
11961  // make sure all of these optimizations are invalidated.
11962  if (isolate->is_initial_object_prototype(*object) ||
11963  isolate->is_initial_array_prototype(*object)) {
11964  object->map()->dependent_code()->DeoptimizeDependentCodeGroup(isolate,
11965  DependentCode::kElementsCantBeAddedGroup);
11966  }
11967 
11968  Handle<FixedArray> backing_store(FixedArray::cast(object->elements()));
11969  if (backing_store->map() ==
11970  isolate->heap()->sloppy_arguments_elements_map()) {
11971  backing_store = handle(FixedArray::cast(backing_store->get(1)));
11972  } else {
11973  backing_store = EnsureWritableFastElements(object);
11974  }
11975  uint32_t capacity = static_cast<uint32_t>(backing_store->length());
11976 
11977  if (check_prototype &&
11978  (index >= capacity || backing_store->get(index)->IsTheHole())) {
11979  bool found;
11980  MaybeHandle<Object> result = SetElementWithCallbackSetterInPrototypes(
11981  object, index, value, &found, strict_mode);
11982  if (found) return result;
11983  }
11984 
11985  uint32_t new_capacity = capacity;
11986  // Check if the length property of this object needs to be updated.
11987  uint32_t array_length = 0;
11988  bool must_update_array_length = false;
11989  bool introduces_holes = true;
11990  if (object->IsJSArray()) {
11991  CHECK(Handle<JSArray>::cast(object)->length()->ToArrayIndex(&array_length));
11992  introduces_holes = index > array_length;
11993  if (index >= array_length) {
11994  must_update_array_length = true;
11995  array_length = index + 1;
11996  }
11997  } else {
11998  introduces_holes = index >= capacity;
11999  }
12000 
12001  // If the array is growing, and it's not growth by a single element at the
12002  // end, make sure that the ElementsKind is HOLEY.
12003  ElementsKind elements_kind = object->GetElementsKind();
12004  if (introduces_holes &&
12005  IsFastElementsKind(elements_kind) &&
12006  !IsFastHoleyElementsKind(elements_kind)) {
12007  ElementsKind transitioned_kind = GetHoleyElementsKind(elements_kind);
12008  TransitionElementsKind(object, transitioned_kind);
12009  }
12010 
12011  // Check if the capacity of the backing store needs to be increased, or if
12012  // a transition to slow elements is necessary.
12013  if (index >= capacity) {
12014  bool convert_to_slow = true;
12015  if ((index - capacity) < kMaxGap) {
12016  new_capacity = NewElementsCapacity(index + 1);
12017  DCHECK(new_capacity > index);
12018  if (!object->ShouldConvertToSlowElements(new_capacity)) {
12019  convert_to_slow = false;
12020  }
12021  }
12022  if (convert_to_slow) {
12023  NormalizeElements(object);
12024  return SetDictionaryElement(object, index, value, NONE, strict_mode,
12025  check_prototype);
12026  }
12027  }
12028  // Convert to fast double elements if appropriate.
12029  if (object->HasFastSmiElements() && !value->IsSmi() && value->IsNumber()) {
12030  // Consider fixing the boilerplate as well if we have one.
12031  ElementsKind to_kind = IsHoleyElementsKind(elements_kind)
12032  ? FAST_HOLEY_DOUBLE_ELEMENTS
12033  : FAST_DOUBLE_ELEMENTS;
12034 
12035  UpdateAllocationSite(object, to_kind);
12036 
12037  SetFastDoubleElementsCapacityAndLength(object, new_capacity, array_length);
12038  FixedDoubleArray::cast(object->elements())->set(index, value->Number());
12039  JSObject::ValidateElements(object);
12040  return value;
12041  }
12042  // Change elements kind from Smi-only to generic FAST if necessary.
12043  if (object->HasFastSmiElements() && !value->IsSmi()) {
12044  ElementsKind kind = object->HasFastHoleyElements()
12045  ? FAST_HOLEY_ELEMENTS
12046  : FAST_ELEMENTS;
12047 
12048  UpdateAllocationSite(object, kind);
12049  Handle<Map> new_map = GetElementsTransitionMap(object, kind);
12050  JSObject::MigrateToMap(object, new_map);
12051  DCHECK(IsFastObjectElementsKind(object->GetElementsKind()));
12052  }
12053  // Increase backing store capacity if that's been decided previously.
12054  if (new_capacity != capacity) {
12055  SetFastElementsCapacitySmiMode smi_mode =
12056  value->IsSmi() && object->HasFastSmiElements()
12057  ? kAllowSmiElements
12058  : kDontAllowSmiElements;
12059  Handle<FixedArray> new_elements =
12060  SetFastElementsCapacityAndLength(object, new_capacity, array_length,
12061  smi_mode);
12062  new_elements->set(index, *value);
12063  JSObject::ValidateElements(object);
12064  return value;
12065  }
12066 
12067  // Finally, set the new element and length.
12068  DCHECK(object->elements()->IsFixedArray());
12069  backing_store->set(index, *value);
12070  if (must_update_array_length) {
12071  Handle<JSArray>::cast(object)->set_length(Smi::FromInt(array_length));
12072  }
12073  return value;
12074 }
v8::internal::JSObject::UpdateAllocationSite
static void UpdateAllocationSite(Handle< JSObject > object, ElementsKind to_kind)
Definition: objects.cc:12685

References v8::internal::Handle< T >::cast(), CHECK, DCHECK, v8::internal::FAST_DOUBLE_ELEMENTS, v8::internal::FAST_ELEMENTS, v8::internal::FAST_HOLEY_DOUBLE_ELEMENTS, v8::internal::FAST_HOLEY_ELEMENTS, v8::internal::Smi::FromInt(), v8::internal::GetHoleyElementsKind(), v8::internal::handle(), v8::internal::Isolate::heap(), v8::internal::IsFastElementsKind(), v8::internal::IsFastHoleyElementsKind(), v8::internal::IsFastObjectElementsKind(), v8::internal::IsHoleyElementsKind(), v8::internal::DependentCode::kElementsCantBeAddedGroup, v8::internal::FixedArrayBase::length(), MigrateToMap(), NONE, v8::internal::Object::ToArrayIndex(), and ValidateElements().

Referenced by v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetFastElementsCapacityAndLength()

Handle< FixedArray > v8::internal::JSObject::SetFastElementsCapacityAndLength ( Handle< JSObject object,
int  capacity,
int  length,
SetFastElementsCapacitySmiMode  smi_mode 
)
static

Definition at line 10982 of file objects.cc.

10986  {
10987  // We should never end in here with a pixel or external array.
10988  DCHECK(!object->HasExternalArrayElements());
10989 
10990  // Allocate a new fast elements backing store.
10991  Handle<FixedArray> new_elements =
10992  object->GetIsolate()->factory()->NewUninitializedFixedArray(capacity);
10993 
10994  ElementsKind elements_kind = object->GetElementsKind();
10995  ElementsKind new_elements_kind;
10996  // The resized array has FAST_*_SMI_ELEMENTS if the capacity mode forces it,
10997  // or if it's allowed and the old elements array contained only SMIs.
10998  bool has_fast_smi_elements =
10999  (smi_mode == kForceSmiElements) ||
11000  ((smi_mode == kAllowSmiElements) && object->HasFastSmiElements());
11001  if (has_fast_smi_elements) {
11002  if (IsHoleyElementsKind(elements_kind)) {
11003  new_elements_kind = FAST_HOLEY_SMI_ELEMENTS;
11004  } else {
11005  new_elements_kind = FAST_SMI_ELEMENTS;
11006  }
11007  } else {
11008  if (IsHoleyElementsKind(elements_kind)) {
11009  new_elements_kind = FAST_HOLEY_ELEMENTS;
11010  } else {
11011  new_elements_kind = FAST_ELEMENTS;
11012  }
11013  }
11014  Handle<FixedArrayBase> old_elements(object->elements());
11015  ElementsAccessor* accessor = ElementsAccessor::ForKind(new_elements_kind);
11016  accessor->CopyElements(object, new_elements, elements_kind);
11017 
11018  if (elements_kind != SLOPPY_ARGUMENTS_ELEMENTS) {
11019  Handle<Map> new_map = (new_elements_kind != elements_kind)
11020  ? GetElementsTransitionMap(object, new_elements_kind)
11021  : handle(object->map());
11022  JSObject::ValidateElements(object);
11023  JSObject::SetMapAndElements(object, new_map, new_elements);
11024 
11025  // Transition through the allocation site as well if present.
11026  JSObject::UpdateAllocationSite(object, new_elements_kind);
11027  } else {
11028  Handle<FixedArray> parameter_map = Handle<FixedArray>::cast(old_elements);
11029  parameter_map->set(1, *new_elements);
11030  }
11031 
11032  if (FLAG_trace_elements_transitions) {
11033  PrintElementsTransition(stdout, object, elements_kind, old_elements,
11034  object->GetElementsKind(), new_elements);
11035  }
11036 
11037  if (object->IsJSArray()) {
11038  Handle<JSArray>::cast(object)->set_length(Smi::FromInt(length));
11039  }
11040  return new_elements;
11041 }

References v8::internal::Handle< T >::cast(), v8::internal::ElementsAccessor::CopyElements(), DCHECK, v8::internal::FAST_ELEMENTS, v8::internal::FAST_HOLEY_ELEMENTS, v8::internal::FAST_HOLEY_SMI_ELEMENTS, v8::internal::FAST_SMI_ELEMENTS, v8::internal::ElementsAccessor::ForKind(), v8::internal::Smi::FromInt(), GetElementsTransitionMap(), v8::internal::handle(), v8::internal::IsHoleyElementsKind(), kAllowSmiElements, kForceSmiElements, PrintElementsTransition(), SetMapAndElements(), v8::internal::SLOPPY_ARGUMENTS_ELEMENTS, UpdateAllocationSite(), and ValidateElements().

Referenced by v8::internal::FastSmiOrObjectElementsAccessor< FastElementsAccessorSubclass, KindTraits >::SetFastElementsCapacityAndLength().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetHiddenPropertiesHashTable()

Handle< Object > v8::internal::JSObject::SetHiddenPropertiesHashTable ( Handle< JSObject object,
Handle< Object value 
)
staticprivate

Definition at line 4766 of file objects.cc.

4767  {
4768  DCHECK(!object->IsJSGlobalProxy());
4769  Isolate* isolate = object->GetIsolate();
4770  Handle<Name> name = isolate->factory()->hidden_string();
4771  SetOwnPropertyIgnoreAttributes(object, name, value, DONT_ENUM).Assert();
4772  return object;
4773 }
v8::internal::JSObject::SetOwnPropertyIgnoreAttributes
static MUST_USE_RESULT MaybeHandle< Object > SetOwnPropertyIgnoreAttributes(Handle< JSObject > object, Handle< Name > key, Handle< Object > value, PropertyAttributes attributes, ExecutableAccessorInfoHandling handling=DEFAULT_HANDLING)
Definition: objects.cc:3808

References DCHECK, DONT_ENUM, v8::internal::Isolate::factory(), and name.

Referenced by SetHiddenProperty().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetHiddenProperty()

Handle< Object > v8::internal::JSObject::SetHiddenProperty ( Handle< JSObject object,
Handle< Name key,
Handle< Object value 
)
static

Definition at line 4627 of file objects.cc.

4629  {
4630  Isolate* isolate = object->GetIsolate();
4631 
4632  DCHECK(key->IsUniqueName());
4633  if (object->IsJSGlobalProxy()) {
4634  // JSGlobalProxies store their hash internally.
4635  DCHECK(*key != *isolate->factory()->identity_hash_string());
4636  // For a proxy, use the prototype as target object.
4637  PrototypeIterator iter(isolate, object);
4638  // If the proxy is detached, return undefined.
4639  if (iter.IsAtEnd()) return isolate->factory()->undefined_value();
4640  DCHECK(PrototypeIterator::GetCurrent(iter)->IsJSGlobalObject());
4641  return SetHiddenProperty(
4642  Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)), key,
4643  value);
4644  }
4645  DCHECK(!object->IsJSGlobalProxy());
4646 
4647  Handle<Object> inline_value(object->GetHiddenPropertiesHashTable(), isolate);
4648 
4649  // If there is no backing store yet, store the identity hash inline.
4650  if (value->IsSmi() &&
4651  *key == *isolate->factory()->identity_hash_string() &&
4652  (inline_value->IsUndefined() || inline_value->IsSmi())) {
4653  return JSObject::SetHiddenPropertiesHashTable(object, value);
4654  }
4655 
4656  Handle<ObjectHashTable> hashtable =
4657  GetOrCreateHiddenPropertiesHashtable(object);
4658 
4659  // If it was found, check if the key is already in the dictionary.
4660  Handle<ObjectHashTable> new_table = ObjectHashTable::Put(hashtable, key,
4661  value);
4662  if (*new_table != *hashtable) {
4663  // If adding the key expanded the dictionary (i.e., Add returned a new
4664  // dictionary), store it back to the object.
4665  SetHiddenPropertiesHashTable(object, new_table);
4666  }
4667 
4668  // Return this to mark success.
4669  return object;
4670 }
v8::internal::JSObject::GetOrCreateHiddenPropertiesHashtable
static Handle< ObjectHashTable > GetOrCreateHiddenPropertiesHashtable(Handle< JSObject > object)
Definition: objects.cc:4740

References DCHECK, v8::internal::Isolate::factory(), v8::internal::PrototypeIterator::GetCurrent(), v8::internal::PrototypeIterator::IsAtEnd(), v8::internal::ObjectHashTable::Put(), and SetHiddenPropertiesHashTable().

Referenced by v8::internal::RUNTIME_FUNCTION(), and v8::Object::SetHiddenValue().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetIdentityHash()

void v8::internal::JSObject::SetIdentityHash ( Handle< JSObject object,
Handle< Smi hash 
)
static

Definition at line 4534 of file objects.cc.

4534  {
4535  DCHECK(!object->IsJSGlobalProxy());
4536  Isolate* isolate = object->GetIsolate();
4537  SetHiddenProperty(object, isolate->factory()->identity_hash_string(), hash);
4538 }

References DCHECK, and v8::internal::Isolate::factory().

Referenced by v8::internal::JSProxy::Fix().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetInternalField() [1/2]

void v8::internal::JSObject::SetInternalField ( int  index,
Object value 
)
inline

Definition at line 2001 of file objects-inl.h.

2001  {
2002  DCHECK(index < GetInternalFieldCount() && index >= 0);
2003  // Internal objects do follow immediately after the header, whereas in-object
2004  // properties are at the end of the object. Therefore there is no need
2005  // to adjust the index here.
2006  int offset = GetHeaderSize() + (kPointerSize * index);
2007  WRITE_FIELD(this, offset, value);
2008  WRITE_BARRIER(GetHeap(), this, offset, value);
2009 }

References DCHECK, GetHeaderSize(), v8::internal::HeapObject::GetHeap(), GetInternalFieldCount(), v8::internal::kPointerSize, WRITE_BARRIER, and WRITE_FIELD.

+ Here is the call graph for this function:

◆ SetInternalField() [2/2]

void v8::internal::JSObject::SetInternalField ( int  index,
Smi value 
)
inline

Definition at line 2012 of file objects-inl.h.

2012  {
2013  DCHECK(index < GetInternalFieldCount() && index >= 0);
2014  // Internal objects do follow immediately after the header, whereas in-object
2015  // properties are at the end of the object. Therefore there is no need
2016  // to adjust the index here.
2017  int offset = GetHeaderSize() + (kPointerSize * index);
2018  WRITE_FIELD(this, offset, value);
2019 }

References DCHECK, GetHeaderSize(), GetInternalFieldCount(), v8::internal::kPointerSize, and WRITE_FIELD.

+ Here is the call graph for this function:

◆ SetMapAndElements()

void v8::internal::JSObject::SetMapAndElements ( Handle< JSObject object,
Handle< Map map,
Handle< FixedArrayBase elements 
)
inlinestatic

Definition at line 1814 of file objects-inl.h.

1816  {
1817  JSObject::MigrateToMap(object, new_map);
1818  DCHECK((object->map()->has_fast_smi_or_object_elements() ||
1819  (*value == object->GetHeap()->empty_fixed_array())) ==
1820  (value->map() == object->GetHeap()->fixed_array_map() ||
1821  value->map() == object->GetHeap()->fixed_cow_array_map()));
1822  DCHECK((*value == object->GetHeap()->empty_fixed_array()) ||
1823  (object->map()->has_fast_double_elements() ==
1824  value->IsFixedDoubleArray()));
1825  object->set_elements(*value);
1826 }

References DCHECK, and MigrateToMap().

Referenced by v8::internal::JSTypedArray::MaterializeArrayBuffer(), v8::NewTypedArray(), PrepareElementsForSort(), v8::anonymous_namespace{api.cc}::PrepareExternalArrayElements(), v8::internal::RUNTIME_FUNCTION(), SetFastDoubleElementsCapacityAndLength(), and SetFastElementsCapacityAndLength().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetNormalizedProperty()

void v8::internal::JSObject::SetNormalizedProperty ( Handle< JSObject object,
Handle< Name key,
Handle< Object value,
PropertyDetails  details 
)
static

Definition at line 641 of file objects.cc.

644  {
645  DCHECK(!object->HasFastProperties());
646  Handle<NameDictionary> property_dictionary(object->property_dictionary());
647 
648  if (!name->IsUniqueName()) {
649  name = object->GetIsolate()->factory()->InternalizeString(
650  Handle<String>::cast(name));
651  }
652 
653  int entry = property_dictionary->FindEntry(name);
654  if (entry == NameDictionary::kNotFound) {
655  Handle<Object> store_value = value;
656  if (object->IsGlobalObject()) {
657  store_value = object->GetIsolate()->factory()->NewPropertyCell(value);
658  }
659 
660  property_dictionary = NameDictionary::Add(
661  property_dictionary, name, store_value, details);
662  object->set_properties(*property_dictionary);
663  return;
664  }
665 
666  PropertyDetails original_details = property_dictionary->DetailsAt(entry);
667  int enumeration_index;
668  // Preserve the enumeration index unless the property was deleted.
669  if (original_details.IsDeleted()) {
670  enumeration_index = property_dictionary->NextEnumerationIndex();
671  property_dictionary->SetNextEnumerationIndex(enumeration_index + 1);
672  } else {
673  enumeration_index = original_details.dictionary_index();
674  DCHECK(enumeration_index > 0);
675  }
676 
677  details = PropertyDetails(
678  details.attributes(), details.type(), enumeration_index);
679 
680  if (object->IsGlobalObject()) {
681  Handle<PropertyCell> cell(
682  PropertyCell::cast(property_dictionary->ValueAt(entry)));
683  PropertyCell::SetValueInferType(cell, value);
684  // Please note we have to update the property details.
685  property_dictionary->DetailsAtPut(entry, details);
686  } else {
687  property_dictionary->SetEntry(entry, name, value, details);
688  }
689 }
v8::internal::Dictionary::ValueAt
Object * ValueAt(int entry)
Definition: objects.h:3491
v8::internal::Dictionary::SetNextEnumerationIndex
void SetNextEnumerationIndex(int index)
Definition: objects.h:3547
v8::internal::Dictionary::SetEntry
void SetEntry(int entry, Handle< Object > key, Handle< Object > value)
Definition: objects-inl.h:6798
v8::internal::Dictionary::DetailsAt
PropertyDetails DetailsAt(int entry)
Definition: objects.h:3501
v8::internal::Dictionary::DetailsAtPut
void DetailsAtPut(int entry, PropertyDetails value)
Definition: objects.h:3508
v8::internal::NameDictionary::FindEntry
int FindEntry(Handle< Name > key)
Definition: objects.cc:13784

References v8::internal::Dictionary< NameDictionary, NameDictionaryShape, Handle< Name > >::Add(), DCHECK, v8::internal::Dictionary< Derived, Shape, Key >::DetailsAt(), v8::internal::Dictionary< Derived, Shape, Key >::DetailsAtPut(), v8::internal::NameDictionary::FindEntry(), v8::internal::HashTable< Derived, Shape, Key >::kNotFound, name, v8::internal::Dictionary< Derived, Shape, Key >::NextEnumerationIndex(), property_dictionary(), v8::internal::Dictionary< Derived, Shape, Key >::SetEntry(), v8::internal::Dictionary< Derived, Shape, Key >::SetNextEnumerationIndex(), v8::internal::PropertyCell::SetValueInferType(), and v8::internal::Dictionary< Derived, Shape, Key >::ValueAt().

+ Here is the call graph for this function:

◆ SetObserved()

void v8::internal::JSObject::SetObserved ( Handle< JSObject object)
static

Definition at line 5340 of file objects.cc.

5340  {
5341  DCHECK(!object->IsJSGlobalProxy());
5342  DCHECK(!object->IsJSGlobalObject());
5343  Isolate* isolate = object->GetIsolate();
5344  Handle<Map> new_map;
5345  Handle<Map> old_map(object->map(), isolate);
5346  DCHECK(!old_map->is_observed());
5347  int transition_index = old_map->SearchTransition(
5348  isolate->heap()->observed_symbol());
5349  if (transition_index != TransitionArray::kNotFound) {
5350  new_map = handle(old_map->GetTransition(transition_index), isolate);
5351  DCHECK(new_map->is_observed());
5352  } else if (object->HasFastProperties() && old_map->CanHaveMoreTransitions()) {
5353  new_map = Map::CopyForObserved(old_map);
5354  } else {
5355  new_map = Map::Copy(old_map);
5356  new_map->set_is_observed();
5357  }
5358  JSObject::MigrateToMap(object, new_map);
5359 }
v8::internal::Map::CopyForObserved
static Handle< Map > CopyForObserved(Handle< Map > map)
Definition: objects.cc:6637

References v8::internal::Map::Copy(), v8::internal::Map::CopyForObserved(), DCHECK, v8::internal::handle(), v8::internal::Isolate::heap(), v8::internal::TransitionArray::kNotFound, and MigrateToMap().

Referenced by v8::internal::RUNTIME_FUNCTION().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetOwnElement()

MaybeHandle< Object > v8::internal::JSObject::SetOwnElement ( Handle< JSObject object,
uint32_t  index,
Handle< Object value,
StrictMode  strict_mode 
)
static

Definition at line 12327 of file objects.cc.

12330  {
12331  DCHECK(!object->HasExternalArrayElements());
12332  return JSObject::SetElement(object, index, value, NONE, strict_mode, false);
12333 }

References DCHECK, NONE, and SetElement().

Referenced by v8::internal::CreateObjectLiteralBoilerplate().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetOwnPropertyIgnoreAttributes()

MaybeHandle< Object > v8::internal::JSObject::SetOwnPropertyIgnoreAttributes ( Handle< JSObject object,
Handle< Name key,
Handle< Object value,
PropertyAttributes  attributes,
ExecutableAccessorInfoHandling  handling = DEFAULT_HANDLING 
)
static

Definition at line 3808 of file objects.cc.

3813  {
3814  DCHECK(!value->IsTheHole());
3815  LookupIterator it(object, name, LookupIterator::OWN_SKIP_INTERCEPTOR);
3816  bool is_observed = object->map()->is_observed() &&
3817  *name != it.isolate()->heap()->hidden_string();
3818  for (; it.IsFound(); it.Next()) {
3819  switch (it.state()) {
3820  case LookupIterator::INTERCEPTOR:
3821  case LookupIterator::JSPROXY:
3822  case LookupIterator::NOT_FOUND:
3823  case LookupIterator::TRANSITION:
3824  UNREACHABLE();
3825 
3826  case LookupIterator::ACCESS_CHECK:
3827  if (!it.isolate()->MayNamedAccess(object, name, v8::ACCESS_SET)) {
3828  return SetPropertyWithFailedAccessCheck(&it, value, SLOPPY);
3829  }
3830  break;
3831 
3832  case LookupIterator::ACCESSOR: {
3833  PropertyDetails details = it.property_details();
3834  Handle<Object> old_value = it.isolate()->factory()->the_hole_value();
3835  // Ensure the context isn't changed after calling into accessors.
3836  AssertNoContextChange ncc(it.isolate());
3837 
3838  Handle<Object> accessors = it.GetAccessors();
3839 
3840  if (is_observed && accessors->IsAccessorInfo()) {
3841  ASSIGN_RETURN_ON_EXCEPTION(
3842  it.isolate(), old_value,
3843  GetPropertyWithAccessor(it.GetReceiver(), it.name(),
3844  it.GetHolder<JSObject>(), accessors),
3845  Object);
3846  }
3847 
3848  // Special handling for ExecutableAccessorInfo, which behaves like a
3849  // data property.
3850  if (handling == DONT_FORCE_FIELD &&
3851  accessors->IsExecutableAccessorInfo()) {
3852  Handle<Object> result;
3853  ASSIGN_RETURN_ON_EXCEPTION(
3854  it.isolate(), result,
3855  JSObject::SetPropertyWithAccessor(it.GetReceiver(), it.name(),
3856  value, it.GetHolder<JSObject>(),
3857  accessors, STRICT),
3858  Object);
3859  DCHECK(result->SameValue(*value));
3860 
3861  if (details.attributes() == attributes) {
3862  // Regular property update if the attributes match.
3863  if (is_observed && !old_value->SameValue(*value)) {
3864  // If we are setting the prototype of a function and are
3865  // observed, don't send change records because the prototype
3866  // handles that itself.
3867  if (!object->IsJSFunction() ||
3868  !Name::Equals(it.isolate()->factory()->prototype_string(),
3869  name) ||
3870  !Handle<JSFunction>::cast(object)->should_have_prototype()) {
3871  EnqueueChangeRecord(object, "update", name, old_value);
3872  }
3873  }
3874  return value;
3875  }
3876 
3877  // Reconfigure the accessor if attributes mismatch.
3878  Handle<ExecutableAccessorInfo> new_data = Accessors::CloneAccessor(
3879  it.isolate(), Handle<ExecutableAccessorInfo>::cast(accessors));
3880  new_data->set_property_attributes(attributes);
3881  // By clearing the setter we don't have to introduce a lookup to
3882  // the setter, simply make it unavailable to reflect the
3883  // attributes.
3884  if (attributes & READ_ONLY) new_data->clear_setter();
3885  SetPropertyCallback(object, name, new_data, attributes);
3886  if (is_observed) {
3887  if (old_value->SameValue(*value)) {
3888  old_value = it.isolate()->factory()->the_hole_value();
3889  }
3890  EnqueueChangeRecord(object, "reconfigure", name, old_value);
3891  }
3892  return value;
3893  }
3894 
3895  it.ReconfigureDataProperty(value, attributes);
3896  it.PrepareForDataProperty(value);
3897  it.WriteDataValue(value);
3898 
3899  if (is_observed) {
3900  if (old_value->SameValue(*value)) {
3901  old_value = it.isolate()->factory()->the_hole_value();
3902  }
3903  EnqueueChangeRecord(object, "reconfigure", name, old_value);
3904  }
3905 
3906  return value;
3907  }
3908 
3909  case LookupIterator::DATA: {
3910  PropertyDetails details = it.property_details();
3911  Handle<Object> old_value = it.isolate()->factory()->the_hole_value();
3912  // Regular property update if the attributes match.
3913  if (details.attributes() == attributes) {
3914  return SetDataProperty(&it, value);
3915  }
3916  // Reconfigure the data property if the attributes mismatch.
3917  if (is_observed) old_value = it.GetDataValue();
3918 
3919  it.ReconfigureDataProperty(value, attributes);
3920  it.PrepareForDataProperty(value);
3921  it.WriteDataValue(value);
3922 
3923  if (is_observed) {
3924  if (old_value->SameValue(*value)) {
3925  old_value = it.isolate()->factory()->the_hole_value();
3926  }
3927  EnqueueChangeRecord(object, "reconfigure", name, old_value);
3928  }
3929 
3930  return value;
3931  }
3932  }
3933  }
3934 
3935  return AddDataProperty(&it, value, attributes, STRICT,
3936  CERTAINLY_NOT_STORE_FROM_KEYED);
3937 }
v8::internal::Accessors::CloneAccessor
static Handle< ExecutableAccessorInfo > CloneAccessor(Isolate *isolate, Handle< ExecutableAccessorInfo > accessor)
Definition: accessors.cc:44
v8::internal::JSObject::SetPropertyWithFailedAccessCheck
static MUST_USE_RESULT MaybeHandle< Object > SetPropertyWithFailedAccessCheck(LookupIterator *it, Handle< Object > value, StrictMode strict_mode)
Definition: objects.cc:626
v8::internal::Name::Equals
bool Equals(Name *other)
Definition: objects-inl.h:3309
v8::internal::Object::SetPropertyWithAccessor
static MUST_USE_RESULT MaybeHandle< Object > SetPropertyWithAccessor(Handle< Object > receiver, Handle< Name > name, Handle< Object > value, Handle< JSObject > holder, Handle< Object > structure, StrictMode strict_mode)
Definition: objects.cc:478
v8::internal::Object::SetDataProperty
static Handle< Object > SetDataProperty(LookupIterator *it, Handle< Object > value)
Definition: objects.cc:2933

References v8::ACCESS_SET, v8::internal::ACCESSOR, DCHECK, v8::internal::Object::LookupIterator, name, v8::internal::SLOPPY, and UNREACHABLE.

Referenced by v8::internal::CreateObjectLiteralBoilerplate(), v8::internal::DeclareGlobals(), v8::internal::Runtime::DefineObjectProperty(), v8::internal::RUNTIME_FUNCTION(), and v8::internal::SetPropertyOnInstanceIfInherited().

+ Here is the caller graph for this function:

◆ SetPropertyCallback()

void v8::internal::JSObject::SetPropertyCallback ( Handle< JSObject object,
Handle< Name name,
Handle< Object structure,
PropertyAttributes  attributes 
)
staticprivate

Definition at line 6064 of file objects.cc.

6067  {
6068  PropertyNormalizationMode mode = object->map()->is_prototype_map()
6069  ? KEEP_INOBJECT_PROPERTIES
6070  : CLEAR_INOBJECT_PROPERTIES;
6071  // Normalize object to make this operation simple.
6072  NormalizeProperties(object, mode, 0);
6073 
6074  // For the global object allocate a new map to invalidate the global inline
6075  // caches which have a global property cell reference directly in the code.
6076  if (object->IsGlobalObject()) {
6077  Handle<Map> new_map = Map::CopyDropDescriptors(handle(object->map()));
6078  DCHECK(new_map->is_dictionary_map());
6079  JSObject::MigrateToMap(object, new_map);
6080 
6081  // When running crankshaft, changing the map is not enough. We
6082  // need to deoptimize all functions that rely on this global
6083  // object.
6084  Deoptimizer::DeoptimizeGlobalObject(*object);
6085  }
6086 
6087  // Update the dictionary with the new CALLBACKS property.
6088  PropertyDetails details = PropertyDetails(attributes, CALLBACKS, 0);
6089  SetNormalizedProperty(object, name, structure, details);
6090 
6091  ReoptimizeIfPrototype(object);
6092 }
v8::internal::Deoptimizer::DeoptimizeGlobalObject
static void DeoptimizeGlobalObject(JSObject *object)
Definition: deoptimizer.cc:470
v8::internal::JSObject::SetNormalizedProperty
static void SetNormalizedProperty(Handle< JSObject > object, Handle< Name > key, Handle< Object > value, PropertyDetails details)
Definition: objects.cc:641

References v8::internal::CALLBACKS, v8::internal::CLEAR_INOBJECT_PROPERTIES, v8::internal::Map::CopyDropDescriptors(), DCHECK, v8::internal::Deoptimizer::DeoptimizeGlobalObject(), v8::internal::handle(), v8::internal::KEEP_INOBJECT_PROPERTIES, MigrateToMap(), mode(), and name.

+ Here is the call graph for this function:

◆ SetPropertyWithFailedAccessCheck()

MaybeHandle< Object > v8::internal::JSObject::SetPropertyWithFailedAccessCheck ( LookupIterator it,
Handle< Object value,
StrictMode  strict_mode 
)
staticprivate

Definition at line 626 of file objects.cc.

627  {
628  Handle<JSObject> checked = it->GetHolder<JSObject>();
629  if (FindAllCanWriteHolder(it)) {
630  return SetPropertyWithAccessor(it->GetReceiver(), it->name(), value,
631  it->GetHolder<JSObject>(),
632  it->GetAccessors(), strict_mode);
633  }
634 
635  it->isolate()->ReportFailedAccessCheck(checked, v8::ACCESS_SET);
636  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(it->isolate(), Object);
637  return value;
638 }
v8::internal::FindAllCanWriteHolder
static bool FindAllCanWriteHolder(LookupIterator *it)
Definition: objects.cc:613

References v8::ACCESS_SET, v8::internal::FindAllCanWriteHolder(), RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION, and v8::internal::Object::SetPropertyWithAccessor().

Referenced by v8::internal::Object::SetProperty().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetPropertyWithInterceptor()

MaybeHandle< Object > v8::internal::JSObject::SetPropertyWithInterceptor ( LookupIterator it,
Handle< Object value 
)
static

Definition at line 2773 of file objects.cc.

2774  {
2775  // TODO(rossberg): Support symbols in the API.
2776  if (it->name()->IsSymbol()) return value;
2777 
2778  Handle<String> name_string = Handle<String>::cast(it->name());
2779  Handle<JSObject> holder = it->GetHolder<JSObject>();
2780  Handle<InterceptorInfo> interceptor(holder->GetNamedInterceptor());
2781  if (interceptor->setter()->IsUndefined()) return MaybeHandle<Object>();
2782 
2783  LOG(it->isolate(),
2784  ApiNamedPropertyAccess("interceptor-named-set", *holder, *name_string));
2785  PropertyCallbackArguments args(it->isolate(), interceptor->data(), *holder,
2786  *holder);
2787  v8::NamedPropertySetterCallback setter =
2788  v8::ToCData<v8::NamedPropertySetterCallback>(interceptor->setter());
2789  v8::Handle<v8::Value> result = args.Call(
2790  setter, v8::Utils::ToLocal(name_string), v8::Utils::ToLocal(value));
2791  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(it->isolate(), Object);
2792  if (!result.IsEmpty()) return value;
2793 
2794  return MaybeHandle<Object>();
2795 }
v8::NamedPropertySetterCallback
void(* NamedPropertySetterCallback)(Local< String > property, Local< Value > value, const PropertyCallbackInfo< Value > &info)
Returns the value if the setter intercepts the request.
Definition: v8.h:3436

References v8::internal::Handle< T >::cast(), v8::Handle< T >::IsEmpty(), LOG, RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION, and v8::Utils::ToLocal().

Referenced by v8::internal::Object::SetProperty().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetPrototype()

MaybeHandle< Object > v8::internal::JSObject::SetPrototype ( Handle< JSObject object,
Handle< Object value,
bool  from_javascript 
)
static

Definition at line 11658 of file objects.cc.

11660  {
11661 #ifdef DEBUG
11662  int size = object->Size();
11663 #endif
11664 
11665  Isolate* isolate = object->GetIsolate();
11666  Heap* heap = isolate->heap();
11667  // Silently ignore the change if value is not a JSObject or null.
11668  // SpiderMonkey behaves this way.
11669  if (!value->IsJSReceiver() && !value->IsNull()) return value;
11670 
11671  // From 8.6.2 Object Internal Methods
11672  // ...
11673  // In addition, if [[Extensible]] is false the value of the [[Class]] and
11674  // [[Prototype]] internal properties of the object may not be modified.
11675  // ...
11676  // Implementation specific extensions that modify [[Class]], [[Prototype]]
11677  // or [[Extensible]] must not violate the invariants defined in the preceding
11678  // paragraph.
11679  if (!object->map()->is_extensible()) {
11680  Handle<Object> args[] = { object };
11681  THROW_NEW_ERROR(isolate, NewTypeError("non_extensible_proto",
11682  HandleVector(args, arraysize(args))),
11683  Object);
11684  }
11685 
11686  // Before we can set the prototype we need to be sure
11687  // prototype cycles are prevented.
11688  // It is sufficient to validate that the receiver is not in the new prototype
11689  // chain.
11690  for (PrototypeIterator iter(isolate, *value,
11691  PrototypeIterator::START_AT_RECEIVER);
11692  !iter.IsAtEnd(); iter.Advance()) {
11693  if (JSReceiver::cast(iter.GetCurrent()) == *object) {
11694  // Cycle detected.
11695  THROW_NEW_ERROR(isolate,
11696  NewError("cyclic_proto", HandleVector<Object>(NULL, 0)),
11697  Object);
11698  }
11699  }
11700 
11701  bool dictionary_elements_in_chain =
11702  object->map()->DictionaryElementsInPrototypeChainOnly();
11703  Handle<JSObject> real_receiver = object;
11704 
11705  if (from_javascript) {
11706  // Find the first object in the chain whose prototype object is not
11707  // hidden and set the new prototype on that object.
11708  PrototypeIterator iter(isolate, real_receiver);
11709  while (!iter.IsAtEnd(PrototypeIterator::END_AT_NON_HIDDEN)) {
11710  real_receiver =
11711  Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter));
11712  iter.Advance();
11713  }
11714  }
11715 
11716  // Set the new prototype of the object.
11717  Handle<Map> map(real_receiver->map());
11718 
11719  // Nothing to do if prototype is already set.
11720  if (map->prototype() == *value) return value;
11721 
11722  if (value->IsJSObject()) {
11723  PrototypeOptimizationMode mode =
11724  from_javascript ? REGULAR_PROTOTYPE : FAST_PROTOTYPE;
11725  JSObject::OptimizeAsPrototype(Handle<JSObject>::cast(value), mode);
11726  }
11727 
11728  Handle<Map> new_map = Map::TransitionToPrototype(map, value);
11729  DCHECK(new_map->prototype() == *value);
11730  JSObject::MigrateToMap(real_receiver, new_map);
11731 
11732  if (!dictionary_elements_in_chain &&
11733  new_map->DictionaryElementsInPrototypeChainOnly()) {
11734  // If the prototype chain didn't previously have element callbacks, then
11735  // KeyedStoreICs need to be cleared to ensure any that involve this
11736  // map go generic.
11737  object->GetHeap()->ClearAllICsByKind(Code::KEYED_STORE_IC);
11738  }
11739 
11740  heap->ClearInstanceofCache();
11741  DCHECK(size == object->Size());
11742  return value;
11743 }
v8::internal::Map::TransitionToPrototype
static Handle< Map > TransitionToPrototype(Handle< Map > map, Handle< Object > prototype)
Definition: objects.cc:11646
v8::internal::PrototypeOptimizationMode
PrototypeOptimizationMode
Definition: objects.h:258
v8::internal::REGULAR_PROTOTYPE
@ REGULAR_PROTOTYPE
Definition: objects.h:258

References v8::internal::PrototypeIterator::Advance(), arraysize, v8::internal::Handle< T >::cast(), v8::internal::Heap::ClearInstanceofCache(), DCHECK, v8::internal::PrototypeIterator::END_AT_NON_HIDDEN, v8::internal::FAST_PROTOTYPE, v8::internal::PrototypeIterator::GetCurrent(), v8::internal::HandleVector(), v8::internal::Isolate::heap(), v8::internal::PrototypeIterator::IsAtEnd(), v8::internal::HeapObject::map(), MigrateToMap(), mode(), NULL, OptimizeAsPrototype(), v8::internal::REGULAR_PROTOTYPE, size, v8::internal::PrototypeIterator::START_AT_RECEIVER, THROW_NEW_ERROR, and v8::internal::Map::TransitionToPrototype().

Referenced by v8::internal::JSFunction::CloneClosure(), v8::internal::RUNTIME_FUNCTION(), and v8::Object::SetPrototype().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ShouldConvertToFastDoubleElements()

bool v8::internal::JSObject::ShouldConvertToFastDoubleElements ( bool has_smi_only_elements)

Definition at line 13035 of file objects.cc.

13036  {
13037  *has_smi_only_elements = false;
13038  if (HasSloppyArgumentsElements()) return false;
13039  if (FLAG_unbox_double_arrays) {
13040  DCHECK(HasDictionaryElements());
13041  SeededNumberDictionary* dictionary = element_dictionary();
13042  bool found_double = false;
13043  for (int i = 0; i < dictionary->Capacity(); i++) {
13044  Object* key = dictionary->KeyAt(i);
13045  if (key->IsNumber()) {
13046  Object* value = dictionary->ValueAt(i);
13047  if (!value->IsNumber()) return false;
13048  if (!value->IsSmi()) {
13049  found_double = true;
13050  }
13051  }
13052  }
13053  *has_smi_only_elements = !found_double;
13054  return found_double;
13055  } else {
13056  return false;
13057  }
13058 }

References v8::internal::HashTable< Derived, Shape, Key >::Capacity(), DCHECK, v8::internal::HashTable< Derived, Shape, Key >::KeyAt(), and v8::internal::Dictionary< Derived, Shape, Key >::ValueAt().

+ Here is the call graph for this function:

◆ ShouldConvertToFastElements()

bool v8::internal::JSObject::ShouldConvertToFastElements ( )

Definition at line 12999 of file objects.cc.

12999  {
13000  DCHECK(HasDictionaryElements() || HasDictionaryArgumentsElements());
13001  // If the elements are sparse, we should not go back to fast case.
13002  if (!HasDenseElements()) return false;
13003  // An object requiring access checks is never allowed to have fast
13004  // elements. If it had fast elements we would skip security checks.
13005  if (IsAccessCheckNeeded()) return false;
13006  // Observed objects may not go to fast mode because they rely on map checks,
13007  // and for fast element accesses we sometimes check element kinds only.
13008  if (map()->is_observed()) return false;
13009 
13010  FixedArray* elements = FixedArray::cast(this->elements());
13011  SeededNumberDictionary* dictionary = NULL;
13012  if (elements->map() == GetHeap()->sloppy_arguments_elements_map()) {
13013  dictionary = SeededNumberDictionary::cast(elements->get(1));
13014  } else {
13015  dictionary = SeededNumberDictionary::cast(elements);
13016  }
13017  // If an element has been added at a very high index in the elements
13018  // dictionary, we cannot go back to fast case.
13019  if (dictionary->requires_slow_elements()) return false;
13020  // If the dictionary backing storage takes up roughly half as much
13021  // space (in machine words) as a fast-case backing storage would,
13022  // the object should have fast elements.
13023  uint32_t array_size = 0;
13024  if (IsJSArray()) {
13025  CHECK(JSArray::cast(this)->length()->ToArrayIndex(&array_size));
13026  } else {
13027  array_size = dictionary->max_number_key();
13028  }
13029  uint32_t dictionary_size = static_cast<uint32_t>(dictionary->Capacity()) *
13030  SeededNumberDictionary::kEntrySize;
13031  return 2 * dictionary_size >= array_size;
13032 }
v8::internal::HashTable::kEntrySize
static const int kEntrySize
Definition: objects.h:3276
v8::internal::JSObject::HasDictionaryArgumentsElements
bool HasDictionaryArgumentsElements()
Definition: objects.cc:11934

References v8::internal::HashTable< Derived, Shape, Key >::Capacity(), CHECK, DCHECK, v8::internal::FixedArray::get(), v8::internal::HeapObject::GetHeap(), v8::internal::HashTable< Derived, Shape, Key >::kEntrySize, v8::internal::FixedArrayBase::length(), v8::internal::HeapObject::map(), v8::internal::SeededNumberDictionary::max_number_key(), NULL, v8::internal::SeededNumberDictionary::requires_slow_elements(), and v8::internal::Object::ToArrayIndex().

+ Here is the call graph for this function:

◆ ShouldConvertToSlowElements()

bool v8::internal::JSObject::ShouldConvertToSlowElements ( int  new_capacity)

Definition at line 12979 of file objects.cc.

12979  {
12980  STATIC_ASSERT(kMaxUncheckedOldFastElementsLength <=
12981  kMaxUncheckedFastElementsLength);
12982  if (new_capacity <= kMaxUncheckedOldFastElementsLength ||
12983  (new_capacity <= kMaxUncheckedFastElementsLength &&
12984  GetHeap()->InNewSpace(this))) {
12985  return false;
12986  }
12987  // If the fast-case backing storage takes up roughly three times as
12988  // much space (in machine words) as a dictionary backing storage
12989  // would, the object should have slow elements.
12990  int old_capacity = 0;
12991  int used_elements = 0;
12992  GetElementsCapacityAndUsage(&old_capacity, &used_elements);
12993  int dictionary_size = SeededNumberDictionary::ComputeCapacity(used_elements) *
12994  SeededNumberDictionary::kEntrySize;
12995  return 3 * dictionary_size <= new_capacity;
12996 }
v8::internal::HashTable::ComputeCapacity
static int ComputeCapacity(int at_least_space_for)
Definition: objects-inl.h:3099
v8::internal::JSObject::STATIC_ASSERT
STATIC_ASSERT(kHeaderSize==Internals::kJSObjectHeaderSize)
v8::internal::JSObject::kMaxUncheckedFastElementsLength
static const int kMaxUncheckedFastElementsLength
Definition: objects.h:2172
v8::internal::JSObject::kMaxUncheckedOldFastElementsLength
static const int kMaxUncheckedOldFastElementsLength
Definition: objects.h:2176

References v8::internal::HashTable< Derived, Shape, Key >::ComputeCapacity(), v8::internal::HeapObject::GetHeap(), v8::internal::HashTable< Derived, Shape, Key >::kEntrySize, and v8::internal::FixedArray::STATIC_ASSERT().

+ Here is the call graph for this function:

◆ SlowReverseLookup()

Object * v8::internal::JSObject::SlowReverseLookup ( Object value)

Definition at line 6346 of file objects.cc.

6346  {
6347  if (HasFastProperties()) {
6348  int number_of_own_descriptors = map()->NumberOfOwnDescriptors();
6349  DescriptorArray* descs = map()->instance_descriptors();
6350  for (int i = 0; i < number_of_own_descriptors; i++) {
6351  if (descs->GetType(i) == FIELD) {
6352  Object* property =
6353  RawFastPropertyAt(FieldIndex::ForDescriptor(map(), i));
6354  if (descs->GetDetails(i).representation().IsDouble()) {
6355  DCHECK(property->IsMutableHeapNumber());
6356  if (value->IsNumber() && property->Number() == value->Number()) {
6357  return descs->GetKey(i);
6358  }
6359  } else if (property == value) {
6360  return descs->GetKey(i);
6361  }
6362  } else if (descs->GetType(i) == CONSTANT) {
6363  if (descs->GetConstant(i) == value) {
6364  return descs->GetKey(i);
6365  }
6366  }
6367  }
6368  return GetHeap()->undefined_value();
6369  } else {
6370  return property_dictionary()->SlowReverseLookup(value);
6371  }
6372 }
v8::internal::Dictionary::SlowReverseLookup
Object * SlowReverseLookup(Object *value)
Definition: objects.cc:15270

References v8::internal::CONSTANT, DCHECK, v8::internal::FIELD, v8::internal::DescriptorArray::GetConstant(), v8::internal::DescriptorArray::GetDetails(), v8::internal::HeapObject::GetHeap(), v8::internal::DescriptorArray::GetKey(), v8::internal::DescriptorArray::GetType(), v8::internal::HeapObject::map(), v8::internal::Object::Number(), and v8::internal::Map::NumberOfOwnDescriptors().

+ Here is the call graph for this function:

◆ STATIC_ASSERT()

v8::internal::JSObject::STATIC_ASSERT ( kHeaderSize  = =Internals::kJSObjectHeaderSize)

◆ TransitionElementsKind()

void v8::internal::JSObject::TransitionElementsKind ( Handle< JSObject object,
ElementsKind  to_kind 
)
static

Definition at line 12706 of file objects.cc.

12707  {
12708  ElementsKind from_kind = object->map()->elements_kind();
12709 
12710  if (IsFastHoleyElementsKind(from_kind)) {
12711  to_kind = GetHoleyElementsKind(to_kind);
12712  }
12713 
12714  if (from_kind == to_kind) return;
12715  // Don't update the site if to_kind isn't fast
12716  if (IsFastElementsKind(to_kind)) {
12717  UpdateAllocationSite(object, to_kind);
12718  }
12719 
12720  Isolate* isolate = object->GetIsolate();
12721  if (object->elements() == isolate->heap()->empty_fixed_array() ||
12722  (IsFastSmiOrObjectElementsKind(from_kind) &&
12723  IsFastSmiOrObjectElementsKind(to_kind)) ||
12724  (from_kind == FAST_DOUBLE_ELEMENTS &&
12725  to_kind == FAST_HOLEY_DOUBLE_ELEMENTS)) {
12726  DCHECK(from_kind != TERMINAL_FAST_ELEMENTS_KIND);
12727  // No change is needed to the elements() buffer, the transition
12728  // only requires a map change.
12729  Handle<Map> new_map = GetElementsTransitionMap(object, to_kind);
12730  MigrateToMap(object, new_map);
12731  if (FLAG_trace_elements_transitions) {
12732  Handle<FixedArrayBase> elms(object->elements());
12733  PrintElementsTransition(stdout, object, from_kind, elms, to_kind, elms);
12734  }
12735  return;
12736  }
12737 
12738  Handle<FixedArrayBase> elms(object->elements());
12739  uint32_t capacity = static_cast<uint32_t>(elms->length());
12740  uint32_t length = capacity;
12741 
12742  if (object->IsJSArray()) {
12743  Object* raw_length = Handle<JSArray>::cast(object)->length();
12744  if (raw_length->IsUndefined()) {
12745  // If length is undefined, then JSArray is being initialized and has no
12746  // elements, assume a length of zero.
12747  length = 0;
12748  } else {
12749  CHECK(raw_length->ToArrayIndex(&length));
12750  }
12751  }
12752 
12753  if (IsFastSmiElementsKind(from_kind) &&
12754  IsFastDoubleElementsKind(to_kind)) {
12755  SetFastDoubleElementsCapacityAndLength(object, capacity, length);
12756  JSObject::ValidateElements(object);
12757  return;
12758  }
12759 
12760  if (IsFastDoubleElementsKind(from_kind) &&
12761  IsFastObjectElementsKind(to_kind)) {
12762  SetFastElementsCapacityAndLength(object, capacity, length,
12763  kDontAllowSmiElements);
12764  JSObject::ValidateElements(object);
12765  return;
12766  }
12767 
12768  // This method should never be called for any other case than the ones
12769  // handled above.
12770  UNREACHABLE();
12771 }
v8::internal::TERMINAL_FAST_ELEMENTS_KIND
@ TERMINAL_FAST_ELEMENTS_KIND
Definition: elements-kind.h:63

References v8::internal::Handle< T >::cast(), CHECK, DCHECK, v8::internal::FAST_DOUBLE_ELEMENTS, v8::internal::FAST_HOLEY_DOUBLE_ELEMENTS, v8::internal::GetHoleyElementsKind(), v8::internal::Isolate::heap(), v8::internal::IsFastDoubleElementsKind(), v8::internal::IsFastElementsKind(), v8::internal::IsFastHoleyElementsKind(), v8::internal::IsFastObjectElementsKind(), v8::internal::IsFastSmiElementsKind(), v8::internal::IsFastSmiOrObjectElementsKind(), v8::internal::FixedArrayBase::length(), v8::internal::TERMINAL_FAST_ELEMENTS_KIND, v8::internal::Object::ToArrayIndex(), UNREACHABLE, and ValidateElements().

Referenced by v8::internal::ArrayConstructInitializeElements(), v8::internal::ArrayConstructorCommon(), v8::internal::FastElementsAccessor< FastElementsAccessorSubclass, KindTraits >::DeleteCommon(), v8::internal::AllocationSite::DigestTransitionFeedback(), EnsureCanContainElements(), EnsureCanContainHeapObjectElements(), v8::internal::EnsureJSArrayWithWritableFastElements(), v8::internal::RUNTIME_FUNCTION(), v8::internal::FastElementsAccessor< FastElementsAccessorSubclass, KindTraits >::SetLengthWithoutNormalize(), and v8::internal::TransitionElements().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ TryMigrateInstance()

bool v8::internal::JSObject::TryMigrateInstance ( Handle< JSObject instance)
static

Definition at line 3740 of file objects.cc.

3740  {
3741  Isolate* isolate = object->GetIsolate();
3742  DisallowDeoptimization no_deoptimization(isolate);
3743  Handle<Map> original_map(object->map(), isolate);
3744  Handle<Map> new_map;
3745  if (!Map::TryUpdate(original_map).ToHandle(&new_map)) {
3746  return false;
3747  }
3748  JSObject::MigrateToMap(object, new_map);
3749  if (FLAG_trace_migration) {
3750  object->PrintInstanceMigration(stdout, *original_map, object->map());
3751  }
3752  return true;
3753 }
v8::internal::Map::TryUpdate
static MaybeHandle< Map > TryUpdate(Handle< Map > map) WARN_UNUSED_RESULT
Definition: objects.cc:2691
v8::internal::DisallowDeoptimization
PerIsolateAssertScopeDebugOnly< DEOPTIMIZATION_ASSERT, false > DisallowDeoptimization
Definition: assert-scope.h:169

References MigrateToMap(), and v8::internal::Map::TryUpdate().

Referenced by v8::internal::IsFastLiteral(), v8::internal::HOptimizedGraphBuilder::PropertyAccessInfo::LookupInPrototypes(), v8::internal::RUNTIME_FUNCTION(), and v8::internal::Map::TryUpdate().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ UpdateAllocationSite()

void v8::internal::JSObject::UpdateAllocationSite ( Handle< JSObject object,
ElementsKind  to_kind 
)
staticprivate

Definition at line 12685 of file objects.cc.

12686  {
12687  if (!object->IsJSArray()) return;
12688 
12689  Heap* heap = object->GetHeap();
12690  if (!heap->InNewSpace(*object)) return;
12691 
12692  Handle<AllocationSite> site;
12693  {
12694  DisallowHeapAllocation no_allocation;
12695 
12696  AllocationMemento* memento = heap->FindAllocationMemento(*object);
12697  if (memento == NULL) return;
12698 
12699  // Walk through to the Allocation Site
12700  site = handle(memento->GetAllocationSite());
12701  }
12702  AllocationSite::DigestTransitionFeedback(site, to_kind);
12703 }
v8::internal::AllocationSite::DigestTransitionFeedback
static void DigestTransitionFeedback(Handle< AllocationSite > site, ElementsKind to_kind)
Definition: objects.cc:12606

References v8::internal::AllocationSite::DigestTransitionFeedback(), v8::internal::Heap::FindAllocationMemento(), v8::internal::AllocationMemento::GetAllocationSite(), v8::internal::handle(), v8::internal::Heap::InNewSpace(), and NULL.

Referenced by SetFastElementsCapacityAndLength().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ValidateElements()

void v8::internal::JSObject::ValidateElements ( Handle< JSObject object)
inlinestatic

Definition at line 1561 of file objects-inl.h.

1561  {
1562 #ifdef ENABLE_SLOW_DCHECKS
1563  if (FLAG_enable_slow_asserts) {
1564  ElementsAccessor* accessor = object->GetElementsAccessor();
1565  accessor->Validate(object);
1566  }
1567 #endif
1568 }
v8::internal::FLAG_enable_slow_asserts
const bool FLAG_enable_slow_asserts
Definition: checks.h:31

References v8::internal::FLAG_enable_slow_asserts, and v8::internal::ElementsAccessor::Validate().

Referenced by v8::internal::Runtime::CreateArrayLiteralBoilerplate(), EnsureCanContainHeapObjectElements(), PrepareElementsForSort(), v8::internal::RUNTIME_FUNCTION(), SetDictionaryElement(), SetFastDoubleElement(), SetFastDoubleElementsCapacityAndLength(), SetFastElement(), SetFastElementsCapacityAndLength(), v8::internal::FastElementsAccessor< FastElementsAccessorSubclass, KindTraits >::SetLengthWithoutNormalize(), v8::internal::Runtime::SetObjectProperty(), and TransitionElementsKind().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ WouldConvertToSlowElements()

bool v8::internal::JSObject::WouldConvertToSlowElements ( Handle< Object key)

Definition at line 12964 of file objects.cc.

12964  {
12965  uint32_t index;
12966  if (HasFastElements() && key->ToArrayIndex(&index)) {
12967  Handle<FixedArrayBase> backing_store(FixedArrayBase::cast(elements()));
12968  uint32_t capacity = static_cast<uint32_t>(backing_store->length());
12969  if (index >= capacity) {
12970  if ((index - capacity) >= kMaxGap) return true;
12971  uint32_t new_capacity = NewElementsCapacity(index + 1);
12972  return ShouldConvertToSlowElements(new_capacity);
12973  }
12974  }
12975  return false;
12976 }
v8::internal::JSObject::ShouldConvertToSlowElements
bool ShouldConvertToSlowElements(int new_capacity)
Definition: objects.cc:12979

◆ WriteToField()

void v8::internal::JSObject::WriteToField ( int  descriptor,
Object value 
)

Definition at line 3765 of file objects.cc.

3765  {
3766  DisallowHeapAllocation no_gc;
3767 
3768  DescriptorArray* desc = map()->instance_descriptors();
3769  PropertyDetails details = desc->GetDetails(descriptor);
3770 
3771  DCHECK(details.type() == FIELD);
3772 
3773  FieldIndex index = FieldIndex::ForDescriptor(map(), descriptor);
3774  if (details.representation().IsDouble()) {
3775  // Nothing more to be done.
3776  if (value->IsUninitialized()) return;
3777  HeapNumber* box = HeapNumber::cast(RawFastPropertyAt(index));
3778  DCHECK(box->IsMutableHeapNumber());
3779  box->set_value(value->Number());
3780  } else {
3781  FastPropertyAtPut(index, value);
3782  }
3783 }
v8::internal::JSObject::FastPropertyAtPut
void FastPropertyAtPut(FieldIndex index, Object *value)
Definition: objects-inl.h:2034

References DCHECK, v8::internal::FIELD, v8::internal::DescriptorArray::GetDetails(), v8::internal::HeapObject::map(), v8::internal::Object::Number(), and v8::internal::HeapNumber::set_value().

+ Here is the call graph for this function:

Friends And Related Function Documentation

◆ DictionaryElementsAccessor

friend class DictionaryElementsAccessor
friend

Definition at line 2217 of file objects.h.

◆ JSReceiver

friend class JSReceiver
friend

Definition at line 2218 of file objects.h.

◆ Object

friend class Object
friend

Definition at line 2219 of file objects.h.

Member Data Documentation

◆ kElementsOffset

const int v8::internal::JSObject::kElementsOffset = kPropertiesOffset + kPointerSize
static

Definition at line 2194 of file objects.h.

Referenced by v8::internal::HLoadEliminationEffects::Apply(), v8::internal::V8HeapExplorer::ExtractJSObjectReferences(), v8::internal::FINAL< kOperandKind, kNumCachedOperands >::ForElementsPointer(), GetElementsKind(), initialize_elements(), and v8::internal::HLoadEliminationTable::Process().

◆ kFieldsAdded

const int v8::internal::JSObject::kFieldsAdded = 3
static

Definition at line 2190 of file objects.h.

Referenced by v8::internal::Map::CopyGeneralizeAllRepresentations(), and v8::internal::Map::CopyInstallDescriptors().

◆ kHeaderSize

const int v8::internal::JSObject::kHeaderSize = kElementsOffset + kPointerSize
static

Definition at line 2195 of file objects.h.

Referenced by v8::internal::CodeStubGraphBuilder< Stub >::BuildCodeStub(), v8::internal::SharedFunctionInfo::CalculateInObjectProperties(), v8::internal::SharedFunctionInfo::CalculateInstanceSize(), v8::internal::Heap::CopyJSObject(), v8::internal::Map::Create(), v8::internal::Heap::CreateApiObjects(), v8::internal::Heap::CreateInitialMaps(), v8::internal::Heap::CreateInitialObjects(), v8::internal::V8HeapExplorer::ExtractJSObjectReferences(), GetHeaderSize(), v8::internal::Isolate::GetSymbolRegistry(), and InitializeBody().

◆ kInitialGlobalObjectUnusedPropertiesCount

const int v8::internal::JSObject::kInitialGlobalObjectUnusedPropertiesCount = 4
static

Definition at line 2184 of file objects.h.

◆ kInitialMaxFastElementArray

const int v8::internal::JSObject::kInitialMaxFastElementArray = 100000
static

Definition at line 2180 of file objects.h.

Referenced by v8::internal::ArrayConstructInitializeElements(), v8::internal::ArrayConstructorCommon(), v8::internal::CodeStubGraphBuilderBase::BuildArrayNArgumentsConstructor(), and v8::internal::Heap::ConfigureHeap().

◆ kMaxElementCount

const uint32_t v8::internal::JSObject::kMaxElementCount = 0xffffffffu
static

Definition at line 2161 of file objects.h.

Referenced by v8::internal::ArrayConcatVisitor::increase_index_offset(), v8::internal::RUNTIME_FUNCTION(), and v8::internal::ArrayConcatVisitor::visit().

◆ kMaxGap

const uint32_t v8::internal::JSObject::kMaxGap = 1024
static

Definition at line 2168 of file objects.h.

◆ kMaxInstanceSize

const int v8::internal::JSObject::kMaxInstanceSize = 255 * kPointerSize
static

Definition at line 2186 of file objects.h.

Referenced by v8::internal::SharedFunctionInfo::CalculateInstanceSize(), and v8::internal::Map::Create().

◆ kMaxUncheckedFastElementsLength

const int v8::internal::JSObject::kMaxUncheckedFastElementsLength = 5000
static

Definition at line 2172 of file objects.h.

◆ kMaxUncheckedOldFastElementsLength

const int v8::internal::JSObject::kMaxUncheckedOldFastElementsLength = 500
static

Definition at line 2176 of file objects.h.

◆ kPropertiesOffset

const int v8::internal::JSObject::kPropertiesOffset = HeapObject::kHeaderSize
static

Definition at line 2193 of file objects.h.

Referenced by v8::internal::V8HeapExplorer::ExtractJSObjectReferences(), v8::internal::FINAL< kOperandKind, kNumCachedOperands >::ForPropertiesPointer(), v8::internal::StaticNewSpaceVisitor< StaticVisitor >::INLINE(), v8::internal::JSFunction::JSFunctionIterateBody(), v8::internal::StaticMarkingVisitor< IncrementalMarkingMarkingVisitor >::MarkInlinedFunctionsCode(), v8::internal::StaticMarkingVisitor< StaticVisitor >::VisitJSFunctionStrongCode(), and v8::internal::StaticMarkingVisitor< StaticVisitor >::VisitJSFunctionWeakCode().

The documentation for this class was generated from the following files: