We should have a CoW storage for NewArrayBuffer arrays.
[WebKit-https.git] / Source / JavaScriptCore / runtime / JSObject.h
1 /*
2  *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
3  *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
4  *  Copyright (C) 2003-2018 Apple Inc. All rights reserved.
5  *
6  *  This library is free software; you can redistribute it and/or
7  *  modify it under the terms of the GNU Library General Public
8  *  License as published by the Free Software Foundation; either
9  *  version 2 of the License, or (at your option) any later version.
10  *
11  *  This library is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  *  Library General Public License for more details.
15  *
16  *  You should have received a copy of the GNU Library General Public License
17  *  along with this library; see the file COPYING.LIB.  If not, write to
18  *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
19  *  Boston, MA 02110-1301, USA.
20  *
21  */
22
23 #pragma once
24
25 #include "ArrayConventions.h"
26 #include "ArrayStorage.h"
27 #include "Butterfly.h"
28 #include "CPU.h"
29 #include "CagedBarrierPtr.h"
30 #include "CallFrame.h"
31 #include "ClassInfo.h"
32 #include "CustomGetterSetter.h"
33 #include "DOMAttributeGetterSetter.h"
34 #include "Heap.h"
35 #include "IndexingHeaderInlines.h"
36 #include "JSCast.h"
37 #include "ObjectInitializationScope.h"
38 #include "PropertySlot.h"
39 #include "PropertyStorage.h"
40 #include "PutDirectIndexMode.h"
41 #include "PutPropertySlot.h"
42 #include "Structure.h"
43 #include "StructureTransitionTable.h"
44 #include "VM.h"
45 #include "JSString.h"
46 #include "SparseArrayValueMap.h"
47 #include <wtf/StdLibExtras.h>
48
49 namespace JSC {
50 namespace DOMJIT {
51 class Signature;
52 }
53
54 inline JSCell* getJSFunction(JSValue value)
55 {
56     if (value.isCell() && (value.asCell()->type() == JSFunctionType))
57         return value.asCell();
58     return 0;
59 }
60
61 class GetterSetter;
62 class InternalFunction;
63 class JSFunction;
64 class LLIntOffsetsExtractor;
65 class MarkedBlock;
66 class PropertyDescriptor;
67 class PropertyNameArray;
68 class Structure;
69 class ThrowScope;
70 struct HashTable;
71 struct HashTableValue;
72
73 JS_EXPORT_PRIVATE JSObject* throwTypeError(ExecState*, ThrowScope&, const String&);
74 extern JS_EXPORT_PRIVATE const char* const NonExtensibleObjectPropertyDefineError;
75 extern JS_EXPORT_PRIVATE const char* const ReadonlyPropertyWriteError;
76 extern JS_EXPORT_PRIVATE const char* const ReadonlyPropertyChangeError;
77 extern JS_EXPORT_PRIVATE const char* const UnableToDeletePropertyError;
78 extern JS_EXPORT_PRIVATE const char* const UnconfigurablePropertyChangeAccessMechanismError;
79 extern JS_EXPORT_PRIVATE const char* const UnconfigurablePropertyChangeConfigurabilityError;
80 extern JS_EXPORT_PRIVATE const char* const UnconfigurablePropertyChangeEnumerabilityError;
81 extern JS_EXPORT_PRIVATE const char* const UnconfigurablePropertyChangeWritabilityError;
82
83 COMPILE_ASSERT(PropertyAttribute::None < FirstInternalAttribute, None_is_below_FirstInternalAttribute);
84 COMPILE_ASSERT(PropertyAttribute::ReadOnly < FirstInternalAttribute, ReadOnly_is_below_FirstInternalAttribute);
85 COMPILE_ASSERT(PropertyAttribute::DontEnum < FirstInternalAttribute, DontEnum_is_below_FirstInternalAttribute);
86 COMPILE_ASSERT(PropertyAttribute::DontDelete < FirstInternalAttribute, DontDelete_is_below_FirstInternalAttribute);
87 COMPILE_ASSERT(PropertyAttribute::Accessor < FirstInternalAttribute, Accessor_is_below_FirstInternalAttribute);
88
89 class JSFinalObject;
90
91 class JSObject : public JSCell {
92     friend class BatchedTransitionOptimizer;
93     friend class JIT;
94     friend class JSCell;
95     friend class JSFinalObject;
96     friend class MarkedBlock;
97     JS_EXPORT_PRIVATE friend bool setUpStaticFunctionSlot(VM&, const HashTableValue*, JSObject*, PropertyName, PropertySlot&);
98
99     enum PutMode {
100         PutModePut,
101         PutModeDefineOwnProperty,
102     };
103
104 public:
105     typedef JSCell Base;
106
107     template<typename>
108     static CompleteSubspace* subspaceFor(VM& vm)
109     {
110         return &vm.cellJSValueOOBSpace;
111     }
112
113     // This is a super dangerous method for JITs. Sometimes the JITs will want to create either a
114     // JSFinalObject or a JSArray. This is the method that will do that.
115     static JSObject* createRawObject(ExecState* exec, Structure* structure, Butterfly* = nullptr);
116
117     JS_EXPORT_PRIVATE static size_t estimatedSize(JSCell*);
118     JS_EXPORT_PRIVATE static void visitChildren(JSCell*, SlotVisitor&);
119     JS_EXPORT_PRIVATE static void heapSnapshot(JSCell*, HeapSnapshotBuilder&);
120
121     JS_EXPORT_PRIVATE static String className(const JSObject*);
122     JS_EXPORT_PRIVATE static String calculatedClassName(JSObject*);
123
124     // This function is what Object.prototype.toString() will use to get the name of
125     // an object when using Symbol.toStringTag fails. For the most part there is no
126     // difference between this and className(). The main use case is for new JS language
127     // objects to set the default tag to "Object".
128     JS_EXPORT_PRIVATE static String toStringName(const JSObject*, ExecState*);
129
130     // This is the fully virtual [[GetPrototypeOf]] internal function defined
131     // in the ECMAScript 6 specification. Use this when doing a [[GetPrototypeOf]] 
132     // operation as dictated in the specification.
133     JSValue getPrototype(VM&, ExecState*);
134     JS_EXPORT_PRIVATE static JSValue getPrototype(JSObject*, ExecState*);
135     // This gets the prototype directly off of the structure. This does not do
136     // dynamic dispatch on the getPrototype method table method. It is not valid 
137     // to use this when performing a [[GetPrototypeOf]] operation in the specification.
138     // It is valid to use though when you know that you want to directly get it
139     // without consulting the method table. This is akin to getting the [[Prototype]]
140     // internal field directly as described in the specification.
141     JSValue getPrototypeDirect(VM&) const;
142
143     // This sets the prototype without checking for cycles and without
144     // doing dynamic dispatch on [[SetPrototypeOf]] operation in the specification.
145     // It is not valid to use this when performing a [[SetPrototypeOf]] operation in
146     // the specification. It is valid to use though when you know that you want to directly
147     // set it without consulting the method table and when you definitely won't
148     // introduce a cycle in the prototype chain. This is akin to setting the
149     // [[Prototype]] internal field directly as described in the specification.
150     JS_EXPORT_PRIVATE void setPrototypeDirect(VM&, JSValue prototype);
151 private:
152     // This is OrdinarySetPrototypeOf in the specification. Section 9.1.2.1
153     // https://tc39.github.io/ecma262/#sec-ordinarysetprototypeof
154     JS_EXPORT_PRIVATE bool setPrototypeWithCycleCheck(VM&, ExecState*, JSValue prototype, bool shouldThrowIfCantSet);
155 public:
156     // This is the fully virtual [[SetPrototypeOf]] internal function defined
157     // in the ECMAScript 6 specification. Use this when doing a [[SetPrototypeOf]] 
158     // operation as dictated in the specification.
159     bool setPrototype(VM&, ExecState*, JSValue prototype, bool shouldThrowIfCantSet = false);
160     JS_EXPORT_PRIVATE static bool setPrototype(JSObject*, ExecState*, JSValue prototype, bool shouldThrowIfCantSet);
161         
162     bool mayInterceptIndexedAccesses()
163     {
164         return structure()->mayInterceptIndexedAccesses();
165     }
166         
167     JSValue get(ExecState*, PropertyName) const;
168     JSValue get(ExecState*, unsigned propertyName) const;
169
170     bool getPropertySlot(ExecState*, PropertyName, PropertySlot&);
171     bool getPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
172     template<typename CallbackWhenNoException> typename std::result_of<CallbackWhenNoException(bool, PropertySlot&)>::type getPropertySlot(ExecState*, PropertyName, CallbackWhenNoException) const;
173     template<typename CallbackWhenNoException> typename std::result_of<CallbackWhenNoException(bool, PropertySlot&)>::type getPropertySlot(ExecState*, PropertyName, PropertySlot&, CallbackWhenNoException) const;
174
175     static bool getOwnPropertySlot(JSObject*, ExecState*, PropertyName, PropertySlot&);
176     JS_EXPORT_PRIVATE static bool getOwnPropertySlotByIndex(JSObject*, ExecState*, unsigned propertyName, PropertySlot&);
177     bool getOwnPropertySlotInline(ExecState*, PropertyName, PropertySlot&);
178
179     // The key difference between this and getOwnPropertySlot is that getOwnPropertySlot
180     // currently returns incorrect results for the DOM window (with non-own properties)
181     // being returned. Once this is fixed we should migrate code & remove this method.
182     JS_EXPORT_PRIVATE bool getOwnPropertyDescriptor(ExecState*, PropertyName, PropertyDescriptor&);
183
184     unsigned getArrayLength() const
185     {
186         if (!hasIndexedProperties(indexingType()))
187             return 0;
188         return m_butterfly->publicLength();
189     }
190         
191     unsigned getVectorLength()
192     {
193         if (!hasIndexedProperties(indexingType()))
194             return 0;
195         return m_butterfly->vectorLength();
196     }
197     
198     static bool putInlineForJSObject(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&);
199     
200     JS_EXPORT_PRIVATE static bool put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&);
201     // putByIndex assumes that the receiver is this JSCell object.
202     JS_EXPORT_PRIVATE static bool putByIndex(JSCell*, ExecState*, unsigned propertyName, JSValue, bool shouldThrow);
203         
204     // This performs the ECMAScript Set() operation.
205     ALWAYS_INLINE bool putByIndexInline(ExecState* exec, unsigned propertyName, JSValue value, bool shouldThrow)
206     {
207         if (canSetIndexQuickly(propertyName)) {
208             setIndexQuickly(exec->vm(), propertyName, value);
209             return true;
210         }
211         return methodTable(exec->vm())->putByIndex(this, exec, propertyName, value, shouldThrow);
212     }
213         
214     // This is similar to the putDirect* methods:
215     //  - the prototype chain is not consulted
216     //  - accessors are not called.
217     //  - it will ignore extensibility and read-only properties if PutDirectIndexLikePutDirect is passed as the mode (the default).
218     // This method creates a property with attributes writable, enumerable and configurable all set to true if attributes is zero,
219     // otherwise, it creates a property with the provided attributes. Semantically, this is performing defineOwnProperty.
220     bool putDirectIndex(ExecState* exec, unsigned propertyName, JSValue value, unsigned attributes, PutDirectIndexMode mode)
221     {
222         auto canSetIndexQuicklyForPutDirect = [&] () -> bool {
223             switch (indexingMode()) {
224             case ALL_BLANK_INDEXING_TYPES:
225             case ALL_UNDECIDED_INDEXING_TYPES:
226                 return false;
227             case ALL_WRITABLE_INT32_INDEXING_TYPES:
228             case ALL_WRITABLE_DOUBLE_INDEXING_TYPES:
229             case ALL_WRITABLE_CONTIGUOUS_INDEXING_TYPES:
230             case ALL_ARRAY_STORAGE_INDEXING_TYPES:
231                 return propertyName < m_butterfly->vectorLength();
232             default:
233                 if (isCopyOnWrite(indexingMode()))
234                     return false;
235                 RELEASE_ASSERT_NOT_REACHED();
236                 return false;
237             }
238         };
239         
240         if (!attributes && canSetIndexQuicklyForPutDirect()) {
241             setIndexQuickly(exec->vm(), propertyName, value);
242             return true;
243         }
244         return putDirectIndexSlowOrBeyondVectorLength(exec, propertyName, value, attributes, mode);
245     }
246     // This is semantically equivalent to performing defineOwnProperty(propertyName, {configurable:true, writable:true, enumerable:true, value:value}).
247     bool putDirectIndex(ExecState* exec, unsigned propertyName, JSValue value)
248     {
249         return putDirectIndex(exec, propertyName, value, 0, PutDirectIndexLikePutDirect);
250     }
251
252     // A generally non-throwing version of putDirect and putDirectIndex.
253     // However, it's only guaranteed to not throw based on what the receiver is.
254     // For example, if the receiver is a ProxyObject, this is not guaranteed, since
255     // it may call into arbitrary JS code. It's the responsibility of the user of
256     // this API to ensure that the receiver object is a well known type if they
257     // want to ensure that this won't throw an exception.
258     JS_EXPORT_PRIVATE bool putDirectMayBeIndex(ExecState*, PropertyName, JSValue);
259         
260     bool hasIndexingHeader() const
261     {
262         return structure()->hasIndexingHeader(this);
263     }
264     
265     bool canGetIndexQuickly(unsigned i)
266     {
267         Butterfly* butterfly = this->butterfly();
268         switch (indexingType()) {
269         case ALL_BLANK_INDEXING_TYPES:
270         case ALL_UNDECIDED_INDEXING_TYPES:
271             return false;
272         case ALL_INT32_INDEXING_TYPES:
273         case ALL_CONTIGUOUS_INDEXING_TYPES:
274             return i < butterfly->vectorLength() && butterfly->contiguous().at(this, i);
275         case ALL_DOUBLE_INDEXING_TYPES: {
276             if (i >= butterfly->vectorLength())
277                 return false;
278             double value = butterfly->contiguousDouble().at(this, i);
279             if (value != value)
280                 return false;
281             return true;
282         }
283         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
284             return i < butterfly->arrayStorage()->vectorLength() && butterfly->arrayStorage()->m_vector[i];
285         default:
286             RELEASE_ASSERT_NOT_REACHED();
287             return false;
288         }
289     }
290         
291     JSValue getIndexQuickly(unsigned i)
292     {
293         Butterfly* butterfly = this->butterfly();
294         switch (indexingType()) {
295         case ALL_INT32_INDEXING_TYPES:
296             return jsNumber(butterfly->contiguous().at(this, i).get().asInt32());
297         case ALL_CONTIGUOUS_INDEXING_TYPES:
298             return butterfly->contiguous().at(this, i).get();
299         case ALL_DOUBLE_INDEXING_TYPES:
300             return JSValue(JSValue::EncodeAsDouble, butterfly->contiguousDouble().at(this, i));
301         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
302             return butterfly->arrayStorage()->m_vector[i].get();
303         default:
304             RELEASE_ASSERT_NOT_REACHED();
305             return JSValue();
306         }
307     }
308         
309     JSValue tryGetIndexQuickly(unsigned i) const
310     {
311         Butterfly* butterfly = const_cast<JSObject*>(this)->butterfly();
312         switch (indexingType()) {
313         case ALL_BLANK_INDEXING_TYPES:
314         case ALL_UNDECIDED_INDEXING_TYPES:
315             break;
316         case ALL_INT32_INDEXING_TYPES:
317             if (i < butterfly->publicLength()) {
318                 JSValue result = butterfly->contiguous().at(this, i).get();
319                 ASSERT(result.isInt32() || !result);
320                 return result;
321             }
322             break;
323         case ALL_CONTIGUOUS_INDEXING_TYPES:
324             if (i < butterfly->publicLength())
325                 return butterfly->contiguous().at(this, i).get();
326             break;
327         case ALL_DOUBLE_INDEXING_TYPES: {
328             if (i >= butterfly->publicLength())
329                 break;
330             double result = butterfly->contiguousDouble().at(this, i);
331             if (result != result)
332                 break;
333             return JSValue(JSValue::EncodeAsDouble, result);
334         }
335         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
336             if (i < butterfly->arrayStorage()->vectorLength())
337                 return butterfly->arrayStorage()->m_vector[i].get();
338             break;
339         default:
340             RELEASE_ASSERT_NOT_REACHED();
341             break;
342         }
343         return JSValue();
344     }
345         
346     JSValue getDirectIndex(ExecState* exec, unsigned i)
347     {
348         if (JSValue result = tryGetIndexQuickly(i))
349             return result;
350         PropertySlot slot(this, PropertySlot::InternalMethodType::Get);
351         if (methodTable(exec->vm())->getOwnPropertySlotByIndex(this, exec, i, slot))
352             return slot.getValue(exec, i);
353         return JSValue();
354     }
355         
356     JSValue getIndex(ExecState* exec, unsigned i) const
357     {
358         if (JSValue result = tryGetIndexQuickly(i))
359             return result;
360         return get(exec, i);
361     }
362         
363     bool canSetIndexQuickly(unsigned i)
364     {
365         Butterfly* butterfly = this->butterfly();
366         switch (indexingMode()) {
367         case ALL_BLANK_INDEXING_TYPES:
368         case ALL_UNDECIDED_INDEXING_TYPES:
369             return false;
370         case ALL_WRITABLE_INT32_INDEXING_TYPES:
371         case ALL_WRITABLE_DOUBLE_INDEXING_TYPES:
372         case ALL_WRITABLE_CONTIGUOUS_INDEXING_TYPES:
373         case NonArrayWithArrayStorage:
374         case ArrayWithArrayStorage:
375             return i < butterfly->vectorLength();
376         case NonArrayWithSlowPutArrayStorage:
377         case ArrayWithSlowPutArrayStorage:
378             return i < butterfly->arrayStorage()->vectorLength()
379                 && !!butterfly->arrayStorage()->m_vector[i];
380         default:
381             if (isCopyOnWrite(indexingMode()))
382                 return false;
383             RELEASE_ASSERT_NOT_REACHED();
384             return false;
385         }
386     }
387         
388     void setIndexQuickly(VM& vm, unsigned i, JSValue v)
389     {
390         Butterfly* butterfly = m_butterfly.get();
391         ASSERT(!isCopyOnWrite(indexingMode()));
392         switch (indexingType()) {
393         case ALL_INT32_INDEXING_TYPES: {
394             ASSERT(i < butterfly->vectorLength());
395             if (!v.isInt32()) {
396                 convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(vm, i, v);
397                 return;
398             }
399             FALLTHROUGH;
400         }
401         case ALL_CONTIGUOUS_INDEXING_TYPES: {
402             ASSERT(i < butterfly->vectorLength());
403             butterfly->contiguous().at(this, i).set(vm, this, v);
404             if (i >= butterfly->publicLength())
405                 butterfly->setPublicLength(i + 1);
406             break;
407         }
408         case ALL_DOUBLE_INDEXING_TYPES: {
409             ASSERT(i < butterfly->vectorLength());
410             if (!v.isNumber()) {
411                 convertDoubleToContiguousWhilePerformingSetIndex(vm, i, v);
412                 return;
413             }
414             double value = v.asNumber();
415             if (value != value) {
416                 convertDoubleToContiguousWhilePerformingSetIndex(vm, i, v);
417                 return;
418             }
419             butterfly->contiguousDouble().at(this, i) = value;
420             if (i >= butterfly->publicLength())
421                 butterfly->setPublicLength(i + 1);
422             break;
423         }
424         case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
425             ArrayStorage* storage = butterfly->arrayStorage();
426             WriteBarrier<Unknown>& x = storage->m_vector[i];
427             JSValue old = x.get();
428             x.set(vm, this, v);
429             if (!old) {
430                 ++storage->m_numValuesInVector;
431                 if (i >= storage->length())
432                     storage->setLength(i + 1);
433             }
434             break;
435         }
436         default:
437             RELEASE_ASSERT_NOT_REACHED();
438         }
439     }
440
441     void initializeIndex(ObjectInitializationScope& scope, unsigned i, JSValue v)
442     {
443         initializeIndex(scope, i, v, indexingType());
444     }
445
446     // NOTE: Clients of this method may call it more than once for any index, and this is supposed
447     // to work.
448     ALWAYS_INLINE void initializeIndex(ObjectInitializationScope& scope, unsigned i, JSValue v, IndexingType indexingType)
449     {
450         VM& vm = scope.vm();
451         Butterfly* butterfly = m_butterfly.get();
452         switch (indexingType) {
453         case ALL_UNDECIDED_INDEXING_TYPES: {
454             setIndexQuicklyToUndecided(vm, i, v);
455             break;
456         }
457         case ALL_INT32_INDEXING_TYPES: {
458             ASSERT(i < butterfly->publicLength());
459             ASSERT(i < butterfly->vectorLength());
460             if (!v.isInt32()) {
461                 convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(vm, i, v);
462                 break;
463             }
464             FALLTHROUGH;
465         }
466         case ALL_CONTIGUOUS_INDEXING_TYPES: {
467             ASSERT(i < butterfly->publicLength());
468             ASSERT(i < butterfly->vectorLength());
469             butterfly->contiguous().at(this, i).set(vm, this, v);
470             break;
471         }
472         case ALL_DOUBLE_INDEXING_TYPES: {
473             ASSERT(i < butterfly->publicLength());
474             ASSERT(i < butterfly->vectorLength());
475             if (!v.isNumber()) {
476                 convertDoubleToContiguousWhilePerformingSetIndex(vm, i, v);
477                 return;
478             }
479             double value = v.asNumber();
480             if (value != value) {
481                 convertDoubleToContiguousWhilePerformingSetIndex(vm, i, v);
482                 return;
483             }
484             butterfly->contiguousDouble().at(this, i) = value;
485             break;
486         }
487         case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
488             ArrayStorage* storage = butterfly->arrayStorage();
489             ASSERT(i < storage->length());
490             ASSERT(i < storage->m_numValuesInVector);
491             storage->m_vector[i].set(vm, this, v);
492             break;
493         }
494         default:
495             RELEASE_ASSERT_NOT_REACHED();
496         }
497     }
498         
499     void initializeIndexWithoutBarrier(ObjectInitializationScope& scope, unsigned i, JSValue v)
500     {
501         initializeIndexWithoutBarrier(scope, i, v, indexingType());
502     }
503
504     // This version of initializeIndex is for cases where you know that you will not need any
505     // barriers. This implies not having any data format conversions.
506     ALWAYS_INLINE void initializeIndexWithoutBarrier(ObjectInitializationScope&, unsigned i, JSValue v, IndexingType indexingType)
507     {
508         Butterfly* butterfly = m_butterfly.get();
509         switch (indexingType) {
510         case ALL_UNDECIDED_INDEXING_TYPES: {
511             RELEASE_ASSERT_NOT_REACHED();
512             break;
513         }
514         case ALL_INT32_INDEXING_TYPES: {
515             ASSERT(i < butterfly->publicLength());
516             ASSERT(i < butterfly->vectorLength());
517             RELEASE_ASSERT(v.isInt32());
518             FALLTHROUGH;
519         }
520         case ALL_CONTIGUOUS_INDEXING_TYPES: {
521             ASSERT(i < butterfly->publicLength());
522             ASSERT(i < butterfly->vectorLength());
523             butterfly->contiguous().at(this, i).setWithoutWriteBarrier(v);
524             break;
525         }
526         case ALL_DOUBLE_INDEXING_TYPES: {
527             ASSERT(i < butterfly->publicLength());
528             ASSERT(i < butterfly->vectorLength());
529             RELEASE_ASSERT(v.isNumber());
530             double value = v.asNumber();
531             RELEASE_ASSERT(value == value);
532             butterfly->contiguousDouble().at(this, i) = value;
533             break;
534         }
535         case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
536             ArrayStorage* storage = butterfly->arrayStorage();
537             ASSERT(i < storage->length());
538             ASSERT(i < storage->m_numValuesInVector);
539             storage->m_vector[i].setWithoutWriteBarrier(v);
540             break;
541         }
542         default:
543             RELEASE_ASSERT_NOT_REACHED();
544         }
545     }
546         
547     bool hasSparseMap()
548     {
549         switch (indexingType()) {
550         case ALL_BLANK_INDEXING_TYPES:
551         case ALL_UNDECIDED_INDEXING_TYPES:
552         case ALL_INT32_INDEXING_TYPES:
553         case ALL_DOUBLE_INDEXING_TYPES:
554         case ALL_CONTIGUOUS_INDEXING_TYPES:
555             return false;
556         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
557             return !!m_butterfly->arrayStorage()->m_sparseMap;
558         default:
559             RELEASE_ASSERT_NOT_REACHED();
560             return false;
561         }
562     }
563         
564     bool inSparseIndexingMode()
565     {
566         switch (indexingType()) {
567         case ALL_BLANK_INDEXING_TYPES:
568         case ALL_UNDECIDED_INDEXING_TYPES:
569         case ALL_INT32_INDEXING_TYPES:
570         case ALL_DOUBLE_INDEXING_TYPES:
571         case ALL_CONTIGUOUS_INDEXING_TYPES:
572             return false;
573         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
574             return m_butterfly->arrayStorage()->inSparseMode();
575         default:
576             RELEASE_ASSERT_NOT_REACHED();
577             return false;
578         }
579     }
580         
581     void enterDictionaryIndexingMode(VM&);
582
583     // putDirect is effectively an unchecked vesion of 'defineOwnProperty':
584     //  - the prototype chain is not consulted
585     //  - accessors are not called.
586     //  - attributes will be respected (after the call the property will exist with the given attributes)
587     //  - the property name is assumed to not be an index.
588     bool putDirect(VM&, PropertyName, JSValue, unsigned attributes = 0);
589     bool putDirect(VM&, PropertyName, JSValue, PutPropertySlot&);
590     void putDirectWithoutTransition(VM&, PropertyName, JSValue, unsigned attributes = 0);
591     bool putDirectNonIndexAccessor(VM&, PropertyName, GetterSetter*, unsigned attributes);
592     bool putDirectAccessor(ExecState*, PropertyName, GetterSetter*, unsigned attributes);
593     JS_EXPORT_PRIVATE bool putDirectCustomAccessor(VM&, PropertyName, JSValue, unsigned attributes);
594
595     bool putGetter(ExecState*, PropertyName, JSValue, unsigned attributes);
596     bool putSetter(ExecState*, PropertyName, JSValue, unsigned attributes);
597
598     JS_EXPORT_PRIVATE bool hasProperty(ExecState*, PropertyName) const;
599     JS_EXPORT_PRIVATE bool hasProperty(ExecState*, unsigned propertyName) const;
600     bool hasPropertyGeneric(ExecState*, PropertyName, PropertySlot::InternalMethodType) const;
601     bool hasPropertyGeneric(ExecState*, unsigned propertyName, PropertySlot::InternalMethodType) const;
602     bool hasOwnProperty(ExecState*, PropertyName, PropertySlot&) const;
603     bool hasOwnProperty(ExecState*, PropertyName) const;
604     bool hasOwnProperty(ExecState*, unsigned) const;
605
606     JS_EXPORT_PRIVATE static bool deleteProperty(JSCell*, ExecState*, PropertyName);
607     JS_EXPORT_PRIVATE static bool deletePropertyByIndex(JSCell*, ExecState*, unsigned propertyName);
608
609     JS_EXPORT_PRIVATE static JSValue defaultValue(const JSObject*, ExecState*, PreferredPrimitiveType);
610     JSValue ordinaryToPrimitive(ExecState*, PreferredPrimitiveType) const;
611
612     JS_EXPORT_PRIVATE bool hasInstance(ExecState*, JSValue value, JSValue hasInstanceValue);
613     JS_EXPORT_PRIVATE bool hasInstance(ExecState*, JSValue);
614     static bool defaultHasInstance(ExecState*, JSValue, JSValue prototypeProperty);
615
616     JS_EXPORT_PRIVATE static void getOwnPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
617     JS_EXPORT_PRIVATE static void getOwnNonIndexPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
618     JS_EXPORT_PRIVATE static void getPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
619
620     JS_EXPORT_PRIVATE static uint32_t getEnumerableLength(ExecState*, JSObject*);
621     JS_EXPORT_PRIVATE static void getStructurePropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
622     JS_EXPORT_PRIVATE static void getGenericPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
623
624     JS_EXPORT_PRIVATE JSValue toPrimitive(ExecState*, PreferredPrimitiveType = NoPreference) const;
625     bool getPrimitiveNumber(ExecState*, double& number, JSValue&) const;
626     JS_EXPORT_PRIVATE double toNumber(ExecState*) const;
627     JS_EXPORT_PRIVATE JSString* toString(ExecState*) const;
628
629     JS_EXPORT_PRIVATE static JSValue toThis(JSCell*, ExecState*, ECMAMode);
630
631     // This get function only looks at the property map.
632     JSValue getDirect(VM& vm, PropertyName propertyName) const
633     {
634         Structure* structure = this->structure(vm);
635         PropertyOffset offset = structure->get(vm, propertyName);
636         checkOffset(offset, structure->inlineCapacity());
637         return offset != invalidOffset ? getDirect(offset) : JSValue();
638     }
639     
640     JSValue getDirect(VM& vm, PropertyName propertyName, unsigned& attributes) const
641     {
642         Structure* structure = this->structure(vm);
643         PropertyOffset offset = structure->get(vm, propertyName, attributes);
644         checkOffset(offset, structure->inlineCapacity());
645         return offset != invalidOffset ? getDirect(offset) : JSValue();
646     }
647
648     PropertyOffset getDirectOffset(VM& vm, PropertyName propertyName)
649     {
650         Structure* structure = this->structure(vm);
651         PropertyOffset offset = structure->get(vm, propertyName);
652         checkOffset(offset, structure->inlineCapacity());
653         return offset;
654     }
655
656     PropertyOffset getDirectOffset(VM& vm, PropertyName propertyName, unsigned& attributes)
657     {
658         Structure* structure = this->structure(vm);
659         PropertyOffset offset = structure->get(vm, propertyName, attributes);
660         checkOffset(offset, structure->inlineCapacity());
661         return offset;
662     }
663
664     bool hasInlineStorage() const { return structure()->hasInlineStorage(); }
665     ConstPropertyStorage inlineStorageUnsafe() const
666     {
667         return bitwise_cast<ConstPropertyStorage>(this + 1);
668     }
669     PropertyStorage inlineStorageUnsafe()
670     {
671         return bitwise_cast<PropertyStorage>(this + 1);
672     }
673     ConstPropertyStorage inlineStorage() const
674     {
675         ASSERT(hasInlineStorage());
676         return inlineStorageUnsafe();
677     }
678     PropertyStorage inlineStorage()
679     {
680         ASSERT(hasInlineStorage());
681         return inlineStorageUnsafe();
682     }
683         
684     const Butterfly* butterfly() const { return m_butterfly.get(); }
685     Butterfly* butterfly() { return m_butterfly.get(); }
686     
687     ConstPropertyStorage outOfLineStorage() const { return m_butterfly->propertyStorage(); }
688     PropertyStorage outOfLineStorage() { return m_butterfly->propertyStorage(); }
689
690     ALWAYS_INLINE const WriteBarrierBase<Unknown>* locationForOffset(PropertyOffset offset) const
691     {
692         if (isInlineOffset(offset))
693             return &inlineStorage()[offsetInInlineStorage(offset)];
694         return &outOfLineStorage()[offsetInOutOfLineStorage(offset)];
695     }
696
697     ALWAYS_INLINE WriteBarrierBase<Unknown>* locationForOffset(PropertyOffset offset)
698     {
699         if (isInlineOffset(offset))
700             return &inlineStorage()[offsetInInlineStorage(offset)];
701         return &outOfLineStorage()[offsetInOutOfLineStorage(offset)];
702     }
703
704     void transitionTo(VM&, Structure*);
705
706     bool hasCustomProperties() { return structure()->didTransition(); }
707     bool hasGetterSetterProperties() { return structure()->hasGetterSetterProperties(); }
708     bool hasCustomGetterSetterProperties() { return structure()->hasCustomGetterSetterProperties(); }
709
710     // putOwnDataProperty has 'put' like semantics, however this method:
711     //  - assumes the object contains no own getter/setter properties.
712     //  - provides no special handling for __proto__
713     //  - does not walk the prototype chain (to check for accessors or non-writable properties).
714     // This is used by JSLexicalEnvironment.
715     bool putOwnDataProperty(VM&, PropertyName, JSValue, PutPropertySlot&);
716     bool putOwnDataPropertyMayBeIndex(ExecState*, PropertyName, JSValue, PutPropertySlot&);
717
718     // Fast access to known property offsets.
719     ALWAYS_INLINE JSValue getDirect(PropertyOffset offset) const { return locationForOffset(offset)->get(); }
720     void putDirect(VM& vm, PropertyOffset offset, JSValue value) { locationForOffset(offset)->set(vm, this, value); }
721     void putDirectWithoutBarrier(PropertyOffset offset, JSValue value) { locationForOffset(offset)->setWithoutWriteBarrier(value); }
722     void putDirectUndefined(PropertyOffset offset) { locationForOffset(offset)->setUndefined(); }
723
724     JS_EXPORT_PRIVATE bool putDirectNativeIntrinsicGetter(VM&, JSGlobalObject*, Identifier, NativeFunction, Intrinsic, unsigned attributes);
725     JS_EXPORT_PRIVATE bool putDirectNativeFunction(VM&, JSGlobalObject*, const PropertyName&, unsigned functionLength, NativeFunction, Intrinsic, unsigned attributes);
726     JS_EXPORT_PRIVATE bool putDirectNativeFunction(VM&, JSGlobalObject*, const PropertyName&, unsigned functionLength, NativeFunction, Intrinsic, const DOMJIT::Signature*, unsigned attributes);
727     JS_EXPORT_PRIVATE void putDirectNativeFunctionWithoutTransition(VM&, JSGlobalObject*, const PropertyName&, unsigned functionLength, NativeFunction, Intrinsic, unsigned attributes);
728
729     JS_EXPORT_PRIVATE JSFunction* putDirectBuiltinFunction(VM&, JSGlobalObject*, const PropertyName&, FunctionExecutable*, unsigned attributes);
730     JSFunction* putDirectBuiltinFunctionWithoutTransition(VM&, JSGlobalObject*, const PropertyName&, FunctionExecutable*, unsigned attributes);
731
732     JS_EXPORT_PRIVATE static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, const PropertyDescriptor&, bool shouldThrow);
733
734     bool isEnvironment() const;
735     bool isGlobalObject() const;
736     bool isJSLexicalEnvironment() const;
737     bool isGlobalLexicalEnvironment() const;
738     bool isStrictEvalActivation() const;
739     bool isWithScope() const;
740
741     bool isErrorInstance() const;
742
743     JS_EXPORT_PRIVATE void seal(VM&);
744     JS_EXPORT_PRIVATE void freeze(VM&);
745     JS_EXPORT_PRIVATE static bool preventExtensions(JSObject*, ExecState*);
746     JS_EXPORT_PRIVATE static bool isExtensible(JSObject*, ExecState*);
747     bool isSealed(VM& vm) { return structure(vm)->isSealed(vm); }
748     bool isFrozen(VM& vm) { return structure(vm)->isFrozen(vm); }
749
750     bool anyObjectInChainMayInterceptIndexedAccesses() const;
751     JS_EXPORT_PRIVATE bool prototypeChainMayInterceptStoreTo(VM&, PropertyName);
752     bool needsSlowPutIndexing() const;
753     NonPropertyTransition suggestedArrayStorageTransition() const;
754
755 private:
756     ALWAYS_INLINE bool isExtensibleImpl() { return isStructureExtensible(); }
757 public:
758     // You should only call isStructureExtensible() when:
759     // - Performing this check in a way that isn't described in the specification 
760     //   as calling the virtual [[IsExtensible]] trap.
761     // - When you're guaranteed that object->methodTable()->isExtensible isn't
762     //   overridden.
763     ALWAYS_INLINE bool isStructureExtensible() { return structure()->isStructureExtensible(); }
764     // You should call this when performing [[IsExtensible]] trap in a place
765     // that is described in the specification. This performs the fully virtual
766     // [[IsExtensible]] trap.
767     bool isExtensible(ExecState*);
768     bool indexingShouldBeSparse()
769     {
770         return !isStructureExtensible()
771             || structure()->typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero();
772     }
773
774     bool staticPropertiesReified() { return structure()->staticPropertiesReified(); }
775     void reifyAllStaticProperties(ExecState*);
776
777     JS_EXPORT_PRIVATE Butterfly* allocateMoreOutOfLineStorage(VM&, size_t oldSize, size_t newSize);
778
779     // Call this when you do not need to change the structure.
780     void setButterfly(VM&, Butterfly*);
781     
782     // Call this if you do need to change the structure, or if you changed something about a structure
783     // in-place.
784     void nukeStructureAndSetButterfly(VM&, StructureID oldStructureID, Butterfly*);
785
786     void setStructure(VM&, Structure*);
787
788     JS_EXPORT_PRIVATE void convertToDictionary(VM&);
789
790     void flattenDictionaryObject(VM& vm)
791     {
792         structure(vm)->flattenDictionaryStructure(vm, this);
793     }
794     void shiftButterflyAfterFlattening(const GCSafeConcurrentJSLocker&, VM&, Structure* structure, size_t outOfLineCapacityAfter);
795
796     JSGlobalObject* globalObject() const
797     {
798         ASSERT(structure()->globalObject());
799         ASSERT(!isGlobalObject() || ((JSObject*)structure()->globalObject()) == this);
800         return structure()->globalObject();
801     }
802         
803     JSGlobalObject* globalObject(VM& vm) const
804     {
805         ASSERT(structure(vm)->globalObject());
806         ASSERT(!isGlobalObject() || ((JSObject*)structure()->globalObject()) == this);
807         return structure(vm)->globalObject();
808     }
809         
810     void switchToSlowPutArrayStorage(VM&);
811         
812     // The receiver is the prototype in this case. The following:
813     //
814     // asObject(foo->structure()->storedPrototype())->attemptToInterceptPutByIndexOnHoleForPrototype(...)
815     //
816     // is equivalent to:
817     //
818     // foo->attemptToInterceptPutByIndexOnHole(...);
819     bool attemptToInterceptPutByIndexOnHoleForPrototype(ExecState*, JSValue thisValue, unsigned propertyName, JSValue, bool shouldThrow, bool& putResult);
820         
821     // Returns 0 if int32 storage cannot be created - either because
822     // indexing should be sparse, we're having a bad time, or because
823     // we already have a more general form of storage (double,
824     // contiguous, array storage).
825     ContiguousJSValues ensureWritableInt32(VM& vm)
826     {
827         if (LIKELY(hasInt32(indexingType()) && !isCopyOnWrite(indexingMode())))
828             return m_butterfly->contiguousInt32();
829             
830         return ensureWritableInt32Slow(vm);
831     }
832         
833     // Returns 0 if double storage cannot be created - either because
834     // indexing should be sparse, we're having a bad time, or because
835     // we already have a more general form of storage (contiguous,
836     // or array storage).
837     ContiguousDoubles ensureWritableDouble(VM& vm)
838     {
839         if (LIKELY(hasDouble(indexingType()) && !isCopyOnWrite(indexingMode())))
840             return m_butterfly->contiguousDouble();
841             
842         return ensureWritableDoubleSlow(vm);
843     }
844         
845     // Returns 0 if contiguous storage cannot be created - either because
846     // indexing should be sparse or because we're having a bad time.
847     ContiguousJSValues ensureWritableContiguous(VM& vm)
848     {
849         if (LIKELY(hasContiguous(indexingType()) && !isCopyOnWrite(indexingMode())))
850             return m_butterfly->contiguous();
851             
852         return ensureWritableContiguousSlow(vm);
853     }
854
855     // Ensure that the object is in a mode where it has array storage. Use
856     // this if you're about to perform actions that would have required the
857     // object to be converted to have array storage, if it didn't have it
858     // already.
859     ArrayStorage* ensureArrayStorage(VM& vm)
860     {
861         if (LIKELY(hasAnyArrayStorage(indexingType())))
862             return m_butterfly->arrayStorage();
863
864         return ensureArrayStorageSlow(vm);
865     }
866         
867     static size_t offsetOfInlineStorage();
868         
869     static ptrdiff_t butterflyOffset()
870     {
871         return OBJECT_OFFSETOF(JSObject, m_butterfly);
872     }
873     void* butterflyAddress()
874     {
875         return &m_butterfly;
876     }
877
878     JS_EXPORT_PRIVATE JSValue getMethod(ExecState*, CallData&, CallType&, const Identifier&, const String& errorMessage);
879
880     bool canPerformFastPutInline(VM&, PropertyName);
881     bool canPerformFastPutInlineExcludingProto(VM&);
882
883     DECLARE_EXPORT_INFO;
884
885 protected:
886     void finishCreation(VM& vm)
887     {
888         Base::finishCreation(vm);
889         ASSERT(jsDynamicCast<JSObject*>(vm, this));
890         ASSERT(structure()->hasPolyProto() || getPrototypeDirect(vm).isNull() || Heap::heap(this) == Heap::heap(getPrototypeDirect(vm)));
891         ASSERT(structure()->isObject());
892         ASSERT(classInfo(vm));
893     }
894
895     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
896     {
897         return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
898     }
899
900     // To instantiate objects you likely want JSFinalObject, below.
901     // To create derived types you likely want JSNonFinalObject, below.
902     JSObject(VM&, Structure*, Butterfly* = nullptr);
903     
904     // Visits the butterfly unless there is a race. Returns the structure if there was no race.
905     Structure* visitButterfly(SlotVisitor&);
906     
907     Structure* visitButterflyImpl(SlotVisitor&);
908     
909     void markAuxiliaryAndVisitOutOfLineProperties(SlotVisitor&, Butterfly*, Structure*, PropertyOffset lastOffset);
910
911     // Call this if you know that the object is in a mode where it has array
912     // storage. This will assert otherwise.
913     ArrayStorage* arrayStorage()
914     {
915         ASSERT(hasAnyArrayStorage(indexingType()));
916         return m_butterfly->arrayStorage();
917     }
918         
919     // Call this if you want to predicate some actions on whether or not the
920     // object is in a mode where it has array storage.
921     ArrayStorage* arrayStorageOrNull()
922     {
923         switch (indexingType()) {
924         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
925             return m_butterfly->arrayStorage();
926                 
927         default:
928             return 0;
929         }
930     }
931         
932     size_t butterflyTotalSize();
933     size_t butterflyPreCapacity();
934
935     Butterfly* createInitialUndecided(VM&, unsigned length);
936     ContiguousJSValues createInitialInt32(VM&, unsigned length);
937     ContiguousDoubles createInitialDouble(VM&, unsigned length);
938     ContiguousJSValues createInitialContiguous(VM&, unsigned length);
939
940     void convertUndecidedForValue(VM&, JSValue);
941     void createInitialForValueAndSet(VM&, unsigned index, JSValue);
942     void convertInt32ForValue(VM&, JSValue);
943     void convertDoubleForValue(VM&, JSValue);
944     void convertFromCopyOnWrite(VM&);
945
946     static Butterfly* createArrayStorageButterfly(VM&, JSCell* intendedOwner, Structure*, unsigned length, unsigned vectorLength, Butterfly* oldButterfly = nullptr);
947     ArrayStorage* createArrayStorage(VM&, unsigned length, unsigned vectorLength);
948     ArrayStorage* createInitialArrayStorage(VM&);
949         
950     ContiguousJSValues convertUndecidedToInt32(VM&);
951     ContiguousDoubles convertUndecidedToDouble(VM&);
952     ContiguousJSValues convertUndecidedToContiguous(VM&);
953     ArrayStorage* convertUndecidedToArrayStorage(VM&, NonPropertyTransition);
954     ArrayStorage* convertUndecidedToArrayStorage(VM&);
955         
956     ContiguousDoubles convertInt32ToDouble(VM&);
957     ContiguousJSValues convertInt32ToContiguous(VM&);
958     ArrayStorage* convertInt32ToArrayStorage(VM&, NonPropertyTransition);
959     ArrayStorage* convertInt32ToArrayStorage(VM&);
960
961     ContiguousJSValues convertDoubleToContiguous(VM&);
962     ArrayStorage* convertDoubleToArrayStorage(VM&, NonPropertyTransition);
963     ArrayStorage* convertDoubleToArrayStorage(VM&);
964         
965     ArrayStorage* convertContiguousToArrayStorage(VM&, NonPropertyTransition);
966     ArrayStorage* convertContiguousToArrayStorage(VM&);
967
968         
969     ArrayStorage* ensureArrayStorageExistsAndEnterDictionaryIndexingMode(VM&);
970         
971     bool defineOwnNonIndexProperty(ExecState*, PropertyName, const PropertyDescriptor&, bool throwException);
972
973     template<IndexingType indexingShape>
974     bool putByIndexBeyondVectorLengthWithoutAttributes(ExecState*, unsigned propertyName, JSValue);
975     bool putByIndexBeyondVectorLengthWithArrayStorage(ExecState*, unsigned propertyName, JSValue, bool shouldThrow, ArrayStorage*);
976
977     bool increaseVectorLength(VM&, unsigned newLength);
978     void deallocateSparseIndexMap();
979     bool defineOwnIndexedProperty(ExecState*, unsigned, const PropertyDescriptor&, bool throwException);
980     SparseArrayValueMap* allocateSparseIndexMap(VM&);
981         
982     void notifyPresenceOfIndexedAccessors(VM&);
983         
984     bool attemptToInterceptPutByIndexOnHole(ExecState*, unsigned index, JSValue, bool shouldThrow, bool& putResult);
985         
986     // Call this if you want setIndexQuickly to succeed and you're sure that
987     // the array is contiguous.
988     bool WARN_UNUSED_RETURN ensureLength(VM& vm, unsigned length)
989     {
990         RELEASE_ASSERT(length <= MAX_STORAGE_VECTOR_LENGTH);
991         ASSERT(hasContiguous(indexingType()) || hasInt32(indexingType()) || hasDouble(indexingType()) || hasUndecided(indexingType()));
992
993         if (m_butterfly->vectorLength() < length || isCopyOnWrite(indexingMode())) {
994             if (!ensureLengthSlow(vm, length))
995                 return false;
996         }
997             
998         if (m_butterfly->publicLength() < length)
999             m_butterfly->setPublicLength(length);
1000         return true;
1001     }
1002         
1003     // Call this if you want to shrink the butterfly backing store, and you're
1004     // sure that the array is contiguous.
1005     void reallocateAndShrinkButterfly(VM&, unsigned length);
1006     
1007     template<IndexingType indexingShape>
1008     unsigned countElements(Butterfly*);
1009         
1010     // This is relevant to undecided, int32, double, and contiguous.
1011     unsigned countElements();
1012         
1013 private:
1014     friend class LLIntOffsetsExtractor;
1015         
1016     // Nobody should ever ask any of these questions on something already known to be a JSObject.
1017     using JSCell::isAPIValueWrapper;
1018     using JSCell::isGetterSetter;
1019     void getObject();
1020     void getString(ExecState* exec);
1021     void isObject();
1022     void isString();
1023         
1024     Butterfly* createInitialIndexedStorage(VM&, unsigned length);
1025         
1026     ArrayStorage* enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(VM&, ArrayStorage*);
1027         
1028     template<PutMode>
1029     bool putDirectInternal(VM&, PropertyName, JSValue, unsigned attr, PutPropertySlot&);
1030
1031     JS_EXPORT_PRIVATE NEVER_INLINE bool putInlineSlow(ExecState*, PropertyName, JSValue, PutPropertySlot&);
1032
1033     bool getNonIndexPropertySlot(ExecState*, PropertyName, PropertySlot&);
1034     bool getOwnNonIndexPropertySlot(VM&, Structure*, PropertyName, PropertySlot&);
1035     JS_EXPORT_PRIVATE void fillGetterPropertySlot(PropertySlot&, JSCell*, unsigned, PropertyOffset);
1036     void fillCustomGetterPropertySlot(VM&, PropertySlot&, CustomGetterSetter*, unsigned, Structure*);
1037
1038     JS_EXPORT_PRIVATE bool getOwnStaticPropertySlot(VM&, PropertyName, PropertySlot&);
1039     struct PropertyHashEntry {
1040         const HashTable* table;
1041         const HashTableValue* value;
1042     };
1043     std::optional<PropertyHashEntry> findPropertyHashEntry(VM&, PropertyName) const;
1044         
1045     bool putIndexedDescriptor(ExecState*, SparseArrayEntry*, const PropertyDescriptor&, PropertyDescriptor& old);
1046         
1047     bool putByIndexBeyondVectorLength(ExecState*, unsigned propertyName, JSValue, bool shouldThrow);
1048     bool putDirectIndexBeyondVectorLengthWithArrayStorage(ExecState*, unsigned propertyName, JSValue, unsigned attributes, PutDirectIndexMode, ArrayStorage*);
1049     JS_EXPORT_PRIVATE bool putDirectIndexSlowOrBeyondVectorLength(ExecState*, unsigned propertyName, JSValue, unsigned attributes, PutDirectIndexMode);
1050         
1051     unsigned getNewVectorLength(unsigned indexBias, unsigned currentVectorLength, unsigned currentLength, unsigned desiredLength);
1052     unsigned getNewVectorLength(unsigned desiredLength);
1053
1054     ArrayStorage* constructConvertedArrayStorageWithoutCopyingElements(VM&, unsigned neededLength);
1055         
1056     JS_EXPORT_PRIVATE void setIndexQuicklyToUndecided(VM&, unsigned index, JSValue);
1057     JS_EXPORT_PRIVATE void convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(VM&, unsigned index, JSValue);
1058     JS_EXPORT_PRIVATE void convertDoubleToContiguousWhilePerformingSetIndex(VM&, unsigned index, JSValue);
1059         
1060     bool ensureLengthSlow(VM&, unsigned length);
1061         
1062     ContiguousJSValues ensureWritableInt32Slow(VM&);
1063     ContiguousDoubles ensureWritableDoubleSlow(VM&);
1064     ContiguousJSValues ensureWritableContiguousSlow(VM&);
1065     JS_EXPORT_PRIVATE ArrayStorage* ensureArrayStorageSlow(VM&);
1066
1067     PropertyOffset prepareToPutDirectWithoutTransition(VM&, PropertyName, unsigned attributes, StructureID, Structure*);
1068
1069     AuxiliaryBarrier<Butterfly*> m_butterfly;
1070 #if USE(JSVALUE32_64)
1071     unsigned m_32BitPadding;
1072 #endif
1073 };
1074
1075 // JSNonFinalObject is a type of JSObject that has some internal storage,
1076 // but also preserves some space in the collector cell for additional
1077 // data members in derived types.
1078 class JSNonFinalObject : public JSObject {
1079     friend class JSObject;
1080
1081 public:
1082     typedef JSObject Base;
1083
1084     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
1085     {
1086         return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
1087     }
1088
1089 protected:
1090     explicit JSNonFinalObject(VM& vm, Structure* structure, Butterfly* butterfly = 0)
1091         : JSObject(vm, structure, butterfly)
1092     {
1093     }
1094
1095     void finishCreation(VM& vm)
1096     {
1097         Base::finishCreation(vm);
1098         ASSERT(!this->structure()->hasInlineStorage());
1099         ASSERT(classInfo(vm));
1100     }
1101 };
1102
1103 class JSFinalObject;
1104
1105 // JSFinalObject is a type of JSObject that contains sufficient internal
1106 // storage to fully make use of the collector cell containing it.
1107 class JSFinalObject final : public JSObject {
1108     friend class JSObject;
1109
1110 public:
1111     typedef JSObject Base;
1112     static const unsigned StructureFlags = Base::StructureFlags;
1113
1114     static size_t allocationSize(Checked<size_t> inlineCapacity)
1115     {
1116         return (sizeof(JSObject) + inlineCapacity * sizeof(WriteBarrierBase<Unknown>)).unsafeGet();
1117     }
1118
1119     static inline const TypeInfo typeInfo() { return TypeInfo(FinalObjectType, StructureFlags); }
1120     static const IndexingType defaultIndexingType = NonArray;
1121         
1122     static const unsigned defaultSize = 64;
1123     static inline unsigned defaultInlineCapacity()
1124     {
1125         return (defaultSize - allocationSize(0)) / sizeof(WriteBarrier<Unknown>);
1126     }
1127
1128     static const unsigned maxSize = 512;
1129     static inline unsigned maxInlineCapacity()
1130     {
1131         return (maxSize - allocationSize(0)) / sizeof(WriteBarrier<Unknown>);
1132     }
1133
1134     static JSFinalObject* create(ExecState*, Structure*, Butterfly* = nullptr);
1135     static JSFinalObject* create(VM&, Structure*);
1136     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype, unsigned inlineCapacity)
1137     {
1138         return Structure::create(vm, globalObject, prototype, typeInfo(), info(), defaultIndexingType, inlineCapacity);
1139     }
1140
1141     JS_EXPORT_PRIVATE static void visitChildren(JSCell*, SlotVisitor&);
1142
1143     DECLARE_EXPORT_INFO;
1144
1145 protected:
1146     void visitChildrenCommon(SlotVisitor&);
1147         
1148     void finishCreation(VM& vm)
1149     {
1150         Base::finishCreation(vm);
1151         ASSERT(structure()->totalStorageCapacity() == structure()->inlineCapacity());
1152         ASSERT(classInfo(vm));
1153     }
1154
1155 private:
1156     friend class LLIntOffsetsExtractor;
1157
1158     explicit JSFinalObject(VM& vm, Structure* structure, Butterfly* butterfly = nullptr)
1159         : JSObject(vm, structure, butterfly)
1160     {
1161         memset(inlineStorageUnsafe(), 0, structure->inlineCapacity() * sizeof(EncodedJSValue));
1162     }
1163 };
1164
1165 JS_EXPORT_PRIVATE EncodedJSValue JSC_HOST_CALL objectPrivateFuncInstanceOf(ExecState*);
1166
1167 inline JSObject* JSObject::createRawObject(
1168     ExecState* exec, Structure* structure, Butterfly* butterfly)
1169 {
1170     VM& vm = exec->vm();
1171     JSObject* finalObject = new (
1172         NotNull, 
1173         allocateCell<JSFinalObject>(
1174             vm.heap,
1175             JSFinalObject::allocationSize(structure->inlineCapacity())
1176         )
1177     ) JSObject(vm, structure, butterfly);
1178     finalObject->finishCreation(vm);
1179     return finalObject;
1180 }
1181
1182 inline JSFinalObject* JSFinalObject::create(
1183     ExecState* exec, Structure* structure, Butterfly* butterfly)
1184 {
1185     VM& vm = exec->vm();
1186     JSFinalObject* finalObject = new (
1187         NotNull, 
1188         allocateCell<JSFinalObject>(
1189             vm.heap,
1190             allocationSize(structure->inlineCapacity())
1191         )
1192     ) JSFinalObject(vm, structure, butterfly);
1193     finalObject->finishCreation(vm);
1194     return finalObject;
1195 }
1196
1197 inline JSFinalObject* JSFinalObject::create(VM& vm, Structure* structure)
1198 {
1199     JSFinalObject* finalObject = new (NotNull, allocateCell<JSFinalObject>(vm.heap, allocationSize(structure->inlineCapacity()))) JSFinalObject(vm, structure);
1200     finalObject->finishCreation(vm);
1201     return finalObject;
1202 }
1203
1204 inline size_t JSObject::offsetOfInlineStorage()
1205 {
1206     return sizeof(JSObject);
1207 }
1208
1209 inline bool JSObject::isGlobalObject() const
1210 {
1211     return type() == GlobalObjectType;
1212 }
1213
1214 inline bool JSObject::isJSLexicalEnvironment() const
1215 {
1216     return type() == LexicalEnvironmentType || type() == ModuleEnvironmentType;
1217 }
1218
1219 inline bool JSObject::isGlobalLexicalEnvironment() const
1220 {
1221     return type() == GlobalLexicalEnvironmentType;
1222 }
1223
1224 inline bool JSObject::isStrictEvalActivation() const
1225 {
1226     return type() == StrictEvalActivationType;
1227 }
1228
1229 inline bool JSObject::isEnvironment() const
1230 {
1231     bool result = GlobalObjectType <= type() && type() <= StrictEvalActivationType;
1232     ASSERT((isGlobalObject() || isJSLexicalEnvironment() || isGlobalLexicalEnvironment() || isStrictEvalActivation()) == result);
1233     return result;
1234 }
1235
1236 inline bool JSObject::isErrorInstance() const
1237 {
1238     return type() == ErrorInstanceType;
1239 }
1240
1241 inline bool JSObject::isWithScope() const
1242 {
1243     return type() == WithScopeType;
1244 }
1245
1246 inline void JSObject::setStructure(VM& vm, Structure* structure)
1247 {
1248     ASSERT(structure);
1249     ASSERT(!m_butterfly == !(structure->outOfLineCapacity() || structure->hasIndexingHeader(this)));
1250     JSCell::setStructure(vm, structure);
1251 }
1252
1253 inline void JSObject::setButterfly(VM& vm, Butterfly* butterfly)
1254 {
1255     if (isX86() || vm.heap.mutatorShouldBeFenced()) {
1256         WTF::storeStoreFence();
1257         m_butterfly.set(vm, this, butterfly);
1258         WTF::storeStoreFence();
1259         return;
1260     }
1261
1262     m_butterfly.set(vm, this, butterfly);
1263 }
1264
1265 inline void JSObject::nukeStructureAndSetButterfly(VM& vm, StructureID oldStructureID, Butterfly* butterfly)
1266 {
1267     if (isX86() || vm.heap.mutatorShouldBeFenced()) {
1268         setStructureIDDirectly(nuke(oldStructureID));
1269         WTF::storeStoreFence();
1270         m_butterfly.set(vm, this, butterfly);
1271         WTF::storeStoreFence();
1272         return;
1273     }
1274
1275     m_butterfly.set(vm, this, butterfly);
1276 }
1277
1278 inline CallType getCallData(JSValue value, CallData& callData)
1279 {
1280     CallType result = value.isCell() ? value.asCell()->methodTable()->getCallData(value.asCell(), callData) : CallType::None;
1281     ASSERT(result == CallType::None || value.isValidCallee());
1282     return result;
1283 }
1284
1285 inline ConstructType getConstructData(JSValue value, ConstructData& constructData)
1286 {
1287     ConstructType result = value.isCell() ? value.asCell()->methodTable()->getConstructData(value.asCell(), constructData) : ConstructType::None;
1288     ASSERT(result == ConstructType::None || value.isValidCallee());
1289     return result;
1290 }
1291
1292 inline JSObject* asObject(JSCell* cell)
1293 {
1294     ASSERT(cell->isObject());
1295     return jsCast<JSObject*>(cell);
1296 }
1297
1298 inline JSObject* asObject(JSValue value)
1299 {
1300     return asObject(value.asCell());
1301 }
1302
1303 inline JSObject::JSObject(VM& vm, Structure* structure, Butterfly* butterfly)
1304     : JSCell(vm, structure)
1305     , m_butterfly(vm, this, butterfly)
1306 {
1307 }
1308
1309 inline JSValue JSObject::getPrototypeDirect(VM& vm) const
1310 {
1311     return structure(vm)->storedPrototype(this);
1312 }
1313
1314 inline JSValue JSObject::getPrototype(VM& vm, ExecState* exec)
1315 {
1316     auto getPrototypeMethod = methodTable(vm)->getPrototype;
1317     MethodTable::GetPrototypeFunctionPtr defaultGetPrototype = JSObject::getPrototype;
1318     if (LIKELY(getPrototypeMethod == defaultGetPrototype))
1319         return getPrototypeDirect(vm);
1320     return getPrototypeMethod(this, exec);
1321 }
1322
1323 // It is safe to call this method with a PropertyName that is actually an index,
1324 // but if so will always return false (doesn't search index storage).
1325 ALWAYS_INLINE bool JSObject::getOwnNonIndexPropertySlot(VM& vm, Structure* structure, PropertyName propertyName, PropertySlot& slot)
1326 {
1327     unsigned attributes;
1328     PropertyOffset offset = structure->get(vm, propertyName, attributes);
1329     if (!isValidOffset(offset)) {
1330         if (!TypeInfo::hasStaticPropertyTable(inlineTypeFlags()))
1331             return false;
1332         return getOwnStaticPropertySlot(vm, propertyName, slot);
1333     }
1334     
1335     // getPropertySlot relies on this method never returning index properties!
1336     ASSERT(!parseIndex(propertyName));
1337
1338     JSValue value = getDirect(offset);
1339     if (value.isCell()) {
1340         ASSERT(value);
1341         JSCell* cell = value.asCell();
1342         JSType type = cell->type();
1343         switch (type) {
1344         case GetterSetterType:
1345             fillGetterPropertySlot(slot, cell, attributes, offset);
1346             return true;
1347         case CustomGetterSetterType:
1348             fillCustomGetterPropertySlot(vm, slot, jsCast<CustomGetterSetter*>(cell), attributes, structure);
1349             return true;
1350         default:
1351             break;
1352         }
1353     }
1354     
1355     slot.setValue(this, attributes, value, offset);
1356     return true;
1357 }
1358
1359 ALWAYS_INLINE void JSObject::fillCustomGetterPropertySlot(VM& vm, PropertySlot& slot, CustomGetterSetter* customGetterSetter, unsigned attributes, Structure* structure)
1360 {
1361     if (customGetterSetter->inherits<DOMAttributeGetterSetter>(vm)) {
1362         auto* domAttribute = jsCast<DOMAttributeGetterSetter*>(customGetterSetter);
1363         if (structure->isUncacheableDictionary())
1364             slot.setCustom(this, attributes, domAttribute->getter(), domAttribute->domAttribute());
1365         else
1366             slot.setCacheableCustom(this, attributes, domAttribute->getter(), domAttribute->domAttribute());
1367         return;
1368     }
1369
1370     if (structure->isUncacheableDictionary())
1371         slot.setCustom(this, attributes, customGetterSetter->getter());
1372     else
1373         slot.setCacheableCustom(this, attributes, customGetterSetter->getter());
1374 }
1375
1376 // It may seem crazy to inline a function this large, especially a virtual function,
1377 // but it makes a big difference to property lookup that derived classes can inline their
1378 // base class call to this.
1379 ALWAYS_INLINE bool JSObject::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
1380 {
1381     VM& vm = exec->vm();
1382     Structure* structure = object->structure(vm);
1383     if (object->getOwnNonIndexPropertySlot(vm, structure, propertyName, slot))
1384         return true;
1385     if (std::optional<uint32_t> index = parseIndex(propertyName))
1386         return getOwnPropertySlotByIndex(object, exec, index.value(), slot);
1387     return false;
1388 }
1389
1390 // It may seem crazy to inline a function this large but it makes a big difference
1391 // since this is function very hot in variable lookup
1392 ALWAYS_INLINE bool JSObject::getPropertySlot(ExecState* exec, PropertyName propertyName, PropertySlot& slot)
1393 {
1394     VM& vm = exec->vm();
1395     auto& structureIDTable = vm.heap.structureIDTable();
1396     JSObject* object = this;
1397     while (true) {
1398         if (UNLIKELY(TypeInfo::overridesGetOwnPropertySlot(object->inlineTypeFlags()))) {
1399             // If propertyName is an index then we may have missed it (as this loop is using
1400             // getOwnNonIndexPropertySlot), so we cannot safely call the overridden getOwnPropertySlot
1401             // (lest we return a property from a prototype that is shadowed). Check now for an index,
1402             // if so we need to start afresh from this object.
1403             if (std::optional<uint32_t> index = parseIndex(propertyName))
1404                 return getPropertySlot(exec, index.value(), slot);
1405             // Safe to continue searching from current position; call getNonIndexPropertySlot to avoid
1406             // parsing the int again.
1407             return object->getNonIndexPropertySlot(exec, propertyName, slot);
1408         }
1409         ASSERT(object->type() != ProxyObjectType);
1410         Structure* structure = structureIDTable.get(object->structureID());
1411         if (object->getOwnNonIndexPropertySlot(vm, structure, propertyName, slot))
1412             return true;
1413         // FIXME: This doesn't look like it's following the specification:
1414         // https://bugs.webkit.org/show_bug.cgi?id=172572
1415         JSValue prototype = structure->storedPrototype(object);
1416         if (!prototype.isObject())
1417             break;
1418         object = asObject(prototype);
1419     }
1420
1421     if (std::optional<uint32_t> index = parseIndex(propertyName))
1422         return getPropertySlot(exec, index.value(), slot);
1423     return false;
1424 }
1425
1426 inline JSValue JSObject::get(ExecState* exec, PropertyName propertyName) const
1427 {
1428     VM& vm = exec->vm();
1429     auto scope = DECLARE_THROW_SCOPE(vm);
1430     PropertySlot slot(this, PropertySlot::InternalMethodType::Get);
1431     bool hasProperty = const_cast<JSObject*>(this)->getPropertySlot(exec, propertyName, slot);
1432     EXCEPTION_ASSERT(!scope.exception() || !hasProperty);
1433     if (hasProperty) {
1434         scope.release();
1435         return slot.getValue(exec, propertyName);
1436     }
1437     return jsUndefined();
1438 }
1439
1440 inline JSValue JSObject::get(ExecState* exec, unsigned propertyName) const
1441 {
1442     VM& vm = exec->vm();
1443     auto scope = DECLARE_THROW_SCOPE(vm);
1444     PropertySlot slot(this, PropertySlot::InternalMethodType::Get);
1445     bool hasProperty = const_cast<JSObject*>(this)->getPropertySlot(exec, propertyName, slot);
1446     EXCEPTION_ASSERT(!scope.exception() || !hasProperty);
1447     if (hasProperty) {
1448         scope.release();
1449         return slot.getValue(exec, propertyName);
1450     }
1451     return jsUndefined();
1452 }
1453
1454 inline bool JSObject::putOwnDataProperty(VM& vm, PropertyName propertyName, JSValue value, PutPropertySlot& slot)
1455 {
1456     ASSERT(value);
1457     ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
1458     ASSERT(!structure()->hasGetterSetterProperties());
1459     ASSERT(!structure()->hasCustomGetterSetterProperties());
1460
1461     return putDirectInternal<PutModePut>(vm, propertyName, value, 0, slot);
1462 }
1463
1464 inline bool JSObject::putOwnDataPropertyMayBeIndex(ExecState* exec, PropertyName propertyName, JSValue value, PutPropertySlot& slot)
1465 {
1466     ASSERT(value);
1467     ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
1468     ASSERT(!structure()->hasGetterSetterProperties());
1469     ASSERT(!structure()->hasCustomGetterSetterProperties());
1470
1471     if (std::optional<uint32_t> index = parseIndex(propertyName))
1472         return putDirectIndex(exec, index.value(), value, 0, PutDirectIndexLikePutDirect);
1473
1474     return putDirectInternal<PutModePut>(exec->vm(), propertyName, value, 0, slot);
1475 }
1476
1477 inline bool JSObject::putDirect(VM& vm, PropertyName propertyName, JSValue value, unsigned attributes)
1478 {
1479     ASSERT(!value.isGetterSetter() && !(attributes & PropertyAttribute::Accessor));
1480     ASSERT(!value.isCustomGetterSetter());
1481     PutPropertySlot slot(this);
1482     return putDirectInternal<PutModeDefineOwnProperty>(vm, propertyName, value, attributes, slot);
1483 }
1484
1485 inline bool JSObject::putDirect(VM& vm, PropertyName propertyName, JSValue value, PutPropertySlot& slot)
1486 {
1487     ASSERT(!value.isGetterSetter());
1488     ASSERT(!value.isCustomGetterSetter());
1489     return putDirectInternal<PutModeDefineOwnProperty>(vm, propertyName, value, 0, slot);
1490 }
1491
1492 ALWAYS_INLINE JSObject* Register::object() const
1493 {
1494     return asObject(jsValue());
1495 }
1496
1497 ALWAYS_INLINE Register& Register::operator=(JSObject* object)
1498 {
1499     u.value = JSValue::encode(JSValue(object));
1500     return *this;
1501 }
1502
1503 inline size_t offsetInButterfly(PropertyOffset offset)
1504 {
1505     return offsetInOutOfLineStorage(offset) + Butterfly::indexOfPropertyStorage();
1506 }
1507
1508 inline size_t JSObject::butterflyPreCapacity()
1509 {
1510     if (UNLIKELY(hasIndexingHeader()))
1511         return butterfly()->indexingHeader()->preCapacity(structure());
1512     return 0;
1513 }
1514
1515 inline size_t JSObject::butterflyTotalSize()
1516 {
1517     Structure* structure = this->structure();
1518     Butterfly* butterfly = this->butterfly();
1519     size_t preCapacity;
1520     size_t indexingPayloadSizeInBytes;
1521     bool hasIndexingHeader = this->hasIndexingHeader();
1522
1523     if (UNLIKELY(hasIndexingHeader)) {
1524         preCapacity = butterfly->indexingHeader()->preCapacity(structure);
1525         indexingPayloadSizeInBytes = butterfly->indexingHeader()->indexingPayloadSizeInBytes(structure);
1526     } else {
1527         preCapacity = 0;
1528         indexingPayloadSizeInBytes = 0;
1529     }
1530
1531     return Butterfly::totalSize(preCapacity, structure->outOfLineCapacity(), hasIndexingHeader, indexingPayloadSizeInBytes);
1532 }
1533
1534 inline int indexRelativeToBase(PropertyOffset offset)
1535 {
1536     if (isOutOfLineOffset(offset))
1537         return offsetInOutOfLineStorage(offset) + Butterfly::indexOfPropertyStorage();
1538     ASSERT(!(JSObject::offsetOfInlineStorage() % sizeof(EncodedJSValue)));
1539     return JSObject::offsetOfInlineStorage() / sizeof(EncodedJSValue) + offsetInInlineStorage(offset);
1540 }
1541
1542 inline int offsetRelativeToBase(PropertyOffset offset)
1543 {
1544     if (isOutOfLineOffset(offset))
1545         return offsetInOutOfLineStorage(offset) * sizeof(EncodedJSValue) + Butterfly::offsetOfPropertyStorage();
1546     return JSObject::offsetOfInlineStorage() + offsetInInlineStorage(offset) * sizeof(EncodedJSValue);
1547 }
1548
1549 // Returns the maximum offset (away from zero) a load instruction will encode.
1550 inline size_t maxOffsetRelativeToBase(PropertyOffset offset)
1551 {
1552     ptrdiff_t addressOffset = offsetRelativeToBase(offset);
1553 #if USE(JSVALUE32_64)
1554     if (addressOffset >= 0)
1555         return static_cast<size_t>(addressOffset) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag);
1556 #endif
1557     return static_cast<size_t>(addressOffset);
1558 }
1559
1560 COMPILE_ASSERT(!(sizeof(JSObject) % sizeof(WriteBarrierBase<Unknown>)), JSObject_inline_storage_has_correct_alignment);
1561
1562 template<unsigned charactersCount>
1563 ALWAYS_INLINE Identifier makeIdentifier(VM& vm, const char (&characters)[charactersCount])
1564 {
1565     return Identifier::fromString(&vm, characters);
1566 }
1567
1568 ALWAYS_INLINE Identifier makeIdentifier(VM& vm, const char* name)
1569 {
1570     return Identifier::fromString(&vm, name);
1571 }
1572
1573 ALWAYS_INLINE Identifier makeIdentifier(VM&, const Identifier& name)
1574 {
1575     return name;
1576 }
1577
1578 bool validateAndApplyPropertyDescriptor(ExecState*, JSObject*, PropertyName, bool isExtensible,
1579     const PropertyDescriptor& descriptor, bool isCurrentDefined, const PropertyDescriptor& current, bool throwException);
1580
1581 JS_EXPORT_PRIVATE NEVER_INLINE bool ordinarySetSlow(ExecState*, JSObject*, PropertyName, JSValue, JSValue receiver, bool shouldThrow);
1582
1583 // Helper for defining native functions, if you're not using a static hash table.
1584 // Use this macro from within finishCreation() methods in prototypes. This assumes
1585 // you've defined variables called exec, globalObject, and vm, and they
1586 // have the expected meanings.
1587 #define JSC_NATIVE_INTRINSIC_FUNCTION(jsName, cppName, attributes, length, intrinsic) \
1588     putDirectNativeFunction(\
1589         vm, globalObject, makeIdentifier(vm, (jsName)), (length), cppName, \
1590         (intrinsic), (attributes))
1591
1592 #define JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(jsName, cppName, attributes, length, intrinsic) \
1593     putDirectNativeFunctionWithoutTransition(\
1594         vm, globalObject, makeIdentifier(vm, (jsName)), (length), cppName, \
1595         (intrinsic), (attributes))
1596
1597 // As above, but this assumes that the function you're defining doesn't have an
1598 // intrinsic.
1599 #define JSC_NATIVE_FUNCTION(jsName, cppName, attributes, length) \
1600     JSC_NATIVE_INTRINSIC_FUNCTION(jsName, cppName, (attributes), (length), NoIntrinsic)
1601
1602 #define JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(jsName, cppName, attributes, length) \
1603     JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(jsName, cppName, (attributes), (length), NoIntrinsic)
1604
1605 // Identical helpers but for builtins. Note that currently, we don't support builtins that are
1606 // also intrinsics, but we probably will do that eventually.
1607 #define JSC_BUILTIN_FUNCTION(jsName, generatorName, attributes) \
1608     putDirectBuiltinFunction(\
1609         vm, globalObject, makeIdentifier(vm, (jsName)), (generatorName)(vm), (attributes))
1610
1611 #define JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(jsName, generatorName, attributes) \
1612     putDirectBuiltinFunctionWithoutTransition(\
1613         vm, globalObject, makeIdentifier(vm, (jsName)), (generatorName)(vm), (attributes))
1614
1615 // Helper for defining native getters on properties.
1616 #define JSC_NATIVE_INTRINSIC_GETTER(jsName, cppName, attributes, intrinsic)  \
1617     putDirectNativeIntrinsicGetter(\
1618         vm, globalObject, makeIdentifier(vm, (jsName)), (cppName), \
1619         (intrinsic), ((attributes) | PropertyAttribute::Accessor))
1620
1621 #define JSC_NATIVE_GETTER(jsName, cppName, attributes) \
1622     JSC_NATIVE_INTRINSIC_GETTER((jsName), (cppName), (attributes), NoIntrinsic)
1623
1624 } // namespace JSC