Diff
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/CMakeLists.txt (287004 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/CMakeLists.txt 2021-12-14 03:27:46 UTC (rev 287004)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/CMakeLists.txt 2021-12-14 03:27:51 UTC (rev 287005)
@@ -1186,6 +1186,7 @@
runtime/StructureCache.h
runtime/StructureChain.h
runtime/StructureID.h
+ runtime/StructureIDBlob.h
runtime/StructureInlines.h
runtime/StructureRareData.h
runtime/StructureRareDataInlines.h
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/ChangeLog (287004 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/ChangeLog 2021-12-14 03:27:46 UTC (rev 287004)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/ChangeLog 2021-12-14 03:27:51 UTC (rev 287005)
@@ -1,5 +1,45 @@
2021-12-13 Russell Epstein <[email protected]>
+ Cherry-pick r286597. rdar://problem/86445989
+
+ Unreviewed, reverting r286502 and r286580.
+ https://bugs.webkit.org/show_bug.cgi?id=233930
+
+ Speedometer2 0.7% regression
+
+ Reverted changesets:
+
+ "Remove StructureIDBlob"
+ https://bugs.webkit.org/show_bug.cgi?id=233723
+ https://commits.webkit.org/r286502
+
+ "TypeInfo should be materializable from Structures as a single
+ load."
+ https://bugs.webkit.org/show_bug.cgi?id=233875
+ https://commits.webkit.org/r286580
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@286597 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-12-07 Commit Queue <[email protected]>
+
+ Unreviewed, reverting r286502 and r286580.
+ https://bugs.webkit.org/show_bug.cgi?id=233930
+
+ Speedometer2 0.7% regression
+
+ Reverted changesets:
+
+ "Remove StructureIDBlob"
+ https://bugs.webkit.org/show_bug.cgi?id=233723
+ https://commits.webkit.org/r286502
+
+ "TypeInfo should be materializable from Structures as a single
+ load."
+ https://bugs.webkit.org/show_bug.cgi?id=233875
+ https://commits.webkit.org/r286580
+
+2021-12-13 Russell Epstein <[email protected]>
+
Cherry-pick r286580. rdar://problem/86445989
TypeInfo should be materializable from Structures as a single load.
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj (287004 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2021-12-14 03:27:46 UTC (rev 287004)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2021-12-14 03:27:51 UTC (rev 287005)
@@ -852,6 +852,7 @@
2A4BB7F318A41179008A0FCD /* JSManagedValueInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A4BB7F218A41179008A0FCD /* JSManagedValueInternal.h */; };
2A83638618D7D0EE0000EBCC /* EdenGCActivityCallback.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A83638418D7D0EE0000EBCC /* EdenGCActivityCallback.h */; settings = {ATTRIBUTES = (Private, ); }; };
2A83638A18D7D0FE0000EBCC /* FullGCActivityCallback.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A83638818D7D0FE0000EBCC /* FullGCActivityCallback.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 2AAAA31218BD49D100394CC8 /* StructureIDBlob.h in Headers */ = {isa = PBXBuildFile; fileRef = 2AAAA31018BD49D100394CC8 /* StructureIDBlob.h */; settings = {ATTRIBUTES = (Private, ); }; };
2AABCDE718EF294200002096 /* GCLogging.h in Headers */ = {isa = PBXBuildFile; fileRef = 2AABCDE618EF294200002096 /* GCLogging.h */; settings = {ATTRIBUTES = (Private, ); }; };
2AACE63D18CA5A0300ED0191 /* GCActivityCallback.h in Headers */ = {isa = PBXBuildFile; fileRef = 2AACE63B18CA5A0300ED0191 /* GCActivityCallback.h */; settings = {ATTRIBUTES = (Private, ); }; };
2AD2EDFB19799E38004D6478 /* EnumerationMode.h in Headers */ = {isa = PBXBuildFile; fileRef = 2AD2EDFA19799E38004D6478 /* EnumerationMode.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -3631,6 +3632,7 @@
2A83638418D7D0EE0000EBCC /* EdenGCActivityCallback.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = EdenGCActivityCallback.h; sourceTree = "<group>"; };
2A83638718D7D0FE0000EBCC /* FullGCActivityCallback.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FullGCActivityCallback.cpp; sourceTree = "<group>"; };
2A83638818D7D0FE0000EBCC /* FullGCActivityCallback.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FullGCActivityCallback.h; sourceTree = "<group>"; };
+ 2AAAA31018BD49D100394CC8 /* StructureIDBlob.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StructureIDBlob.h; sourceTree = "<group>"; };
2AABCDE618EF294200002096 /* GCLogging.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GCLogging.h; sourceTree = "<group>"; };
2AACE63A18CA5A0300ED0191 /* GCActivityCallback.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = GCActivityCallback.cpp; sourceTree = "<group>"; };
2AACE63B18CA5A0300ED0191 /* GCActivityCallback.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GCActivityCallback.h; sourceTree = "<group>"; };
@@ -8074,6 +8076,7 @@
7E4EE70E0EBB7A5B005934AA /* StructureChain.cpp */,
7E4EE7080EBB7963005934AA /* StructureChain.h */,
537FEEC82742BDA300C9EFEE /* StructureID.h */,
+ 2AAAA31018BD49D100394CC8 /* StructureIDBlob.h */,
0FD2C92316D01EE900C7803F /* StructureInlines.h */,
C2F0F2D016BAEEE900187C19 /* StructureRareData.cpp */,
C2FE18A316BAEC4000AF3061 /* StructureRareData.h */,
@@ -10157,7 +10160,6 @@
A5398FAB1C750DA40060A963 /* HeapProfiler.h in Headers */,
A54C2AB11C6544F200A18D78 /* HeapSnapshot.h in Headers */,
A5311C361C77CEC500E6B1B6 /* HeapSnapshotBuilder.h in Headers */,
- FE2CC9302756B2B9003F5AB8 /* HeapSubspaceTypes.h in Headers */,
0FADE6731D4D23BE00768457 /* HeapUtil.h in Headers */,
FE1BD0251E72053800134BC9 /* HeapVerifier.h in Headers */,
DC2143071CA32E55000A8869 /* ICStats.h in Headers */,
@@ -10274,7 +10276,6 @@
0FB467811FDDA6F7003FCB09 /* IsoCellSetInlines.h in Headers */,
E3BF1BAE238AAEDB003A1C2B /* IsoHeapCellType.h in Headers */,
E3C8ED4323A1DBCB00131958 /* IsoInlinedHeapCellType.h in Headers */,
- FE65B1512748601F00DB5B16 /* IsoInlinedHeapCellTypeInlines.h in Headers */,
537FEED12742BDE100C9EFEE /* IsoMemoryAllocatorBase.h in Headers */,
537FEECE2742BDE100C9EFEE /* IsoMemoryAllocatorBaseInlines.h in Headers */,
0FDCE12D1FAFB4E5006F3901 /* IsoSubspace.h in Headers */,
@@ -10425,6 +10426,7 @@
E33F50811B8429A400413856 /* JSInternalPromise.h in Headers */,
E33F50791B84225700413856 /* JSInternalPromiseConstructor.h in Headers */,
E33F50871B8449EF00413856 /* JSInternalPromiseConstructor.lut.h in Headers */,
+ FE65B1512748601F00DB5B16 /* IsoInlinedHeapCellTypeInlines.h in Headers */,
E33F50751B8421C000413856 /* JSInternalPromisePrototype.h in Headers */,
A503FA1E188E0FB000110F14 /* JSJavaScriptCallFramePrototype.h in Headers */,
BC18C4160E16F5CD00B34460 /* JSLexicalEnvironment.h in Headers */,
@@ -10830,6 +10832,7 @@
7986943B1F8C0ACC009232AE /* StructureCache.h in Headers */,
7E4EE7090EBB7963005934AA /* StructureChain.h in Headers */,
537FEEC92742BDA300C9EFEE /* StructureID.h in Headers */,
+ 2AAAA31218BD49D100394CC8 /* StructureIDBlob.h in Headers */,
0FD2C92416D01EE900C7803F /* StructureInlines.h in Headers */,
C2FE18A416BAEC4000AF3061 /* StructureRareData.h in Headers */,
C20BA92D16BB1C1500B3AEA2 /* StructureRareDataInlines.h in Headers */,
@@ -10952,6 +10955,7 @@
E337B967224324EA0093A820 /* WasmCapabilities.h in Headers */,
526AC4B71E977C5D003500E1 /* WasmCodeBlock.h in Headers */,
E3BD2B7622F275020011765C /* WasmCompilationMode.h in Headers */,
+ FE2CC9302756B2B9003F5AB8 /* HeapSubspaceTypes.h in Headers */,
AD412B341E7B2E9E008AF157 /* WasmContext.h in Headers */,
7593C898BE714A64BE93A6E7 /* WasmContextInlines.h in Headers */,
E36CC9472086314F0051FFD6 /* WasmCreationMode.h in Headers */,
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/assembler/testmasm.cpp (287004 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/assembler/testmasm.cpp 2021-12-14 03:27:46 UTC (rev 287004)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/assembler/testmasm.cpp 2021-12-14 03:27:51 UTC (rev 287005)
@@ -5613,7 +5613,6 @@
struct CellLike {
uint32_t structureID;
uint8_t indexingType;
- uint8_t cellState;
JSType type;
};
CHECK_EQ(JSCell::typeInfoTypeOffset(), OBJECT_OFFSETOF(CellLike, type));
@@ -5648,7 +5647,6 @@
struct CellLike {
uint32_t structureID;
uint8_t indexingType;
- uint8_t cellState;
JSType type;
};
CHECK_EQ(JSCell::typeInfoTypeOffset(), OBJECT_OFFSETOF(CellLike, type));
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.cpp (287004 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.cpp 2021-12-14 03:27:46 UTC (rev 287004)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.cpp 2021-12-14 03:27:51 UTC (rev 287005)
@@ -78,9 +78,9 @@
// Make sure that our explicit assumptions about the StructureIDBlob match reality.
RELEASE_ASSERT(!(JSCell_indexingTypeAndMisc.offset() & (sizeof(int32_t) - 1)));
- RELEASE_ASSERT(JSCell_indexingTypeAndMisc.offset() + 1 == JSCell_cellState.offset());
- RELEASE_ASSERT(JSCell_indexingTypeAndMisc.offset() + 2 == JSCell_typeInfoType.offset());
- RELEASE_ASSERT(JSCell_indexingTypeAndMisc.offset() + 3 == JSCell_typeInfoFlags.offset());
+ RELEASE_ASSERT(JSCell_indexingTypeAndMisc.offset() + 1 == JSCell_typeInfoType.offset());
+ RELEASE_ASSERT(JSCell_indexingTypeAndMisc.offset() + 2 == JSCell_typeInfoFlags.offset());
+ RELEASE_ASSERT(JSCell_indexingTypeAndMisc.offset() + 3 == JSCell_cellState.offset());
JSCell_structureID.changeParent(&JSCell_header);
JSCell_usefulBytes.changeParent(&JSCell_header);
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.h (287004 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.h 2021-12-14 03:27:46 UTC (rev 287004)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.h 2021-12-14 03:27:51 UTC (rev 287005)
@@ -149,6 +149,7 @@
macro(Structure_outOfLineTypeFlags, Structure::outOfLineTypeFlagsOffset()) \
macro(Structure_previousOrRareData, Structure::previousOrRareDataOffset()) \
macro(Structure_prototype, Structure::prototypeOffset()) \
+ macro(Structure_structureID, Structure::structureIDOffset()) \
macro(StructureRareData_cachedKeys, StructureRareData::offsetOfCachedPropertyNames(CachedPropertyNamesKind::Keys)) \
macro(StructureRareData_cachedGetOwnPropertyNames, StructureRareData::offsetOfCachedPropertyNames(CachedPropertyNamesKind::GetOwnPropertyNames)) \
macro(StructureRareData_cachedPropertyNameEnumeratorAndFlag, StructureRareData::offsetOfCachedPropertyNameEnumeratorAndFlag()) \
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (287004 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2021-12-14 03:27:46 UTC (rev 287004)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2021-12-14 03:27:51 UTC (rev 287005)
@@ -16802,7 +16802,7 @@
return;
}
- LValue id = m_out.bitAnd(m_out.castToInt32(structure), m_out.constInt32(structureIDMask));
+ LValue id = m_out.load32(structure, m_heaps.Structure_structureID);
m_out.store32(id, object, m_heaps.JSCell_structureID);
LValue blob = m_out.load32(structure, m_heaps.Structure_indexingModeIncludingHistory);
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/jit/AssemblyHelpers.h (287004 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/jit/AssemblyHelpers.h 2021-12-14 03:27:46 UTC (rev 287004)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/jit/AssemblyHelpers.h 2021-12-14 03:27:51 UTC (rev 287005)
@@ -1587,14 +1587,14 @@
void emitStoreStructureWithTypeInfo(RegisterID structure, RegisterID dest, RegisterID scratch)
{
+#if USE(JSVALUE64)
+ load64(MacroAssembler::Address(structure, Structure::structureIDOffset()), scratch);
+ store64(scratch, MacroAssembler::Address(dest, JSCell::structureIDOffset()));
+#else
// Store all the info flags using a single 32-bit wide load and store.
load32(MacroAssembler::Address(structure, Structure::indexingModeIncludingHistoryOffset()), scratch);
store32(scratch, MacroAssembler::Address(dest, JSCell::indexingTypeAndMiscOffset()));
-#if CPU(ADDRESS64)
- and32(MacroAssembler::TrustedImm32(structureIDMask), structure, scratch);
- store32(scratch, MacroAssembler::Address(dest, JSCell::structureIDOffset()));
-#else
// Store the StructureID
storePtr(structure, MacroAssembler::Address(dest, JSCell::structureIDOffset()));
#endif
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/jit/JITPropertyAccess.cpp (287004 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2021-12-14 03:27:46 UTC (rev 287004)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2021-12-14 03:27:51 UTC (rev 287005)
@@ -2464,7 +2464,7 @@
loadPtrFromMetadata(bytecode, OpPutToScope::Metadata::offsetOfStructure(), scratchGPR1);
emitGetVirtualRegisterPayload(scope, scopeGPR);
addSlowCase(branchTestPtr(Zero, scratchGPR1));
- and32(TrustedImm32(structureIDMask), scratchGPR1);
+ load32(Address(scratchGPR1, Structure::structureIDOffset()), scratchGPR1);
addSlowCase(branch32(NotEqual, Address(scopeGPR, JSCell::structureIDOffset()), scratchGPR1));
emitGetVirtualRegister(value, valueJSR);
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/JSCell.h (287004 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/JSCell.h 2021-12-14 03:27:46 UTC (rev 287004)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/JSCell.h 2021-12-14 03:27:51 UTC (rev 287005)
@@ -266,9 +266,9 @@
StructureID m_structureID;
IndexingType m_indexingTypeAndMisc; // DO NOT store to this field. Always CAS.
- CellState m_cellState;
JSType m_type;
TypeInfo::InlineTypeFlags m_flags;
+ CellState m_cellState;
};
class JSCellLock : public JSCell {
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/JSCellInlines.h (287004 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/JSCellInlines.h 2021-12-14 03:27:46 UTC (rev 287004)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/JSCellInlines.h 2021-12-14 03:27:51 UTC (rev 287005)
@@ -58,9 +58,9 @@
inline JSCell::JSCell(VM&, Structure* structure)
: m_structureID(structure->id())
, m_indexingTypeAndMisc(structure->indexingModeIncludingHistory())
- , m_cellState(CellState::DefinitelyWhite)
, m_type(structure->typeInfo().type())
, m_flags(structure->typeInfo().inlineTypeFlags())
+ , m_cellState(CellState::DefinitelyWhite)
{
ASSERT(!isCompilationThread());
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/Structure.cpp (287004 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/Structure.cpp 2021-12-14 03:27:46 UTC (rev 287004)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/Structure.cpp 2021-12-14 03:27:51 UTC (rev 287005)
@@ -197,9 +197,7 @@
Structure::Structure(VM& vm, JSGlobalObject* globalObject, JSValue prototype, const TypeInfo& typeInfo, const ClassInfo* classInfo, IndexingType indexingType, unsigned inlineCapacity)
: JSCell(vm, vm.structureStructure.get())
- , m_cellHeaderIndexingModeIncludingHistory(indexingType)
- , m_cellHeaderType(typeInfo.type())
- , m_cellHeaderInlineTypeFlags(typeInfo.inlineTypeFlags())
+ , m_blob(StructureID::encode(this), indexingType, typeInfo)
, m_outOfLineTypeFlags(typeInfo.outOfLineTypeFlags())
, m_inlineCapacity(inlineCapacity)
, m_bitField(0)
@@ -240,8 +238,6 @@
Structure::Structure(VM& vm, CreatingEarlyCellTag)
: JSCell(CreatingEarlyCell)
- , m_cellHeaderIndexingModeIncludingHistory(NoIndexingShape)
- , m_cellHeaderType(StructureType)
, m_inlineCapacity(0)
, m_bitField(0)
, m_prototype(vm, this, jsNull())
@@ -268,7 +264,7 @@
setMaxOffset(vm, invalidOffset);
TypeInfo typeInfo = TypeInfo(StructureType, StructureFlags);
- m_cellHeaderInlineTypeFlags = typeInfo.inlineTypeFlags();
+ m_blob = StructureIDBlob(StructureID::encode(this), 0, typeInfo);
m_outOfLineTypeFlags = typeInfo.outOfLineTypeFlags();
ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
@@ -278,10 +274,6 @@
Structure::Structure(VM& vm, Structure* previous, DeferredStructureTransitionWatchpointFire* deferred)
: JSCell(vm, vm.structureStructure.get())
- , m_cellHeaderIndexingModeIncludingHistory(previous->m_cellHeaderIndexingModeIncludingHistory)
- , m_cellHeaderType(previous->m_cellHeaderType)
- , m_cellHeaderInlineTypeFlags(previous->m_cellHeaderInlineTypeFlags)
- , m_outOfLineTypeFlags(previous->m_outOfLineTypeFlags)
, m_inlineCapacity(previous->m_inlineCapacity)
, m_bitField(0)
, m_prototype(vm, this, previous->m_prototype.get())
@@ -308,6 +300,10 @@
setTransitionOffset(vm, invalidOffset);
setMaxOffset(vm, invalidOffset);
+ TypeInfo typeInfo = previous->typeInfo();
+ m_blob = StructureIDBlob(StructureID::encode(this), previous->indexingModeIncludingHistory(), typeInfo);
+ m_outOfLineTypeFlags = typeInfo.outOfLineTypeFlags();
+
ASSERT(!previous->typeInfo().structureIsImmortal());
setPreviousID(vm, previous);
@@ -533,7 +529,7 @@
transition->setProtectPropertyTableWhileTransitioning(true);
}
- transition->m_cellHeaderIndexingModeIncludingHistory = structure->indexingModeIncludingHistory() & ~CopyOnWrite;
+ transition->m_blob.setIndexingModeIncludingHistory(structure->indexingModeIncludingHistory() & ~CopyOnWrite);
transition->m_transitionPropertyName = propertyName.uid();
transition->setTransitionPropertyAttributes(attributes);
transition->setTransitionKind(TransitionKind::PropertyAddition);
@@ -630,7 +626,7 @@
transition->setProtectPropertyTableWhileTransitioning(true);
}
- transition->m_cellHeaderIndexingModeIncludingHistory = structure->indexingModeIncludingHistory() & ~CopyOnWrite;
+ transition->m_blob.setIndexingModeIncludingHistory(structure->indexingModeIncludingHistory() & ~CopyOnWrite);
transition->m_transitionPropertyName = propertyName.uid();
transition->setTransitionKind(TransitionKind::PropertyDeletion);
transition->setPropertyTable(vm, structure->takePropertyTableOrCloneIfPinned(vm));
@@ -724,7 +720,7 @@
transition->setProtectPropertyTableWhileTransitioning(true);
}
- transition->m_cellHeaderIndexingModeIncludingHistory = structure->indexingModeIncludingHistory() & ~CopyOnWrite;
+ transition->m_blob.setIndexingModeIncludingHistory(structure->indexingModeIncludingHistory() & ~CopyOnWrite);
transition->m_transitionPropertyName = propertyName.uid();
transition->setTransitionPropertyAttributes(attributes);
transition->setTransitionKind(TransitionKind::PropertyAttributeChange);
@@ -822,7 +818,7 @@
Structure* transition = create(vm, structure);
transition->setTransitionKind(transitionKind);
- transition->m_cellHeaderIndexingModeIncludingHistory = indexingModeIncludingHistory;
+ transition->m_blob.setIndexingModeIncludingHistory(indexingModeIncludingHistory);
if (preventsExtensions(transitionKind))
transition->setDidPreventExtensions(true);
@@ -1550,7 +1546,7 @@
transition->setTransitionKind(TransitionKind::SetBrand);
transition->m_cachedPrototypeChain.setMayBeNull(vm, transition, structure->m_cachedPrototypeChain.get());
- transition->m_cellHeaderIndexingModeIncludingHistory = structure->indexingModeIncludingHistory();
+ transition->m_blob.setIndexingModeIncludingHistory(structure->indexingModeIncludingHistory());
transition->m_transitionPropertyName = &brand->uid();
transition->setTransitionPropertyAttributes(0);
transition->setPropertyTable(vm, structure->takePropertyTableOrCloneIfPinned(vm));
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/Structure.h (287004 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/Structure.h 2021-12-14 03:27:46 UTC (rev 287004)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/Structure.h 2021-12-14 03:27:51 UTC (rev 287005)
@@ -37,6 +37,7 @@
#include "PropertyNameArray.h"
#include "PropertyOffset.h"
#include "PutPropertySlot.h"
+#include "StructureIDBlob.h"
#include "StructureRareData.h"
#include "StructureTransitionTable.h"
#include "TinyBloomFilter.h"
@@ -164,13 +165,14 @@
void validateFlags();
public:
- StructureID id() const { return StructureID::encode(this); }
- int32_t objectInitializationBlob() const { return *reinterpret_cast_ptr<const uint32_t*>(&m_cellHeaderIndexingModeIncludingHistory); }
- int64_t idBlob() const { return static_cast<uint64_t>(objectInitializationBlob()) << 32 | id().bits(); }
+ StructureID id() const { ASSERT(m_blob.structureID() == StructureID::encode(this)); return m_blob.structureID(); }
+ int32_t objectInitializationBlob() const { return m_blob.blobExcludingStructureID(); }
+ int64_t idBlob() const { return m_blob.blob(); }
bool isProxy() const
{
- return m_cellHeaderType == PureForwardingProxyType || m_cellHeaderType == ProxyObjectType;
+ JSType type = m_blob.type();
+ return type == PureForwardingProxyType || type == ProxyObjectType;
}
static void dumpStatistics();
@@ -261,11 +263,7 @@
}
// Type accessors.
-#if CPU(NEEDS_ALIGNED_ACCESS)
- TypeInfo typeInfo() const { return TypeInfo(m_cellHeaderType, m_cellHeaderInlineTypeFlags, m_outOfLineTypeFlags); }
-#else
- TypeInfo typeInfo() const { return *reinterpret_cast_ptr<const TypeInfo*>(&m_cellHeaderType); }
-#endif
+ TypeInfo typeInfo() const { return m_blob.typeInfo(m_outOfLineTypeFlags); }
bool isObject() const { return typeInfo().isObject(); }
protected:
// You probably want typeInfo().type()
@@ -272,15 +270,15 @@
JSType type() { return JSCell::type(); }
public:
- IndexingType indexingType() const { return indexingModeIncludingHistory() & AllWritableArrayTypes; }
- IndexingType indexingMode() const { return indexingModeIncludingHistory() & AllArrayTypes; }
+ IndexingType indexingType() const { return m_blob.indexingModeIncludingHistory() & AllWritableArrayTypes; }
+ IndexingType indexingMode() const { return m_blob.indexingModeIncludingHistory() & AllArrayTypes; }
Dependency fencedIndexingMode(IndexingType& indexingType)
{
- Dependency dependency = Dependency::loadAndFence(&m_cellHeaderIndexingModeIncludingHistory, indexingType);
+ Dependency dependency = m_blob.fencedIndexingModeIncludingHistory(indexingType);
indexingType &= AllArrayTypes;
return dependency;
}
- IndexingType indexingModeIncludingHistory() const { return m_cellHeaderIndexingModeIncludingHistory; }
+ IndexingType indexingModeIncludingHistory() const { return m_blob.indexingModeIncludingHistory(); }
inline bool mayInterceptIndexedAccesses() const;
@@ -559,6 +557,11 @@
const ClassInfo* classInfo() const { return m_classInfo; }
+ static ptrdiff_t structureIDOffset()
+ {
+ return OBJECT_OFFSETOF(Structure, m_blob) + StructureIDBlob::structureIDOffset();
+ }
+
static ptrdiff_t prototypeOffset()
{
return OBJECT_OFFSETOF(Structure, m_prototype);
@@ -581,7 +584,7 @@
static ptrdiff_t indexingModeIncludingHistoryOffset()
{
- return OBJECT_OFFSETOF(Structure, m_cellHeaderIndexingModeIncludingHistory);
+ return OBJECT_OFFSETOF(Structure, m_blob) + StructureIDBlob::indexingModeIncludingHistoryOffset();
}
static ptrdiff_t propertyTableUnsafeOffset()
@@ -857,12 +860,8 @@
static constexpr int s_maxTransitionLengthForNonEvalPutById = 512;
// These need to be properly aligned at the beginning of the 'Structure'
- // part of the object. And need to match the order of the equivalent properties in
- // JSCell.
- IndexingType m_cellHeaderIndexingModeIncludingHistory;
- const CellState m_cellHeaderDefaultCellState { CellState::DefinitelyWhite };
- const JSType m_cellHeaderType;
- TypeInfo::InlineTypeFlags m_cellHeaderInlineTypeFlags;
+ // part of the object.
+ StructureIDBlob m_blob;
TypeInfo::OutOfLineTypeFlags m_outOfLineTypeFlags;
uint8_t m_inlineCapacity;
Added: branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/StructureIDBlob.h (0 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/StructureIDBlob.h (rev 0)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/StructureIDBlob.h 2021-12-14 03:27:51 UTC (rev 287005)
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2014-2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "CellState.h"
+#include "IndexingType.h"
+#include "JSTypeInfo.h"
+#include "StructureID.h"
+
+namespace JSC {
+
+class StructureIDBlob {
+ friend class LLIntOffsetsExtractor;
+public:
+ StructureIDBlob() = default;
+
+ StructureIDBlob(StructureID structureID, IndexingType indexingModeIncludingHistory, const TypeInfo& typeInfo)
+ {
+ u.fields.structureID = structureID;
+ u.fields.indexingModeIncludingHistory = indexingModeIncludingHistory;
+ u.fields.type = typeInfo.type();
+ u.fields.inlineTypeFlags = typeInfo.inlineTypeFlags();
+ u.fields.defaultCellState = CellState::DefinitelyWhite;
+ }
+
+ void operator=(const StructureIDBlob& other) { u.doubleWord = other.u.doubleWord; }
+
+ StructureID structureID() const { return u.fields.structureID; }
+ IndexingType indexingModeIncludingHistory() const { return u.fields.indexingModeIncludingHistory; }
+ Dependency fencedIndexingModeIncludingHistory(IndexingType& indexingType)
+ {
+ return Dependency::loadAndFence(&u.fields.indexingModeIncludingHistory, indexingType);
+ }
+ void setIndexingModeIncludingHistory(IndexingType indexingModeIncludingHistory) { u.fields.indexingModeIncludingHistory = indexingModeIncludingHistory; }
+ JSType type() const { return u.fields.type; }
+ TypeInfo::InlineTypeFlags inlineTypeFlags() const { return u.fields.inlineTypeFlags; }
+
+ TypeInfo typeInfo(TypeInfo::OutOfLineTypeFlags outOfLineTypeFlags) const { return TypeInfo(type(), inlineTypeFlags(), outOfLineTypeFlags); }
+
+ int32_t blobExcludingStructureID() const { return u.words.word2; }
+ int64_t blob() const { return u.doubleWord; }
+
+ static ptrdiff_t structureIDOffset()
+ {
+ return OBJECT_OFFSETOF(StructureIDBlob, u.fields.structureID);
+ }
+
+ static ptrdiff_t indexingModeIncludingHistoryOffset()
+ {
+ return OBJECT_OFFSETOF(StructureIDBlob, u.fields.indexingModeIncludingHistory);
+ }
+
+private:
+ union Data {
+ struct {
+ // FIXME: We should remove this since the structureID can be directly computed from the Structure*
+ StructureID structureID;
+ IndexingType indexingModeIncludingHistory;
+ JSType type;
+ TypeInfo::InlineTypeFlags inlineTypeFlags;
+ CellState defaultCellState;
+ } fields;
+ struct {
+ int32_t word1;
+ int32_t word2;
+ } words;
+ int64_t doubleWord;
+
+ Data() { doubleWord = 0xbbadbeef; }
+ };
+
+ Data u;
+};
+
+} // namespace JSC
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/StructureInlines.h (287004 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/StructureInlines.h 2021-12-14 03:27:46 UTC (rev 287004)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/runtime/StructureInlines.h 2021-12-14 03:27:51 UTC (rev 287005)
@@ -256,7 +256,7 @@
if (hasIndexedProperties(indexingType()))
return true;
- if (!isTypedView(typedArrayTypeForType(m_cellHeaderType)))
+ if (!isTypedView(typedArrayTypeForType(m_blob.type())))
return false;
return jsCast<const JSArrayBufferView*>(cell)->mode() == WastefulTypedArray;
Modified: branches/safari-613.1.11-branch/Source/_javascript_Core/tools/VMInspectorInlines.h (287004 => 287005)
--- branches/safari-613.1.11-branch/Source/_javascript_Core/tools/VMInspectorInlines.h 2021-12-14 03:27:46 UTC (rev 287004)
+++ branches/safari-613.1.11-branch/Source/_javascript_Core/tools/VMInspectorInlines.h 2021-12-14 03:27:51 UTC (rev 287005)
@@ -45,7 +45,7 @@
Structure* structure = cell->structure(vm);
const ClassInfo* classInfo = structure->classInfo();
JSType cellType = cell->type();
- AUDIT_VERIFY(action, verifier, cellType == structure->typeInfo().type(), cell, cellType, structure->typeInfo().type());
+ AUDIT_VERIFY(action, verifier, cellType == structure->m_blob.type(), cell, cellType, structure->m_blob.type());
size_t size = cellSize(vm, cell);
AUDIT_VERIFY(action, verifier, size <= allocatorCellSize, cell, cellType, size, allocatorCellSize, classInfo->staticClassSize);
