Title: [231166] trunk/Source/_javascript_Core
- Revision
- 231166
- Author
- [email protected]
- Date
- 2018-04-30 13:22:08 -0700 (Mon, 30 Apr 2018)
Log Message
Move StructureIsImmortal to out of line flags.
https://bugs.webkit.org/show_bug.cgi?id=185101
Reviewed by Saam Barati.
This will free up a bit in the inline flags where we can move the
isPrototype bit to. This will, in turn, free a bit for use in
implementing copy on write butterflies.
Also, this patch removes an assertion from Structure::typeInfo()
that inadvertently makes the function invalid to call while
cleaning up the vm.
* heap/HeapCellType.cpp:
(JSC::DefaultDestroyFunc::operator() const):
* runtime/JSCell.h:
* runtime/JSCellInlines.h:
(JSC::JSCell::callDestructor): Deleted.
* runtime/JSTypeInfo.h:
(JSC::TypeInfo::hasStaticPropertyTable):
(JSC::TypeInfo::structureIsImmortal const):
* runtime/Structure.h:
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (231165 => 231166)
--- trunk/Source/_javascript_Core/ChangeLog 2018-04-30 19:56:28 UTC (rev 231165)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-04-30 20:22:08 UTC (rev 231166)
@@ -1,3 +1,28 @@
+2018-04-30 Keith Miller <[email protected]>
+
+ Move StructureIsImmortal to out of line flags.
+ https://bugs.webkit.org/show_bug.cgi?id=185101
+
+ Reviewed by Saam Barati.
+
+ This will free up a bit in the inline flags where we can move the
+ isPrototype bit to. This will, in turn, free a bit for use in
+ implementing copy on write butterflies.
+
+ Also, this patch removes an assertion from Structure::typeInfo()
+ that inadvertently makes the function invalid to call while
+ cleaning up the vm.
+
+ * heap/HeapCellType.cpp:
+ (JSC::DefaultDestroyFunc::operator() const):
+ * runtime/JSCell.h:
+ * runtime/JSCellInlines.h:
+ (JSC::JSCell::callDestructor): Deleted.
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::hasStaticPropertyTable):
+ (JSC::TypeInfo::structureIsImmortal const):
+ * runtime/Structure.h:
+
2018-04-30 Yusuke Suzuki <[email protected]>
[JSC] Remove arity fixup check if the number of parameters is 1
Modified: trunk/Source/_javascript_Core/heap/HeapCellType.cpp (231165 => 231166)
--- trunk/Source/_javascript_Core/heap/HeapCellType.cpp 2018-04-30 19:56:28 UTC (rev 231165)
+++ trunk/Source/_javascript_Core/heap/HeapCellType.cpp 2018-04-30 20:22:08 UTC (rev 231166)
@@ -39,8 +39,8 @@
ALWAYS_INLINE void operator()(VM& vm, JSCell* cell) const
{
ASSERT(cell->structureID());
- ASSERT(cell->inlineTypeFlags() & StructureIsImmortal);
Structure* structure = cell->structure(vm);
+ ASSERT(structure->typeInfo().structureIsImmortal());
const ClassInfo* classInfo = structure->classInfo();
MethodTable::DestroyFunctionPtr destroy = classInfo->methodTable.destroy;
destroy(cell);
Modified: trunk/Source/_javascript_Core/runtime/JSCell.h (231165 => 231166)
--- trunk/Source/_javascript_Core/runtime/JSCell.h 2018-04-30 19:56:28 UTC (rev 231165)
+++ trunk/Source/_javascript_Core/runtime/JSCell.h 2018-04-30 20:22:08 UTC (rev 231166)
@@ -242,8 +242,6 @@
return OBJECT_OFFSETOF(JSCell, m_cellState);
}
- void callDestructor(VM&);
-
static const TypedArrayType TypedArrayStorageType = NotTypedArray;
protected:
Modified: trunk/Source/_javascript_Core/runtime/JSCellInlines.h (231165 => 231166)
--- trunk/Source/_javascript_Core/runtime/JSCellInlines.h 2018-04-30 19:56:28 UTC (rev 231165)
+++ trunk/Source/_javascript_Core/runtime/JSCellInlines.h 2018-04-30 20:22:08 UTC (rev 231166)
@@ -314,21 +314,6 @@
return MixedTriState;
}
-inline void JSCell::callDestructor(VM& vm)
-{
- if (isZapped())
- return;
- ASSERT(structureID());
- if (inlineTypeFlags() & StructureIsImmortal) {
- Structure* structure = this->structure(vm);
- const ClassInfo* classInfo = structure->classInfo();
- MethodTable::DestroyFunctionPtr destroy = classInfo->methodTable.destroy;
- destroy(this);
- } else
- static_cast<JSDestructibleObject*>(this)->classInfo()->methodTable.destroy(this);
- zap();
-}
-
inline void JSCellLock::lock()
{
Atomic<IndexingType>* lock = bitwise_cast<Atomic<IndexingType>*>(&m_indexingTypeAndMisc);
Modified: trunk/Source/_javascript_Core/runtime/JSTypeInfo.h (231165 => 231166)
--- trunk/Source/_javascript_Core/runtime/JSTypeInfo.h 2018-04-30 19:56:28 UTC (rev 231165)
+++ trunk/Source/_javascript_Core/runtime/JSTypeInfo.h 2018-04-30 20:22:08 UTC (rev 231166)
@@ -35,14 +35,17 @@
class LLIntOffsetsExtractor;
+// Inline flags.
+
static const unsigned MasqueradesAsUndefined = 1; // WebCore uses MasqueradesAsUndefined to make document.all undetectable.
static const unsigned ImplementsDefaultHasInstance = 1 << 1;
static const unsigned TypeOfShouldCallGetCallData = 1 << 2; // Need this flag if you override getCallData() and you want typeof to use this to determine if it should say "function". Currently we always set this flag when we override getCallData().
static const unsigned OverridesGetOwnPropertySlot = 1 << 3;
-static const unsigned StructureIsImmortal = 1 << 5;
-static const unsigned OverridesToThis = 1 << 6; // If this is false then this returns something other than 'this'. Non-object cells that are visible to JS have this set as do some exotic objects.
-static const unsigned HasStaticPropertyTable = 1 << 7;
+static const unsigned OverridesToThis = 1 << 4; // If this is false then this returns something other than 'this'. Non-object cells that are visible to JS have this set as do some exotic objects.
+static const unsigned HasStaticPropertyTable = 1 << 5;
+// Out of line flags.
+
static const unsigned ImplementsHasInstance = 1 << 8;
static const unsigned OverridesGetPropertyNames = 1 << 9;
static const unsigned ProhibitsPropertyCaching = 1 << 10;
@@ -51,6 +54,7 @@
static const unsigned IsImmutablePrototypeExoticObject = 1 << 13;
static const unsigned GetOwnPropertySlotIsImpureForPropertyAbsence = 1 << 14;
static const unsigned InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero = 1 << 15;
+static const unsigned StructureIsImmortal = 1 << 16;
class TypeInfo {
public:
@@ -84,8 +88,8 @@
bool overridesGetOwnPropertySlot() const { return overridesGetOwnPropertySlot(inlineTypeFlags()); }
static bool overridesGetOwnPropertySlot(InlineTypeFlags flags) { return flags & OverridesGetOwnPropertySlot; }
static bool hasStaticPropertyTable(InlineTypeFlags flags) { return flags & HasStaticPropertyTable; }
- bool structureIsImmortal() const { return isSetOnFlags1(StructureIsImmortal); }
bool overridesToThis() const { return isSetOnFlags1(OverridesToThis); }
+ bool structureIsImmortal() const { return isSetOnFlags2(StructureIsImmortal); }
bool overridesGetPropertyNames() const { return isSetOnFlags2(OverridesGetPropertyNames); }
bool prohibitsPropertyCaching() const { return isSetOnFlags2(ProhibitsPropertyCaching); }
bool getOwnPropertySlotIsImpure() const { return isSetOnFlags2(GetOwnPropertySlotIsImpure); }
Modified: trunk/Source/_javascript_Core/runtime/Structure.h (231165 => 231166)
--- trunk/Source/_javascript_Core/runtime/Structure.h 2018-04-30 19:56:28 UTC (rev 231165)
+++ trunk/Source/_javascript_Core/runtime/Structure.h 2018-04-30 20:22:08 UTC (rev 231166)
@@ -248,7 +248,7 @@
}
// Type accessors.
- TypeInfo typeInfo() const { ASSERT(structure()->classInfo() == info()); return m_blob.typeInfo(m_outOfLineTypeFlags); }
+ TypeInfo typeInfo() const { return m_blob.typeInfo(m_outOfLineTypeFlags); }
bool isObject() const { return typeInfo().isObject(); }
IndexingType indexingType() const { return m_blob.indexingTypeIncludingHistory() & AllArrayTypes; }
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
