diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-05-16 09:59:13 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-05-20 10:28:53 +0000 |
| commit | 6c11fb357ec39bf087b8b632e2b1e375aef1b38b (patch) | |
| tree | c8315530db18a8ee566521c39ab8a6af4f72bc03 /chromium/v8/src/runtime | |
| parent | 3ffaed019d0772e59d6cdb2d0d32fe4834c31f72 (diff) | |
| download | qtwebengine-chromium-6c11fb357ec39bf087b8b632e2b1e375aef1b38b.tar.gz | |
BASELINE: Update Chromium to 74.0.3729.159
Change-Id: I8d2497da544c275415aedd94dd25328d555de811
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'chromium/v8/src/runtime')
21 files changed, 361 insertions, 476 deletions
diff --git a/chromium/v8/src/runtime/runtime-array.cc b/chromium/v8/src/runtime/runtime-array.cc index d18ced02bd8..febecaf892d 100644 --- a/chromium/v8/src/runtime/runtime-array.cc +++ b/chromium/v8/src/runtime/runtime-array.cc @@ -8,8 +8,11 @@ #include "src/debug/debug.h" #include "src/elements.h" #include "src/heap/factory.h" +#include "src/heap/heap-inl.h" // For ToBoolean. TODO(jkummerow): Drop. +#include "src/heap/heap-write-barrier-inl.h" #include "src/isolate-inl.h" #include "src/keys.h" +#include "src/objects/allocation-site-inl.h" #include "src/objects/arguments-inl.h" #include "src/objects/hash-table-inl.h" #include "src/objects/js-array-inl.h" @@ -130,11 +133,11 @@ Object RemoveArrayHolesGeneric(Isolate* isolate, Handle<JSReceiver> receiver, // the remaining undefineds or delete the remaining properties. RETURN_FAILURE_ON_EXCEPTION( isolate, Object::SetElement(isolate, receiver, current_pos, element, - LanguageMode::kStrict)); + ShouldThrow::kThrowOnError)); RETURN_FAILURE_ON_EXCEPTION( isolate, Object::SetElement(isolate, receiver, key, isolate->factory()->undefined_value(), - LanguageMode::kStrict)); + ShouldThrow::kThrowOnError)); ++current_pos; } } @@ -152,7 +155,7 @@ Object RemoveArrayHolesGeneric(Isolate* isolate, Handle<JSReceiver> receiver, RETURN_FAILURE_ON_EXCEPTION( isolate, Object::SetElement(isolate, receiver, current_pos++, isolate->factory()->undefined_value(), - LanguageMode::kStrict)); + ShouldThrow::kThrowOnError)); } // TODO(szuend): Re-enable when we also copy from the prototype chain for // JSArrays. Then we can use HasOwnProperty instead of @@ -207,7 +210,8 @@ Object RemoveArrayHoles(Isolate* isolate, Handle<JSReceiver> receiver, Handle<Map> new_map = JSObject::GetElementsTransitionMap(object, HOLEY_ELEMENTS); - PretenureFlag tenure = Heap::InNewSpace(*object) ? NOT_TENURED : TENURED; + PretenureFlag tenure = + ObjectInYoungGeneration(*object) ? NOT_TENURED : TENURED; Handle<FixedArray> fast_elements = isolate->factory()->NewFixedArray(dict->NumberOfElements(), tenure); dict->CopyValuesTo(*fast_elements); @@ -336,7 +340,7 @@ Maybe<bool> ConditionalCopy(Isolate* isolate, Handle<JSReceiver> source, ASSIGN_RETURN_ON_EXCEPTION_VALUE( isolate, set_result, Object::SetElement(isolate, target, index, source_element, - LanguageMode::kStrict), + ShouldThrow::kThrowOnError), Nothing<bool>()); return Just(true); diff --git a/chromium/v8/src/runtime/runtime-classes.cc b/chromium/v8/src/runtime/runtime-classes.cc index 02db33733e8..f0d31600bff 100644 --- a/chromium/v8/src/runtime/runtime-classes.cc +++ b/chromium/v8/src/runtime/runtime-classes.cc @@ -771,25 +771,22 @@ namespace { MaybeHandle<Object> StoreToSuper(Isolate* isolate, Handle<JSObject> home_object, Handle<Object> receiver, Handle<Name> name, - Handle<Object> value, - LanguageMode language_mode) { + Handle<Object> value) { Handle<JSReceiver> holder; ASSIGN_RETURN_ON_EXCEPTION(isolate, holder, GetSuperHolder(isolate, receiver, home_object, SuperMode::kStore, name, 0), Object); LookupIterator it(receiver, name, holder); - MAYBE_RETURN( - Object::SetSuperProperty(&it, value, language_mode, StoreOrigin::kNamed), - MaybeHandle<Object>()); + MAYBE_RETURN(Object::SetSuperProperty(&it, value, StoreOrigin::kNamed), + MaybeHandle<Object>()); return value; } MaybeHandle<Object> StoreElementToSuper(Isolate* isolate, Handle<JSObject> home_object, Handle<Object> receiver, uint32_t index, - Handle<Object> value, - LanguageMode language_mode) { + Handle<Object> value) { Handle<JSReceiver> holder; ASSIGN_RETURN_ON_EXCEPTION( isolate, holder, @@ -797,29 +794,14 @@ MaybeHandle<Object> StoreElementToSuper(Isolate* isolate, MaybeHandle<Name>(), index), Object); LookupIterator it(isolate, receiver, index, holder); - MAYBE_RETURN(Object::SetSuperProperty(&it, value, language_mode, - StoreOrigin::kMaybeKeyed), + MAYBE_RETURN(Object::SetSuperProperty(&it, value, StoreOrigin::kMaybeKeyed), MaybeHandle<Object>()); return value; } } // anonymous namespace -RUNTIME_FUNCTION(Runtime_StoreToSuper_Strict) { - HandleScope scope(isolate); - DCHECK_EQ(4, args.length()); - CONVERT_ARG_HANDLE_CHECKED(Object, receiver, 0); - CONVERT_ARG_HANDLE_CHECKED(JSObject, home_object, 1); - CONVERT_ARG_HANDLE_CHECKED(Name, name, 2); - CONVERT_ARG_HANDLE_CHECKED(Object, value, 3); - - RETURN_RESULT_OR_FAILURE( - isolate, StoreToSuper(isolate, home_object, receiver, name, value, - LanguageMode::kStrict)); -} - - -RUNTIME_FUNCTION(Runtime_StoreToSuper_Sloppy) { +RUNTIME_FUNCTION(Runtime_StoreToSuper) { HandleScope scope(isolate); DCHECK_EQ(4, args.length()); CONVERT_ARG_HANDLE_CHECKED(Object, receiver, 0); @@ -828,47 +810,30 @@ RUNTIME_FUNCTION(Runtime_StoreToSuper_Sloppy) { CONVERT_ARG_HANDLE_CHECKED(Object, value, 3); RETURN_RESULT_OR_FAILURE( - isolate, StoreToSuper(isolate, home_object, receiver, name, value, - LanguageMode::kSloppy)); + isolate, StoreToSuper(isolate, home_object, receiver, name, value)); } -static MaybeHandle<Object> StoreKeyedToSuper( - Isolate* isolate, Handle<JSObject> home_object, Handle<Object> receiver, - Handle<Object> key, Handle<Object> value, LanguageMode language_mode) { +static MaybeHandle<Object> StoreKeyedToSuper(Isolate* isolate, + Handle<JSObject> home_object, + Handle<Object> receiver, + Handle<Object> key, + Handle<Object> value) { uint32_t index = 0; if (key->ToArrayIndex(&index)) { - return StoreElementToSuper(isolate, home_object, receiver, index, value, - language_mode); + return StoreElementToSuper(isolate, home_object, receiver, index, value); } Handle<Name> name; ASSIGN_RETURN_ON_EXCEPTION(isolate, name, Object::ToName(isolate, key), Object); // TODO(verwaest): Unify using LookupIterator. if (name->AsArrayIndex(&index)) { - return StoreElementToSuper(isolate, home_object, receiver, index, value, - language_mode); + return StoreElementToSuper(isolate, home_object, receiver, index, value); } - return StoreToSuper(isolate, home_object, receiver, name, value, - language_mode); + return StoreToSuper(isolate, home_object, receiver, name, value); } - -RUNTIME_FUNCTION(Runtime_StoreKeyedToSuper_Strict) { - HandleScope scope(isolate); - DCHECK_EQ(4, args.length()); - CONVERT_ARG_HANDLE_CHECKED(Object, receiver, 0); - CONVERT_ARG_HANDLE_CHECKED(JSObject, home_object, 1); - CONVERT_ARG_HANDLE_CHECKED(Object, key, 2); - CONVERT_ARG_HANDLE_CHECKED(Object, value, 3); - - RETURN_RESULT_OR_FAILURE( - isolate, StoreKeyedToSuper(isolate, home_object, receiver, key, value, - LanguageMode::kStrict)); -} - - -RUNTIME_FUNCTION(Runtime_StoreKeyedToSuper_Sloppy) { +RUNTIME_FUNCTION(Runtime_StoreKeyedToSuper) { HandleScope scope(isolate); DCHECK_EQ(4, args.length()); CONVERT_ARG_HANDLE_CHECKED(Object, receiver, 0); @@ -877,8 +842,7 @@ RUNTIME_FUNCTION(Runtime_StoreKeyedToSuper_Sloppy) { CONVERT_ARG_HANDLE_CHECKED(Object, value, 3); RETURN_RESULT_OR_FAILURE( - isolate, StoreKeyedToSuper(isolate, home_object, receiver, key, value, - LanguageMode::kSloppy)); + isolate, StoreKeyedToSuper(isolate, home_object, receiver, key, value)); } } // namespace internal diff --git a/chromium/v8/src/runtime/runtime-collections.cc b/chromium/v8/src/runtime/runtime-collections.cc index 2f03bb85320..42f6af5f4f9 100644 --- a/chromium/v8/src/runtime/runtime-collections.cc +++ b/chromium/v8/src/runtime/runtime-collections.cc @@ -6,6 +6,7 @@ #include "src/conversions-inl.h" #include "src/counters.h" #include "src/heap/factory.h" +#include "src/heap/heap-inl.h" // For ToBoolean. TODO(jkummerow): Drop. #include "src/objects/hash-table-inl.h" #include "src/objects/js-collection-inl.h" #include "src/runtime/runtime-utils.h" diff --git a/chromium/v8/src/runtime/runtime-debug.cc b/chromium/v8/src/runtime/runtime-debug.cc index 98aa3b98e7e..7c083521753 100644 --- a/chromium/v8/src/runtime/runtime-debug.cc +++ b/chromium/v8/src/runtime/runtime-debug.cc @@ -15,6 +15,7 @@ #include "src/debug/liveedit.h" #include "src/frames-inl.h" #include "src/globals.h" +#include "src/heap/heap-inl.h" // For ToBoolean. TODO(jkummerow): Drop. #include "src/interpreter/bytecode-array-accessor.h" #include "src/interpreter/bytecodes.h" #include "src/interpreter/interpreter.h" @@ -722,16 +723,16 @@ RUNTIME_FUNCTION(Runtime_DebugCollectCoverage) { RUNTIME_FUNCTION(Runtime_DebugTogglePreciseCoverage) { SealHandleScope shs(isolate); CONVERT_BOOLEAN_ARG_CHECKED(enable, 0); - Coverage::SelectMode(isolate, enable ? debug::Coverage::kPreciseCount - : debug::Coverage::kBestEffort); + Coverage::SelectMode(isolate, enable ? debug::CoverageMode::kPreciseCount + : debug::CoverageMode::kBestEffort); return ReadOnlyRoots(isolate).undefined_value(); } RUNTIME_FUNCTION(Runtime_DebugToggleBlockCoverage) { SealHandleScope shs(isolate); CONVERT_BOOLEAN_ARG_CHECKED(enable, 0); - Coverage::SelectMode(isolate, enable ? debug::Coverage::kBlockCount - : debug::Coverage::kBestEffort); + Coverage::SelectMode(isolate, enable ? debug::CoverageMode::kBlockCount + : debug::CoverageMode::kBestEffort); return ReadOnlyRoots(isolate).undefined_value(); } diff --git a/chromium/v8/src/runtime/runtime-forin.cc b/chromium/v8/src/runtime/runtime-forin.cc index b0bb297bfed..56580e91daf 100644 --- a/chromium/v8/src/runtime/runtime-forin.cc +++ b/chromium/v8/src/runtime/runtime-forin.cc @@ -8,6 +8,7 @@ #include "src/counters.h" #include "src/elements.h" #include "src/heap/factory.h" +#include "src/heap/heap-inl.h" // For ToBoolean. TODO(jkummerow): Drop. #include "src/isolate-inl.h" #include "src/keys.h" #include "src/objects-inl.h" diff --git a/chromium/v8/src/runtime/runtime-function.cc b/chromium/v8/src/runtime/runtime-function.cc index 1edbd3d5cbe..ee813bff111 100644 --- a/chromium/v8/src/runtime/runtime-function.cc +++ b/chromium/v8/src/runtime/runtime-function.cc @@ -6,6 +6,7 @@ #include "src/arguments-inl.h" #include "src/compiler.h" #include "src/counters.h" +#include "src/heap/heap-inl.h" // For ToBoolean. TODO(jkummerow): Drop. #include "src/isolate-inl.h" #include "src/runtime/runtime-utils.h" diff --git a/chromium/v8/src/runtime/runtime-internal.cc b/chromium/v8/src/runtime/runtime-internal.cc index f8a7d5ba837..6a0dd3564fb 100644 --- a/chromium/v8/src/runtime/runtime-internal.cc +++ b/chromium/v8/src/runtime/runtime-internal.cc @@ -17,6 +17,7 @@ #include "src/isolate-inl.h" #include "src/message-template.h" #include "src/objects/js-array-inl.h" +#include "src/objects/template-objects-inl.h" #include "src/ostreams.h" #include "src/parsing/parse-info.h" #include "src/parsing/parsing.h" @@ -27,6 +28,17 @@ namespace v8 { namespace internal { +RUNTIME_FUNCTION(Runtime_AccessCheck) { + HandleScope scope(isolate); + DCHECK_EQ(1, args.length()); + CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0); + if (!isolate->MayAccess(handle(isolate->context(), isolate), object)) { + isolate->ReportFailedAccessCheck(object); + RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate); + } + return ReadOnlyRoots(isolate).undefined_value(); +} + RUNTIME_FUNCTION(Runtime_CheckIsBootstrapping) { SealHandleScope shs(isolate); DCHECK_EQ(0, args.length()); @@ -95,6 +107,13 @@ RUNTIME_FUNCTION(Runtime_ThrowTypeError) { THROW_ERROR(isolate, args, NewTypeError); } +RUNTIME_FUNCTION(Runtime_ThrowTypeErrorIfStrict) { + if (GetShouldThrow(isolate, Nothing<ShouldThrow>()) == + ShouldThrow::kDontThrow) + return ReadOnlyRoots(isolate).undefined_value(); + THROW_ERROR(isolate, args, NewTypeError); +} + #undef THROW_ERROR namespace { @@ -157,6 +176,15 @@ RUNTIME_FUNCTION(Runtime_ThrowReferenceError) { isolate, NewReferenceError(MessageTemplate::kNotDefined, name)); } +RUNTIME_FUNCTION(Runtime_ThrowAccessedUninitializedVariable) { + HandleScope scope(isolate); + DCHECK_EQ(1, args.length()); + CONVERT_ARG_HANDLE_CHECKED(Object, name, 0); + THROW_NEW_ERROR_RETURN_FAILURE( + isolate, + NewReferenceError(MessageTemplate::kAccessedUninitializedVariable, name)); +} + RUNTIME_FUNCTION(Runtime_NewTypeError) { HandleScope scope(isolate); DCHECK_EQ(2, args.length()); @@ -268,6 +296,9 @@ RUNTIME_FUNCTION(Runtime_AllocateInTargetSpace) { bool double_align = AllocateDoubleAlignFlag::decode(flags); AllocationSpace space = AllocateTargetSpace::decode(flags); CHECK(size <= kMaxRegularHeapObjectSize || space == LO_SPACE); + if (FLAG_young_generation_large_objects && space == LO_SPACE) { + space = NEW_LO_SPACE; + } return *isolate->factory()->NewFillerObject(size, double_align, space); } @@ -641,12 +672,16 @@ RUNTIME_FUNCTION(Runtime_CreateAsyncFromSyncIterator) { Handle<JSReceiver>::cast(sync_iterator), next); } -RUNTIME_FUNCTION(Runtime_CreateTemplateObject) { +RUNTIME_FUNCTION(Runtime_GetTemplateObject) { HandleScope scope(isolate); - DCHECK_EQ(1, args.length()); + DCHECK_EQ(3, args.length()); CONVERT_ARG_HANDLE_CHECKED(TemplateObjectDescription, description, 0); + CONVERT_ARG_HANDLE_CHECKED(SharedFunctionInfo, shared_info, 1); + CONVERT_SMI_ARG_CHECKED(slot_id, 2); - return *TemplateObjectDescription::CreateTemplateObject(isolate, description); + Handle<Context> native_context(isolate->context()->native_context(), isolate); + return *TemplateObjectDescription::GetTemplateObject( + isolate, native_context, description, shared_info, slot_id); } RUNTIME_FUNCTION(Runtime_ReportMessage) { diff --git a/chromium/v8/src/runtime/runtime-numbers.cc b/chromium/v8/src/runtime/runtime-numbers.cc index 59f15a62bdb..edceef20a53 100644 --- a/chromium/v8/src/runtime/runtime-numbers.cc +++ b/chromium/v8/src/runtime/runtime-numbers.cc @@ -6,6 +6,7 @@ #include "src/base/bits.h" #include "src/bootstrapper.h" #include "src/counters.h" +#include "src/heap/heap-inl.h" // For ToBoolean. TODO(jkummerow): Drop. #include "src/isolate-inl.h" #include "src/runtime/runtime-utils.h" diff --git a/chromium/v8/src/runtime/runtime-object.cc b/chromium/v8/src/runtime/runtime-object.cc index fd3d2dd1680..02d1a8e1578 100644 --- a/chromium/v8/src/runtime/runtime-object.cc +++ b/chromium/v8/src/runtime/runtime-object.cc @@ -6,6 +6,7 @@ #include "src/bootstrapper.h" #include "src/counters.h" #include "src/debug/debug.h" +#include "src/heap/heap-inl.h" // For ToBoolean. TODO(jkummerow): Drop. #include "src/isolate-inl.h" #include "src/message-template.h" #include "src/objects/hash-table-inl.h" @@ -52,6 +53,30 @@ MaybeHandle<Object> Runtime::GetObjectProperty(Isolate* isolate, return result; } +MaybeHandle<Object> Runtime::HasProperty(Isolate* isolate, + Handle<Object> object, + Handle<Object> key) { + // Check that {object} is actually a receiver. + if (!object->IsJSReceiver()) { + THROW_NEW_ERROR( + isolate, + NewTypeError(MessageTemplate::kInvalidInOperatorUse, key, object), + Object); + } + Handle<JSReceiver> receiver = Handle<JSReceiver>::cast(object); + + // Convert the {key} to a name. + Handle<Name> name; + ASSIGN_RETURN_ON_EXCEPTION(isolate, name, Object::ToName(isolate, key), + Object); + + // Lookup the {name} on {receiver}. + Maybe<bool> maybe = JSReceiver::HasProperty(receiver, name); + if (maybe.IsNothing()) return MaybeHandle<Object>(); + return maybe.FromJust() ? ReadOnlyRoots(isolate).true_value_handle() + : ReadOnlyRoots(isolate).false_value_handle(); +} + namespace { bool DeleteObjectPropertyFast(Isolate* isolate, Handle<JSReceiver> receiver, @@ -341,12 +366,10 @@ RUNTIME_FUNCTION(Runtime_ObjectCreate) { return *obj; } -MaybeHandle<Object> Runtime::SetObjectProperty(Isolate* isolate, - Handle<Object> object, - Handle<Object> key, - Handle<Object> value, - LanguageMode language_mode, - StoreOrigin store_origin) { +MaybeHandle<Object> Runtime::SetObjectProperty( + Isolate* isolate, Handle<Object> object, Handle<Object> key, + Handle<Object> value, StoreOrigin store_origin, + Maybe<ShouldThrow> should_throw) { if (object->IsNullOrUndefined(isolate)) { THROW_NEW_ERROR( isolate, @@ -371,12 +394,11 @@ MaybeHandle<Object> Runtime::SetObjectProperty(Isolate* isolate, } MAYBE_RETURN_NULL( - Object::SetProperty(&it, value, language_mode, store_origin)); + Object::SetProperty(&it, value, store_origin, should_throw)); return value; } - RUNTIME_FUNCTION(Runtime_InternalSetPrototype) { HandleScope scope(isolate); DCHECK_EQ(2, args.length()); @@ -549,31 +571,28 @@ RUNTIME_FUNCTION(Runtime_GetProperty) { RUNTIME_FUNCTION(Runtime_SetKeyedProperty) { HandleScope scope(isolate); - DCHECK_EQ(4, args.length()); + DCHECK_EQ(3, args.length()); CONVERT_ARG_HANDLE_CHECKED(Object, object, 0); CONVERT_ARG_HANDLE_CHECKED(Object, key, 1); CONVERT_ARG_HANDLE_CHECKED(Object, value, 2); - CONVERT_LANGUAGE_MODE_ARG_CHECKED(language_mode, 3); RETURN_RESULT_OR_FAILURE( - isolate, - Runtime::SetObjectProperty(isolate, object, key, value, language_mode, - StoreOrigin::kMaybeKeyed)); + isolate, Runtime::SetObjectProperty(isolate, object, key, value, + StoreOrigin::kMaybeKeyed)); } RUNTIME_FUNCTION(Runtime_SetNamedProperty) { HandleScope scope(isolate); - DCHECK_EQ(4, args.length()); + DCHECK_EQ(3, args.length()); CONVERT_ARG_HANDLE_CHECKED(Object, object, 0); CONVERT_ARG_HANDLE_CHECKED(Object, key, 1); CONVERT_ARG_HANDLE_CHECKED(Object, value, 2); - CONVERT_LANGUAGE_MODE_ARG_CHECKED(language_mode, 3); RETURN_RESULT_OR_FAILURE( isolate, Runtime::SetObjectProperty(isolate, object, key, value, - language_mode, StoreOrigin::kNamed)); + StoreOrigin::kNamed)); } // Similar to DefineDataPropertyInLiteral, but does not update feedback, and @@ -592,8 +611,8 @@ RUNTIME_FUNCTION(Runtime_StoreDataPropertyInLiteral) { LookupIterator it = LookupIterator::PropertyOrElement( isolate, object, key, &success, LookupIterator::OWN); - Maybe<bool> result = - JSObject::DefineOwnPropertyIgnoreAttributes(&it, value, NONE, kDontThrow); + Maybe<bool> result = JSObject::DefineOwnPropertyIgnoreAttributes( + &it, value, NONE, Just(kDontThrow)); RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate); DCHECK(result.IsJust()); USE(result); @@ -791,7 +810,7 @@ RUNTIME_FUNCTION(Runtime_DefineDataPropertyInLiteral) { nexus.ConfigureMegamorphic(PROPERTY); } } else if (nexus.ic_state() == MONOMORPHIC) { - if (nexus.FindFirstMap() != object->map() || + if (nexus.GetFirstMap() != object->map() || nexus.GetFeedbackExtra() != MaybeObject::FromObject(*name)) { nexus.ConfigureMegamorphic(PROPERTY); } @@ -823,9 +842,9 @@ RUNTIME_FUNCTION(Runtime_DefineDataPropertyInLiteral) { isolate, object, name, object, LookupIterator::OWN); // Cannot fail since this should only be called when // creating an object literal. - CHECK( - JSObject::DefineOwnPropertyIgnoreAttributes(&it, value, attrs, kDontThrow) - .IsJust()); + CHECK(JSObject::DefineOwnPropertyIgnoreAttributes(&it, value, attrs, + Just(kDontThrow)) + .IsJust()); return *object; } @@ -1027,7 +1046,7 @@ RUNTIME_FUNCTION(Runtime_DefineMethodsInternal) { } Maybe<bool> success = JSReceiver::DefineOwnProperty( - isolate, target, key, &descriptor, kDontThrow); + isolate, target, key, &descriptor, Just(kDontThrow)); CHECK(success.FromJust()); } return ReadOnlyRoots(isolate).undefined_value(); @@ -1133,7 +1152,7 @@ RUNTIME_FUNCTION(Runtime_CreateDataProperty) { LookupIterator it = LookupIterator::PropertyOrElement( isolate, o, key, &success, LookupIterator::OWN); if (!success) return ReadOnlyRoots(isolate).exception(); - MAYBE_RETURN(JSReceiver::CreateDataProperty(&it, value, kThrowOnError), + MAYBE_RETURN(JSReceiver::CreateDataProperty(&it, value, Just(kThrowOnError)), ReadOnlyRoots(isolate).exception()); return *value; } @@ -1170,7 +1189,7 @@ RUNTIME_FUNCTION(Runtime_AddPrivateField) { isolate, NewTypeError(MessageTemplate::kVarRedeclaration, key)); } - CHECK(Object::AddDataProperty(&it, value, NONE, kDontThrow, + CHECK(Object::AddDataProperty(&it, value, NONE, Just(kDontThrow), StoreOrigin::kMaybeKeyed) .FromJust()); return ReadOnlyRoots(isolate).undefined_value(); diff --git a/chromium/v8/src/runtime/runtime-operators.cc b/chromium/v8/src/runtime/runtime-operators.cc index 1ce7fffd18c..cc932f2b41a 100644 --- a/chromium/v8/src/runtime/runtime-operators.cc +++ b/chromium/v8/src/runtime/runtime-operators.cc @@ -4,6 +4,7 @@ #include "src/arguments.h" #include "src/counters.h" +#include "src/heap/heap-inl.h" // For ToBoolean. TODO(jkummerow): Drop. #include "src/isolate-inl.h" #include "src/runtime/runtime-utils.h" diff --git a/chromium/v8/src/runtime/runtime-promise.cc b/chromium/v8/src/runtime/runtime-promise.cc index cd76d5ee7d7..d39c7190a34 100644 --- a/chromium/v8/src/runtime/runtime-promise.cc +++ b/chromium/v8/src/runtime/runtime-promise.cc @@ -76,9 +76,12 @@ RUNTIME_FUNCTION(Runtime_EnqueueMicrotask) { HandleScope scope(isolate); DCHECK_EQ(1, args.length()); CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0); - Handle<CallableTask> microtask = - isolate->factory()->NewCallableTask(function, isolate->native_context()); - isolate->native_context()->microtask_queue()->EnqueueMicrotask(*microtask); + + Handle<CallableTask> microtask = isolate->factory()->NewCallableTask( + function, handle(function->native_context(), isolate)); + MicrotaskQueue* microtask_queue = + function->native_context()->microtask_queue(); + if (microtask_queue) microtask_queue->EnqueueMicrotask(*microtask); return ReadOnlyRoots(isolate).undefined_value(); } @@ -158,7 +161,8 @@ Handle<JSPromise> AwaitPromisesInitCommon(Isolate* isolate, Object::SetProperty( isolate, reject_handler, isolate->factory()->promise_forwarding_handler_symbol(), - isolate->factory()->true_value(), LanguageMode::kStrict) + isolate->factory()->true_value(), StoreOrigin::kMaybeKeyed, + Just(ShouldThrow::kThrowOnError)) .Check(); Handle<JSPromise>::cast(value)->set_handled_hint(is_predicted_as_caught); } @@ -167,7 +171,8 @@ Handle<JSPromise> AwaitPromisesInitCommon(Isolate* isolate, // Promise is found on the Promise stack Object::SetProperty(isolate, throwaway, isolate->factory()->promise_handled_by_symbol(), - outer_promise, LanguageMode::kStrict) + outer_promise, StoreOrigin::kMaybeKeyed, + Just(ShouldThrow::kThrowOnError)) .Check(); } diff --git a/chromium/v8/src/runtime/runtime-proxy.cc b/chromium/v8/src/runtime/runtime-proxy.cc index f4f84ebec91..11544cd34b6 100644 --- a/chromium/v8/src/runtime/runtime-proxy.cc +++ b/chromium/v8/src/runtime/runtime-proxy.cc @@ -8,6 +8,7 @@ #include "src/counters.h" #include "src/elements.h" #include "src/heap/factory.h" +#include "src/heap/heap-inl.h" // For ToBoolean. TODO(jkummerow): Drop. #include "src/isolate-inl.h" #include "src/objects-inl.h" @@ -64,12 +65,11 @@ RUNTIME_FUNCTION(Runtime_GetPropertyWithReceiver) { RUNTIME_FUNCTION(Runtime_SetPropertyWithReceiver) { HandleScope scope(isolate); - DCHECK_EQ(5, args.length()); + DCHECK_EQ(4, args.length()); CONVERT_ARG_HANDLE_CHECKED(JSReceiver, holder, 0); CONVERT_ARG_HANDLE_CHECKED(Object, key, 1); CONVERT_ARG_HANDLE_CHECKED(Object, value, 2); CONVERT_ARG_HANDLE_CHECKED(Object, receiver, 3); - CONVERT_LANGUAGE_MODE_ARG_CHECKED(language_mode, 4); bool success = false; LookupIterator it = LookupIterator::PropertyOrElement(isolate, receiver, key, @@ -78,8 +78,8 @@ RUNTIME_FUNCTION(Runtime_SetPropertyWithReceiver) { DCHECK(isolate->has_pending_exception()); return ReadOnlyRoots(isolate).exception(); } - Maybe<bool> result = Object::SetSuperProperty(&it, value, language_mode, - StoreOrigin::kMaybeKeyed); + Maybe<bool> result = + Object::SetSuperProperty(&it, value, StoreOrigin::kMaybeKeyed); MAYBE_RETURN(result, ReadOnlyRoots(isolate).exception()); return *isolate->factory()->ToBoolean(result.FromJust()); } diff --git a/chromium/v8/src/runtime/runtime-regexp.cc b/chromium/v8/src/runtime/runtime-regexp.cc index 49ab836e9ce..03024810283 100644 --- a/chromium/v8/src/runtime/runtime-regexp.cc +++ b/chromium/v8/src/runtime/runtime-regexp.cc @@ -7,11 +7,11 @@ #include "src/arguments-inl.h" #include "src/conversions-inl.h" #include "src/counters.h" +#include "src/heap/heap-inl.h" // For ToBoolean. TODO(jkummerow): Drop. #include "src/isolate-inl.h" #include "src/message-template.h" #include "src/objects/js-array-inl.h" #include "src/regexp/jsregexp-inl.h" -#include "src/regexp/jsregexp.h" #include "src/regexp/regexp-utils.h" #include "src/runtime/runtime-utils.h" #include "src/string-builder-inl.h" @@ -628,7 +628,8 @@ V8_WARN_UNUSED_RESULT static Object StringReplaceGlobalRegExpWithString( // Shortcut for simple non-regexp global replacements if (typeTag == JSRegExp::ATOM && simple_replace) { - if (subject->HasOnlyOneByteChars() && replacement->HasOnlyOneByteChars()) { + if (subject->IsOneByteRepresentation() && + replacement->IsOneByteRepresentation()) { return StringReplaceGlobalAtomRegExpWithString<SeqOneByteString>( isolate, subject, regexp, replacement, last_match_info); } else { @@ -652,16 +653,9 @@ V8_WARN_UNUSED_RESULT static Object StringReplaceGlobalRegExpWithString( int expected_parts = (compiled_replacement.parts() + 1) * 4 + 1; ReplacementStringBuilder builder(isolate->heap(), subject, expected_parts); - // Number of parts added by compiled replacement plus preceding - // string and possibly suffix after last match. It is possible for - // all components to use two elements when encoded as two smis. - const int parts_added_per_loop = 2 * (compiled_replacement.parts() + 2); - int prev = 0; do { - builder.EnsureCapacity(parts_added_per_loop); - int start = current_match[0]; int end = current_match[1]; @@ -682,7 +676,6 @@ V8_WARN_UNUSED_RESULT static Object StringReplaceGlobalRegExpWithString( if (global_cache.HasException()) return ReadOnlyRoots(isolate).exception(); if (prev < subject_length) { - builder.EnsureCapacity(2); builder.AddSubjectSlice(prev, subject_length); } @@ -791,33 +784,6 @@ V8_WARN_UNUSED_RESULT static Object StringReplaceGlobalRegExpWithEmptyString( return *answer; } -namespace { - -Object StringReplaceGlobalRegExpWithStringHelper( - Isolate* isolate, Handle<JSRegExp> regexp, Handle<String> subject, - Handle<String> replacement, Handle<RegExpMatchInfo> last_match_info) { - CHECK(regexp->GetFlags() & JSRegExp::kGlobal); - - subject = String::Flatten(isolate, subject); - - if (replacement->length() == 0) { - if (subject->HasOnlyOneByteChars()) { - return StringReplaceGlobalRegExpWithEmptyString<SeqOneByteString>( - isolate, subject, regexp, last_match_info); - } else { - return StringReplaceGlobalRegExpWithEmptyString<SeqTwoByteString>( - isolate, subject, regexp, last_match_info); - } - } - - replacement = String::Flatten(isolate, replacement); - - return StringReplaceGlobalRegExpWithString(isolate, subject, regexp, - replacement, last_match_info); -} - -} // namespace - RUNTIME_FUNCTION(Runtime_StringSplit) { HandleScope handle_scope(isolate); DCHECK_EQ(3, args.length()); @@ -915,20 +881,6 @@ RUNTIME_FUNCTION(Runtime_RegExpExec) { index, last_match_info)); } -RUNTIME_FUNCTION(Runtime_RegExpInternalReplace) { - HandleScope scope(isolate); - DCHECK_EQ(3, args.length()); - CONVERT_ARG_HANDLE_CHECKED(JSRegExp, regexp, 0); - CONVERT_ARG_HANDLE_CHECKED(String, subject, 1); - CONVERT_ARG_HANDLE_CHECKED(String, replacement, 2); - - Handle<RegExpMatchInfo> internal_match_info = - isolate->regexp_internal_match_info(); - - return StringReplaceGlobalRegExpWithStringHelper( - isolate, regexp, subject, replacement, internal_match_info); -} - namespace { class MatchInfoBackedMatch : public String::Match { @@ -1371,7 +1323,7 @@ V8_WARN_UNUSED_RESULT MaybeHandle<String> RegExpReplace( String); if (replace->length() == 0) { - if (string->HasOnlyOneByteChars()) { + if (string->IsOneByteRepresentation()) { Object result = StringReplaceGlobalRegExpWithEmptyString<SeqOneByteString>( isolate, string, regexp, last_match_info); diff --git a/chromium/v8/src/runtime/runtime-scopes.cc b/chromium/v8/src/runtime/runtime-scopes.cc index 82272429407..6783387b703 100644 --- a/chromium/v8/src/runtime/runtime-scopes.cc +++ b/chromium/v8/src/runtime/runtime-scopes.cc @@ -11,6 +11,7 @@ #include "src/counters.h" #include "src/deoptimizer.h" #include "src/frames-inl.h" +#include "src/heap/heap-inl.h" // For ToBoolean. TODO(jkummerow): Drop. #include "src/isolate-inl.h" #include "src/message-template.h" #include "src/objects/heap-object-inl.h" @@ -53,7 +54,7 @@ Object DeclareGlobal( Handle<ScriptContextTable> script_contexts( global->native_context()->script_context_table(), isolate); ScriptContextTable::LookupResult lookup; - if (ScriptContextTable::Lookup(isolate, script_contexts, name, &lookup) && + if (ScriptContextTable::Lookup(isolate, *script_contexts, *name, &lookup) && IsLexicalVariableMode(lookup.mode)) { // ES#sec-globaldeclarationinstantiation 6.a: // If envRec.HasLexicalDeclaration(name) is true, throw a SyntaxError @@ -634,7 +635,7 @@ static Object FindNameClash(Isolate* isolate, Handle<ScopeInfo> scope_info, Handle<String> name(scope_info->ContextLocalName(var), isolate); VariableMode mode = scope_info->ContextLocalMode(var); ScriptContextTable::LookupResult lookup; - if (ScriptContextTable::Lookup(isolate, script_context, name, &lookup)) { + if (ScriptContextTable::Lookup(isolate, *script_context, *name, &lookup)) { if (IsLexicalVariableMode(mode) || IsLexicalVariableMode(lookup.mode)) { // ES#sec-globaldeclarationinstantiation 5.b: // If envRec.HasLexicalDeclaration(name) is true, throw a SyntaxError @@ -948,9 +949,9 @@ MaybeHandle<Object> StoreLookupSlot( object = handle(context->global_object(), isolate); } - ASSIGN_RETURN_ON_EXCEPTION( - isolate, value, - Object::SetProperty(isolate, object, name, value, language_mode), Object); + ASSIGN_RETURN_ON_EXCEPTION(isolate, value, + Object::SetProperty(isolate, object, name, value), + Object); return value; } diff --git a/chromium/v8/src/runtime/runtime-strings.cc b/chromium/v8/src/runtime/runtime-strings.cc index 9a537e7fa26..aa19b103ebe 100644 --- a/chromium/v8/src/runtime/runtime-strings.cc +++ b/chromium/v8/src/runtime/runtime-strings.cc @@ -5,6 +5,7 @@ #include "src/arguments-inl.h" #include "src/conversions.h" #include "src/counters.h" +#include "src/heap/heap-inl.h" #include "src/objects-inl.h" #include "src/objects/js-array-inl.h" #include "src/objects/slots.h" @@ -297,7 +298,7 @@ RUNTIME_FUNCTION(Runtime_StringBuilderConcat) { } int length; - bool one_byte = special->HasOnlyOneByteChars(); + bool one_byte = special->IsOneByteRepresentation(); { DisallowHeapAllocation no_gc; @@ -344,234 +345,6 @@ RUNTIME_FUNCTION(Runtime_StringBuilderConcat) { } } -// TODO(pwong): Remove once TypedArray.prototype.join() is ported to Torque. -RUNTIME_FUNCTION(Runtime_StringBuilderJoin) { - HandleScope scope(isolate); - DCHECK_EQ(3, args.length()); - CONVERT_ARG_HANDLE_CHECKED(JSArray, array, 0); - int32_t array_length; - if (!args[1]->ToInt32(&array_length)) { - THROW_NEW_ERROR_RETURN_FAILURE(isolate, NewInvalidStringLengthError()); - } - CONVERT_ARG_HANDLE_CHECKED(String, separator, 2); - CHECK(array->HasObjectElements()); - CHECK_GE(array_length, 0); - - Handle<FixedArray> fixed_array(FixedArray::cast(array->elements()), isolate); - if (fixed_array->length() < array_length) { - array_length = fixed_array->length(); - } - - if (array_length == 0) { - return ReadOnlyRoots(isolate).empty_string(); - } else if (array_length == 1) { - Object first = fixed_array->get(0); - CHECK(first->IsString()); - return first; - } - - int separator_length = separator->length(); - CHECK_GT(separator_length, 0); - int max_nof_separators = - (String::kMaxLength + separator_length - 1) / separator_length; - if (max_nof_separators < (array_length - 1)) { - THROW_NEW_ERROR_RETURN_FAILURE(isolate, NewInvalidStringLengthError()); - } - int length = (array_length - 1) * separator_length; - for (int i = 0; i < array_length; i++) { - Object element_obj = fixed_array->get(i); - CHECK(element_obj->IsString()); - String element = String::cast(element_obj); - int increment = element->length(); - if (increment > String::kMaxLength - length) { - STATIC_ASSERT(String::kMaxLength < kMaxInt); - length = kMaxInt; // Provoke exception; - break; - } - length += increment; - } - - Handle<SeqTwoByteString> answer; - ASSIGN_RETURN_FAILURE_ON_EXCEPTION( - isolate, answer, isolate->factory()->NewRawTwoByteString(length)); - - DisallowHeapAllocation no_gc; - - uc16* sink = answer->GetChars(no_gc); -#ifdef DEBUG - uc16* end = sink + length; -#endif - - CHECK(fixed_array->get(0)->IsString()); - String first = String::cast(fixed_array->get(0)); - String separator_raw = *separator; - - int first_length = first->length(); - String::WriteToFlat(first, sink, 0, first_length); - sink += first_length; - - for (int i = 1; i < array_length; i++) { - DCHECK(sink + separator_length <= end); - String::WriteToFlat(separator_raw, sink, 0, separator_length); - sink += separator_length; - - CHECK(fixed_array->get(i)->IsString()); - String element = String::cast(fixed_array->get(i)); - int element_length = element->length(); - DCHECK(sink + element_length <= end); - String::WriteToFlat(element, sink, 0, element_length); - sink += element_length; - } - DCHECK(sink == end); - - // Use %_FastOneByteArrayJoin instead. - DCHECK(!answer->IsOneByteRepresentation()); - return *answer; -} - -template <typename sinkchar> -static void WriteRepeatToFlat(String src, Vector<sinkchar> buffer, int cursor, - int repeat, int length) { - if (repeat == 0) return; - - sinkchar* start = &buffer[cursor]; - String::WriteToFlat<sinkchar>(src, start, 0, length); - - int done = 1; - sinkchar* next = start + length; - - while (done < repeat) { - int block = Min(done, repeat - done); - int block_chars = block * length; - CopyChars(next, start, block_chars); - next += block_chars; - done += block; - } -} - -// TODO(pwong): Remove once TypedArray.prototype.join() is ported to Torque. -template <typename Char> -static void JoinSparseArrayWithSeparator(FixedArray elements, - int elements_length, - uint32_t array_length, - String separator, - Vector<Char> buffer) { - DisallowHeapAllocation no_gc; - int previous_separator_position = 0; - int separator_length = separator->length(); - DCHECK_LT(0, separator_length); - int cursor = 0; - for (int i = 0; i < elements_length; i += 2) { - int position = NumberToInt32(elements->get(i)); - String string = String::cast(elements->get(i + 1)); - int string_length = string->length(); - if (string->length() > 0) { - int repeat = position - previous_separator_position; - WriteRepeatToFlat<Char>(separator, buffer, cursor, repeat, - separator_length); - cursor += repeat * separator_length; - previous_separator_position = position; - String::WriteToFlat<Char>(string, &buffer[cursor], 0, string_length); - cursor += string->length(); - } - } - - int last_array_index = static_cast<int>(array_length - 1); - // Array length must be representable as a signed 32-bit number, - // otherwise the total string length would have been too large. - DCHECK_LE(array_length, 0x7FFFFFFF); // Is int32_t. - int repeat = last_array_index - previous_separator_position; - WriteRepeatToFlat<Char>(separator, buffer, cursor, repeat, separator_length); - cursor += repeat * separator_length; - DCHECK(cursor <= buffer.length()); -} - -// TODO(pwong): Remove once TypedArray.prototype.join() is ported to Torque. -RUNTIME_FUNCTION(Runtime_SparseJoinWithSeparator) { - HandleScope scope(isolate); - DCHECK_EQ(3, args.length()); - CONVERT_ARG_HANDLE_CHECKED(JSArray, elements_array, 0); - CONVERT_NUMBER_CHECKED(uint32_t, array_length, Uint32, args[1]); - CONVERT_ARG_HANDLE_CHECKED(String, separator, 2); - // elements_array is fast-mode JSarray of alternating positions - // (increasing order) and strings. - CHECK(elements_array->HasSmiOrObjectElements()); - // array_length is length of original array (used to add separators); - // separator is string to put between elements. Assumed to be non-empty. - CHECK_GT(array_length, 0); - - // Find total length of join result. - int string_length = 0; - bool is_one_byte = separator->IsOneByteRepresentation(); - bool overflow = false; - CONVERT_NUMBER_CHECKED(int, elements_length, Int32, elements_array->length()); - CHECK(elements_length <= elements_array->elements()->length()); - CHECK_EQ(elements_length & 1, 0); // Even length. - FixedArray elements = FixedArray::cast(elements_array->elements()); - { - DisallowHeapAllocation no_gc; - for (int i = 0; i < elements_length; i += 2) { - String string = String::cast(elements->get(i + 1)); - int length = string->length(); - if (is_one_byte && !string->IsOneByteRepresentation()) { - is_one_byte = false; - } - if (length > String::kMaxLength || - String::kMaxLength - length < string_length) { - overflow = true; - break; - } - string_length += length; - } - } - - int separator_length = separator->length(); - if (!overflow && separator_length > 0) { - if (array_length <= 0x7FFFFFFFu) { - int separator_count = static_cast<int>(array_length) - 1; - int remaining_length = String::kMaxLength - string_length; - if ((remaining_length / separator_length) >= separator_count) { - string_length += separator_length * (array_length - 1); - } else { - // Not room for the separators within the maximal string length. - overflow = true; - } - } else { - // Nonempty separator and at least 2^31-1 separators necessary - // means that the string is too large to create. - STATIC_ASSERT(String::kMaxLength < 0x7FFFFFFF); - overflow = true; - } - } - if (overflow) { - // Throw an exception if the resulting string is too large. See - // https://code.google.com/p/chromium/issues/detail?id=336820 - // for details. - THROW_NEW_ERROR_RETURN_FAILURE(isolate, NewInvalidStringLengthError()); - } - - if (is_one_byte) { - Handle<SeqOneByteString> result = isolate->factory() - ->NewRawOneByteString(string_length) - .ToHandleChecked(); - DisallowHeapAllocation no_gc; - JoinSparseArrayWithSeparator<uint8_t>( - FixedArray::cast(elements_array->elements()), elements_length, - array_length, *separator, - Vector<uint8_t>(result->GetChars(no_gc), string_length)); - return *result; - } else { - Handle<SeqTwoByteString> result = isolate->factory() - ->NewRawTwoByteString(string_length) - .ToHandleChecked(); - DisallowHeapAllocation no_gc; - JoinSparseArrayWithSeparator<uc16>( - FixedArray::cast(elements_array->elements()), elements_length, - array_length, *separator, - Vector<uc16>(result->GetChars(no_gc), string_length)); - return *result; - } -} // Copies Latin1 characters to the given fixed array looking up // one-char strings in the cache. Gives up on the first char that is @@ -713,5 +486,78 @@ RUNTIME_FUNCTION(Runtime_StringMaxLength) { return Smi::FromInt(String::kMaxLength); } +RUNTIME_FUNCTION(Runtime_StringCompareSequence) { + HandleScope handle_scope(isolate); + DCHECK_EQ(3, args.length()); + CONVERT_ARG_HANDLE_CHECKED(String, string, 0); + CONVERT_ARG_HANDLE_CHECKED(String, search_string, 1); + CONVERT_NUMBER_CHECKED(int, start, Int32, args[2]); + + // Check if start + searchLength is in bounds. + DCHECK_LE(start + search_string->length(), string->length()); + + FlatStringReader string_reader(isolate, String::Flatten(isolate, string)); + FlatStringReader search_reader(isolate, + String::Flatten(isolate, search_string)); + + for (int i = 0; i < search_string->length(); i++) { + if (string_reader.Get(start + i) != search_reader.Get(i)) { + return ReadOnlyRoots(isolate).false_value(); + } + } + + return ReadOnlyRoots(isolate).true_value(); +} + +RUNTIME_FUNCTION(Runtime_StringEscapeQuotes) { + HandleScope handle_scope(isolate); + DCHECK_EQ(1, args.length()); + CONVERT_ARG_HANDLE_CHECKED(String, string, 0); + + // Equivalent to global replacement `string.replace(/"/g, """)`, but this + // does not modify any global state (e.g. the regexp match info). + + const int string_length = string->length(); + Handle<String> quotes = + isolate->factory()->LookupSingleCharacterStringFromCode('"'); + + int index = String::IndexOf(isolate, string, quotes, 0); + + // No quotes, nothing to do. + if (index == -1) return *string; + + // Find all quotes. + std::vector<int> indices = {index}; + while (index + 1 < string_length) { + index = String::IndexOf(isolate, string, quotes, index + 1); + if (index == -1) break; + indices.emplace_back(index); + } + + // Build the replacement string. + Handle<String> replacement = + isolate->factory()->NewStringFromAsciiChecked("""); + const int estimated_part_count = static_cast<int>(indices.size()) * 2 + 1; + ReplacementStringBuilder builder(isolate->heap(), string, + estimated_part_count); + + int prev_index = -1; // Start at -1 to avoid special-casing the first match. + for (int index : indices) { + const int slice_start = prev_index + 1; + const int slice_end = index; + if (slice_end > slice_start) { + builder.AddSubjectSlice(slice_start, slice_end); + } + builder.AddString(replacement); + prev_index = index; + } + + if (prev_index < string_length - 1) { + builder.AddSubjectSlice(prev_index + 1, string_length); + } + + return *builder.ToString().ToHandleChecked(); +} + } // namespace internal } // namespace v8 diff --git a/chromium/v8/src/runtime/runtime-symbol.cc b/chromium/v8/src/runtime/runtime-symbol.cc index 8cd48505d2f..b47794938af 100644 --- a/chromium/v8/src/runtime/runtime-symbol.cc +++ b/chromium/v8/src/runtime/runtime-symbol.cc @@ -4,6 +4,7 @@ #include "src/arguments-inl.h" #include "src/counters.h" +#include "src/heap/heap-inl.h" // For ToBoolean. TODO(jkummerow): Drop. #include "src/isolate-inl.h" #include "src/objects-inl.h" #include "src/runtime/runtime-utils.h" diff --git a/chromium/v8/src/runtime/runtime-test.cc b/chromium/v8/src/runtime/runtime-test.cc index 40ca5de4014..1178ea6251c 100644 --- a/chromium/v8/src/runtime/runtime-test.cc +++ b/chromium/v8/src/runtime/runtime-test.cc @@ -16,6 +16,9 @@ #include "src/counters.h" #include "src/deoptimizer.h" #include "src/frames-inl.h" +#include "src/heap/heap-inl.h" // For ToBoolean. TODO(jkummerow): Drop. +#include "src/heap/heap-write-barrier-inl.h" +#include "src/ic/stub-cache.h" #include "src/isolate-inl.h" #include "src/objects/heap-object-inl.h" #include "src/objects/smi.h" @@ -44,7 +47,7 @@ using WasmCompileControlsMap = std::map<v8::Isolate*, WasmCompileControls>; // isolates concurrently. Methods need to hold the accompanying mutex on access. // To avoid upsetting the static initializer count, we lazy initialize this. DEFINE_LAZY_LEAKY_OBJECT_GETTER(WasmCompileControlsMap, - GetPerIsolateWasmControls); + GetPerIsolateWasmControls) base::LazyMutex g_PerIsolateWasmControlsMutex = LAZY_MUTEX_INITIALIZER; bool IsWasmCompileAllowed(v8::Isolate* isolate, v8::Local<v8::Value> value, @@ -103,6 +106,14 @@ bool WasmInstanceOverride(const v8::FunctionCallbackInfo<v8::Value>& args) { } // namespace +RUNTIME_FUNCTION(Runtime_ClearMegamorphicStubCache) { + HandleScope scope(isolate); + DCHECK_EQ(0, args.length()); + isolate->load_stub_cache()->Clear(); + isolate->store_stub_cache()->Clear(); + return ReadOnlyRoots(isolate).undefined_value(); +} + RUNTIME_FUNCTION(Runtime_ConstructDouble) { HandleScope scope(isolate); DCHECK_EQ(2, args.length()); @@ -285,6 +296,60 @@ RUNTIME_FUNCTION(Runtime_OptimizeFunctionOnNextCall) { return ReadOnlyRoots(isolate).undefined_value(); } +RUNTIME_FUNCTION(Runtime_PrepareFunctionForOptimization) { + HandleScope scope(isolate); + DCHECK_EQ(1, args.length()); + CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0); + + // Only one function should be prepared for optimization at a time + CHECK(isolate->heap()->pending_optimize_for_test_bytecode()->IsUndefined()); + + // Check function allows lazy compilation. + if (!function->shared()->allows_lazy_compilation()) { + return ReadOnlyRoots(isolate).undefined_value(); + } + + // If function isn't compiled, compile it now. + IsCompiledScope is_compiled_scope(function->shared()->is_compiled_scope()); + if (!is_compiled_scope.is_compiled() && + !Compiler::Compile(function, Compiler::CLEAR_EXCEPTION, + &is_compiled_scope)) { + return ReadOnlyRoots(isolate).undefined_value(); + } + + // Ensure function has a feedback vector to hold type feedback for + // optimization. + JSFunction::EnsureFeedbackVector(function); + + // If optimization is disabled for the function, return without making it + // pending optimize for test. + if (function->shared()->optimization_disabled() && + function->shared()->disable_optimization_reason() == + BailoutReason::kNeverOptimize) { + return ReadOnlyRoots(isolate).undefined_value(); + } + + // If the function is already optimized, return without making it pending + // optimize for test. + if (function->IsOptimized() || function->shared()->HasAsmWasmData()) { + return ReadOnlyRoots(isolate).undefined_value(); + } + + // If the function has optimized code, ensure that we check for it and then + // return without making it pending optimize for test. + if (function->HasOptimizedCode()) { + DCHECK(function->ChecksOptimizationMarker()); + return ReadOnlyRoots(isolate).undefined_value(); + } + + // Hold onto the bytecode array between marking and optimization to ensure + // it's not flushed. + isolate->heap()->SetPendingOptimizeForTestBytecode( + function->shared()->GetBytecodeArray()); + + return ReadOnlyRoots(isolate).undefined_value(); +} + RUNTIME_FUNCTION(Runtime_OptimizeOsr) { HandleScope scope(isolate); DCHECK(args.length() == 0 || args.length() == 1); @@ -796,7 +861,7 @@ RUNTIME_FUNCTION(Runtime_InNewSpace) { SealHandleScope shs(isolate); DCHECK_EQ(1, args.length()); CONVERT_ARG_CHECKED(Object, obj, 0); - return isolate->heap()->ToBoolean(Heap::InNewSpace(obj)); + return isolate->heap()->ToBoolean(ObjectInYoungGeneration(obj)); } RUNTIME_FUNCTION(Runtime_IsAsmWasmCode) { @@ -874,10 +939,9 @@ RUNTIME_FUNCTION(Runtime_GetWasmExceptionId) { DCHECK_EQ(2, args.length()); CONVERT_ARG_HANDLE_CHECKED(JSReceiver, exception, 0); CONVERT_ARG_HANDLE_CHECKED(WasmInstanceObject, instance, 1); - Handle<Object> tag; - if (JSReceiver::GetProperty(isolate, exception, - isolate->factory()->wasm_exception_tag_symbol()) - .ToHandle(&tag)) { + Handle<Object> tag = + WasmExceptionPackage::GetExceptionTag(isolate, exception); + if (tag->IsWasmExceptionTag()) { Handle<FixedArray> exceptions_table(instance->exceptions_table(), isolate); for (int index = 0; index < exceptions_table->length(); ++index) { if (exceptions_table->get(index) == *tag) return Smi::FromInt(index); @@ -890,11 +954,9 @@ RUNTIME_FUNCTION(Runtime_GetWasmExceptionValues) { HandleScope scope(isolate); DCHECK_EQ(1, args.length()); CONVERT_ARG_HANDLE_CHECKED(JSReceiver, exception, 0); - Handle<Object> values_obj; - CHECK(JSReceiver::GetProperty( - isolate, exception, - isolate->factory()->wasm_exception_values_symbol()) - .ToHandle(&values_obj)); + Handle<Object> values_obj = + WasmExceptionPackage::GetExceptionValues(isolate, exception); + CHECK(values_obj->IsFixedArray()); // Only called with correct input. Handle<FixedArray> values = Handle<FixedArray>::cast(values_obj); return *isolate->factory()->NewJSArrayWithElements(values); } @@ -929,6 +991,7 @@ ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION(SmiOrObjectElements) ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION(DoubleElements) ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION(HoleyElements) ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION(DictionaryElements) +ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION(PackedElements) ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION(SloppyArgumentsElements) // Properties test sitting with elements tests - not fooling anyone. ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION(FastProperties) diff --git a/chromium/v8/src/runtime/runtime-wasm.cc b/chromium/v8/src/runtime/runtime-wasm.cc index 84ef744d8b4..fe85e1dfc9d 100644 --- a/chromium/v8/src/runtime/runtime-wasm.cc +++ b/chromium/v8/src/runtime/runtime-wasm.cc @@ -102,8 +102,6 @@ RUNTIME_FUNCTION(Runtime_ThrowWasmError) { RUNTIME_FUNCTION(Runtime_ThrowWasmStackOverflow) { SealHandleScope shs(isolate); DCHECK_LE(0, args.length()); - DCHECK(isolate->context().is_null()); - isolate->set_context(GetNativeContextFromWasmInstanceOnStackTop(isolate)); return isolate->StackOverflow(); } @@ -120,7 +118,7 @@ RUNTIME_FUNCTION(Runtime_WasmThrowCreate) { DCHECK_EQ(2, args.length()); DCHECK(isolate->context().is_null()); isolate->set_context(GetNativeContextFromWasmInstanceOnStackTop(isolate)); - CONVERT_ARG_CHECKED(HeapObject, tag_raw, 0); + CONVERT_ARG_CHECKED(WasmExceptionTag, tag_raw, 0); CONVERT_SMI_ARG_CHECKED(size, 1); // TODO(mstarzinger): Manually box because parameters are not visited yet. Handle<Object> tag(tag_raw, isolate); @@ -128,12 +126,14 @@ RUNTIME_FUNCTION(Runtime_WasmThrowCreate) { MessageTemplate::kWasmExceptionError); CHECK(!Object::SetProperty(isolate, exception, isolate->factory()->wasm_exception_tag_symbol(), - tag, LanguageMode::kStrict) + tag, StoreOrigin::kMaybeKeyed, + Just(ShouldThrow::kThrowOnError)) .is_null()); Handle<FixedArray> values = isolate->factory()->NewFixedArray(size); CHECK(!Object::SetProperty(isolate, exception, isolate->factory()->wasm_exception_values_symbol(), - values, LanguageMode::kStrict) + values, StoreOrigin::kMaybeKeyed, + Just(ShouldThrow::kThrowOnError)) .is_null()); return *exception; } @@ -147,16 +147,7 @@ RUNTIME_FUNCTION(Runtime_WasmExceptionGetTag) { CONVERT_ARG_CHECKED(Object, except_obj_raw, 0); // TODO(mstarzinger): Manually box because parameters are not visited yet. Handle<Object> except_obj(except_obj_raw, isolate); - if (!except_obj.is_null() && except_obj->IsJSReceiver()) { - Handle<JSReceiver> exception(JSReceiver::cast(*except_obj), isolate); - Handle<Object> tag; - if (JSReceiver::GetProperty(isolate, exception, - isolate->factory()->wasm_exception_tag_symbol()) - .ToHandle(&tag)) { - return *tag; - } - } - return ReadOnlyRoots(isolate).undefined_value(); + return *WasmExceptionPackage::GetExceptionTag(isolate, except_obj); } RUNTIME_FUNCTION(Runtime_WasmExceptionGetValues) { @@ -168,18 +159,7 @@ RUNTIME_FUNCTION(Runtime_WasmExceptionGetValues) { CONVERT_ARG_CHECKED(Object, except_obj_raw, 0); // TODO(mstarzinger): Manually box because parameters are not visited yet. Handle<Object> except_obj(except_obj_raw, isolate); - if (!except_obj.is_null() && except_obj->IsJSReceiver()) { - Handle<JSReceiver> exception(JSReceiver::cast(*except_obj), isolate); - Handle<Object> values; - if (JSReceiver::GetProperty( - isolate, exception, - isolate->factory()->wasm_exception_values_symbol()) - .ToHandle(&values)) { - DCHECK(values->IsFixedArray()); - return *values; - } - } - return ReadOnlyRoots(isolate).undefined_value(); + return *WasmExceptionPackage::GetExceptionValues(isolate, except_obj); } RUNTIME_FUNCTION(Runtime_WasmRunInterpreter) { @@ -333,6 +313,20 @@ RUNTIME_FUNCTION(Runtime_WasmI64AtomicWait) { timeout_ms); } +namespace { +Object ThrowTableOutOfBounds(Isolate* isolate, + Handle<WasmInstanceObject> instance) { + // Handle out-of-bounds access here in the runtime call, rather + // than having the lower-level layers deal with JS exceptions. + if (isolate->context().is_null()) { + isolate->set_context(instance->native_context()); + } + Handle<Object> error_obj = isolate->factory()->NewWasmRuntimeError( + MessageTemplate::kWasmTrapTableOutOfBounds); + return isolate->Throw(*error_obj); +} +} // namespace + RUNTIME_FUNCTION(Runtime_WasmTableInit) { HandleScope scope(isolate); DCHECK_EQ(5, args.length()); @@ -342,44 +336,31 @@ RUNTIME_FUNCTION(Runtime_WasmTableInit) { CONVERT_UINT32_ARG_CHECKED(elem_segment_index, 1); CONVERT_UINT32_ARG_CHECKED(dst, 2); CONVERT_UINT32_ARG_CHECKED(src, 3); - CONVERT_UINT32_ARG_CHECKED(size, 4); - - PrintF( - "TableInit(table_index=%u, elem_segment_index=%u, dst=%u, src=%u, " - "size=%u)\n", - table_index, elem_segment_index, dst, src, size); + CONVERT_UINT32_ARG_CHECKED(count, 4); - USE(instance); - USE(table_index); - USE(elem_segment_index); - USE(dst); - USE(src); - USE(size); + DCHECK(isolate->context().is_null()); + isolate->set_context(instance->native_context()); - UNREACHABLE(); + bool oob = !WasmInstanceObject::InitTableEntries( + isolate, instance, table_index, elem_segment_index, dst, src, count); + if (oob) return ThrowTableOutOfBounds(isolate, instance); + return ReadOnlyRoots(isolate).undefined_value(); } RUNTIME_FUNCTION(Runtime_WasmTableCopy) { HandleScope scope(isolate); - DCHECK_EQ(4, args.length()); + DCHECK_EQ(5, args.length()); auto instance = Handle<WasmInstanceObject>(GetWasmInstanceOnStackTop(isolate), isolate); - CONVERT_UINT32_ARG_CHECKED(table_index, 0); - CONVERT_UINT32_ARG_CHECKED(dst, 1); - CONVERT_UINT32_ARG_CHECKED(src, 2); - CONVERT_UINT32_ARG_CHECKED(count, 3); + CONVERT_UINT32_ARG_CHECKED(table_src_index, 0); + CONVERT_UINT32_ARG_CHECKED(table_dst_index, 1); + CONVERT_UINT32_ARG_CHECKED(dst, 2); + CONVERT_UINT32_ARG_CHECKED(src, 3); + CONVERT_UINT32_ARG_CHECKED(count, 4); bool oob = !WasmInstanceObject::CopyTableEntries( - isolate, instance, table_index, dst, src, count); - if (oob) { - // Handle out-of-bounds access here in the runtime call, rather - // than having the lower-level layers deal with JS exceptions. - DCHECK(isolate->context().is_null()); - isolate->set_context(instance->native_context()); - Handle<Object> error_obj = isolate->factory()->NewWasmRuntimeError( - MessageTemplate::kWasmTrapTableOutOfBounds); - return isolate->Throw(*error_obj); - } + isolate, instance, table_src_index, table_dst_index, dst, src, count); + if (oob) return ThrowTableOutOfBounds(isolate, instance); return ReadOnlyRoots(isolate).undefined_value(); } } // namespace internal diff --git a/chromium/v8/src/runtime/runtime-weak-refs.cc b/chromium/v8/src/runtime/runtime-weak-refs.cc index 4bc258d7de5..df7ed76bf37 100644 --- a/chromium/v8/src/runtime/runtime-weak-refs.cc +++ b/chromium/v8/src/runtime/runtime-weak-refs.cc @@ -15,12 +15,12 @@ namespace v8 { namespace internal { -RUNTIME_FUNCTION(Runtime_WeakFactoryCleanupJob) { +RUNTIME_FUNCTION(Runtime_FinalizationGroupCleanupJob) { HandleScope scope(isolate); - CONVERT_ARG_HANDLE_CHECKED(JSWeakFactory, weak_factory, 0); - weak_factory->set_scheduled_for_cleanup(false); + CONVERT_ARG_HANDLE_CHECKED(JSFinalizationGroup, finalization_group, 0); + finalization_group->set_scheduled_for_cleanup(false); - JSWeakFactory::Cleanup(weak_factory, isolate); + JSFinalizationGroup::Cleanup(finalization_group, isolate); return ReadOnlyRoots(isolate).undefined_value(); } diff --git a/chromium/v8/src/runtime/runtime.cc b/chromium/v8/src/runtime/runtime.cc index 3d70a675535..058e02733e9 100644 --- a/chromium/v8/src/runtime/runtime.cc +++ b/chromium/v8/src/runtime/runtime.cc @@ -124,6 +124,7 @@ bool Runtime::NeedsExactContext(FunctionId id) { case Runtime::kThrowNotConstructor: case Runtime::kThrowRangeError: case Runtime::kThrowReferenceError: + case Runtime::kThrowAccessedUninitializedVariable: case Runtime::kThrowStackOverflow: case Runtime::kThrowStaticPrototypeError: case Runtime::kThrowSuperAlreadyCalledError: @@ -163,6 +164,7 @@ bool Runtime::IsNonReturning(FunctionId id) { case Runtime::kThrowNotConstructor: case Runtime::kThrowRangeError: case Runtime::kThrowReferenceError: + case Runtime::kThrowAccessedUninitializedVariable: case Runtime::kThrowStackOverflow: case Runtime::kThrowSymbolAsyncIteratorInvalid: case Runtime::kThrowTypeError: diff --git a/chromium/v8/src/runtime/runtime.h b/chromium/v8/src/runtime/runtime.h index 43e4e99f5a8..4dabce27a56 100644 --- a/chromium/v8/src/runtime/runtime.h +++ b/chromium/v8/src/runtime/runtime.h @@ -85,10 +85,8 @@ namespace internal { F(HomeObjectSymbol, 0, 1) \ F(LoadFromSuper, 3, 1) \ F(LoadKeyedFromSuper, 3, 1) \ - F(StoreKeyedToSuper_Sloppy, 4, 1) \ - F(StoreKeyedToSuper_Strict, 4, 1) \ - F(StoreToSuper_Sloppy, 4, 1) \ - F(StoreToSuper_Strict, 4, 1) \ + F(StoreKeyedToSuper, 4, 1) \ + F(StoreToSuper, 4, 1) \ F(ThrowConstructorNonCallableError, 1, 1) \ F(ThrowNotSuperConstructor, 2, 1) \ F(ThrowStaticPrototypeError, 0, 1) \ @@ -207,6 +205,7 @@ namespace internal { #endif // V8_INTL_SUPPORT #define FOR_EACH_INTRINSIC_INTERNAL(F, I) \ + F(AccessCheck, 1, 1) \ F(AllocateInNewSpace, 1, 1) \ F(AllocateInTargetSpace, 2, 1) \ F(AllocateSeqOneByteString, 1, 1) \ @@ -215,10 +214,10 @@ namespace internal { F(CheckIsBootstrapping, 0, 1) \ I(CreateAsyncFromSyncIterator, 1, 1) \ F(CreateListFromArrayLike, 1, 1) \ - F(CreateTemplateObject, 1, 1) \ F(FatalProcessOutOfMemoryInAllocateRaw, 0, 1) \ F(FatalProcessOutOfMemoryInvalidArrayLength, 0, 1) \ F(GetAndResetRuntimeCallStats, -1 /* <= 2 */, 1) \ + F(GetTemplateObject, 3, 1) \ F(IncrementUseCounter, 1, 1) \ F(Interrupt, 0, 1) \ F(NewReferenceError, 2, 1) \ @@ -244,14 +243,16 @@ namespace internal { F(ThrowPatternAssignmentNonCoercible, 0, 1) \ F(ThrowRangeError, -1 /* >= 1 */, 1) \ F(ThrowReferenceError, 1, 1) \ + F(ThrowAccessedUninitializedVariable, 1, 1) \ F(ThrowStackOverflow, 0, 1) \ F(ThrowSymbolAsyncIteratorInvalid, 0, 1) \ F(ThrowSymbolIteratorInvalid, 0, 1) \ F(ThrowThrowMethodMissing, 0, 1) \ F(ThrowTypeError, -1 /* >= 1 */, 1) \ + F(ThrowTypeErrorIfStrict, -1 /* >= 1 */, 1) \ F(Typeof, 1, 1) \ F(UnwindAndFindExceptionHandler, 0, 1) \ - F(WeakFactoryCleanupJob, 1, 1) + F(FinalizationGroupCleanupJob, 1, 1) #define FOR_EACH_INTRINSIC_LITERALS(F, I) \ F(CreateArrayLiteral, 4, 1) \ @@ -316,8 +317,8 @@ namespace internal { F(OptimizeObjectForAddingMultipleProperties, 2, 1) \ F(PerformSideEffectCheckForObject, 1, 1) \ F(SetDataProperties, 2, 1) \ - F(SetKeyedProperty, 4, 1) \ - F(SetNamedProperty, 4, 1) \ + F(SetKeyedProperty, 3, 1) \ + F(SetNamedProperty, 3, 1) \ F(StoreDataPropertyInLiteral, 3, 1) \ F(ShrinkPropertyDictionary, 1, 1) \ F(ToFastProperties, 1, 1) \ @@ -363,14 +364,13 @@ namespace internal { F(IsJSProxy, 1, 1) \ F(JSProxyGetHandler, 1, 1) \ F(JSProxyGetTarget, 1, 1) \ - F(SetPropertyWithReceiver, 5, 1) + F(SetPropertyWithReceiver, 4, 1) #define FOR_EACH_INTRINSIC_REGEXP(F, I) \ I(IsRegExp, 1, 1) \ F(RegExpExec, 4, 1) \ F(RegExpExecMultiple, 4, 1) \ F(RegExpInitializeAndCompile, 3, 1) \ - F(RegExpInternalReplace, 3, 1) \ F(RegExpReplace, 3, 1) \ F(RegExpSplit, 3, 1) \ F(StringReplaceNonGlobalRegExpWithFunction, 3, 1) \ @@ -406,12 +406,11 @@ namespace internal { F(FlattenString, 1, 1) \ F(GetSubstitution, 5, 1) \ F(InternalizeString, 1, 1) \ - F(SparseJoinWithSeparator, 3, 1) \ F(StringAdd, 2, 1) \ F(StringBuilderConcat, 3, 1) \ - F(StringBuilderJoin, 3, 1) \ F(StringCharCodeAt, 2, 1) \ F(StringEqual, 2, 1) \ + F(StringEscapeQuotes, 1, 1) \ F(StringGreaterThan, 2, 1) \ F(StringGreaterThanOrEqual, 2, 1) \ F(StringIncludes, 3, 1) \ @@ -422,6 +421,7 @@ namespace internal { F(StringLessThanOrEqual, 2, 1) \ F(StringMaxLength, 0, 1) \ F(StringReplaceOneCharWithString, 3, 1) \ + F(StringCompareSequence, 3, 1) \ F(StringSubstring, 3, 1) \ F(StringToArray, 2, 1) \ F(StringTrim, 2, 1) @@ -433,6 +433,7 @@ namespace internal { F(SymbolIsPrivate, 1, 1) #define FOR_EACH_INTRINSIC_TEST(F, I) \ + F(ClearMegamorphicStubCache, 0, 1) \ F(Abort, 1, 1) \ F(AbortJS, 1, 1) \ F(ClearFunctionFeedback, 1, 1) \ @@ -460,6 +461,7 @@ namespace internal { F(GetWasmRecoveredTrapCount, 0, 1) \ F(GlobalPrint, 1, 1) \ F(HasDictionaryElements, 1, 1) \ + F(HasPackedElements, 1, 1) \ F(HasDoubleElements, 1, 1) \ F(HasFastElements, 1, 1) \ F(HasFastProperties, 1, 1) \ @@ -494,6 +496,7 @@ namespace internal { F(NotifyContextDisposed, 0, 1) \ F(OptimizeFunctionOnNextCall, -1, 1) \ F(OptimizeOsr, -1, 1) \ + F(PrepareFunctionForOptimization, 1, 1) \ F(PrintWithNameForAssert, 2, 1) \ F(RedirectToWasmInterpreter, 2, 1) \ F(RunningInSimulator, 0, 1) \ @@ -540,7 +543,7 @@ namespace internal { F(WasmThrowCreate, 2, 1) \ F(WasmThrowTypeError, 0, 1) \ F(WasmTableInit, 5, 1) \ - F(WasmTableCopy, 4, 1) \ + F(WasmTableCopy, 5, 1) \ F(WasmIsValidAnyFuncValue, 1, 1) \ F(WasmCompileLazy, 2, 1) @@ -554,9 +557,8 @@ namespace internal { F(ElementsTransitionAndStoreIC_Miss, 6, 1) \ F(KeyedLoadIC_Miss, 4, 1) \ F(KeyedStoreIC_Miss, 5, 1) \ - F(KeyedStoreICNoFeedback_Miss, 4, 1) \ F(StoreInArrayLiteralIC_Miss, 5, 1) \ - F(KeyedStoreIC_Slow, 5, 1) \ + F(KeyedStoreIC_Slow, 3, 1) \ F(LoadAccessorProperty, 4, 1) \ F(LoadCallbackProperty, 4, 1) \ F(LoadElementWithInterceptor, 2, 1) \ @@ -564,15 +566,16 @@ namespace internal { F(LoadGlobalIC_Slow, 3, 1) \ F(LoadIC_Miss, 4, 1) \ F(LoadPropertyWithInterceptor, 5, 1) \ - F(StoreCallbackProperty, 6, 1) \ + F(StoreCallbackProperty, 5, 1) \ F(StoreGlobalIC_Miss, 4, 1) \ - F(StoreGlobalICNoFeedback_Miss, 3, 1) \ + F(StoreGlobalICNoFeedback_Miss, 2, 1) \ F(StoreGlobalIC_Slow, 5, 1) \ F(StoreIC_Miss, 5, 1) \ - F(StoreICNoFeedback_Miss, 5, 1) \ F(StoreInArrayLiteralIC_Slow, 5, 1) \ F(StorePropertyWithInterceptor, 5, 1) \ - F(CloneObjectIC_Miss, 4, 1) + F(CloneObjectIC_Miss, 4, 1) \ + F(KeyedHasIC_Miss, 4, 1) \ + F(HasElementWithInterceptor, 2, 1) #define FOR_EACH_INTRINSIC_RETURN_OBJECT_IMPL(F, I) \ FOR_EACH_INTRINSIC_ARRAY(F, I) \ @@ -700,13 +703,16 @@ class Runtime : public AllStatic { V8_WARN_UNUSED_RESULT static MaybeHandle<Object> SetObjectProperty( Isolate* isolate, Handle<Object> object, Handle<Object> key, - Handle<Object> value, LanguageMode language_mode, - StoreOrigin store_origin); + Handle<Object> value, StoreOrigin store_origin, + Maybe<ShouldThrow> should_throw = Nothing<ShouldThrow>()); V8_WARN_UNUSED_RESULT static MaybeHandle<Object> GetObjectProperty( Isolate* isolate, Handle<Object> object, Handle<Object> key, bool* is_found_out = nullptr); + V8_WARN_UNUSED_RESULT static MaybeHandle<Object> HasProperty( + Isolate* isolate, Handle<Object> object, Handle<Object> key); + V8_WARN_UNUSED_RESULT static MaybeHandle<JSArray> GetInternalProperties( Isolate* isolate, Handle<Object>); |