Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (285686 => 285687)
--- trunk/Source/_javascript_Core/ChangeLog 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1,5 +1,128 @@
2021-11-11 Mark Lam <[email protected]>
+ Add VM::writeBarrier() and VM::mutatorFence().
+ https://bugs.webkit.org/show_bug.cgi?id=233019
+ rdar://85318693
+
+ Reviewed by Saam Barati.
+
+ These are ALWAYS_INLINE functions that will forward the call to the Heap versions.
+ Adding these allows us to make all the client code more terse, and also makes it
+ easier to redirect the underlying writeBarrier implementation later for global GC
+ work. Additionally, this will help make the global GC patch less of a mega patch
+ and easier to review later.
+
+ Also remove unused Heap::writeBarrierWithoutFence().
+
+ This is a refactoring patch. There is no behavior change.
+
+ * bytecode/LLIntCallLinkInfo.h:
+ (JSC::LLIntCallLinkInfo::link):
+ * bytecode/ObjectPropertyCondition.h:
+ (JSC::ObjectPropertyCondition::presence):
+ (JSC::ObjectPropertyCondition::absence):
+ (JSC::ObjectPropertyCondition::absenceOfSetEffect):
+ (JSC::ObjectPropertyCondition::equivalence):
+ (JSC::ObjectPropertyCondition::hasStaticProperty):
+ (JSC::ObjectPropertyCondition::hasPrototype):
+ * bytecode/PropertyCondition.h:
+ (JSC::PropertyCondition::absence):
+ (JSC::PropertyCondition::absenceOfSetEffect):
+ (JSC::PropertyCondition::equivalence):
+ (JSC::PropertyCondition::hasPrototype):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::initGetByIdSelf):
+ (JSC::StructureStubInfo::initPutByIdReplace):
+ (JSC::StructureStubInfo::initInByIdSelf):
+ (JSC::StructureStubInfo::addAccessCase):
+ * bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::considerCaching):
+ * bytecode/UnlinkedCodeBlockGenerator.cpp:
+ (JSC::UnlinkedCodeBlockGenerator::finalize):
+ * bytecode/UnlinkedFunctionExecutable.cpp:
+ (JSC::UnlinkedFunctionExecutable::decodeCachedCodeBlocks):
+ * dfg/DFGJITFinalizer.cpp:
+ (JSC::DFG::JITFinalizer::finalize):
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::JSC_DEFINE_JIT_OPERATION):
+ * dfg/DFGPlan.cpp:
+ (JSC::DFG::Plan::finalize):
+ * ftl/FTLJITFinalizer.cpp:
+ (JSC::FTL::JITFinalizer::finalize):
+ * heap/Heap.h:
+ * heap/HeapInlines.h:
+ (JSC::Heap::writeBarrierWithoutFence): Deleted.
+ * jit/JITOperations.cpp:
+ (JSC::JSC_DEFINE_JIT_OPERATION):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ (JSC::LLInt::setupGetByIdPrototypeCache):
+ (JSC::LLInt::performLLIntGetByID):
+ (JSC::LLInt::llint_write_barrier_slow):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::JSC_DEFINE_HOST_FUNCTION):
+ * runtime/AuxiliaryBarrierInlines.h:
+ (JSC::AuxiliaryBarrier<T>::AuxiliaryBarrier):
+ (JSC::AuxiliaryBarrier<T>::set):
+ * runtime/CommonSlowPaths.cpp:
+ (JSC::JSC_DEFINE_COMMON_SLOW_PATH):
+ * runtime/ErrorInstance.cpp:
+ (JSC::ErrorInstance::finishCreation):
+ * runtime/InferredValue.h:
+ (JSC::InferredValue<JSCellType>::InferredValueWatchpointSet::notifyWriteSlow):
+ (JSC::InferredValue<JSCellType>::notifyWriteSlow):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::appendMemcpy):
+ (JSC::JSArray::shiftCountWithAnyIndexingType):
+ (JSC::JSArray::unshiftCountWithAnyIndexingType):
+ * runtime/JSArrayInlines.h:
+ (JSC::JSArray::pushInline):
+ * runtime/JSCellInlines.h:
+ (JSC::JSCell::finishCreation):
+ (JSC::JSCell::setStructure):
+ * runtime/JSFinalizationRegistry.cpp:
+ (JSC::JSFinalizationRegistry::registerTarget):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::allocateRareData):
+ (JSC::JSFunction::allocateAndInitializeRareData):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::putByIndex):
+ * runtime/JSObject.h:
+ (JSC::JSObject::trySetIndexQuickly):
+ (JSC::JSObject::setIndexQuickly):
+ * runtime/JSWeakObjectRef.h:
+ * runtime/LazyPropertyInlines.h:
+ (JSC::ElementType>::setMayBeNull):
+ * runtime/ObjectInitializationScope.cpp:
+ (JSC::ObjectInitializationScope::~ObjectInitializationScope):
+ * runtime/ObjectInitializationScope.h:
+ (JSC::ObjectInitializationScope::~ObjectInitializationScope):
+ * runtime/RegExpCachedResult.cpp:
+ (JSC::RegExpCachedResult::lastResult):
+ * runtime/RegExpCachedResult.h:
+ (JSC::RegExpCachedResult::record):
+ * runtime/RegExpObject.h:
+ * runtime/ScriptExecutable.cpp:
+ (JSC::ScriptExecutable::installCode):
+ * runtime/Structure.cpp:
+ (JSC::Structure::flattenDictionaryStructure):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::finishCreation):
+ * runtime/StructureRareDataInlines.h:
+ (JSC::StructureRareData::setCachedPropertyNameEnumerator):
+ * runtime/VM.h:
+ (JSC::VM::writeBarrier):
+ (JSC::VM::writeBarrierSlowPath):
+ (JSC::VM::mutatorFence):
+ * runtime/WriteBarrierInlines.h:
+ (JSC::Traits>::setEarlyValue):
+ (JSC::RawValueTraits<Unknown>>::set):
+ * wasm/WasmOperations.cpp:
+ (JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
+ * wasm/js/JSWebAssemblyInstance.h:
+
+2021-11-11 Mark Lam <[email protected]>
+
Disable JIT runs of the ExecutionTimeLimitTest when !ENABLE(JIT).
https://bugs.webkit.org/show_bug.cgi?id=233003
Modified: trunk/Source/_javascript_Core/bytecode/LLIntCallLinkInfo.h (285686 => 285687)
--- trunk/Source/_javascript_Core/bytecode/LLIntCallLinkInfo.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/bytecode/LLIntCallLinkInfo.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -56,7 +56,7 @@
if (isOnList())
remove();
m_calleeOrLastSeenCalleeWithLinkBit = bitwise_cast<uintptr_t>(callee);
- vm.heap.writeBarrier(owner, callee);
+ vm.writeBarrier(owner, callee);
m_machineCodeTarget = codePtr;
}
Modified: trunk/Source/_javascript_Core/bytecode/ObjectPropertyCondition.h (285686 => 285687)
--- trunk/Source/_javascript_Core/bytecode/ObjectPropertyCondition.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/bytecode/ObjectPropertyCondition.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -66,7 +66,7 @@
unsigned attributes)
{
if (owner)
- vm.heap.writeBarrier(owner);
+ vm.writeBarrier(owner);
return presenceWithoutBarrier(object, uid, offset, attributes);
}
@@ -84,7 +84,7 @@
VM& vm, JSCell* owner, JSObject* object, UniquedStringImpl* uid, JSObject* prototype)
{
if (owner)
- vm.heap.writeBarrier(owner);
+ vm.writeBarrier(owner);
return absenceWithoutBarrier(object, uid, prototype);
}
@@ -101,7 +101,7 @@
VM& vm, JSCell* owner, JSObject* object, UniquedStringImpl* uid, JSObject* prototype)
{
if (owner)
- vm.heap.writeBarrier(owner);
+ vm.writeBarrier(owner);
return absenceOfSetEffectWithoutBarrier(object, uid, prototype);
}
@@ -118,7 +118,7 @@
VM& vm, JSCell* owner, JSObject* object, UniquedStringImpl* uid, JSValue value)
{
if (owner)
- vm.heap.writeBarrier(owner);
+ vm.writeBarrier(owner);
return equivalenceWithoutBarrier(object, uid, value);
}
@@ -129,7 +129,7 @@
result.m_object = object;
result.m_condition = PropertyCondition::hasStaticProperty(uid);
if (owner)
- vm.heap.writeBarrier(owner);
+ vm.writeBarrier(owner);
return result;
}
@@ -145,7 +145,7 @@
VM& vm, JSCell* owner, JSObject* object, JSObject* prototype)
{
if (owner)
- vm.heap.writeBarrier(owner);
+ vm.writeBarrier(owner);
return hasPrototypeWithoutBarrier(object, prototype);
}
Modified: trunk/Source/_javascript_Core/bytecode/PropertyCondition.h (285686 => 285687)
--- trunk/Source/_javascript_Core/bytecode/PropertyCondition.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/bytecode/PropertyCondition.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -86,7 +86,7 @@
VM& vm, JSCell* owner, UniquedStringImpl* uid, JSObject* prototype)
{
if (owner)
- vm.heap.writeBarrier(owner);
+ vm.writeBarrier(owner);
return absenceWithoutBarrier(uid, prototype);
}
@@ -103,7 +103,7 @@
VM& vm, JSCell* owner, UniquedStringImpl* uid, JSObject* prototype)
{
if (owner)
- vm.heap.writeBarrier(owner);
+ vm.writeBarrier(owner);
return absenceOfSetEffectWithoutBarrier(uid, prototype);
}
@@ -120,7 +120,7 @@
VM& vm, JSCell* owner, UniquedStringImpl* uid, JSValue value)
{
if (value.isCell() && owner)
- vm.heap.writeBarrier(owner);
+ vm.writeBarrier(owner);
return equivalenceWithoutBarrier(uid, value);
}
@@ -142,7 +142,7 @@
static PropertyCondition hasPrototype(VM& vm, JSCell* owner, JSObject* prototype)
{
if (owner)
- vm.heap.writeBarrier(owner);
+ vm.writeBarrier(owner);
return hasPrototypeWithoutBarrier(prototype);
}
Modified: trunk/Source/_javascript_Core/bytecode/StructureStubInfo.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/bytecode/StructureStubInfo.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/bytecode/StructureStubInfo.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -50,7 +50,7 @@
setCacheType(locker, CacheType::GetByIdSelf);
m_identifier = identifier;
m_inlineAccessBaseStructure = inlineAccessBaseStructure->id();
- codeBlock->vm().heap.writeBarrier(codeBlock);
+ codeBlock->vm().writeBarrier(codeBlock);
byIdSelfOffset = offset;
}
@@ -72,7 +72,7 @@
setCacheType(locker, CacheType::PutByIdReplace);
m_identifier = identifier;
m_inlineAccessBaseStructure = inlineAccessBaseStructure->id();
- codeBlock->vm().heap.writeBarrier(codeBlock);
+ codeBlock->vm().writeBarrier(codeBlock);
byIdSelfOffset = offset;
}
@@ -82,7 +82,7 @@
setCacheType(locker, CacheType::InByIdSelf);
m_identifier = identifier;
m_inlineAccessBaseStructure = inlineAccessBaseStructure->id();
- codeBlock->vm().heap.writeBarrier(codeBlock);
+ codeBlock->vm().writeBarrier(codeBlock);
byIdSelfOffset = offset;
}
@@ -227,7 +227,7 @@
bufferingCountdown = Options::repatchBufferingCountdown();
return result;
})();
- vm.heap.writeBarrier(codeBlock);
+ vm.writeBarrier(codeBlock);
return result;
}
Modified: trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h (285686 => 285687)
--- trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -278,7 +278,7 @@
isNewlyAdded = m_bufferedStructures.add({ structure, impl }).isNewEntry;
}
if (isNewlyAdded)
- vm.heap.writeBarrier(codeBlock);
+ vm.writeBarrier(codeBlock);
return isNewlyAdded;
}
countdown--;
Modified: trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlockGenerator.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlockGenerator.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlockGenerator.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -156,7 +156,7 @@
if (UNLIKELY(Options::returnEarlyFromInfiniteLoopsForFuzzing()))
m_codeBlock->initializeLoopHintExecutionCounter();
}
- m_vm.heap.writeBarrier(m_codeBlock.get());
+ m_vm.writeBarrier(m_codeBlock.get());
m_vm.heap.reportExtraMemoryAllocated(m_codeBlock->m_instructions->sizeInBytes() + m_codeBlock->m_metadata->sizeInBytes());
}
Modified: trunk/Source/_javascript_Core/bytecode/UnlinkedFunctionExecutable.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/bytecode/UnlinkedFunctionExecutable.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/bytecode/UnlinkedFunctionExecutable.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -277,7 +277,7 @@
WTF::storeStoreFence();
m_isCached = false;
- vm.heap.writeBarrier(this);
+ vm.writeBarrier(this);
}
UnlinkedFunctionExecutable::RareData& UnlinkedFunctionExecutable::ensureRareDataSlow()
Modified: trunk/Source/_javascript_Core/dfg/DFGJITFinalizer.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/dfg/DFGJITFinalizer.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/dfg/DFGJITFinalizer.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2020 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -77,7 +77,7 @@
// The codeBlock is now responsible for keeping many things alive (e.g. frozen values)
// that were previously kept alive by the plan.
- vm.heap.writeBarrier(codeBlock);
+ vm.writeBarrier(codeBlock);
return true;
}
@@ -85,4 +85,3 @@
} } // namespace JSC::DFG
#endif // ENABLE(DFG_JIT)
-
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -2067,7 +2067,7 @@
// The caller will store to this object without barriers. Most likely, at this point, this is
// still a young object and so no barriers are needed. But it's good to be careful anyway,
// since the GC should be allowed to do crazy (like pretenuring, for example).
- vm.heap.writeBarrier(result);
+ vm.writeBarrier(result);
return result;
}
Modified: trunk/Source/_javascript_Core/dfg/DFGPlan.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/dfg/DFGPlan.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/dfg/DFGPlan.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -583,7 +583,7 @@
}();
// We will establish new references from the code block to things. So, we need a barrier.
- m_vm->heap.writeBarrier(m_codeBlock);
+ m_vm->writeBarrier(m_codeBlock);
m_callback->compilationDidComplete(m_codeBlock, m_profiledDFGCodeBlock, result);
Modified: trunk/Source/_javascript_Core/ftl/FTLJITFinalizer.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/ftl/FTLJITFinalizer.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/ftl/FTLJITFinalizer.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2020 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -74,7 +74,7 @@
// The codeBlock is now responsible for keeping many things alive (e.g. frozen values)
// that were previously kept alive by the plan.
- vm.heap.writeBarrier(codeBlock);
+ vm.writeBarrier(codeBlock);
return true;
}
@@ -82,4 +82,3 @@
} } // namespace JSC::FTL
#endif // ENABLE(FTL_JIT)
-
Modified: trunk/Source/_javascript_Core/heap/Heap.h (285686 => 285687)
--- trunk/Source/_javascript_Core/heap/Heap.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/heap/Heap.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -127,9 +127,7 @@
void writeBarrier(const JSCell* from);
void writeBarrier(const JSCell* from, JSValue to);
void writeBarrier(const JSCell* from, JSCell* to);
-
- void writeBarrierWithoutFence(const JSCell* from);
-
+
void mutatorFence();
// Take this if you know that from->cellState() < barrierThreshold.
Modified: trunk/Source/_javascript_Core/heap/HeapInlines.h (285686 => 285687)
--- trunk/Source/_javascript_Core/heap/HeapInlines.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/heap/HeapInlines.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -125,15 +125,6 @@
writeBarrierSlowPath(from);
}
-inline void Heap::writeBarrierWithoutFence(const JSCell* from)
-{
- ASSERT_GC_OBJECT_LOOKS_VALID(const_cast<JSCell*>(from));
- if (!from)
- return;
- if (UNLIKELY(isWithinThreshold(from->cellState(), blackThreshold)))
- addToRememberedSet(from);
-}
-
inline void Heap::mutatorFence()
{
if (isX86() || UNLIKELY(mutatorShouldBeFenced()))
Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/jit/JITOperations.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/jit/JITOperations.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -3109,7 +3109,7 @@
VM& vm = *vmPointer;
CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
- vm.heap.writeBarrier(cell);
+ vm.writeBarrier(cell);
}
JSC_DEFINE_JIT_OPERATION(operationWriteBarrierSlowPath, void, (VM* vmPointer, JSCell* cell))
@@ -3117,7 +3117,7 @@
VM& vm = *vmPointer;
CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
- vm.heap.writeBarrierSlowPath(cell);
+ vm.writeBarrierSlowPath(cell);
}
JSC_DEFINE_JIT_OPERATION(operationLookupExceptionHandler, void, (VM* vmPointer))
Modified: trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -696,7 +696,7 @@
metadata.m_structureID = structure->id();
metadata.m_offset = slot.cachedOffset();
}
- vm.heap.writeBarrier(codeBlock);
+ vm.writeBarrier(codeBlock);
}
}
}
@@ -771,7 +771,7 @@
metadata.setProtoLoadMode(structure, offset, slot.slotBase());
}
}
- vm.heap.writeBarrier(codeBlock);
+ vm.writeBarrier(codeBlock);
}
static JSValue performLLIntGetByID(const Instruction* pc, CodeBlock* codeBlock, JSGlobalObject* globalObject, JSValue baseValue, const Identifier& ident, GetByIdModeMetadata& metadata)
@@ -826,7 +826,7 @@
if (structure->propertyAccessesAreCacheable() && !structure->needImpurePropertyWatchpoint()) {
metadata.defaultMode.structureID = structure->id();
metadata.defaultMode.cachedOffset = slot.cachedOffset();
- vm.heap.writeBarrier(codeBlock);
+ vm.writeBarrier(codeBlock);
}
} else if (UNLIKELY(metadata.hitCountForLLIntCaching && slot.isValue())) {
ASSERT(slot.slotBase() != baseValue);
@@ -840,7 +840,7 @@
metadata.setArrayLengthMode();
metadata.arrayLengthMode.arrayProfile.observeStructure(baseValue.asCell()->structure(vm));
}
- vm.heap.writeBarrier(codeBlock);
+ vm.writeBarrier(codeBlock);
}
return result;
@@ -979,7 +979,7 @@
ASSERT(chain);
metadata.m_structureChain.set(vm, codeBlock, chain);
}
- vm.heap.writeBarrier(codeBlock);
+ vm.writeBarrier(codeBlock);
}
}
}
@@ -997,7 +997,7 @@
metadata.m_oldStructureID = newStructure->id();
metadata.m_offset = slot.cachedOffset();
}
- vm.heap.writeBarrier(codeBlock);
+ vm.writeBarrier(codeBlock);
}
}
}
@@ -1153,7 +1153,7 @@
// Update the cached private symbol
metadata.m_property.set(vm, codeBlock, subscript.asCell());
}
- vm.heap.writeBarrier(codeBlock);
+ vm.writeBarrier(codeBlock);
}
}
}
@@ -1297,7 +1297,7 @@
metadata.m_offset = slot.cachedOffset();
metadata.m_newStructureID = newStructure->id();
metadata.m_property.set(vm, codeBlock, subscript.asCell());
- vm.heap.writeBarrier(codeBlock);
+ vm.writeBarrier(codeBlock);
}
}
}
@@ -1316,7 +1316,7 @@
metadata.m_offset = slot.cachedOffset();
metadata.m_property.set(vm, codeBlock, subscript.asCell());
}
- vm.heap.writeBarrier(codeBlock);
+ vm.writeBarrier(codeBlock);
}
}
}
@@ -1358,7 +1358,7 @@
metadata.m_newStructureID = newStructure->id();
metadata.m_brand.set(vm, codeBlock, brand.asCell());
}
- vm.heap.writeBarrier(codeBlock);
+ vm.writeBarrier(codeBlock);
}
LLINT_END();
@@ -1389,7 +1389,7 @@
metadata.m_structureID = structure->id();
metadata.m_brand.set(vm, codeBlock, brand.asCell());
- vm.heap.writeBarrier(codeBlock);
+ vm.writeBarrier(codeBlock);
}
LLINT_END();
@@ -2551,7 +2551,7 @@
extern "C" void llint_write_barrier_slow(CallFrame* callFrame, JSCell* cell)
{
VM& vm = callFrame->codeBlock()->vm();
- vm.heap.writeBarrier(cell);
+ vm.writeBarrier(cell);
}
extern "C" SlowPathReturnType llint_check_vm_entry_permission(VM* vm, ProtoCallFrame*)
Modified: trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -951,7 +951,7 @@
break;
std::reverse(data, data + length);
if (!hasInt32(thisObject->indexingType()))
- vm.heap.writeBarrier(thisObject);
+ vm.writeBarrier(thisObject);
return JSValue::encode(thisObject);
}
case ALL_DOUBLE_INDEXING_TYPES: {
@@ -972,7 +972,7 @@
break;
auto data = ""
std::reverse(data, data + length);
- vm.heap.writeBarrier(thisObject);
+ vm.writeBarrier(thisObject);
return JSValue::encode(thisObject);
}
}
Modified: trunk/Source/_javascript_Core/runtime/AuxiliaryBarrierInlines.h (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/AuxiliaryBarrierInlines.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/AuxiliaryBarrierInlines.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -36,7 +36,7 @@
AuxiliaryBarrier<T>::AuxiliaryBarrier(VM& vm, JSCell* owner, U&& value)
{
m_value = std::forward<U>(value);
- vm.heap.writeBarrier(owner);
+ vm.writeBarrier(owner);
}
template<typename T>
@@ -44,7 +44,7 @@
void AuxiliaryBarrier<T>::set(VM& vm, JSCell* owner, U&& value)
{
m_value = std::forward<U>(value);
- vm.heap.writeBarrier(owner);
+ vm.writeBarrier(owner);
}
} // namespace JSC
Modified: trunk/Source/_javascript_Core/runtime/CommonSlowPaths.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/CommonSlowPaths.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/CommonSlowPaths.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -355,7 +355,7 @@
if (otherStructureID)
metadata.m_toThisStatus = ToThisConflicted;
metadata.m_cachedStructureID = myStructureID;
- vm.heap.writeBarrier(codeBlock, vm.getStructure(myStructureID));
+ vm.writeBarrier(codeBlock, vm.getStructure(myStructureID));
}
} else {
metadata.m_toThisStatus = ToThisConflicted;
Modified: trunk/Source/_javascript_Core/runtime/ErrorInstance.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/ErrorInstance.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/ErrorInstance.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -129,7 +129,7 @@
Locker locker { cellLock() };
m_stackTrace = WTFMove(stackTrace);
}
- vm.heap.writeBarrier(this);
+ vm.writeBarrier(this);
String messageWithSource = message;
if (m_stackTrace && !m_stackTrace->isEmpty() && hasSourceAppender()) {
Modified: trunk/Source/_javascript_Core/runtime/InferredValue.h (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/InferredValue.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/InferredValue.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -209,7 +209,7 @@
switch (state()) {
case ClearWatchpoint:
m_value = value;
- vm.heap.writeBarrier(owner, value);
+ vm.writeBarrier(owner, value);
startWatching();
return;
@@ -241,7 +241,7 @@
case ClearWatchpoint:
ASSERT(decodeState(m_data) != IsInvalidated);
m_data = (bitwise_cast<uintptr_t>(value) & ValueMask) | encodeState(IsWatched);
- vm.heap.writeBarrier(owner, value);
+ vm.writeBarrier(owner, value);
return;
case IsWatched:
Modified: trunk/Source/_javascript_Core/runtime/JSArray.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/JSArray.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/JSArray.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -534,7 +534,7 @@
gcSafeMemcpy(butterfly()->contiguousDouble().data() + startIndex, otherArray->butterfly()->contiguousDouble().data(), sizeof(JSValue) * otherLength);
else {
gcSafeMemcpy(butterfly()->contiguous().data() + startIndex, otherArray->butterfly()->contiguous().data(), sizeof(JSValue) * otherLength);
- vm.heap.writeBarrier(this);
+ vm.writeBarrier(this);
}
return true;
@@ -908,7 +908,7 @@
// Our memmoving of values around in the array could have concealed some of them from
// the collector. Let's make sure that the collector scans this object again.
if (indexingType == ArrayWithContiguous)
- vm.heap.writeBarrier(this);
+ vm.writeBarrier(this);
return true;
}
@@ -1071,7 +1071,7 @@
// Our memmoving of values around in the array could have concealed some of them from
// the collector. Let's make sure that the collector scans this object again.
- vm.heap.writeBarrier(this);
+ vm.writeBarrier(this);
// NOTE: we're leaving being garbage in the part of the array that we shifted out
// of. This is fine because the caller is required to store over that area, and
Modified: trunk/Source/_javascript_Core/runtime/JSArrayInlines.h (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/JSArrayInlines.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/JSArrayInlines.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2016-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2021 Apple Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -160,7 +160,7 @@
if (length < butterfly->vectorLength()) {
butterfly->contiguous().at(this, length).setWithoutWriteBarrier(value);
butterfly->setPublicLength(length + 1);
- vm.heap.writeBarrier(this, value);
+ vm.writeBarrier(this, value);
return;
}
Modified: trunk/Source/_javascript_Core/runtime/JSCellInlines.h (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/JSCellInlines.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/JSCellInlines.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -81,7 +81,7 @@
{
// This object is ready to be escaped so the concurrent GC may see it at any time. We have
// to make sure that none of our stores sink below here.
- vm.heap.mutatorFence();
+ vm.mutatorFence();
#if ENABLE(GC_VALIDATION)
ASSERT(vm.isInitializingObject());
vm.setInitializingObjectClass(0);
@@ -318,7 +318,7 @@
break;
}
}
- vm.heap.writeBarrier(this, structure);
+ vm.writeBarrier(this, structure);
}
inline const MethodTable* JSCell::methodTable(VM& vm) const
Modified: trunk/Source/_javascript_Core/runtime/JSFinalizationRegistry.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/JSFinalizationRegistry.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/JSFinalizationRegistry.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -208,7 +208,7 @@
auto result = m_liveRegistrations.add(jsSecureCast<JSObject*>(vm, token), LiveRegistrations());
result.iterator->value.append(WTFMove(registration));
}
- vm.heap.writeBarrier(this);
+ vm.writeBarrier(this);
}
bool JSFinalizationRegistry::unregister(VM&, JSObject* token)
Modified: trunk/Source/_javascript_Core/runtime/JSFunction.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/JSFunction.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/JSFunction.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -143,7 +143,7 @@
WTF::storeStoreFence();
m_executableOrRareData = executableOrRareData;
- vm.heap.writeBarrier(this, rareData);
+ vm.writeBarrier(this, rareData);
return rareData;
}
@@ -188,7 +188,7 @@
WTF::storeStoreFence();
m_executableOrRareData = executableOrRareData;
- vm.heap.writeBarrier(this, rareData);
+ vm.writeBarrier(this, rareData);
return rareData;
}
Modified: trunk/Source/_javascript_Core/runtime/JSObject.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/JSObject.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/JSObject.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -987,7 +987,7 @@
butterfly->contiguous().at(thisObject, propertyName).setWithoutWriteBarrier(value);
if (propertyName >= butterfly->publicLength())
butterfly->setPublicLength(propertyName + 1);
- vm.heap.writeBarrier(thisObject, value);
+ vm.writeBarrier(thisObject, value);
return true;
}
Modified: trunk/Source/_javascript_Core/runtime/JSObject.h (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/JSObject.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/JSObject.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -440,7 +440,7 @@
butterfly->contiguous().at(this, i).setWithoutWriteBarrier(v);
if (i >= butterfly->publicLength())
butterfly->setPublicLength(i + 1);
- vm.heap.writeBarrier(this, v);
+ vm.writeBarrier(this, v);
return true;
}
case ALL_WRITABLE_DOUBLE_INDEXING_TYPES: {
@@ -496,7 +496,7 @@
butterfly->contiguous().at(this, i).setWithoutWriteBarrier(v);
if (i >= butterfly->publicLength())
butterfly->setPublicLength(i + 1);
- vm.heap.writeBarrier(this, v);
+ vm.writeBarrier(this, v);
break;
}
case ALL_DOUBLE_INDEXING_TYPES: {
Modified: trunk/Source/_javascript_Core/runtime/JSWeakObjectRef.h (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/JSWeakObjectRef.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/JSWeakObjectRef.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -52,7 +52,7 @@
if (m_value && vm.currentWeakRefVersion() != m_lastAccessVersion) {
m_lastAccessVersion = vm.currentWeakRefVersion();
// Perform a GC barrier here so we rescan this object and keep the object alive if we wouldn't otherwise.
- vm.heap.writeBarrier(this);
+ vm.writeBarrier(this);
}
return m_value.get();
Modified: trunk/Source/_javascript_Core/runtime/LazyPropertyInlines.h (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/LazyPropertyInlines.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/LazyPropertyInlines.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -57,7 +57,7 @@
{
m_pointer = bitwise_cast<uintptr_t>(value);
RELEASE_ASSERT(!(m_pointer & lazyTag));
- vm.heap.writeBarrier(owner, value);
+ vm.writeBarrier(owner, value);
}
template<typename OwnerType, typename ElementType>
Modified: trunk/Source/_javascript_Core/runtime/ObjectInitializationScope.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/ObjectInitializationScope.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/ObjectInitializationScope.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -43,7 +43,7 @@
ObjectInitializationScope::~ObjectInitializationScope()
{
- m_vm.heap.mutatorFence();
+ m_vm.mutatorFence();
if (!m_object)
return;
verifyPropertiesAreInitialized(m_object);
Modified: trunk/Source/_javascript_Core/runtime/ObjectInitializationScope.h (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/ObjectInitializationScope.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/ObjectInitializationScope.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017-2020 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -63,7 +63,7 @@
{ }
ALWAYS_INLINE ~ObjectInitializationScope()
{
- m_vm.heap.mutatorFence();
+ m_vm.mutatorFence();
}
ALWAYS_INLINE VM& vm() const { return m_vm; }
Modified: trunk/Source/_javascript_Core/runtime/RegExpCachedResult.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/RegExpCachedResult.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/RegExpCachedResult.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -67,7 +67,7 @@
m_reifiedLeftContext.clear();
m_reifiedRightContext.clear();
m_reified = true;
- vm.heap.writeBarrier(owner);
+ vm.writeBarrier(owner);
}
return m_reifiedResult.get();
}
Modified: trunk/Source/_javascript_Core/runtime/RegExpCachedResult.h (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/RegExpCachedResult.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/RegExpCachedResult.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -51,7 +51,7 @@
m_lastInput.setWithoutWriteBarrier(input);
m_result = result;
m_reified = false;
- vm.heap.writeBarrier(owner);
+ vm.writeBarrier(owner);
}
JSArray* lastResult(JSGlobalObject*, JSObject* owner);
Modified: trunk/Source/_javascript_Core/runtime/RegExpObject.h (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/RegExpObject.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/RegExpObject.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -63,7 +63,7 @@
{
uintptr_t result = (m_regExpAndFlags & flagsMask) | bitwise_cast<uintptr_t>(regExp);
m_regExpAndFlags = result;
- vm.heap.writeBarrier(this, regExp);
+ vm.writeBarrier(this, regExp);
}
RegExp* regExp() const
Modified: trunk/Source/_javascript_Core/runtime/ScriptExecutable.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/ScriptExecutable.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/ScriptExecutable.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -210,7 +210,7 @@
if (oldCodeBlock)
oldCodeBlock->unlinkIncomingCalls();
- vm.heap.writeBarrier(this);
+ vm.writeBarrier(this);
}
bool ScriptExecutable::hasClearableCode(VM& vm) const
Modified: trunk/Source/_javascript_Core/runtime/Structure.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/Structure.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/Structure.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -977,7 +977,7 @@
// We need to do a writebarrier here because the GC thread might be scanning the butterfly while
// we are shuffling properties around. See: https://bugs.webkit.org/show_bug.cgi?id=166989
- vm.heap.writeBarrier(object);
+ vm.writeBarrier(object);
return this;
}
Modified: trunk/Source/_javascript_Core/runtime/StructureChain.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/StructureChain.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/StructureChain.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -62,7 +62,7 @@
for (JSObject* current = head; current; current = current->structure(vm)->storedPrototypeObject(current)) {
Structure* structure = current->structure(vm);
m_vector.get()[i++] = structure->id();
- vm.heap.writeBarrier(this);
+ vm.writeBarrier(this);
}
}
Modified: trunk/Source/_javascript_Core/runtime/StructureRareDataInlines.h (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/StructureRareDataInlines.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/StructureRareDataInlines.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -103,7 +103,7 @@
m_cachedPropertyNameEnumeratorWatchpoints = FixedVector<StructureChainInvalidationWatchpoint>();
bool validatedViaWatchpoint = tryCachePropertyNameEnumeratorViaWatchpoint(vm, baseStructure, chain);
m_cachedPropertyNameEnumeratorAndFlag = ((validatedViaWatchpoint ? 0 : cachedPropertyNameEnumeratorIsValidatedViaTraversingFlag) | bitwise_cast<uintptr_t>(enumerator));
- vm.heap.writeBarrier(this, enumerator);
+ vm.writeBarrier(this, enumerator);
}
inline JSImmutableButterfly* StructureRareData::cachedPropertyNames(CachedPropertyNamesKind kind) const
Modified: trunk/Source/_javascript_Core/runtime/VM.h (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/VM.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/VM.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1204,6 +1204,13 @@
uintptr_t* getLoopHintExecutionCounter(const Instruction*);
void removeLoopHintExecutionCounter(const Instruction*);
+ ALWAYS_INLINE void writeBarrier(const JSCell* from) { heap.writeBarrier(from); }
+ ALWAYS_INLINE void writeBarrier(const JSCell* from, JSValue to) { heap.writeBarrier(from, to); }
+ ALWAYS_INLINE void writeBarrier(const JSCell* from, JSCell* to) { heap.writeBarrier(from, to); }
+ ALWAYS_INLINE void writeBarrierSlowPath(const JSCell* from) { heap.writeBarrierSlowPath(from); }
+
+ ALWAYS_INLINE void mutatorFence() { heap.mutatorFence(); }
+
#if ENABLE(DFG_DOES_GC_VALIDATION)
DoesGCCheck* addressOfDoesGC() { return &m_doesGC; }
void setDoesGCExpectation(bool expectDoesGC, unsigned nodeIndex, unsigned nodeOp) { m_doesGC.set(expectDoesGC, nodeIndex, nodeOp); }
Modified: trunk/Source/_javascript_Core/runtime/WriteBarrierInlines.h (285686 => 285687)
--- trunk/Source/_javascript_Core/runtime/WriteBarrierInlines.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/runtime/WriteBarrierInlines.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -51,7 +51,7 @@
inline void WriteBarrierBase<T, Traits>::setEarlyValue(VM& vm, const JSCell* owner, T* value)
{
Traits::exchange(this->m_cell, value);
- vm.heap.writeBarrier(owner, static_cast<JSCell*>(value));
+ vm.writeBarrier(owner, static_cast<JSCell*>(value));
}
inline void WriteBarrierBase<Unknown, RawValueTraits<Unknown>>::set(VM& vm, const JSCell* owner, JSValue value)
@@ -58,7 +58,7 @@
{
ASSERT(!Options::useConcurrentJIT() || !isCompilationThread());
m_value = JSValue::encode(value);
- vm.heap.writeBarrier(owner, value);
+ vm.writeBarrier(owner, value);
}
} // namespace JSC
Modified: trunk/Source/_javascript_Core/wasm/WasmOperations.cpp (285686 => 285687)
--- trunk/Source/_javascript_Core/wasm/WasmOperations.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/wasm/WasmOperations.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -617,7 +617,7 @@
ASSERT(cell);
ASSERT(vmPointer);
VM& vm = *vmPointer;
- vm.heap.writeBarrierSlowPath(cell);
+ vm.writeBarrierSlowPath(cell);
}
JSC_DEFINE_JIT_OPERATION(operationPopcount32, uint32_t, (int32_t value))
Modified: trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyInstance.h (285686 => 285687)
--- trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyInstance.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyInstance.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -94,7 +94,7 @@
{
ASSERT(value == value->global()->owner<JSWebAssemblyGlobal>());
instance().linkGlobal(index, *value->global());
- vm.heap.writeBarrier(this, value);
+ vm.writeBarrier(this, value);
}
JSGlobalObject* globalObject() const { return m_globalObject.get(); }
Modified: trunk/Source/WebCore/ChangeLog (285686 => 285687)
--- trunk/Source/WebCore/ChangeLog 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/WebCore/ChangeLog 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1,3 +1,30 @@
+2021-11-11 Mark Lam <[email protected]>
+
+ Add VM::writeBarrier() and VM::mutatorFence().
+ https://bugs.webkit.org/show_bug.cgi?id=233019
+ rdar://85318693
+
+ Reviewed by Saam Barati.
+
+ * bindings/js/JSDOMGuardedObject.cpp:
+ (WebCore::DOMGuardedObject::DOMGuardedObject):
+ * bindings/js/JSEventListener.h:
+ (WebCore::JSEventListener::ensureJSFunction const):
+ * bindings/js/JSValueInWrappedObject.h:
+ (WebCore::cachedPropertyValue):
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GenerateAttributeSetterBodyDefinition):
+ (GenerateWriteBarriersForArguments):
+ * bindings/scripts/test/JS/JSTestDefaultToJSON.cpp:
+ (WebCore::setJSTestDefaultToJSON_eventHandlerAttributeSetter):
+ * bindings/scripts/test/JS/JSTestObj.cpp:
+ (WebCore::setJSTestObj_onfooSetter):
+ (WebCore::setJSTestObj_onwebkitfooSetter):
+ (WebCore::jsTestObjPrototypeFunction_addEventListenerBody):
+ (WebCore::jsTestObjPrototypeFunction_removeEventListenerBody):
+ * worklets/PaintWorkletGlobalScope.cpp:
+ (WebCore::PaintWorkletGlobalScope::registerPaint):
+
2021-11-11 Tyler Wilcock <[email protected]>
AX: Add missing AXID variant to AXPropertyValueVariant
Modified: trunk/Source/WebCore/bindings/js/JSDOMGuardedObject.cpp (285686 => 285687)
--- trunk/Source/WebCore/bindings/js/JSDOMGuardedObject.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/WebCore/bindings/js/JSDOMGuardedObject.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -35,7 +35,7 @@
, m_guarded(&guarded)
, m_globalObject(&globalObject)
{
- globalObject.vm().heap.writeBarrier(&globalObject, &guarded);
+ globalObject.vm().writeBarrier(&globalObject, &guarded);
if (globalObject.vm().heap.mutatorShouldBeFenced()) {
Locker locker { globalObject.gcLock() };
globalObject.guardedObjects().add(this);
Modified: trunk/Source/WebCore/bindings/js/JSEventListener.h (285686 => 285687)
--- trunk/Source/WebCore/bindings/js/JSEventListener.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/WebCore/bindings/js/JSEventListener.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -113,7 +113,7 @@
m_jsFunction = JSC::Weak<JSC::JSObject>(function);
// When JSFunction is initialized, initializeJSFunction must ensure that m_wrapper should be initialized too.
ASSERT(m_wrapper);
- vm.heap.writeBarrier(m_wrapper.get(), function);
+ vm.writeBarrier(m_wrapper.get(), function);
m_isInitialized = true;
}
}
Modified: trunk/Source/WebCore/bindings/js/JSValueInWrappedObject.h (285686 => 285687)
--- trunk/Source/WebCore/bindings/js/JSValueInWrappedObject.h 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/WebCore/bindings/js/JSValueInWrappedObject.h 2021-11-11 23:58:13 UTC (rev 285687)
@@ -124,7 +124,7 @@
return cachedValue;
auto value = function();
cachedValue = cloneAcrossWorlds(lexicalGlobalObject, owner, value);
- lexicalGlobalObject.vm().heap.writeBarrier(&owner, value);
+ lexicalGlobalObject.vm().writeBarrier(&owner, value);
ASSERT(isWorldCompatible(lexicalGlobalObject, cachedValue));
return cachedValue;
}
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (285686 => 285687)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2021-11-11 23:58:13 UTC (rev 285687)
@@ -5407,7 +5407,7 @@
: "setEventHandlerAttribute";
push(@$outputArray, " $setter(lexicalGlobalObject, thisObject, thisObject.wrapped(), ${eventName}, value);\n");
}
- push(@$outputArray, " vm.heap.writeBarrier(&thisObject, value);\n");
+ push(@$outputArray, " vm.writeBarrier(&thisObject, value);\n");
push(@$outputArray, " ensureStillAliveHere(value);\n\n");
push(@$outputArray, " return true;\n");
} elsif ($isReplaceable) {
@@ -6618,7 +6618,7 @@
my $hasOutput = 0;
foreach my $argument (@{$operation->arguments}) {
if ($argument->type->name eq "EventListener") {
- push(@$outputArray, $indent . "vm.heap.writeBarrier(&static_cast<JSObject&>(*castedThis), argument${argumentIndex}.value());\n") if !$isDryRun;
+ push(@$outputArray, $indent . "vm.writeBarrier(&static_cast<JSObject&>(*castedThis), argument${argumentIndex}.value());\n") if !$isDryRun;
$hasOutput = 1;
}
$argumentIndex++;
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestDefaultToJSON.cpp (285686 => 285687)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestDefaultToJSON.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestDefaultToJSON.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -319,7 +319,7 @@
{
auto& vm = JSC::getVM(&lexicalGlobalObject);
setEventHandlerAttribute(lexicalGlobalObject, thisObject, thisObject.wrapped(), eventNames().entHandlerAttributeEvent, value);
- vm.heap.writeBarrier(&thisObject, value);
+ vm.writeBarrier(&thisObject, value);
ensureStillAliveHere(value);
return true;
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp (285686 => 285687)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -4171,7 +4171,7 @@
{
auto& vm = JSC::getVM(&lexicalGlobalObject);
setEventHandlerAttribute(lexicalGlobalObject, thisObject, thisObject.wrapped(), eventNames().fooEvent, value);
- vm.heap.writeBarrier(&thisObject, value);
+ vm.writeBarrier(&thisObject, value);
ensureStillAliveHere(value);
return true;
@@ -4197,7 +4197,7 @@
{
auto& vm = JSC::getVM(&lexicalGlobalObject);
setEventHandlerAttribute(lexicalGlobalObject, thisObject, thisObject.wrapped(), eventNames().fooEvent, value);
- vm.heap.writeBarrier(&thisObject, value);
+ vm.writeBarrier(&thisObject, value);
ensureStillAliveHere(value);
return true;
@@ -6167,7 +6167,7 @@
RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
auto result = JSValue::encode(toJS<IDLUndefined>(*lexicalGlobalObject, throwScope, [&]() -> decltype(auto) { return impl.addEventListener(WTFMove(type), WTFMove(listener), WTFMove(useCapture)); }));
RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
- vm.heap.writeBarrier(&static_cast<JSObject&>(*castedThis), argument1.value());
+ vm.writeBarrier(&static_cast<JSObject&>(*castedThis), argument1.value());
return result;
}
@@ -6196,7 +6196,7 @@
RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
auto result = JSValue::encode(toJS<IDLUndefined>(*lexicalGlobalObject, throwScope, [&]() -> decltype(auto) { return impl.removeEventListener(WTFMove(type), WTFMove(listener), WTFMove(useCapture)); }));
RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
- vm.heap.writeBarrier(&static_cast<JSObject&>(*castedThis), argument1.value());
+ vm.writeBarrier(&static_cast<JSObject&>(*castedThis), argument1.value());
return result;
}
Modified: trunk/Source/WebCore/worklets/PaintWorkletGlobalScope.cpp (285686 => 285687)
--- trunk/Source/WebCore/worklets/PaintWorkletGlobalScope.cpp 2021-11-11 23:50:20 UTC (rev 285686)
+++ trunk/Source/WebCore/worklets/PaintWorkletGlobalScope.cpp 2021-11-11 23:58:13 UTC (rev 285687)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2018-2020 Apple Inc. All rights reserved.
+ * Copyright (C) 2018-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -141,7 +141,7 @@
}
// This is for the case when we have already visited the paint definition map, and the GC is currently running in the background.
- vm.heap.writeBarrier(&globalObject);
+ vm.writeBarrier(&globalObject);
// FIXME: construct documentDefinition (step 22).
