Diff
Modified: tags/Safari-609.1.6/JSTests/ChangeLog (250946 => 250947)
--- tags/Safari-609.1.6/JSTests/ChangeLog 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/JSTests/ChangeLog 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,3 +1,7 @@
+2019-10-09 Alan Coon <[email protected]>
+
+ Revert r250540. rdar://problem/56052722
+
2019-10-09 Kocsen Chung <[email protected]>
Revert r250878. rdar://problem/56127001
Deleted: tags/Safari-609.1.6/JSTests/microbenchmarks/custom-accessor-materialized.js (250946 => 250947)
--- tags/Safari-609.1.6/JSTests/microbenchmarks/custom-accessor-materialized.js 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/JSTests/microbenchmarks/custom-accessor-materialized.js 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,22 +0,0 @@
-function assert(b) {
- if (!b)
- throw new Error;
-}
-
-function test4() {
- function get(o) {
- return o.testStaticAccessor;
- }
- noInline(get);
-
- const proto = $vm.createStaticCustomAccessor();
- const o = {__proto__: proto};
- const d = Object.getOwnPropertyDescriptor(proto, "testStaticAccessor");
- assert(!!d.get);
- o.testField = 1337;
-
- for (let i = 0; i < 500000; ++i) {
- assert(get(o) === 1337);
- }
-}
-test4();
Deleted: tags/Safari-609.1.6/JSTests/microbenchmarks/custom-accessor-thin-air.js (250946 => 250947)
--- tags/Safari-609.1.6/JSTests/microbenchmarks/custom-accessor-thin-air.js 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/JSTests/microbenchmarks/custom-accessor-thin-air.js 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,24 +0,0 @@
-function assert(b) {
- if (!b)
- throw new Error;
-}
-
-function test5() {
- function get(o) {
- return o.thinAirCustomGetter;
- }
- noInline(get);
-
- const proto = $vm.createStaticCustomAccessor();
- const o = {__proto__: proto};
- o.testField = 1337;
-
- for (let i = 0; i < 500000; ++i) {
- assert(get(o) === 1337);
- }
- proto.xyz = 42;
- for (let i = 0; i < 500000; ++i) {
- assert(get(o) === 1337);
- }
-}
-test5();
Deleted: tags/Safari-609.1.6/JSTests/microbenchmarks/custom-accessor.js (250946 => 250947)
--- tags/Safari-609.1.6/JSTests/microbenchmarks/custom-accessor.js 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/JSTests/microbenchmarks/custom-accessor.js 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,20 +0,0 @@
-function assert(b) {
- if (!b)
- throw new Error;
-}
-
-function test3() {
- function get(o) {
- return o.testStaticAccessor;
- }
- noInline(get);
-
- const proto = $vm.createStaticCustomAccessor();
- const o = {__proto__: proto};
- o.testField = 1337;
-
- for (let i = 0; i < 500000; ++i) {
- assert(get(o) === 1337);
- }
-}
-test3();
Deleted: tags/Safari-609.1.6/JSTests/microbenchmarks/custom-value-2.js (250946 => 250947)
--- tags/Safari-609.1.6/JSTests/microbenchmarks/custom-value-2.js 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/JSTests/microbenchmarks/custom-value-2.js 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,26 +0,0 @@
-function assert(b) {
- if (!b)
- throw new Error;
-}
-
-function test1() {
- function getMultiline(o) {
- return o.multiline;
- }
- noInline(getMultiline);
-
- RegExp.foo = 42;
-
- const o = {};
- o.__proto__ = RegExp;
- RegExp.multiline = false;
-
- for (let i = 0; i < 5000000; ++i) {
- assert(getMultiline(o) === false);
- }
- delete RegExp.foo;
- for (let i = 0; i < 5000000; ++i) {
- assert(getMultiline(o) === false);
- }
-}
-test1();
Deleted: tags/Safari-609.1.6/JSTests/microbenchmarks/custom-value.js (250946 => 250947)
--- tags/Safari-609.1.6/JSTests/microbenchmarks/custom-value.js 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/JSTests/microbenchmarks/custom-value.js 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,21 +0,0 @@
-function assert(b) {
- if (!b)
- throw new Error;
-}
-
-function test1() {
- function getMultiline(o) {
- return o.multiline;
- }
- noInline(getMultiline);
-
- const o = {};
- o.__proto__ = RegExp;
- RegExp.multiline = false;
-
- for (let i = 0; i < 5000000; ++i) {
- assert(getMultiline(o) === false);
- }
-}
-
-test1();
Deleted: tags/Safari-609.1.6/JSTests/stress/custom-accessor-delete-1.js (250946 => 250947)
--- tags/Safari-609.1.6/JSTests/stress/custom-accessor-delete-1.js 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/JSTests/stress/custom-accessor-delete-1.js 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,25 +0,0 @@
-function assert(b) {
- if (!b)
- throw new Error;
-}
-
-function test3() {
- function get(o) {
- return o.testStaticAccessor;
- }
- noInline(get);
-
- const proto = $vm.createStaticCustomAccessor();
- const o = {__proto__: proto};
- o.testField = 1337;
-
- for (let i = 0; i < 500; ++i) {
- assert(get(o) === 1337);
- }
-
- proto.xyz = 42;
-
- assert(delete proto.testStaticAccessor);
- assert(get(o) === undefined);
-}
-test3();
Deleted: tags/Safari-609.1.6/JSTests/stress/custom-accessor-delete-2.js (250946 => 250947)
--- tags/Safari-609.1.6/JSTests/stress/custom-accessor-delete-2.js 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/JSTests/stress/custom-accessor-delete-2.js 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,27 +0,0 @@
-function assert(b) {
- if (!b)
- throw new Error;
-}
-
-function test4() {
- function get(o) {
- return o.testStaticAccessor;
- }
- noInline(get);
-
- const proto = $vm.createStaticCustomAccessor();
- const o = {__proto__: proto};
- const d = Object.getOwnPropertyDescriptor(proto, "testStaticAccessor");
- assert(!!d.get);
- o.testField = 1337;
-
- for (let i = 0; i < 500; ++i) {
- assert(get(o) === 1337);
- }
-
- proto.xyz = 42;
-
- assert(delete proto.testStaticAccessor);
- assert(get(o) === undefined);
-}
-test4();
Deleted: tags/Safari-609.1.6/JSTests/stress/custom-accessor-delete-3.js (250946 => 250947)
--- tags/Safari-609.1.6/JSTests/stress/custom-accessor-delete-3.js 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/JSTests/stress/custom-accessor-delete-3.js 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,24 +0,0 @@
-function assert(b) {
- if (!b)
- throw new Error;
-}
-
-function test5() {
- function get(o) {
- return o.thinAirCustomGetter;
- }
- noInline(get);
-
- const proto = $vm.createStaticCustomAccessor();
- const o = {__proto__: proto};
- o.testField = 1337;
-
- for (let i = 0; i < 500; ++i) {
- assert(get(o) === 1337);
- }
- proto.xyz = 42;
- for (let i = 0; i < 500; ++i) {
- assert(get(o) === 1337);
- }
-}
-test5();
Deleted: tags/Safari-609.1.6/JSTests/stress/custom-value-delete-property-1.js (250946 => 250947)
--- tags/Safari-609.1.6/JSTests/stress/custom-value-delete-property-1.js 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/JSTests/stress/custom-value-delete-property-1.js 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,23 +0,0 @@
-function assert(b) {
- if (!b)
- throw new Error;
-}
-
-function test1() {
- function getMultiline(o) {
- return o.multiline;
- }
- noInline(getMultiline);
-
- const o = {};
- o.__proto__ = RegExp;
- RegExp.multiline = false;
-
- for (let i = 0; i < 500; ++i) {
- assert(getMultiline(o) === false);
- }
- delete RegExp.input;
- delete RegExp.multiline;
- assert(getMultiline(o) === undefined);
-}
-test1();
Deleted: tags/Safari-609.1.6/JSTests/stress/custom-value-delete-property-2.js (250946 => 250947)
--- tags/Safari-609.1.6/JSTests/stress/custom-value-delete-property-2.js 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/JSTests/stress/custom-value-delete-property-2.js 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,14 +0,0 @@
-function test2() {
- function foo() {
- const o = {};
- for (let i = 0; i < 8; i++) {
- let x = o.multiline;
- o.__proto__ = RegExp;
- }
- delete RegExp.input;
- }
-
- foo();
- foo();
-}
-test2();
Deleted: tags/Safari-609.1.6/JSTests/stress/custom-value-delete-property-3.js (250946 => 250947)
--- tags/Safari-609.1.6/JSTests/stress/custom-value-delete-property-3.js 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/JSTests/stress/custom-value-delete-property-3.js 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,14 +0,0 @@
-function test6() {
- function foo() {
- const o = {};
- for (let i = 0; i < 8; i++) {
- o.lastMatch;
- o.__proto__ = RegExp;
- }
- delete RegExp.input;
- }
-
- foo();
- foo();
-}
-test6();
Modified: tags/Safari-609.1.6/LayoutTests/ChangeLog (250946 => 250947)
--- tags/Safari-609.1.6/LayoutTests/ChangeLog 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/LayoutTests/ChangeLog 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,3 +1,7 @@
+2019-10-09 Alan Coon <[email protected]>
+
+ Revert r250540. rdar://problem/56052722
+
2019-10-08 Jiewen Tan <[email protected]>
Partially undo r250811
Deleted: tags/Safari-609.1.6/LayoutTests/js/dom/custom-accessor-redefine-expected.txt (250946 => 250947)
--- tags/Safari-609.1.6/LayoutTests/js/dom/custom-accessor-redefine-expected.txt 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/LayoutTests/js/dom/custom-accessor-redefine-expected.txt 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,10 +0,0 @@
-Check that custom accessor being redefined invalidates our inline caches.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS setter called as expected
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
Deleted: tags/Safari-609.1.6/LayoutTests/js/dom/custom-accessor-redefine.html (250946 => 250947)
--- tags/Safari-609.1.6/LayoutTests/js/dom/custom-accessor-redefine.html 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/LayoutTests/js/dom/custom-accessor-redefine.html 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,50 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<script src=""
-</head>
-<body>
-<script>
-description('Check that custom accessor being redefined invalidates our inline caches.');
-
-(function() {
- "use strict";
-
- let setterCalled = false;
-
- function accessProperty() {
- let oScript = document.createElement("script");
- oScript.src = ""
- }
-
- // Force "code optimization" by calling the function several times
- for (let i = 0; i < 1000; i++) {
- accessProperty();
- }
-
- // Define a custom setter for HTMLScriptElement#src
- const descriptor = Object.getOwnPropertyDescriptor(HTMLScriptElement.prototype, "src");
- Object.defineProperty(HTMLScriptElement.prototype, "src", {
- get: descriptor.get,
- set: function() {
-
- setterCalled = true;
-
- descriptor.set.apply(this, arguments);
- },
- enumerable: descriptor.enumerable,
- configurable: descriptor.configurable
- });
-
- accessProperty();
-
- if (setterCalled)
- testPassed("setter called as expected");
- else
- testFailed("Unexpected, setter not called.");
-})();
-</script>
-
-<script src=""
-</body>
-</html>
Modified: tags/Safari-609.1.6/Source/_javascript_Core/ChangeLog (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/ChangeLog 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/ChangeLog 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1,3 +1,7 @@
+2019-10-09 Alan Coon <[email protected]>
+
+ Revert r250540. rdar://problem/56052722
+
2019-10-09 Kocsen Chung <[email protected]>
Revert r250878. rdar://problem/56127001
Modified: tags/Safari-609.1.6/Source/_javascript_Core/bytecode/AccessCase.cpp (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/bytecode/AccessCase.cpp 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/bytecode/AccessCase.cpp 2019-10-10 00:36:17 UTC (rev 250947)
@@ -61,7 +61,6 @@
{
m_structure.setMayBeNull(vm, owner, structure);
m_conditionSet = conditionSet;
- RELEASE_ASSERT(m_conditionSet.isValid());
}
std::unique_ptr<AccessCase> AccessCase::create(VM& vm, JSCell* owner, AccessType type, PropertyOffset offset, Structure* structure, const ObjectPropertyConditionSet& conditionSet, std::unique_ptr<PolyProtoAccessChain> prototypeAccessChain)
@@ -311,16 +310,7 @@
bool AccessCase::couldStillSucceed() const
{
- for (const ObjectPropertyCondition& condition : m_conditionSet) {
- if (condition.condition().kind() == PropertyCondition::Equivalence) {
- if (!condition.isWatchableAssumingImpurePropertyWatchpoint(PropertyCondition::WatchabilityEffort::EnsureWatchability))
- return false;
- } else {
- if (!condition.structureEnsuresValidityAssumingImpurePropertyWatchpoint())
- return false;
- }
- }
- return true;
+ return m_conditionSet.structuresEnsureValidityAssumingImpurePropertyWatchpoint();
}
bool AccessCase::canReplace(const AccessCase& other) const
@@ -719,18 +709,19 @@
GPRReg thisGPR = state.thisGPR != InvalidGPRReg ? state.thisGPR : baseGPR;
GPRReg scratchGPR = state.scratchGPR;
+ ASSERT(m_conditionSet.structuresEnsureValidityAssumingImpurePropertyWatchpoint());
+
for (const ObjectPropertyCondition& condition : m_conditionSet) {
RELEASE_ASSERT(!m_polyProtoAccessChain);
- if (condition.isWatchableAssumingImpurePropertyWatchpoint(PropertyCondition::WatchabilityEffort::EnsureWatchability)) {
- state.installWatchpoint(condition);
+ Structure* structure = condition.object()->structure(vm);
+
+ if (condition.isWatchableAssumingImpurePropertyWatchpoint()) {
+ structure->addTransitionWatchpoint(state.addWatchpoint(condition));
continue;
}
- // For now, we only allow equivalence when it's watchable.
- RELEASE_ASSERT(condition.condition().kind() != PropertyCondition::Equivalence);
-
- if (!condition.structureEnsuresValidityAssumingImpurePropertyWatchpoint()) {
+ if (!condition.structureEnsuresValidityAssumingImpurePropertyWatchpoint(structure)) {
// The reason why this cannot happen is that we require that PolymorphicAccess calls
// AccessCase::generate() only after it has verified that
// AccessCase::couldStillSucceed() returned true.
@@ -740,7 +731,6 @@
}
// We will emit code that has a weak reference that isn't otherwise listed anywhere.
- Structure* structure = condition.object()->structure(vm);
state.weakReferences.append(WriteBarrier<JSCell>(vm, codeBlock, structure));
jit.move(CCallHelpers::TrustedImmPtr(condition.object()), scratchGPR);
Modified: tags/Safari-609.1.6/Source/_javascript_Core/bytecode/AdaptiveInferredPropertyValueWatchpointBase.h (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/bytecode/AdaptiveInferredPropertyValueWatchpointBase.h 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/bytecode/AdaptiveInferredPropertyValueWatchpointBase.h 2019-10-10 00:36:17 UTC (rev 250947)
@@ -32,8 +32,6 @@
namespace JSC {
-// FIXME: This isn't actually a Watchpoint. We should probably have a name which better reflects that:
-// https://bugs.webkit.org/show_bug.cgi?id=202381
class AdaptiveInferredPropertyValueWatchpointBase {
WTF_MAKE_NONCOPYABLE(AdaptiveInferredPropertyValueWatchpointBase);
WTF_MAKE_FAST_ALLOCATED;
Modified: tags/Safari-609.1.6/Source/_javascript_Core/bytecode/ObjectPropertyCondition.cpp (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/bytecode/ObjectPropertyCondition.cpp 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/bytecode/ObjectPropertyCondition.cpp 2019-10-10 00:36:17 UTC (rev 250947)
@@ -46,12 +46,18 @@
dumpInContext(out, nullptr);
}
+bool ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint(
+ Structure* structure) const
+{
+ return m_condition.isStillValidAssumingImpurePropertyWatchpoint(structure);
+}
+
bool ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint() const
{
if (!*this)
return false;
- return m_condition.isStillValidAssumingImpurePropertyWatchpoint(m_object->structure(), nullptr);
+ return structureEnsuresValidityAssumingImpurePropertyWatchpoint(m_object->structure());
}
bool ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint(Structure* structure) const
Modified: tags/Safari-609.1.6/Source/_javascript_Core/bytecode/ObjectPropertyCondition.h (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/bytecode/ObjectPropertyCondition.h 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/bytecode/ObjectPropertyCondition.h 2019-10-10 00:36:17 UTC (rev 250947)
@@ -121,17 +121,6 @@
vm.heap.writeBarrier(owner);
return equivalenceWithoutBarrier(object, uid, value);
}
-
- static ObjectPropertyCondition customFunctionEquivalence(
- VM& vm, JSCell* owner, JSObject* object, UniquedStringImpl* uid)
- {
- ObjectPropertyCondition result;
- result.m_object = object;
- result.m_condition = PropertyCondition::customFunctionEquivalence(uid);
- if (owner)
- vm.heap.writeBarrier(owner);
- return result;
- }
static ObjectPropertyCondition hasPrototypeWithoutBarrier(JSObject* object, JSObject* prototype)
{
@@ -204,6 +193,7 @@
// Checks if the object's structure claims that the property won't be intercepted. Validity
// does not require watchpoints on the object.
+ bool structureEnsuresValidityAssumingImpurePropertyWatchpoint(Structure*) const;
bool structureEnsuresValidityAssumingImpurePropertyWatchpoint() const;
// Returns true if we need an impure property watchpoint to ensure validity even if
@@ -237,7 +227,7 @@
PropertyCondition::WatchabilityEffort = PropertyCondition::MakeNoChanges) const;
// This means that it's still valid and we could enforce validity by setting a transition
- // watchpoint on the structure, and a value change watchpoint if we're Equivalence.
+ // watchpoint on the structure.
bool isWatchable(
Structure*,
PropertyCondition::WatchabilityEffort = PropertyCondition::MakeNoChanges) const;
Modified: tags/Safari-609.1.6/Source/_javascript_Core/bytecode/ObjectPropertyConditionSet.cpp (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/bytecode/ObjectPropertyConditionSet.cpp 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/bytecode/ObjectPropertyConditionSet.cpp 2019-10-10 00:36:17 UTC (rev 250947)
@@ -62,22 +62,7 @@
bool ObjectPropertyConditionSet::hasOneSlotBaseCondition() const
{
- bool sawBase = false;
- for (const ObjectPropertyCondition& condition : *this) {
- switch (condition.kind()) {
- case PropertyCondition::Presence:
- case PropertyCondition::Equivalence:
- case PropertyCondition::CustomFunctionEquivalence:
- if (sawBase)
- return false;
- sawBase = true;
- break;
- default:
- break;
- }
- }
-
- return sawBase;
+ return (numberOfConditionsWithKind(PropertyCondition::Presence) == 1) != (numberOfConditionsWithKind(PropertyCondition::Equivalence) == 1);
}
ObjectPropertyCondition ObjectPropertyConditionSet::slotBaseCondition() const
@@ -86,8 +71,7 @@
unsigned numFound = 0;
for (const ObjectPropertyCondition& condition : *this) {
if (condition.kind() == PropertyCondition::Presence
- || condition.kind() == PropertyCondition::Equivalence
- || condition.kind() == PropertyCondition::CustomFunctionEquivalence) {
+ || condition.kind() == PropertyCondition::Equivalence) {
result = condition;
numFound++;
}
@@ -244,13 +228,6 @@
result = ObjectPropertyCondition::equivalence(vm, owner, object, uid, value);
break;
}
- case PropertyCondition::CustomFunctionEquivalence: {
- auto entry = object->findPropertyHashEntry(vm, uid);
- if (!entry)
- return ObjectPropertyCondition();
- result = ObjectPropertyCondition::customFunctionEquivalence(vm, owner, object, uid);
- break;
- }
default:
RELEASE_ASSERT_NOT_REACHED();
return ObjectPropertyCondition();
@@ -401,39 +378,15 @@
ObjectPropertyConditionSet generateConditionsForPrototypePropertyHitCustom(
VM& vm, JSCell* owner, ExecState* exec, Structure* headStructure, JSObject* prototype,
- UniquedStringImpl* uid, unsigned attributes)
+ UniquedStringImpl* uid)
{
return generateConditions(
vm, exec->lexicalGlobalObject(), headStructure, prototype,
[&] (Vector<ObjectPropertyCondition>& conditions, JSObject* object) -> bool {
- auto kind = PropertyCondition::Absence;
- if (object == prototype) {
- Structure* structure = object->structure(vm);
- PropertyOffset offset = structure->get(vm, uid);
- if (isValidOffset(offset)) {
- // When we reify custom accessors, we wrap them in a JSFunction that we shove
- // inside a GetterSetter. So, once we've reified a custom accessor, we will
- // no longer see it as a "custom" accessor/value. Hence, if our property access actually
- // notices a custom, it must be a CustomGetterSetterType cell or something
- // in the static property table. Custom values get reified into CustomGetterSetters.
- JSValue value = object->getDirect(offset);
- ASSERT_UNUSED(value, value.isCell() && value.asCell()->type() == CustomGetterSetterType);
- kind = PropertyCondition::Equivalence;
- } else if (structure->findPropertyHashEntry(uid))
- kind = PropertyCondition::CustomFunctionEquivalence;
- else if (attributes & PropertyAttribute::DontDelete) {
- // This can't change, so we can blindly cache it.
- return true;
- } else {
- // This means we materialized a custom out of thin air and it's not DontDelete (i.e, it can be
- // redefined). This is curious. We don't actually need to crash here. We could blindly cache
- // the function. Or we could blindly not cache it. However, we don't actually do this in WebKit
- // right now, so it's reasonable to decide what to do later (or to warn people of forgetting DoneDelete.)
- ASSERT_NOT_REACHED();
- return false;
- }
- }
- ObjectPropertyCondition result = generateCondition(vm, owner, object, uid, kind);
+ if (object == prototype)
+ return true;
+ ObjectPropertyCondition result =
+ generateCondition(vm, owner, object, uid, PropertyCondition::Absence);
if (!result)
return false;
conditions.append(result);
Modified: tags/Safari-609.1.6/Source/_javascript_Core/bytecode/ObjectPropertyConditionSet.h (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/bytecode/ObjectPropertyConditionSet.h 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/bytecode/ObjectPropertyConditionSet.h 2019-10-10 00:36:17 UTC (rev 250947)
@@ -176,7 +176,7 @@
UniquedStringImpl* uid);
ObjectPropertyConditionSet generateConditionsForPrototypePropertyHitCustom(
VM&, JSCell* owner, ExecState*, Structure* headStructure, JSObject* prototype,
- UniquedStringImpl* uid, unsigned attributes);
+ UniquedStringImpl* uid);
ObjectPropertyConditionSet generateConditionsForInstanceOf(
VM&, JSCell* owner, ExecState*, Structure* headStructure, JSObject* prototype, bool shouldHit);
Modified: tags/Safari-609.1.6/Source/_javascript_Core/bytecode/PolyProtoAccessChain.cpp (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/bytecode/PolyProtoAccessChain.cpp 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/bytecode/PolyProtoAccessChain.cpp 2019-10-10 00:36:17 UTC (rev 250947)
@@ -51,6 +51,12 @@
for (unsigned iterationNumber = 0; true; ++iterationNumber) {
Structure* structure = current->structure(vm);
+ if (!structure->propertyAccessesAreCacheable())
+ return nullptr;
+
+ if (structure->isProxy())
+ return nullptr;
+
if (structure->isDictionary()) {
ASSERT(structure->isObject());
if (structure->hasBeenFlattenedBefore())
@@ -59,12 +65,6 @@
structure->flattenDictionaryStructure(vm, asObject(current));
}
- if (!structure->propertyAccessesAreCacheable())
- return nullptr;
-
- if (structure->isProxy())
- return nullptr;
-
// To save memory, we don't include the base in the chain. We let
// AccessCase provide the base to us as needed.
if (iterationNumber)
Modified: tags/Safari-609.1.6/Source/_javascript_Core/bytecode/PolymorphicAccess.cpp (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/bytecode/PolymorphicAccess.cpp 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/bytecode/PolymorphicAccess.cpp 2019-10-10 00:36:17 UTC (rev 250947)
@@ -55,9 +55,9 @@
out.print(":", m_code);
}
-void AccessGenerationState::installWatchpoint(const ObjectPropertyCondition& condition)
+Watchpoint* AccessGenerationState::addWatchpoint(const ObjectPropertyCondition& condition)
{
- WatchpointsOnStructureStubInfo::ensureReferenceAndInstallWatchpoint(
+ return WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint(
watchpoints, jit->codeBlock(), stubInfo, condition);
}
@@ -373,7 +373,7 @@
for (WatchpointSet* set : accessCase.commit(vm, ident)) {
Watchpoint* watchpoint =
WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint(
- watchpoints, codeBlock, &stubInfo);
+ watchpoints, codeBlock, &stubInfo, ObjectPropertyCondition());
set->add(watchpoint);
}
Modified: tags/Safari-609.1.6/Source/_javascript_Core/bytecode/PolymorphicAccess.h (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/bytecode/PolymorphicAccess.h 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/bytecode/PolymorphicAccess.h 2019-10-10 00:36:17 UTC (rev 250947)
@@ -212,7 +212,7 @@
std::unique_ptr<WatchpointsOnStructureStubInfo> watchpoints;
Vector<WriteBarrier<JSCell>> weakReferences;
- void installWatchpoint(const ObjectPropertyCondition&);
+ Watchpoint* addWatchpoint(const ObjectPropertyCondition& = ObjectPropertyCondition());
void restoreScratch();
void succeed();
Modified: tags/Safari-609.1.6/Source/_javascript_Core/bytecode/PropertyCondition.cpp (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/bytecode/PropertyCondition.cpp 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/bytecode/PropertyCondition.cpp 2019-10-10 00:36:17 UTC (rev 250947)
@@ -54,9 +54,6 @@
case Equivalence:
out.print(m_header.type(), " of ", m_header.pointer(), " with ", inContext(requiredValue(), context));
return;
- case CustomFunctionEquivalence:
- out.print(m_header.type(), " of ", m_header.pointer());
- return;
case HasPrototype:
out.print(m_header.type(), " with prototype ", inContext(JSValue(prototype()), context));
return;
@@ -89,7 +86,6 @@
case Absence:
case AbsenceOfSetEffect:
case Equivalence:
- case CustomFunctionEquivalence:
if (!structure->propertyAccessesAreCacheable()) {
if (PropertyConditionInternal::verbose)
dataLog("Invalid because property accesses are not cacheable.\n");
@@ -252,13 +248,7 @@
}
return true;
- }
- case CustomFunctionEquivalence: {
- if (structure->staticPropertiesReified())
- return false;
- return !!structure->findPropertyHashEntry(uid());
- }
- }
+ } }
RELEASE_ASSERT_NOT_REACHED();
return false;
@@ -273,7 +263,6 @@
case Presence:
case Absence:
case Equivalence:
- case CustomFunctionEquivalence:
return structure->needImpurePropertyWatchpoint();
case AbsenceOfSetEffect:
case HasPrototype:
@@ -299,7 +288,6 @@
break;
case Presence:
case Equivalence:
- case CustomFunctionEquivalence:
if (structure->typeInfo().getOwnPropertySlotIsImpure())
return false;
break;
@@ -341,21 +329,6 @@
break;
}
-
- case CustomFunctionEquivalence: {
- // We just use the structure transition watchpoint for this. A structure S starts
- // off with a property P in the static property hash table. If S transitions to
- // S', either P remains in the static property table or not. If not, then we
- // are no longer valid. So the above check of transitionWatchpointSetHasBeenInvalidated
- // is sufficient.
- //
- // We could make this smarter in the future, since we sometimes reify static properties.
- // We could make this adapt to looking at the object's storage for such reified custom
- // functions, but we don't do that right now. We just allow this property condition to
- // invalidate and create an Equivalence watchpoint for the materialized property sometime
- // in the future.
- break;
- }
default:
break;
@@ -430,9 +403,6 @@
case JSC::PropertyCondition::Equivalence:
out.print("Equivalence");
return;
- case JSC::PropertyCondition::CustomFunctionEquivalence:
- out.print("CustomFunctionEquivalence");
- return;
case JSC::PropertyCondition::HasPrototype:
out.print("HasPrototype");
return;
Modified: tags/Safari-609.1.6/Source/_javascript_Core/bytecode/PropertyCondition.h (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/bytecode/PropertyCondition.h 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/bytecode/PropertyCondition.h 2019-10-10 00:36:17 UTC (rev 250947)
@@ -40,7 +40,6 @@
Absence,
AbsenceOfSetEffect,
Equivalence, // An adaptive watchpoint on this will be a pair of watchpoints, and when the structure transitions, we will set the replacement watchpoint on the new structure.
- CustomFunctionEquivalence, // Custom value or accessor.
HasPrototype
};
@@ -123,13 +122,6 @@
vm.heap.writeBarrier(owner);
return equivalenceWithoutBarrier(uid, value);
}
-
- static PropertyCondition customFunctionEquivalence(UniquedStringImpl* uid)
- {
- PropertyCondition result;
- result.m_header = Header(uid, CustomFunctionEquivalence);
- return result;
- }
static PropertyCondition hasPrototypeWithoutBarrier(JSObject* prototype)
{
@@ -201,8 +193,6 @@
case Equivalence:
result ^= EncodedJSValueHash::hash(u.equivalence.value);
break;
- case CustomFunctionEquivalence:
- break;
}
return result;
}
@@ -223,8 +213,6 @@
return u.prototype.prototype == other.u.prototype.prototype;
case Equivalence:
return u.equivalence.value == other.u.equivalence.value;
- case CustomFunctionEquivalence:
- return true;
}
RELEASE_ASSERT_NOT_REACHED();
return false;
@@ -291,12 +279,12 @@
// This means that it's still valid and we could enforce validity by setting a transition
// watchpoint on the structure and possibly an impure property watchpoint.
bool isWatchableAssumingImpurePropertyWatchpoint(
- Structure*, JSObject* base, WatchabilityEffort = MakeNoChanges) const;
+ Structure*, JSObject* base = nullptr, WatchabilityEffort = MakeNoChanges) const;
// This means that it's still valid and we could enforce validity by setting a transition
// watchpoint on the structure.
bool isWatchable(
- Structure*, JSObject*, WatchabilityEffort = MakeNoChanges) const;
+ Structure*, JSObject* base = nullptr, WatchabilityEffort = MakeNoChanges) const;
bool watchingRequiresStructureTransitionWatchpoint() const
{
Modified: tags/Safari-609.1.6/Source/_javascript_Core/bytecode/StructureStubClearingWatchpoint.cpp (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/bytecode/StructureStubClearingWatchpoint.cpp 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/bytecode/StructureStubClearingWatchpoint.cpp 2019-10-10 00:36:17 UTC (rev 250947)
@@ -34,7 +34,7 @@
namespace JSC {
-void StructureTransitionStructureStubClearingWatchpoint::fireInternal(VM& vm, const FireDetail&)
+void StructureStubClearingWatchpoint::fireInternal(VM& vm, const FireDetail&)
{
if (!m_holder->isValid())
return;
@@ -62,15 +62,12 @@
return m_codeBlock->isLive();
}
-WatchpointsOnStructureStubInfo::Node& WatchpointsOnStructureStubInfo::addWatchpoint(const ObjectPropertyCondition& key)
+StructureStubClearingWatchpoint* WatchpointsOnStructureStubInfo::addWatchpoint(const ObjectPropertyCondition& key)
{
- if (!key || key.condition().kind() != PropertyCondition::Equivalence)
- return *m_watchpoints.add(WTF::in_place<StructureTransitionStructureStubClearingWatchpoint>, key, *this);
- ASSERT(key.condition().kind() == PropertyCondition::Equivalence);
- return *m_watchpoints.add(WTF::in_place<AdaptiveValueStructureStubClearingWatchpoint>, key, *this);
+ return m_watchpoints.add(key, *this);
}
-void WatchpointsOnStructureStubInfo::ensureReferenceAndInstallWatchpoint(
+StructureStubClearingWatchpoint* WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint(
std::unique_ptr<WatchpointsOnStructureStubInfo>& holderRef, CodeBlock* codeBlock,
StructureStubInfo* stubInfo, const ObjectPropertyCondition& key)
{
@@ -81,43 +78,9 @@
ASSERT(holderRef->m_stubInfo == stubInfo);
}
- ASSERT(!!key);
- auto& watchpointVariant = holderRef->addWatchpoint(key);
- if (key.kind() == PropertyCondition::Equivalence) {
- auto& adaptiveWatchpoint = WTF::get<AdaptiveValueStructureStubClearingWatchpoint>(watchpointVariant);
- adaptiveWatchpoint.install(codeBlock->vm());
- } else {
- auto* structureTransitionWatchpoint = &WTF::get<StructureTransitionStructureStubClearingWatchpoint>(watchpointVariant);
- key.object()->structure()->addTransitionWatchpoint(structureTransitionWatchpoint);
- }
+ return holderRef->addWatchpoint(key);
}
-Watchpoint* WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint(
- std::unique_ptr<WatchpointsOnStructureStubInfo>& holderRef, CodeBlock* codeBlock,
- StructureStubInfo* stubInfo)
-{
- if (!holderRef)
- holderRef = makeUnique<WatchpointsOnStructureStubInfo>(codeBlock, stubInfo);
- else {
- ASSERT(holderRef->m_codeBlock == codeBlock);
- ASSERT(holderRef->m_stubInfo == stubInfo);
- }
-
- return &WTF::get<StructureTransitionStructureStubClearingWatchpoint>(holderRef->addWatchpoint(ObjectPropertyCondition()));
-}
-
-void AdaptiveValueStructureStubClearingWatchpoint::handleFire(VM&, const FireDetail&)
-{
- if (!m_holder->isValid())
- return;
-
- // This will implicitly cause my own demise: stub reset removes all watchpoints.
- // That works, because deleting a watchpoint removes it from the set's list, and
- // the set's list traversal for firing is robust against the set changing.
- ConcurrentJSLocker locker(m_holder->codeBlock()->m_lock);
- m_holder->stubInfo()->reset(m_holder->codeBlock());
-}
-
} // namespace JSC
#endif // ENABLE(JIT)
Modified: tags/Safari-609.1.6/Source/_javascript_Core/bytecode/StructureStubClearingWatchpoint.h (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/bytecode/StructureStubClearingWatchpoint.h 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/bytecode/StructureStubClearingWatchpoint.h 2019-10-10 00:36:17 UTC (rev 250947)
@@ -25,11 +25,11 @@
#pragma once
+#include "ObjectPropertyCondition.h"
+#include "Watchpoint.h"
+
#if ENABLE(JIT)
-#include "AdaptiveInferredPropertyValueWatchpointBase.h"
-#include "ObjectPropertyCondition.h"
-#include "Watchpoint.h"
#include <wtf/Bag.h>
#include <wtf/FastMalloc.h>
#include <wtf/Noncopyable.h>
@@ -40,12 +40,12 @@
class StructureStubInfo;
class WatchpointsOnStructureStubInfo;
-class StructureTransitionStructureStubClearingWatchpoint final : public Watchpoint {
- WTF_MAKE_NONCOPYABLE(StructureTransitionStructureStubClearingWatchpoint);
+class StructureStubClearingWatchpoint final : public Watchpoint {
+ WTF_MAKE_NONCOPYABLE(StructureStubClearingWatchpoint);
WTF_MAKE_FAST_ALLOCATED;
public:
- StructureTransitionStructureStubClearingWatchpoint(const ObjectPropertyCondition& key, WatchpointsOnStructureStubInfo& holder)
- : Watchpoint(Watchpoint::Type::StructureTransitionStructureStubClearing)
+ StructureStubClearingWatchpoint(const ObjectPropertyCondition& key, WatchpointsOnStructureStubInfo& holder)
+ : Watchpoint(Watchpoint::Type::StructureStubClearing)
, m_holder(&holder)
, m_key(key)
{
@@ -59,26 +59,6 @@
JSC_WATCHPOINT_FIELD(ObjectPropertyCondition, m_key);
};
-class AdaptiveValueStructureStubClearingWatchpoint final : public AdaptiveInferredPropertyValueWatchpointBase {
- using Base = AdaptiveInferredPropertyValueWatchpointBase;
- WTF_MAKE_NONCOPYABLE(AdaptiveValueStructureStubClearingWatchpoint);
- WTF_MAKE_FAST_ALLOCATED;
-
- void handleFire(VM&, const FireDetail&) override;
-
-public:
- AdaptiveValueStructureStubClearingWatchpoint(const ObjectPropertyCondition& key, WatchpointsOnStructureStubInfo& holder)
- : Base(key)
- , m_holder(&holder)
- {
- RELEASE_ASSERT(key.condition().kind() == PropertyCondition::Equivalence);
- }
-
-
-private:
- PackedPtr<WatchpointsOnStructureStubInfo> m_holder;
-};
-
class WatchpointsOnStructureStubInfo {
WTF_MAKE_NONCOPYABLE(WatchpointsOnStructureStubInfo);
WTF_MAKE_FAST_ALLOCATED;
@@ -89,16 +69,11 @@
{
}
- using Node = Variant<StructureTransitionStructureStubClearingWatchpoint, AdaptiveValueStructureStubClearingWatchpoint>;
-
- Node& addWatchpoint(const ObjectPropertyCondition& key);
+ StructureStubClearingWatchpoint* addWatchpoint(const ObjectPropertyCondition& key);
- static void ensureReferenceAndInstallWatchpoint(
+ static StructureStubClearingWatchpoint* ensureReferenceAndAddWatchpoint(
std::unique_ptr<WatchpointsOnStructureStubInfo>& holderRef,
CodeBlock*, StructureStubInfo*, const ObjectPropertyCondition& key);
- static Watchpoint* ensureReferenceAndAddWatchpoint(
- std::unique_ptr<WatchpointsOnStructureStubInfo>& holderRef,
- CodeBlock*, StructureStubInfo*);
CodeBlock* codeBlock() const { return m_codeBlock; }
StructureStubInfo* stubInfo() const { return m_stubInfo; }
@@ -108,9 +83,7 @@
private:
CodeBlock* m_codeBlock;
StructureStubInfo* m_stubInfo;
- // FIXME: use less memory for the entries in this Bag:
- // https://bugs.webkit.org/show_bug.cgi?id=202380
- Bag<WTF::Variant<StructureTransitionStructureStubClearingWatchpoint, AdaptiveValueStructureStubClearingWatchpoint>> m_watchpoints;
+ Bag<StructureStubClearingWatchpoint> m_watchpoints;
};
} // namespace JSC
Modified: tags/Safari-609.1.6/Source/_javascript_Core/bytecode/Watchpoint.h (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/bytecode/Watchpoint.h 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/bytecode/Watchpoint.h 2019-10-10 00:36:17 UTC (rev 250947)
@@ -115,7 +115,7 @@
#if ENABLE(JIT)
#define JSC_WATCHPOINT_TYPES_WITHOUT_DFG(macro) \
JSC_WATCHPOINT_TYPES_WITHOUT_JIT(macro) \
- macro(StructureTransitionStructureStubClearing, StructureTransitionStructureStubClearingWatchpoint)
+ macro(StructureStubClearing, StructureStubClearingWatchpoint)
#if ENABLE(DFG_JIT)
#define JSC_WATCHPOINT_TYPES(macro) \
Modified: tags/Safari-609.1.6/Source/_javascript_Core/jit/Repatch.cpp (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/jit/Repatch.cpp 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/jit/Repatch.cpp 2019-10-10 00:36:17 UTC (rev 250947)
@@ -321,7 +321,7 @@
} else {
conditionSet = generateConditionsForPrototypePropertyHitCustom(
vm, codeBlock, exec, structure, slot.slotBase(),
- propertyName.impl(), slot.attributes());
+ propertyName.impl());
}
if (!conditionSet.isValid())
@@ -549,7 +549,7 @@
prototypeAccessChain = nullptr;
conditionSet =
generateConditionsForPrototypePropertyHitCustom(
- vm, codeBlock, exec, structure, slot.base(), ident.impl(), static_cast<unsigned>(PropertyAttribute::None));
+ vm, codeBlock, exec, structure, slot.base(), ident.impl());
if (!conditionSet.isValid())
return GiveUpOnCache;
}
Modified: tags/Safari-609.1.6/Source/_javascript_Core/runtime/ClassInfo.h (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/runtime/ClassInfo.h 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/runtime/ClassInfo.h 2019-10-10 00:36:17 UTC (rev 250947)
@@ -189,18 +189,12 @@
sizeof(ClassName)
struct ClassInfo {
- using CheckSubClassSnippetFunctionPtr = Ref<Snippet> (*)(void);
-
// A string denoting the class name. Example: "Window".
const char* className;
+
// Pointer to the class information of the base class.
// nullptrif there is none.
const ClassInfo* parentClass;
- const HashTable* staticPropHashTable;
- CheckSubClassSnippetFunctionPtr checkSubClassSnippet;
- MethodTable methodTable;
- TypedArrayType typedArrayStorageType;
- unsigned staticClassSize;
static ptrdiff_t offsetOfParentClass()
{
@@ -219,6 +213,16 @@
JS_EXPORT_PRIVATE void dump(PrintStream&) const;
JS_EXPORT_PRIVATE bool hasStaticSetterOrReadonlyProperties() const;
+
+ const HashTable* staticPropHashTable;
+
+ using CheckSubClassSnippetFunctionPtr = Ref<Snippet> (*)(void);
+ CheckSubClassSnippetFunctionPtr checkSubClassSnippet;
+
+ MethodTable methodTable;
+
+ TypedArrayType typedArrayStorageType;
+ unsigned staticClassSize;
};
} // namespace JSC
Modified: tags/Safari-609.1.6/Source/_javascript_Core/runtime/JSObject.cpp (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/runtime/JSObject.cpp 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/runtime/JSObject.cpp 2019-10-10 00:36:17 UTC (rev 250947)
@@ -2222,9 +2222,15 @@
return false;
}
-Optional<Structure::PropertyHashEntry> JSObject::findPropertyHashEntry(VM& vm, PropertyName propertyName) const
+auto JSObject::findPropertyHashEntry(VM& vm, PropertyName propertyName) const -> Optional<PropertyHashEntry>
{
- return structure(vm)->findPropertyHashEntry(propertyName);
+ for (const ClassInfo* info = classInfo(vm); info; info = info->parentClass) {
+ if (const HashTable* propHashTable = info->staticPropHashTable) {
+ if (const HashTableValue* entry = propHashTable->entry(propertyName))
+ return PropertyHashEntry { propHashTable, entry };
+ }
+ }
+ return WTF::nullopt;
}
bool JSObject::hasInstance(ExecState* exec, JSValue value, JSValue hasInstanceValue)
Modified: tags/Safari-609.1.6/Source/_javascript_Core/runtime/JSObject.h (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/runtime/JSObject.h 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/runtime/JSObject.h 2019-10-10 00:36:17 UTC (rev 250947)
@@ -906,8 +906,6 @@
bool mayBePrototype() const;
void didBecomePrototype();
- Optional<Structure::PropertyHashEntry> findPropertyHashEntry(VM&, PropertyName) const;
-
DECLARE_EXPORT_INFO;
protected:
@@ -1037,7 +1035,7 @@
// This is relevant to undecided, int32, double, and contiguous.
unsigned countElements();
-
+
private:
friend class LLIntOffsetsExtractor;
friend class VMInspector;
@@ -1065,6 +1063,11 @@
void fillCustomGetterPropertySlot(VM&, PropertySlot&, CustomGetterSetter*, unsigned, Structure*);
JS_EXPORT_PRIVATE bool getOwnStaticPropertySlot(VM&, PropertyName, PropertySlot&);
+ struct PropertyHashEntry {
+ const HashTable* table;
+ const HashTableValue* value;
+ };
+ Optional<PropertyHashEntry> findPropertyHashEntry(VM&, PropertyName) const;
bool putByIndexBeyondVectorLength(ExecState*, unsigned propertyName, JSValue, bool shouldThrow);
bool putDirectIndexBeyondVectorLengthWithArrayStorage(ExecState*, unsigned propertyName, JSValue, unsigned attributes, PutDirectIndexMode, ArrayStorage*);
Modified: tags/Safari-609.1.6/Source/_javascript_Core/runtime/ObjectPropertyChangeAdaptiveWatchpoint.h (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/runtime/ObjectPropertyChangeAdaptiveWatchpoint.h 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/runtime/ObjectPropertyChangeAdaptiveWatchpoint.h 2019-10-10 00:36:17 UTC (rev 250947)
@@ -29,16 +29,16 @@
namespace JSC {
-template<typename WatchpointSet>
+template<typename Watchpoint>
class ObjectPropertyChangeAdaptiveWatchpoint final : public AdaptiveInferredPropertyValueWatchpointBase {
public:
using Base = AdaptiveInferredPropertyValueWatchpointBase;
- ObjectPropertyChangeAdaptiveWatchpoint(JSCell* owner, const ObjectPropertyCondition& condition, WatchpointSet& watchpointSet)
+ ObjectPropertyChangeAdaptiveWatchpoint(JSCell* owner, const ObjectPropertyCondition& condition, Watchpoint& watchpoint)
: Base(condition)
, m_owner(owner)
- , m_watchpointSet(watchpointSet)
+ , m_watchpoint(watchpoint)
{
- RELEASE_ASSERT(watchpointSet.stateOnJSThread() == IsWatched);
+ RELEASE_ASSERT(watchpoint.stateOnJSThread() == IsWatched);
}
private:
@@ -49,11 +49,11 @@
void handleFire(VM& vm, const FireDetail&) override
{
- m_watchpointSet.fireAll(vm, StringFireDetail("Object Property is changed."));
+ m_watchpoint.fireAll(vm, StringFireDetail("Object Property is changed."));
}
JSCell* m_owner;
- WatchpointSet& m_watchpointSet;
+ Watchpoint& m_watchpoint;
};
} // namespace JSC
Modified: tags/Safari-609.1.6/Source/_javascript_Core/runtime/Structure.cpp (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/runtime/Structure.cpp 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/runtime/Structure.cpp 2019-10-10 00:36:17 UTC (rev 250947)
@@ -1238,15 +1238,4 @@
return true;
}
-auto Structure::findPropertyHashEntry(PropertyName propertyName) const -> Optional<PropertyHashEntry>
-{
- for (const ClassInfo* info = classInfo(); info; info = info->parentClass) {
- if (const HashTable* propHashTable = info->staticPropHashTable) {
- if (const HashTableValue* entry = propHashTable->entry(propertyName))
- return PropertyHashEntry { propHashTable, entry };
- }
- }
- return WTF::nullopt;
-}
-
} // namespace JSC
Modified: tags/Safari-609.1.6/Source/_javascript_Core/runtime/Structure.h (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/runtime/Structure.h 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/runtime/Structure.h 2019-10-10 00:36:17 UTC (rev 250947)
@@ -61,8 +61,6 @@
class SlotVisitor;
class JSString;
struct DumpContext;
-struct HashTable;
-struct HashTableValue;
// The out-of-line property storage capacity to use when first allocating out-of-line
// storage. Note that all objects start out without having any out-of-line storage;
@@ -617,12 +615,6 @@
unsigned propertyHash() const { return m_propertyHash; }
static bool shouldConvertToPolyProto(const Structure* a, const Structure* b);
-
- struct PropertyHashEntry {
- const HashTable* table;
- const HashTableValue* value;
- };
- Optional<PropertyHashEntry> findPropertyHashEntry(PropertyName) const;
DECLARE_EXPORT_INFO;
Modified: tags/Safari-609.1.6/Source/_javascript_Core/tools/JSDollarVM.cpp (250946 => 250947)
--- tags/Safari-609.1.6/Source/_javascript_Core/tools/JSDollarVM.cpp 2019-10-10 00:24:44 UTC (rev 250946)
+++ tags/Safari-609.1.6/Source/_javascript_Core/tools/JSDollarVM.cpp 2019-10-10 00:36:17 UTC (rev 250947)
@@ -586,79 +586,6 @@
Vector<int> m_vector;
};
-static const struct CompactHashIndex staticCustomAccessorTableIndex[2] = {
- { 0, -1 },
- { -1, -1 },
-};
-
-static EncodedJSValue testStaticAccessorGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
-{
- DollarVMAssertScope assertScope;
- VM& vm = exec->vm();
-
- JSObject* thisObject = jsDynamicCast<JSObject*>(vm, JSValue::decode(thisValue));
- RELEASE_ASSERT(thisObject);
-
- if (JSValue result = thisObject->getDirect(vm, PropertyName(Identifier::fromString(vm, "testField"))))
- return JSValue::encode(result);
- return JSValue::encode(jsUndefined());
-}
-
-static bool testStaticAccessorPutter(ExecState* exec, EncodedJSValue thisValue, EncodedJSValue value)
-{
- DollarVMAssertScope assertScope;
- VM& vm = exec->vm();
-
- JSObject* thisObject = jsDynamicCast<JSObject*>(vm, JSValue::decode(thisValue));
- RELEASE_ASSERT(thisObject);
-
- return thisObject->putDirect(vm, PropertyName(Identifier::fromString(vm, "testField")), JSValue::decode(value));
-}
-
-static const struct HashTableValue staticCustomAccessorTableValues[1] = {
- { "testStaticAccessor", static_cast<unsigned>(PropertyAttribute::CustomAccessor), NoIntrinsic, { (intptr_t)static_cast<PropertySlot::GetValueFunc>(testStaticAccessorGetter), (intptr_t)static_cast<PutPropertySlot::PutValueFunc>(testStaticAccessorPutter) } },
-};
-
-static const struct HashTable staticCustomAccessorTable =
- { 1, 1, true, nullptr, staticCustomAccessorTableValues, staticCustomAccessorTableIndex };
-
-class StaticCustomAccessor : public JSNonFinalObject {
- using Base = JSNonFinalObject;
-public:
- StaticCustomAccessor(VM& vm, Structure* structure)
- : Base(vm, structure)
- {
- DollarVMAssertScope assertScope;
- }
-
- DECLARE_INFO;
-
- static constexpr unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | OverridesGetOwnPropertySlot;
-
- static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
- {
- DollarVMAssertScope assertScope;
- return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
- }
-
- static StaticCustomAccessor* create(VM& vm, Structure* structure)
- {
- DollarVMAssertScope assertScope;
- StaticCustomAccessor* accessor = new (NotNull, allocateCell<StaticCustomAccessor>(vm.heap)) StaticCustomAccessor(vm, structure);
- accessor->finishCreation(vm);
- return accessor;
- }
-
- static bool getOwnPropertySlot(JSObject* thisObject, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
- {
- if (String(propertyName.uid()) == "thinAirCustomGetter") {
- slot.setCacheableCustom(thisObject, PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum | PropertyAttribute::CustomAccessor, testStaticAccessorGetter);
- return true;
- }
- return JSNonFinalObject::getOwnPropertySlot(thisObject, exec, propertyName, slot);
- }
-};
-
class DOMJITNode : public JSNonFinalObject {
public:
DOMJITNode(VM& vm, Structure* structure)
@@ -802,7 +729,6 @@
putDirectCustomAccessor(vm, Identifier::fromString(vm, "customGetter"), customGetterSetter, PropertyAttribute::ReadOnly | PropertyAttribute::CustomAccessor);
}
-
class DOMJITGetterComplex : public DOMJITNode {
public:
DOMJITGetterComplex(VM& vm, Structure* structure)
@@ -1273,8 +1199,6 @@
const ClassInfo DOMJITCheckSubClassObject::s_info = { "DOMJITCheckSubClassObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(DOMJITCheckSubClassObject) };
const ClassInfo JSTestCustomGetterSetter::s_info = { "JSTestCustomGetterSetter", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSTestCustomGetterSetter) };
-const ClassInfo StaticCustomAccessor::s_info = { "StaticCustomAccessor", &Base::s_info, &staticCustomAccessorTable, nullptr, CREATE_METHOD_TABLE(StaticCustomAccessor) };
-
ElementHandleOwner* Element::handleOwner()
{
DollarVMAssertScope assertScope;
@@ -2091,16 +2015,6 @@
}
#endif
-static EncodedJSValue JSC_HOST_CALL functionCreateStaticCustomAccessor(JSGlobalObject* globalObject, CallFrame*)
-{
- DollarVMAssertScope assertScope;
- VM& vm = globalObject->vm();
- JSLockHolder lock(vm);
- Structure* structure = StaticCustomAccessor::createStructure(vm, globalObject, jsNull());
- auto* result = StaticCustomAccessor::create(vm, structure);
- return JSValue::encode(result);
-}
-
static EncodedJSValue JSC_HOST_CALL functionSetImpureGetterDelegate(JSGlobalObject* globalObject, CallFrame* callFrame)
{
DollarVMAssertScope assertScope;
@@ -2622,7 +2536,6 @@
#if ENABLE(WEBASSEMBLY)
addFunction(vm, "createWasmStreamingParser", functionCreateWasmStreamingParser, 0);
#endif
- addFunction(vm, "createStaticCustomAccessor", functionCreateStaticCustomAccessor, 0);
addFunction(vm, "getPrivateProperty", functionGetPrivateProperty, 2);
addFunction(vm, "setImpureGetterDelegate", functionSetImpureGetterDelegate, 2);
