Title: [287004] branches/safari-613.1.11-branch/Source/_javascript_Core
- Revision
- 287004
- Author
- repst...@apple.com
- Date
- 2021-12-13 19:27:46 -0800 (Mon, 13 Dec 2021)
Log Message
Cherry-pick r286580. rdar://problem/86445989
TypeInfo should be materializable from Structures as a single load.
https://bugs.webkit.org/show_bug.cgi?id=233875
Reviewed by Mark Lam.
This is mostly just the members of Structure and JSCell so that
JSType and InlineTypeFlags are at the end of the JSCell header.
* assembler/testmasm.cpp:
(JSC::testBranchIfType):
(JSC::testBranchIfNotType):
* ftl/FTLAbstractHeapRepository.cpp:
(JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
* runtime/JSCell.h:
* runtime/JSCellInlines.h:
(JSC::JSCell::JSCell):
* runtime/Structure.h:
(JSC::Structure::typeInfo const):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@286580 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/ChangeLog (287003 => 287004)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/ChangeLog 2021-12-14 03:27:43 UTC (rev 287003)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/ChangeLog 2021-12-14 03:27:46 UTC (rev 287004)
@@ -1,3 +1,50 @@
+2021-12-13 Russell Epstein <repst...@apple.com>
+
+ Cherry-pick r286580. rdar://problem/86445989
+
+ TypeInfo should be materializable from Structures as a single load.
+ https://bugs.webkit.org/show_bug.cgi?id=233875
+
+ Reviewed by Mark Lam.
+
+ This is mostly just the members of Structure and JSCell so that
+ JSType and InlineTypeFlags are at the end of the JSCell header.
+
+ * assembler/testmasm.cpp:
+ (JSC::testBranchIfType):
+ (JSC::testBranchIfNotType):
+ * ftl/FTLAbstractHeapRepository.cpp:
+ (JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
+ * runtime/JSCell.h:
+ * runtime/JSCellInlines.h:
+ (JSC::JSCell::JSCell):
+ * runtime/Structure.h:
+ (JSC::Structure::typeInfo const):
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@286580 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-12-06 Keith Miller <keith_mil...@apple.com>
+
+ TypeInfo should be materializable from Structures as a single load.
+ https://bugs.webkit.org/show_bug.cgi?id=233875
+
+ Reviewed by Mark Lam.
+
+ This is mostly just the members of Structure and JSCell so that
+ JSType and InlineTypeFlags are at the end of the JSCell header.
+
+ * assembler/testmasm.cpp:
+ (JSC::testBranchIfType):
+ (JSC::testBranchIfNotType):
+ * ftl/FTLAbstractHeapRepository.cpp:
+ (JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
+ * runtime/JSCell.h:
+ * runtime/JSCellInlines.h:
+ (JSC::JSCell::JSCell):
+ * runtime/Structure.h:
+ (JSC::Structure::typeInfo const):
+
2021-12-03 Keith Miller <keith_mil...@apple.com>
Remove StructureIDBlob
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/assembler/testmasm.cpp (287003 => 287004)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/assembler/testmasm.cpp 2021-12-14 03:27:43 UTC (rev 287003)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/assembler/testmasm.cpp 2021-12-14 03:27:46 UTC (rev 287004)
@@ -5613,6 +5613,7 @@
struct CellLike {
uint32_t structureID;
uint8_t indexingType;
+ uint8_t cellState;
JSType type;
};
CHECK_EQ(JSCell::typeInfoTypeOffset(), OBJECT_OFFSETOF(CellLike, type));
@@ -5647,6 +5648,7 @@
struct CellLike {
uint32_t structureID;
uint8_t indexingType;
+ uint8_t cellState;
JSType type;
};
CHECK_EQ(JSCell::typeInfoTypeOffset(), OBJECT_OFFSETOF(CellLike, type));
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.cpp (287003 => 287004)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.cpp 2021-12-14 03:27:43 UTC (rev 287003)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.cpp 2021-12-14 03:27:46 UTC (rev 287004)
@@ -78,9 +78,9 @@
// Make sure that our explicit assumptions about the StructureIDBlob match reality.
RELEASE_ASSERT(!(JSCell_indexingTypeAndMisc.offset() & (sizeof(int32_t) - 1)));
- RELEASE_ASSERT(JSCell_indexingTypeAndMisc.offset() + 1 == JSCell_typeInfoType.offset());
- RELEASE_ASSERT(JSCell_indexingTypeAndMisc.offset() + 2 == JSCell_typeInfoFlags.offset());
- RELEASE_ASSERT(JSCell_indexingTypeAndMisc.offset() + 3 == JSCell_cellState.offset());
+ RELEASE_ASSERT(JSCell_indexingTypeAndMisc.offset() + 1 == JSCell_cellState.offset());
+ RELEASE_ASSERT(JSCell_indexingTypeAndMisc.offset() + 2 == JSCell_typeInfoType.offset());
+ RELEASE_ASSERT(JSCell_indexingTypeAndMisc.offset() + 3 == JSCell_typeInfoFlags.offset());
JSCell_structureID.changeParent(&JSCell_header);
JSCell_usefulBytes.changeParent(&JSCell_header);
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/JSCell.h (287003 => 287004)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/JSCell.h 2021-12-14 03:27:43 UTC (rev 287003)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/JSCell.h 2021-12-14 03:27:46 UTC (rev 287004)
@@ -266,9 +266,9 @@
StructureID m_structureID;
IndexingType m_indexingTypeAndMisc; // DO NOT store to this field. Always CAS.
+ CellState m_cellState;
JSType m_type;
TypeInfo::InlineTypeFlags m_flags;
- CellState m_cellState;
};
class JSCellLock : public JSCell {
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/JSCellInlines.h (287003 => 287004)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/JSCellInlines.h 2021-12-14 03:27:43 UTC (rev 287003)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/JSCellInlines.h 2021-12-14 03:27:46 UTC (rev 287004)
@@ -58,9 +58,9 @@
inline JSCell::JSCell(VM&, Structure* structure)
: m_structureID(structure->id())
, m_indexingTypeAndMisc(structure->indexingModeIncludingHistory())
+ , m_cellState(CellState::DefinitelyWhite)
, m_type(structure->typeInfo().type())
, m_flags(structure->typeInfo().inlineTypeFlags())
- , m_cellState(CellState::DefinitelyWhite)
{
ASSERT(!isCompilationThread());
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/Structure.h (287003 => 287004)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/Structure.h 2021-12-14 03:27:43 UTC (rev 287003)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/Structure.h 2021-12-14 03:27:46 UTC (rev 287004)
@@ -261,7 +261,11 @@
}
// Type accessors.
+#if CPU(NEEDS_ALIGNED_ACCESS)
TypeInfo typeInfo() const { return TypeInfo(m_cellHeaderType, m_cellHeaderInlineTypeFlags, m_outOfLineTypeFlags); }
+#else
+ TypeInfo typeInfo() const { return *reinterpret_cast_ptr<const TypeInfo*>(&m_cellHeaderType); }
+#endif
bool isObject() const { return typeInfo().isObject(); }
protected:
// You probably want typeInfo().type()
@@ -856,9 +860,9 @@
// part of the object. And need to match the order of the equivalent properties in
// JSCell.
IndexingType m_cellHeaderIndexingModeIncludingHistory;
+ const CellState m_cellHeaderDefaultCellState { CellState::DefinitelyWhite };
const JSType m_cellHeaderType;
TypeInfo::InlineTypeFlags m_cellHeaderInlineTypeFlags;
- const CellState m_cellHeaderDefaultCellState { CellState::DefinitelyWhite };
TypeInfo::OutOfLineTypeFlags m_outOfLineTypeFlags;
uint8_t m_inlineCapacity;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
