|
| 1 | +--- |
| 2 | +title: V8 StringConstructor实现机制 |
| 3 | +categories: |
| 4 | + - V8 |
| 5 | +tags: |
| 6 | + - V8 |
| 7 | +date: 2024-11-13 20:43:30 |
| 8 | +--- |
| 9 | + |
| 10 | +## 一、StringConstructor JS规范 |
| 11 | + |
| 12 | + |
| 13 | +## 二、V8 StringConstructor实现 |
| 14 | +``` |
| 15 | +transitioning javascript builtin StringConstructor( |
| 16 | + js-implicit context: NativeContext, receiver: JSAny, newTarget: JSAny, |
| 17 | + target: JSFunction)(...arguments): JSAny { |
| 18 | + const length: intptr = Convert<intptr>(arguments.length); |
| 19 | + let s: String; |
| 20 | + // 1. If no arguments were passed to this function invocation, let s be "". |
| 21 | + if (length == 0) { |
| 22 | + s = EmptyStringConstant(); |
| 23 | + } else { |
| 24 | + // 2. Else, |
| 25 | + // 2. a. If NewTarget is undefined and Type(value) is Symbol, return |
| 26 | + // SymbolDescriptiveString(value). |
| 27 | + if (newTarget == Undefined) { |
| 28 | + typeswitch (arguments[0]) { |
| 29 | + case (value: Symbol): { |
| 30 | + return SymbolDescriptiveString(value); |
| 31 | + } |
| 32 | + case (JSAny): { |
| 33 | + } |
| 34 | + } |
| 35 | + } |
| 36 | + // 2. b. Let s be ? ToString(value). |
| 37 | + s = ToString_Inline(arguments[0]); |
| 38 | + } |
| 39 | + // 3. If NewTarget is undefined, return s. |
| 40 | + if (newTarget == Undefined) { |
| 41 | + return s; |
| 42 | + } |
| 43 | +
|
| 44 | + // We might be creating a string wrapper with a custom @@toPrimitive. |
| 45 | + if (target != newTarget) { |
| 46 | + InvalidateStringWrapperToPrimitiveProtector(); |
| 47 | + } |
| 48 | +
|
| 49 | + // 4. Return ! StringCreate(s, ? GetPrototypeFromConstructor(NewTarget, |
| 50 | + // "%String.prototype%")). |
| 51 | + const map = GetDerivedMap(target, UnsafeCast<JSReceiver>(newTarget)); |
| 52 | + const obj = |
| 53 | + UnsafeCast<JSPrimitiveWrapper>(AllocateFastOrSlowJSObjectFromMap(map)); |
| 54 | + obj.value = s; |
| 55 | + return obj; |
| 56 | +} |
| 57 | +``` |
| 58 | +在V8实现的StringConstructor中并没有DefinePropertyOrThrow的步骤。那么V8是如何满足规范要求的呢? |
| 59 | + |
| 60 | +由于规范中在String new出的对象上定义了length属性,因此GetOwnProperty要能够访问到该属性。 |
| 61 | +先看一下V8属性打印过程。 |
| 62 | +```c++ |
| 63 | +bool JSObject::PrintProperties(std::ostream& os) { |
| 64 | + if (HasFastProperties()) { |
| 65 | + Tagged<DescriptorArray> descs = map()->instance_descriptors(GetIsolate()); |
| 66 | + int nof_inobject_properties = map()->GetInObjectProperties(); |
| 67 | + for (InternalIndex i : map()->IterateOwnDescriptors()) { |
| 68 | + ... |
| 69 | + switch (details.location()) { |
| 70 | + case PropertyLocation::kField: { |
| 71 | + FieldIndex field_index = FieldIndex::ForDetails(map(), details); |
| 72 | + os << Brief(RawFastPropertyAt(field_index)); |
| 73 | + break; |
| 74 | + } |
| 75 | + case PropertyLocation::kDescriptor: |
| 76 | + os << Brief(descs->GetStrongValue(i)); |
| 77 | + break; |
| 78 | + } |
| 79 | + os << " "; |
| 80 | + details.PrintAsFastTo(os, PropertyDetails::kForProperties); |
| 81 | + if (details.location() == PropertyLocation::kField) { |
| 82 | + os << " @ "; |
| 83 | + FieldType::PrintTo(descs->GetFieldType(i), os); |
| 84 | + int field_index = details.field_index(); |
| 85 | + if (field_index < nof_inobject_properties) { |
| 86 | + os << ", location: in-object"; |
| 87 | + } else { |
| 88 | + field_index -= nof_inobject_properties; |
| 89 | + os << ", location: properties[" << field_index << "]"; |
| 90 | + } |
| 91 | + } else { |
| 92 | + os << ", location: descriptor"; |
| 93 | + } |
| 94 | + } |
| 95 | + return map()->NumberOfOwnDescriptors() > 0; |
| 96 | + } |
| 97 | + ... |
| 98 | + return true; |
| 99 | +} |
| 100 | +``` |
| 101 | +V8的property遍历过程是从object的map中获取。 |
| 102 | +String map的初始化过程如下: |
| 103 | +```c++ |
| 104 | +{ // --- S t r i n g --- |
| 105 | + Handle<JSFunction> string_fun = |
| 106 | + InstallFunction(isolate_, global, "String", JS_PRIMITIVE_WRAPPER_TYPE, |
| 107 | + JSPrimitiveWrapper::kHeaderSize, 0, |
| 108 | + isolate_->initial_object_prototype(), |
| 109 | + Builtin::kStringConstructor, 1, kDontAdapt); |
| 110 | + InstallWithIntrinsicDefaultProto(isolate_, string_fun, |
| 111 | + Context::STRING_FUNCTION_INDEX); |
| 112 | +
|
| 113 | + DirectHandle<Map> string_map( |
| 114 | + native_context()->string_function()->initial_map(), isolate()); |
| 115 | + string_map->set_elements_kind(FAST_STRING_WRAPPER_ELEMENTS); |
| 116 | + Map::EnsureDescriptorSlack(isolate_, string_map, 1); |
| 117 | +
|
| 118 | + PropertyAttributes attribs = |
| 119 | + static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY); |
| 120 | +
|
| 121 | + { // Add length. |
| 122 | + Descriptor d = Descriptor::AccessorConstant( |
| 123 | + factory->length_string(), factory->string_length_accessor(), attribs); |
| 124 | + string_map->AppendDescriptor(isolate(), &d); |
| 125 | + } |
| 126 | +
|
| 127 | + // Install the String.fromCharCode function. |
| 128 | + SimpleInstallFunction(isolate_, string_fun, "fromCharCode", |
| 129 | + Builtin::kStringFromCharCode, 1, kDontAdapt); |
| 130 | + ... |
| 131 | +} |
| 132 | +``` |
| 133 | +String map在初始化过程中加入length属性,设置的属性值为string_length_accessor,即getter/setter方法。此外,Descriptor类型用于描述对象布局,值得注意的是Descriptor是一个三元组[key, value, attributes]。 |
| 134 | + |
| 135 | +## 三、总结 |
| 136 | +- V8的String在初始化过程中,在其map的Descriptors(对象布局)中添加length属性Descriptor |
| 137 | +- Descriptor类型为一个三元组[key, value, attributes] |
| 138 | +- 属性的类型分为kAccessor和kField两种类型,当类型为kAccessor时(即getter/setter),该property不体现在object的内存中,仅记录在object->map中,在访问时,需要在线获取 |
| 139 | +- 因此,V8在用String创建对象的时候,对象所在的内存中并不会有length属性,所以在StringConstructor中看不到DefineProperty的过程,但属性访问时不影响length属性获取,因为属性访问是遍历object->map,map中有获取length属性的方法。 |
0 commit comments