Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (286666 => 286667)
--- trunk/Source/_javascript_Core/ChangeLog 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-12-08 19:11:40 UTC (rev 286667)
@@ -1,3 +1,127 @@
+2021-12-08 Yusuke Suzuki <ysuz...@apple.com>
+
+ [JSC] Introduce WriteBarrierStructureID
+ https://bugs.webkit.org/show_bug.cgi?id=233918
+
+ Reviewed by Mark Lam.
+
+ This patch adds WriteBarrierStructureID class, which is similar to WriteBarrier<Structure>, but internally,
+ it holds StructureID, so sizeof(WriteBarrierStructureID) is 4. This class is useful to use StructureID for
+ memory saving while keeping WriteBarrier<Structure>'s useful features (automatically inserts write-barrier when
+ setting etc.). This also paves the way to introducing DOMStructures array with WriteBarrierStructureID instead
+ of costly HashMap<ClassInfo*, WriteBarrier<Structure>>.
+
+ * bytecode/AccessCase.cpp:
+ (JSC::AccessCase::AccessCase):
+ (JSC::AccessCase::forEachDependentCell const):
+ (JSC::AccessCase::dump const):
+ (JSC::AccessCase::propagateTransitions const):
+ (JSC::AccessCase::canBeShared):
+ * bytecode/AccessCase.h:
+ (JSC::AccessCase::structure const):
+ (JSC::AccessCase::newStructure const):
+ (JSC::AccessCase::hash const):
+ (JSC::AccessCase::AccessCase):
+ * bytecode/CheckPrivateBrandStatus.cpp:
+ (JSC::CheckPrivateBrandStatus::computeForStubInfoWithoutExitSiteFeedback):
+ * bytecode/DeleteByStatus.cpp:
+ (JSC::DeleteByStatus::computeForStubInfoWithoutExitSiteFeedback):
+ * bytecode/GetByStatus.cpp:
+ (JSC::GetByStatus::computeForStubInfoWithoutExitSiteFeedback):
+ * bytecode/InByStatus.cpp:
+ (JSC::InByStatus::computeForStubInfoWithoutExitSiteFeedback):
+ * bytecode/InlineAccess.cpp:
+ (JSC::InlineAccess::rewireStubAsJumpInAccess):
+ (JSC::InlineAccess::resetStubAsJumpInAccess):
+ * bytecode/InstanceOfStatus.cpp:
+ (JSC::InstanceOfStatus::computeForStubInfo):
+ * bytecode/InternalFunctionAllocationProfile.h:
+ (JSC::InternalFunctionAllocationProfile::offsetOfStructureID):
+ (JSC::InternalFunctionAllocationProfile::structure):
+ (JSC::InternalFunctionAllocationProfile::clear):
+ (JSC::InternalFunctionAllocationProfile::visitAggregate):
+ (JSC::InternalFunctionAllocationProfile::createAllocationStructureFromBase):
+ (JSC::InternalFunctionAllocationProfile::offsetOfStructure): Deleted.
+ * bytecode/PutByStatus.cpp:
+ (JSC::PutByStatus::computeForStubInfo):
+ * bytecode/SetPrivateBrandStatus.cpp:
+ (JSC::SetPrivateBrandStatus::computeForStubInfoWithoutExitSiteFeedback):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::initGetByIdSelf):
+ (JSC::StructureStubInfo::initPutByIdReplace):
+ (JSC::StructureStubInfo::initInByIdSelf):
+ (JSC::StructureStubInfo::deref):
+ (JSC::StructureStubInfo::aboutToDie):
+ (JSC::StructureStubInfo::addAccessCase):
+ (JSC::StructureStubInfo::reset):
+ (JSC::StructureStubInfo::visitAggregateImpl):
+ (JSC::StructureStubInfo::visitWeakReferences):
+ (JSC::StructureStubInfo::propagateTransitions):
+ (JSC::StructureStubInfo::summary const):
+ (JSC::StructureStubInfo::containsPC const):
+ * bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::inlineAccessBaseStructure):
+ (JSC::StructureStubInfo::offsetOfByIdSelfOffset):
+ (JSC::StructureStubInfo::offsetOfInlineAccessBaseStructureID):
+ (JSC::StructureStubInfo::offsetOfInlineAccessBaseStructure): Deleted.
+ * dfg/DFGSpeculativeJIT.cpp:
+ * ftl/FTLAbstractHeapRepository.h:
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compileCreatePromise):
+ (JSC::FTL::DFG::LowerDFGToB3::compileCreateInternalFieldObject):
+ (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
+ * heap/AbstractSlotVisitor.h:
+ * heap/AbstractSlotVisitorInlines.h:
+ (JSC::AbstractSlotVisitor::append):
+ (JSC::AbstractSlotVisitor::appendHidden):
+ * heap/SlotVisitor.h:
+ * heap/SlotVisitorInlines.h:
+ (JSC::SlotVisitor::append):
+ (JSC::SlotVisitor::appendHidden):
+ * jit/AssemblyHelpers.cpp:
+ (JSC::AssemblyHelpers::emitNonNullDecodeStructureID):
+ (JSC::AssemblyHelpers::emitLoadStructure):
+ * jit/AssemblyHelpers.h:
+ * jit/JITInlineCacheGenerator.cpp:
+ (JSC::generateGetByIdInlineAccess):
+ (JSC::JITPutByIdGenerator::generateBaselineDataICFastPath):
+ (JSC::JITInByIdGenerator::generateBaselineDataICFastPath):
+ * runtime/FunctionExecutable.cpp:
+ (JSC::FunctionExecutable::visitChildrenImpl):
+ * runtime/FunctionExecutable.h:
+ * runtime/FunctionRareData.cpp:
+ (JSC::FunctionRareData::visitChildrenImpl):
+ * runtime/FunctionRareData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::visitChildrenImpl):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSPropertyNameEnumerator.cpp:
+ (JSC::JSPropertyNameEnumerator::JSPropertyNameEnumerator):
+ (JSC::JSPropertyNameEnumerator::visitChildrenImpl):
+ * runtime/JSPropertyNameEnumerator.h:
+ * runtime/StructureRareData.cpp:
+ (JSC::StructureRareData::StructureRareData):
+ * runtime/StructureRareData.h:
+ * runtime/WriteBarrier.h:
+ (JSC::WriteBarrierStructureID::WriteBarrierStructureID):
+ (JSC::WriteBarrierStructureID::get const):
+ (JSC::WriteBarrierStructureID::operator* const):
+ (JSC::WriteBarrierStructureID::operator-> const):
+ (JSC::WriteBarrierStructureID::clear):
+ (JSC::WriteBarrierStructureID::operator bool const):
+ (JSC::WriteBarrierStructureID::operator! const):
+ (JSC::WriteBarrierStructureID::setWithoutWriteBarrier):
+ (JSC::WriteBarrierStructureID::unvalidatedGet const):
+ (JSC::WriteBarrierStructureID::value const):
+ * runtime/WriteBarrierInlines.h:
+ (JSC::WriteBarrierStructureID::set):
+ (JSC::WriteBarrierStructureID::setMayBeNull):
+ (JSC::WriteBarrierStructureID::setEarlyValue):
+ * tools/JSDollarVM.cpp:
+ (JSC::JSDollarVM::finishCreation):
+ (JSC::JSDollarVM::visitChildrenImpl):
+ * tools/JSDollarVM.h:
+
2021-12-07 Saam Barati <sbar...@apple.com>
TypedArray prototype set should go down the fast path when using non clamped integer types of the same byte size
Modified: trunk/Source/_javascript_Core/bytecode/AccessCase.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/bytecode/AccessCase.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/bytecode/AccessCase.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -63,7 +63,7 @@
, m_polyProtoAccessChain(WTFMove(prototypeAccessChain))
, m_identifier(identifier)
{
- m_structure.setMayBeNull(vm, owner, structure);
+ m_structureID.setMayBeNull(vm, owner, structure);
m_conditionSet = conditionSet;
RELEASE_ASSERT(m_conditionSet.isValid());
}
@@ -539,8 +539,8 @@
void AccessCase::forEachDependentCell(VM&, const Functor& functor) const
{
m_conditionSet.forEachDependentCell(functor);
- if (m_structure)
- functor(m_structure.get());
+ if (m_structureID)
+ functor(m_structureID.get());
if (m_polyProtoAccessChain) {
for (StructureID structureID : m_polyProtoAccessChain->chain())
functor(structureID.decode());
@@ -874,8 +874,8 @@
if (m_type == Transition || m_type == Delete || m_type == SetPrivateBrand)
out.print("\n", indent, "from structure = ", pointerDump(structure()),
"\n", indent, "to structure = ", pointerDump(newStructure()));
- else if (m_structure)
- out.print("\n", indent, "structure = ", pointerDump(m_structure.get()));
+ else if (m_structureID)
+ out.print("\n", indent, "structure = ", pointerDump(m_structureID.get()));
}
if (!m_conditionSet.isEmpty())
@@ -904,8 +904,8 @@
template<typename Visitor>
void AccessCase::propagateTransitions(Visitor& visitor) const
{
- if (m_structure)
- m_structure->markIfCheap(visitor);
+ if (m_structureID)
+ m_structureID->markIfCheap(visitor);
if (m_polyProtoAccessChain) {
for (StructureID structureID : m_polyProtoAccessChain->chain())
@@ -915,8 +915,8 @@
switch (m_type) {
case Transition:
case Delete:
- if (visitor.isMarked(m_structure->previousID()))
- visitor.appendUnbarriered(m_structure.get());
+ if (visitor.isMarked(m_structureID->previousID()))
+ visitor.appendUnbarriered(m_structureID.get());
break;
default:
break;
@@ -2613,7 +2613,7 @@
return false;
if (lhs.m_viaProxy != rhs.m_viaProxy)
return false;
- if (lhs.m_structure.get() != rhs.m_structure.get())
+ if (lhs.m_structureID.get() != rhs.m_structureID.get())
return false;
if (lhs.m_identifier != rhs.m_identifier)
return false;
Modified: trunk/Source/_javascript_Core/bytecode/AccessCase.h (286666 => 286667)
--- trunk/Source/_javascript_Core/bytecode/AccessCase.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/bytecode/AccessCase.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -184,8 +184,8 @@
Structure* structure() const
{
if (m_type == Transition || m_type == Delete || m_type == SetPrivateBrand)
- return m_structure->previousID();
- return m_structure.get();
+ return m_structureID->previousID();
+ return m_structureID.get();
}
bool guardedByStructureCheck(const StructureStubInfo&) const;
@@ -192,7 +192,7 @@
Structure* newStructure() const
{
ASSERT(m_type == Transition || m_type == Delete || m_type == SetPrivateBrand);
- return m_structure.get();
+ return m_structureID.get();
}
ObjectPropertyConditionSet conditionSet() const { return m_conditionSet; }
@@ -272,7 +272,7 @@
unsigned hash() const
{
- return computeHash(m_conditionSet.hash(), static_cast<unsigned>(m_type), m_viaProxy, m_structure.unvalidatedGet(), m_offset);
+ return computeHash(m_conditionSet.hash(), static_cast<unsigned>(m_type), m_viaProxy, m_structureID.unvalidatedGet(), m_offset);
}
static bool canBeShared(const AccessCase&, const AccessCase&);
@@ -284,7 +284,7 @@
, m_state(WTFMove(other.m_state))
, m_viaProxy(WTFMove(other.m_viaProxy))
, m_offset(WTFMove(other.m_offset))
- , m_structure(WTFMove(other.m_structure))
+ , m_structureID(WTFMove(other.m_structureID))
, m_conditionSet(WTFMove(other.m_conditionSet))
, m_polyProtoAccessChain(WTFMove(other.m_polyProtoAccessChain))
, m_identifier(WTFMove(other.m_identifier))
@@ -295,7 +295,7 @@
, m_state(other.m_state)
, m_viaProxy(other.m_viaProxy)
, m_offset(other.m_offset)
- , m_structure(other.m_structure)
+ , m_structureID(other.m_structureID)
, m_conditionSet(other.m_conditionSet)
, m_polyProtoAccessChain(other.m_polyProtoAccessChain)
, m_identifier(other.m_identifier)
@@ -348,7 +348,7 @@
// Usually this is the structure that we expect the base object to have. But, this is the *new*
// structure for a transition and we rely on the fact that it has a strong reference to the old
// structure. For proxies, this is the structure of the object behind the proxy.
- WriteBarrier<Structure> m_structure;
+ WriteBarrierStructureID m_structureID;
ObjectPropertyConditionSet m_conditionSet;
Modified: trunk/Source/_javascript_Core/bytecode/CheckPrivateBrandStatus.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/bytecode/CheckPrivateBrandStatus.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/bytecode/CheckPrivateBrandStatus.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -100,7 +100,7 @@
return CheckPrivateBrandStatus(NoInformation);
case CacheType::Stub: {
- PolymorphicAccess* list = stubInfo->u.stub;
+ PolymorphicAccess* list = stubInfo->m_stub;
for (unsigned listIndex = 0; listIndex < list->size(); ++listIndex) {
const AccessCase& access = list->at(listIndex);
Modified: trunk/Source/_javascript_Core/bytecode/DeleteByStatus.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/bytecode/DeleteByStatus.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/bytecode/DeleteByStatus.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -99,7 +99,7 @@
return DeleteByStatus(NoInformation);
case CacheType::Stub: {
- PolymorphicAccess* list = stubInfo->u.stub;
+ PolymorphicAccess* list = stubInfo->m_stub;
for (unsigned listIndex = 0; listIndex < list->size(); ++listIndex) {
const AccessCase& access = list->at(listIndex);
Modified: trunk/Source/_javascript_Core/bytecode/GetByStatus.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/bytecode/GetByStatus.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/bytecode/GetByStatus.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -236,7 +236,7 @@
}
case CacheType::Stub: {
- PolymorphicAccess* list = stubInfo->u.stub;
+ PolymorphicAccess* list = stubInfo->m_stub;
if (list->size() == 1) {
const AccessCase& access = list->at(0);
switch (access.type()) {
Modified: trunk/Source/_javascript_Core/bytecode/InByStatus.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/bytecode/InByStatus.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/bytecode/InByStatus.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -160,7 +160,7 @@
}
case CacheType::Stub: {
- PolymorphicAccess* list = stubInfo->u.stub;
+ PolymorphicAccess* list = stubInfo->m_stub;
for (unsigned listIndex = 0; listIndex < list->size(); ++listIndex) {
const AccessCase& access = list->at(listIndex);
if (access.viaProxy())
Modified: trunk/Source/_javascript_Core/bytecode/InlineAccess.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/bytecode/InlineAccess.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/bytecode/InlineAccess.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -447,7 +447,7 @@
}
stubInfo.m_codePtr = target;
- stubInfo.m_inlineAccessBaseStructure = StructureID(); // Clear out the inline access code.
+ stubInfo.m_inlineAccessBaseStructureID.clear(); // Clear out the inline access code.
return;
}
@@ -464,7 +464,7 @@
{
if (codeBlock->useDataIC() && codeBlock->jitType() == JITType::BaselineJIT) {
stubInfo.m_codePtr = stubInfo.slowPathStartLocation;
- stubInfo.m_inlineAccessBaseStructure = StructureID(); // Clear out the inline access code.
+ stubInfo.m_inlineAccessBaseStructureID.clear(); // Clear out the inline access code.
return;
}
Modified: trunk/Source/_javascript_Core/bytecode/InstanceOfStatus.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/bytecode/InstanceOfStatus.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/bytecode/InstanceOfStatus.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -83,7 +83,7 @@
if (stubInfo->cacheType() != CacheType::Stub)
return TakesSlowPath; // This is conservative. It could be that we have no information.
- PolymorphicAccess* list = stubInfo->u.stub;
+ PolymorphicAccess* list = stubInfo->m_stub;
InstanceOfStatus result;
for (unsigned listIndex = 0; listIndex < list->size(); ++listIndex) {
const AccessCase& access = list->at(listIndex);
Modified: trunk/Source/_javascript_Core/bytecode/InternalFunctionAllocationProfile.h (286666 => 286667)
--- trunk/Source/_javascript_Core/bytecode/InternalFunctionAllocationProfile.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/bytecode/InternalFunctionAllocationProfile.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -33,21 +33,21 @@
class InternalFunctionAllocationProfile {
public:
- static inline ptrdiff_t offsetOfStructure() { return OBJECT_OFFSETOF(InternalFunctionAllocationProfile, m_structure); }
+ static inline ptrdiff_t offsetOfStructureID() { return OBJECT_OFFSETOF(InternalFunctionAllocationProfile, m_structureID); }
- Structure* structure() { return m_structure.get(); }
+ Structure* structure() { return m_structureID.get(); }
Structure* createAllocationStructureFromBase(VM&, JSGlobalObject*, JSCell* owner, JSObject* prototype, Structure* base);
- void clear() { m_structure.clear(); }
- template<typename Visitor> void visitAggregate(Visitor& visitor) { visitor.append(m_structure); }
+ void clear() { m_structureID.clear(); }
+ template<typename Visitor> void visitAggregate(Visitor& visitor) { visitor.append(m_structureID); }
private:
- WriteBarrier<Structure> m_structure;
+ WriteBarrierStructureID m_structureID;
};
inline Structure* InternalFunctionAllocationProfile::createAllocationStructureFromBase(VM& vm, JSGlobalObject* baseGlobalObject, JSCell* owner, JSObject* prototype, Structure* baseStructure)
{
- ASSERT(!m_structure || m_structure.get()->classInfo() != baseStructure->classInfo() || m_structure->globalObject() != baseStructure->globalObject());
+ ASSERT(!m_structureID || m_structureID.get()->classInfo() != baseStructure->classInfo() || m_structureID->globalObject() != baseStructure->globalObject());
ASSERT(baseStructure->hasMonoProto());
Structure* structure;
@@ -61,8 +61,8 @@
// Ensure that if another thread sees the structure, it will see it properly created.
WTF::storeStoreFence();
- m_structure.set(vm, owner, structure);
- return m_structure.get();
+ m_structureID.set(vm, owner, structure);
+ return structure;
}
} // namespace JSC
Modified: trunk/Source/_javascript_Core/bytecode/PutByStatus.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/bytecode/PutByStatus.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/bytecode/PutByStatus.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -188,7 +188,7 @@
}
case CacheType::Stub: {
- PolymorphicAccess* list = stubInfo->u.stub;
+ PolymorphicAccess* list = stubInfo->m_stub;
PutByStatus result;
result.m_state = Simple;
Modified: trunk/Source/_javascript_Core/bytecode/SetPrivateBrandStatus.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/bytecode/SetPrivateBrandStatus.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/bytecode/SetPrivateBrandStatus.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -100,7 +100,7 @@
return SetPrivateBrandStatus(NoInformation);
case CacheType::Stub: {
- PolymorphicAccess* list = stubInfo->u.stub;
+ PolymorphicAccess* list = stubInfo->m_stub;
for (unsigned listIndex = 0; listIndex < list->size(); ++listIndex) {
const AccessCase& access = list->at(listIndex);
Modified: trunk/Source/_javascript_Core/bytecode/StructureStubInfo.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/bytecode/StructureStubInfo.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/bytecode/StructureStubInfo.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -49,8 +49,7 @@
ASSERT(hasConstantIdentifier);
setCacheType(locker, CacheType::GetByIdSelf);
m_identifier = identifier;
- m_inlineAccessBaseStructure = inlineAccessBaseStructure->id();
- codeBlock->vm().writeBarrier(codeBlock);
+ m_inlineAccessBaseStructureID.set(codeBlock->vm(), codeBlock, inlineAccessBaseStructure);
byIdSelfOffset = offset;
}
@@ -71,8 +70,7 @@
ASSERT(m_cacheType == CacheType::Unset);
setCacheType(locker, CacheType::PutByIdReplace);
m_identifier = identifier;
- m_inlineAccessBaseStructure = inlineAccessBaseStructure->id();
- codeBlock->vm().writeBarrier(codeBlock);
+ m_inlineAccessBaseStructureID.set(codeBlock->vm(), codeBlock, inlineAccessBaseStructure);
byIdSelfOffset = offset;
}
@@ -81,8 +79,7 @@
ASSERT(m_cacheType == CacheType::Unset);
setCacheType(locker, CacheType::InByIdSelf);
m_identifier = identifier;
- m_inlineAccessBaseStructure = inlineAccessBaseStructure->id();
- codeBlock->vm().writeBarrier(codeBlock);
+ m_inlineAccessBaseStructureID.set(codeBlock->vm(), codeBlock, inlineAccessBaseStructure);
byIdSelfOffset = offset;
}
@@ -90,7 +87,7 @@
{
switch (m_cacheType) {
case CacheType::Stub:
- delete u.stub;
+ delete m_stub;
return;
case CacheType::Unset:
case CacheType::GetByIdSelf:
@@ -108,7 +105,7 @@
{
switch (m_cacheType) {
case CacheType::Stub:
- u.stub->aboutToDie();
+ m_stub->aboutToDie();
return;
case CacheType::Unset:
case CacheType::GetByIdSelf:
@@ -139,7 +136,7 @@
AccessGenerationResult result;
if (m_cacheType == CacheType::Stub) {
- result = u.stub->addCase(locker, vm, codeBlock, *this, accessCase.releaseNonNull());
+ result = m_stub->addCase(locker, vm, codeBlock, *this, accessCase.releaseNonNull());
if (StructureStubInfoInternal::verbose)
dataLog("Had stub, result: ", result, "\n");
@@ -176,7 +173,7 @@
}
setCacheType(locker, CacheType::Stub);
- u.stub = access.release();
+ m_stub = access.release();
}
ASSERT(m_cacheType == CacheType::Stub);
@@ -202,7 +199,7 @@
// PolymorphicAccess.
clearBufferedStructures();
- result = u.stub->regenerate(locker, vm, globalObject, codeBlock, ecmaMode, *this);
+ result = m_stub->regenerate(locker, vm, globalObject, codeBlock, ecmaMode, *this);
if (StructureStubInfoInternal::verbose)
dataLog("Regeneration result: ", result, "\n");
@@ -216,11 +213,11 @@
// access code. That's because when we first transition to becoming a Stub, we may
// be buffered, and we have not yet generated any code. Once the Stub finally generates
// code, we're no longer running the inline access code, so we can then clear out
- // m_inlineAccessBaseStructure. The reason we don't clear m_inlineAccessBaseStructure while
- // we're buffered is because we rely on it to reset during GC if m_inlineAccessBaseStructure
+ // m_inlineAccessBaseStructureID. The reason we don't clear m_inlineAccessBaseStructureID while
+ // we're buffered is because we rely on it to reset during GC if m_inlineAccessBaseStructureID
// is collected.
m_identifier = nullptr;
- m_inlineAccessBaseStructure = StructureID();
+ m_inlineAccessBaseStructureID.clear();
// If we generated some code then we don't want to attempt to repatch in the future until we
// gather enough cases.
@@ -235,7 +232,7 @@
{
clearBufferedStructures();
m_identifier = nullptr;
- m_inlineAccessBaseStructure = StructureID();
+ m_inlineAccessBaseStructureID.clear();
if (m_cacheType == CacheType::Unset)
return;
@@ -323,7 +320,7 @@
case CacheType::GetByIdSelf:
return;
case CacheType::Stub:
- u.stub->visitAggregate(visitor);
+ m_stub->visitAggregate(visitor);
return;
}
@@ -348,7 +345,7 @@
if (Structure* structure = inlineAccessBaseStructure(vm))
isValid &= vm.heap.isMarked(structure);
if (m_cacheType == CacheType::Stub)
- isValid &= u.stub->visitWeak(vm);
+ isValid &= m_stub->visitWeak(vm);
if (isValid)
return;
@@ -364,7 +361,7 @@
structure->markIfCheap(visitor);
if (m_cacheType == CacheType::Stub)
- u.stub->propagateTransitions(visitor);
+ m_stub->propagateTransitions(visitor);
}
template void StructureStubInfo::propagateTransitions(AbstractSlotVisitor&);
@@ -375,7 +372,7 @@
StubInfoSummary takesSlowPath = StubInfoSummary::TakesSlowPath;
StubInfoSummary simple = StubInfoSummary::Simple;
if (m_cacheType == CacheType::Stub) {
- PolymorphicAccess* list = u.stub;
+ PolymorphicAccess* list = m_stub;
for (unsigned i = 0; i < list->size(); ++i) {
const AccessCase& access = list->at(i);
if (access.doesCalls(vm)) {
@@ -407,7 +404,7 @@
{
if (m_cacheType != CacheType::Stub)
return false;
- return u.stub->containsPC(pc);
+ return m_stub->containsPC(pc);
}
ALWAYS_INLINE void StructureStubInfo::setCacheType(const ConcurrentJSLockerBase&, CacheType newCacheType)
Modified: trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h (286666 => 286667)
--- trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -211,6 +211,14 @@
return considerCaching(vm, codeBlock, structure, impl);
}
+ Structure* inlineAccessBaseStructure(VM&)
+ {
+ return m_inlineAccessBaseStructureID.get();
+ }
+
+ static ptrdiff_t offsetOfByIdSelfOffset() { return OBJECT_OFFSETOF(StructureStubInfo, byIdSelfOffset); }
+ static ptrdiff_t offsetOfInlineAccessBaseStructureID() { return OBJECT_OFFSETOF(StructureStubInfo, m_inlineAccessBaseStructureID); }
+
private:
ALWAYS_INLINE bool considerCaching(VM& vm, CodeBlock* codeBlock, Structure* structure, CacheableIdentifier impl)
{
@@ -351,19 +359,10 @@
public:
CodeOrigin codeOrigin;
+ PolymorphicAccess* m_stub { nullptr };
PropertyOffset byIdSelfOffset;
- static ptrdiff_t offsetOfByIdSelfOffset() { return OBJECT_OFFSETOF(StructureStubInfo, byIdSelfOffset); }
- static ptrdiff_t offsetOfInlineAccessBaseStructure() { return OBJECT_OFFSETOF(StructureStubInfo, m_inlineAccessBaseStructure); }
- union {
- PolymorphicAccess* stub;
- } u;
- Structure* inlineAccessBaseStructure(VM&)
- {
- if (!m_inlineAccessBaseStructure)
- return nullptr;
- return m_inlineAccessBaseStructure.decode();
- }
- StructureID m_inlineAccessBaseStructure;
+ WriteBarrierStructureID m_inlineAccessBaseStructureID;
+
private:
CacheableIdentifier m_identifier;
// Represents those structures that already have buffered AccessCases in the PolymorphicAccess.
@@ -422,10 +421,11 @@
uint8_t countdown { 1 };
uint8_t repatchCount { 0 };
uint8_t numberOfCoolDowns { 0 };
-
+ uint8_t bufferingCountdown;
+private:
+ Lock m_bufferedStructuresLock;
+public:
CallSiteIndex callSiteIndex;
-
- uint8_t bufferingCountdown;
bool resetByGC : 1;
bool tookSlowPath : 1;
bool everConsidered : 1;
@@ -435,8 +435,6 @@
bool propertyIsString : 1;
bool propertyIsInt32 : 1;
bool propertyIsSymbol : 1;
-private:
- Lock m_bufferedStructuresLock;
};
inline CodeOrigin getStructureStubInfoCodeOrigin(StructureStubInfo& structureStubInfo)
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -14819,8 +14819,9 @@
slowCases.append(m_jit.branchIfNotFunction(calleeGPR));
m_jit.loadPtr(JITCompiler::Address(calleeGPR, JSFunction::offsetOfExecutableOrRareData()), rareDataGPR);
slowCases.append(m_jit.branchTestPtr(MacroAssembler::Zero, rareDataGPR, CCallHelpers::TrustedImm32(JSFunction::rareDataTag)));
- m_jit.loadPtr(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfInternalFunctionAllocationProfile() + InternalFunctionAllocationProfile::offsetOfStructure() - JSFunction::rareDataTag), structureGPR);
- slowCases.append(m_jit.branchTestPtr(CCallHelpers::Zero, structureGPR));
+ m_jit.load32(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfInternalFunctionAllocationProfile() + InternalFunctionAllocationProfile::offsetOfStructureID() - JSFunction::rareDataTag), structureGPR);
+ slowCases.append(m_jit.branchTest32(CCallHelpers::Zero, structureGPR));
+ m_jit.emitNonNullDecodeStructureID(structureGPR, structureGPR);
m_jit.move(TrustedImmPtr(node->isInternalPromise() ? JSInternalPromise::info() : JSPromise::info()), scratch1GPR);
slowCases.append(m_jit.branchPtr(CCallHelpers::NotEqual, scratch1GPR, CCallHelpers::Address(structureGPR, Structure::classInfoOffset())));
m_jit.move(TrustedImmPtr::weakPointer(m_jit.graph(), globalObject), scratch1GPR);
@@ -14867,8 +14868,9 @@
slowCases.append(m_jit.branchIfNotFunction(calleeGPR));
m_jit.loadPtr(JITCompiler::Address(calleeGPR, JSFunction::offsetOfExecutableOrRareData()), rareDataGPR);
slowCases.append(m_jit.branchTestPtr(MacroAssembler::Zero, rareDataGPR, CCallHelpers::TrustedImm32(JSFunction::rareDataTag)));
- m_jit.loadPtr(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfInternalFunctionAllocationProfile() + InternalFunctionAllocationProfile::offsetOfStructure() - JSFunction::rareDataTag), structureGPR);
- slowCases.append(m_jit.branchTestPtr(CCallHelpers::Zero, structureGPR));
+ m_jit.load32(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfInternalFunctionAllocationProfile() + InternalFunctionAllocationProfile::offsetOfStructureID() - JSFunction::rareDataTag), structureGPR);
+ slowCases.append(m_jit.branchTest32(CCallHelpers::Zero, structureGPR));
+ m_jit.emitNonNullDecodeStructureID(structureGPR, structureGPR);
m_jit.move(TrustedImmPtr(JSClass::info()), scratch1GPR);
slowCases.append(m_jit.branchPtr(CCallHelpers::NotEqual, scratch1GPR, CCallHelpers::Address(structureGPR, Structure::classInfoOffset())));
m_jit.move(TrustedImmPtr::weakPointer(m_jit.graph(), globalObject), scratch1GPR);
Modified: trunk/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.h (286666 => 286667)
--- trunk/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -84,9 +84,7 @@
macro(FunctionRareData_prototype, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfileWithPrototype::offsetOfPrototype()) \
macro(FunctionRareData_allocationProfileWatchpointSet, FunctionRareData::offsetOfAllocationProfileWatchpointSet()) \
macro(FunctionRareData_executable, FunctionRareData::offsetOfExecutable()) \
- macro(FunctionRareData_internalFunctionAllocationProfile_structure, FunctionRareData::offsetOfInternalFunctionAllocationProfile() + InternalFunctionAllocationProfile::offsetOfStructure()) \
- macro(FunctionRareData_boundFunctionStructure, FunctionRareData::offsetOfBoundFunctionStructure()) \
- macro(FunctionRareData_allocationProfileClearingWatchpoint, FunctionRareData::offsetOfAllocationProfileClearingWatchpoint()) \
+ macro(FunctionRareData_internalFunctionAllocationProfile_structureID, FunctionRareData::offsetOfInternalFunctionAllocationProfile() + InternalFunctionAllocationProfile::offsetOfStructureID()) \
macro(GetterSetter_getter, GetterSetter::offsetOfGetter()) \
macro(GetterSetter_setter, GetterSetter::offsetOfSetter()) \
macro(JSArrayBufferView_length, JSArrayBufferView::offsetOfLength()) \
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -7877,10 +7877,11 @@
m_out.appendTo(hasRareData, hasStructure);
LValue rareData = m_out.sub(rareDataTags, m_out.constIntPtr(JSFunction::rareDataTag));
- LValue structure = m_out.loadPtr(rareData, m_heaps.FunctionRareData_internalFunctionAllocationProfile_structure);
- m_out.branch(m_out.isZero64(structure), rarely(slowCase), usually(hasStructure));
+ LValue structureID = m_out.load32(rareData, m_heaps.FunctionRareData_internalFunctionAllocationProfile_structureID);
+ m_out.branch(m_out.isZero32(structureID), rarely(slowCase), usually(hasStructure));
m_out.appendTo(hasStructure, checkGlobalObjectCase);
+ LValue structure = decodeNonNullStructure(structureID);
m_out.branch(m_out.equal(m_out.loadPtr(structure, m_heaps.Structure_classInfo), m_out.constIntPtr(m_node->isInternalPromise() ? JSInternalPromise::info() : JSPromise::info())), usually(checkGlobalObjectCase), rarely(slowCase));
m_out.appendTo(checkGlobalObjectCase, fastAllocationCase);
@@ -7932,10 +7933,11 @@
m_out.appendTo(hasRareData, hasStructure);
LValue rareData = m_out.sub(rareDataTags, m_out.constIntPtr(JSFunction::rareDataTag));
- LValue structure = m_out.loadPtr(rareData, m_heaps.FunctionRareData_internalFunctionAllocationProfile_structure);
- m_out.branch(m_out.isZero64(structure), rarely(slowCase), usually(hasStructure));
+ LValue structureID = m_out.load32(rareData, m_heaps.FunctionRareData_internalFunctionAllocationProfile_structureID);
+ m_out.branch(m_out.isZero32(structureID), rarely(slowCase), usually(hasStructure));
m_out.appendTo(hasStructure, checkGlobalObjectCase);
+ LValue structure = decodeNonNullStructure(structureID);
m_out.branch(m_out.equal(m_out.loadPtr(structure, m_heaps.Structure_classInfo), m_out.constIntPtr(JSClass::info())), usually(checkGlobalObjectCase), rarely(slowCase));
m_out.appendTo(checkGlobalObjectCase, fastAllocationCase);
@@ -20973,13 +20975,18 @@
m_graph.m_plan.weakReferences().addLazily(target);
}
- LValue loadStructure(LValue value)
+ LValue decodeNonNullStructure(LValue structureID)
{
- LValue structureID = m_out.load32(value, m_heaps.JSCell_structureID);
LValue maskedStructureID = m_out.bitAnd(structureID, m_out.constInt32(structureIDMask));
return m_out.add(m_out.constIntPtr(g_jscConfig.startOfStructureHeap), m_out.zeroExtPtr(maskedStructureID));
}
+ LValue loadStructure(LValue value)
+ {
+ LValue structureID = m_out.load32(value, m_heaps.JSCell_structureID);
+ return decodeNonNullStructure(structureID);
+ }
+
LValue weakPointer(JSCell* pointer)
{
addWeakReference(pointer);
Modified: trunk/Source/_javascript_Core/heap/AbstractSlotVisitor.h (286666 => 286667)
--- trunk/Source/_javascript_Core/heap/AbstractSlotVisitor.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/heap/AbstractSlotVisitor.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -48,6 +48,7 @@
class VerifierSlotVisitor;
template<typename T> class Weak;
template<typename T, typename Traits> class WriteBarrierBase;
+class WriteBarrierStructureID;
class AbstractSlotVisitor {
WTF_MAKE_NONCOPYABLE(AbstractSlotVisitor);
@@ -143,6 +144,8 @@
template<typename T, typename Traits> void append(const WriteBarrierBase<T, Traits>&);
template<typename T, typename Traits> void appendHidden(const WriteBarrierBase<T, Traits>&);
+ void append(const WriteBarrierStructureID&);
+ void appendHidden(const WriteBarrierStructureID&);
template<typename Iterator> void append(Iterator begin , Iterator end);
ALWAYS_INLINE void appendValues(const WriteBarrierBase<Unknown, RawValueTraits<Unknown>>*, size_t count);
ALWAYS_INLINE void appendValuesHidden(const WriteBarrierBase<Unknown, RawValueTraits<Unknown>>*, size_t count);
Modified: trunk/Source/_javascript_Core/heap/AbstractSlotVisitorInlines.h (286666 => 286667)
--- trunk/Source/_javascript_Core/heap/AbstractSlotVisitorInlines.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/heap/AbstractSlotVisitorInlines.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -158,6 +158,16 @@
appendHiddenUnbarriered(slot.get());
}
+ALWAYS_INLINE void AbstractSlotVisitor::append(const WriteBarrierStructureID& slot)
+{
+ appendUnbarriered(reinterpret_cast<JSCell*>(slot.get()));
+}
+
+ALWAYS_INLINE void AbstractSlotVisitor::appendHidden(const WriteBarrierStructureID& slot)
+{
+ appendHiddenUnbarriered(reinterpret_cast<JSCell*>(slot.get()));
+}
+
ALWAYS_INLINE void AbstractSlotVisitor::appendHiddenUnbarriered(JSValue value)
{
if (value.isCell())
Modified: trunk/Source/_javascript_Core/heap/SlotVisitor.h (286666 => 286667)
--- trunk/Source/_javascript_Core/heap/SlotVisitor.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/heap/SlotVisitor.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -92,6 +92,8 @@
template<typename T, typename Traits> void append(const WriteBarrierBase<T, Traits>&);
template<typename T, typename Traits> void appendHidden(const WriteBarrierBase<T, Traits>&);
+ void append(const WriteBarrierStructureID&);
+ void appendHidden(const WriteBarrierStructureID&);
template<typename Iterator> void append(Iterator begin , Iterator end);
ALWAYS_INLINE void appendValues(const WriteBarrierBase<Unknown, RawValueTraits<Unknown>>*, size_t count);
ALWAYS_INLINE void appendValuesHidden(const WriteBarrierBase<Unknown, RawValueTraits<Unknown>>*, size_t count);
Modified: trunk/Source/_javascript_Core/heap/SlotVisitorInlines.h (286666 => 286667)
--- trunk/Source/_javascript_Core/heap/SlotVisitorInlines.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/heap/SlotVisitorInlines.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -116,6 +116,16 @@
appendHiddenUnbarriered(slot.get());
}
+ALWAYS_INLINE void SlotVisitor::append(const WriteBarrierStructureID& slot)
+{
+ appendUnbarriered(reinterpret_cast<JSCell*>(slot.get()));
+}
+
+ALWAYS_INLINE void SlotVisitor::appendHidden(const WriteBarrierStructureID& slot)
+{
+ appendHiddenUnbarriered(reinterpret_cast<JSCell*>(slot.get()));
+}
+
template<typename Iterator>
ALWAYS_INLINE void SlotVisitor::append(Iterator begin, Iterator end)
{
Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -389,9 +389,9 @@
BaseIndex(scratch, offset, TimesEight, (firstOutOfLineOffset - 2) * sizeof(EncodedJSValue)));
}
-void AssemblyHelpers::emitLoadStructure(VM&, RegisterID source, RegisterID dest)
+void AssemblyHelpers::emitNonNullDecodeStructureID(RegisterID source, RegisterID dest)
{
- load32(MacroAssembler::Address(source, JSCell::structureIDOffset()), dest);
+ move(source, dest);
#if CPU(ADDRESS64)
// This could use BFI on arm64 but that only helps if the start of structure heap is encodable as a mov and not as an immediate in the add so it's probably not super important.
and32(TrustedImm32(structureIDMask), dest);
@@ -399,6 +399,12 @@
#endif // not CPU(ADDRESS64)
}
+void AssemblyHelpers::emitLoadStructure(VM&, RegisterID source, RegisterID dest)
+{
+ load32(MacroAssembler::Address(source, JSCell::structureIDOffset()), dest);
+ emitNonNullDecodeStructureID(dest, dest);
+}
+
void AssemblyHelpers::emitLoadPrototype(VM& vm, GPRReg objectGPR, JSValueRegs resultRegs, JumpList& slowPath)
{
ASSERT(resultRegs.payloadGPR() != objectGPR);
Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.h (286666 => 286667)
--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -1577,6 +1577,7 @@
return argumentCount(codeOrigin.inlineCallFrame());
}
+ void emitNonNullDecodeStructureID(RegisterID source, RegisterID dest);
void emitLoadStructure(VM&, RegisterID source, RegisterID dest);
void emitLoadPrototype(VM&, GPRReg objectGPR, JSValueRegs resultRegs, JumpList& slowPath);
Modified: trunk/Source/_javascript_Core/jit/JITInlineCacheGenerator.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/jit/JITInlineCacheGenerator.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/jit/JITInlineCacheGenerator.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -136,7 +136,7 @@
static void generateGetByIdInlineAccess(JIT& jit, GPRReg stubInfoGPR, JSValueRegs baseJSR, GPRReg scratchGPR, JSValueRegs resultJSR)
{
jit.load32(CCallHelpers::Address(baseJSR.payloadGPR(), JSCell::structureIDOffset()), scratchGPR);
- auto doInlineAccess = jit.branch32(CCallHelpers::Equal, scratchGPR, CCallHelpers::Address(stubInfoGPR, StructureStubInfo::offsetOfInlineAccessBaseStructure()));
+ auto doInlineAccess = jit.branch32(CCallHelpers::Equal, scratchGPR, CCallHelpers::Address(stubInfoGPR, StructureStubInfo::offsetOfInlineAccessBaseStructureID()));
jit.farJump(CCallHelpers::Address(stubInfoGPR, StructureStubInfo::offsetOfCodePtr()), JITStubRoutinePtrTag);
doInlineAccess.link(&jit);
jit.load32(CCallHelpers::Address(stubInfoGPR, StructureStubInfo::offsetOfByIdSelfOffset()), scratchGPR);
@@ -221,7 +221,7 @@
using BaselinePutByIdRegisters::scratch2GPR;
jit.load32(CCallHelpers::Address(baseJSR.payloadGPR(), JSCell::structureIDOffset()), scratchGPR);
- auto doInlineAccess = jit.branch32(CCallHelpers::Equal, scratchGPR, CCallHelpers::Address(stubInfoGPR, StructureStubInfo::offsetOfInlineAccessBaseStructure()));
+ auto doInlineAccess = jit.branch32(CCallHelpers::Equal, scratchGPR, CCallHelpers::Address(stubInfoGPR, StructureStubInfo::offsetOfInlineAccessBaseStructureID()));
jit.farJump(CCallHelpers::Address(stubInfoGPR, StructureStubInfo::offsetOfCodePtr()), JITStubRoutinePtrTag);
doInlineAccess.link(&jit);
jit.load32(CCallHelpers::Address(stubInfoGPR, StructureStubInfo::offsetOfByIdSelfOffset()), scratchGPR);
@@ -412,7 +412,7 @@
CCallHelpers::JumpList done;
jit.load32(CCallHelpers::Address(baseJSR.payloadGPR(), JSCell::structureIDOffset()), scratchGPR);
- auto skipInlineAccess = jit.branch32(CCallHelpers::NotEqual, scratchGPR, CCallHelpers::Address(stubInfoGPR, StructureStubInfo::offsetOfInlineAccessBaseStructure()));
+ auto skipInlineAccess = jit.branch32(CCallHelpers::NotEqual, scratchGPR, CCallHelpers::Address(stubInfoGPR, StructureStubInfo::offsetOfInlineAccessBaseStructureID()));
jit.boxBoolean(true, resultJSR);
auto finished = jit.jump();
Modified: trunk/Source/_javascript_Core/runtime/FunctionExecutable.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/runtime/FunctionExecutable.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/runtime/FunctionExecutable.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -78,7 +78,7 @@
visitor.append(thisObject->m_codeBlockForConstruct);
visitor.append(thisObject->m_unlinkedExecutable);
if (RareData* rareData = thisObject->m_rareData.get()) {
- visitor.append(rareData->m_cachedPolyProtoStructure);
+ visitor.append(rareData->m_cachedPolyProtoStructureID);
visitor.append(rareData->m_asString);
if (TemplateObjectMap* map = rareData->m_templateObjectMap.get()) {
Locker locker { thisObject->cellLock() };
Modified: trunk/Source/_javascript_Core/runtime/FunctionExecutable.h (286666 => 286667)
--- trunk/Source/_javascript_Core/runtime/FunctionExecutable.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/runtime/FunctionExecutable.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -257,12 +257,12 @@
Structure* cachedPolyProtoStructure()
{
if (UNLIKELY(m_rareData))
- return m_rareData->m_cachedPolyProtoStructure.get();
+ return m_rareData->m_cachedPolyProtoStructureID.get();
return nullptr;
}
void setCachedPolyProtoStructure(VM& vm, Structure* structure)
{
- ensureRareData().m_cachedPolyProtoStructure.set(vm, this, structure);
+ ensureRareData().m_cachedPolyProtoStructureID.set(vm, this, structure);
}
InlineWatchpointSet& ensurePolyProtoWatchpoint()
@@ -310,8 +310,8 @@
unsigned m_parametersStartOffset { 0 };
unsigned m_typeProfilingStartOffset { UINT_MAX };
unsigned m_typeProfilingEndOffset { UINT_MAX };
+ WriteBarrierStructureID m_cachedPolyProtoStructureID;
std::unique_ptr<TemplateObjectMap> m_templateObjectMap;
- WriteBarrier<Structure> m_cachedPolyProtoStructure;
WriteBarrier<JSString> m_asString;
};
Modified: trunk/Source/_javascript_Core/runtime/FunctionRareData.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/runtime/FunctionRareData.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/runtime/FunctionRareData.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -60,7 +60,7 @@
rareData->m_objectAllocationProfile.visitAggregate(visitor);
rareData->m_internalFunctionAllocationProfile.visitAggregate(visitor);
- visitor.append(rareData->m_boundFunctionStructure);
+ visitor.append(rareData->m_boundFunctionStructureID);
visitor.append(rareData->m_executable);
}
Modified: trunk/Source/_javascript_Core/runtime/FunctionRareData.h (286666 => 286667)
--- trunk/Source/_javascript_Core/runtime/FunctionRareData.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/runtime/FunctionRareData.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -72,9 +72,7 @@
static inline ptrdiff_t offsetOfObjectAllocationProfile() { return OBJECT_OFFSETOF(FunctionRareData, m_objectAllocationProfile); }
static inline ptrdiff_t offsetOfAllocationProfileWatchpointSet() { return OBJECT_OFFSETOF(FunctionRareData, m_allocationProfileWatchpointSet); }
static inline ptrdiff_t offsetOfInternalFunctionAllocationProfile() { return OBJECT_OFFSETOF(FunctionRareData, m_internalFunctionAllocationProfile); }
- static inline ptrdiff_t offsetOfBoundFunctionStructure() { return OBJECT_OFFSETOF(FunctionRareData, m_boundFunctionStructure); }
static inline ptrdiff_t offsetOfExecutable() { return OBJECT_OFFSETOF(FunctionRareData, m_executable); }
- static inline ptrdiff_t offsetOfAllocationProfileClearingWatchpoint() { return OBJECT_OFFSETOF(FunctionRareData, m_allocationProfileClearingWatchpoint); }
ObjectAllocationProfileWithPrototype* objectAllocationProfile()
{
@@ -113,8 +111,8 @@
m_allocationProfileWatchpointSet.startWatching();
}
- Structure* getBoundFunctionStructure() { return m_boundFunctionStructure.get(); }
- void setBoundFunctionStructure(VM& vm, Structure* structure) { m_boundFunctionStructure.set(vm, this, structure); }
+ Structure* getBoundFunctionStructure() { return m_boundFunctionStructureID.get(); }
+ void setBoundFunctionStructure(VM& vm, Structure* structure) { m_boundFunctionStructureID.set(vm, this, structure); }
ExecutableBase* executable() const { return m_executable.get(); }
@@ -160,7 +158,7 @@
ObjectAllocationProfileWithPrototype m_objectAllocationProfile;
InlineWatchpointSet m_allocationProfileWatchpointSet;
InternalFunctionAllocationProfile m_internalFunctionAllocationProfile;
- WriteBarrier<Structure> m_boundFunctionStructure;
+ WriteBarrierStructureID m_boundFunctionStructureID;
WriteBarrier<ExecutableBase> m_executable;
std::unique_ptr<AllocationProfileClearingWatchpoint> m_allocationProfileClearingWatchpoint;
bool m_hasReifiedLength : 1;
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -2281,13 +2281,16 @@
for (auto& property : thisObject->m_linkTimeConstants)
property.visit(visitor);
-#define VISIT_SIMPLE_TYPE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase, featureFlag) if (featureFlag) { \
+#define VISIT_SIMPLE_TYPE_PROTOTYPE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase, featureFlag) if (featureFlag) \
visitor.append(thisObject->m_ ## lowerName ## Prototype); \
+
+#define VISIT_SIMPLE_TYPE_STRUCTURE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase, featureFlag) if (featureFlag) \
visitor.append(thisObject->m_ ## properName ## Structure); \
- }
- FOR_EACH_SIMPLE_BUILTIN_TYPE(VISIT_SIMPLE_TYPE)
- FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(VISIT_SIMPLE_TYPE)
+ FOR_EACH_SIMPLE_BUILTIN_TYPE(VISIT_SIMPLE_TYPE_STRUCTURE)
+ FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(VISIT_SIMPLE_TYPE_STRUCTURE)
+ FOR_EACH_SIMPLE_BUILTIN_TYPE(VISIT_SIMPLE_TYPE_PROTOTYPE)
+ FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(VISIT_SIMPLE_TYPE_PROTOTYPE)
#define VISIT_LAZY_TYPE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase, featureFlag) if (featureFlag) \
thisObject->m_ ## properName ## Structure.visit(visitor);
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.h (286666 => 286667)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -376,20 +376,7 @@
LazyProperty<JSGlobalObject, Structure> m_debuggerScopeStructure;
LazyProperty<JSGlobalObject, Structure> m_withScopeStructure;
LazyProperty<JSGlobalObject, Structure> m_strictEvalActivationStructure;
- WriteBarrier<Structure> m_lexicalEnvironmentStructure;
LazyProperty<JSGlobalObject, Structure> m_moduleEnvironmentStructure;
- WriteBarrier<Structure> m_directArgumentsStructure;
- WriteBarrier<Structure> m_scopedArgumentsStructure;
- WriteBarrier<Structure> m_clonedArgumentsStructure;
-
- WriteBarrier<Structure> m_objectStructureForObjectConstructor;
-
- // Lists the actual structures used for having these particular indexing shapes.
- WriteBarrier<Structure> m_originalArrayStructureForIndexingShape[NumberOfArrayIndexingModes];
- // Lists the structures we should use during allocation for these particular indexing shapes.
- // These structures will differ from the originals list above when we are having a bad time.
- WriteBarrier<Structure> m_arrayStructureForIndexingShapeDuringAllocation[NumberOfArrayIndexingModes];
-
LazyProperty<JSGlobalObject, Structure> m_callbackConstructorStructure;
LazyProperty<JSGlobalObject, Structure> m_callbackFunctionStructure;
LazyProperty<JSGlobalObject, Structure> m_callbackObjectStructure;
@@ -401,42 +388,57 @@
LazyProperty<JSGlobalObject, Structure> m_glibCallbackFunctionStructure;
LazyProperty<JSGlobalObject, Structure> m_glibWrapperObjectStructure;
#endif
- WriteBarrier<Structure> m_nullPrototypeObjectStructure;
- WriteBarrier<Structure> m_calleeStructure;
- WriteBarrier<Structure> m_hostFunctionStructure;
+ WriteBarrierStructureID m_lexicalEnvironmentStructure;
+ WriteBarrierStructureID m_directArgumentsStructure;
+ WriteBarrierStructureID m_scopedArgumentsStructure;
+ WriteBarrierStructureID m_clonedArgumentsStructure;
+ WriteBarrierStructureID m_objectStructureForObjectConstructor;
+
+ // Lists the actual structures used for having these particular indexing shapes.
+ WriteBarrierStructureID m_originalArrayStructureForIndexingShape[NumberOfArrayIndexingModes];
+ // Lists the structures we should use during allocation for these particular indexing shapes.
+ // These structures will differ from the originals list above when we are having a bad time.
+ WriteBarrierStructureID m_arrayStructureForIndexingShapeDuringAllocation[NumberOfArrayIndexingModes];
+
+ WriteBarrierStructureID m_nullPrototypeObjectStructure;
+ WriteBarrierStructureID m_calleeStructure;
+
+ WriteBarrierStructureID m_hostFunctionStructure;
+
struct FunctionStructures {
- WriteBarrier<Structure> arrowFunctionStructure;
- WriteBarrier<Structure> sloppyFunctionStructure;
- WriteBarrier<Structure> strictFunctionStructure;
+ WriteBarrierStructureID arrowFunctionStructure;
+ WriteBarrierStructureID sloppyFunctionStructure;
+ WriteBarrierStructureID strictFunctionStructure;
};
FunctionStructures m_builtinFunctions;
FunctionStructures m_ordinaryFunctions;
+ PropertyOffset m_functionNameOffset;
+ WriteBarrierStructureID m_shadowRealmObjectStructure;
+ WriteBarrierStructureID m_regExpStructure;
+ WriteBarrierStructureID m_asyncFunctionStructure;
+ WriteBarrierStructureID m_asyncGeneratorFunctionStructure;
+ WriteBarrierStructureID m_generatorFunctionStructure;
+ WriteBarrierStructureID m_generatorStructure;
+ WriteBarrierStructureID m_asyncGeneratorStructure;
+ WriteBarrierStructureID m_arrayIteratorStructure;
+ WriteBarrierStructureID m_mapIteratorStructure;
+ WriteBarrierStructureID m_setIteratorStructure;
+ WriteBarrierStructureID m_regExpMatchesArrayStructure;
+ WriteBarrierStructureID m_regExpMatchesArrayWithIndicesStructure;
+ WriteBarrierStructureID m_regExpMatchesIndicesArrayStructure;
+
LazyProperty<JSGlobalObject, Structure> m_boundFunctionStructure;
LazyProperty<JSGlobalObject, Structure> m_customGetterFunctionStructure;
LazyProperty<JSGlobalObject, Structure> m_customSetterFunctionStructure;
LazyProperty<JSGlobalObject, Structure> m_nativeStdFunctionStructure;
- PropertyOffset m_functionNameOffset;
- WriteBarrier<Structure> m_shadowRealmObjectStructure;
- WriteBarrier<Structure> m_regExpStructure;
WriteBarrier<AsyncFunctionPrototype> m_asyncFunctionPrototype;
WriteBarrier<AsyncGeneratorFunctionPrototype> m_asyncGeneratorFunctionPrototype;
- WriteBarrier<Structure> m_asyncFunctionStructure;
- WriteBarrier<Structure> m_asyncGeneratorFunctionStructure;
- WriteBarrier<Structure> m_generatorFunctionStructure;
- WriteBarrier<Structure> m_generatorStructure;
- WriteBarrier<Structure> m_asyncGeneratorStructure;
- WriteBarrier<Structure> m_arrayIteratorStructure;
- WriteBarrier<Structure> m_mapIteratorStructure;
- WriteBarrier<Structure> m_setIteratorStructure;
LazyProperty<JSGlobalObject, Structure> m_iteratorResultObjectStructure;
LazyProperty<JSGlobalObject, Structure> m_dataPropertyDescriptorObjectStructure;
LazyProperty<JSGlobalObject, Structure> m_accessorPropertyDescriptorObjectStructure;
- WriteBarrier<Structure> m_regExpMatchesArrayStructure;
- WriteBarrier<Structure> m_regExpMatchesArrayWithIndicesStructure;
- WriteBarrier<Structure> m_regExpMatchesIndicesArrayStructure;
LazyProperty<JSGlobalObject, Structure> m_moduleRecordStructure;
LazyProperty<JSGlobalObject, Structure> m_moduleNamespaceObjectStructure;
LazyProperty<JSGlobalObject, Structure> m_proxyObjectStructure;
@@ -444,15 +446,19 @@
LazyProperty<JSGlobalObject, Structure> m_proxyRevokeStructure;
LazyClassStructure m_sharedArrayBufferStructure;
-#define DEFINE_STORAGE_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase, featureFlag) \
- WriteBarrier<capitalName ## Prototype> m_ ## lowerName ## Prototype; \
- WriteBarrier<Structure> m_ ## properName ## Structure;
+#define DEFINE_STORAGE_FOR_SIMPLE_TYPE_PROTOTYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase, featureFlag) \
+ WriteBarrier<capitalName ## Prototype> m_ ## lowerName ## Prototype;
+#define DEFINE_STORAGE_FOR_SIMPLE_TYPE_STRUCTURE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase, featureFlag) \
+ WriteBarrierStructureID m_ ## properName ## Structure;
+
#define DEFINE_STORAGE_FOR_LAZY_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase, featureFlag) \
LazyClassStructure m_ ## properName ## Structure;
- FOR_EACH_SIMPLE_BUILTIN_TYPE(DEFINE_STORAGE_FOR_SIMPLE_TYPE)
- FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(DEFINE_STORAGE_FOR_SIMPLE_TYPE)
+ FOR_EACH_SIMPLE_BUILTIN_TYPE(DEFINE_STORAGE_FOR_SIMPLE_TYPE_STRUCTURE)
+ FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(DEFINE_STORAGE_FOR_SIMPLE_TYPE_STRUCTURE)
+ FOR_EACH_SIMPLE_BUILTIN_TYPE(DEFINE_STORAGE_FOR_SIMPLE_TYPE_PROTOTYPE)
+ FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(DEFINE_STORAGE_FOR_SIMPLE_TYPE_PROTOTYPE)
#if ENABLE(WEBASSEMBLY)
LazyProperty<JSGlobalObject, Structure> m_webAssemblyModuleRecordStructure;
@@ -464,7 +470,8 @@
FOR_EACH_LAZY_BUILTIN_TYPE(DEFINE_STORAGE_FOR_LAZY_TYPE)
-#undef DEFINE_STORAGE_FOR_SIMPLE_TYPE
+#undef DEFINE_STORAGE_FOR_SIMPLE_TYPE_PROTOTYPE
+#undef DEFINE_STORAGE_FOR_SIMPLE_TYPE_STRUCTURE
#undef DEFINE_STORAGE_FOR_LAZY_TYPE
WriteBarrier<GetterSetter> m_speciesGetterSetter;
@@ -574,6 +581,7 @@
bool m_evalEnabled { true };
bool m_webAssemblyEnabled { true };
+ bool m_needsSiteSpecificQuirks { false };
unsigned m_globalLexicalBindingEpoch { 1 };
String m_evalDisabledErrorMessage;
String m_webAssemblyDisabledErrorMessage;
@@ -1194,7 +1202,6 @@
JS_EXPORT_PRIVATE static void clearRareData(JSCell*);
- bool m_needsSiteSpecificQuirks { false };
#if JSC_OBJC_API_ENABLED
RetainPtr<JSWrapperMap> m_wrapperMap;
#endif
Modified: trunk/Source/_javascript_Core/runtime/JSPropertyNameEnumerator.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/runtime/JSPropertyNameEnumerator.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/runtime/JSPropertyNameEnumerator.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -50,7 +50,7 @@
JSPropertyNameEnumerator::JSPropertyNameEnumerator(VM& vm, Structure* structure, uint32_t indexedLength, uint32_t numberStructureProperties, WriteBarrier<JSString>* propertyNamesBuffer, unsigned propertyNamesSize)
: JSCell(vm, vm.propertyNameEnumeratorStructure.get())
, m_propertyNames(vm, this, propertyNamesBuffer)
- , m_cachedStructureID(structure ? structure->id() : StructureID())
+ , m_cachedStructureID(vm, this, structure, WriteBarrierStructureID::MayBeNull)
, m_indexedLength(indexedLength)
, m_endStructurePropertyIndex(numberStructureProperties)
, m_endGenericPropertyIndex(propertyNamesSize)
@@ -86,9 +86,7 @@
visitor.markAuxiliary(propertyNames);
visitor.append(propertyNames, propertyNames + thisObject->sizeOfPropertyNames());
}
-
- if (thisObject->cachedStructureID())
- visitor.appendUnbarriered(thisObject->cachedStructureID().decode());
+ visitor.append(thisObject->m_cachedStructureID);
}
DEFINE_VISIT_CHILDREN(JSPropertyNameEnumerator);
Modified: trunk/Source/_javascript_Core/runtime/JSPropertyNameEnumerator.h (286666 => 286667)
--- trunk/Source/_javascript_Core/runtime/JSPropertyNameEnumerator.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/runtime/JSPropertyNameEnumerator.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -73,11 +73,9 @@
Structure* cachedStructure(VM& vm) const
{
UNUSED_PARAM(vm);
- if (!m_cachedStructureID)
- return nullptr;
- return m_cachedStructureID.decode();
+ return m_cachedStructureID.get();
}
- StructureID cachedStructureID() const { return m_cachedStructureID; }
+ StructureID cachedStructureID() const { return m_cachedStructureID.value(); }
uint32_t indexedLength() const { return m_indexedLength; }
uint32_t endStructurePropertyIndex() const { return m_endStructurePropertyIndex; }
uint32_t endGenericPropertyIndex() const { return m_endGenericPropertyIndex; }
@@ -108,7 +106,7 @@
// JSPropertyNameEnumerator is immutable data structure, which allows VM to cache the empty one.
// After instantiating JSPropertyNameEnumerator, we must not change any fields.
AuxiliaryBarrier<WriteBarrier<JSString>*> m_propertyNames;
- StructureID m_cachedStructureID;
+ WriteBarrierStructureID m_cachedStructureID;
uint32_t m_indexedLength;
uint32_t m_endStructurePropertyIndex;
uint32_t m_endGenericPropertyIndex;
Modified: trunk/Source/_javascript_Core/runtime/StructureRareData.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/runtime/StructureRareData.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/runtime/StructureRareData.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -60,11 +60,10 @@
StructureRareData::StructureRareData(VM& vm, Structure* previous)
: JSCell(vm, vm.structureRareDataStructure.get())
+ , m_previous(vm, this, previous, WriteBarrierStructureID::MayBeNull)
, m_maxOffset(invalidOffset)
, m_transitionOffset(invalidOffset)
{
- if (previous)
- m_previous.set(vm, this, previous);
}
template<typename Visitor>
Modified: trunk/Source/_javascript_Core/runtime/StructureRareData.h (286666 => 286667)
--- trunk/Source/_javascript_Core/runtime/StructureRareData.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/runtime/StructureRareData.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -140,7 +140,6 @@
bool tryCachePropertyNameEnumeratorViaWatchpoint(VM&, Structure*, StructureChain*);
- WriteBarrier<Structure> m_previous;
// FIXME: We should have some story for clearing these property names caches in GC.
// https://bugs.webkit.org/show_bug.cgi?id=192659
uintptr_t m_cachedPropertyNameEnumeratorAndFlag { 0 };
@@ -156,6 +155,7 @@
std::unique_ptr<SpecialPropertyCache> m_specialPropertyCache;
Box<InlineWatchpointSet> m_polyProtoWatchpoint;
+ WriteBarrierStructureID m_previous;
PropertyOffset m_maxOffset;
PropertyOffset m_transitionOffset;
};
Modified: trunk/Source/_javascript_Core/runtime/WriteBarrier.h (286666 => 286667)
--- trunk/Source/_javascript_Core/runtime/WriteBarrier.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/runtime/WriteBarrier.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -27,6 +27,7 @@
#include "GCAssertions.h"
#include "HandleTypes.h"
+#include "StructureID.h"
#include <type_traits>
#include <wtf/RawPtrTraits.h>
#include <wtf/RawValueTraits.h>
@@ -248,4 +249,104 @@
return lhs.get() == rhs.get();
}
+class WriteBarrierStructureID {
+public:
+ constexpr WriteBarrierStructureID() = default;
+
+ WriteBarrierStructureID(VM& vm, const JSCell* owner, Structure* value)
+ {
+ set(vm, owner, value);
+ }
+
+ WriteBarrierStructureID(DFG::DesiredWriteBarrier&, Structure* value)
+ {
+ ASSERT(isCompilationThread());
+ setWithoutWriteBarrier(value);
+ }
+
+ enum MayBeNullTag { MayBeNull };
+ WriteBarrierStructureID(VM& vm, const JSCell* owner, Structure* value, MayBeNullTag)
+ {
+ setMayBeNull(vm, owner, value);
+ }
+
+ void set(VM&, const JSCell* owner, Structure* value);
+
+ void setMayBeNull(VM&, const JSCell* owner, Structure* value);
+
+ // Should only be used by JSCell during early initialisation
+ // when some basic types aren't yet completely instantiated
+ void setEarlyValue(VM&, const JSCell* owner, Structure* value);
+
+ Structure* get() const
+ {
+ // Copy m_structureID to a local to avoid multiple-read issues. (See <http://webkit.org/b/110854>)
+ StructureID structureID = m_structureID;
+ if (structureID) {
+ Structure* structure = structureID.decode();
+ validateCell(reinterpret_cast<JSCell*>(structure));
+ return structure;
+ }
+ return nullptr;
+ }
+
+ Structure* operator*() const
+ {
+ StructureID structureID = m_structureID;
+ ASSERT(structureID);
+ Structure* structure = structureID.decode();
+ validateCell(reinterpret_cast<JSCell*>(structure));
+ return structure;
+ }
+
+ Structure* operator->() const
+ {
+ StructureID structureID = m_structureID;
+ ASSERT(structureID);
+ Structure* structure = structureID.decode();
+ validateCell(reinterpret_cast<JSCell*>(structure));
+ return structure;
+ }
+
+ void clear()
+ {
+ m_structureID = { };
+ }
+
+ explicit operator bool() const
+ {
+ return !!m_structureID;
+ }
+
+ bool operator!() const
+ {
+ return !m_structureID;
+ }
+
+ void setWithoutWriteBarrier(Structure* value)
+ {
+#if ENABLE(WRITE_BARRIER_PROFILING)
+ WriteBarrierCounters::usesWithoutBarrierFromCpp.count();
+#endif
+ if (!value) {
+ m_structureID = { };
+ return;
+ }
+ m_structureID = StructureID::encode(value);
+ }
+
+ Structure* unvalidatedGet() const
+ {
+ StructureID structureID = m_structureID;
+ if (structureID)
+ return structureID.decode();
+ return nullptr;
+ }
+
+ StructureID value() const { return m_structureID; }
+
+private:
+ StructureID m_structureID;
+};
+
} // namespace JSC
Modified: trunk/Source/_javascript_Core/runtime/WriteBarrierInlines.h (286666 => 286667)
--- trunk/Source/_javascript_Core/runtime/WriteBarrierInlines.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/runtime/WriteBarrierInlines.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -61,4 +61,29 @@
vm.writeBarrier(owner, value);
}
+inline void WriteBarrierStructureID::set(VM& vm, const JSCell* owner, Structure* value)
+{
+ ASSERT(value);
+ ASSERT(!Options::useConcurrentJIT() || !isCompilationThread());
+ validateCell(reinterpret_cast<JSCell*>(value));
+ setEarlyValue(vm, owner, value);
+}
+
+inline void WriteBarrierStructureID::setMayBeNull(VM& vm, const JSCell* owner, Structure* value)
+{
+ if (value)
+ validateCell(reinterpret_cast<JSCell*>(value));
+ setEarlyValue(vm, owner, value);
+}
+
+inline void WriteBarrierStructureID::setEarlyValue(VM& vm, const JSCell* owner, Structure* value)
+{
+ if (!value) {
+ m_structureID = { };
+ return;
+ }
+ m_structureID = StructureID::encode(value);
+ vm.writeBarrier(owner, reinterpret_cast<JSCell*>(value));
+}
+
} // namespace JSC
Modified: trunk/Source/_javascript_Core/tools/JSDollarVM.cpp (286666 => 286667)
--- trunk/Source/_javascript_Core/tools/JSDollarVM.cpp 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/tools/JSDollarVM.cpp 2021-12-08 19:11:40 UTC (rev 286667)
@@ -4012,7 +4012,7 @@
addFunction(vm, "ensureArrayStorage", functionEnsureArrayStorage, 1);
- m_objectDoingSideEffectPutWithoutCorrectSlotStatusStructure.set(vm, this, ObjectDoingSideEffectPutWithoutCorrectSlotStatus::createStructure(vm, globalObject, jsNull()));
+ m_objectDoingSideEffectPutWithoutCorrectSlotStatusStructureID.set(vm, this, ObjectDoingSideEffectPutWithoutCorrectSlotStatus::createStructure(vm, globalObject, jsNull()));
}
void JSDollarVM::addFunction(VM& vm, JSGlobalObject* globalObject, const char* name, NativeFunction function, unsigned arguments)
@@ -4034,7 +4034,7 @@
{
JSDollarVM* thisObject = jsCast<JSDollarVM*>(cell);
Base::visitChildren(thisObject, visitor);
- visitor.append(thisObject->m_objectDoingSideEffectPutWithoutCorrectSlotStatusStructure);
+ visitor.append(thisObject->m_objectDoingSideEffectPutWithoutCorrectSlotStatusStructureID);
}
DEFINE_VISIT_CHILDREN(JSDollarVM);
Modified: trunk/Source/_javascript_Core/tools/JSDollarVM.h (286666 => 286667)
--- trunk/Source/_javascript_Core/tools/JSDollarVM.h 2021-12-08 18:49:31 UTC (rev 286666)
+++ trunk/Source/_javascript_Core/tools/JSDollarVM.h 2021-12-08 19:11:40 UTC (rev 286667)
@@ -61,7 +61,7 @@
return instance;
}
- Structure* objectDoingSideEffectPutWithoutCorrectSlotStatusStructure() { return m_objectDoingSideEffectPutWithoutCorrectSlotStatusStructure.get(); }
+ Structure* objectDoingSideEffectPutWithoutCorrectSlotStatusStructure() { return m_objectDoingSideEffectPutWithoutCorrectSlotStatusStructureID.get(); }
private:
JSDollarVM(VM& vm, Structure* structure)
@@ -76,7 +76,7 @@
DECLARE_VISIT_CHILDREN;
- WriteBarrier<Structure> m_objectDoingSideEffectPutWithoutCorrectSlotStatusStructure;
+ WriteBarrierStructureID m_objectDoingSideEffectPutWithoutCorrectSlotStatusStructureID;
};
} // namespace JSC
