Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (292794 => 292795)
--- trunk/Source/_javascript_Core/ChangeLog 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/ChangeLog 2022-04-13 03:54:32 UTC (rev 292795)
@@ -1,3 +1,53 @@
+2022-04-12 Yusuke Suzuki <[email protected]>
+
+ [JSC] Move StructureCache from VM to JSGlobalObject
+ https://bugs.webkit.org/show_bug.cgi?id=239044
+
+ Reviewed by Saam Barati.
+
+ We should have StructureCache per JSGlobalObject since cached structures are tied to some of JSGlobalObject.
+ This can (1) reduce size of each StructureCache, (2) destroy StructureCache timely at the destruction of
+ JSGlobalObject, and (3) simplifies JSGlobalObject::haveABadTime handling in the compiler.
+
+ * bytecode/InternalFunctionAllocationProfile.h:
+ (JSC::InternalFunctionAllocationProfile::createAllocationStructureFromBase):
+ * bytecode/ObjectAllocationProfileInlines.h:
+ (JSC::ObjectAllocationProfileBase<Derived>::initializeProfile):
+ * dfg/DFGAbstractInterpreterInlines.h:
+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+ * dfg/DFGConstantFoldingPhase.cpp:
+ (JSC::DFG::ConstantFoldingPhase::foldConstants):
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::createSubclassStructure):
+ * runtime/IteratorOperations.cpp:
+ (JSC::createIteratorResultObjectStructure):
+ * runtime/JSBoundFunction.cpp:
+ (JSC::getBoundFunctionStructure):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::JSGlobalObject):
+ (JSC::JSGlobalObject::init):
+ (JSC::JSGlobalObject::fireWatchpointAndMakeAllArrayStructuresSlowPut):
+ (JSC::JSGlobalObject::haveABadTime):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::structureCache):
+ * runtime/ObjectConstructor.h:
+ (JSC::constructEmptyObject):
+ (JSC::createDataPropertyDescriptorObjectStructure):
+ (JSC::createAccessorPropertyDescriptorObjectStructure):
+ * runtime/PrototypeKey.h:
+ (JSC::PrototypeKey::PrototypeKey):
+ (JSC::PrototypeKey::classInfo const):
+ (JSC::PrototypeKey::operator== const):
+ (JSC::PrototypeKey::hash const):
+ (JSC::PrototypeKey::globalObject const): Deleted.
+ * runtime/StructureCache.cpp:
+ (JSC::StructureCache::createEmptyStructure):
+ (JSC::StructureCache::emptyObjectStructureConcurrently):
+ * runtime/StructureCache.h:
+ * runtime/VM.cpp:
+ (JSC::VM::VM):
+ * runtime/VM.h:
+
2022-04-12 Tim Horton <[email protected]>
Adopt "version set"-based linked-on-or-after checks instead of platform-specific ones
Modified: trunk/Source/_javascript_Core/bytecode/InternalFunctionAllocationProfile.h (292794 => 292795)
--- trunk/Source/_javascript_Core/bytecode/InternalFunctionAllocationProfile.h 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/bytecode/InternalFunctionAllocationProfile.h 2022-04-13 03:54:32 UTC (rev 292795)
@@ -56,7 +56,7 @@
if (prototype == baseStructure->storedPrototype())
structure = baseStructure;
else
- structure = vm.structureCache.emptyStructureForPrototypeFromBaseStructure(baseGlobalObject, prototype, baseStructure);
+ structure = baseGlobalObject->structureCache().emptyStructureForPrototypeFromBaseStructure(baseGlobalObject, prototype, baseStructure);
// Ensure that if another thread sees the structure, it will see it properly created.
WTF::storeStoreFence();
Modified: trunk/Source/_javascript_Core/bytecode/ObjectAllocationProfileInlines.h (292794 => 292795)
--- trunk/Source/_javascript_Core/bytecode/ObjectAllocationProfileInlines.h 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/bytecode/ObjectAllocationProfileInlines.h 2022-04-13 03:54:32 UTC (rev 292795)
@@ -109,7 +109,7 @@
inlineCapacity = JSFinalObject::maxInlineCapacity();
}
- Structure* structure = vm.structureCache.emptyObjectStructureForPrototype(globalObject, prototype, inlineCapacity, isPolyProto, executable);
+ Structure* structure = globalObject->structureCache().emptyObjectStructureForPrototype(globalObject, prototype, inlineCapacity, isPolyProto, executable);
if (isPolyProto) {
ASSERT(structure->hasPolyProto());
Modified: trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h (292794 => 292795)
--- trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2022-04-13 03:54:32 UTC (rev 292795)
@@ -3127,10 +3127,25 @@
}
case ObjectCreate: {
- if (JSValue prototype = forNode(node->child1()).m_value) {
- m_state.setShouldTryConstantFolding(true);
- if (prototype.isNull()) {
- Structure* structure = m_graph.globalObjectFor(node->origin.semantic)->nullPrototypeObjectStructure();
+ if (JSValue base = forNode(node->child1()).m_value) {
+ JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic);
+ Structure* structure = nullptr;
+ if (base.isNull())
+ structure = globalObject->nullPrototypeObjectStructure();
+ else if (base.isObject()) {
+ // Having a bad time clears the structureCache, and so it should invalidate this structure.
+ bool isHavingABadTime = globalObject->isHavingABadTime();
+ // Normally, we would always install a watchpoint. In this case, however, if we haveABadTime, we
+ // still want to optimize. There is no watchpoint for that case though, so we need to make sure this load
+ // does not get hoisted above the check.
+ WTF::loadLoadFence();
+ if (!isHavingABadTime)
+ m_graph.watchpoints().addLazily(globalObject->havingABadTimeWatchpoint());
+ structure = globalObject->structureCache().emptyObjectStructureConcurrently(base.getObject(), JSFinalObject::defaultInlineCapacity());
+ }
+
+ if (structure) {
+ m_state.setShouldTryConstantFolding(true);
if (node->child1().useKind() == UntypedUse)
didFoldClobberWorld();
setForNode(node, structure);
Modified: trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp (292794 => 292795)
--- trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp 2022-04-13 03:54:32 UTC (rev 292795)
@@ -845,7 +845,7 @@
WTF::loadLoadFence();
if (!isHavingABadTime)
m_graph.watchpoints().addLazily(globalObject->havingABadTimeWatchpoint());
- structure = globalObject->vm().structureCache.emptyObjectStructureConcurrently(globalObject, base.getObject(), JSFinalObject::defaultInlineCapacity());
+ structure = globalObject->structureCache().emptyObjectStructureConcurrently(base.getObject(), JSFinalObject::defaultInlineCapacity());
}
if (structure) {
Modified: trunk/Source/_javascript_Core/runtime/InternalFunction.cpp (292794 => 292795)
--- trunk/Source/_javascript_Core/runtime/InternalFunction.cpp 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/runtime/InternalFunction.cpp 2022-04-13 03:54:32 UTC (rev 292795)
@@ -160,7 +160,8 @@
if (JSObject* prototype = jsDynamicCast<JSObject*>(vm, prototypeValue)) {
// This only happens if someone Reflect.constructs our builtin constructor with another builtin constructor as the new.target.
// Thus, we don't care about the cost of looking up the structure from our hash table every time.
- return vm.structureCache.emptyStructureForPrototypeFromBaseStructure(prototype->globalObject(vm), prototype, baseClass);
+ JSGlobalObject* globalObject = prototype->globalObject(vm);
+ return globalObject->structureCache().emptyStructureForPrototypeFromBaseStructure(globalObject, prototype, baseClass);
}
}
Modified: trunk/Source/_javascript_Core/runtime/IteratorOperations.cpp (292794 => 292795)
--- trunk/Source/_javascript_Core/runtime/IteratorOperations.cpp 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/runtime/IteratorOperations.cpp 2022-04-13 03:54:32 UTC (rev 292795)
@@ -132,7 +132,7 @@
Structure* createIteratorResultObjectStructure(VM& vm, JSGlobalObject& globalObject)
{
- Structure* iteratorResultStructure = vm.structureCache.emptyObjectStructureForPrototype(&globalObject, globalObject.objectPrototype(), JSFinalObject::defaultInlineCapacity());
+ Structure* iteratorResultStructure = globalObject.structureCache().emptyObjectStructureForPrototype(&globalObject, globalObject.objectPrototype(), JSFinalObject::defaultInlineCapacity());
PropertyOffset offset;
iteratorResultStructure = Structure::addPropertyTransition(vm, iteratorResultStructure, vm.propertyNames->value, 0, offset);
RELEASE_ASSERT(offset == valuePropertyOffset);
Modified: trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp (292794 => 292795)
--- trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp 2022-04-13 03:54:32 UTC (rev 292795)
@@ -178,7 +178,7 @@
// currently. Whoever works on caching structure changes for prototype transitions should consider this problem as well.
// See: https://bugs.webkit.org/show_bug.cgi?id=152738
if (prototype.isObject() && prototype.getObject()->globalObject(vm) == globalObject) {
- result = vm.structureCache.emptyStructureForPrototypeFromBaseStructure(globalObject, prototype.getObject(), result);
+ result = globalObject->structureCache().emptyStructureForPrototypeFromBaseStructure(globalObject, prototype.getObject(), result);
ASSERT_WITH_SECURITY_IMPLICATION(result->globalObject() == globalObject);
} else
result = Structure::create(vm, globalObject, prototype, result->typeInfo(), result->classInfo());
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp (292794 => 292795)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2022-04-13 03:54:32 UTC (rev 292795)
@@ -613,6 +613,7 @@
: Base(vm, structure, nullptr)
, m_vm(&vm)
, m_linkTimeConstants(numberOfLinkTimeConstants)
+ , m_structureCache(vm)
, m_masqueradesAsUndefinedWatchpoint(WatchpointSet::create(IsWatched))
, m_havingABadTimeWatchpoint(WatchpointSet::create(IsWatched))
, m_varInjectionWatchpoint(WatchpointSet::create(IsWatched))
@@ -828,7 +829,7 @@
JSFunction::create(vm, this, 0, makeString("set ", vm.propertyNames->underscoreProto.string()), globalFuncProtoSetter));
m_objectPrototype->putDirectNonIndexAccessorWithoutTransition(vm, vm.propertyNames->underscoreProto, protoAccessor, PropertyAttribute::Accessor | PropertyAttribute::DontEnum);
m_functionPrototype->structure(vm)->setPrototypeWithoutTransition(vm, m_objectPrototype.get());
- m_objectStructureForObjectConstructor.set(vm, this, vm.structureCache.emptyObjectStructureForPrototype(this, m_objectPrototype.get(), JSFinalObject::defaultInlineCapacity()));
+ m_objectStructureForObjectConstructor.set(vm, this, m_structureCache.emptyObjectStructureForPrototype(this, m_objectPrototype.get(), JSFinalObject::defaultInlineCapacity()));
m_objectProtoValueOfFunction.set(vm, this, jsCast<JSFunction*>(objectPrototype()->getDirect(vm, vm.propertyNames->valueOf)));
m_speciesGetterSetter.set(vm, this, GetterSetter::create(vm, this, JSFunction::create(vm, globalOperationsSpeciesGetterCodeGenerator(vm), this), nullptr));
@@ -1997,6 +1998,17 @@
if (isHavingABadTime())
return;
+ // This must happen first, because the compiler thread may race with haveABadTime.
+ // Let R_BT, W_BT <- Read/Fire the watchpoint, R_SC, W_SC <- Read/clear the structure cache.
+ // The possible interleavings are:
+ // R_BT, R_SC, W_SC, W_BT: Compiler thread installs a watchpoint, and the code is discarded.
+ // R_BT, W_SC, R_SC, W_BT: ^ Same
+ // R_BT, W_SC, W_BT, W_SC: ^ Same
+ // W_SC, R_BT, R_SC, W_BT: ^ Same
+ // W_SC, R_BT, W_BT, R_SC: ^ Same
+ // W_SC, W_BT, R_BT, R_SC: No watchpoint is installed, but we could not see old structures from the cache.
+ m_structureCache.clear(); // We may be caching array structures in here.
+
// Make sure that all JSArray allocations that load the appropriate structure from
// this object now load a structure that uses SlowPut.
for (unsigned i = 0; i < NumberOfArrayIndexingModes; ++i)
@@ -2031,17 +2043,6 @@
if (isHavingABadTime())
return;
- // This must happen first, because the compiler thread may race with haveABadTime.
- // Let R_BT, W_BT <- Read/Fire the watchpoint, R_SC, W_SC <- Read/clear the structure cache.
- // The possible interleavings are:
- // R_BT, R_SC, W_SC, W_BT: Compiler thread installs a watchpoint, and the code is discarded.
- // R_BT, W_SC, R_SC, W_BT: ^ Same
- // R_BT, W_SC, W_BT, W_SC: ^ Same
- // W_SC, R_BT, R_SC, W_BT: ^ Same
- // W_SC, R_BT, W_BT, R_SC: ^ Same
- // W_SC, W_BT, R_BT, R_SC: No watchpoint is installed, but we could not see old structures from the cache.
- vm.structureCache.clear(); // We may be caching array structures in here.
-
DeferGC deferGC(vm);
// Consider the following objects and prototype chains:
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.h (292794 => 292795)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2022-04-13 03:54:32 UTC (rev 292795)
@@ -42,6 +42,7 @@
#include "RegExpGlobalData.h"
#include "RuntimeFlags.h"
#include "StringPrototype.h"
+#include "StructureCache.h"
#include "SymbolPrototype.h"
#include "VM.h"
#include "Watchpoint.h"
@@ -492,6 +493,8 @@
FixedVector<LazyProperty<JSGlobalObject, JSCell>> m_linkTimeConstants;
+ StructureCache m_structureCache;
+
String m_name;
Strong<JSObject> m_unhandledRejectionCallback;
@@ -946,6 +949,8 @@
void setName(const String&);
const String& name() const { return m_name; }
+ StructureCache& structureCache() { return m_structureCache; }
+
void setUnhandledRejectionCallback(VM& vm, JSObject* function) { m_unhandledRejectionCallback.set(vm, function); }
JSObject* unhandledRejectionCallback() const { return m_unhandledRejectionCallback.get(); }
Modified: trunk/Source/_javascript_Core/runtime/ObjectConstructor.h (292794 => 292795)
--- trunk/Source/_javascript_Core/runtime/ObjectConstructor.h 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/runtime/ObjectConstructor.h 2022-04-13 03:54:32 UTC (rev 292795)
@@ -67,8 +67,7 @@
inline JSFinalObject* constructEmptyObject(JSGlobalObject* globalObject, JSObject* prototype, unsigned inlineCapacity)
{
VM& vm = getVM(globalObject);
- StructureCache& structureCache = vm.structureCache;
- Structure* structure = structureCache.emptyObjectStructureForPrototype(globalObject, prototype, inlineCapacity);
+ Structure* structure = globalObject->structureCache().emptyObjectStructureForPrototype(globalObject, prototype, inlineCapacity);
return constructEmptyObject(vm, structure);
}
@@ -103,7 +102,7 @@
inline Structure* createDataPropertyDescriptorObjectStructure(VM& vm, JSGlobalObject& globalObject)
{
- Structure* structure = vm.structureCache.emptyObjectStructureForPrototype(&globalObject, globalObject.objectPrototype(), JSFinalObject::defaultInlineCapacity());
+ Structure* structure = globalObject.structureCache().emptyObjectStructureForPrototype(&globalObject, globalObject.objectPrototype(), JSFinalObject::defaultInlineCapacity());
PropertyOffset offset;
structure = Structure::addPropertyTransition(vm, structure, vm.propertyNames->value, 0, offset);
RELEASE_ASSERT(offset == dataPropertyDescriptorValuePropertyOffset);
@@ -118,7 +117,7 @@
inline Structure* createAccessorPropertyDescriptorObjectStructure(VM& vm, JSGlobalObject& globalObject)
{
- Structure* structure = vm.structureCache.emptyObjectStructureForPrototype(&globalObject, globalObject.objectPrototype(), JSFinalObject::defaultInlineCapacity());
+ Structure* structure = globalObject.structureCache().emptyObjectStructureForPrototype(&globalObject, globalObject.objectPrototype(), JSFinalObject::defaultInlineCapacity());
PropertyOffset offset;
structure = Structure::addPropertyTransition(vm, structure, vm.propertyNames->get, 0, offset);
RELEASE_ASSERT(offset == accessorPropertyDescriptorGetPropertyOffset);
Modified: trunk/Source/_javascript_Core/runtime/PrototypeKey.h (292794 => 292795)
--- trunk/Source/_javascript_Core/runtime/PrototypeKey.h 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/runtime/PrototypeKey.h 2022-04-13 03:54:32 UTC (rev 292795)
@@ -30,7 +30,6 @@
namespace JSC {
class FunctionExecutable;
-class JSGlobalObject;
class JSObject;
class PrototypeKey {
@@ -37,12 +36,11 @@
public:
PrototypeKey() { }
- PrototypeKey(JSObject* prototype, FunctionExecutable* executable, unsigned inlineCapacity, const ClassInfo* classInfo, JSGlobalObject* globalObject)
+ PrototypeKey(JSObject* prototype, FunctionExecutable* executable, unsigned inlineCapacity, const ClassInfo* classInfo)
: m_prototype(prototype)
, m_executable(executable)
, m_inlineCapacity(inlineCapacity)
, m_classInfo(classInfo)
- , m_globalObject(globalObject)
{
}
@@ -55,7 +53,6 @@
FunctionExecutable* executable() const { return m_executable; }
unsigned inlineCapacity() const { return m_inlineCapacity; }
const ClassInfo* classInfo() const { return m_classInfo; }
- JSGlobalObject* globalObject() const { return m_globalObject; }
bool operator==(const PrototypeKey& other) const
{
@@ -62,8 +59,7 @@
return m_prototype == other.m_prototype
&& m_executable == other.m_executable
&& m_inlineCapacity == other.m_inlineCapacity
- && m_classInfo == other.m_classInfo
- && m_globalObject == other.m_globalObject;
+ && m_classInfo == other.m_classInfo;
}
bool operator!=(const PrototypeKey& other) const { return !(*this == other); }
@@ -72,7 +68,7 @@
unsigned hash() const
{
- return WTF::IntHash<uintptr_t>::hash(bitwise_cast<uintptr_t>(m_prototype) ^ bitwise_cast<uintptr_t>(m_executable) ^ bitwise_cast<uintptr_t>(m_classInfo) ^ bitwise_cast<uintptr_t>(m_globalObject)) + m_inlineCapacity;
+ return WTF::IntHash<uintptr_t>::hash(bitwise_cast<uintptr_t>(m_prototype) ^ bitwise_cast<uintptr_t>(m_executable) ^ bitwise_cast<uintptr_t>(m_classInfo)) + m_inlineCapacity;
}
private:
@@ -82,7 +78,6 @@
FunctionExecutable* m_executable { nullptr };
unsigned m_inlineCapacity { 0 };
const ClassInfo* m_classInfo { nullptr };
- JSGlobalObject* m_globalObject { nullptr };
};
struct PrototypeKeyHash {
Modified: trunk/Source/_javascript_Core/runtime/StructureCache.cpp (292794 => 292795)
--- trunk/Source/_javascript_Core/runtime/StructureCache.cpp 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/runtime/StructureCache.cpp 2022-04-13 03:54:32 UTC (rev 292795)
@@ -42,7 +42,8 @@
RELEASE_ASSERT(!!prototype); // We use nullptr inside the HashMap for prototype to mean poly proto, so user's of this API must provide non-null prototypes.
// We don't need to lock here because only the main thread can get here, and only the main thread can mutate the cache
- PrototypeKey key { makePolyProtoStructure ? nullptr : prototype, executable, inlineCapacity, classInfo, globalObject };
+ ASSERT(!isCompilationThread() && !Thread::mayBeGCThread());
+ PrototypeKey key { makePolyProtoStructure ? nullptr : prototype, executable, inlineCapacity, classInfo };
if (Structure* structure = m_structures.get(key)) {
if (makePolyProtoStructure) {
prototype->didBecomePrototype();
@@ -69,11 +70,11 @@
return structure;
}
-Structure* StructureCache::emptyObjectStructureConcurrently(JSGlobalObject* globalObject, JSObject* prototype, unsigned inlineCapacity)
+Structure* StructureCache::emptyObjectStructureConcurrently(JSObject* prototype, unsigned inlineCapacity)
{
RELEASE_ASSERT(!!prototype); // We use nullptr inside the HashMap for prototype to mean poly proto, so user's of this API must provide non-null prototypes.
- PrototypeKey key { prototype, nullptr, inlineCapacity, JSFinalObject::info(), globalObject };
+ PrototypeKey key { prototype, nullptr, inlineCapacity, JSFinalObject::info() };
Locker locker { m_lock };
if (Structure* structure = m_structures.get(key)) {
ASSERT(prototype->mayBePrototype());
Modified: trunk/Source/_javascript_Core/runtime/StructureCache.h (292794 => 292795)
--- trunk/Source/_javascript_Core/runtime/StructureCache.h 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/runtime/StructureCache.h 2022-04-13 03:54:32 UTC (rev 292795)
@@ -52,7 +52,7 @@
JS_EXPORT_PRIVATE Structure* emptyObjectStructureForPrototype(JSGlobalObject*, JSObject*, unsigned inlineCapacity, bool makePolyProtoStructure = false, FunctionExecutable* = nullptr);
JS_EXPORT_PRIVATE Structure* emptyStructureForPrototypeFromBaseStructure(JSGlobalObject*, JSObject*, Structure*);
- JS_EXPORT_PRIVATE Structure* emptyObjectStructureConcurrently(JSGlobalObject*, JSObject* prototype, unsigned inlineCapacity);
+ JS_EXPORT_PRIVATE Structure* emptyObjectStructureConcurrently(JSObject* prototype, unsigned inlineCapacity);
private:
Structure* createEmptyStructure(JSGlobalObject*, JSObject* prototype, const TypeInfo&, const ClassInfo*, IndexingType, unsigned inlineCapacity, bool makePolyProtoStructure, FunctionExecutable*);
Modified: trunk/Source/_javascript_Core/runtime/VM.cpp (292794 => 292795)
--- trunk/Source/_javascript_Core/runtime/VM.cpp 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/runtime/VM.cpp 2022-04-13 03:54:32 UTC (rev 292795)
@@ -220,7 +220,6 @@
, emptyList(new ArgList)
, machineCodeBytesPerBytecodeWordForBaselineJIT(makeUnique<SimpleStats>())
, symbolImplToSymbolMap(*this)
- , structureCache(*this)
, interpreter(nullptr)
, entryScope(nullptr)
, m_regExpCache(new RegExpCache(this))
Modified: trunk/Source/_javascript_Core/runtime/VM.h (292794 => 292795)
--- trunk/Source/_javascript_Core/runtime/VM.h 2022-04-13 03:15:43 UTC (rev 292794)
+++ trunk/Source/_javascript_Core/runtime/VM.h 2022-04-13 03:54:32 UTC (rev 292795)
@@ -36,6 +36,7 @@
#include "ExceptionEventLocation.h"
#include "FunctionHasExecutedCache.h"
#include "Heap.h"
+#include "IndexingType.h"
#include "Integrity.h"
#include "Intrinsic.h"
#include "JSCJSValue.h"
@@ -48,11 +49,11 @@
#include "NumericStrings.h"
#include "SmallStrings.h"
#include "Strong.h"
-#include "StructureCache.h"
#include "SubspaceAccess.h"
#include "ThunkGenerator.h"
#include "VMTraps.h"
#include "WasmContext.h"
+#include "WeakGCMap.h"
#include <variant>
#include <wtf/BumpPointerAllocator.h>
#include <wtf/CheckedArithmetic.h>
@@ -549,8 +550,6 @@
SourceProviderCache* addSourceProviderCache(SourceProvider*);
void clearSourceProviderCaches();
- StructureCache structureCache;
-
typedef HashMap<RefPtr<SourceProvider>, RefPtr<SourceProviderCache>> SourceProviderCacheMap;
SourceProviderCacheMap sourceProviderCacheMap;
Interpreter* interpreter;
