Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (284663 => 284664)
--- trunk/Source/_javascript_Core/ChangeLog 2021-10-22 02:15:01 UTC (rev 284663)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-10-22 04:31:45 UTC (rev 284664)
@@ -1,3 +1,36 @@
+2021-10-21 Saam Barati <[email protected]>
+
+ Clean up some code around checking the state of Watchpoints
+ https://bugs.webkit.org/show_bug.cgi?id=232111
+
+ Reviewed by Yusuke Suzuki.
+
+ No need to have state() and stateOnJSThread(), since they're now the same.
+ Also, there is no need to check the allocation watchpoint twice for the
+ function/internal function allocation profiles.
+
+ * bytecode/Watchpoint.h:
+ (JSC::WatchpointSet::isStillValid const):
+ (JSC::WatchpointSet::stateOnJSThread const): Deleted.
+ (JSC::WatchpointSet::isStillValidOnJSThread const): Deleted.
+ (JSC::InlineWatchpointSet::stateOnJSThread const): Deleted.
+ * dfg/DFGAbstractInterpreterInlines.h:
+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::handleCreateInternalFieldObject):
+ * dfg/DFGConstantFoldingPhase.cpp:
+ (JSC::DFG::ConstantFoldingPhase::foldConstants):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::speciesWatchpointIsValid):
+ (JSC::canUseDefaultArrayJoinForToString):
+ * runtime/InferredValue.h:
+ (JSC::InferredValue::notifyWrite):
+ (JSC::InferredValue::stateOnJSThread const): Deleted.
+ * runtime/JSArrayBufferPrototypeInlines.h:
+ (JSC::speciesWatchpointIsValid):
+ * runtime/ObjectPropertyChangeAdaptiveWatchpoint.h:
+
2021-10-21 Mark Lam <[email protected]>
Remove an unused field: Heap::m_copyingRememberedSet.
Modified: trunk/Source/_javascript_Core/bytecode/Watchpoint.h (284663 => 284664)
--- trunk/Source/_javascript_Core/bytecode/Watchpoint.h 2021-10-22 02:15:01 UTC (rev 284663)
+++ trunk/Source/_javascript_Core/bytecode/Watchpoint.h 2021-10-22 04:31:45 UTC (rev 284664)
@@ -190,17 +190,14 @@
return adoptRef(*new WatchpointSet(state));
}
- // Fast way of getting the state, which only works from the main thread.
- WatchpointState stateOnJSThread() const
- {
- return static_cast<WatchpointState>(m_state);
- }
-
- // It is safe to call this from another thread. It may return an old
- // state. Guarantees that if *first* read the state() of the thing being
- // watched and it returned IsWatched and *second* you actually read its
- // value then it's safe to assume that if the state being watched changes
- // then also the watchpoint state() will change to IsInvalidated.
+ // It is always safe to call this from the main thread.
+ // It is also safe to call this from another thread. It may return an old
+ // state. Generally speaking, a safe pattern to use in a concurrent compiler
+ // thread is:
+ // if (watchpoint.isValid()) {
+ // watch(watchpoint);
+ // do optimizations;
+ // }
WatchpointState state() const
{
WatchpointState result = static_cast<WatchpointState>(m_state);
@@ -217,11 +214,6 @@
{
return state() != IsInvalidated;
}
- // Fast way of testing isStillValid(), which only works from the main thread.
- bool isStillValidOnJSThread() const
- {
- return stateOnJSThread() != IsInvalidated;
- }
// Like isStillValid(), may be called from another thread.
bool hasBeenInvalidated() const { return !isStillValid(); }
@@ -340,18 +332,7 @@
freeFat();
}
- // Fast way of getting the state, which only works from the main thread.
- WatchpointState stateOnJSThread() const
- {
- uintptr_t data = ""
- if (isFat(data))
- return fat(data)->stateOnJSThread();
- return decodeState(data);
- }
-
- // It is safe to call this from another thread. It may return a prior state,
- // but that should be fine since you should only perform actions based on the
- // state if you also add a watchpoint.
+ // See comment about state() in Watchpoint above.
WatchpointState state() const
{
uintptr_t data = ""
Modified: trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h (284663 => 284664)
--- trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2021-10-22 02:15:01 UTC (rev 284663)
+++ trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2021-10-22 04:31:45 UTC (rev 284664)
@@ -3042,8 +3042,7 @@
Structure* structure = rareData->internalFunctionAllocationStructure();
if (structure
&& structure->classInfo() == (node->isInternalPromise() ? JSInternalPromise::info() : JSPromise::info())
- && structure->globalObject() == globalObject
- && rareData->allocationProfileWatchpointSet().isStillValid()) {
+ && structure->globalObject() == globalObject) {
m_graph.freeze(rareData);
m_graph.watchpoints().addLazily(rareData->allocationProfileWatchpointSet());
m_state.setShouldTryConstantFolding(true);
@@ -3071,8 +3070,7 @@
Structure* structure = rareData->internalFunctionAllocationStructure();
if (structure
&& structure->classInfo() == classInfo
- && structure->globalObject() == globalObject
- && rareData->allocationProfileWatchpointSet().isStillValid()) {
+ && structure->globalObject() == globalObject) {
m_graph.freeze(rareData);
m_graph.watchpoints().addLazily(rareData->allocationProfileWatchpointSet());
m_state.setShouldTryConstantFolding(true);
Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (284663 => 284664)
--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2021-10-22 02:15:01 UTC (rev 284663)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2021-10-22 04:31:45 UTC (rev 284664)
@@ -5546,8 +5546,7 @@
Structure* structure = rareData->objectAllocationStructure();
JSObject* prototype = rareData->objectAllocationPrototype();
if (structure
- && (structure->hasMonoProto() || prototype)
- && rareData->allocationProfileWatchpointSet().isStillValid()) {
+ && (structure->hasMonoProto() || prototype)) {
m_graph.freeze(rareData);
m_graph.watchpoints().addLazily(rareData->allocationProfileWatchpointSet());
@@ -5628,8 +5627,7 @@
Structure* structure = rareData->internalFunctionAllocationStructure();
if (structure
&& structure->classInfo() == (bytecode.m_isInternalPromise ? JSInternalPromise::info() : JSPromise::info())
- && structure->globalObject() == globalObject
- && rareData->allocationProfileWatchpointSet().isStillValid()) {
+ && structure->globalObject() == globalObject) {
m_graph.freeze(rareData);
m_graph.watchpoints().addLazily(rareData->allocationProfileWatchpointSet());
@@ -9012,8 +9010,7 @@
Structure* structure = rareData->internalFunctionAllocationStructure();
if (structure
&& structure->classInfo() == classInfo
- && structure->globalObject() == globalObject
- && rareData->allocationProfileWatchpointSet().isStillValid()) {
+ && structure->globalObject() == globalObject) {
m_graph.freeze(rareData);
m_graph.watchpoints().addLazily(rareData->allocationProfileWatchpointSet());
Modified: trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp (284663 => 284664)
--- trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp 2021-10-22 02:15:01 UTC (rev 284663)
+++ trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp 2021-10-22 04:31:45 UTC (rev 284664)
@@ -736,9 +736,7 @@
Structure* structure = rareData->objectAllocationStructure();
JSObject* prototype = rareData->objectAllocationPrototype();
if (structure
- && (structure->hasMonoProto() || prototype)
- && rareData->allocationProfileWatchpointSet().isStillValid()) {
-
+ && (structure->hasMonoProto() || prototype)) {
m_graph.freeze(rareData);
m_graph.watchpoints().addLazily(rareData->allocationProfileWatchpointSet());
node->convertToNewObject(m_graph.registerStructure(structure));
@@ -758,7 +756,6 @@
}
changed = true;
break;
-
}
}
}
@@ -781,8 +778,7 @@
Structure* structure = rareData->internalFunctionAllocationStructure();
if (structure
&& structure->classInfo() == (node->isInternalPromise() ? JSInternalPromise::info() : JSPromise::info())
- && structure->globalObject() == globalObject
- && rareData->allocationProfileWatchpointSet().isStillValid()) {
+ && structure->globalObject() == globalObject) {
m_graph.freeze(rareData);
m_graph.watchpoints().addLazily(rareData->allocationProfileWatchpointSet());
node->convertToNewInternalFieldObject(m_graph.registerStructure(structure));
@@ -807,8 +803,7 @@
Structure* structure = rareData->internalFunctionAllocationStructure();
if (structure
&& structure->classInfo() == classInfo
- && structure->globalObject() == globalObject
- && rareData->allocationProfileWatchpointSet().isStillValid()) {
+ && structure->globalObject() == globalObject) {
m_graph.freeze(rareData);
m_graph.watchpoints().addLazily(rareData->allocationProfileWatchpointSet());
node->convertToNewInternalFieldObjectWithInlineFields(newOp, m_graph.registerStructure(structure));
Modified: trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp (284663 => 284664)
--- trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2021-10-22 02:15:01 UTC (rev 284663)
+++ trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2021-10-22 04:31:45 UTC (rev 284664)
@@ -186,15 +186,15 @@
JSGlobalObject* globalObject = thisObject->globalObject(vm);
ArrayPrototype* arrayPrototype = globalObject->arrayPrototype();
- if (globalObject->arraySpeciesWatchpointSet().stateOnJSThread() == ClearWatchpoint) {
+ if (globalObject->arraySpeciesWatchpointSet().state() == ClearWatchpoint) {
dataLogLnIf(ArrayPrototypeInternal::verbose, "Initializing Array species watchpoints for Array.prototype: ", pointerDump(arrayPrototype), " with structure: ", pointerDump(arrayPrototype->structure(vm)), "\nand Array: ", pointerDump(globalObject->arrayConstructor()), " with structure: ", pointerDump(globalObject->arrayConstructor()->structure(vm)));
globalObject->tryInstallArraySpeciesWatchpoint();
- ASSERT(globalObject->arraySpeciesWatchpointSet().stateOnJSThread() != ClearWatchpoint);
+ ASSERT(globalObject->arraySpeciesWatchpointSet().state() != ClearWatchpoint);
}
return !thisObject->hasCustomProperties(vm)
&& arrayPrototype == thisObject->getPrototypeDirect(vm)
- && globalObject->arraySpeciesWatchpointSet().stateOnJSThread() == IsWatched;
+ && globalObject->arraySpeciesWatchpointSet().state() == IsWatched;
}
enum class SpeciesConstructResult : uint8_t {
@@ -583,7 +583,7 @@
{
JSGlobalObject* globalObject = thisObject->globalObject();
- if (globalObject->arrayJoinWatchpointSet().stateOnJSThread() != IsWatched)
+ if (globalObject->arrayJoinWatchpointSet().state() != IsWatched)
return false;
Structure* structure = thisObject->structure(vm);
Modified: trunk/Source/_javascript_Core/runtime/InferredValue.h (284663 => 284664)
--- trunk/Source/_javascript_Core/runtime/InferredValue.h 2021-10-22 02:15:01 UTC (rev 284663)
+++ trunk/Source/_javascript_Core/runtime/InferredValue.h 2021-10-22 04:31:45 UTC (rev 284664)
@@ -67,15 +67,6 @@
freeFat();
}
- // Fast way of getting the state, which only works from the main thread.
- WatchpointState stateOnJSThread() const
- {
- uintptr_t data = ""
- if (isFat(data))
- return fat(data)->stateOnJSThread();
- return decodeState(data);
- }
-
// It is safe to call this from another thread. It may return a prior state,
// but that should be fine since you should only perform actions based on the
// state if you also add a watchpoint.
@@ -120,7 +111,7 @@
void notifyWrite(VM& vm, JSCell* owner, JSCellType* value, const FireDetail& detail)
{
- if (LIKELY(stateOnJSThread() == IsInvalidated))
+ if (LIKELY(state() == IsInvalidated))
return;
notifyWriteSlow(vm, owner, value, detail);
}
@@ -127,7 +118,7 @@
void notifyWrite(VM& vm, JSCell* owner, JSCellType* value, const char* reason)
{
- if (LIKELY(stateOnJSThread() == IsInvalidated))
+ if (LIKELY(state() == IsInvalidated))
return;
notifyWriteSlow(vm, owner, value, reason);
}
Modified: trunk/Source/_javascript_Core/runtime/JSArrayBufferPrototypeInlines.h (284663 => 284664)
--- trunk/Source/_javascript_Core/runtime/JSArrayBufferPrototypeInlines.h 2021-10-22 02:15:01 UTC (rev 284663)
+++ trunk/Source/_javascript_Core/runtime/JSArrayBufferPrototypeInlines.h 2021-10-22 04:31:45 UTC (rev 284664)
@@ -39,15 +39,15 @@
JSGlobalObject* globalObject = thisObject->globalObject(vm);
auto* prototype = globalObject->arrayBufferPrototype(mode);
- if (globalObject->arrayBufferSpeciesWatchpointSet(mode).stateOnJSThread() == ClearWatchpoint) {
+ if (globalObject->arrayBufferSpeciesWatchpointSet(mode).state() == ClearWatchpoint) {
dataLogLnIf(JSArrayBufferPrototypeInternal::verbose, "Initializing ArrayBuffer species watchpoints for ArrayBuffer.prototype: ", pointerDump(prototype), " with structure: ", pointerDump(prototype->structure(vm)), "\nand ArrayBuffer: ", pointerDump(globalObject->arrayBufferConstructor(mode)), " with structure: ", pointerDump(globalObject->arrayBufferConstructor(mode)->structure(vm)));
globalObject->tryInstallArrayBufferSpeciesWatchpoint(mode);
- ASSERT(globalObject->arrayBufferSpeciesWatchpointSet(mode).stateOnJSThread() != ClearWatchpoint);
+ ASSERT(globalObject->arrayBufferSpeciesWatchpointSet(mode).state() != ClearWatchpoint);
}
return !thisObject->hasCustomProperties(vm)
&& prototype == thisObject->getPrototypeDirect(vm)
- && globalObject->arrayBufferSpeciesWatchpointSet(mode).stateOnJSThread() == IsWatched;
+ && globalObject->arrayBufferSpeciesWatchpointSet(mode).state() == IsWatched;
}
ALWAYS_INLINE std::optional<JSValue> arrayBufferSpeciesConstructor(JSGlobalObject* globalObject, JSArrayBuffer* thisObject, ArrayBufferSharingMode mode)
Modified: trunk/Source/_javascript_Core/runtime/ObjectPropertyChangeAdaptiveWatchpoint.h (284663 => 284664)
--- trunk/Source/_javascript_Core/runtime/ObjectPropertyChangeAdaptiveWatchpoint.h 2021-10-22 02:15:01 UTC (rev 284663)
+++ trunk/Source/_javascript_Core/runtime/ObjectPropertyChangeAdaptiveWatchpoint.h 2021-10-22 04:31:45 UTC (rev 284664)
@@ -38,7 +38,7 @@
, m_owner(owner)
, m_watchpointSet(watchpointSet)
{
- RELEASE_ASSERT(watchpointSet.stateOnJSThread() == IsWatched);
+ RELEASE_ASSERT(watchpointSet.state() == IsWatched);
}
private:
Modified: trunk/Source/WebCore/ChangeLog (284663 => 284664)
--- trunk/Source/WebCore/ChangeLog 2021-10-22 02:15:01 UTC (rev 284663)
+++ trunk/Source/WebCore/ChangeLog 2021-10-22 04:31:45 UTC (rev 284664)
@@ -1,3 +1,13 @@
+2021-10-21 Saam Barati <[email protected]>
+
+ Clean up some code around checking the state of Watchpoints
+ https://bugs.webkit.org/show_bug.cgi?id=232111
+
+ Reviewed by Yusuke Suzuki.
+
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::JSDOMWindow::getOwnPropertySlot):
+
2021-10-21 Chris Dumez <[email protected]>
Form submission should be cancelled if the form gets detached from inside the formdata event handler
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (284663 => 284664)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2021-10-22 02:15:01 UTC (rev 284663)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2021-10-22 04:31:45 UTC (rev 284664)
@@ -204,7 +204,7 @@
thisObject->m_windowCloseWatchpoints = WatchpointSet::create(thisObject->wrapped().frame() ? IsWatched : IsInvalidated);
// We use m_windowCloseWatchpoints to clear any inline caches once the frame is cleared.
// This is sound because DOMWindow can be associated with at most one frame in its lifetime.
- if (thisObject->m_windowCloseWatchpoints->isStillValidOnJSThread())
+ if (thisObject->m_windowCloseWatchpoints->isStillValid())
slot.setWatchpointSet(*thisObject->m_windowCloseWatchpoints);
// (2) Regular own properties.
