| blob | 93ad790f885e2f470c5382e0db666687d25d2243 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef vm_ArgumentsObject_h
8 #define vm_ArgumentsObject_h
26 // RareArgumentsData stores the deleted-elements bits for an arguments object.
27 // Because |delete arguments[i]| is uncommon, we allocate this data the first
28 // time an element is deleted.
30 // Pointer to an array of bits indicating, for every argument in
31 // [0, initialLength) whether the element has been deleted. See
32 // ArgumentsObject::isElementDeleted comment.
46 }
50 }
51 };
53 // ArgumentsData stores the initial indexed arguments provided to a function
54 // call. It is used to store arguments[i] -- up until the corresponding
55 // property is modified, when the relevant value is flagged to memorialize the
56 // modification.
58 /*
59 * numArgs = std::max(numFormalArgs, numActualArgs)
60 * The array 'args' has numArgs elements.
61 */
66 /*
67 * This array holds either the current argument value or the magic
68 * forwarding value. The latter means that the function has both a
69 * CallObject and an ArgumentsObject AND the particular formal variable is
70 * aliased by the CallObject. In such cases, the CallObject holds the
71 * canonical value so any element access to the arguments object should load
72 * the value out of the CallObject (which is pointed to by MAYBE_CALL_SLOT).
73 */
76 /* For jit use: */
79 /* Iterate args. */
87 }
88 };
90 // Maximum supported value of arguments.length. This bounds the
91 // maximum number of arguments that can be supplied to a spread call
92 // or Function.prototype.apply. This value also bounds the number of
93 // elements parsed in an array initializer. NB: keep this in sync
94 // with the copy in builtin/SelfHostingDefines.h.
97 // Maximum number of arguments supported in jitcode. This bounds the
98 // maximum number of arguments that can be supplied to a spread call
99 // or Function.prototype.apply without entering the VM. We limit the
100 // number of parameters we can handle to a number that does not risk
101 // us allocating too much stack, notably on Windows where there is a
102 // 4K guard page that has to be touched to extend the stack. The value
103 // "3000" is the size of the guard page minus an arbitrary, but large,
104 // safety margin. See bug 1351278.
110 /*
111 * [SMDOC] ArgumentsObject
112 *
113 * ArgumentsObject instances represent |arguments| objects created to store
114 * function arguments when a function is called. It's expensive to create such
115 * objects if they're never used, so they're only created when they are
116 * potentially used.
117 *
118 * Arguments objects are complicated because, for non-strict mode code, they
119 * must alias any named arguments which were provided to the function. Gnarly
120 * example:
121 *
122 * function f(a, b, c, d)
123 * {
124 * arguments[0] = "seta";
125 * assertEq(a, "seta");
126 * b = "setb";
127 * assertEq(arguments[1], "setb");
128 * c = "setc";
129 * assertEq(arguments[2], undefined);
130 * arguments[3] = "setd";
131 * assertEq(d, undefined);
132 * }
133 * f("arga", "argb");
134 *
135 * ES5's strict mode behaves more sanely, and named arguments don't alias
136 * elements of an arguments object.
137 *
138 * ArgumentsObject instances use the following reserved slots:
139 *
140 * INITIAL_LENGTH_SLOT
141 * Stores the initial value of arguments.length, plus a bit indicating
142 * whether arguments.length and/or arguments[@@iterator] have been
143 * modified. Use initialLength(), hasOverriddenLength(), and
144 * hasOverriddenIterator() to access these values. If arguments.length has
145 * been modified, then the current value of arguments.length is stored in
146 * another slot associated with a new property.
147 * DATA_SLOT
148 * Stores an ArgumentsData*, described above.
149 * MAYBE_CALL_SLOT
150 * Stores the CallObject, if the callee has aliased bindings. See
151 * the ArgumentsData::args comment.
152 * CALLEE_SLOT
153 * Stores the initial arguments.callee. This value can be overridden on
154 * mapped arguments objects, see hasOverriddenCallee.
155 */
174 // Our ability to inline functions that use |arguments| is limited by
175 // the number of registers available to represent Value operands to
176 // CreateInlinedArgumentsObject.
177 #if defined(JS_CODEGEN_X86)
179 #else
181 #endif
191 }
200 }
202 }
213 /* Create an arguments object for a frame that is expecting them. */
216 /*
217 * Purposefully disconnect the returned arguments object from the frame
218 * by always creating a new copy that does not alias formal parameters.
219 * This allows function-local analysis to determine that formals are
220 * not aliased and generally simplifies arguments objects.
221 */
225 AbstractFramePtr frame);
229 HandleObject scopeChain);
231 HandleFunction callee,
232 HandleObject scopeChain,
235 HandleValueArray argsArray,
236 HandleFunction callee,
237 HandleObject scopeChain,
247 /*
248 * Allocate ArgumentsData and fill reserved slots after allocating an
249 * ArgumentsObject in Ion code.
250 */
256 /*
257 * Allocate ArgumentsData for inlined arguments and fill reserved slots after
258 * allocating an ArgumentsObject in Ion code.
259 */
266 /*
267 * Return the initial length of the arguments. This may differ from the
268 * current value of arguments.length!
269 */
272 PACKED_BITS_COUNT;
275 }
277 // True iff arguments.length has been assigned or deleted.
281 }
287 }
289 // Create the default "length" property and set LENGTH_OVERRIDDEN_BIT.
292 // True iff arguments[@@iterator] has been assigned or deleted.
296 }
302 }
304 // Create the default @@iterator property and set ITERATOR_OVERRIDDEN_BIT.
307 /*
308 * Return the arguments iterator function.
309 */
312 // True iff any element has been assigned or deleted.
316 }
322 }
325 /*
326 * Because the arguments object is a real object, its elements may be
327 * deleted. This is implemented by setting a 'deleted' flag for the arg
328 * which is read by argument object resolve and getter/setter hooks.
329 *
330 * NB: an element, once deleted, stays deleted. Thus:
331 *
332 * function f(x) { delete arguments[0]; arguments[0] = 42; return x }
333 * assertEq(f(1), 1);
334 *
335 * This works because, once a property is deleted from an arguments object,
336 * it gets regular properties with regular getters/setters that don't alias
337 * ArgumentsData::args.
338 */
343 }
348 }
354 /*
355 * Return true iff the index is a valid element index for this arguments
356 * object.
357 *
358 * Returning true here doesn't imply that the element value can be read
359 * through |ArgumentsObject::element()|. For example unmapped arguments
360 * objects can have an element index property redefined without having marked
361 * the element as deleted. Instead use |maybeGetElement()| or manually check
362 * for |hasOverriddenElement()|.
363 */
366 }
368 /*
369 * An ArgumentsObject serves two roles:
370 * - a real object, accessed through regular object operations, e.g..,
371 * GetElement corresponding to 'arguments[i]';
372 * - a VM-internal data structure, storing the value of arguments (formal
373 * and actual) that are accessed directly by the VM when a reading the
374 * value of a formal parameter.
375 * There are two ways to access the ArgumentsData::args corresponding to
376 * these two use cases:
377 * - object access should use elements(i) which will take care of
378 * forwarding when the value is the magic forwarding value;
379 * - VM argument access should use arg(i) which will assert that the
380 * value is not the magic forwarding value (since, if such forwarding was
381 * needed, the frontend should have emitted JSOp::GetAliasedVar).
382 */
392 }
399 }
401 /*
402 * Test if an argument is forwarded, i.e. its actual value is stored in the
403 * CallObject and can't be directly read from |ArgumentsData::args|.
404 */
410 }
415 }
421 }
423 /*
424 * Attempt to speedily and efficiently access the i-th element of this
425 * arguments object. Return true if the element was speedily returned.
426 * Return false if the element must be looked up more slowly using
427 * getProperty or some similar method. The second overload copies the
428 * elements [start, start + count) into the locations starting at 'vp'.
429 *
430 * NB: Returning false does not indicate error!
431 */
435 }
438 }
442 /*
443 * Measures things hanging off this ArgumentsObject that are counted by the
444 * |miscSize| argument in JSObject::sizeOfExcludingThis().
445 */
449 }
451 }
456 }
462 /* For jit use: */
466 }
469 // When forwarding slots to a backing CallObject, the slot numbers are
470 // stored as uint32 magic values. This raises an ambiguity if we have
471 // also copied JS_OPTIMIZED_OUT magic from a JIT frame or
472 // JS_UNINITIALIZED_LEXICAL magic on the CallObject. To distinguish
473 // normal magic values (those with a JSWhyMagic) and uint32 magic
474 // values, we add the maximum JSWhyMagic value to the slot
475 // number. This is safe as ARGS_LENGTH_MAX is well below UINT32_MAX.
478 }
482 }
485 }
493 };
505 }
510 }
516 }
520 }
522 // Create the default "callee" property and set CALLEE_OVERRIDDEN_BIT.
532 };
545 };
548 MutableHandleValue vp);
554 MutableHandleValue vp);
564 }