c811235e914d2a4b2a25e6453055fe6901335a32
[WebKit-https.git] / Source / JavaScriptCore / runtime / JSObject.h
1 /*
2  *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
3  *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
4  *  Copyright (C) 2003-2018 Apple Inc. All rights reserved.
5  *
6  *  This library is free software; you can redistribute it and/or
7  *  modify it under the terms of the GNU Library General Public
8  *  License as published by the Free Software Foundation; either
9  *  version 2 of the License, or (at your option) any later version.
10  *
11  *  This library is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  *  Library General Public License for more details.
15  *
16  *  You should have received a copy of the GNU Library General Public License
17  *  along with this library; see the file COPYING.LIB.  If not, write to
18  *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
19  *  Boston, MA 02110-1301, USA.
20  *
21  */
22
23 #pragma once
24
25 #include "ArrayConventions.h"
26 #include "ArrayStorage.h"
27 #include "Butterfly.h"
28 #include "CPU.h"
29 #include "CagedBarrierPtr.h"
30 #include "CallFrame.h"
31 #include "ClassInfo.h"
32 #include "CustomGetterSetter.h"
33 #include "DOMAttributeGetterSetter.h"
34 #include "Heap.h"
35 #include "IndexingHeaderInlines.h"
36 #include "JSCast.h"
37 #include "ObjectInitializationScope.h"
38 #include "PropertySlot.h"
39 #include "PropertyStorage.h"
40 #include "PutDirectIndexMode.h"
41 #include "PutPropertySlot.h"
42 #include "Structure.h"
43 #include "StructureTransitionTable.h"
44 #include "VM.h"
45 #include "JSString.h"
46 #include "SparseArrayValueMap.h"
47 #include <wtf/StdLibExtras.h>
48
49 namespace JSC {
50 namespace DOMJIT {
51 class Signature;
52 }
53
54 inline JSCell* getJSFunction(JSValue value)
55 {
56     if (value.isCell() && (value.asCell()->type() == JSFunctionType))
57         return value.asCell();
58     return 0;
59 }
60
61 class GetterSetter;
62 class InternalFunction;
63 class JSFunction;
64 class LLIntOffsetsExtractor;
65 class MarkedBlock;
66 class PropertyDescriptor;
67 class PropertyNameArray;
68 class Structure;
69 class ThrowScope;
70 struct HashTable;
71 struct HashTableValue;
72
73 JS_EXPORT_PRIVATE JSObject* throwTypeError(ExecState*, ThrowScope&, const String&);
74 extern JS_EXPORT_PRIVATE const char* const NonExtensibleObjectPropertyDefineError;
75 extern JS_EXPORT_PRIVATE const char* const ReadonlyPropertyWriteError;
76 extern JS_EXPORT_PRIVATE const char* const ReadonlyPropertyChangeError;
77 extern JS_EXPORT_PRIVATE const char* const UnableToDeletePropertyError;
78 extern JS_EXPORT_PRIVATE const char* const UnconfigurablePropertyChangeAccessMechanismError;
79 extern JS_EXPORT_PRIVATE const char* const UnconfigurablePropertyChangeConfigurabilityError;
80 extern JS_EXPORT_PRIVATE const char* const UnconfigurablePropertyChangeEnumerabilityError;
81 extern JS_EXPORT_PRIVATE const char* const UnconfigurablePropertyChangeWritabilityError;
82
83 COMPILE_ASSERT(PropertyAttribute::None < FirstInternalAttribute, None_is_below_FirstInternalAttribute);
84 COMPILE_ASSERT(PropertyAttribute::ReadOnly < FirstInternalAttribute, ReadOnly_is_below_FirstInternalAttribute);
85 COMPILE_ASSERT(PropertyAttribute::DontEnum < FirstInternalAttribute, DontEnum_is_below_FirstInternalAttribute);
86 COMPILE_ASSERT(PropertyAttribute::DontDelete < FirstInternalAttribute, DontDelete_is_below_FirstInternalAttribute);
87 COMPILE_ASSERT(PropertyAttribute::Accessor < FirstInternalAttribute, Accessor_is_below_FirstInternalAttribute);
88
89 class JSFinalObject;
90
91 class JSObject : public JSCell {
92     friend class BatchedTransitionOptimizer;
93     friend class JIT;
94     friend class JSCell;
95     friend class JSFinalObject;
96     friend class MarkedBlock;
97     JS_EXPORT_PRIVATE friend bool setUpStaticFunctionSlot(VM&, const HashTableValue*, JSObject*, PropertyName, PropertySlot&);
98
99     enum PutMode {
100         PutModePut,
101         PutModeDefineOwnProperty,
102     };
103
104 public:
105     typedef JSCell Base;
106
107     template<typename>
108     static CompleteSubspace* subspaceFor(VM& vm)
109     {
110         return &vm.cellJSValueOOBSpace;
111     }
112
113     // This is a super dangerous method for JITs. Sometimes the JITs will want to create either a
114     // JSFinalObject or a JSArray. This is the method that will do that.
115     static JSObject* createRawObject(ExecState* exec, Structure* structure, Butterfly* = nullptr);
116
117     JS_EXPORT_PRIVATE static size_t estimatedSize(JSCell*);
118     JS_EXPORT_PRIVATE static void visitChildren(JSCell*, SlotVisitor&);
119     JS_EXPORT_PRIVATE static void heapSnapshot(JSCell*, HeapSnapshotBuilder&);
120
121     JS_EXPORT_PRIVATE static String className(const JSObject*);
122     JS_EXPORT_PRIVATE static String calculatedClassName(JSObject*);
123
124     // This function is what Object.prototype.toString() will use to get the name of
125     // an object when using Symbol.toStringTag fails. For the most part there is no
126     // difference between this and className(). The main use case is for new JS language
127     // objects to set the default tag to "Object".
128     JS_EXPORT_PRIVATE static String toStringName(const JSObject*, ExecState*);
129
130     // This is the fully virtual [[GetPrototypeOf]] internal function defined
131     // in the ECMAScript 6 specification. Use this when doing a [[GetPrototypeOf]] 
132     // operation as dictated in the specification.
133     JSValue getPrototype(VM&, ExecState*);
134     JS_EXPORT_PRIVATE static JSValue getPrototype(JSObject*, ExecState*);
135     // This gets the prototype directly off of the structure. This does not do
136     // dynamic dispatch on the getPrototype method table method. It is not valid 
137     // to use this when performing a [[GetPrototypeOf]] operation in the specification.
138     // It is valid to use though when you know that you want to directly get it
139     // without consulting the method table. This is akin to getting the [[Prototype]]
140     // internal field directly as described in the specification.
141     JSValue getPrototypeDirect(VM&) const;
142
143     // This sets the prototype without checking for cycles and without
144     // doing dynamic dispatch on [[SetPrototypeOf]] operation in the specification.
145     // It is not valid to use this when performing a [[SetPrototypeOf]] operation in
146     // the specification. It is valid to use though when you know that you want to directly
147     // set it without consulting the method table and when you definitely won't
148     // introduce a cycle in the prototype chain. This is akin to setting the
149     // [[Prototype]] internal field directly as described in the specification.
150     JS_EXPORT_PRIVATE void setPrototypeDirect(VM&, JSValue prototype);
151 private:
152     // This is OrdinarySetPrototypeOf in the specification. Section 9.1.2.1
153     // https://tc39.github.io/ecma262/#sec-ordinarysetprototypeof
154     JS_EXPORT_PRIVATE bool setPrototypeWithCycleCheck(VM&, ExecState*, JSValue prototype, bool shouldThrowIfCantSet);
155 public:
156     // This is the fully virtual [[SetPrototypeOf]] internal function defined
157     // in the ECMAScript 6 specification. Use this when doing a [[SetPrototypeOf]] 
158     // operation as dictated in the specification.
159     bool setPrototype(VM&, ExecState*, JSValue prototype, bool shouldThrowIfCantSet = false);
160     JS_EXPORT_PRIVATE static bool setPrototype(JSObject*, ExecState*, JSValue prototype, bool shouldThrowIfCantSet);
161         
162     bool mayInterceptIndexedAccesses()
163     {
164         return structure()->mayInterceptIndexedAccesses();
165     }
166         
167     JSValue get(ExecState*, PropertyName) const;
168     JSValue get(ExecState*, unsigned propertyName) const;
169
170     bool getPropertySlot(ExecState*, PropertyName, PropertySlot&);
171     bool getPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
172     template<typename CallbackWhenNoException> typename std::result_of<CallbackWhenNoException(bool, PropertySlot&)>::type getPropertySlot(ExecState*, PropertyName, CallbackWhenNoException) const;
173     template<typename CallbackWhenNoException> typename std::result_of<CallbackWhenNoException(bool, PropertySlot&)>::type getPropertySlot(ExecState*, PropertyName, PropertySlot&, CallbackWhenNoException) const;
174
175     static bool getOwnPropertySlot(JSObject*, ExecState*, PropertyName, PropertySlot&);
176     JS_EXPORT_PRIVATE static bool getOwnPropertySlotByIndex(JSObject*, ExecState*, unsigned propertyName, PropertySlot&);
177     bool getOwnPropertySlotInline(ExecState*, PropertyName, PropertySlot&);
178
179     // The key difference between this and getOwnPropertySlot is that getOwnPropertySlot
180     // currently returns incorrect results for the DOM window (with non-own properties)
181     // being returned. Once this is fixed we should migrate code & remove this method.
182     JS_EXPORT_PRIVATE bool getOwnPropertyDescriptor(ExecState*, PropertyName, PropertyDescriptor&);
183
184     unsigned getArrayLength() const
185     {
186         if (!hasIndexedProperties(indexingType()))
187             return 0;
188         return m_butterfly->publicLength();
189     }
190         
191     unsigned getVectorLength()
192     {
193         if (!hasIndexedProperties(indexingType()))
194             return 0;
195         return m_butterfly->vectorLength();
196     }
197     
198     static bool putInlineForJSObject(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&);
199     
200     JS_EXPORT_PRIVATE static bool put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&);
201     // putByIndex assumes that the receiver is this JSCell object.
202     JS_EXPORT_PRIVATE static bool putByIndex(JSCell*, ExecState*, unsigned propertyName, JSValue, bool shouldThrow);
203         
204     // This performs the ECMAScript Set() operation.
205     ALWAYS_INLINE bool putByIndexInline(ExecState* exec, unsigned propertyName, JSValue value, bool shouldThrow)
206     {
207         if (canSetIndexQuickly(propertyName)) {
208             setIndexQuickly(exec->vm(), propertyName, value);
209             return true;
210         }
211         return methodTable(exec->vm())->putByIndex(this, exec, propertyName, value, shouldThrow);
212     }
213         
214     // This is similar to the putDirect* methods:
215     //  - the prototype chain is not consulted
216     //  - accessors are not called.
217     //  - it will ignore extensibility and read-only properties if PutDirectIndexLikePutDirect is passed as the mode (the default).
218     // This method creates a property with attributes writable, enumerable and configurable all set to true if attributes is zero,
219     // otherwise, it creates a property with the provided attributes. Semantically, this is performing defineOwnProperty.
220     bool putDirectIndex(ExecState* exec, unsigned propertyName, JSValue value, unsigned attributes, PutDirectIndexMode mode)
221     {
222         auto canSetIndexQuicklyForPutDirect = [&] () -> bool {
223             switch (indexingType()) {
224             case ALL_BLANK_INDEXING_TYPES:
225             case ALL_UNDECIDED_INDEXING_TYPES:
226                 return false;
227             case ALL_INT32_INDEXING_TYPES:
228             case ALL_DOUBLE_INDEXING_TYPES:
229             case ALL_CONTIGUOUS_INDEXING_TYPES:
230             case ALL_ARRAY_STORAGE_INDEXING_TYPES:
231                 return propertyName < m_butterfly->vectorLength();
232             default:
233                 RELEASE_ASSERT_NOT_REACHED();
234                 return false;
235             }
236         };
237         
238         if (!attributes && canSetIndexQuicklyForPutDirect()) {
239             setIndexQuickly(exec->vm(), propertyName, value);
240             return true;
241         }
242         return putDirectIndexSlowOrBeyondVectorLength(exec, propertyName, value, attributes, mode);
243     }
244     // This is semantically equivalent to performing defineOwnProperty(propertyName, {configurable:true, writable:true, enumerable:true, value:value}).
245     bool putDirectIndex(ExecState* exec, unsigned propertyName, JSValue value)
246     {
247         return putDirectIndex(exec, propertyName, value, 0, PutDirectIndexLikePutDirect);
248     }
249
250     // A generally non-throwing version of putDirect and putDirectIndex.
251     // However, it's only guaranteed to not throw based on what the receiver is.
252     // For example, if the receiver is a ProxyObject, this is not guaranteed, since
253     // it may call into arbitrary JS code. It's the responsibility of the user of
254     // this API to ensure that the receiver object is a well known type if they
255     // want to ensure that this won't throw an exception.
256     JS_EXPORT_PRIVATE bool putDirectMayBeIndex(ExecState*, PropertyName, JSValue);
257         
258     bool hasIndexingHeader() const
259     {
260         return structure()->hasIndexingHeader(this);
261     }
262     
263     bool canGetIndexQuickly(unsigned i)
264     {
265         Butterfly* butterfly = this->butterfly();
266         switch (indexingType()) {
267         case ALL_BLANK_INDEXING_TYPES:
268         case ALL_UNDECIDED_INDEXING_TYPES:
269             return false;
270         case ALL_INT32_INDEXING_TYPES:
271         case ALL_CONTIGUOUS_INDEXING_TYPES:
272             return i < butterfly->vectorLength() && butterfly->contiguous().at(i);
273         case ALL_DOUBLE_INDEXING_TYPES: {
274             if (i >= butterfly->vectorLength())
275                 return false;
276             double value = butterfly->contiguousDouble().at(i);
277             if (value != value)
278                 return false;
279             return true;
280         }
281         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
282             return i < butterfly->arrayStorage()->vectorLength() && butterfly->arrayStorage()->m_vector[i];
283         default:
284             RELEASE_ASSERT_NOT_REACHED();
285             return false;
286         }
287     }
288         
289     JSValue getIndexQuickly(unsigned i)
290     {
291         Butterfly* butterfly = this->butterfly();
292         switch (indexingType()) {
293         case ALL_INT32_INDEXING_TYPES:
294             return jsNumber(butterfly->contiguous().at(i).get().asInt32());
295         case ALL_CONTIGUOUS_INDEXING_TYPES:
296             return butterfly->contiguous().at(i).get();
297         case ALL_DOUBLE_INDEXING_TYPES:
298             return JSValue(JSValue::EncodeAsDouble, butterfly->contiguousDouble().at(i));
299         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
300             return butterfly->arrayStorage()->m_vector[i].get();
301         default:
302             RELEASE_ASSERT_NOT_REACHED();
303             return JSValue();
304         }
305     }
306         
307     JSValue tryGetIndexQuickly(unsigned i) const
308     {
309         Butterfly* butterfly = const_cast<JSObject*>(this)->butterfly();
310         switch (indexingType()) {
311         case ALL_BLANK_INDEXING_TYPES:
312         case ALL_UNDECIDED_INDEXING_TYPES:
313             break;
314         case ALL_INT32_INDEXING_TYPES:
315             if (i < butterfly->publicLength()) {
316                 JSValue result = butterfly->contiguous().at(i).get();
317                 ASSERT(result.isInt32() || !result);
318                 return result;
319             }
320             break;
321         case ALL_CONTIGUOUS_INDEXING_TYPES:
322             if (i < butterfly->publicLength())
323                 return butterfly->contiguous().at(i).get();
324             break;
325         case ALL_DOUBLE_INDEXING_TYPES: {
326             if (i >= butterfly->publicLength())
327                 break;
328             double result = butterfly->contiguousDouble().at(i);
329             if (result != result)
330                 break;
331             return JSValue(JSValue::EncodeAsDouble, result);
332         }
333         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
334             if (i < butterfly->arrayStorage()->vectorLength())
335                 return butterfly->arrayStorage()->m_vector[i].get();
336             break;
337         default:
338             RELEASE_ASSERT_NOT_REACHED();
339             break;
340         }
341         return JSValue();
342     }
343         
344     JSValue getDirectIndex(ExecState* exec, unsigned i)
345     {
346         if (JSValue result = tryGetIndexQuickly(i))
347             return result;
348         PropertySlot slot(this, PropertySlot::InternalMethodType::Get);
349         if (methodTable(exec->vm())->getOwnPropertySlotByIndex(this, exec, i, slot))
350             return slot.getValue(exec, i);
351         return JSValue();
352     }
353         
354     JSValue getIndex(ExecState* exec, unsigned i) const
355     {
356         if (JSValue result = tryGetIndexQuickly(i))
357             return result;
358         return get(exec, i);
359     }
360         
361     bool canSetIndexQuickly(unsigned i)
362     {
363         Butterfly* butterfly = this->butterfly();
364         switch (indexingType()) {
365         case ALL_BLANK_INDEXING_TYPES:
366         case ALL_UNDECIDED_INDEXING_TYPES:
367             return false;
368         case ALL_INT32_INDEXING_TYPES:
369         case ALL_DOUBLE_INDEXING_TYPES:
370         case ALL_CONTIGUOUS_INDEXING_TYPES:
371         case NonArrayWithArrayStorage:
372         case ArrayWithArrayStorage:
373             return i < butterfly->vectorLength();
374         case NonArrayWithSlowPutArrayStorage:
375         case ArrayWithSlowPutArrayStorage:
376             return i < butterfly->arrayStorage()->vectorLength()
377                 && !!butterfly->arrayStorage()->m_vector[i];
378         default:
379             RELEASE_ASSERT_NOT_REACHED();
380             return false;
381         }
382     }
383         
384     void setIndexQuickly(VM& vm, unsigned i, JSValue v)
385     {
386         Butterfly* butterfly = m_butterfly.get();
387         switch (indexingType()) {
388         case ALL_INT32_INDEXING_TYPES: {
389             ASSERT(i < butterfly->vectorLength());
390             if (!v.isInt32()) {
391                 convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(vm, i, v);
392                 return;
393             }
394             FALLTHROUGH;
395         }
396         case ALL_CONTIGUOUS_INDEXING_TYPES: {
397             ASSERT(i < butterfly->vectorLength());
398             butterfly->contiguous().at(i).set(vm, this, v);
399             if (i >= butterfly->publicLength())
400                 butterfly->setPublicLength(i + 1);
401             break;
402         }
403         case ALL_DOUBLE_INDEXING_TYPES: {
404             ASSERT(i < butterfly->vectorLength());
405             if (!v.isNumber()) {
406                 convertDoubleToContiguousWhilePerformingSetIndex(vm, i, v);
407                 return;
408             }
409             double value = v.asNumber();
410             if (value != value) {
411                 convertDoubleToContiguousWhilePerformingSetIndex(vm, i, v);
412                 return;
413             }
414             butterfly->contiguousDouble().at(i) = value;
415             if (i >= butterfly->publicLength())
416                 butterfly->setPublicLength(i + 1);
417             break;
418         }
419         case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
420             ArrayStorage* storage = butterfly->arrayStorage();
421             WriteBarrier<Unknown>& x = storage->m_vector[i];
422             JSValue old = x.get();
423             x.set(vm, this, v);
424             if (!old) {
425                 ++storage->m_numValuesInVector;
426                 if (i >= storage->length())
427                     storage->setLength(i + 1);
428             }
429             break;
430         }
431         default:
432             RELEASE_ASSERT_NOT_REACHED();
433         }
434     }
435
436     void initializeIndex(ObjectInitializationScope& scope, unsigned i, JSValue v)
437     {
438         initializeIndex(scope, i, v, indexingType());
439     }
440
441     // NOTE: Clients of this method may call it more than once for any index, and this is supposed
442     // to work.
443     ALWAYS_INLINE void initializeIndex(ObjectInitializationScope& scope, unsigned i, JSValue v, IndexingType indexingType)
444     {
445         VM& vm = scope.vm();
446         Butterfly* butterfly = m_butterfly.get();
447         switch (indexingType) {
448         case ALL_UNDECIDED_INDEXING_TYPES: {
449             setIndexQuicklyToUndecided(vm, i, v);
450             break;
451         }
452         case ALL_INT32_INDEXING_TYPES: {
453             ASSERT(i < butterfly->publicLength());
454             ASSERT(i < butterfly->vectorLength());
455             if (!v.isInt32()) {
456                 convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(vm, i, v);
457                 break;
458             }
459             FALLTHROUGH;
460         }
461         case ALL_CONTIGUOUS_INDEXING_TYPES: {
462             ASSERT(i < butterfly->publicLength());
463             ASSERT(i < butterfly->vectorLength());
464             butterfly->contiguous().at(i).set(vm, this, v);
465             break;
466         }
467         case ALL_DOUBLE_INDEXING_TYPES: {
468             ASSERT(i < butterfly->publicLength());
469             ASSERT(i < butterfly->vectorLength());
470             if (!v.isNumber()) {
471                 convertDoubleToContiguousWhilePerformingSetIndex(vm, i, v);
472                 return;
473             }
474             double value = v.asNumber();
475             if (value != value) {
476                 convertDoubleToContiguousWhilePerformingSetIndex(vm, i, v);
477                 return;
478             }
479             butterfly->contiguousDouble().at(i) = value;
480             break;
481         }
482         case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
483             ArrayStorage* storage = butterfly->arrayStorage();
484             ASSERT(i < storage->length());
485             ASSERT(i < storage->m_numValuesInVector);
486             storage->m_vector[i].set(vm, this, v);
487             break;
488         }
489         default:
490             RELEASE_ASSERT_NOT_REACHED();
491         }
492     }
493         
494     void initializeIndexWithoutBarrier(ObjectInitializationScope& scope, unsigned i, JSValue v)
495     {
496         initializeIndexWithoutBarrier(scope, i, v, indexingType());
497     }
498
499     // This version of initializeIndex is for cases where you know that you will not need any
500     // barriers. This implies not having any data format conversions.
501     ALWAYS_INLINE void initializeIndexWithoutBarrier(ObjectInitializationScope&, unsigned i, JSValue v, IndexingType indexingType)
502     {
503         Butterfly* butterfly = m_butterfly.get();
504         switch (indexingType) {
505         case ALL_UNDECIDED_INDEXING_TYPES: {
506             RELEASE_ASSERT_NOT_REACHED();
507             break;
508         }
509         case ALL_INT32_INDEXING_TYPES: {
510             ASSERT(i < butterfly->publicLength());
511             ASSERT(i < butterfly->vectorLength());
512             RELEASE_ASSERT(v.isInt32());
513             FALLTHROUGH;
514         }
515         case ALL_CONTIGUOUS_INDEXING_TYPES: {
516             ASSERT(i < butterfly->publicLength());
517             ASSERT(i < butterfly->vectorLength());
518             butterfly->contiguous().at(i).setWithoutWriteBarrier(v);
519             break;
520         }
521         case ALL_DOUBLE_INDEXING_TYPES: {
522             ASSERT(i < butterfly->publicLength());
523             ASSERT(i < butterfly->vectorLength());
524             RELEASE_ASSERT(v.isNumber());
525             double value = v.asNumber();
526             RELEASE_ASSERT(value == value);
527             butterfly->contiguousDouble().at(i) = value;
528             break;
529         }
530         case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
531             ArrayStorage* storage = butterfly->arrayStorage();
532             ASSERT(i < storage->length());
533             ASSERT(i < storage->m_numValuesInVector);
534             storage->m_vector[i].setWithoutWriteBarrier(v);
535             break;
536         }
537         default:
538             RELEASE_ASSERT_NOT_REACHED();
539         }
540     }
541         
542     bool hasSparseMap()
543     {
544         switch (indexingType()) {
545         case ALL_BLANK_INDEXING_TYPES:
546         case ALL_UNDECIDED_INDEXING_TYPES:
547         case ALL_INT32_INDEXING_TYPES:
548         case ALL_DOUBLE_INDEXING_TYPES:
549         case ALL_CONTIGUOUS_INDEXING_TYPES:
550             return false;
551         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
552             return !!m_butterfly->arrayStorage()->m_sparseMap;
553         default:
554             RELEASE_ASSERT_NOT_REACHED();
555             return false;
556         }
557     }
558         
559     bool inSparseIndexingMode()
560     {
561         switch (indexingType()) {
562         case ALL_BLANK_INDEXING_TYPES:
563         case ALL_UNDECIDED_INDEXING_TYPES:
564         case ALL_INT32_INDEXING_TYPES:
565         case ALL_DOUBLE_INDEXING_TYPES:
566         case ALL_CONTIGUOUS_INDEXING_TYPES:
567             return false;
568         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
569             return m_butterfly->arrayStorage()->inSparseMode();
570         default:
571             RELEASE_ASSERT_NOT_REACHED();
572             return false;
573         }
574     }
575         
576     void enterDictionaryIndexingMode(VM&);
577
578     // putDirect is effectively an unchecked vesion of 'defineOwnProperty':
579     //  - the prototype chain is not consulted
580     //  - accessors are not called.
581     //  - attributes will be respected (after the call the property will exist with the given attributes)
582     //  - the property name is assumed to not be an index.
583     bool putDirect(VM&, PropertyName, JSValue, unsigned attributes = 0);
584     bool putDirect(VM&, PropertyName, JSValue, PutPropertySlot&);
585     void putDirectWithoutTransition(VM&, PropertyName, JSValue, unsigned attributes = 0);
586     bool putDirectNonIndexAccessor(VM&, PropertyName, GetterSetter*, unsigned attributes);
587     bool putDirectAccessor(ExecState*, PropertyName, GetterSetter*, unsigned attributes);
588     JS_EXPORT_PRIVATE bool putDirectCustomAccessor(VM&, PropertyName, JSValue, unsigned attributes);
589
590     bool putGetter(ExecState*, PropertyName, JSValue, unsigned attributes);
591     bool putSetter(ExecState*, PropertyName, JSValue, unsigned attributes);
592
593     JS_EXPORT_PRIVATE bool hasProperty(ExecState*, PropertyName) const;
594     JS_EXPORT_PRIVATE bool hasProperty(ExecState*, unsigned propertyName) const;
595     bool hasPropertyGeneric(ExecState*, PropertyName, PropertySlot::InternalMethodType) const;
596     bool hasPropertyGeneric(ExecState*, unsigned propertyName, PropertySlot::InternalMethodType) const;
597     bool hasOwnProperty(ExecState*, PropertyName, PropertySlot&) const;
598     bool hasOwnProperty(ExecState*, PropertyName) const;
599     bool hasOwnProperty(ExecState*, unsigned) const;
600
601     JS_EXPORT_PRIVATE static bool deleteProperty(JSCell*, ExecState*, PropertyName);
602     JS_EXPORT_PRIVATE static bool deletePropertyByIndex(JSCell*, ExecState*, unsigned propertyName);
603
604     JS_EXPORT_PRIVATE static JSValue defaultValue(const JSObject*, ExecState*, PreferredPrimitiveType);
605     JSValue ordinaryToPrimitive(ExecState*, PreferredPrimitiveType) const;
606
607     JS_EXPORT_PRIVATE bool hasInstance(ExecState*, JSValue value, JSValue hasInstanceValue);
608     JS_EXPORT_PRIVATE bool hasInstance(ExecState*, JSValue);
609     static bool defaultHasInstance(ExecState*, JSValue, JSValue prototypeProperty);
610
611     JS_EXPORT_PRIVATE static void getOwnPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
612     JS_EXPORT_PRIVATE static void getOwnNonIndexPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
613     JS_EXPORT_PRIVATE static void getPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
614
615     JS_EXPORT_PRIVATE static uint32_t getEnumerableLength(ExecState*, JSObject*);
616     JS_EXPORT_PRIVATE static void getStructurePropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
617     JS_EXPORT_PRIVATE static void getGenericPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
618
619     JS_EXPORT_PRIVATE JSValue toPrimitive(ExecState*, PreferredPrimitiveType = NoPreference) const;
620     bool getPrimitiveNumber(ExecState*, double& number, JSValue&) const;
621     JS_EXPORT_PRIVATE double toNumber(ExecState*) const;
622     JS_EXPORT_PRIVATE JSString* toString(ExecState*) const;
623
624     JS_EXPORT_PRIVATE static JSValue toThis(JSCell*, ExecState*, ECMAMode);
625
626     // This get function only looks at the property map.
627     JSValue getDirect(VM& vm, PropertyName propertyName) const
628     {
629         Structure* structure = this->structure(vm);
630         PropertyOffset offset = structure->get(vm, propertyName);
631         checkOffset(offset, structure->inlineCapacity());
632         return offset != invalidOffset ? getDirect(offset) : JSValue();
633     }
634     
635     JSValue getDirect(VM& vm, PropertyName propertyName, unsigned& attributes) const
636     {
637         Structure* structure = this->structure(vm);
638         PropertyOffset offset = structure->get(vm, propertyName, attributes);
639         checkOffset(offset, structure->inlineCapacity());
640         return offset != invalidOffset ? getDirect(offset) : JSValue();
641     }
642
643     PropertyOffset getDirectOffset(VM& vm, PropertyName propertyName)
644     {
645         Structure* structure = this->structure(vm);
646         PropertyOffset offset = structure->get(vm, propertyName);
647         checkOffset(offset, structure->inlineCapacity());
648         return offset;
649     }
650
651     PropertyOffset getDirectOffset(VM& vm, PropertyName propertyName, unsigned& attributes)
652     {
653         Structure* structure = this->structure(vm);
654         PropertyOffset offset = structure->get(vm, propertyName, attributes);
655         checkOffset(offset, structure->inlineCapacity());
656         return offset;
657     }
658
659     bool hasInlineStorage() const { return structure()->hasInlineStorage(); }
660     ConstPropertyStorage inlineStorageUnsafe() const
661     {
662         return bitwise_cast<ConstPropertyStorage>(this + 1);
663     }
664     PropertyStorage inlineStorageUnsafe()
665     {
666         return bitwise_cast<PropertyStorage>(this + 1);
667     }
668     ConstPropertyStorage inlineStorage() const
669     {
670         ASSERT(hasInlineStorage());
671         return inlineStorageUnsafe();
672     }
673     PropertyStorage inlineStorage()
674     {
675         ASSERT(hasInlineStorage());
676         return inlineStorageUnsafe();
677     }
678         
679     const Butterfly* butterfly() const { return m_butterfly.get(); }
680     Butterfly* butterfly() { return m_butterfly.get(); }
681     
682     ConstPropertyStorage outOfLineStorage() const { return m_butterfly->propertyStorage(); }
683     PropertyStorage outOfLineStorage() { return m_butterfly->propertyStorage(); }
684
685     ALWAYS_INLINE const WriteBarrierBase<Unknown>* locationForOffset(PropertyOffset offset) const
686     {
687         if (isInlineOffset(offset))
688             return &inlineStorage()[offsetInInlineStorage(offset)];
689         return &outOfLineStorage()[offsetInOutOfLineStorage(offset)];
690     }
691
692     ALWAYS_INLINE WriteBarrierBase<Unknown>* locationForOffset(PropertyOffset offset)
693     {
694         if (isInlineOffset(offset))
695             return &inlineStorage()[offsetInInlineStorage(offset)];
696         return &outOfLineStorage()[offsetInOutOfLineStorage(offset)];
697     }
698
699     void transitionTo(VM&, Structure*);
700
701     bool hasCustomProperties() { return structure()->didTransition(); }
702     bool hasGetterSetterProperties() { return structure()->hasGetterSetterProperties(); }
703     bool hasCustomGetterSetterProperties() { return structure()->hasCustomGetterSetterProperties(); }
704
705     // putOwnDataProperty has 'put' like semantics, however this method:
706     //  - assumes the object contains no own getter/setter properties.
707     //  - provides no special handling for __proto__
708     //  - does not walk the prototype chain (to check for accessors or non-writable properties).
709     // This is used by JSLexicalEnvironment.
710     bool putOwnDataProperty(VM&, PropertyName, JSValue, PutPropertySlot&);
711     bool putOwnDataPropertyMayBeIndex(ExecState*, PropertyName, JSValue, PutPropertySlot&);
712
713     // Fast access to known property offsets.
714     ALWAYS_INLINE JSValue getDirect(PropertyOffset offset) const { return locationForOffset(offset)->get(); }
715     void putDirect(VM& vm, PropertyOffset offset, JSValue value) { locationForOffset(offset)->set(vm, this, value); }
716     void putDirectWithoutBarrier(PropertyOffset offset, JSValue value) { locationForOffset(offset)->setWithoutWriteBarrier(value); }
717     void putDirectUndefined(PropertyOffset offset) { locationForOffset(offset)->setUndefined(); }
718
719     JS_EXPORT_PRIVATE bool putDirectNativeIntrinsicGetter(VM&, JSGlobalObject*, Identifier, NativeFunction, Intrinsic, unsigned attributes);
720     JS_EXPORT_PRIVATE bool putDirectNativeFunction(VM&, JSGlobalObject*, const PropertyName&, unsigned functionLength, NativeFunction, Intrinsic, unsigned attributes);
721     JS_EXPORT_PRIVATE bool putDirectNativeFunction(VM&, JSGlobalObject*, const PropertyName&, unsigned functionLength, NativeFunction, Intrinsic, const DOMJIT::Signature*, unsigned attributes);
722     JS_EXPORT_PRIVATE void putDirectNativeFunctionWithoutTransition(VM&, JSGlobalObject*, const PropertyName&, unsigned functionLength, NativeFunction, Intrinsic, unsigned attributes);
723
724     JS_EXPORT_PRIVATE JSFunction* putDirectBuiltinFunction(VM&, JSGlobalObject*, const PropertyName&, FunctionExecutable*, unsigned attributes);
725     JSFunction* putDirectBuiltinFunctionWithoutTransition(VM&, JSGlobalObject*, const PropertyName&, FunctionExecutable*, unsigned attributes);
726
727     JS_EXPORT_PRIVATE static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, const PropertyDescriptor&, bool shouldThrow);
728
729     bool isEnvironment() const;
730     bool isGlobalObject() const;
731     bool isJSLexicalEnvironment() const;
732     bool isGlobalLexicalEnvironment() const;
733     bool isStrictEvalActivation() const;
734     bool isWithScope() const;
735
736     bool isErrorInstance() const;
737
738     JS_EXPORT_PRIVATE void seal(VM&);
739     JS_EXPORT_PRIVATE void freeze(VM&);
740     JS_EXPORT_PRIVATE static bool preventExtensions(JSObject*, ExecState*);
741     JS_EXPORT_PRIVATE static bool isExtensible(JSObject*, ExecState*);
742     bool isSealed(VM& vm) { return structure(vm)->isSealed(vm); }
743     bool isFrozen(VM& vm) { return structure(vm)->isFrozen(vm); }
744
745     bool anyObjectInChainMayInterceptIndexedAccesses() const;
746     JS_EXPORT_PRIVATE bool prototypeChainMayInterceptStoreTo(VM&, PropertyName);
747     bool needsSlowPutIndexing() const;
748     NonPropertyTransition suggestedArrayStorageTransition() const;
749
750 private:
751     ALWAYS_INLINE bool isExtensibleImpl() { return isStructureExtensible(); }
752 public:
753     // You should only call isStructureExtensible() when:
754     // - Performing this check in a way that isn't described in the specification 
755     //   as calling the virtual [[IsExtensible]] trap.
756     // - When you're guaranteed that object->methodTable()->isExtensible isn't
757     //   overridden.
758     ALWAYS_INLINE bool isStructureExtensible() { return structure()->isStructureExtensible(); }
759     // You should call this when performing [[IsExtensible]] trap in a place
760     // that is described in the specification. This performs the fully virtual
761     // [[IsExtensible]] trap.
762     bool isExtensible(ExecState*);
763     bool indexingShouldBeSparse()
764     {
765         return !isStructureExtensible()
766             || structure()->typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero();
767     }
768
769     bool staticPropertiesReified() { return structure()->staticPropertiesReified(); }
770     void reifyAllStaticProperties(ExecState*);
771
772     JS_EXPORT_PRIVATE Butterfly* allocateMoreOutOfLineStorage(VM&, size_t oldSize, size_t newSize);
773
774     // Call this when you do not need to change the structure.
775     void setButterfly(VM&, Butterfly*);
776     
777     // Call this if you do need to change the structure, or if you changed something about a structure
778     // in-place.
779     void nukeStructureAndSetButterfly(VM&, StructureID oldStructureID, Butterfly*);
780
781     void setStructure(VM&, Structure*);
782
783     JS_EXPORT_PRIVATE void convertToDictionary(VM&);
784
785     void flattenDictionaryObject(VM& vm)
786     {
787         structure(vm)->flattenDictionaryStructure(vm, this);
788     }
789     void shiftButterflyAfterFlattening(const GCSafeConcurrentJSLocker&, VM&, Structure* structure, size_t outOfLineCapacityAfter);
790
791     JSGlobalObject* globalObject() const
792     {
793         ASSERT(structure()->globalObject());
794         ASSERT(!isGlobalObject() || ((JSObject*)structure()->globalObject()) == this);
795         return structure()->globalObject();
796     }
797         
798     JSGlobalObject* globalObject(VM& vm) const
799     {
800         ASSERT(structure(vm)->globalObject());
801         ASSERT(!isGlobalObject() || ((JSObject*)structure()->globalObject()) == this);
802         return structure(vm)->globalObject();
803     }
804         
805     void switchToSlowPutArrayStorage(VM&);
806         
807     // The receiver is the prototype in this case. The following:
808     //
809     // asObject(foo->structure()->storedPrototype())->attemptToInterceptPutByIndexOnHoleForPrototype(...)
810     //
811     // is equivalent to:
812     //
813     // foo->attemptToInterceptPutByIndexOnHole(...);
814     bool attemptToInterceptPutByIndexOnHoleForPrototype(ExecState*, JSValue thisValue, unsigned propertyName, JSValue, bool shouldThrow, bool& putResult);
815         
816     // Returns 0 if int32 storage cannot be created - either because
817     // indexing should be sparse, we're having a bad time, or because
818     // we already have a more general form of storage (double,
819     // contiguous, array storage).
820     ContiguousJSValues ensureInt32(VM& vm)
821     {
822         if (LIKELY(hasInt32(indexingType())))
823             return m_butterfly->contiguousInt32();
824             
825         return ensureInt32Slow(vm);
826     }
827         
828     // Returns 0 if double storage cannot be created - either because
829     // indexing should be sparse, we're having a bad time, or because
830     // we already have a more general form of storage (contiguous,
831     // or array storage).
832     ContiguousDoubles ensureDouble(VM& vm)
833     {
834         if (LIKELY(hasDouble(indexingType())))
835             return m_butterfly->contiguousDouble();
836             
837         return ensureDoubleSlow(vm);
838     }
839         
840     // Returns 0 if contiguous storage cannot be created - either because
841     // indexing should be sparse or because we're having a bad time.
842     ContiguousJSValues ensureContiguous(VM& vm)
843     {
844         if (LIKELY(hasContiguous(indexingType())))
845             return m_butterfly->contiguous();
846             
847         return ensureContiguousSlow(vm);
848     }
849
850     // Ensure that the object is in a mode where it has array storage. Use
851     // this if you're about to perform actions that would have required the
852     // object to be converted to have array storage, if it didn't have it
853     // already.
854     ArrayStorage* ensureArrayStorage(VM& vm)
855     {
856         if (LIKELY(hasAnyArrayStorage(indexingType())))
857             return m_butterfly->arrayStorage();
858
859         return ensureArrayStorageSlow(vm);
860     }
861         
862     static size_t offsetOfInlineStorage();
863         
864     static ptrdiff_t butterflyOffset()
865     {
866         return OBJECT_OFFSETOF(JSObject, m_butterfly);
867     }
868     void* butterflyAddress()
869     {
870         return &m_butterfly;
871     }
872
873     JS_EXPORT_PRIVATE JSValue getMethod(ExecState*, CallData&, CallType&, const Identifier&, const String& errorMessage);
874
875     bool canPerformFastPutInline(VM&, PropertyName);
876     bool canPerformFastPutInlineExcludingProto(VM&);
877
878     DECLARE_EXPORT_INFO;
879
880 protected:
881     void finishCreation(VM& vm)
882     {
883         Base::finishCreation(vm);
884         ASSERT(jsDynamicCast<JSObject*>(vm, this));
885         ASSERT(structure()->hasPolyProto() || getPrototypeDirect(vm).isNull() || Heap::heap(this) == Heap::heap(getPrototypeDirect(vm)));
886         ASSERT(structure()->isObject());
887         ASSERT(classInfo(vm));
888     }
889
890     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
891     {
892         return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
893     }
894
895     // To instantiate objects you likely want JSFinalObject, below.
896     // To create derived types you likely want JSNonFinalObject, below.
897     JSObject(VM&, Structure*, Butterfly* = nullptr);
898     
899     // Visits the butterfly unless there is a race. Returns the structure if there was no race.
900     Structure* visitButterfly(SlotVisitor&);
901     
902     Structure* visitButterflyImpl(SlotVisitor&);
903     
904     void markAuxiliaryAndVisitOutOfLineProperties(SlotVisitor&, Butterfly*, Structure*, PropertyOffset lastOffset);
905
906     // Call this if you know that the object is in a mode where it has array
907     // storage. This will assert otherwise.
908     ArrayStorage* arrayStorage()
909     {
910         ASSERT(hasAnyArrayStorage(indexingType()));
911         return m_butterfly->arrayStorage();
912     }
913         
914     // Call this if you want to predicate some actions on whether or not the
915     // object is in a mode where it has array storage.
916     ArrayStorage* arrayStorageOrNull()
917     {
918         switch (indexingType()) {
919         case ALL_ARRAY_STORAGE_INDEXING_TYPES:
920             return m_butterfly->arrayStorage();
921                 
922         default:
923             return 0;
924         }
925     }
926         
927     size_t butterflyTotalSize();
928     size_t butterflyPreCapacity();
929
930     Butterfly* createInitialUndecided(VM&, unsigned length);
931     ContiguousJSValues createInitialInt32(VM&, unsigned length);
932     ContiguousDoubles createInitialDouble(VM&, unsigned length);
933     ContiguousJSValues createInitialContiguous(VM&, unsigned length);
934         
935     void convertUndecidedForValue(VM&, JSValue);
936     void createInitialForValueAndSet(VM&, unsigned index, JSValue);
937     void convertInt32ForValue(VM&, JSValue);
938         
939     static Butterfly* createArrayStorageButterfly(VM&, JSCell* intendedOwner, Structure*, unsigned length, unsigned vectorLength, Butterfly* oldButterfly = nullptr);
940     ArrayStorage* createArrayStorage(VM&, unsigned length, unsigned vectorLength);
941     ArrayStorage* createInitialArrayStorage(VM&);
942         
943     ContiguousJSValues convertUndecidedToInt32(VM&);
944     ContiguousDoubles convertUndecidedToDouble(VM&);
945     ContiguousJSValues convertUndecidedToContiguous(VM&);
946     ArrayStorage* convertUndecidedToArrayStorage(VM&, NonPropertyTransition);
947     ArrayStorage* convertUndecidedToArrayStorage(VM&);
948         
949     ContiguousDoubles convertInt32ToDouble(VM&);
950     ContiguousJSValues convertInt32ToContiguous(VM&);
951     ArrayStorage* convertInt32ToArrayStorage(VM&, NonPropertyTransition);
952     ArrayStorage* convertInt32ToArrayStorage(VM&);
953     
954     ContiguousJSValues convertDoubleToContiguous(VM&);
955     ArrayStorage* convertDoubleToArrayStorage(VM&, NonPropertyTransition);
956     ArrayStorage* convertDoubleToArrayStorage(VM&);
957         
958     ArrayStorage* convertContiguousToArrayStorage(VM&, NonPropertyTransition);
959     ArrayStorage* convertContiguousToArrayStorage(VM&);
960
961         
962     ArrayStorage* ensureArrayStorageExistsAndEnterDictionaryIndexingMode(VM&);
963         
964     bool defineOwnNonIndexProperty(ExecState*, PropertyName, const PropertyDescriptor&, bool throwException);
965
966     template<IndexingType indexingShape>
967     bool putByIndexBeyondVectorLengthWithoutAttributes(ExecState*, unsigned propertyName, JSValue);
968     bool putByIndexBeyondVectorLengthWithArrayStorage(ExecState*, unsigned propertyName, JSValue, bool shouldThrow, ArrayStorage*);
969
970     bool increaseVectorLength(VM&, unsigned newLength);
971     void deallocateSparseIndexMap();
972     bool defineOwnIndexedProperty(ExecState*, unsigned, const PropertyDescriptor&, bool throwException);
973     SparseArrayValueMap* allocateSparseIndexMap(VM&);
974         
975     void notifyPresenceOfIndexedAccessors(VM&);
976         
977     bool attemptToInterceptPutByIndexOnHole(ExecState*, unsigned index, JSValue, bool shouldThrow, bool& putResult);
978         
979     // Call this if you want setIndexQuickly to succeed and you're sure that
980     // the array is contiguous.
981     bool WARN_UNUSED_RETURN ensureLength(VM& vm, unsigned length)
982     {
983         RELEASE_ASSERT(length <= MAX_STORAGE_VECTOR_LENGTH);
984         ASSERT(hasContiguous(indexingType()) || hasInt32(indexingType()) || hasDouble(indexingType()) || hasUndecided(indexingType()));
985
986         if (m_butterfly->vectorLength() < length) {
987             if (!ensureLengthSlow(vm, length))
988                 return false;
989         }
990             
991         if (m_butterfly->publicLength() < length)
992             m_butterfly->setPublicLength(length);
993         return true;
994     }
995         
996     // Call this if you want to shrink the butterfly backing store, and you're
997     // sure that the array is contiguous.
998     void reallocateAndShrinkButterfly(VM&, unsigned length);
999     
1000     template<IndexingType indexingShape>
1001     unsigned countElements(Butterfly*);
1002         
1003     // This is relevant to undecided, int32, double, and contiguous.
1004     unsigned countElements();
1005         
1006 private:
1007     friend class LLIntOffsetsExtractor;
1008         
1009     // Nobody should ever ask any of these questions on something already known to be a JSObject.
1010     using JSCell::isAPIValueWrapper;
1011     using JSCell::isGetterSetter;
1012     void getObject();
1013     void getString(ExecState* exec);
1014     void isObject();
1015     void isString();
1016         
1017     Butterfly* createInitialIndexedStorage(VM&, unsigned length);
1018         
1019     ArrayStorage* enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(VM&, ArrayStorage*);
1020         
1021     template<PutMode>
1022     bool putDirectInternal(VM&, PropertyName, JSValue, unsigned attr, PutPropertySlot&);
1023
1024     JS_EXPORT_PRIVATE NEVER_INLINE bool putInlineSlow(ExecState*, PropertyName, JSValue, PutPropertySlot&);
1025
1026     bool getNonIndexPropertySlot(ExecState*, PropertyName, PropertySlot&);
1027     bool getOwnNonIndexPropertySlot(VM&, Structure*, PropertyName, PropertySlot&);
1028     JS_EXPORT_PRIVATE void fillGetterPropertySlot(PropertySlot&, JSCell*, unsigned, PropertyOffset);
1029     void fillCustomGetterPropertySlot(VM&, PropertySlot&, CustomGetterSetter*, unsigned, Structure*);
1030
1031     JS_EXPORT_PRIVATE bool getOwnStaticPropertySlot(VM&, PropertyName, PropertySlot&);
1032     struct PropertyHashEntry {
1033         const HashTable* table;
1034         const HashTableValue* value;
1035     };
1036     std::optional<PropertyHashEntry> findPropertyHashEntry(VM&, PropertyName) const;
1037         
1038     bool putIndexedDescriptor(ExecState*, SparseArrayEntry*, const PropertyDescriptor&, PropertyDescriptor& old);
1039         
1040     bool putByIndexBeyondVectorLength(ExecState*, unsigned propertyName, JSValue, bool shouldThrow);
1041     bool putDirectIndexBeyondVectorLengthWithArrayStorage(ExecState*, unsigned propertyName, JSValue, unsigned attributes, PutDirectIndexMode, ArrayStorage*);
1042     JS_EXPORT_PRIVATE bool putDirectIndexSlowOrBeyondVectorLength(ExecState*, unsigned propertyName, JSValue, unsigned attributes, PutDirectIndexMode);
1043         
1044     unsigned getNewVectorLength(unsigned indexBias, unsigned currentVectorLength, unsigned currentLength, unsigned desiredLength);
1045     unsigned getNewVectorLength(unsigned desiredLength);
1046
1047     ArrayStorage* constructConvertedArrayStorageWithoutCopyingElements(VM&, unsigned neededLength);
1048         
1049     JS_EXPORT_PRIVATE void setIndexQuicklyToUndecided(VM&, unsigned index, JSValue);
1050     JS_EXPORT_PRIVATE void convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(VM&, unsigned index, JSValue);
1051     JS_EXPORT_PRIVATE void convertDoubleToContiguousWhilePerformingSetIndex(VM&, unsigned index, JSValue);
1052         
1053     bool ensureLengthSlow(VM&, unsigned length);
1054         
1055     ContiguousJSValues ensureInt32Slow(VM&);
1056     ContiguousDoubles ensureDoubleSlow(VM&);
1057     ContiguousJSValues ensureContiguousSlow(VM&);
1058     JS_EXPORT_PRIVATE ArrayStorage* ensureArrayStorageSlow(VM&);
1059
1060     PropertyOffset prepareToPutDirectWithoutTransition(VM&, PropertyName, unsigned attributes, StructureID, Structure*);
1061
1062     AuxiliaryBarrier<Butterfly*> m_butterfly;
1063 #if USE(JSVALUE32_64)
1064     unsigned m_32BitPadding;
1065 #endif
1066 };
1067
1068 // JSNonFinalObject is a type of JSObject that has some internal storage,
1069 // but also preserves some space in the collector cell for additional
1070 // data members in derived types.
1071 class JSNonFinalObject : public JSObject {
1072     friend class JSObject;
1073
1074 public:
1075     typedef JSObject Base;
1076
1077     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
1078     {
1079         return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
1080     }
1081
1082 protected:
1083     explicit JSNonFinalObject(VM& vm, Structure* structure, Butterfly* butterfly = 0)
1084         : JSObject(vm, structure, butterfly)
1085     {
1086     }
1087
1088     void finishCreation(VM& vm)
1089     {
1090         Base::finishCreation(vm);
1091         ASSERT(!this->structure()->hasInlineStorage());
1092         ASSERT(classInfo(vm));
1093     }
1094 };
1095
1096 class JSFinalObject;
1097
1098 // JSFinalObject is a type of JSObject that contains sufficient internal
1099 // storage to fully make use of the collector cell containing it.
1100 class JSFinalObject final : public JSObject {
1101     friend class JSObject;
1102
1103 public:
1104     typedef JSObject Base;
1105     static const unsigned StructureFlags = Base::StructureFlags;
1106
1107     static size_t allocationSize(Checked<size_t> inlineCapacity)
1108     {
1109         return (sizeof(JSObject) + inlineCapacity * sizeof(WriteBarrierBase<Unknown>)).unsafeGet();
1110     }
1111
1112     static inline const TypeInfo typeInfo() { return TypeInfo(FinalObjectType, StructureFlags); }
1113     static const IndexingType defaultIndexingType = NonArray;
1114         
1115     static const unsigned defaultSize = 64;
1116     static inline unsigned defaultInlineCapacity()
1117     {
1118         return (defaultSize - allocationSize(0)) / sizeof(WriteBarrier<Unknown>);
1119     }
1120
1121     static const unsigned maxSize = 512;
1122     static inline unsigned maxInlineCapacity()
1123     {
1124         return (maxSize - allocationSize(0)) / sizeof(WriteBarrier<Unknown>);
1125     }
1126
1127     static JSFinalObject* create(ExecState*, Structure*, Butterfly* = nullptr);
1128     static JSFinalObject* create(VM&, Structure*);
1129     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype, unsigned inlineCapacity)
1130     {
1131         return Structure::create(vm, globalObject, prototype, typeInfo(), info(), defaultIndexingType, inlineCapacity);
1132     }
1133
1134     JS_EXPORT_PRIVATE static void visitChildren(JSCell*, SlotVisitor&);
1135
1136     DECLARE_EXPORT_INFO;
1137
1138 protected:
1139     void visitChildrenCommon(SlotVisitor&);
1140         
1141     void finishCreation(VM& vm)
1142     {
1143         Base::finishCreation(vm);
1144         ASSERT(structure()->totalStorageCapacity() == structure()->inlineCapacity());
1145         ASSERT(classInfo(vm));
1146     }
1147
1148 private:
1149     friend class LLIntOffsetsExtractor;
1150
1151     explicit JSFinalObject(VM& vm, Structure* structure, Butterfly* butterfly = nullptr)
1152         : JSObject(vm, structure, butterfly)
1153     {
1154         memset(inlineStorageUnsafe(), 0, structure->inlineCapacity() * sizeof(EncodedJSValue));
1155     }
1156 };
1157
1158 JS_EXPORT_PRIVATE EncodedJSValue JSC_HOST_CALL objectPrivateFuncInstanceOf(ExecState*);
1159
1160 inline JSObject* JSObject::createRawObject(
1161     ExecState* exec, Structure* structure, Butterfly* butterfly)
1162 {
1163     VM& vm = exec->vm();
1164     JSObject* finalObject = new (
1165         NotNull, 
1166         allocateCell<JSFinalObject>(
1167             vm.heap,
1168             JSFinalObject::allocationSize(structure->inlineCapacity())
1169         )
1170     ) JSObject(vm, structure, butterfly);
1171     finalObject->finishCreation(vm);
1172     return finalObject;
1173 }
1174
1175 inline JSFinalObject* JSFinalObject::create(
1176     ExecState* exec, Structure* structure, Butterfly* butterfly)
1177 {
1178     VM& vm = exec->vm();
1179     JSFinalObject* finalObject = new (
1180         NotNull, 
1181         allocateCell<JSFinalObject>(
1182             vm.heap,
1183             allocationSize(structure->inlineCapacity())
1184         )
1185     ) JSFinalObject(vm, structure, butterfly);
1186     finalObject->finishCreation(vm);
1187     return finalObject;
1188 }
1189
1190 inline JSFinalObject* JSFinalObject::create(VM& vm, Structure* structure)
1191 {
1192     JSFinalObject* finalObject = new (NotNull, allocateCell<JSFinalObject>(vm.heap, allocationSize(structure->inlineCapacity()))) JSFinalObject(vm, structure);
1193     finalObject->finishCreation(vm);
1194     return finalObject;
1195 }
1196
1197 inline size_t JSObject::offsetOfInlineStorage()
1198 {
1199     return sizeof(JSObject);
1200 }
1201
1202 inline bool JSObject::isGlobalObject() const
1203 {
1204     return type() == GlobalObjectType;
1205 }
1206
1207 inline bool JSObject::isJSLexicalEnvironment() const
1208 {
1209     return type() == LexicalEnvironmentType || type() == ModuleEnvironmentType;
1210 }
1211
1212 inline bool JSObject::isGlobalLexicalEnvironment() const
1213 {
1214     return type() == GlobalLexicalEnvironmentType;
1215 }
1216
1217 inline bool JSObject::isStrictEvalActivation() const
1218 {
1219     return type() == StrictEvalActivationType;
1220 }
1221
1222 inline bool JSObject::isEnvironment() const
1223 {
1224     bool result = GlobalObjectType <= type() && type() <= StrictEvalActivationType;
1225     ASSERT((isGlobalObject() || isJSLexicalEnvironment() || isGlobalLexicalEnvironment() || isStrictEvalActivation()) == result);
1226     return result;
1227 }
1228
1229 inline bool JSObject::isErrorInstance() const
1230 {
1231     return type() == ErrorInstanceType;
1232 }
1233
1234 inline bool JSObject::isWithScope() const
1235 {
1236     return type() == WithScopeType;
1237 }
1238
1239 inline void JSObject::setStructure(VM& vm, Structure* structure)
1240 {
1241     ASSERT(structure);
1242     ASSERT(!m_butterfly == !(structure->outOfLineCapacity() || structure->hasIndexingHeader(this)));
1243     JSCell::setStructure(vm, structure);
1244 }
1245
1246 inline void JSObject::setButterfly(VM& vm, Butterfly* butterfly)
1247 {
1248     if (isX86() || vm.heap.mutatorShouldBeFenced()) {
1249         WTF::storeStoreFence();
1250         m_butterfly.set(vm, this, butterfly);
1251         WTF::storeStoreFence();
1252         return;
1253     }
1254
1255     m_butterfly.set(vm, this, butterfly);
1256 }
1257
1258 inline void JSObject::nukeStructureAndSetButterfly(VM& vm, StructureID oldStructureID, Butterfly* butterfly)
1259 {
1260     if (isX86() || vm.heap.mutatorShouldBeFenced()) {
1261         setStructureIDDirectly(nuke(oldStructureID));
1262         WTF::storeStoreFence();
1263         m_butterfly.set(vm, this, butterfly);
1264         WTF::storeStoreFence();
1265         return;
1266     }
1267
1268     m_butterfly.set(vm, this, butterfly);
1269 }
1270
1271 inline CallType getCallData(JSValue value, CallData& callData)
1272 {
1273     CallType result = value.isCell() ? value.asCell()->methodTable()->getCallData(value.asCell(), callData) : CallType::None;
1274     ASSERT(result == CallType::None || value.isValidCallee());
1275     return result;
1276 }
1277
1278 inline ConstructType getConstructData(JSValue value, ConstructData& constructData)
1279 {
1280     ConstructType result = value.isCell() ? value.asCell()->methodTable()->getConstructData(value.asCell(), constructData) : ConstructType::None;
1281     ASSERT(result == ConstructType::None || value.isValidCallee());
1282     return result;
1283 }
1284
1285 inline JSObject* asObject(JSCell* cell)
1286 {
1287     ASSERT(cell->isObject());
1288     return jsCast<JSObject*>(cell);
1289 }
1290
1291 inline JSObject* asObject(JSValue value)
1292 {
1293     return asObject(value.asCell());
1294 }
1295
1296 inline JSObject::JSObject(VM& vm, Structure* structure, Butterfly* butterfly)
1297     : JSCell(vm, structure)
1298     , m_butterfly(vm, this, butterfly)
1299 {
1300 }
1301
1302 inline JSValue JSObject::getPrototypeDirect(VM& vm) const
1303 {
1304     return structure(vm)->storedPrototype(this);
1305 }
1306
1307 inline JSValue JSObject::getPrototype(VM& vm, ExecState* exec)
1308 {
1309     auto getPrototypeMethod = methodTable(vm)->getPrototype;
1310     MethodTable::GetPrototypeFunctionPtr defaultGetPrototype = JSObject::getPrototype;
1311     if (LIKELY(getPrototypeMethod == defaultGetPrototype))
1312         return getPrototypeDirect(vm);
1313     return getPrototypeMethod(this, exec);
1314 }
1315
1316 // It is safe to call this method with a PropertyName that is actually an index,
1317 // but if so will always return false (doesn't search index storage).
1318 ALWAYS_INLINE bool JSObject::getOwnNonIndexPropertySlot(VM& vm, Structure* structure, PropertyName propertyName, PropertySlot& slot)
1319 {
1320     unsigned attributes;
1321     PropertyOffset offset = structure->get(vm, propertyName, attributes);
1322     if (!isValidOffset(offset)) {
1323         if (!TypeInfo::hasStaticPropertyTable(inlineTypeFlags()))
1324             return false;
1325         return getOwnStaticPropertySlot(vm, propertyName, slot);
1326     }
1327     
1328     // getPropertySlot relies on this method never returning index properties!
1329     ASSERT(!parseIndex(propertyName));
1330
1331     JSValue value = getDirect(offset);
1332     if (value.isCell()) {
1333         ASSERT(value);
1334         JSCell* cell = value.asCell();
1335         JSType type = cell->type();
1336         switch (type) {
1337         case GetterSetterType:
1338             fillGetterPropertySlot(slot, cell, attributes, offset);
1339             return true;
1340         case CustomGetterSetterType:
1341             fillCustomGetterPropertySlot(vm, slot, jsCast<CustomGetterSetter*>(cell), attributes, structure);
1342             return true;
1343         default:
1344             break;
1345         }
1346     }
1347     
1348     slot.setValue(this, attributes, value, offset);
1349     return true;
1350 }
1351
1352 ALWAYS_INLINE void JSObject::fillCustomGetterPropertySlot(VM& vm, PropertySlot& slot, CustomGetterSetter* customGetterSetter, unsigned attributes, Structure* structure)
1353 {
1354     if (customGetterSetter->inherits<DOMAttributeGetterSetter>(vm)) {
1355         auto* domAttribute = jsCast<DOMAttributeGetterSetter*>(customGetterSetter);
1356         if (structure->isUncacheableDictionary())
1357             slot.setCustom(this, attributes, domAttribute->getter(), domAttribute->domAttribute());
1358         else
1359             slot.setCacheableCustom(this, attributes, domAttribute->getter(), domAttribute->domAttribute());
1360         return;
1361     }
1362
1363     if (structure->isUncacheableDictionary())
1364         slot.setCustom(this, attributes, customGetterSetter->getter());
1365     else
1366         slot.setCacheableCustom(this, attributes, customGetterSetter->getter());
1367 }
1368
1369 // It may seem crazy to inline a function this large, especially a virtual function,
1370 // but it makes a big difference to property lookup that derived classes can inline their
1371 // base class call to this.
1372 ALWAYS_INLINE bool JSObject::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
1373 {
1374     VM& vm = exec->vm();
1375     Structure* structure = object->structure(vm);
1376     if (object->getOwnNonIndexPropertySlot(vm, structure, propertyName, slot))
1377         return true;
1378     if (std::optional<uint32_t> index = parseIndex(propertyName))
1379         return getOwnPropertySlotByIndex(object, exec, index.value(), slot);
1380     return false;
1381 }
1382
1383 // It may seem crazy to inline a function this large but it makes a big difference
1384 // since this is function very hot in variable lookup
1385 ALWAYS_INLINE bool JSObject::getPropertySlot(ExecState* exec, PropertyName propertyName, PropertySlot& slot)
1386 {
1387     VM& vm = exec->vm();
1388     auto& structureIDTable = vm.heap.structureIDTable();
1389     JSObject* object = this;
1390     while (true) {
1391         if (UNLIKELY(TypeInfo::overridesGetOwnPropertySlot(object->inlineTypeFlags()))) {
1392             // If propertyName is an index then we may have missed it (as this loop is using
1393             // getOwnNonIndexPropertySlot), so we cannot safely call the overridden getOwnPropertySlot
1394             // (lest we return a property from a prototype that is shadowed). Check now for an index,
1395             // if so we need to start afresh from this object.
1396             if (std::optional<uint32_t> index = parseIndex(propertyName))
1397                 return getPropertySlot(exec, index.value(), slot);
1398             // Safe to continue searching from current position; call getNonIndexPropertySlot to avoid
1399             // parsing the int again.
1400             return object->getNonIndexPropertySlot(exec, propertyName, slot);
1401         }
1402         ASSERT(object->type() != ProxyObjectType);
1403         Structure* structure = structureIDTable.get(object->structureID());
1404         if (object->getOwnNonIndexPropertySlot(vm, structure, propertyName, slot))
1405             return true;
1406         // FIXME: This doesn't look like it's following the specification:
1407         // https://bugs.webkit.org/show_bug.cgi?id=172572
1408         JSValue prototype = structure->storedPrototype(object);
1409         if (!prototype.isObject())
1410             break;
1411         object = asObject(prototype);
1412     }
1413
1414     if (std::optional<uint32_t> index = parseIndex(propertyName))
1415         return getPropertySlot(exec, index.value(), slot);
1416     return false;
1417 }
1418
1419 inline JSValue JSObject::get(ExecState* exec, PropertyName propertyName) const
1420 {
1421     VM& vm = exec->vm();
1422     auto scope = DECLARE_THROW_SCOPE(vm);
1423     PropertySlot slot(this, PropertySlot::InternalMethodType::Get);
1424     bool hasProperty = const_cast<JSObject*>(this)->getPropertySlot(exec, propertyName, slot);
1425     EXCEPTION_ASSERT(!scope.exception() || !hasProperty);
1426     if (hasProperty) {
1427         scope.release();
1428         return slot.getValue(exec, propertyName);
1429     }
1430     return jsUndefined();
1431 }
1432
1433 inline JSValue JSObject::get(ExecState* exec, unsigned propertyName) const
1434 {
1435     VM& vm = exec->vm();
1436     auto scope = DECLARE_THROW_SCOPE(vm);
1437     PropertySlot slot(this, PropertySlot::InternalMethodType::Get);
1438     bool hasProperty = const_cast<JSObject*>(this)->getPropertySlot(exec, propertyName, slot);
1439     EXCEPTION_ASSERT(!scope.exception() || !hasProperty);
1440     if (hasProperty) {
1441         scope.release();
1442         return slot.getValue(exec, propertyName);
1443     }
1444     return jsUndefined();
1445 }
1446
1447 inline bool JSObject::putOwnDataProperty(VM& vm, PropertyName propertyName, JSValue value, PutPropertySlot& slot)
1448 {
1449     ASSERT(value);
1450     ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
1451     ASSERT(!structure()->hasGetterSetterProperties());
1452     ASSERT(!structure()->hasCustomGetterSetterProperties());
1453
1454     return putDirectInternal<PutModePut>(vm, propertyName, value, 0, slot);
1455 }
1456
1457 inline bool JSObject::putOwnDataPropertyMayBeIndex(ExecState* exec, PropertyName propertyName, JSValue value, PutPropertySlot& slot)
1458 {
1459     ASSERT(value);
1460     ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
1461     ASSERT(!structure()->hasGetterSetterProperties());
1462     ASSERT(!structure()->hasCustomGetterSetterProperties());
1463
1464     if (std::optional<uint32_t> index = parseIndex(propertyName))
1465         return putDirectIndex(exec, index.value(), value, 0, PutDirectIndexLikePutDirect);
1466
1467     return putDirectInternal<PutModePut>(exec->vm(), propertyName, value, 0, slot);
1468 }
1469
1470 inline bool JSObject::putDirect(VM& vm, PropertyName propertyName, JSValue value, unsigned attributes)
1471 {
1472     ASSERT(!value.isGetterSetter() && !(attributes & PropertyAttribute::Accessor));
1473     ASSERT(!value.isCustomGetterSetter());
1474     PutPropertySlot slot(this);
1475     return putDirectInternal<PutModeDefineOwnProperty>(vm, propertyName, value, attributes, slot);
1476 }
1477
1478 inline bool JSObject::putDirect(VM& vm, PropertyName propertyName, JSValue value, PutPropertySlot& slot)
1479 {
1480     ASSERT(!value.isGetterSetter());
1481     ASSERT(!value.isCustomGetterSetter());
1482     return putDirectInternal<PutModeDefineOwnProperty>(vm, propertyName, value, 0, slot);
1483 }
1484
1485 ALWAYS_INLINE JSObject* Register::object() const
1486 {
1487     return asObject(jsValue());
1488 }
1489
1490 ALWAYS_INLINE Register& Register::operator=(JSObject* object)
1491 {
1492     u.value = JSValue::encode(JSValue(object));
1493     return *this;
1494 }
1495
1496 inline size_t offsetInButterfly(PropertyOffset offset)
1497 {
1498     return offsetInOutOfLineStorage(offset) + Butterfly::indexOfPropertyStorage();
1499 }
1500
1501 inline size_t JSObject::butterflyPreCapacity()
1502 {
1503     if (UNLIKELY(hasIndexingHeader()))
1504         return butterfly()->indexingHeader()->preCapacity(structure());
1505     return 0;
1506 }
1507
1508 inline size_t JSObject::butterflyTotalSize()
1509 {
1510     Structure* structure = this->structure();
1511     Butterfly* butterfly = this->butterfly();
1512     size_t preCapacity;
1513     size_t indexingPayloadSizeInBytes;
1514     bool hasIndexingHeader = this->hasIndexingHeader();
1515
1516     if (UNLIKELY(hasIndexingHeader)) {
1517         preCapacity = butterfly->indexingHeader()->preCapacity(structure);
1518         indexingPayloadSizeInBytes = butterfly->indexingHeader()->indexingPayloadSizeInBytes(structure);
1519     } else {
1520         preCapacity = 0;
1521         indexingPayloadSizeInBytes = 0;
1522     }
1523
1524     return Butterfly::totalSize(preCapacity, structure->outOfLineCapacity(), hasIndexingHeader, indexingPayloadSizeInBytes);
1525 }
1526
1527 inline int indexRelativeToBase(PropertyOffset offset)
1528 {
1529     if (isOutOfLineOffset(offset))
1530         return offsetInOutOfLineStorage(offset) + Butterfly::indexOfPropertyStorage();
1531     ASSERT(!(JSObject::offsetOfInlineStorage() % sizeof(EncodedJSValue)));
1532     return JSObject::offsetOfInlineStorage() / sizeof(EncodedJSValue) + offsetInInlineStorage(offset);
1533 }
1534
1535 inline int offsetRelativeToBase(PropertyOffset offset)
1536 {
1537     if (isOutOfLineOffset(offset))
1538         return offsetInOutOfLineStorage(offset) * sizeof(EncodedJSValue) + Butterfly::offsetOfPropertyStorage();
1539     return JSObject::offsetOfInlineStorage() + offsetInInlineStorage(offset) * sizeof(EncodedJSValue);
1540 }
1541
1542 // Returns the maximum offset (away from zero) a load instruction will encode.
1543 inline size_t maxOffsetRelativeToBase(PropertyOffset offset)
1544 {
1545     ptrdiff_t addressOffset = offsetRelativeToBase(offset);
1546 #if USE(JSVALUE32_64)
1547     if (addressOffset >= 0)
1548         return static_cast<size_t>(addressOffset) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag);
1549 #endif
1550     return static_cast<size_t>(addressOffset);
1551 }
1552
1553 COMPILE_ASSERT(!(sizeof(JSObject) % sizeof(WriteBarrierBase<Unknown>)), JSObject_inline_storage_has_correct_alignment);
1554
1555 template<unsigned charactersCount>
1556 ALWAYS_INLINE Identifier makeIdentifier(VM& vm, const char (&characters)[charactersCount])
1557 {
1558     return Identifier::fromString(&vm, characters);
1559 }
1560
1561 ALWAYS_INLINE Identifier makeIdentifier(VM& vm, const char* name)
1562 {
1563     return Identifier::fromString(&vm, name);
1564 }
1565
1566 ALWAYS_INLINE Identifier makeIdentifier(VM&, const Identifier& name)
1567 {
1568     return name;
1569 }
1570
1571 bool validateAndApplyPropertyDescriptor(ExecState*, JSObject*, PropertyName, bool isExtensible,
1572     const PropertyDescriptor& descriptor, bool isCurrentDefined, const PropertyDescriptor& current, bool throwException);
1573
1574 JS_EXPORT_PRIVATE NEVER_INLINE bool ordinarySetSlow(ExecState*, JSObject*, PropertyName, JSValue, JSValue receiver, bool shouldThrow);
1575
1576 // Helper for defining native functions, if you're not using a static hash table.
1577 // Use this macro from within finishCreation() methods in prototypes. This assumes
1578 // you've defined variables called exec, globalObject, and vm, and they
1579 // have the expected meanings.
1580 #define JSC_NATIVE_INTRINSIC_FUNCTION(jsName, cppName, attributes, length, intrinsic) \
1581     putDirectNativeFunction(\
1582         vm, globalObject, makeIdentifier(vm, (jsName)), (length), cppName, \
1583         (intrinsic), (attributes))
1584
1585 #define JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(jsName, cppName, attributes, length, intrinsic) \
1586     putDirectNativeFunctionWithoutTransition(\
1587         vm, globalObject, makeIdentifier(vm, (jsName)), (length), cppName, \
1588         (intrinsic), (attributes))
1589
1590 // As above, but this assumes that the function you're defining doesn't have an
1591 // intrinsic.
1592 #define JSC_NATIVE_FUNCTION(jsName, cppName, attributes, length) \
1593     JSC_NATIVE_INTRINSIC_FUNCTION(jsName, cppName, (attributes), (length), NoIntrinsic)
1594
1595 #define JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(jsName, cppName, attributes, length) \
1596     JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(jsName, cppName, (attributes), (length), NoIntrinsic)
1597
1598 // Identical helpers but for builtins. Note that currently, we don't support builtins that are
1599 // also intrinsics, but we probably will do that eventually.
1600 #define JSC_BUILTIN_FUNCTION(jsName, generatorName, attributes) \
1601     putDirectBuiltinFunction(\
1602         vm, globalObject, makeIdentifier(vm, (jsName)), (generatorName)(vm), (attributes))
1603
1604 #define JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(jsName, generatorName, attributes) \
1605     putDirectBuiltinFunctionWithoutTransition(\
1606         vm, globalObject, makeIdentifier(vm, (jsName)), (generatorName)(vm), (attributes))
1607
1608 // Helper for defining native getters on properties.
1609 #define JSC_NATIVE_INTRINSIC_GETTER(jsName, cppName, attributes, intrinsic)  \
1610     putDirectNativeIntrinsicGetter(\
1611         vm, globalObject, makeIdentifier(vm, (jsName)), (cppName), \
1612         (intrinsic), ((attributes) | PropertyAttribute::Accessor))
1613
1614 #define JSC_NATIVE_GETTER(jsName, cppName, attributes) \
1615     JSC_NATIVE_INTRINSIC_GETTER((jsName), (cppName), (attributes), NoIntrinsic)
1616
1617 } // namespace JSC