Google Git
Sign in
webkit / WebKit / af107121180e7ae7606d9b7b1021b27102f6b698 / . / Source / JavaScriptCore / runtime / ArrayPrototype.cpp
blob: 0a7ae4eb12304b135e91e418a4b7f2c6498f0887 [file] [log] [blame]
/*
* Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
* Copyright (C) 2003-2019 Apple Inc. All rights reserved.
* Copyright (C) 2003 Peter Kelly (pmk@post.com)
* Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
* USA
*
*/
#include "config.h"
#include "ArrayPrototype.h"
#include "AdaptiveInferredPropertyValueWatchpointBase.h"
#include "ArrayConstructor.h"
#include "BuiltinNames.h"
#include "ButterflyInlines.h"
#include "CodeBlock.h"
#include "Error.h"
#include "GetterSetter.h"
#include "Interpreter.h"
#include "JIT.h"
#include "JSArrayInlines.h"
#include "JSCBuiltins.h"
#include "JSCInlines.h"
#include "JSImmutableButterfly.h"
#include "JSStringJoiner.h"
#include "Lookup.h"
#include "ObjectConstructor.h"
#include "ObjectPrototype.h"
#include "Operations.h"
#include "StringRecursionChecker.h"
#include <algorithm>
#include <wtf/Assertions.h>
namespace JSC {
EncodedJSValue JSC_HOST_CALL arrayProtoFuncToLocaleString(JSGlobalObject*, CallFrame*);
EncodedJSValue JSC_HOST_CALL arrayProtoFuncJoin(JSGlobalObject*, CallFrame*);
EncodedJSValue JSC_HOST_CALL arrayProtoFuncPop(JSGlobalObject*, CallFrame*);
EncodedJSValue JSC_HOST_CALL arrayProtoFuncPush(JSGlobalObject*, CallFrame*);
EncodedJSValue JSC_HOST_CALL arrayProtoFuncReverse(JSGlobalObject*, CallFrame*);
EncodedJSValue JSC_HOST_CALL arrayProtoFuncShift(JSGlobalObject*, CallFrame*);
EncodedJSValue JSC_HOST_CALL arrayProtoFuncSlice(JSGlobalObject*, CallFrame*);
EncodedJSValue JSC_HOST_CALL arrayProtoFuncSplice(JSGlobalObject*, CallFrame*);
EncodedJSValue JSC_HOST_CALL arrayProtoFuncUnShift(JSGlobalObject*, CallFrame*);
EncodedJSValue JSC_HOST_CALL arrayProtoFuncIndexOf(JSGlobalObject*, CallFrame*);
EncodedJSValue JSC_HOST_CALL arrayProtoFuncLastIndexOf(JSGlobalObject*, CallFrame*);
// ------------------------------ ArrayPrototype ----------------------------
const ClassInfo ArrayPrototype::s_info = {"Array", &JSArray::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(ArrayPrototype)};
ArrayPrototype* ArrayPrototype::create(VM& vm, JSGlobalObject* globalObject, Structure* structure)
{
ArrayPrototype* prototype = new (NotNull, allocateCell<ArrayPrototype>(vm.heap)) ArrayPrototype(vm, structure);
prototype->finishCreation(vm, globalObject);
return prototype;
}
// ECMA 15.4.4
ArrayPrototype::ArrayPrototype(VM& vm, Structure* structure)
: JSArray(vm, structure, 0)
{
}
void ArrayPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject)
{
Base::finishCreation(vm);
ASSERT(inherits(vm, info()));
putDirectWithoutTransition(vm, vm.propertyNames->toString, globalObject->arrayProtoToStringFunction(), static_cast<unsigned>(PropertyAttribute::DontEnum));
putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().valuesPublicName(), globalObject->arrayProtoValuesFunction(), static_cast<unsigned>(PropertyAttribute::DontEnum));
putDirectWithoutTransition(vm, vm.propertyNames->iteratorSymbol, globalObject->arrayProtoValuesFunction(), static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->toLocaleString, arrayProtoFuncToLocaleString, static_cast<unsigned>(PropertyAttribute::DontEnum), 0);
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().concatPublicName(), arrayPrototypeConcatCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().fillPublicName(), arrayPrototypeFillCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->join, arrayProtoFuncJoin, static_cast<unsigned>(PropertyAttribute::DontEnum), 1);
JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION("pop", arrayProtoFuncPop, static_cast<unsigned>(PropertyAttribute::DontEnum), 0, ArrayPopIntrinsic);
JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().pushPublicName(), arrayProtoFuncPush, static_cast<unsigned>(PropertyAttribute::DontEnum), 1, ArrayPushIntrinsic);
JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().pushPrivateName(), arrayProtoFuncPush, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly, 1, ArrayPushIntrinsic);
JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION("reverse", arrayProtoFuncReverse, static_cast<unsigned>(PropertyAttribute::DontEnum), 0);
JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().shiftPublicName(), arrayProtoFuncShift, static_cast<unsigned>(PropertyAttribute::DontEnum), 0);
JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().shiftPrivateName(), arrayProtoFuncShift, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly, 0);
JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->slice, arrayProtoFuncSlice, static_cast<unsigned>(PropertyAttribute::DontEnum), 2, ArraySliceIntrinsic);
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().sortPublicName(), arrayPrototypeSortCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION("splice", arrayProtoFuncSplice, static_cast<unsigned>(PropertyAttribute::DontEnum), 2);
JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION("unshift", arrayProtoFuncUnShift, static_cast<unsigned>(PropertyAttribute::DontEnum), 1);
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().everyPublicName(), arrayPrototypeEveryCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().forEachPublicName(), arrayPrototypeForEachCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().somePublicName(), arrayPrototypeSomeCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION("indexOf", arrayProtoFuncIndexOf, static_cast<unsigned>(PropertyAttribute::DontEnum), 1, ArrayIndexOfIntrinsic);
JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION("lastIndexOf", arrayProtoFuncLastIndexOf, static_cast<unsigned>(PropertyAttribute::DontEnum), 1);
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().filterPublicName(), arrayPrototypeFilterCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().flatPublicName(), arrayPrototypeFlatCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().flatMapPublicName(), arrayPrototypeFlatMapCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().reducePublicName(), arrayPrototypeReduceCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().reduceRightPublicName(), arrayPrototypeReduceRightCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().mapPublicName(), arrayPrototypeMapCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().entriesPublicName(), arrayPrototypeEntriesCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().keysPublicName(), arrayPrototypeKeysCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().findPublicName(), arrayPrototypeFindCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().findIndexPublicName(), arrayPrototypeFindIndexCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().includesPublicName(), arrayPrototypeIncludesCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().copyWithinPublicName(), arrayPrototypeCopyWithinCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().entriesPrivateName(), getDirect(vm, vm.propertyNames->builtinNames().entriesPublicName()), static_cast<unsigned>(PropertyAttribute::ReadOnly));
putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().forEachPrivateName(), getDirect(vm, vm.propertyNames->builtinNames().forEachPublicName()), static_cast<unsigned>(PropertyAttribute::ReadOnly));
putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().keysPrivateName(), getDirect(vm, vm.propertyNames->builtinNames().keysPublicName()), static_cast<unsigned>(PropertyAttribute::ReadOnly));
putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().valuesPrivateName(), globalObject->arrayProtoValuesFunction(), static_cast<unsigned>(PropertyAttribute::ReadOnly));
JSObject* unscopables = constructEmptyObject(vm, globalObject->nullPrototypeObjectStructure());
unscopables->convertToDictionary(vm);
const Identifier* const unscopableNames[] = {
&vm.propertyNames->builtinNames().copyWithinPublicName(),
&vm.propertyNames->builtinNames().entriesPublicName(),
&vm.propertyNames->builtinNames().fillPublicName(),
&vm.propertyNames->builtinNames().findPublicName(),
&vm.propertyNames->builtinNames().findIndexPublicName(),
&vm.propertyNames->builtinNames().flatPublicName(),
&vm.propertyNames->builtinNames().flatMapPublicName(),
&vm.propertyNames->builtinNames().includesPublicName(),
&vm.propertyNames->builtinNames().keysPublicName(),
&vm.propertyNames->builtinNames().valuesPublicName()
};
for (const auto* unscopableName : unscopableNames)
unscopables->putDirect(vm, *unscopableName, jsBoolean(true));
putDirectWithoutTransition(vm, vm.propertyNames->unscopablesSymbol, unscopables, PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly);
}
// ------------------------------ Array Functions ----------------------------
static ALWAYS_INLINE JSValue getProperty(JSGlobalObject* globalObject, JSObject* object, unsigned index)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
if (JSValue result = object->tryGetIndexQuickly(index))
return result;
// We want to perform get and has in the same operation.
// We can only do so when this behavior is not observable. The
// only time it is observable is when we encounter an opaque objects (ProxyObject and JSModuleNamespaceObject)
// somewhere in the prototype chain.
PropertySlot slot(object, PropertySlot::InternalMethodType::HasProperty);
bool hasProperty = object->getPropertySlot(globalObject, index, slot);
EXCEPTION_ASSERT(!scope.exception() || !hasProperty);
if (!hasProperty)
return { };
if (UNLIKELY(slot.isTaintedByOpaqueObject()))
RELEASE_AND_RETURN(scope, object->get(globalObject, index));
RELEASE_AND_RETURN(scope, slot.getValue(globalObject, index));
}
static ALWAYS_INLINE void putLength(JSGlobalObject* globalObject, VM& vm, JSObject* obj, JSValue value)
{
auto scope = DECLARE_THROW_SCOPE(vm);
PutPropertySlot slot(obj);
bool success = obj->methodTable(vm)->put(obj, globalObject, vm.propertyNames->length, value, slot);
RETURN_IF_EXCEPTION(scope, void());
if (UNLIKELY(!success))
throwTypeError(globalObject, scope, ReadonlyPropertyWriteError);
}
static ALWAYS_INLINE void setLength(JSGlobalObject* globalObject, VM& vm, JSObject* obj, unsigned value)
{
auto scope = DECLARE_THROW_SCOPE(vm);
static constexpr bool throwException = true;
if (isJSArray(obj)) {
jsCast<JSArray*>(obj)->setLength(globalObject, value, throwException);
RETURN_IF_EXCEPTION(scope, void());
}
scope.release();
putLength(globalObject, vm, obj, jsNumber(value));
}
namespace ArrayPrototypeInternal {
static bool verbose = false;
}
ALWAYS_INLINE bool speciesWatchpointIsValid(VM& vm, JSObject* thisObject)
{
JSGlobalObject* globalObject = thisObject->globalObject(vm);
ArrayPrototype* arrayPrototype = globalObject->arrayPrototype();
if (globalObject->arraySpeciesWatchpointSet().stateOnJSThread() == ClearWatchpoint) {
dataLogLnIf(ArrayPrototypeInternal::verbose, "Initializing Array species watchpoints for Array.prototype: ", pointerDump(arrayPrototype), " with structure: ", pointerDump(arrayPrototype->structure(vm)), "\nand Array: ", pointerDump(globalObject->arrayConstructor()), " with structure: ", pointerDump(globalObject->arrayConstructor()->structure(vm)));
globalObject->tryInstallArraySpeciesWatchpoint();
ASSERT(globalObject->arraySpeciesWatchpointSet().stateOnJSThread() != ClearWatchpoint);
}
return !thisObject->hasCustomProperties(vm)
&& arrayPrototype == thisObject->getPrototypeDirect(vm)
&& globalObject->arraySpeciesWatchpointSet().stateOnJSThread() == IsWatched;
}
enum class SpeciesConstructResult {
FastPath,
Exception,
CreatedObject
};
static ALWAYS_INLINE std::pair<SpeciesConstructResult, JSObject*> speciesConstructArray(JSGlobalObject* globalObject, JSObject* thisObject, uint64_t length)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
auto exceptionResult = [] () {
return std::make_pair(SpeciesConstructResult::Exception, nullptr);
};
// ECMA 9.4.2.3: https://tc39.github.io/ecma262/#sec-arrayspeciescreate
JSValue constructor = jsUndefined();
bool thisIsArray = isArray(globalObject, thisObject);
RETURN_IF_EXCEPTION(scope, exceptionResult());
if (LIKELY(thisIsArray)) {
// Fast path in the normal case where the user has not set an own constructor and the Array.prototype.constructor is normal.
// We need prototype check for subclasses of Array, which are Array objects but have a different prototype by default.
bool isValid = speciesWatchpointIsValid(vm, thisObject);
scope.assertNoException();
if (LIKELY(isValid))
return std::make_pair(SpeciesConstructResult::FastPath, nullptr);
constructor = thisObject->get(globalObject, vm.propertyNames->constructor);
RETURN_IF_EXCEPTION(scope, exceptionResult());
if (constructor.isConstructor(vm)) {
JSObject* constructorObject = jsCast<JSObject*>(constructor);
bool isArrayConstructorFromAnotherRealm = globalObject != constructorObject->globalObject(vm)
&& constructorObject->inherits<ArrayConstructor>(vm);
if (isArrayConstructorFromAnotherRealm)
return std::make_pair(SpeciesConstructResult::FastPath, nullptr);
}
if (constructor.isObject()) {
constructor = constructor.get(globalObject, vm.propertyNames->speciesSymbol);
RETURN_IF_EXCEPTION(scope, exceptionResult());
if (constructor.isNull())
return std::make_pair(SpeciesConstructResult::FastPath, nullptr);
}
} else {
// If isArray is false, return ? ArrayCreate(length).
return std::make_pair(SpeciesConstructResult::FastPath, nullptr);
}
if (constructor.isUndefined())
return std::make_pair(SpeciesConstructResult::FastPath, nullptr);
MarkedArgumentBuffer args;
args.append(jsNumber(length));
ASSERT(!args.hasOverflowed());
JSObject* newObject = construct(globalObject, constructor, args, "Species construction did not get a valid constructor");
RETURN_IF_EXCEPTION(scope, exceptionResult());
return std::make_pair(SpeciesConstructResult::CreatedObject, newObject);
}
EncodedJSValue JSC_HOST_CALL arrayProtoFuncSpeciesCreate(JSGlobalObject* globalObject, CallFrame* callFrame)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
JSObject* object = asObject(callFrame->uncheckedArgument(0));
uint64_t length = static_cast<uint64_t>(callFrame->uncheckedArgument(1).asNumber());
std::pair<SpeciesConstructResult, JSObject*> speciesResult = speciesConstructArray(globalObject, object, length);
EXCEPTION_ASSERT(!!scope.exception() == (speciesResult.first == SpeciesConstructResult::Exception));
if (UNLIKELY(speciesResult.first == SpeciesConstructResult::Exception))
return { };
if (speciesResult.first == SpeciesConstructResult::CreatedObject)
return JSValue::encode(speciesResult.second);
if (length > std::numeric_limits<unsigned>::max()) {
throwRangeError(globalObject, scope, "Array size is not a small enough positive integer."_s);
return { };
}
RELEASE_AND_RETURN(scope, JSValue::encode(constructEmptyArray(globalObject, nullptr, static_cast<unsigned>(length))));
}
static inline unsigned argumentClampedIndexFromStartOrEnd(JSGlobalObject* globalObject, JSValue value, unsigned length, unsigned undefinedValue = 0)
{
if (value.isUndefined())
return undefinedValue;
double indexDouble = value.toInteger(globalObject);
if (indexDouble < 0) {
indexDouble += length;
return indexDouble < 0 ? 0 : static_cast<unsigned>(indexDouble);
}
return indexDouble > length ? length : static_cast<unsigned>(indexDouble);
}
// The shift/unshift function implement the shift/unshift behaviour required
// by the corresponding array prototype methods, and by splice. In both cases,
// the methods are operating an an array or array like object.
//
// header currentCount (remainder)
// [------][------------][-----------]
// header resultCount (remainder)
// [------][-----------][-----------]
//
// The set of properties in the range 'header' must be unchanged. The set of
// properties in the range 'remainder' (where remainder = length - header -
// currentCount) will be shifted to the left or right as appropriate; in the
// case of shift this must be removing values, in the case of unshift this
// must be introducing new values.
template<JSArray::ShiftCountMode shiftCountMode>
void shift(JSGlobalObject* globalObject, JSObject* thisObj, unsigned header, unsigned currentCount, unsigned resultCount, unsigned length)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
RELEASE_ASSERT(currentCount > resultCount);
unsigned count = currentCount - resultCount;
RELEASE_ASSERT(header <= length);
RELEASE_ASSERT(currentCount <= (length - header));
if (isJSArray(thisObj)) {
JSArray* array = asArray(thisObj);
if (array->length() == length && array->shiftCount<shiftCountMode>(globalObject, header, count))
return;
}
for (unsigned k = header; k < length - currentCount; ++k) {
unsigned from = k + currentCount;
unsigned to = k + resultCount;
JSValue value = getProperty(globalObject, thisObj, from);
RETURN_IF_EXCEPTION(scope, void());
if (value) {
thisObj->putByIndexInline(globalObject, to, value, true);
RETURN_IF_EXCEPTION(scope, void());
} else {
bool success = thisObj->methodTable(vm)->deletePropertyByIndex(thisObj, globalObject, to);
RETURN_IF_EXCEPTION(scope, void());
if (!success) {
throwTypeError(globalObject, scope, UnableToDeletePropertyError);
return;
}
}
}
for (unsigned k = length; k > length - count; --k) {
bool success = thisObj->methodTable(vm)->deletePropertyByIndex(thisObj, globalObject, k - 1);
RETURN_IF_EXCEPTION(scope, void());
if (!success) {
throwTypeError(globalObject, scope, UnableToDeletePropertyError);
return;
}
}
}
template<JSArray::ShiftCountMode shiftCountMode>
void unshift(JSGlobalObject* globalObject, JSObject* thisObj, unsigned header, unsigned currentCount, unsigned resultCount, unsigned length)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
RELEASE_ASSERT(resultCount > currentCount);
unsigned count = resultCount - currentCount;
RELEASE_ASSERT(header <= length);
RELEASE_ASSERT(currentCount <= (length - header));
// Guard against overflow.
if (count > UINT_MAX - length) {
throwOutOfMemoryError(globalObject, scope);
return;
}
if (isJSArray(thisObj)) {
JSArray* array = asArray(thisObj);
if (array->length() == length) {
bool handled = array->unshiftCount<shiftCountMode>(globalObject, header, count);
EXCEPTION_ASSERT(!scope.exception() || handled);
if (handled)
return;
}
}
for (unsigned k = length - currentCount; k > header; --k) {
unsigned from = k + currentCount - 1;
unsigned to = k + resultCount - 1;
JSValue value = getProperty(globalObject, thisObj, from);
RETURN_IF_EXCEPTION(scope, void());
if (value) {
thisObj->putByIndexInline(globalObject, to, value, true);
RETURN_IF_EXCEPTION(scope, void());
} else {
bool success = thisObj->methodTable(vm)->deletePropertyByIndex(thisObj, globalObject, to);
RETURN_IF_EXCEPTION(scope, void());
if (UNLIKELY(!success)) {
throwTypeError(globalObject, scope, UnableToDeletePropertyError);
return;
}
}
}
}
inline bool canUseFastJoin(const JSObject* thisObject)
{
switch (thisObject->indexingType()) {
case ALL_CONTIGUOUS_INDEXING_TYPES:
case ALL_INT32_INDEXING_TYPES:
case ALL_DOUBLE_INDEXING_TYPES:
case ALL_UNDECIDED_INDEXING_TYPES:
return true;
default:
break;
}
return false;
}
inline bool holesMustForwardToPrototype(VM& vm, JSObject* object)
{
return object->structure(vm)->holesMustForwardToPrototype(vm, object);
}
inline bool isHole(double value)
{
return std::isnan(value);
}
inline bool isHole(const WriteBarrier<Unknown>& value)
{
return !value;
}
template<typename T>
inline bool containsHole(T* data, unsigned length)
{
for (unsigned i = 0; i < length; ++i) {
if (isHole(data[i]))
return true;
}
return false;
}
inline JSValue fastJoin(JSGlobalObject* globalObject, JSObject* thisObject, StringView separator, unsigned length, bool* sawHoles = nullptr)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
switch (thisObject->indexingType()) {
case ALL_INT32_INDEXING_TYPES: {
auto& butterfly = *thisObject->butterfly();
if (UNLIKELY(length > butterfly.publicLength()))
break;
JSStringJoiner joiner(globalObject, separator, length);
RETURN_IF_EXCEPTION(scope, { });
auto data = butterfly.contiguous().data();
bool holesKnownToBeOK = false;
for (unsigned i = 0; i < length; ++i) {
JSValue value = data[i].get();
if (LIKELY(value))
joiner.appendNumber(vm, value.asInt32());
else {
if (sawHoles)
*sawHoles = true;
if (!holesKnownToBeOK) {
if (holesMustForwardToPrototype(vm, thisObject))
goto generalCase;
holesKnownToBeOK = true;
}
joiner.appendEmptyString();
}
}
RELEASE_AND_RETURN(scope, joiner.join(globalObject));
}
case ALL_CONTIGUOUS_INDEXING_TYPES: {
auto& butterfly = *thisObject->butterfly();
if (UNLIKELY(length > butterfly.publicLength()))
break;
JSStringJoiner joiner(globalObject, separator, length);
RETURN_IF_EXCEPTION(scope, { });
auto data = butterfly.contiguous().data();
bool holesKnownToBeOK = false;
for (unsigned i = 0; i < length; ++i) {
if (JSValue value = data[i].get()) {
if (!joiner.appendWithoutSideEffects(globalObject, value))
goto generalCase;
RETURN_IF_EXCEPTION(scope, { });
} else {
if (sawHoles)
*sawHoles = true;
if (!holesKnownToBeOK) {
if (holesMustForwardToPrototype(vm, thisObject))
goto generalCase;
holesKnownToBeOK = true;
}
joiner.appendEmptyString();
}
}
RELEASE_AND_RETURN(scope, joiner.join(globalObject));
}
case ALL_DOUBLE_INDEXING_TYPES: {
auto& butterfly = *thisObject->butterfly();
if (UNLIKELY(length > butterfly.publicLength()))
break;
JSStringJoiner joiner(globalObject, separator, length);
RETURN_IF_EXCEPTION(scope, { });
auto data = butterfly.contiguousDouble().data();
bool holesKnownToBeOK = false;
for (unsigned i = 0; i < length; ++i) {
double value = data[i];
if (LIKELY(!isHole(value)))
joiner.appendNumber(vm, value);
else {
if (sawHoles)
*sawHoles = true;
if (!holesKnownToBeOK) {
if (holesMustForwardToPrototype(vm, thisObject))
goto generalCase;
holesKnownToBeOK = true;
}
joiner.appendEmptyString();
}
}
RELEASE_AND_RETURN(scope, joiner.join(globalObject));
}
case ALL_UNDECIDED_INDEXING_TYPES: {
if (length && holesMustForwardToPrototype(vm, thisObject))
goto generalCase;
switch (separator.length()) {
case 0:
RELEASE_AND_RETURN(scope, jsEmptyString(vm));
case 1: {
if (length <= 1)
RELEASE_AND_RETURN(scope, jsEmptyString(vm));
if (separator.is8Bit())
RELEASE_AND_RETURN(scope, repeatCharacter(globalObject, separator.characters8()[0], length - 1));
RELEASE_AND_RETURN(scope, repeatCharacter(globalObject, separator.characters16()[0], length - 1));
default:
JSString* result = jsEmptyString(vm);
if (length <= 1)
return result;
JSString* operand = jsString(vm, separator.toString());
RETURN_IF_EXCEPTION(scope, { });
unsigned count = length - 1;
for (;;) {
if (count & 1) {
result = jsString(globalObject, result, operand);
RETURN_IF_EXCEPTION(scope, { });
}
count >>= 1;
if (!count)
return result;
operand = jsString(globalObject, operand, operand);
RETURN_IF_EXCEPTION(scope, { });
}
}
}
}
}
generalCase:
JSStringJoiner joiner(globalObject, separator, length);
RETURN_IF_EXCEPTION(scope, { });
for (unsigned i = 0; i < length; ++i) {
JSValue element = thisObject->getIndex(globalObject, i);
RETURN_IF_EXCEPTION(scope, { });
joiner.append(globalObject, element);
RETURN_IF_EXCEPTION(scope, { });
}
RELEASE_AND_RETURN(scope, joiner.join(globalObject));
}
inline bool canUseDefaultArrayJoinForToString(VM& vm, JSObject* thisObject)
{
JSGlobalObject* globalObject = thisObject->globalObject();
if (globalObject->arrayJoinWatchpointSet().stateOnJSThread() != IsWatched)
return false;
Structure* structure = thisObject->structure(vm);
// This is the fast case. Many arrays will be an original array.
// We are doing very simple check here. If we do more complicated checks like looking into getDirect "join" of thisObject,
// it would be possible that just looking into "join" function will show the same performance.
return globalObject->isOriginalArrayStructure(structure);
}
EncodedJSValue JSC_HOST_CALL arrayProtoFuncToString(JSGlobalObject* globalObject, CallFrame* callFrame)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
JSValue thisValue = callFrame->thisValue().toThis(globalObject, StrictMode);
// 1. Let array be the result of calling ToObject on the this value.
JSObject* thisObject = thisValue.toObject(globalObject);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (!canUseDefaultArrayJoinForToString(vm, thisObject)) {
// 2. Let func be the result of calling the [[Get]] internal method of array with argument "join".
JSValue function = JSValue(thisObject).get(globalObject, vm.propertyNames->join);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
// 3. If IsCallable(func) is false, then let func be the standard built-in method Object.prototype.toString (15.2.4.2).
bool customJoinCase = false;
if (!function.isCell())
customJoinCase = true;
CallData callData;
CallType callType = getCallData(vm, function, callData);
if (callType == CallType::None)
customJoinCase = true;
if (UNLIKELY(customJoinCase))
RELEASE_AND_RETURN(scope, JSValue::encode(jsMakeNontrivialString(globalObject, "[object ", thisObject->methodTable(vm)->className(thisObject, vm), "]")));
// 4. Return the result of calling the [[Call]] internal method of func providing array as the this value and an empty arguments list.
if (!isJSArray(thisObject) || callType != CallType::Host || callData.native.function != arrayProtoFuncJoin)
RELEASE_AND_RETURN(scope, JSValue::encode(call(globalObject, function, callType, callData, thisObject, *vm.emptyList)));
}
ASSERT(isJSArray(thisValue));
JSArray* thisArray = asArray(thisValue);
unsigned length = thisArray->length();
StringRecursionChecker checker(globalObject, thisArray);
EXCEPTION_ASSERT(!scope.exception() || checker.earlyReturnValue());
if (JSValue earlyReturnValue = checker.earlyReturnValue())
return JSValue::encode(earlyReturnValue);
if (LIKELY(canUseFastJoin(thisArray))) {
const LChar comma = ',';
scope.release();
bool isCoW = isCopyOnWrite(thisArray->indexingMode());
JSImmutableButterfly* immutableButterfly = nullptr;
if (isCoW) {
immutableButterfly = JSImmutableButterfly::fromButterfly(thisArray->butterfly());
auto iter = vm.heap.immutableButterflyToStringCache.find(immutableButterfly);
if (iter != vm.heap.immutableButterflyToStringCache.end())
return JSValue::encode(iter->value);
}
bool sawHoles = false;
JSValue result = fastJoin(globalObject, thisArray, { &comma, 1 }, length, &sawHoles);
if (!sawHoles && result && isJSString(result) && isCoW) {
ASSERT(JSImmutableButterfly::fromButterfly(thisArray->butterfly()) == immutableButterfly);
vm.heap.immutableButterflyToStringCache.add(immutableButterfly, jsCast<JSString*>(result));
}
return JSValue::encode(result);
}
JSStringJoiner joiner(globalObject, ',', length);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
for (unsigned i = 0; i < length; ++i) {
JSValue element = thisArray->tryGetIndexQuickly(i);
if (!element) {
element = thisArray->get(globalObject, i);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
joiner.append(globalObject, element);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
RELEASE_AND_RETURN(scope, JSValue::encode(joiner.join(globalObject)));
}
EncodedJSValue JSC_HOST_CALL arrayProtoFuncToLocaleString(JSGlobalObject* globalObject, CallFrame* callFrame)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
JSValue thisValue = callFrame->thisValue().toThis(globalObject, StrictMode);
JSObject* thisObject = thisValue.toObject(globalObject);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
unsigned length = toLength(globalObject, thisObject);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
StringRecursionChecker checker(globalObject, thisObject);
EXCEPTION_ASSERT(!scope.exception() || checker.earlyReturnValue());
if (JSValue earlyReturnValue = checker.earlyReturnValue())
return JSValue::encode(earlyReturnValue);
JSStringJoiner stringJoiner(globalObject, ',', length);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
#if ENABLE(INTL)
ArgList arguments(callFrame);
#endif
for (unsigned i = 0; i < length; ++i) {
JSValue element = thisObject->getIndex(globalObject, i);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (element.isUndefinedOrNull())
element = jsEmptyString(vm);
else {
JSValue conversionFunction = element.get(globalObject, vm.propertyNames->toLocaleString);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
CallData callData;
CallType callType = getCallData(vm, conversionFunction, callData);
if (callType != CallType::None) {
#if ENABLE(INTL)
element = call(globalObject, conversionFunction, callType, callData, element, arguments);
#else
element = call(globalObject, conversionFunction, callType, callData, element, *vm.emptyList);
#endif
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
}
stringJoiner.append(globalObject, element);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
RELEASE_AND_RETURN(scope, JSValue::encode(stringJoiner.join(globalObject)));
}
static JSValue slowJoin(JSGlobalObject* globalObject, JSObject* thisObject, JSString* separator, uint64_t length)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
// 5. If len is zero, return the empty String.
if (!length)
return jsEmptyString(vm);
// 6. Let element0 be Get(O, "0").
JSValue element0 = thisObject->getIndex(globalObject, 0);
RETURN_IF_EXCEPTION(scope, { });
// 7. If element0 is undefined or null, let R be the empty String; otherwise, let R be ? ToString(element0).
JSString* r = nullptr;
if (element0.isUndefinedOrNull())
r = jsEmptyString(vm);
else
r = element0.toString(globalObject);
RETURN_IF_EXCEPTION(scope, { });
// 8. Let k be 1.
// 9. Repeat, while k < len
// 9.e Increase k by 1..
for (uint64_t k = 1; k < length; ++k) {
// b. Let element be ? Get(O, ! ToString(k)).
JSValue element = thisObject->get(globalObject, Identifier::fromString(vm, AtomString::number(k)));
RETURN_IF_EXCEPTION(scope, { });
// c. If element is undefined or null, let next be the empty String; otherwise, let next be ? ToString(element).
JSString* next = nullptr;
if (element.isUndefinedOrNull()) {
if (!separator->length())
continue;
next = jsEmptyString(vm);
} else
next = element.toString(globalObject);
RETURN_IF_EXCEPTION(scope, { });
// a. Let S be the String value produced by concatenating R and sep.
// d. Let R be a String value produced by concatenating S and next.
r = jsString(globalObject, r, separator, next);
RETURN_IF_EXCEPTION(scope, { });
}
// 10. Return R.
return r;
}
EncodedJSValue JSC_HOST_CALL arrayProtoFuncJoin(JSGlobalObject* globalObject, CallFrame* callFrame)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
// 1. Let O be ? ToObject(this value).
JSObject* thisObject = callFrame->thisValue().toThis(globalObject, StrictMode).toObject(globalObject);
EXCEPTION_ASSERT(!!scope.exception() == !thisObject);
if (UNLIKELY(!thisObject))
return encodedJSValue();
StringRecursionChecker checker(globalObject, thisObject);
EXCEPTION_ASSERT(!scope.exception() || checker.earlyReturnValue());
if (JSValue earlyReturnValue = checker.earlyReturnValue())
return JSValue::encode(earlyReturnValue);
// 2. Let len be ? ToLength(? Get(O, "length")).
double length = toLength(globalObject, thisObject);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
// 3. If separator is undefined, let separator be the single-element String ",".
JSValue separatorValue = callFrame->argument(0);
if (separatorValue.isUndefined()) {
const LChar comma = ',';
if (UNLIKELY(length > std::numeric_limits<unsigned>::max() || !canUseFastJoin(thisObject))) {
uint64_t length64 = static_cast<uint64_t>(length);
ASSERT(static_cast<double>(length64) == length);
JSString* jsSeparator = jsSingleCharacterString(vm, comma);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
RELEASE_AND_RETURN(scope, JSValue::encode(slowJoin(globalObject, thisObject, jsSeparator, length64)));
}
unsigned unsignedLength = static_cast<unsigned>(length);
ASSERT(static_cast<double>(unsignedLength) == length);
RELEASE_AND_RETURN(scope, JSValue::encode(fastJoin(globalObject, thisObject, { &comma, 1 }, unsignedLength)));
}
// 4. Let sep be ? ToString(separator).
JSString* jsSeparator = separatorValue.toString(globalObject);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (UNLIKELY(length > std::numeric_limits<unsigned>::max() || !canUseFastJoin(thisObject))) {
uint64_t length64 = static_cast<uint64_t>(length);
ASSERT(static_cast<double>(length64) == length);
RELEASE_AND_RETURN(scope, JSValue::encode(slowJoin(globalObject, thisObject, jsSeparator, length64)));
}
auto viewWithString = jsSeparator->viewWithUnderlyingString(globalObject);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
RELEASE_AND_RETURN(scope, JSValue::encode(fastJoin(globalObject, thisObject, viewWithString.view, length)));
}
EncodedJSValue JSC_HOST_CALL arrayProtoFuncPop(JSGlobalObject* globalObject, CallFrame* callFrame)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
JSValue thisValue = callFrame->thisValue().toThis(globalObject, StrictMode);
if (isJSArray(thisValue))
RELEASE_AND_RETURN(scope, JSValue::encode(asArray(thisValue)->pop(globalObject)));
JSObject* thisObj = thisValue.toObject(globalObject);
EXCEPTION_ASSERT(!!scope.exception() == !thisObj);
if (UNLIKELY(!thisObj))
return encodedJSValue();
unsigned length = toLength(globalObject, thisObj);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (length == 0) {
scope.release();
putLength(globalObject, vm, thisObj, jsNumber(length));
return JSValue::encode(jsUndefined());
}
JSValue result = thisObj->get(globalObject, length - 1);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
bool success = thisObj->methodTable(vm)->deletePropertyByIndex(thisObj, globalObject, length - 1);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (UNLIKELY(!success)) {
throwTypeError(globalObject, scope, UnableToDeletePropertyError);
return encodedJSValue();
}
scope.release();
putLength(globalObject, vm, thisObj, jsNumber(length - 1));
return JSValue::encode(result);
}
EncodedJSValue JSC_HOST_CALL arrayProtoFuncPush(JSGlobalObject* globalObject, CallFrame* callFrame)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
JSValue thisValue = callFrame->thisValue().toThis(globalObject, StrictMode);
if (LIKELY(isJSArray(thisValue) && callFrame->argumentCount() == 1)) {
JSArray* array = asArray(thisValue);
scope.release();
array->pushInline(globalObject, callFrame->uncheckedArgument(0));
return JSValue::encode(jsNumber(array->length()));
}
JSObject* thisObj = thisValue.toObject(globalObject);
EXCEPTION_ASSERT(!!scope.exception() == !thisObj);
if (UNLIKELY(!thisObj))
return encodedJSValue();
unsigned length = toLength(globalObject, thisObj);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
for (unsigned n = 0; n < callFrame->argumentCount(); n++) {
// Check for integer overflow; where safe we can do a fast put by index.
if (length + n >= length)
thisObj->methodTable(vm)->putByIndex(thisObj, globalObject, length + n, callFrame->uncheckedArgument(n), true);
else {
PutPropertySlot slot(thisObj);
Identifier propertyName = Identifier::fromString(vm, JSValue(static_cast<int64_t>(length) + static_cast<int64_t>(n)).toWTFString(globalObject));
thisObj->methodTable(vm)->put(thisObj, globalObject, propertyName, callFrame->uncheckedArgument(n), slot);
}
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
JSValue newLength(static_cast<int64_t>(length) + static_cast<int64_t>(callFrame->argumentCount()));
scope.release();
putLength(globalObject, vm, thisObj, newLength);
return JSValue::encode(newLength);
}
EncodedJSValue JSC_HOST_CALL arrayProtoFuncReverse(JSGlobalObject* globalObject, CallFrame* callFrame)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
JSObject* thisObject = callFrame->thisValue().toThis(globalObject, StrictMode).toObject(globalObject);
EXCEPTION_ASSERT(!!scope.exception() == !thisObject);
if (UNLIKELY(!thisObject))
return encodedJSValue();
unsigned length = toLength(globalObject, thisObject);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
thisObject->ensureWritable(vm);
switch (thisObject->indexingType()) {
case ALL_CONTIGUOUS_INDEXING_TYPES:
case ALL_INT32_INDEXING_TYPES: {
auto& butterfly = *thisObject->butterfly();
if (length > butterfly.publicLength())
break;
auto data = butterfly.contiguous().data();
if (containsHole(data, length) && holesMustForwardToPrototype(vm, thisObject))
break;
std::reverse(data, data + length);
if (!hasInt32(thisObject->indexingType()))
vm.heap.writeBarrier(thisObject);
return JSValue::encode(thisObject);
}
case ALL_DOUBLE_INDEXING_TYPES: {
auto& butterfly = *thisObject->butterfly();
if (length > butterfly.publicLength())
break;
auto data = butterfly.contiguousDouble().data();
if (containsHole(data, length) && holesMustForwardToPrototype(vm, thisObject))
break;
std::reverse(data, data + length);
return JSValue::encode(thisObject);
}
case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
auto& storage = *thisObject->butterfly()->arrayStorage();
if (length > storage.vectorLength())
break;
if (storage.hasHoles() && holesMustForwardToPrototype(vm, thisObject))
break;
auto data = storage.vector().data();
std::reverse(data, data + length);
vm.heap.writeBarrier(thisObject);
return JSValue::encode(thisObject);
}
}
unsigned middle = length / 2;
for (unsigned lower = 0; lower < middle; lower++) {
unsigned upper = length - lower - 1;
bool lowerExists = thisObject->hasProperty(globalObject, lower);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
JSValue lowerValue;
if (lowerExists) {
lowerValue = thisObject->get(globalObject, lower);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
bool upperExists = thisObject->hasProperty(globalObject, upper);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
JSValue upperValue;
if (upperExists) {
upperValue = thisObject->get(globalObject, upper);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
if (upperExists) {
thisObject->putByIndexInline(globalObject, lower, upperValue, true);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
} else {
bool success = thisObject->methodTable(vm)->deletePropertyByIndex(thisObject, globalObject, lower);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (UNLIKELY(!success)) {
throwTypeError(globalObject, scope, UnableToDeletePropertyError);
return encodedJSValue();
}
}
if (lowerExists) {
thisObject->putByIndexInline(globalObject, upper, lowerValue, true);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
} else {
bool success = thisObject->methodTable(vm)->deletePropertyByIndex(thisObject, globalObject, upper);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (UNLIKELY(!success)) {
throwTypeError(globalObject, scope, UnableToDeletePropertyError);
return encodedJSValue();
}
}
}
return JSValue::encode(thisObject);
}
EncodedJSValue JSC_HOST_CALL arrayProtoFuncShift(JSGlobalObject* globalObject, CallFrame* callFrame)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
JSObject* thisObj = callFrame->thisValue().toThis(globalObject, StrictMode).toObject(globalObject);
EXCEPTION_ASSERT(!!scope.exception() == !thisObj);
if (UNLIKELY(!thisObj))
return encodedJSValue();
unsigned length = toLength(globalObject, thisObj);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (length == 0) {
scope.release();
putLength(globalObject, vm, thisObj, jsNumber(length));
return JSValue::encode(jsUndefined());
}
JSValue result = thisObj->getIndex(globalObject, 0);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
shift<JSArray::ShiftCountForShift>(globalObject, thisObj, 0, 1, 0, length);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
scope.release();
putLength(globalObject, vm, thisObj, jsNumber(length - 1));
return JSValue::encode(result);
}
EncodedJSValue JSC_HOST_CALL arrayProtoFuncSlice(JSGlobalObject* globalObject, CallFrame* callFrame)
{
// https://tc39.github.io/ecma262/#sec-array.prototype.slice
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
JSObject* thisObj = callFrame->thisValue().toThis(globalObject, StrictMode).toObject(globalObject);
EXCEPTION_ASSERT(!!scope.exception() == !thisObj);
if (UNLIKELY(!thisObj))
return { };
unsigned length = toLength(globalObject, thisObj);
RETURN_IF_EXCEPTION(scope, { });
unsigned begin = argumentClampedIndexFromStartOrEnd(globalObject, callFrame->argument(0), length);
RETURN_IF_EXCEPTION(scope, { });
unsigned end = argumentClampedIndexFromStartOrEnd(globalObject, callFrame->argument(1), length, length);
RETURN_IF_EXCEPTION(scope, { });
if (end < begin)
end = begin;
std::pair<SpeciesConstructResult, JSObject*> speciesResult = speciesConstructArray(globalObject, thisObj, end - begin);
// We can only get an exception if we call some user function.
EXCEPTION_ASSERT(!!scope.exception() == (speciesResult.first == SpeciesConstructResult::Exception));
if (UNLIKELY(speciesResult.first == SpeciesConstructResult::Exception))
return { };
bool okToDoFastPath = speciesResult.first == SpeciesConstructResult::FastPath && isJSArray(thisObj) && length == toLength(globalObject, thisObj);
RETURN_IF_EXCEPTION(scope, { });
if (LIKELY(okToDoFastPath)) {
if (JSArray* result = asArray(thisObj)->fastSlice(globalObject, begin, end - begin))
return JSValue::encode(result);
}
JSObject* result;
if (speciesResult.first == SpeciesConstructResult::CreatedObject)
result = speciesResult.second;
else {
result = constructEmptyArray(globalObject, nullptr, end - begin);
RETURN_IF_EXCEPTION(scope, { });
}
// Document that we need to keep the source array alive until after anything
// that can GC (e.g. allocating the result array).
thisObj->use();
unsigned n = 0;
for (unsigned k = begin; k < end; k++, n++) {
JSValue v = getProperty(globalObject, thisObj, k);
RETURN_IF_EXCEPTION(scope, { });
if (v) {
result->putDirectIndex(globalObject, n, v, 0, PutDirectIndexShouldThrow);
RETURN_IF_EXCEPTION(scope, { });
}
}
scope.release();
setLength(globalObject, vm, result, n);
return JSValue::encode(result);
}
EncodedJSValue JSC_HOST_CALL arrayProtoFuncSplice(JSGlobalObject* globalObject, CallFrame* callFrame)
{
// 15.4.4.12
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
JSObject* thisObj = callFrame->thisValue().toThis(globalObject, StrictMode).toObject(globalObject);
EXCEPTION_ASSERT(!!scope.exception() == !thisObj);
if (UNLIKELY(!thisObj))
return encodedJSValue();
unsigned length = toLength(globalObject, thisObj);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (!callFrame->argumentCount()) {
std::pair<SpeciesConstructResult, JSObject*> speciesResult = speciesConstructArray(globalObject, thisObj, 0);
EXCEPTION_ASSERT(!!scope.exception() == (speciesResult.first == SpeciesConstructResult::Exception));
if (UNLIKELY(speciesResult.first == SpeciesConstructResult::Exception))
return encodedJSValue();
JSObject* result;
if (speciesResult.first == SpeciesConstructResult::CreatedObject)
result = speciesResult.second;
else {
result = constructEmptyArray(globalObject, nullptr);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
setLength(globalObject, vm, result, 0);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
scope.release();
setLength(globalObject, vm, thisObj, length);
return JSValue::encode(result);
}
unsigned actualStart = argumentClampedIndexFromStartOrEnd(globalObject, callFrame->argument(0), length);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
unsigned actualDeleteCount = length - actualStart;
if (callFrame->argumentCount() > 1) {
double deleteCount = callFrame->uncheckedArgument(1).toInteger(globalObject);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (deleteCount < 0)
actualDeleteCount = 0;
else if (deleteCount > length - actualStart)
actualDeleteCount = length - actualStart;
else
actualDeleteCount = static_cast<unsigned>(deleteCount);
}
std::pair<SpeciesConstructResult, JSObject*> speciesResult = speciesConstructArray(globalObject, thisObj, actualDeleteCount);
EXCEPTION_ASSERT(!!scope.exception() == (speciesResult.first == SpeciesConstructResult::Exception));
if (speciesResult.first == SpeciesConstructResult::Exception)
return JSValue::encode(jsUndefined());
JSObject* result = nullptr;
bool okToDoFastPath = speciesResult.first == SpeciesConstructResult::FastPath && isJSArray(thisObj) && length == toLength(globalObject, thisObj);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (LIKELY(okToDoFastPath))
result = asArray(thisObj)->fastSlice(globalObject, actualStart, actualDeleteCount);
if (!result) {
if (speciesResult.first == SpeciesConstructResult::CreatedObject)
result = speciesResult.second;
else {
result = JSArray::tryCreate(vm, globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithUndecided), actualDeleteCount);
if (UNLIKELY(!result)) {
throwOutOfMemoryError(globalObject, scope);
return encodedJSValue();
}
}
for (unsigned k = 0; k < actualDeleteCount; ++k) {
JSValue v = getProperty(globalObject, thisObj, k + actualStart);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (UNLIKELY(!v))
continue;
result->putDirectIndex(globalObject, k, v, 0, PutDirectIndexShouldThrow);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
}
unsigned itemCount = std::max<int>(callFrame->argumentCount() - 2, 0);
if (itemCount < actualDeleteCount) {
shift<JSArray::ShiftCountForSplice>(globalObject, thisObj, actualStart, actualDeleteCount, itemCount, length);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
} else if (itemCount > actualDeleteCount) {
unshift<JSArray::ShiftCountForSplice>(globalObject, thisObj, actualStart, actualDeleteCount, itemCount, length);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
for (unsigned k = 0; k < itemCount; ++k) {
thisObj->putByIndexInline(globalObject, k + actualStart, callFrame->uncheckedArgument(k + 2), true);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
scope.release();
setLength(globalObject, vm, thisObj, length - actualDeleteCount + itemCount);
return JSValue::encode(result);
}
EncodedJSValue JSC_HOST_CALL arrayProtoFuncUnShift(JSGlobalObject* globalObject, CallFrame* callFrame)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
// 15.4.4.13
JSObject* thisObj = callFrame->thisValue().toThis(globalObject, StrictMode).toObject(globalObject);
EXCEPTION_ASSERT(!!scope.exception() == !thisObj);
if (UNLIKELY(!thisObj))
return encodedJSValue();
double doubleLength = toLength(globalObject, thisObj);
unsigned length = doubleLength;
RETURN_IF_EXCEPTION(scope, encodedJSValue());
unsigned nrArgs = callFrame->argumentCount();
if (nrArgs) {
if (UNLIKELY(doubleLength + static_cast<double>(nrArgs) > maxSafeInteger()))
return throwVMTypeError(globalObject, scope, "Cannot shift to offset greater than (2 ** 53) - 1"_s);
unshift<JSArray::ShiftCountForShift>(globalObject, thisObj, 0, 0, nrArgs, length);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
for (unsigned k = 0; k < nrArgs; ++k) {
thisObj->putByIndexInline(globalObject, k, callFrame->uncheckedArgument(k), true);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
JSValue result = jsNumber(length + nrArgs);
scope.release();
putLength(globalObject, vm, thisObj, result);
return JSValue::encode(result);
}
enum class IndexOfDirection { Forward, Backward };
template<IndexOfDirection direction>
ALWAYS_INLINE JSValue fastIndexOf(JSGlobalObject* globalObject, VM& vm, JSArray* array, unsigned length, JSValue searchElement, unsigned index)
{
auto scope = DECLARE_THROW_SCOPE(vm);
bool canDoFastPath = array->canDoFastIndexedAccess(vm)
&& array->getArrayLength() == length; // The effects in getting `index` could have changed the length of this array.
if (!canDoFastPath)
return JSValue();
switch (array->indexingType()) {
case ALL_INT32_INDEXING_TYPES: {
if (!searchElement.isNumber())
return jsNumber(-1);
JSValue searchInt32;
if (searchElement.isInt32())
searchInt32 = searchElement;
else {
double searchNumber = searchElement.asNumber();
if (!canBeInt32(searchNumber))
return jsNumber(-1);
searchInt32 = jsNumber(static_cast<int32_t>(searchNumber));
}
auto& butterfly = *array->butterfly();
auto data = butterfly.contiguous().data();
if (direction == IndexOfDirection::Forward) {
for (; index < length; ++index) {
// Array#indexOf uses `===` semantics (not HashMap isEqual semantics).
// And the hole never matches against Int32 value.
if (searchInt32 == data[index].get())
return jsNumber(index);
}
} else {
do {
ASSERT(index < length);
// Array#lastIndexOf uses `===` semantics (not HashMap isEqual semantics).
// And the hole never matches against Int32 value.
if (searchInt32 == data[index].get())
return jsNumber(index);
} while (index--);
}
return jsNumber(-1);
}
case ALL_CONTIGUOUS_INDEXING_TYPES: {
auto& butterfly = *array->butterfly();
auto data = butterfly.contiguous().data();
if (direction == IndexOfDirection::Forward) {
for (; index < length; ++index) {
JSValue value = data[index].get();
if (!value)
continue;
bool isEqual = JSValue::strictEqual(globalObject, searchElement, value);
RETURN_IF_EXCEPTION(scope, { });
if (isEqual)
return jsNumber(index);
}
} else {
do {
ASSERT(index < length);
JSValue value = data[index].get();
if (!value)
continue;
bool isEqual = JSValue::strictEqual(globalObject, searchElement, value);
RETURN_IF_EXCEPTION(scope, { });
if (isEqual)
return jsNumber(index);
} while (index--);
}
return jsNumber(-1);
}
case ALL_DOUBLE_INDEXING_TYPES: {
if (!searchElement.isNumber())
return jsNumber(-1);
double searchNumber = searchElement.asNumber();
auto& butterfly = *array->butterfly();
auto data = butterfly.contiguousDouble().data();
if (direction == IndexOfDirection::Forward) {
for (; index < length; ++index) {
// Array#indexOf uses `===` semantics (not HashMap isEqual semantics).
// And the hole never matches since it is NaN.
if (data[index] == searchNumber)
return jsNumber(index);
}
} else {
do {
ASSERT(index < length);
// Array#lastIndexOf uses `===` semantics (not HashMap isEqual semantics).
// And the hole never matches since it is NaN.
if (data[index] == searchNumber)
return jsNumber(index);
} while (index--);
}
return jsNumber(-1);
}
default:
return JSValue();
}
}
EncodedJSValue JSC_HOST_CALL arrayProtoFuncIndexOf(JSGlobalObject* globalObject, CallFrame* callFrame)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
// 15.4.4.14
JSObject* thisObject = callFrame->thisValue().toThis(globalObject, StrictMode).toObject(globalObject);
EXCEPTION_ASSERT(!!scope.exception() == !thisObject);
if (UNLIKELY(!thisObject))
return { };
unsigned length = toLength(globalObject, thisObject);
RETURN_IF_EXCEPTION(scope, { });
unsigned index = argumentClampedIndexFromStartOrEnd(globalObject, callFrame->argument(1), length);
RETURN_IF_EXCEPTION(scope, { });
JSValue searchElement = callFrame->argument(0);
if (isJSArray(thisObject)) {
JSValue result = fastIndexOf<IndexOfDirection::Forward>(globalObject, vm, asArray(thisObject), length, searchElement, index);
RETURN_IF_EXCEPTION(scope, { });
if (result)
return JSValue::encode(result);
}
for (; index < length; ++index) {
JSValue e = getProperty(globalObject, thisObject, index);
RETURN_IF_EXCEPTION(scope, { });
if (!e)
continue;
bool isEqual = JSValue::strictEqual(globalObject, searchElement, e);
RETURN_IF_EXCEPTION(scope, { });
if (isEqual)
return JSValue::encode(jsNumber(index));
}
return JSValue::encode(jsNumber(-1));
}
EncodedJSValue JSC_HOST_CALL arrayProtoFuncLastIndexOf(JSGlobalObject* globalObject, CallFrame* callFrame)
{
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
// 15.4.4.15
JSObject* thisObject = callFrame->thisValue().toThis(globalObject, StrictMode).toObject(globalObject);
EXCEPTION_ASSERT(!!scope.exception() == !thisObject);
if (UNLIKELY(!thisObject))
return { };
unsigned length = toLength(globalObject, thisObject);
if (UNLIKELY(scope.exception()) || !length)
return JSValue::encode(jsNumber(-1));
unsigned index = length - 1;
if (callFrame->argumentCount() >= 2) {
JSValue fromValue = callFrame->uncheckedArgument(1);
double fromDouble = fromValue.toInteger(globalObject);
RETURN_IF_EXCEPTION(scope, { });
if (fromDouble < 0) {
fromDouble += length;
if (fromDouble < 0)
return JSValue::encode(jsNumber(-1));
}
if (fromDouble < length)
index = static_cast<unsigned>(fromDouble);
}
JSValue searchElement = callFrame->argument(0);
if (isJSArray(thisObject)) {
JSValue result = fastIndexOf<IndexOfDirection::Backward>(globalObject, vm, asArray(thisObject), length, searchElement, index);
RETURN_IF_EXCEPTION(scope, { });
if (result)
return JSValue::encode(result);
}
do {
ASSERT(index < length);
JSValue e = getProperty(globalObject, thisObject, index);
RETURN_IF_EXCEPTION(scope, { });
if (!e)
continue;
bool isEqual = JSValue::strictEqual(globalObject, searchElement, e);
RETURN_IF_EXCEPTION(scope, { });
if (isEqual)
return JSValue::encode(jsNumber(index));
} while (index--);
return JSValue::encode(jsNumber(-1));
}
static bool moveElements(JSGlobalObject* globalObject, VM& vm, JSArray* target, unsigned targetOffset, JSArray* source, unsigned sourceLength)
{
auto scope = DECLARE_THROW_SCOPE(vm);
if (LIKELY(!hasAnyArrayStorage(source->indexingType()) && !holesMustForwardToPrototype(vm, source))) {
for (unsigned i = 0; i < sourceLength; ++i) {
JSValue value = source->tryGetIndexQuickly(i);
if (value) {
target->putDirectIndex(globalObject, targetOffset + i, value, 0, PutDirectIndexShouldThrow);
RETURN_IF_EXCEPTION(scope, false);
}
}
} else {
for (unsigned i = 0; i < sourceLength; ++i) {
JSValue value = getProperty(globalObject, source, i);
RETURN_IF_EXCEPTION(scope, false);
if (value) {
target->putDirectIndex(globalObject, targetOffset + i, value, 0, PutDirectIndexShouldThrow);
RETURN_IF_EXCEPTION(scope, false);
}
}
}
return true;
}
static EncodedJSValue concatAppendOne(JSGlobalObject* globalObject, VM& vm, JSArray* first, JSValue second)
{
auto scope = DECLARE_THROW_SCOPE(vm);
ASSERT(!isJSArray(second));
ASSERT(!shouldUseSlowPut(first->indexingType()));
Butterfly* firstButterfly = first->butterfly();
unsigned firstArraySize = firstButterfly->publicLength();
Checked<unsigned, RecordOverflow> checkedResultSize = firstArraySize;
checkedResultSize += 1;
if (UNLIKELY(checkedResultSize.hasOverflowed())) {
throwOutOfMemoryError(globalObject, scope);
return encodedJSValue();
}
unsigned resultSize = checkedResultSize.unsafeGet();
IndexingType type = first->mergeIndexingTypeForCopying(indexingTypeForValue(second) | IsArray);
if (type == NonArray)
type = first->indexingType();
Structure* resultStructure = globalObject->arrayStructureForIndexingTypeDuringAllocation(type);
JSArray* result = JSArray::tryCreate(vm, resultStructure, resultSize);
if (UNLIKELY(!result)) {
throwOutOfMemoryError(globalObject, scope);
return encodedJSValue();
}
bool success = result->appendMemcpy(globalObject, vm, 0, first);
EXCEPTION_ASSERT(!scope.exception() || !success);
if (!success) {
RETURN_IF_EXCEPTION(scope, encodedJSValue());
bool success = moveElements(globalObject, vm, result, 0, first, firstArraySize);
EXCEPTION_ASSERT(!scope.exception() == success);
if (UNLIKELY(!success))
return encodedJSValue();
}
scope.release();
result->putDirectIndex(globalObject, firstArraySize, second);
return JSValue::encode(result);
}
template<typename T>
void clearElement(T& element)
{
element.clear();
}
template<>
void clearElement(double& element)
{
element = PNaN;
}
template<typename T>
ALWAYS_INLINE void copyElements(T* buffer, unsigned offset, T* source, unsigned sourceSize, IndexingType sourceType)
{
if (sourceType != ArrayWithUndecided) {
gcSafeMemcpy(buffer + offset, source, sizeof(JSValue) * sourceSize);
return;
}
for (unsigned i = sourceSize; i--;)
clearElement<T>(buffer[i + offset]);
};
EncodedJSValue JSC_HOST_CALL arrayProtoPrivateFuncConcatMemcpy(JSGlobalObject* globalObject, CallFrame* callFrame)
{
ASSERT(callFrame->argumentCount() == 2);
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
JSArray* firstArray = jsCast<JSArray*>(callFrame->uncheckedArgument(0));
// This code assumes that neither array has set Symbol.isConcatSpreadable. If the first array
// has indexed accessors then one of those accessors might change the value of Symbol.isConcatSpreadable
// on the second argument.
if (UNLIKELY(shouldUseSlowPut(firstArray->indexingType())))
return JSValue::encode(jsNull());
// We need to check the species constructor here since checking it in the JS wrapper is too expensive for the non-optimizing tiers.
bool isValid = speciesWatchpointIsValid(vm, firstArray);
scope.assertNoException();
if (UNLIKELY(!isValid))
return JSValue::encode(jsNull());
JSValue second = callFrame->uncheckedArgument(1);
if (!isJSArray(second))
RELEASE_AND_RETURN(scope, concatAppendOne(globalObject, vm, firstArray, second));
JSArray* secondArray = jsCast<JSArray*>(second);
Butterfly* firstButterfly = firstArray->butterfly();
Butterfly* secondButterfly = secondArray->butterfly();
unsigned firstArraySize = firstButterfly->publicLength();
unsigned secondArraySize = secondButterfly->publicLength();
Checked<unsigned, RecordOverflow> checkedResultSize = firstArraySize;
checkedResultSize += secondArraySize;
if (UNLIKELY(checkedResultSize.hasOverflowed())) {
throwOutOfMemoryError(globalObject, scope);
return encodedJSValue();
}
unsigned resultSize = checkedResultSize.unsafeGet();
IndexingType firstType = firstArray->indexingType();
IndexingType secondType = secondArray->indexingType();
IndexingType type = firstArray->mergeIndexingTypeForCopying(secondType);
if (type == NonArray || !firstArray->canFastCopy(vm, secondArray) || resultSize >= MIN_SPARSE_ARRAY_INDEX) {
JSArray* result = constructEmptyArray(globalObject, nullptr, resultSize);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
bool success = moveElements(globalObject, vm, result, 0, firstArray, firstArraySize);
EXCEPTION_ASSERT(!scope.exception() == success);
if (UNLIKELY(!success))
return encodedJSValue();
success = moveElements(globalObject, vm, result, firstArraySize, secondArray, secondArraySize);
EXCEPTION_ASSERT(!scope.exception() == success);
if (UNLIKELY(!success))
return encodedJSValue();
return JSValue::encode(result);
}
Structure* resultStructure = globalObject->arrayStructureForIndexingTypeDuringAllocation(type);
if (UNLIKELY(hasAnyArrayStorage(resultStructure->indexingType())))
return JSValue::encode(jsNull());
ASSERT(!globalObject->isHavingABadTime());
ObjectInitializationScope initializationScope(vm);
JSArray* result = JSArray::tryCreateUninitializedRestricted(initializationScope, resultStructure, resultSize);
if (UNLIKELY(!result)) {
throwOutOfMemoryError(globalObject, scope);
return encodedJSValue();
}
if (type == ArrayWithDouble) {
double* buffer = result->butterfly()->contiguousDouble().data();
copyElements(buffer, 0, firstButterfly->contiguousDouble().data(), firstArraySize, firstType);
copyElements(buffer, firstArraySize, secondButterfly->contiguousDouble().data(), secondArraySize, secondType);
} else if (type != ArrayWithUndecided) {
WriteBarrier<Unknown>* buffer = result->butterfly()->contiguous().data();
copyElements(buffer, 0, firstButterfly->contiguous().data(), firstArraySize, firstType);
copyElements(buffer, firstArraySize, secondButterfly->contiguous().data(), secondArraySize, secondType);
}
ASSERT(result->butterfly()->publicLength() == resultSize);
return JSValue::encode(result);
}
EncodedJSValue JSC_HOST_CALL arrayProtoPrivateFuncAppendMemcpy(JSGlobalObject* globalObject, CallFrame* callFrame)
{
ASSERT(callFrame->argumentCount() == 3);
VM& vm = globalObject->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
JSArray* resultArray = jsCast<JSArray*>(callFrame->uncheckedArgument(0));
JSArray* otherArray = jsCast<JSArray*>(callFrame->uncheckedArgument(1));
JSValue startValue = callFrame->uncheckedArgument(2);
ASSERT(startValue.isUInt32AsAnyInt());
unsigned startIndex = startValue.asUInt32AsAnyInt();
bool success = resultArray->appendMemcpy(globalObject, vm, startIndex, otherArray);
EXCEPTION_ASSERT(!scope.exception() || !success);
if (success)
return JSValue::encode(jsUndefined());
RETURN_IF_EXCEPTION(scope, encodedJSValue());
scope.release();
moveElements(globalObject, vm, resultArray, startIndex, otherArray, otherArray->length());
return JSValue::encode(jsUndefined());
}
} // namespace JSC