Create Instance Type for Class Constructors

Class Constructors are special, because they are callable but [[Call]]
raises an exception. Instead of checking if a JS function is a class
constructor for every JS function call, this CL adds a new instance
type for class constructors.
This way we can use a fast instance type range check for the common
case, and only check for class constructors in the uncommon case were
a class constructor is called and when we need to raise an exception.

Change-Id: Ic6fdd9829722d05559fdfd01f6100c61873a0872
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3186434
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77140}
This commit is contained in:
Patrick Thier 2021-09-27 16:20:01 +00:00 committed by V8 LUCI CQ
parent e57ec7aef3
commit 1cd7a58223
17 changed files with 175 additions and 146 deletions

View File

@ -2282,13 +2282,7 @@ void Builtins::Generate_CallFunction(MacroAssembler* masm,
// -----------------------------------
__ AssertFunction(r1);
// See ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList)
// Check that the function is not a "classConstructor".
Label class_constructor;
__ ldr(r2, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
__ ldr(r3, FieldMemOperand(r2, SharedFunctionInfo::kFlagsOffset));
__ tst(r3, Operand(SharedFunctionInfo::IsClassConstructorBit::kMask));
__ b(ne, &class_constructor);
// Enter the context of the function; ToObject has to run in the function
// context, and we also need to take the global proxy from the function
@ -2363,14 +2357,6 @@ void Builtins::Generate_CallFunction(MacroAssembler* masm,
__ ldrh(r2,
FieldMemOperand(r2, SharedFunctionInfo::kFormalParameterCountOffset));
__ InvokeFunctionCode(r1, no_reg, r2, r0, InvokeType::kJump);
// The function is a "classConstructor", need to raise an exception.
__ bind(&class_constructor);
{
FrameScope frame(masm, StackFrame::INTERNAL);
__ push(r1);
__ CallRuntime(Runtime::kThrowConstructorNonCallableError);
}
}
namespace {
@ -2481,12 +2467,11 @@ void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
// -- r1 : the target to call (can be any Object).
// -----------------------------------
Label non_callable, non_smi;
Label non_callable, class_constructor;
__ JumpIfSmi(r1, &non_callable);
__ bind(&non_smi);
__ LoadMap(r4, r1);
__ CompareInstanceTypeRange(r4, r5, FIRST_JS_FUNCTION_TYPE,
LAST_JS_FUNCTION_TYPE);
__ CompareInstanceTypeRange(r4, r5, FIRST_CALLABLE_JS_FUNCTION_TYPE,
LAST_CALLABLE_JS_FUNCTION_TYPE);
__ Jump(masm->isolate()->builtins()->CallFunction(mode),
RelocInfo::CODE_TARGET, ls);
__ cmp(r5, Operand(JS_BOUND_FUNCTION_TYPE));
@ -2502,6 +2487,11 @@ void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
__ cmp(r5, Operand(JS_PROXY_TYPE));
__ Jump(BUILTIN_CODE(masm->isolate(), CallProxy), RelocInfo::CODE_TARGET, eq);
// ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList)
// Check that the function is not a "classConstructor".
__ cmp(r5, Operand(JS_CLASS_CONSTRUCTOR_TYPE));
__ b(eq, &class_constructor);
// 2. Call to something else, which might have a [[Call]] internal method (if
// not we raise an exception).
// Overwrite the original receiver the (original) target.
@ -2518,6 +2508,16 @@ void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
FrameAndConstantPoolScope scope(masm, StackFrame::INTERNAL);
__ Push(r1);
__ CallRuntime(Runtime::kThrowCalledNonCallable);
__ Trap(); // Unreachable.
}
// 4. The function is a "classConstructor", need to raise an exception.
__ bind(&class_constructor);
{
FrameAndConstantPoolScope scope(masm, StackFrame::INTERNAL);
__ Push(r1);
__ CallRuntime(Runtime::kThrowConstructorNonCallableError);
__ Trap(); // Unreachable.
}
}

View File

@ -2648,14 +2648,8 @@ void Builtins::Generate_CallFunction(MacroAssembler* masm,
// -----------------------------------
__ AssertFunction(x1);
// See ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList)
// Check that function is not a "classConstructor".
Label class_constructor;
__ LoadTaggedPointerField(
x2, FieldMemOperand(x1, JSFunction::kSharedFunctionInfoOffset));
__ Ldr(w3, FieldMemOperand(x2, SharedFunctionInfo::kFlagsOffset));
__ TestAndBranchIfAnySet(w3, SharedFunctionInfo::IsClassConstructorBit::kMask,
&class_constructor);
// Enter the context of the function; ToObject has to run in the function
// context, and we also need to take the global proxy from the function
@ -2664,6 +2658,7 @@ void Builtins::Generate_CallFunction(MacroAssembler* masm,
FieldMemOperand(x1, JSFunction::kContextOffset));
// We need to convert the receiver for non-native sloppy mode functions.
Label done_convert;
__ Ldr(w3, FieldMemOperand(x2, SharedFunctionInfo::kFlagsOffset));
__ TestAndBranchIfAnySet(w3,
SharedFunctionInfo::IsNativeBit::kMask |
SharedFunctionInfo::IsStrictBit::kMask,
@ -2730,15 +2725,6 @@ void Builtins::Generate_CallFunction(MacroAssembler* masm,
__ Ldrh(x2,
FieldMemOperand(x2, SharedFunctionInfo::kFormalParameterCountOffset));
__ InvokeFunctionCode(x1, no_reg, x2, x0, InvokeType::kJump);
// The function is a "classConstructor", need to raise an exception.
__ Bind(&class_constructor);
{
FrameScope frame(masm, StackFrame::INTERNAL);
__ PushArgument(x1);
__ CallRuntime(Runtime::kThrowConstructorNonCallableError);
__ Unreachable();
}
}
namespace {
@ -2906,12 +2892,11 @@ void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
// -- x1 : the target to call (can be any Object).
// -----------------------------------
Label non_callable, non_smi;
Label non_callable, class_constructor;
__ JumpIfSmi(x1, &non_callable);
__ Bind(&non_smi);
__ LoadMap(x4, x1);
__ CompareInstanceTypeRange(x4, x5, FIRST_JS_FUNCTION_TYPE,
LAST_JS_FUNCTION_TYPE);
__ CompareInstanceTypeRange(x4, x5, FIRST_CALLABLE_JS_FUNCTION_TYPE,
LAST_CALLABLE_JS_FUNCTION_TYPE);
__ Jump(masm->isolate()->builtins()->CallFunction(mode),
RelocInfo::CODE_TARGET, ls);
__ Cmp(x5, JS_BOUND_FUNCTION_TYPE);
@ -2927,6 +2912,11 @@ void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
__ Cmp(x5, JS_PROXY_TYPE);
__ Jump(BUILTIN_CODE(masm->isolate(), CallProxy), RelocInfo::CODE_TARGET, eq);
// ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList)
// Check that the function is not a "classConstructor".
__ Cmp(x5, JS_CLASS_CONSTRUCTOR_TYPE);
__ B(eq, &class_constructor);
// 2. Call to something else, which might have a [[Call]] internal method (if
// not we raise an exception).
// Overwrite the original receiver with the (original) target.
@ -2946,6 +2936,15 @@ void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
__ CallRuntime(Runtime::kThrowCalledNonCallable);
__ Unreachable();
}
// 4. The function is a "classConstructor", need to raise an exception.
__ bind(&class_constructor);
{
FrameScope frame(masm, StackFrame::INTERNAL);
__ PushArgument(x1);
__ CallRuntime(Runtime::kThrowConstructorNonCallableError);
__ Unreachable();
}
}
// static

View File

@ -2447,13 +2447,7 @@ void Builtins::Generate_CallFunction(MacroAssembler* masm,
StackArgumentsAccessor args(eax);
__ AssertFunction(edi, edx);
// See ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList)
// Check that the function is not a "classConstructor".
Label class_constructor;
__ mov(edx, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset));
__ test(FieldOperand(edx, SharedFunctionInfo::kFlagsOffset),
Immediate(SharedFunctionInfo::IsClassConstructorBit::kMask));
__ j(not_zero, &class_constructor);
// Enter the context of the function; ToObject has to run in the function
// context, and we also need to take the global proxy from the function
@ -2534,13 +2528,6 @@ void Builtins::Generate_CallFunction(MacroAssembler* masm,
__ movzx_w(
ecx, FieldOperand(edx, SharedFunctionInfo::kFormalParameterCountOffset));
__ InvokeFunctionCode(edi, no_reg, ecx, eax, InvokeType::kJump);
// The function is a "classConstructor", need to raise an exception.
__ bind(&class_constructor);
{
FrameScope frame(masm, StackFrame::INTERNAL);
__ push(edi);
__ CallRuntime(Runtime::kThrowConstructorNonCallableError);
}
}
namespace {
@ -2657,18 +2644,18 @@ void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
// -----------------------------------
StackArgumentsAccessor args(eax);
Label non_callable, non_function, non_smi, non_jsfunction,
non_jsboundfunction;
Label non_callable, non_smi, non_callable_jsfunction, non_jsboundfunction,
non_proxy, class_constructor;
__ JumpIfSmi(edi, &non_callable);
__ bind(&non_smi);
__ LoadMap(ecx, edi);
__ CmpInstanceTypeRange(ecx, ecx, FIRST_JS_FUNCTION_TYPE,
LAST_JS_FUNCTION_TYPE);
__ j(above, &non_jsfunction);
__ CmpInstanceTypeRange(ecx, ecx, FIRST_CALLABLE_JS_FUNCTION_TYPE,
LAST_CALLABLE_JS_FUNCTION_TYPE);
__ j(above, &non_callable_jsfunction);
__ Jump(masm->isolate()->builtins()->CallFunction(mode),
RelocInfo::CODE_TARGET);
__ bind(&non_jsfunction);
__ bind(&non_callable_jsfunction);
__ LoadMap(ecx, edi);
__ CmpInstanceType(ecx, JS_BOUND_FUNCTION_TYPE);
__ j(not_equal, &non_jsboundfunction);
@ -2683,12 +2670,17 @@ void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
// Call CallProxy external builtin
__ CmpInstanceType(ecx, JS_PROXY_TYPE);
__ j(not_equal, &non_function);
__ j(not_equal, &non_proxy);
__ Jump(BUILTIN_CODE(masm->isolate(), CallProxy), RelocInfo::CODE_TARGET);
// ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList)
// Check that the function is not a "classConstructor".
__ bind(&non_proxy);
__ CmpInstanceType(ecx, JS_CLASS_CONSTRUCTOR_TYPE);
__ j(equal, &class_constructor);
// 2. Call to something else, which might have a [[Call]] internal method (if
// not we raise an exception).
__ bind(&non_function);
// Overwrite the original receiver with the (original) target.
__ mov(args.GetReceiverOperand(), edi);
// Let the "call_as_function_delegate" take care of the rest.
@ -2703,6 +2695,16 @@ void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
FrameScope scope(masm, StackFrame::INTERNAL);
__ Push(edi);
__ CallRuntime(Runtime::kThrowCalledNonCallable);
__ Trap(); // Unreachable.
}
// 4. The function is a "classConstructor", need to raise an exception.
__ bind(&class_constructor);
{
FrameScope frame(masm, StackFrame::INTERNAL);
__ Push(edi);
__ CallRuntime(Runtime::kThrowConstructorNonCallableError);
__ Trap(); // Unreachable.
}
}

View File

@ -2377,15 +2377,8 @@ void Builtins::Generate_CallFunction(MacroAssembler* masm,
StackArgumentsAccessor args(rax);
__ AssertFunction(rdi);
// ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList)
// Check that the function is not a "classConstructor".
Label class_constructor;
__ LoadTaggedPointerField(
rdx, FieldOperand(rdi, JSFunction::kSharedFunctionInfoOffset));
__ testl(FieldOperand(rdx, SharedFunctionInfo::kFlagsOffset),
Immediate(SharedFunctionInfo::IsClassConstructorBit::kMask));
__ j(not_zero, &class_constructor);
// ----------- S t a t e -------------
// -- rax : the number of arguments
// -- rdx : the shared function info.
@ -2470,14 +2463,6 @@ void Builtins::Generate_CallFunction(MacroAssembler* masm,
__ movzxwq(
rbx, FieldOperand(rdx, SharedFunctionInfo::kFormalParameterCountOffset));
__ InvokeFunctionCode(rdi, no_reg, rbx, rax, InvokeType::kJump);
// The function is a "classConstructor", need to raise an exception.
__ bind(&class_constructor);
{
FrameScope frame(masm, StackFrame::INTERNAL);
__ Push(rdi);
__ CallRuntime(Runtime::kThrowConstructorNonCallableError);
}
}
namespace {
@ -2591,10 +2576,11 @@ void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
// -----------------------------------
StackArgumentsAccessor args(rax);
Label non_callable;
Label non_callable, class_constructor;
__ JumpIfSmi(rdi, &non_callable);
__ LoadMap(rcx, rdi);
__ CmpInstanceTypeRange(rcx, FIRST_JS_FUNCTION_TYPE, LAST_JS_FUNCTION_TYPE);
__ CmpInstanceTypeRange(rcx, FIRST_CALLABLE_JS_FUNCTION_TYPE,
LAST_CALLABLE_JS_FUNCTION_TYPE);
__ Jump(masm->isolate()->builtins()->CallFunction(mode),
RelocInfo::CODE_TARGET, below_equal);
@ -2612,6 +2598,11 @@ void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
__ Jump(BUILTIN_CODE(masm->isolate(), CallProxy), RelocInfo::CODE_TARGET,
equal);
// ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList)
// Check that the function is not a "classConstructor".
__ CmpInstanceType(rcx, JS_CLASS_CONSTRUCTOR_TYPE);
__ j(equal, &class_constructor);
// 2. Call to something else, which might have a [[Call]] internal method (if
// not we raise an exception).
@ -2629,6 +2620,16 @@ void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
FrameScope scope(masm, StackFrame::INTERNAL);
__ Push(rdi);
__ CallRuntime(Runtime::kThrowCalledNonCallable);
__ Trap(); // Unreachable.
}
// 4. The function is a "classConstructor", need to raise an exception.
__ bind(&class_constructor);
{
FrameScope frame(masm, StackFrame::INTERNAL);
__ Push(rdi);
__ CallRuntime(Runtime::kThrowConstructorNonCallableError);
__ Trap(); // Unreachable.
}
}

View File

@ -275,6 +275,7 @@ Type::bitset BitsetType::Lub(const MapRefLike& map) {
DCHECK(!map.is_undetectable());
return kBoundFunction;
case JS_FUNCTION_TYPE:
case JS_CLASS_CONSTRUCTOR_TYPE:
case JS_PROMISE_CONSTRUCTOR_TYPE:
case JS_REG_EXP_CONSTRUCTOR_TYPE:
case JS_ARRAY_CONSTRUCTOR_TYPE:

View File

@ -293,6 +293,7 @@ void HeapObject::HeapObjectVerify(Isolate* isolate) {
BigIntBase::cast(*this).BigIntBaseVerify(isolate);
break;
case JS_CLASS_CONSTRUCTOR_TYPE:
case JS_PROMISE_CONSTRUCTOR_TYPE:
case JS_REG_EXP_CONSTRUCTOR_TYPE:
case JS_ARRAY_CONSTRUCTOR_TYPE:

View File

@ -234,6 +234,7 @@ void HeapObject::HeapObjectPrint(std::ostream& os) {
case BIG_INT_BASE_TYPE:
BigIntBase::cast(*this).BigIntBasePrint(os);
break;
case JS_CLASS_CONSTRUCTOR_TYPE:
case JS_PROMISE_CONSTRUCTOR_TYPE:
case JS_REG_EXP_CONSTRUCTOR_TYPE:
case JS_ARRAY_CONSTRUCTOR_TYPE:

View File

@ -3654,7 +3654,8 @@ Handle<Map> Factory::CreateStrictFunctionMap(
}
Handle<Map> Factory::CreateClassFunctionMap(Handle<JSFunction> empty_function) {
Handle<Map> map = NewMap(JS_FUNCTION_TYPE, JSFunction::kSizeWithPrototype);
Handle<Map> map =
NewMap(JS_CLASS_CONSTRUCTOR_TYPE, JSFunction::kSizeWithPrototype);
{
DisallowGarbageCollection no_gc;
Map raw_map = *map;

View File

@ -128,6 +128,9 @@ enum InstanceType : uint16_t {
FIRST_UNIQUE_NAME_TYPE = INTERNALIZED_STRING_TYPE,
LAST_UNIQUE_NAME_TYPE = SYMBOL_TYPE,
FIRST_NONSTRING_TYPE = SYMBOL_TYPE,
// Callable JS Functions are all JS Functions except class constructors.
FIRST_CALLABLE_JS_FUNCTION_TYPE = FIRST_JS_FUNCTION_TYPE,
LAST_CALLABLE_JS_FUNCTION_TYPE = JS_CLASS_CONSTRUCTOR_TYPE - 1,
// Boundary for testing JSReceivers that need special property lookup handling
LAST_SPECIAL_RECEIVER_TYPE = LAST_JS_SPECIAL_OBJECT_TYPE,
// Boundary case for testing JSReceivers that may have elements while having
@ -171,6 +174,13 @@ STRING_TYPE_LIST(CHECK_STRING_RANGE)
TORQUE_ASSIGNED_INSTANCE_TYPE_LIST(CHECK_NONSTRING_RANGE)
#undef CHECK_NONSTRING_RANGE
// classConstructor type has to be the last one in the JS Function type range.
STATIC_ASSERT(JS_CLASS_CONSTRUCTOR_TYPE == LAST_JS_FUNCTION_TYPE);
static_assert(JS_CLASS_CONSTRUCTOR_TYPE < FIRST_CALLABLE_JS_FUNCTION_TYPE ||
JS_CLASS_CONSTRUCTOR_TYPE > LAST_CALLABLE_JS_FUNCTION_TYPE,
"JS_CLASS_CONSTRUCTOR_TYPE must not be in the callable JS "
"function type range");
// Two ranges don't cleanly follow the inheritance hierarchy. Here we ensure
// that only expected types fall within these ranges.
// - From FIRST_JS_RECEIVER_TYPE to LAST_SPECIAL_RECEIVER_TYPE should correspond

View File

@ -549,6 +549,7 @@ bool CanSubclassHaveInobjectProperties(InstanceType instance_type) {
case JS_DATE_TYPE:
case JS_GENERATOR_OBJECT_TYPE:
case JS_FUNCTION_TYPE:
case JS_CLASS_CONSTRUCTOR_TYPE:
case JS_PROMISE_CONSTRUCTOR_TYPE:
case JS_REG_EXP_CONSTRUCTOR_TYPE:
case JS_ARRAY_CONSTRUCTOR_TYPE:

View File

@ -28,4 +28,13 @@ extern class JSFunction extends JSFunctionOrBoundFunction {
@noVerifier prototype_or_initial_map: JSReceiver|Map;
}
// Class constructors are special, because they are callable, but [[Call]] will
// raise an exception.
// See ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList ).
@doNotGenerateCast
@noVerifier
@highestInstanceTypeWithinParentClassRange
extern class JSClassConstructor extends JSFunction
generates 'TNode<JSFunction>';
type JSFunctionWithPrototypeSlot extends JSFunction;

View File

@ -2243,6 +2243,7 @@ int JSObject::GetHeaderSize(InstanceType type,
case JS_BOUND_FUNCTION_TYPE:
return JSBoundFunction::kHeaderSize;
case JS_FUNCTION_TYPE:
case JS_CLASS_CONSTRUCTOR_TYPE:
case JS_PROMISE_CONSTRUCTOR_TYPE:
case JS_REG_EXP_CONSTRUCTOR_TYPE:
case JS_ARRAY_CONSTRUCTOR_TYPE:
@ -2589,6 +2590,7 @@ void JSObject::JSObjectShortPrint(StringStream* accumulator) {
case TYPE##_TYPED_ARRAY_CONSTRUCTOR_TYPE:
TYPED_ARRAYS(TYPED_ARRAY_CONSTRUCTORS_SWITCH)
#undef TYPED_ARRAY_CONSTRUCTORS_SWITCH
case JS_CLASS_CONSTRUCTOR_TYPE:
case JS_FUNCTION_TYPE: {
JSFunction function = JSFunction::cast(*this);
std::unique_ptr<char[]> fun_name = function.shared().DebugNameCStr();

View File

@ -206,6 +206,7 @@ VisitorId Map::GetVisitorId(Map map) {
return kVisitJSDataView;
case JS_FUNCTION_TYPE:
case JS_CLASS_CONSTRUCTOR_TYPE:
case JS_PROMISE_CONSTRUCTOR_TYPE:
case JS_REG_EXP_CONSTRUCTOR_TYPE:
case JS_ARRAY_CONSTRUCTOR_TYPE:

View File

@ -270,6 +270,7 @@ class ZoneForwardList;
V(FreeSpaceOrFiller) \
V(FunctionContext) \
V(JSApiObject) \
V(JSClassConstructor) \
V(JSLastDummyApiObject) \
V(JSPromiseConstructor) \
V(JSArrayConstructor) \

View File

@ -1114,6 +1114,7 @@ ReturnType BodyDescriptorApply(InstanceType type, T1 p1, T2 p2, T3 p3, T4 p4) {
case JS_STRING_ITERATOR_TYPE:
case JS_TYPED_ARRAY_PROTOTYPE_TYPE:
case JS_FUNCTION_TYPE:
case JS_CLASS_CONSTRUCTOR_TYPE:
case JS_PROMISE_CONSTRUCTOR_TYPE:
case JS_REG_EXP_CONSTRUCTOR_TYPE:
case JS_ARRAY_CONSTRUCTOR_TYPE:

View File

@ -694,19 +694,16 @@ void WebSnapshotSerializer::WriteValue(Handle<Object> object,
serializer.WriteUint32(ValueType::DOUBLE);
serializer.WriteDouble(HeapNumber::cast(*object).value());
break;
case JS_FUNCTION_TYPE: {
Handle<JSFunction> function = Handle<JSFunction>::cast(object);
FunctionKind kind = function->shared().kind();
if (IsClassConstructor(kind)) {
SerializeClass(function, id);
serializer.WriteUint32(ValueType::CLASS_ID);
} else {
SerializeFunction(function, id);
case JS_FUNCTION_TYPE:
SerializeFunction(Handle<JSFunction>::cast(object), id);
serializer.WriteUint32(ValueType::FUNCTION_ID);
}
serializer.WriteUint32(id);
break;
}
case JS_CLASS_CONSTRUCTOR_TYPE:
SerializeClass(Handle<JSFunction>::cast(object), id);
serializer.WriteUint32(ValueType::CLASS_ID);
serializer.WriteUint32(id);
break;
case JS_OBJECT_TYPE:
SerializeObject(Handle<JSObject>::cast(object), id);
serializer.WriteUint32(ValueType::OBJECT_ID);

View File

@ -173,64 +173,65 @@ INSTANCE_TYPES = {
2072: "JS_ARRAY_CONSTRUCTOR_TYPE",
2073: "JS_PROMISE_CONSTRUCTOR_TYPE",
2074: "JS_REG_EXP_CONSTRUCTOR_TYPE",
2075: "JS_ARRAY_ITERATOR_PROTOTYPE_TYPE",
2076: "JS_ITERATOR_PROTOTYPE_TYPE",
2077: "JS_MAP_ITERATOR_PROTOTYPE_TYPE",
2078: "JS_OBJECT_PROTOTYPE_TYPE",
2079: "JS_PROMISE_PROTOTYPE_TYPE",
2080: "JS_REG_EXP_PROTOTYPE_TYPE",
2081: "JS_SET_ITERATOR_PROTOTYPE_TYPE",
2082: "JS_SET_PROTOTYPE_TYPE",
2083: "JS_STRING_ITERATOR_PROTOTYPE_TYPE",
2084: "JS_TYPED_ARRAY_PROTOTYPE_TYPE",
2085: "JS_MAP_KEY_ITERATOR_TYPE",
2086: "JS_MAP_KEY_VALUE_ITERATOR_TYPE",
2087: "JS_MAP_VALUE_ITERATOR_TYPE",
2088: "JS_SET_KEY_VALUE_ITERATOR_TYPE",
2089: "JS_SET_VALUE_ITERATOR_TYPE",
2090: "JS_GENERATOR_OBJECT_TYPE",
2091: "JS_ASYNC_FUNCTION_OBJECT_TYPE",
2092: "JS_ASYNC_GENERATOR_OBJECT_TYPE",
2093: "JS_DATA_VIEW_TYPE",
2094: "JS_TYPED_ARRAY_TYPE",
2095: "JS_MAP_TYPE",
2096: "JS_SET_TYPE",
2097: "JS_WEAK_MAP_TYPE",
2098: "JS_WEAK_SET_TYPE",
2099: "JS_ARGUMENTS_OBJECT_TYPE",
2100: "JS_ARRAY_TYPE",
2101: "JS_ARRAY_BUFFER_TYPE",
2102: "JS_ARRAY_ITERATOR_TYPE",
2103: "JS_ASYNC_FROM_SYNC_ITERATOR_TYPE",
2104: "JS_COLLATOR_TYPE",
2105: "JS_CONTEXT_EXTENSION_OBJECT_TYPE",
2106: "JS_DATE_TYPE",
2107: "JS_DATE_TIME_FORMAT_TYPE",
2108: "JS_DISPLAY_NAMES_TYPE",
2109: "JS_ERROR_TYPE",
2110: "JS_FINALIZATION_REGISTRY_TYPE",
2111: "JS_LIST_FORMAT_TYPE",
2112: "JS_LOCALE_TYPE",
2113: "JS_MESSAGE_OBJECT_TYPE",
2114: "JS_NUMBER_FORMAT_TYPE",
2115: "JS_PLURAL_RULES_TYPE",
2116: "JS_PROMISE_TYPE",
2117: "JS_REG_EXP_TYPE",
2118: "JS_REG_EXP_STRING_ITERATOR_TYPE",
2119: "JS_RELATIVE_TIME_FORMAT_TYPE",
2120: "JS_SEGMENT_ITERATOR_TYPE",
2121: "JS_SEGMENTER_TYPE",
2122: "JS_SEGMENTS_TYPE",
2123: "JS_STRING_ITERATOR_TYPE",
2124: "JS_V8_BREAK_ITERATOR_TYPE",
2125: "JS_WEAK_REF_TYPE",
2126: "WASM_GLOBAL_OBJECT_TYPE",
2127: "WASM_INSTANCE_OBJECT_TYPE",
2128: "WASM_MEMORY_OBJECT_TYPE",
2129: "WASM_MODULE_OBJECT_TYPE",
2130: "WASM_TABLE_OBJECT_TYPE",
2131: "WASM_TAG_OBJECT_TYPE",
2132: "WASM_VALUE_OBJECT_TYPE",
2075: "JS_CLASS_CONSTRUCTOR_TYPE",
2076: "JS_ARRAY_ITERATOR_PROTOTYPE_TYPE",
2077: "JS_ITERATOR_PROTOTYPE_TYPE",
2078: "JS_MAP_ITERATOR_PROTOTYPE_TYPE",
2079: "JS_OBJECT_PROTOTYPE_TYPE",
2080: "JS_PROMISE_PROTOTYPE_TYPE",
2081: "JS_REG_EXP_PROTOTYPE_TYPE",
2082: "JS_SET_ITERATOR_PROTOTYPE_TYPE",
2083: "JS_SET_PROTOTYPE_TYPE",
2084: "JS_STRING_ITERATOR_PROTOTYPE_TYPE",
2085: "JS_TYPED_ARRAY_PROTOTYPE_TYPE",
2086: "JS_MAP_KEY_ITERATOR_TYPE",
2087: "JS_MAP_KEY_VALUE_ITERATOR_TYPE",
2088: "JS_MAP_VALUE_ITERATOR_TYPE",
2089: "JS_SET_KEY_VALUE_ITERATOR_TYPE",
2090: "JS_SET_VALUE_ITERATOR_TYPE",
2091: "JS_GENERATOR_OBJECT_TYPE",
2092: "JS_ASYNC_FUNCTION_OBJECT_TYPE",
2093: "JS_ASYNC_GENERATOR_OBJECT_TYPE",
2094: "JS_DATA_VIEW_TYPE",
2095: "JS_TYPED_ARRAY_TYPE",
2096: "JS_MAP_TYPE",
2097: "JS_SET_TYPE",
2098: "JS_WEAK_MAP_TYPE",
2099: "JS_WEAK_SET_TYPE",
2100: "JS_ARGUMENTS_OBJECT_TYPE",
2101: "JS_ARRAY_TYPE",
2102: "JS_ARRAY_BUFFER_TYPE",
2103: "JS_ARRAY_ITERATOR_TYPE",
2104: "JS_ASYNC_FROM_SYNC_ITERATOR_TYPE",
2105: "JS_COLLATOR_TYPE",
2106: "JS_CONTEXT_EXTENSION_OBJECT_TYPE",
2107: "JS_DATE_TYPE",
2108: "JS_DATE_TIME_FORMAT_TYPE",
2109: "JS_DISPLAY_NAMES_TYPE",
2110: "JS_ERROR_TYPE",
2111: "JS_FINALIZATION_REGISTRY_TYPE",
2112: "JS_LIST_FORMAT_TYPE",
2113: "JS_LOCALE_TYPE",
2114: "JS_MESSAGE_OBJECT_TYPE",
2115: "JS_NUMBER_FORMAT_TYPE",
2116: "JS_PLURAL_RULES_TYPE",
2117: "JS_PROMISE_TYPE",
2118: "JS_REG_EXP_TYPE",
2119: "JS_REG_EXP_STRING_ITERATOR_TYPE",
2120: "JS_RELATIVE_TIME_FORMAT_TYPE",
2121: "JS_SEGMENT_ITERATOR_TYPE",
2122: "JS_SEGMENTER_TYPE",
2123: "JS_SEGMENTS_TYPE",
2124: "JS_STRING_ITERATOR_TYPE",
2125: "JS_V8_BREAK_ITERATOR_TYPE",
2126: "JS_WEAK_REF_TYPE",
2127: "WASM_GLOBAL_OBJECT_TYPE",
2128: "WASM_INSTANCE_OBJECT_TYPE",
2129: "WASM_MEMORY_OBJECT_TYPE",
2130: "WASM_MODULE_OBJECT_TYPE",
2131: "WASM_TABLE_OBJECT_TYPE",
2132: "WASM_TAG_OBJECT_TYPE",
2133: "WASM_VALUE_OBJECT_TYPE",
}
# List of known V8 maps.
@ -389,7 +390,7 @@ KNOWN_MAPS = {
("read_only_space", 0x05f81): (82, "StoreHandler2Map"),
("read_only_space", 0x05fa9): (82, "StoreHandler3Map"),
("map_space", 0x02119): (1057, "ExternalMap"),
("map_space", 0x02141): (2113, "JSMessageObjectMap"),
("map_space", 0x02141): (2114, "JSMessageObjectMap"),
}
# List of known V8 objects.