]> git.saurik.com Git - apple/javascriptcore.git/blob - runtime/JSArray.cpp
projects / apple / javascriptcore.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
JavaScriptCore-721.26.tar.gz
[apple/javascriptcore.git] / runtime / JSArray.cpp
1 /*
2 * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
3 * Copyright (C) 2003, 2007, 2008, 2009 Apple Inc. All rights reserved.
4 * Copyright (C) 2003 Peter Kelly (pmk@post.com)
5 * Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com)
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20 *
21 */
22
23 #include "config.h"
24 #include "JSArray.h"
25
26 #include "ArrayPrototype.h"
27 #include "CachedCall.h"
28 #include "Error.h"
29 #include "Executable.h"
30 #include "PropertyNameArray.h"
31 #include <wtf/AVLTree.h>
32 #include <wtf/Assertions.h>
33 #include <wtf/OwnPtr.h>
34 #include <Operations.h>
35
36 #define CHECK_ARRAY_CONSISTENCY 0
37
38 using namespace std;
39 using namespace WTF;
40
41 namespace JSC {
42
43 ASSERT_CLASS_FITS_IN_CELL(JSArray);
44
45 // Overview of JSArray
46 //
47 // Properties of JSArray objects may be stored in one of three locations:
48 // * The regular JSObject property map.
49 // * A storage vector.
50 // * A sparse map of array entries.
51 //
52 // Properties with non-numeric identifiers, with identifiers that are not representable
53 // as an unsigned integer, or where the value is greater than MAX_ARRAY_INDEX
54 // (specifically, this is only one property - the value 0xFFFFFFFFU as an unsigned 32-bit
55 // integer) are not considered array indices and will be stored in the JSObject property map.
56 //
57 // All properties with a numeric identifer, representable as an unsigned integer i,
58 // where (i <= MAX_ARRAY_INDEX), are an array index and will be stored in either the
59 // storage vector or the sparse map. An array index i will be handled in the following
60 // fashion:
61 //
62 // * Where (i < MIN_SPARSE_ARRAY_INDEX) the value will be stored in the storage vector.
63 // * Where (MIN_SPARSE_ARRAY_INDEX <= i <= MAX_STORAGE_VECTOR_INDEX) the value will either
64 // be stored in the storage vector or in the sparse array, depending on the density of
65 // data that would be stored in the vector (a vector being used where at least
66 // (1 / minDensityMultiplier) of the entries would be populated).
67 // * Where (MAX_STORAGE_VECTOR_INDEX < i <= MAX_ARRAY_INDEX) the value will always be stored
68 // in the sparse array.
69
70 // The definition of MAX_STORAGE_VECTOR_LENGTH is dependant on the definition storageSize
71 // function below - the MAX_STORAGE_VECTOR_LENGTH limit is defined such that the storage
72 // size calculation cannot overflow. (sizeof(ArrayStorage) - sizeof(JSValue)) +
73 // (vectorLength * sizeof(JSValue)) must be <= 0xFFFFFFFFU (which is maximum value of size_t).
74 #define MAX_STORAGE_VECTOR_LENGTH static_cast<unsigned>((0xFFFFFFFFU - (sizeof(ArrayStorage) - sizeof(JSValue))) / sizeof(JSValue))
75
76 // These values have to be macros to be used in max() and min() without introducing
77 // a PIC branch in Mach-O binaries, see <rdar://problem/5971391>.
78 #define MIN_SPARSE_ARRAY_INDEX 10000U
79 #define MAX_STORAGE_VECTOR_INDEX (MAX_STORAGE_VECTOR_LENGTH - 1)
80 // 0xFFFFFFFF is a bit weird -- is not an array index even though it's an integer.
81 #define MAX_ARRAY_INDEX 0xFFFFFFFEU
82
83 // Our policy for when to use a vector and when to use a sparse map.
84 // For all array indices under MIN_SPARSE_ARRAY_INDEX, we always use a vector.
85 // When indices greater than MIN_SPARSE_ARRAY_INDEX are involved, we use a vector
86 // as long as it is 1/8 full. If more sparse than that, we use a map.
87 static const unsigned minDensityMultiplier = 8;
88
89 const ClassInfo JSArray::info = {"Array", 0, 0, 0};
90
91 static inline size_t storageSize(unsigned vectorLength)
92 {
93 ASSERT(vectorLength <= MAX_STORAGE_VECTOR_LENGTH);
94
95 // MAX_STORAGE_VECTOR_LENGTH is defined such that provided (vectorLength <= MAX_STORAGE_VECTOR_LENGTH)
96 // - as asserted above - the following calculation cannot overflow.
97 size_t size = (sizeof(ArrayStorage) - sizeof(JSValue)) + (vectorLength * sizeof(JSValue));
98 // Assertion to detect integer overflow in previous calculation (should not be possible, provided that
99 // MAX_STORAGE_VECTOR_LENGTH is correctly defined).
100 ASSERT(((size - (sizeof(ArrayStorage) - sizeof(JSValue))) / sizeof(JSValue) == vectorLength) && (size >= (sizeof(ArrayStorage) - sizeof(JSValue))));
101
102 return size;
103 }
104
105 static inline unsigned increasedVectorLength(unsigned newLength)
106 {
107 ASSERT(newLength <= MAX_STORAGE_VECTOR_LENGTH);
108
109 // Mathematically equivalent to:
110 // increasedLength = (newLength * 3 + 1) / 2;
111 // or:
112 // increasedLength = (unsigned)ceil(newLength * 1.5));
113 // This form is not prone to internal overflow.
114 unsigned increasedLength = newLength + (newLength >> 1) + (newLength & 1);
115 ASSERT(increasedLength >= newLength);
116
117 return min(increasedLength, MAX_STORAGE_VECTOR_LENGTH);
118 }
119
120 static inline bool isDenseEnoughForVector(unsigned length, unsigned numValues)
121 {
122 return length / minDensityMultiplier <= numValues;
123 }
124
125 #if !CHECK_ARRAY_CONSISTENCY
126
127 inline void JSArray::checkConsistency(ConsistencyCheckType)
128 {
129 }
130
131 #endif
132
133 JSArray::JSArray(NonNullPassRefPtr<Structure> structure)
134 : JSObject(structure)
135 {
136 unsigned initialCapacity = 0;
137
138 m_storage = static_cast<ArrayStorage*>(fastZeroedMalloc(storageSize(initialCapacity)));
139 m_vectorLength = initialCapacity;
140
141 checkConsistency();
142 }
143
144 JSArray::JSArray(NonNullPassRefPtr<Structure> structure, unsigned initialLength)
145 : JSObject(structure)
146 {
147 unsigned initialCapacity = min(initialLength, MIN_SPARSE_ARRAY_INDEX);
148
149 m_storage = static_cast<ArrayStorage*>(fastMalloc(storageSize(initialCapacity)));
150 m_storage->m_length = initialLength;
151 m_vectorLength = initialCapacity;
152 m_storage->m_numValuesInVector = 0;
153 m_storage->m_sparseValueMap = 0;
154 m_storage->subclassData = 0;
155 m_storage->reportedMapCapacity = 0;
156
157 JSValue* vector = m_storage->m_vector;
158 for (size_t i = 0; i < initialCapacity; ++i)
159 vector[i] = JSValue();
160
161 checkConsistency();
162
163 Heap::heap(this)->reportExtraMemoryCost(initialCapacity * sizeof(JSValue));
164 }
165
166 JSArray::JSArray(NonNullPassRefPtr<Structure> structure, const ArgList& list)
167 : JSObject(structure)
168 {
169 unsigned initialCapacity = list.size();
170
171 m_storage = static_cast<ArrayStorage*>(fastMalloc(storageSize(initialCapacity)));
172 m_storage->m_length = initialCapacity;
173 m_vectorLength = initialCapacity;
174 m_storage->m_numValuesInVector = initialCapacity;
175 m_storage->m_sparseValueMap = 0;
176 m_storage->subclassData = 0;
177 m_storage->reportedMapCapacity = 0;
178
179 size_t i = 0;
180 ArgList::const_iterator end = list.end();
181 for (ArgList::const_iterator it = list.begin(); it != end; ++it, ++i)
182 m_storage->m_vector[i] = *it;
183
184 checkConsistency();
185
186 Heap::heap(this)->reportExtraMemoryCost(storageSize(initialCapacity));
187 }
188
189 JSArray::~JSArray()
190 {
191 ASSERT(vptr() == JSGlobalData::jsArrayVPtr);
192 checkConsistency(DestructorConsistencyCheck);
193
194 delete m_storage->m_sparseValueMap;
195 fastFree(m_storage);
196 }
197
198 bool JSArray::getOwnPropertySlot(ExecState* exec, unsigned i, PropertySlot& slot)
199 {
200 ArrayStorage* storage = m_storage;
201
202 if (i >= storage->m_length) {
203 if (i > MAX_ARRAY_INDEX)
204 return getOwnPropertySlot(exec, Identifier::from(exec, i), slot);
205 return false;
206 }
207
208 if (i < m_vectorLength) {
209 JSValue& valueSlot = storage->m_vector[i];
210 if (valueSlot) {
211 slot.setValueSlot(&valueSlot);
212 return true;
213 }
214 } else if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
215 if (i >= MIN_SPARSE_ARRAY_INDEX) {
216 SparseArrayValueMap::iterator it = map->find(i);
217 if (it != map->end()) {
218 slot.setValueSlot(&it->second);
219 return true;
220 }
221 }
222 }
223
224 return JSObject::getOwnPropertySlot(exec, Identifier::from(exec, i), slot);
225 }
226
227 bool JSArray::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
228 {
229 if (propertyName == exec->propertyNames().length) {
230 slot.setValue(jsNumber(exec, length()));
231 return true;
232 }
233
234 bool isArrayIndex;
235 unsigned i = propertyName.toArrayIndex(&isArrayIndex);
236 if (isArrayIndex)
237 return JSArray::getOwnPropertySlot(exec, i, slot);
238
239 return JSObject::getOwnPropertySlot(exec, propertyName, slot);
240 }
241
242 bool JSArray::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
243 {
244 if (propertyName == exec->propertyNames().length) {
245 descriptor.setDescriptor(jsNumber(exec, length()), DontDelete | DontEnum);
246 return true;
247 }
248
249 bool isArrayIndex;
250 unsigned i = propertyName.toArrayIndex(&isArrayIndex);
251 if (isArrayIndex) {
252 if (i >= m_storage->m_length)
253 return false;
254 if (i < m_vectorLength) {
255 JSValue& value = m_storage->m_vector[i];
256 if (value) {
257 descriptor.setDescriptor(value, 0);
258 return true;
259 }
260 } else if (SparseArrayValueMap* map = m_storage->m_sparseValueMap) {
261 if (i >= MIN_SPARSE_ARRAY_INDEX) {
262 SparseArrayValueMap::iterator it = map->find(i);
263 if (it != map->end()) {
264 descriptor.setDescriptor(it->second, 0);
265 return true;
266 }
267 }
268 }
269 }
270 return JSObject::getOwnPropertyDescriptor(exec, propertyName, descriptor);
271 }
272
273 // ECMA 15.4.5.1
274 void JSArray::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
275 {
276 bool isArrayIndex;
277 unsigned i = propertyName.toArrayIndex(&isArrayIndex);
278 if (isArrayIndex) {
279 put(exec, i, value);
280 return;
281 }
282
283 if (propertyName == exec->propertyNames().length) {
284 unsigned newLength = value.toUInt32(exec);
285 if (value.toNumber(exec) != static_cast<double>(newLength)) {
286 throwError(exec, RangeError, "Invalid array length.");
287 return;
288 }
289 setLength(newLength);
290 return;
291 }
292
293 JSObject::put(exec, propertyName, value, slot);
294 }
295
296 void JSArray::put(ExecState* exec, unsigned i, JSValue value)
297 {
298 checkConsistency();
299
300 unsigned length = m_storage->m_length;
301 if (i >= length && i <= MAX_ARRAY_INDEX) {
302 length = i + 1;
303 m_storage->m_length = length;
304 }
305
306 if (i < m_vectorLength) {
307 JSValue& valueSlot = m_storage->m_vector[i];
308 if (valueSlot) {
309 valueSlot = value;
310 checkConsistency();
311 return;
312 }
313 valueSlot = value;
314 ++m_storage->m_numValuesInVector;
315 checkConsistency();
316 return;
317 }
318
319 putSlowCase(exec, i, value);
320 }
321
322 NEVER_INLINE void JSArray::putSlowCase(ExecState* exec, unsigned i, JSValue value)
323 {
324 ArrayStorage* storage = m_storage;
325 SparseArrayValueMap* map = storage->m_sparseValueMap;
326
327 if (i >= MIN_SPARSE_ARRAY_INDEX) {
328 if (i > MAX_ARRAY_INDEX) {
329 PutPropertySlot slot;
330 put(exec, Identifier::from(exec, i), value, slot);
331 return;
332 }
333
334 // We miss some cases where we could compact the storage, such as a large array that is being filled from the end
335 // (which will only be compacted as we reach indices that are less than MIN_SPARSE_ARRAY_INDEX) - but this makes the check much faster.
336 if ((i > MAX_STORAGE_VECTOR_INDEX) || !isDenseEnoughForVector(i + 1, storage->m_numValuesInVector + 1)) {
337 if (!map) {
338 map = new SparseArrayValueMap;
339 storage->m_sparseValueMap = map;
340 }
341
342 pair<SparseArrayValueMap::iterator, bool> result = map->add(i, value);
343 if (!result.second) { // pre-existing entry
344 result.first->second = value;
345 return;
346 }
347
348 size_t capacity = map->capacity();
349 if (capacity != storage->reportedMapCapacity) {
350 Heap::heap(this)->reportExtraMemoryCost((capacity - storage->reportedMapCapacity) * (sizeof(unsigned) + sizeof(JSValue)));
351 storage->reportedMapCapacity = capacity;
352 }
353 return;
354 }
355 }
356
357 // We have decided that we'll put the new item into the vector.
358 // Fast case is when there is no sparse map, so we can increase the vector size without moving values from it.
359 if (!map || map->isEmpty()) {
360 if (increaseVectorLength(i + 1)) {
361 storage = m_storage;
362 storage->m_vector[i] = value;
363 ++storage->m_numValuesInVector;
364 checkConsistency();
365 } else
366 throwOutOfMemoryError(exec);
367 return;
368 }
369
370 // Decide how many values it would be best to move from the map.
371 unsigned newNumValuesInVector = storage->m_numValuesInVector + 1;
372 unsigned newVectorLength = increasedVectorLength(i + 1);
373 for (unsigned j = max(m_vectorLength, MIN_SPARSE_ARRAY_INDEX); j < newVectorLength; ++j)
374 newNumValuesInVector += map->contains(j);
375 if (i >= MIN_SPARSE_ARRAY_INDEX)
376 newNumValuesInVector -= map->contains(i);
377 if (isDenseEnoughForVector(newVectorLength, newNumValuesInVector)) {
378 unsigned proposedNewNumValuesInVector = newNumValuesInVector;
379 // If newVectorLength is already the maximum - MAX_STORAGE_VECTOR_LENGTH - then do not attempt to grow any further.
380 while (newVectorLength < MAX_STORAGE_VECTOR_LENGTH) {
381 unsigned proposedNewVectorLength = increasedVectorLength(newVectorLength + 1);
382 for (unsigned j = max(newVectorLength, MIN_SPARSE_ARRAY_INDEX); j < proposedNewVectorLength; ++j)
383 proposedNewNumValuesInVector += map->contains(j);
384 if (!isDenseEnoughForVector(proposedNewVectorLength, proposedNewNumValuesInVector))
385 break;
386 newVectorLength = proposedNewVectorLength;
387 newNumValuesInVector = proposedNewNumValuesInVector;
388 }
389 }
390
391 if (!tryFastRealloc(storage, storageSize(newVectorLength)).getValue(storage)) {
392 throwOutOfMemoryError(exec);
393 return;
394 }
395
396 unsigned vectorLength = m_vectorLength;
397
398 if (newNumValuesInVector == storage->m_numValuesInVector + 1) {
399 for (unsigned j = vectorLength; j < newVectorLength; ++j)
400 storage->m_vector[j] = JSValue();
401 if (i > MIN_SPARSE_ARRAY_INDEX)
402 map->remove(i);
403 } else {
404 for (unsigned j = vectorLength; j < max(vectorLength, MIN_SPARSE_ARRAY_INDEX); ++j)
405 storage->m_vector[j] = JSValue();
406 for (unsigned j = max(vectorLength, MIN_SPARSE_ARRAY_INDEX); j < newVectorLength; ++j)
407 storage->m_vector[j] = map->take(j);
408 }
409
410 storage->m_vector[i] = value;
411
412 m_vectorLength = newVectorLength;
413 storage->m_numValuesInVector = newNumValuesInVector;
414
415 m_storage = storage;
416
417 checkConsistency();
418
419 Heap::heap(this)->reportExtraMemoryCost(storageSize(newVectorLength) - storageSize(vectorLength));
420 }
421
422 bool JSArray::deleteProperty(ExecState* exec, const Identifier& propertyName)
423 {
424 bool isArrayIndex;
425 unsigned i = propertyName.toArrayIndex(&isArrayIndex);
426 if (isArrayIndex)
427 return deleteProperty(exec, i);
428
429 if (propertyName == exec->propertyNames().length)
430 return false;
431
432 return JSObject::deleteProperty(exec, propertyName);
433 }
434
435 bool JSArray::deleteProperty(ExecState* exec, unsigned i)
436 {
437 checkConsistency();
438
439 ArrayStorage* storage = m_storage;
440
441 if (i < m_vectorLength) {
442 JSValue& valueSlot = storage->m_vector[i];
443 if (!valueSlot) {
444 checkConsistency();
445 return false;
446 }
447 valueSlot = JSValue();
448 --storage->m_numValuesInVector;
449 checkConsistency();
450 return true;
451 }
452
453 if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
454 if (i >= MIN_SPARSE_ARRAY_INDEX) {
455 SparseArrayValueMap::iterator it = map->find(i);
456 if (it != map->end()) {
457 map->remove(it);
458 checkConsistency();
459 return true;
460 }
461 }
462 }
463
464 checkConsistency();
465
466 if (i > MAX_ARRAY_INDEX)
467 return deleteProperty(exec, Identifier::from(exec, i));
468
469 return false;
470 }
471
472 void JSArray::getOwnPropertyNames(ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode)
473 {
474 // FIXME: Filling PropertyNameArray with an identifier for every integer
475 // is incredibly inefficient for large arrays. We need a different approach,
476 // which almost certainly means a different structure for PropertyNameArray.
477
478 ArrayStorage* storage = m_storage;
479
480 unsigned usedVectorLength = min(storage->m_length, m_vectorLength);
481 for (unsigned i = 0; i < usedVectorLength; ++i) {
482 if (storage->m_vector[i])
483 propertyNames.add(Identifier::from(exec, i));
484 }
485
486 if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
487 SparseArrayValueMap::iterator end = map->end();
488 for (SparseArrayValueMap::iterator it = map->begin(); it != end; ++it)
489 propertyNames.add(Identifier::from(exec, it->first));
490 }
491
492 if (mode == IncludeDontEnumProperties)
493 propertyNames.add(exec->propertyNames().length);
494
495 JSObject::getOwnPropertyNames(exec, propertyNames, mode);
496 }
497
498 bool JSArray::increaseVectorLength(unsigned newLength)
499 {
500 // This function leaves the array in an internally inconsistent state, because it does not move any values from sparse value map
501 // to the vector. Callers have to account for that, because they can do it more efficiently.
502
503 ArrayStorage* storage = m_storage;
504
505 unsigned vectorLength = m_vectorLength;
506 ASSERT(newLength > vectorLength);
507 ASSERT(newLength <= MAX_STORAGE_VECTOR_INDEX);
508 unsigned newVectorLength = increasedVectorLength(newLength);
509
510 if (!tryFastRealloc(storage, storageSize(newVectorLength)).getValue(storage))
511 return false;
512
513 m_vectorLength = newVectorLength;
514
515 for (unsigned i = vectorLength; i < newVectorLength; ++i)
516 storage->m_vector[i] = JSValue();
517
518 m_storage = storage;
519
520 Heap::heap(this)->reportExtraMemoryCost(storageSize(newVectorLength) - storageSize(vectorLength));
521
522 return true;
523 }
524
525 void JSArray::setLength(unsigned newLength)
526 {
527 checkConsistency();
528
529 ArrayStorage* storage = m_storage;
530
531 unsigned length = m_storage->m_length;
532
533 if (newLength < length) {
534 unsigned usedVectorLength = min(length, m_vectorLength);
535 for (unsigned i = newLength; i < usedVectorLength; ++i) {
536 JSValue& valueSlot = storage->m_vector[i];
537 bool hadValue = valueSlot;
538 valueSlot = JSValue();
539 storage->m_numValuesInVector -= hadValue;
540 }
541
542 if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
543 SparseArrayValueMap copy = *map;
544 SparseArrayValueMap::iterator end = copy.end();
545 for (SparseArrayValueMap::iterator it = copy.begin(); it != end; ++it) {
546 if (it->first >= newLength)
547 map->remove(it->first);
548 }
549 if (map->isEmpty()) {
550 delete map;
551 storage->m_sparseValueMap = 0;
552 }
553 }
554 }
555
556 m_storage->m_length = newLength;
557
558 checkConsistency();
559 }
560
561 JSValue JSArray::pop()
562 {
563 checkConsistency();
564
565 unsigned length = m_storage->m_length;
566 if (!length)
567 return jsUndefined();
568
569 --length;
570
571 JSValue result;
572
573 if (length < m_vectorLength) {
574 JSValue& valueSlot = m_storage->m_vector[length];
575 if (valueSlot) {
576 --m_storage->m_numValuesInVector;
577 result = valueSlot;
578 valueSlot = JSValue();
579 } else
580 result = jsUndefined();
581 } else {
582 result = jsUndefined();
583 if (SparseArrayValueMap* map = m_storage->m_sparseValueMap) {
584 SparseArrayValueMap::iterator it = map->find(length);
585 if (it != map->end()) {
586 result = it->second;
587 map->remove(it);
588 if (map->isEmpty()) {
589 delete map;
590 m_storage->m_sparseValueMap = 0;
591 }
592 }
593 }
594 }
595
596 m_storage->m_length = length;
597
598 checkConsistency();
599
600 return result;
601 }
602
603 void JSArray::push(ExecState* exec, JSValue value)
604 {
605 checkConsistency();
606
607 if (m_storage->m_length < m_vectorLength) {
608 m_storage->m_vector[m_storage->m_length] = value;
609 ++m_storage->m_numValuesInVector;
610 ++m_storage->m_length;
611 checkConsistency();
612 return;
613 }
614
615 if (m_storage->m_length < MIN_SPARSE_ARRAY_INDEX) {
616 SparseArrayValueMap* map = m_storage->m_sparseValueMap;
617 if (!map || map->isEmpty()) {
618 if (increaseVectorLength(m_storage->m_length + 1)) {
619 m_storage->m_vector[m_storage->m_length] = value;
620 ++m_storage->m_numValuesInVector;
621 ++m_storage->m_length;
622 checkConsistency();
623 return;
624 }
625 checkConsistency();
626 throwOutOfMemoryError(exec);
627 return;
628 }
629 }
630
631 putSlowCase(exec, m_storage->m_length++, value);
632 }
633
634 void JSArray::markChildren(MarkStack& markStack)
635 {
636 markChildrenDirect(markStack);
637 }
638
639 static int compareNumbersForQSort(const void* a, const void* b)
640 {
641 double da = static_cast<const JSValue*>(a)->uncheckedGetNumber();
642 double db = static_cast<const JSValue*>(b)->uncheckedGetNumber();
643 return (da > db) - (da < db);
644 }
645
646 static int compareByStringPairForQSort(const void* a, const void* b)
647 {
648 const ValueStringPair* va = static_cast<const ValueStringPair*>(a);
649 const ValueStringPair* vb = static_cast<const ValueStringPair*>(b);
650 return compare(va->second, vb->second);
651 }
652
653 void JSArray::sortNumeric(ExecState* exec, JSValue compareFunction, CallType callType, const CallData& callData)
654 {
655 unsigned lengthNotIncludingUndefined = compactForSorting();
656 if (m_storage->m_sparseValueMap) {
657 throwOutOfMemoryError(exec);
658 return;
659 }
660
661 if (!lengthNotIncludingUndefined)
662 return;
663
664 bool allValuesAreNumbers = true;
665 size_t size = m_storage->m_numValuesInVector;
666 for (size_t i = 0; i < size; ++i) {
667 if (!m_storage->m_vector[i].isNumber()) {
668 allValuesAreNumbers = false;
669 break;
670 }
671 }
672
673 if (!allValuesAreNumbers)
674 return sort(exec, compareFunction, callType, callData);
675
676 // For numeric comparison, which is fast, qsort is faster than mergesort. We
677 // also don't require mergesort's stability, since there's no user visible
678 // side-effect from swapping the order of equal primitive values.
679 qsort(m_storage->m_vector, size, sizeof(JSValue), compareNumbersForQSort);
680
681 checkConsistency(SortConsistencyCheck);
682 }
683
684 void JSArray::sort(ExecState* exec)
685 {
686 unsigned lengthNotIncludingUndefined = compactForSorting();
687 if (m_storage->m_sparseValueMap) {
688 throwOutOfMemoryError(exec);
689 return;
690 }
691
692 if (!lengthNotIncludingUndefined)
693 return;
694
695 // Converting JavaScript values to strings can be expensive, so we do it once up front and sort based on that.
696 // This is a considerable improvement over doing it twice per comparison, though it requires a large temporary
697 // buffer. Besides, this protects us from crashing if some objects have custom toString methods that return
698 // random or otherwise changing results, effectively making compare function inconsistent.
699
700 Vector<ValueStringPair> values(lengthNotIncludingUndefined);
701 if (!values.begin()) {
702 throwOutOfMemoryError(exec);
703 return;
704 }
705
706 Heap::heap(this)->pushTempSortVector(&values);
707
708 for (size_t i = 0; i < lengthNotIncludingUndefined; i++) {
709 JSValue value = m_storage->m_vector[i];
710 ASSERT(!value.isUndefined());
711 values[i].first = value;
712 }
713
714 // FIXME: The following loop continues to call toString on subsequent values even after
715 // a toString call raises an exception.
716
717 for (size_t i = 0; i < lengthNotIncludingUndefined; i++)
718 values[i].second = values[i].first.toString(exec);
719
720 if (exec->hadException()) {
721 Heap::heap(this)->popTempSortVector(&values);
722 return;
723 }
724
725 // FIXME: Since we sort by string value, a fast algorithm might be to use a radix sort. That would be O(N) rather
726 // than O(N log N).
727
728 #if HAVE(MERGESORT)
729 mergesort(values.begin(), values.size(), sizeof(ValueStringPair), compareByStringPairForQSort);
730 #else
731 // FIXME: The qsort library function is likely to not be a stable sort.
732 // ECMAScript-262 does not specify a stable sort, but in practice, browsers perform a stable sort.
733 qsort(values.begin(), values.size(), sizeof(ValueStringPair), compareByStringPairForQSort);
734 #endif
735
736 // If the toString function changed the length of the array or vector storage,
737 // increase the length to handle the orignal number of actual values.
738 if (m_vectorLength < lengthNotIncludingUndefined)
739 increaseVectorLength(lengthNotIncludingUndefined);
740 if (m_storage->m_length < lengthNotIncludingUndefined)
741 m_storage->m_length = lengthNotIncludingUndefined;
742
743 for (size_t i = 0; i < lengthNotIncludingUndefined; i++)
744 m_storage->m_vector[i] = values[i].first;
745
746 Heap::heap(this)->popTempSortVector(&values);
747
748 checkConsistency(SortConsistencyCheck);
749 }
750
751 struct AVLTreeNodeForArrayCompare {
752 JSValue value;
753
754 // Child pointers. The high bit of gt is robbed and used as the
755 // balance factor sign. The high bit of lt is robbed and used as
756 // the magnitude of the balance factor.
757 int32_t gt;
758 int32_t lt;
759 };
760
761 struct AVLTreeAbstractorForArrayCompare {
762 typedef int32_t handle; // Handle is an index into m_nodes vector.
763 typedef JSValue key;
764 typedef int32_t size;
765
766 Vector<AVLTreeNodeForArrayCompare> m_nodes;
767 ExecState* m_exec;
768 JSValue m_compareFunction;
769 CallType m_compareCallType;
770 const CallData* m_compareCallData;
771 JSValue m_globalThisValue;
772 OwnPtr<CachedCall> m_cachedCall;
773
774 handle get_less(handle h) { return m_nodes[h].lt & 0x7FFFFFFF; }
775 void set_less(handle h, handle lh) { m_nodes[h].lt &= 0x80000000; m_nodes[h].lt |= lh; }
776 handle get_greater(handle h) { return m_nodes[h].gt & 0x7FFFFFFF; }
777 void set_greater(handle h, handle gh) { m_nodes[h].gt &= 0x80000000; m_nodes[h].gt |= gh; }
778
779 int get_balance_factor(handle h)
780 {
781 if (m_nodes[h].gt & 0x80000000)
782 return -1;
783 return static_cast<unsigned>(m_nodes[h].lt) >> 31;
784 }
785
786 void set_balance_factor(handle h, int bf)
787 {
788 if (bf == 0) {
789 m_nodes[h].lt &= 0x7FFFFFFF;
790 m_nodes[h].gt &= 0x7FFFFFFF;
791 } else {
792 m_nodes[h].lt |= 0x80000000;
793 if (bf < 0)
794 m_nodes[h].gt |= 0x80000000;
795 else
796 m_nodes[h].gt &= 0x7FFFFFFF;
797 }
798 }
799
800 int compare_key_key(key va, key vb)
801 {
802 ASSERT(!va.isUndefined());
803 ASSERT(!vb.isUndefined());
804
805 if (m_exec->hadException())
806 return 1;
807
808 double compareResult;
809 if (m_cachedCall) {
810 m_cachedCall->setThis(m_globalThisValue);
811 m_cachedCall->setArgument(0, va);
812 m_cachedCall->setArgument(1, vb);
813 compareResult = m_cachedCall->call().toNumber(m_cachedCall->newCallFrame(m_exec));
814 } else {
815 MarkedArgumentBuffer arguments;
816 arguments.append(va);
817 arguments.append(vb);
818 compareResult = call(m_exec, m_compareFunction, m_compareCallType, *m_compareCallData, m_globalThisValue, arguments).toNumber(m_exec);
819 }
820 return (compareResult < 0) ? -1 : 1; // Not passing equality through, because we need to store all values, even if equivalent.
821 }
822
823 int compare_key_node(key k, handle h) { return compare_key_key(k, m_nodes[h].value); }
824 int compare_node_node(handle h1, handle h2) { return compare_key_key(m_nodes[h1].value, m_nodes[h2].value); }
825
826 static handle null() { return 0x7FFFFFFF; }
827 };
828
829 void JSArray::sort(ExecState* exec, JSValue compareFunction, CallType callType, const CallData& callData)
830 {
831 checkConsistency();
832
833 // FIXME: This ignores exceptions raised in the compare function or in toNumber.
834
835 // The maximum tree depth is compiled in - but the caller is clearly up to no good
836 // if a larger array is passed.
837 ASSERT(m_storage->m_length <= static_cast<unsigned>(std::numeric_limits<int>::max()));
838 if (m_storage->m_length > static_cast<unsigned>(std::numeric_limits<int>::max()))
839 return;
840
841 if (!m_storage->m_length)
842 return;
843
844 unsigned usedVectorLength = min(m_storage->m_length, m_vectorLength);
845
846 AVLTree<AVLTreeAbstractorForArrayCompare, 44> tree; // Depth 44 is enough for 2^31 items
847 tree.abstractor().m_exec = exec;
848 tree.abstractor().m_compareFunction = compareFunction;
849 tree.abstractor().m_compareCallType = callType;
850 tree.abstractor().m_compareCallData = &callData;
851 tree.abstractor().m_globalThisValue = exec->globalThisValue();
852 tree.abstractor().m_nodes.resize(usedVectorLength + (m_storage->m_sparseValueMap ? m_storage->m_sparseValueMap->size() : 0));
853
854 if (callType == CallTypeJS)
855 tree.abstractor().m_cachedCall.set(new CachedCall(exec, asFunction(compareFunction), 2, exec->exceptionSlot()));
856
857 if (!tree.abstractor().m_nodes.begin()) {
858 throwOutOfMemoryError(exec);
859 return;
860 }
861
862 // FIXME: If the compare function modifies the array, the vector, map, etc. could be modified
863 // right out from under us while we're building the tree here.
864
865 unsigned numDefined = 0;
866 unsigned numUndefined = 0;
867
868 // Iterate over the array, ignoring missing values, counting undefined ones, and inserting all other ones into the tree.
869 for (; numDefined < usedVectorLength; ++numDefined) {
870 JSValue v = m_storage->m_vector[numDefined];
871 if (!v || v.isUndefined())
872 break;
873 tree.abstractor().m_nodes[numDefined].value = v;
874 tree.insert(numDefined);
875 }
876 for (unsigned i = numDefined; i < usedVectorLength; ++i) {
877 JSValue v = m_storage->m_vector[i];
878 if (v) {
879 if (v.isUndefined())
880 ++numUndefined;
881 else {
882 tree.abstractor().m_nodes[numDefined].value = v;
883 tree.insert(numDefined);
884 ++numDefined;
885 }
886 }
887 }
888
889 unsigned newUsedVectorLength = numDefined + numUndefined;
890
891 if (SparseArrayValueMap* map = m_storage->m_sparseValueMap) {
892 newUsedVectorLength += map->size();
893 if (newUsedVectorLength > m_vectorLength) {
894 // Check that it is possible to allocate an array large enough to hold all the entries.
895 if ((newUsedVectorLength > MAX_STORAGE_VECTOR_LENGTH) || !increaseVectorLength(newUsedVectorLength)) {
896 throwOutOfMemoryError(exec);
897 return;
898 }
899 }
900
901 SparseArrayValueMap::iterator end = map->end();
902 for (SparseArrayValueMap::iterator it = map->begin(); it != end; ++it) {
903 tree.abstractor().m_nodes[numDefined].value = it->second;
904 tree.insert(numDefined);
905 ++numDefined;
906 }
907
908 delete map;
909 m_storage->m_sparseValueMap = 0;
910 }
911
912 ASSERT(tree.abstractor().m_nodes.size() >= numDefined);
913
914 // FIXME: If the compare function changed the length of the array, the following might be
915 // modifying the vector incorrectly.
916
917 // Copy the values back into m_storage.
918 AVLTree<AVLTreeAbstractorForArrayCompare, 44>::Iterator iter;
919 iter.start_iter_least(tree);
920 for (unsigned i = 0; i < numDefined; ++i) {
921 m_storage->m_vector[i] = tree.abstractor().m_nodes[*iter].value;
922 ++iter;
923 }
924
925 // Put undefined values back in.
926 for (unsigned i = numDefined; i < newUsedVectorLength; ++i)
927 m_storage->m_vector[i] = jsUndefined();
928
929 // Ensure that unused values in the vector are zeroed out.
930 for (unsigned i = newUsedVectorLength; i < usedVectorLength; ++i)
931 m_storage->m_vector[i] = JSValue();
932
933 m_storage->m_numValuesInVector = newUsedVectorLength;
934
935 checkConsistency(SortConsistencyCheck);
936 }
937
938 void JSArray::fillArgList(ExecState* exec, MarkedArgumentBuffer& args)
939 {
940 JSValue* vector = m_storage->m_vector;
941 unsigned vectorEnd = min(m_storage->m_length, m_vectorLength);
942 unsigned i = 0;
943 for (; i < vectorEnd; ++i) {
944 JSValue& v = vector[i];
945 if (!v)
946 break;
947 args.append(v);
948 }
949
950 for (; i < m_storage->m_length; ++i)
951 args.append(get(exec, i));
952 }
953
954 void JSArray::copyToRegisters(ExecState* exec, Register* buffer, uint32_t maxSize)
955 {
956 ASSERT(m_storage->m_length >= maxSize);
957 UNUSED_PARAM(maxSize);
958 JSValue* vector = m_storage->m_vector;
959 unsigned vectorEnd = min(maxSize, m_vectorLength);
960 unsigned i = 0;
961 for (; i < vectorEnd; ++i) {
962 JSValue& v = vector[i];
963 if (!v)
964 break;
965 buffer[i] = v;
966 }
967
968 for (; i < maxSize; ++i)
969 buffer[i] = get(exec, i);
970 }
971
972 unsigned JSArray::compactForSorting()
973 {
974 checkConsistency();
975
976 ArrayStorage* storage = m_storage;
977
978 unsigned usedVectorLength = min(m_storage->m_length, m_vectorLength);
979
980 unsigned numDefined = 0;
981 unsigned numUndefined = 0;
982
983 for (; numDefined < usedVectorLength; ++numDefined) {
984 JSValue v = storage->m_vector[numDefined];
985 if (!v || v.isUndefined())
986 break;
987 }
988 for (unsigned i = numDefined; i < usedVectorLength; ++i) {
989 JSValue v = storage->m_vector[i];
990 if (v) {
991 if (v.isUndefined())
992 ++numUndefined;
993 else
994 storage->m_vector[numDefined++] = v;
995 }
996 }
997
998 unsigned newUsedVectorLength = numDefined + numUndefined;
999
1000 if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
1001 newUsedVectorLength += map->size();
1002 if (newUsedVectorLength > m_vectorLength) {
1003 // Check that it is possible to allocate an array large enough to hold all the entries - if not,
1004 // exception is thrown by caller.
1005 if ((newUsedVectorLength > MAX_STORAGE_VECTOR_LENGTH) || !increaseVectorLength(newUsedVectorLength))
1006 return 0;
1007 storage = m_storage;
1008 }
1009
1010 SparseArrayValueMap::iterator end = map->end();
1011 for (SparseArrayValueMap::iterator it = map->begin(); it != end; ++it)
1012 storage->m_vector[numDefined++] = it->second;
1013
1014 delete map;
1015 storage->m_sparseValueMap = 0;
1016 }
1017
1018 for (unsigned i = numDefined; i < newUsedVectorLength; ++i)
1019 storage->m_vector[i] = jsUndefined();
1020 for (unsigned i = newUsedVectorLength; i < usedVectorLength; ++i)
1021 storage->m_vector[i] = JSValue();
1022
1023 storage->m_numValuesInVector = newUsedVectorLength;
1024
1025 checkConsistency(SortConsistencyCheck);
1026
1027 return numDefined;
1028 }
1029
1030 void* JSArray::subclassData() const
1031 {
1032 return m_storage->subclassData;
1033 }
1034
1035 void JSArray::setSubclassData(void* d)
1036 {
1037 m_storage->subclassData = d;
1038 }
1039
1040 #if CHECK_ARRAY_CONSISTENCY
1041
1042 void JSArray::checkConsistency(ConsistencyCheckType type)
1043 {
1044 ASSERT(m_storage);
1045 if (type == SortConsistencyCheck)
1046 ASSERT(!m_storage->m_sparseValueMap);
1047
1048 unsigned numValuesInVector = 0;
1049 for (unsigned i = 0; i < m_vectorLength; ++i) {
1050 if (JSValue value = m_storage->m_vector[i]) {
1051 ASSERT(i < m_storage->m_length);
1052 if (type != DestructorConsistencyCheck)
1053 value->type(); // Likely to crash if the object was deallocated.
1054 ++numValuesInVector;
1055 } else {
1056 if (type == SortConsistencyCheck)
1057 ASSERT(i >= m_storage->m_numValuesInVector);
1058 }
1059 }
1060 ASSERT(numValuesInVector == m_storage->m_numValuesInVector);
1061 ASSERT(numValuesInVector <= m_storage->m_length);
1062
1063 if (m_storage->m_sparseValueMap) {
1064 SparseArrayValueMap::iterator end = m_storage->m_sparseValueMap->end();
1065 for (SparseArrayValueMap::iterator it = m_storage->m_sparseValueMap->begin(); it != end; ++it) {
1066 unsigned index = it->first;
1067 ASSERT(index < m_storage->m_length);
1068 ASSERT(index >= m_vectorLength);
1069 ASSERT(index <= MAX_ARRAY_INDEX);
1070 ASSERT(it->second);
1071 if (type != DestructorConsistencyCheck)
1072 it->second->type(); // Likely to crash if the object was deallocated.
1073 }
1074 }
1075 }
1076
1077 #endif
1078
1079 } // namespace JSC
mirror of JavaScriptCore