/*
* Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
* Copyright (C) 2001 Peter Kelly (pmk@post.com)
- * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2003-2009, 2012-2015 Apple Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
#include "ArrayConventions.h"
#include "ArrayStorage.h"
#include "Butterfly.h"
+#include "CallFrame.h"
#include "ClassInfo.h"
#include "CommonIdentifiers.h"
-#include "CallFrame.h"
+#include "CopyWriteBarrier.h"
+#include "CustomGetterSetter.h"
+#include "DeferGC.h"
+#include "Heap.h"
+#include "HeapInlines.h"
+#include "IndexingHeaderInlines.h"
#include "JSCell.h"
#include "PropertySlot.h"
#include "PropertyStorage.h"
#include "Structure.h"
#include "VM.h"
#include "JSString.h"
-#include "SlotVisitorInlines.h"
#include "SparseArrayValueMap.h"
#include <wtf/StdLibExtras.h>
inline JSCell* getJSFunction(JSValue value)
{
- if (value.isCell() && (value.asCell()->structure()->typeInfo().type() == JSFunctionType))
+ if (value.isCell() && (value.asCell()->type() == JSFunctionType))
return value.asCell();
return 0;
}
-JS_EXPORT_PRIVATE JSCell* getCallableObjectSlow(JSCell*);
-
-inline JSCell* getCallableObject(JSValue value)
-{
- if (!value.isCell())
- return 0;
- return getCallableObjectSlow(value.asCell());
-}
-
class GetterSetter;
-class HashEntry;
class InternalFunction;
+class JSFunction;
class LLIntOffsetsExtractor;
class MarkedBlock;
class PropertyDescriptor;
class PropertyNameArray;
class Structure;
struct HashTable;
+struct HashTableValue;
JS_EXPORT_PRIVATE JSObject* throwTypeError(ExecState*, const String&);
extern JS_EXPORTDATA const char* StrictModeReadonlyPropertyWriteError;
-// ECMA 262-3 8.6.1
-// Property attributes
-enum Attribute {
- None = 0,
- ReadOnly = 1 << 1, // property can be only read, not written
- DontEnum = 1 << 2, // property doesn't appear in (for .. in ..)
- DontDelete = 1 << 3, // property can't be deleted
- Function = 1 << 4, // property is a function - only used by static hashtables
- Accessor = 1 << 5, // property is a getter/setter
-};
-
COMPILE_ASSERT(None < FirstInternalAttribute, None_is_below_FirstInternalAttribute);
COMPILE_ASSERT(ReadOnly < FirstInternalAttribute, ReadOnly_is_below_FirstInternalAttribute);
COMPILE_ASSERT(DontEnum < FirstInternalAttribute, DontEnum_is_below_FirstInternalAttribute);
friend class JSCell;
friend class JSFinalObject;
friend class MarkedBlock;
- JS_EXPORT_PRIVATE friend bool setUpStaticFunctionSlot(ExecState*, const HashEntry*, JSObject*, PropertyName, PropertySlot&);
+ JS_EXPORT_PRIVATE friend bool setUpStaticFunctionSlot(ExecState*, const HashTableValue*, JSObject*, PropertyName, PropertySlot&);
enum PutMode {
PutModePut,
public:
typedef JSCell Base;
- static size_t allocationSize(size_t inlineCapacity)
- {
- return sizeof(JSObject) + inlineCapacity * sizeof(WriteBarrierBase<Unknown>);
- }
-
JS_EXPORT_PRIVATE static void visitChildren(JSCell*, SlotVisitor&);
- JS_EXPORT_PRIVATE static void copyBackingStore(JSCell*, CopyVisitor&);
+ JS_EXPORT_PRIVATE static void copyBackingStore(JSCell*, CopyVisitor&, CopyToken);
JS_EXPORT_PRIVATE static String className(const JSObject*);
+ JS_EXPORT_PRIVATE static String calculatedClassName(JSObject*);
JSValue prototype() const;
- void setPrototype(VM&, JSValue prototype);
- bool setPrototypeWithCycleCheck(VM&, JSValue prototype);
+ JS_EXPORT_PRIVATE void setPrototype(VM&, JSValue prototype);
+ JS_EXPORT_PRIVATE bool setPrototypeWithCycleCheck(ExecState*, JSValue prototype);
bool mayInterceptIndexedAccesses()
{
JSValue get(ExecState*, PropertyName) const;
JSValue get(ExecState*, unsigned propertyName) const;
+ bool fastGetOwnPropertySlot(ExecState*, VM&, Structure&, PropertyName, PropertySlot&);
bool getPropertySlot(ExecState*, PropertyName, PropertySlot&);
bool getPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
- JS_EXPORT_PRIVATE bool getPropertyDescriptor(ExecState*, PropertyName, PropertyDescriptor&);
- static bool getOwnPropertySlot(JSCell*, ExecState*, PropertyName, PropertySlot&);
- JS_EXPORT_PRIVATE static bool getOwnPropertySlotByIndex(JSCell*, ExecState*, unsigned propertyName, PropertySlot&);
- JS_EXPORT_PRIVATE static bool getOwnPropertyDescriptor(JSObject*, ExecState*, PropertyName, PropertyDescriptor&);
+ static bool getOwnPropertySlot(JSObject*, ExecState*, PropertyName, PropertySlot&);
+ JS_EXPORT_PRIVATE static bool getOwnPropertySlotByIndex(JSObject*, ExecState*, unsigned propertyName, PropertySlot&);
+
+ // The key difference between this and getOwnPropertySlot is that getOwnPropertySlot
+ // currently returns incorrect results for the DOM window (with non-own properties)
+ // being returned. Once this is fixed we should migrate code & remove this method.
+ JS_EXPORT_PRIVATE bool getOwnPropertyDescriptor(ExecState*, PropertyName, PropertyDescriptor&);
- bool allowsAccessFrom(ExecState*);
+ JS_EXPORT_PRIVATE bool allowsAccessFrom(ExecState*);
unsigned getArrayLength() const
{
- if (!hasIndexedProperties(structure()->indexingType()))
+ if (!hasIndexedProperties(indexingType()))
return 0;
return m_butterfly->publicLength();
}
unsigned getVectorLength()
{
- if (!hasIndexedProperties(structure()->indexingType()))
+ if (!hasIndexedProperties(indexingType()))
return 0;
return m_butterfly->vectorLength();
}
JS_EXPORT_PRIVATE static void put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&);
JS_EXPORT_PRIVATE static void putByIndex(JSCell*, ExecState*, unsigned propertyName, JSValue, bool shouldThrow);
- void putByIndexInline(ExecState* exec, unsigned propertyName, JSValue value, bool shouldThrow)
+ ALWAYS_INLINE void putByIndexInline(ExecState* exec, unsigned propertyName, JSValue value, bool shouldThrow)
{
if (canSetIndexQuickly(propertyName)) {
setIndexQuickly(exec->vm(), propertyName, value);
return;
}
- methodTable()->putByIndex(this, exec, propertyName, value, shouldThrow);
+ methodTable(exec->vm())->putByIndex(this, exec, propertyName, value, shouldThrow);
}
// This is similar to the putDirect* methods:
// A non-throwing version of putDirect and putDirectIndex.
JS_EXPORT_PRIVATE void putDirectMayBeIndex(ExecState*, PropertyName, JSValue);
+ bool hasIndexingHeader() const
+ {
+ return structure()->hasIndexingHeader(this);
+ }
+
bool canGetIndexQuickly(unsigned i)
{
- switch (structure()->indexingType()) {
+ switch (indexingType()) {
case ALL_BLANK_INDEXING_TYPES:
case ALL_UNDECIDED_INDEXING_TYPES:
return false;
JSValue getIndexQuickly(unsigned i)
{
- switch (structure()->indexingType()) {
+ switch (indexingType()) {
case ALL_INT32_INDEXING_TYPES:
+ return jsNumber(m_butterfly->contiguous()[i].get().asInt32());
case ALL_CONTIGUOUS_INDEXING_TYPES:
return m_butterfly->contiguous()[i].get();
case ALL_DOUBLE_INDEXING_TYPES:
JSValue tryGetIndexQuickly(unsigned i)
{
- switch (structure()->indexingType()) {
+ switch (indexingType()) {
case ALL_BLANK_INDEXING_TYPES:
case ALL_UNDECIDED_INDEXING_TYPES:
break;
case ALL_INT32_INDEXING_TYPES:
+ if (i < m_butterfly->publicLength()) {
+ JSValue result = m_butterfly->contiguous()[i].get();
+ ASSERT(result.isInt32() || !result);
+ return result;
+ }
+ break;
case ALL_CONTIGUOUS_INDEXING_TYPES:
if (i < m_butterfly->publicLength())
return m_butterfly->contiguous()[i].get();
if (JSValue result = tryGetIndexQuickly(i))
return result;
PropertySlot slot(this);
- if (methodTable()->getOwnPropertySlotByIndex(this, exec, i, slot))
+ if (methodTable(exec->vm())->getOwnPropertySlotByIndex(this, exec, i, slot))
return slot.getValue(exec, i);
return JSValue();
}
bool canSetIndexQuickly(unsigned i)
{
- switch (structure()->indexingType()) {
+ switch (indexingType()) {
case ALL_BLANK_INDEXING_TYPES:
case ALL_UNDECIDED_INDEXING_TYPES:
return false;
bool canSetIndexQuicklyForPutDirect(unsigned i)
{
- switch (structure()->indexingType()) {
+ switch (indexingType()) {
case ALL_BLANK_INDEXING_TYPES:
case ALL_UNDECIDED_INDEXING_TYPES:
return false;
void setIndexQuickly(VM& vm, unsigned i, JSValue v)
{
- switch (structure()->indexingType()) {
+ switch (indexingType()) {
case ALL_INT32_INDEXING_TYPES: {
ASSERT(i < m_butterfly->vectorLength());
if (!v.isInt32()) {
convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(vm, i, v);
return;
}
- // Fall through to contiguous case.
+ FALLTHROUGH;
}
case ALL_CONTIGUOUS_INDEXING_TYPES: {
ASSERT(i < m_butterfly->vectorLength());
RELEASE_ASSERT_NOT_REACHED();
}
}
-
+
void initializeIndex(VM& vm, unsigned i, JSValue v)
{
- switch (structure()->indexingType()) {
+ initializeIndex(vm, i, v, indexingType());
+ }
+
+ void initializeIndex(VM& vm, unsigned i, JSValue v, IndexingType indexingType)
+ {
+ switch (indexingType) {
case ALL_UNDECIDED_INDEXING_TYPES: {
setIndexQuicklyToUndecided(vm, i, v);
break;
convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(vm, i, v);
break;
}
- // Fall through.
+ FALLTHROUGH;
}
case ALL_CONTIGUOUS_INDEXING_TYPES: {
ASSERT(i < m_butterfly->publicLength());
bool hasSparseMap()
{
- switch (structure()->indexingType()) {
+ switch (indexingType()) {
case ALL_BLANK_INDEXING_TYPES:
case ALL_UNDECIDED_INDEXING_TYPES:
case ALL_INT32_INDEXING_TYPES:
case ALL_CONTIGUOUS_INDEXING_TYPES:
return false;
case ALL_ARRAY_STORAGE_INDEXING_TYPES:
- return m_butterfly->arrayStorage()->m_sparseMap;
+ return !!m_butterfly->arrayStorage()->m_sparseMap;
default:
RELEASE_ASSERT_NOT_REACHED();
return false;
bool inSparseIndexingMode()
{
- switch (structure()->indexingType()) {
+ switch (indexingType()) {
case ALL_BLANK_INDEXING_TYPES:
case ALL_UNDECIDED_INDEXING_TYPES:
case ALL_INT32_INDEXING_TYPES:
// - accessors are not called.
// - attributes will be respected (after the call the property will exist with the given attributes)
// - the property name is assumed to not be an index.
- JS_EXPORT_PRIVATE static void putDirectVirtual(JSObject*, ExecState*, PropertyName, JSValue, unsigned attributes);
void putDirect(VM&, PropertyName, JSValue, unsigned attributes = 0);
void putDirect(VM&, PropertyName, JSValue, PutPropertySlot&);
void putDirectWithoutTransition(VM&, PropertyName, JSValue, unsigned attributes = 0);
+ void putDirectNonIndexAccessor(VM&, PropertyName, JSValue, unsigned attributes);
void putDirectAccessor(ExecState*, PropertyName, JSValue, unsigned attributes);
+ JS_EXPORT_PRIVATE void putDirectCustomAccessor(VM&, PropertyName, JSValue, unsigned attributes);
- bool propertyIsEnumerable(ExecState*, const Identifier& propertyName) const;
+ void putGetter(ExecState*, PropertyName, JSValue);
+ void putSetter(ExecState*, PropertyName, JSValue);
JS_EXPORT_PRIVATE bool hasProperty(ExecState*, PropertyName) const;
JS_EXPORT_PRIVATE bool hasProperty(ExecState*, unsigned propertyName) const;
bool hasOwnProperty(ExecState*, PropertyName) const;
+ bool hasOwnProperty(ExecState*, unsigned) const;
JS_EXPORT_PRIVATE static bool deleteProperty(JSCell*, ExecState*, PropertyName);
JS_EXPORT_PRIVATE static bool deletePropertyByIndex(JSCell*, ExecState*, unsigned propertyName);
JS_EXPORT_PRIVATE static void getOwnNonIndexPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
JS_EXPORT_PRIVATE static void getPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
+ JS_EXPORT_PRIVATE static uint32_t getEnumerableLength(ExecState*, JSObject*);
+ JS_EXPORT_PRIVATE static void getStructurePropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
+ JS_EXPORT_PRIVATE static void getGenericPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
+
JSValue toPrimitive(ExecState*, PreferredPrimitiveType = NoPreference) const;
bool getPrimitiveNumber(ExecState*, double& number, JSValue&) const;
JS_EXPORT_PRIVATE double toNumber(ExecState*) const;
JS_EXPORT_PRIVATE JSString* toString(ExecState*) const;
- // NOTE: JSObject and its subclasses must be able to gracefully handle ExecState* = 0,
- // because this call may come from inside the compiler.
- JS_EXPORT_PRIVATE static JSObject* toThisObject(JSCell*, ExecState*);
-
- bool getPropertySpecificValue(ExecState*, PropertyName, JSCell*& specificFunction) const;
+ JS_EXPORT_PRIVATE static JSValue toThis(JSCell*, ExecState*, ECMAMode);
// This get function only looks at the property map.
JSValue getDirect(VM& vm, PropertyName propertyName) const
{
- PropertyOffset offset = structure()->get(vm, propertyName);
- checkOffset(offset, structure()->inlineCapacity());
+ Structure* structure = this->structure(vm);
+ PropertyOffset offset = structure->get(vm, propertyName);
+ checkOffset(offset, structure->inlineCapacity());
+ return offset != invalidOffset ? getDirect(offset) : JSValue();
+ }
+
+ JSValue getDirect(VM& vm, PropertyName propertyName, unsigned& attributes) const
+ {
+ Structure* structure = this->structure(vm);
+ PropertyOffset offset = structure->get(vm, propertyName, attributes);
+ checkOffset(offset, structure->inlineCapacity());
return offset != invalidOffset ? getDirect(offset) : JSValue();
}
PropertyOffset getDirectOffset(VM& vm, PropertyName propertyName)
{
- PropertyOffset offset = structure()->get(vm, propertyName);
- checkOffset(offset, structure()->inlineCapacity());
+ Structure* structure = this->structure(vm);
+ PropertyOffset offset = structure->get(vm, propertyName);
+ checkOffset(offset, structure->inlineCapacity());
+ return offset;
+ }
+
+ PropertyOffset getDirectOffset(VM& vm, PropertyName propertyName, unsigned& attributes)
+ {
+ Structure* structure = this->structure(vm);
+ PropertyOffset offset = structure->get(vm, propertyName, attributes);
+ checkOffset(offset, structure->inlineCapacity());
return offset;
}
return inlineStorageUnsafe();
}
- const Butterfly* butterfly() const { return m_butterfly; }
- Butterfly* butterfly() { return m_butterfly; }
+ const Butterfly* butterfly() const { return m_butterfly.get(); }
+ Butterfly* butterfly() { return m_butterfly.get(); }
ConstPropertyStorage outOfLineStorage() const { return m_butterfly->propertyStorage(); }
PropertyStorage outOfLineStorage() { return m_butterfly->propertyStorage(); }
void transitionTo(VM&, Structure*);
- bool removeDirect(VM&, PropertyName); // Return true if anything is removed.
+ JS_EXPORT_PRIVATE bool removeDirect(VM&, PropertyName); // Return true if anything is removed.
bool hasCustomProperties() { return structure()->didTransition(); }
bool hasGetterSetterProperties() { return structure()->hasGetterSetterProperties(); }
+ bool hasCustomGetterSetterProperties() { return structure()->hasCustomGetterSetterProperties(); }
// putOwnDataProperty has 'put' like semantics, however this method:
// - assumes the object contains no own getter/setter properties.
// - provides no special handling for __proto__
// - does not walk the prototype chain (to check for accessors or non-writable properties).
- // This is used by JSActivation.
+ // This is used by JSLexicalEnvironment.
bool putOwnDataProperty(VM&, PropertyName, JSValue, PutPropertySlot&);
// Fast access to known property offsets.
void putDirect(VM& vm, PropertyOffset offset, JSValue value) { locationForOffset(offset)->set(vm, this, value); }
void putDirectUndefined(PropertyOffset offset) { locationForOffset(offset)->setUndefined(); }
- void putDirectNativeFunction(ExecState*, JSGlobalObject*, const PropertyName&, unsigned functionLength, NativeFunction, Intrinsic, unsigned attributes);
+ JS_EXPORT_PRIVATE void putDirectNativeFunction(VM&, JSGlobalObject*, const PropertyName&, unsigned functionLength, NativeFunction, Intrinsic, unsigned attributes);
+ JS_EXPORT_PRIVATE JSFunction* putDirectBuiltinFunction(VM&, JSGlobalObject*, const PropertyName&, FunctionExecutable*, unsigned attributes);
+ JSFunction* putDirectBuiltinFunctionWithoutTransition(VM&, JSGlobalObject*, const PropertyName&, FunctionExecutable*, unsigned attributes);
+ JS_EXPORT_PRIVATE void putDirectNativeFunctionWithoutTransition(VM&, JSGlobalObject*, const PropertyName&, unsigned functionLength, NativeFunction, Intrinsic, unsigned attributes);
- JS_EXPORT_PRIVATE static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, PropertyDescriptor&, bool shouldThrow);
+ JS_EXPORT_PRIVATE static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, const PropertyDescriptor&, bool shouldThrow);
bool isGlobalObject() const;
bool isVariableObject() const;
bool isStaticScopeObject() const;
bool isNameScopeObject() const;
+ bool isCatchScopeObject() const;
+ bool isFunctionNameScopeObject() const;
bool isActivationObject() const;
bool isErrorInstance() const;
+ bool isWithScope() const;
- void seal(VM&);
- void freeze(VM&);
+ JS_EXPORT_PRIVATE void seal(VM&);
+ JS_EXPORT_PRIVATE void freeze(VM&);
JS_EXPORT_PRIVATE void preventExtensions(VM&);
- bool isSealed(VM& vm) { return structure()->isSealed(vm); }
- bool isFrozen(VM& vm) { return structure()->isFrozen(vm); }
+ bool isSealed(VM& vm) { return structure(vm)->isSealed(vm); }
+ bool isFrozen(VM& vm) { return structure(vm)->isFrozen(vm); }
bool isExtensible() { return structure()->isExtensible(); }
bool indexingShouldBeSparse()
{
void reifyStaticFunctionsForDelete(ExecState* exec);
JS_EXPORT_PRIVATE Butterfly* growOutOfLineStorage(VM&, size_t oldSize, size_t newSize);
- void setButterfly(VM&, Butterfly*, Structure*);
- void setButterflyWithoutChangingStructure(Butterfly*); // You probably don't want to call this.
+ void setButterflyWithoutChangingStructure(VM&, Butterfly*);
- void setStructure(VM&, Structure*, Butterfly* = 0);
+ void setStructure(VM&, Structure*);
+ void setStructureAndButterfly(VM&, Structure*, Butterfly*);
void setStructureAndReallocateStorageIfNecessary(VM&, unsigned oldCapacity, Structure*);
void setStructureAndReallocateStorageIfNecessary(VM&, Structure*);
+ void convertToDictionary(VM& vm)
+ {
+ setStructure(vm, Structure::toCacheableDictionaryTransition(vm, structure(vm)));
+ }
+
void flattenDictionaryObject(VM& vm)
{
- structure()->flattenDictionaryStructure(vm, this);
+ structure(vm)->flattenDictionaryStructure(vm, this);
}
+ void shiftButterflyAfterFlattening(VM&, size_t outOfLineCapacityBefore, size_t outOfLineCapacityAfter);
JSGlobalObject* globalObject() const
{
// contiguous, array storage).
ContiguousJSValues ensureInt32(VM& vm)
{
- if (LIKELY(hasInt32(structure()->indexingType())))
+ if (LIKELY(hasInt32(indexingType())))
return m_butterfly->contiguousInt32();
return ensureInt32Slow(vm);
// or array storage).
ContiguousDoubles ensureDouble(VM& vm)
{
- if (LIKELY(hasDouble(structure()->indexingType())))
+ if (LIKELY(hasDouble(indexingType())))
return m_butterfly->contiguousDouble();
return ensureDoubleSlow(vm);
// indexing should be sparse or because we're having a bad time.
ContiguousJSValues ensureContiguous(VM& vm)
{
- if (LIKELY(hasContiguous(structure()->indexingType())))
+ if (LIKELY(hasContiguous(indexingType())))
return m_butterfly->contiguous();
return ensureContiguousSlow(vm);
}
-
- // Same as ensureContiguous(), except that if the indexed storage is in
- // double mode, then it does a rage conversion to contiguous: it
- // attempts to convert each double to an int32.
- ContiguousJSValues rageEnsureContiguous(VM& vm)
- {
- if (LIKELY(hasContiguous(structure()->indexingType())))
- return m_butterfly->contiguous();
-
- return rageEnsureContiguousSlow(vm);
- }
-
+
// Ensure that the object is in a mode where it has array storage. Use
// this if you're about to perform actions that would have required the
// object to be converted to have array storage, if it didn't have it
// already.
ArrayStorage* ensureArrayStorage(VM& vm)
{
- if (LIKELY(hasArrayStorage(structure()->indexingType())))
+ if (LIKELY(hasAnyArrayStorage(indexingType())))
return m_butterfly->arrayStorage();
-
+
return ensureArrayStorageSlow(vm);
}
return &m_butterfly;
}
- static JS_EXPORTDATA const ClassInfo s_info;
+ DECLARE_EXPORT_INFO;
protected:
void finishCreation(VM& vm)
{
Base::finishCreation(vm);
- ASSERT(inherits(&s_info));
- ASSERT(!structure()->outOfLineCapacity());
- ASSERT(structure()->isEmpty());
+ ASSERT(inherits(info()));
ASSERT(prototype().isNull() || Heap::heap(this) == Heap::heap(prototype()));
ASSERT(structure()->isObject());
ASSERT(classInfo());
static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
{
- return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), &s_info);
+ return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
}
// To instantiate objects you likely want JSFinalObject, below.
// storage. This will assert otherwise.
ArrayStorage* arrayStorage()
{
- ASSERT(hasArrayStorage(structure()->indexingType()));
+ ASSERT(hasAnyArrayStorage(indexingType()));
return m_butterfly->arrayStorage();
}
// object is in a mode where it has array storage.
ArrayStorage* arrayStorageOrNull()
{
- switch (structure()->indexingType()) {
+ switch (indexingType()) {
case ALL_ARRAY_STORAGE_INDEXING_TYPES:
return m_butterfly->arrayStorage();
}
}
+ size_t butterflyTotalSize();
+ size_t butterflyPreCapacity();
+
Butterfly* createInitialUndecided(VM&, unsigned length);
ContiguousJSValues createInitialInt32(VM&, unsigned length);
ContiguousDoubles createInitialDouble(VM&, unsigned length);
ContiguousJSValues createInitialContiguous(VM&, unsigned length);
void convertUndecidedForValue(VM&, JSValue);
+ void createInitialForValueAndSet(VM&, unsigned index, JSValue);
void convertInt32ForValue(VM&, JSValue);
ArrayStorage* createArrayStorage(VM&, unsigned length, unsigned vectorLength);
ContiguousJSValues convertUndecidedToInt32(VM&);
ContiguousDoubles convertUndecidedToDouble(VM&);
ContiguousJSValues convertUndecidedToContiguous(VM&);
- ArrayStorage* convertUndecidedToArrayStorage(VM&, NonPropertyTransition, unsigned neededLength);
ArrayStorage* convertUndecidedToArrayStorage(VM&, NonPropertyTransition);
ArrayStorage* convertUndecidedToArrayStorage(VM&);
ContiguousDoubles convertInt32ToDouble(VM&);
ContiguousJSValues convertInt32ToContiguous(VM&);
- ArrayStorage* convertInt32ToArrayStorage(VM&, NonPropertyTransition, unsigned neededLength);
ArrayStorage* convertInt32ToArrayStorage(VM&, NonPropertyTransition);
ArrayStorage* convertInt32ToArrayStorage(VM&);
ContiguousJSValues convertDoubleToContiguous(VM&);
- ContiguousJSValues rageConvertDoubleToContiguous(VM&);
- ArrayStorage* convertDoubleToArrayStorage(VM&, NonPropertyTransition, unsigned neededLength);
ArrayStorage* convertDoubleToArrayStorage(VM&, NonPropertyTransition);
ArrayStorage* convertDoubleToArrayStorage(VM&);
- ArrayStorage* convertContiguousToArrayStorage(VM&, NonPropertyTransition, unsigned neededLength);
ArrayStorage* convertContiguousToArrayStorage(VM&, NonPropertyTransition);
ArrayStorage* convertContiguousToArrayStorage(VM&);
ArrayStorage* ensureArrayStorageExistsAndEnterDictionaryIndexingMode(VM&);
- bool defineOwnNonIndexProperty(ExecState*, PropertyName, PropertyDescriptor&, bool throwException);
+ bool defineOwnNonIndexProperty(ExecState*, PropertyName, const PropertyDescriptor&, bool throwException);
template<IndexingType indexingShape>
void putByIndexBeyondVectorLengthWithoutAttributes(ExecState*, unsigned propertyName, JSValue);
bool increaseVectorLength(VM&, unsigned newLength);
void deallocateSparseIndexMap();
- bool defineOwnIndexedProperty(ExecState*, unsigned, PropertyDescriptor&, bool throwException);
+ bool defineOwnIndexedProperty(ExecState*, unsigned, const PropertyDescriptor&, bool throwException);
SparseArrayValueMap* allocateSparseIndexMap(VM&);
void notifyPresenceOfIndexedAccessors(VM&);
void ensureLength(VM& vm, unsigned length)
{
ASSERT(length < MAX_ARRAY_INDEX);
- ASSERT(hasContiguous(structure()->indexingType()) || hasInt32(structure()->indexingType()) || hasDouble(structure()->indexingType()) || hasUndecided(structure()->indexingType()));
+ ASSERT(hasContiguous(indexingType()) || hasInt32(indexingType()) || hasDouble(indexingType()) || hasUndecided(indexingType()));
if (m_butterfly->vectorLength() < length)
ensureLengthSlow(vm, length);
m_butterfly->setPublicLength(length);
}
+ // Call this if you want to shrink the butterfly backing store, and you're
+ // sure that the array is contiguous.
+ void reallocateAndShrinkButterfly(VM&, unsigned length);
+
template<IndexingType indexingShape>
unsigned countElements(Butterfly*);
// This is relevant to undecided, int32, double, and contiguous.
unsigned countElements();
- // This strange method returns a pointer to the start of the indexed data
- // as if it contained JSValues. But it won't always contain JSValues.
- // Make sure you cast this to the appropriate type before using.
- template<IndexingType indexingType>
- ContiguousJSValues indexingData()
- {
- switch (indexingType) {
- case ALL_INT32_INDEXING_TYPES:
- case ALL_DOUBLE_INDEXING_TYPES:
- case ALL_CONTIGUOUS_INDEXING_TYPES:
- return m_butterfly->contiguous();
-
- case ALL_ARRAY_STORAGE_INDEXING_TYPES:
- return m_butterfly->arrayStorage()->vector();
-
- default:
- CRASH();
- return ContiguousJSValues();
- }
- }
-
- ContiguousJSValues currentIndexingData()
- {
- switch (structure()->indexingType()) {
- case ALL_INT32_INDEXING_TYPES:
- case ALL_CONTIGUOUS_INDEXING_TYPES:
- return m_butterfly->contiguous();
-
- case ALL_ARRAY_STORAGE_INDEXING_TYPES:
- return m_butterfly->arrayStorage()->vector();
-
- default:
- CRASH();
- return ContiguousJSValues();
- }
- }
-
- JSValue getHolyIndexQuickly(unsigned i)
- {
- ASSERT(i < m_butterfly->vectorLength());
- switch (structure()->indexingType()) {
- case ALL_INT32_INDEXING_TYPES:
- case ALL_CONTIGUOUS_INDEXING_TYPES:
- return m_butterfly->contiguous()[i].get();
- case ALL_DOUBLE_INDEXING_TYPES: {
- double value = m_butterfly->contiguousDouble()[i];
- if (value == value)
- return JSValue(JSValue::EncodeAsDouble, value);
- return JSValue();
- }
- case ALL_ARRAY_STORAGE_INDEXING_TYPES:
- return m_butterfly->arrayStorage()->m_vector[i].get();
- default:
- CRASH();
- return JSValue();
- }
- }
-
- template<IndexingType indexingType>
- unsigned relevantLength()
- {
- switch (indexingType) {
- case ALL_INT32_INDEXING_TYPES:
- case ALL_DOUBLE_INDEXING_TYPES:
- case ALL_CONTIGUOUS_INDEXING_TYPES:
- return m_butterfly->publicLength();
-
- case ALL_ARRAY_STORAGE_INDEXING_TYPES:
- return std::min(
- m_butterfly->arrayStorage()->length(),
- m_butterfly->arrayStorage()->vectorLength());
-
- default:
- CRASH();
- return 0;
- }
- }
-
- unsigned currentRelevantLength()
- {
- switch (structure()->indexingType()) {
- case ALL_INT32_INDEXING_TYPES:
- case ALL_DOUBLE_INDEXING_TYPES:
- case ALL_CONTIGUOUS_INDEXING_TYPES:
- return m_butterfly->publicLength();
-
- case ALL_ARRAY_STORAGE_INDEXING_TYPES:
- return std::min(
- m_butterfly->arrayStorage()->length(),
- m_butterfly->arrayStorage()->vectorLength());
-
- default:
- CRASH();
- return 0;
- }
- }
-
private:
friend class LLIntOffsetsExtractor;
ArrayStorage* enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(VM&, ArrayStorage*);
template<PutMode>
- bool putDirectInternal(VM&, PropertyName, JSValue, unsigned attr, PutPropertySlot&, JSCell*);
+ bool putDirectInternal(VM&, PropertyName, JSValue, unsigned attr, PutPropertySlot&);
- bool inlineGetOwnPropertySlot(ExecState*, PropertyName, PropertySlot&);
- JS_EXPORT_PRIVATE void fillGetterPropertySlot(PropertySlot&, PropertyOffset);
+ bool inlineGetOwnPropertySlot(VM&, Structure&, PropertyName, PropertySlot&);
+ JS_EXPORT_PRIVATE void fillGetterPropertySlot(PropertySlot&, JSValue, unsigned, PropertyOffset);
+ void fillCustomGetterPropertySlot(PropertySlot&, JSValue, unsigned, Structure&);
- const HashEntry* findPropertyHashEntry(ExecState*, PropertyName) const;
+ const HashTableValue* findPropertyHashEntry(PropertyName) const;
- void putIndexedDescriptor(ExecState*, SparseArrayEntry*, PropertyDescriptor&, PropertyDescriptor& old);
+ void putIndexedDescriptor(ExecState*, SparseArrayEntry*, const PropertyDescriptor&, PropertyDescriptor& old);
void putByIndexBeyondVectorLength(ExecState*, unsigned propertyName, JSValue, bool shouldThrow);
bool putDirectIndexBeyondVectorLengthWithArrayStorage(ExecState*, unsigned propertyName, JSValue, unsigned attributes, PutDirectIndexMode, ArrayStorage*);
unsigned getNewVectorLength(unsigned currentVectorLength, unsigned currentLength, unsigned desiredLength);
unsigned getNewVectorLength(unsigned desiredLength);
- JS_EXPORT_PRIVATE bool getOwnPropertySlotSlow(ExecState*, PropertyName, PropertySlot&);
-
ArrayStorage* constructConvertedArrayStorageWithoutCopyingElements(VM&, unsigned neededLength);
JS_EXPORT_PRIVATE void setIndexQuicklyToUndecided(VM&, unsigned index, JSValue);
ContiguousJSValues ensureInt32Slow(VM&);
ContiguousDoubles ensureDoubleSlow(VM&);
ContiguousJSValues ensureContiguousSlow(VM&);
- ContiguousJSValues rageEnsureContiguousSlow(VM&);
- ArrayStorage* ensureArrayStorageSlow(VM&);
-
- enum DoubleToContiguousMode { EncodeValueAsDouble, RageConvertDoubleToValue };
- template<DoubleToContiguousMode mode>
- ContiguousJSValues genericConvertDoubleToContiguous(VM&);
- ContiguousJSValues ensureContiguousSlow(VM&, DoubleToContiguousMode);
-
+ JS_EXPORT_PRIVATE ArrayStorage* ensureArrayStorageSlow(VM&);
+
protected:
- Butterfly* m_butterfly;
+ CopyWriteBarrier<Butterfly> m_butterfly;
+#if USE(JSVALUE32_64)
+private:
+ uint32_t m_padding;
+#endif
};
// JSNonFinalObject is a type of JSObject that has some internal storage,
static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
{
- return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), &s_info);
+ return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
}
protected:
void finishCreation(VM& vm)
{
Base::finishCreation(vm);
- ASSERT(!this->structure()->totalStorageCapacity());
+ ASSERT(!this->structure()->hasInlineStorage());
ASSERT(classInfo());
}
};
public:
typedef JSObject Base;
+ static const unsigned StructureFlags = Base::StructureFlags;
+ static size_t allocationSize(size_t inlineCapacity)
+ {
+ return sizeof(JSObject) + inlineCapacity * sizeof(WriteBarrierBase<Unknown>);
+ }
+
static const unsigned defaultSize = 64;
static inline unsigned defaultInlineCapacity()
{
return (maxSize - allocationSize(0)) / sizeof(WriteBarrier<Unknown>);
}
- static JSFinalObject* create(ExecState*, Structure*);
+ static JSFinalObject* create(ExecState*, Structure*, Butterfly* = nullptr);
+ static JSFinalObject* create(VM&, Structure*);
static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype, unsigned inlineCapacity)
{
- return Structure::create(vm, globalObject, prototype, TypeInfo(FinalObjectType, StructureFlags), &s_info, NonArray, inlineCapacity);
+ return Structure::create(vm, globalObject, prototype, TypeInfo(FinalObjectType, StructureFlags), info(), NonArray, inlineCapacity);
}
JS_EXPORT_PRIVATE static void visitChildren(JSCell*, SlotVisitor&);
- static JS_EXPORTDATA const ClassInfo s_info;
+ DECLARE_EXPORT_INFO;
protected:
void visitChildrenCommon(SlotVisitor&);
private:
friend class LLIntOffsetsExtractor;
- explicit JSFinalObject(VM& vm, Structure* structure)
- : JSObject(vm, structure)
+ explicit JSFinalObject(VM& vm, Structure* structure, Butterfly* butterfly = nullptr)
+ : JSObject(vm, structure, butterfly)
{
}
-
- static const unsigned StructureFlags = JSObject::StructureFlags;
};
-inline JSFinalObject* JSFinalObject::create(ExecState* exec, Structure* structure)
+inline JSFinalObject* JSFinalObject::create(
+ ExecState* exec, Structure* structure, Butterfly* butterfly)
{
JSFinalObject* finalObject = new (
NotNull,
*exec->heap(),
allocationSize(structure->inlineCapacity())
)
- ) JSFinalObject(exec->vm(), structure);
+ ) JSFinalObject(exec->vm(), structure, butterfly);
finalObject->finishCreation(exec->vm());
return finalObject;
}
+inline JSFinalObject* JSFinalObject::create(VM& vm, Structure* structure)
+{
+ JSFinalObject* finalObject = new (NotNull, allocateCell<JSFinalObject>(vm.heap, allocationSize(structure->inlineCapacity()))) JSFinalObject(vm, structure);
+ finalObject->finishCreation(vm);
+ return finalObject;
+}
+
inline bool isJSFinalObject(JSCell* cell)
{
- return cell->classInfo() == &JSFinalObject::s_info;
+ return cell->classInfo() == JSFinalObject::info();
}
inline bool isJSFinalObject(JSValue value)
inline bool JSObject::isGlobalObject() const
{
- return structure()->typeInfo().type() == GlobalObjectType;
+ return type() == GlobalObjectType;
}
inline bool JSObject::isVariableObject() const
{
- return structure()->typeInfo().type() >= VariableObjectType;
+ return type() == GlobalObjectType || type() == ActivationObjectType;
}
-
inline bool JSObject::isStaticScopeObject() const
{
- JSType type = structure()->typeInfo().type();
+ JSType type = this->type();
return type == NameScopeObjectType || type == ActivationObjectType;
}
-
inline bool JSObject::isNameScopeObject() const
{
- return structure()->typeInfo().type() == NameScopeObjectType;
+ return type() == NameScopeObjectType;
}
inline bool JSObject::isActivationObject() const
{
- return structure()->typeInfo().type() == ActivationObjectType;
+ return type() == ActivationObjectType;
}
inline bool JSObject::isErrorInstance() const
{
- return structure()->typeInfo().type() == ErrorInstanceType;
+ return type() == ErrorInstanceType;
+}
+
+inline bool JSObject::isWithScope() const
+{
+ return type() == WithScopeType;
+}
+
+inline void JSObject::setStructureAndButterfly(VM& vm, Structure* structure, Butterfly* butterfly)
+{
+ ASSERT(structure);
+ ASSERT(!butterfly == (!structure->outOfLineCapacity() && !structure->hasIndexingHeader(this)));
+ m_butterfly.set(vm, this, butterfly);
+ setStructure(vm, structure);
}
-inline void JSObject::setButterfly(VM& vm, Butterfly* butterfly, Structure* structure)
+inline void JSObject::setStructure(VM& vm, Structure* structure)
{
ASSERT(structure);
- ASSERT(!butterfly == (!structure->outOfLineCapacity() && !hasIndexingHeader(structure->indexingType())));
- setStructure(vm, structure, butterfly);
- m_butterfly = butterfly;
+ ASSERT(!m_butterfly == !(structure->outOfLineCapacity() || structure->hasIndexingHeader(this)));
+ JSCell::setStructure(vm, structure);
}
-inline void JSObject::setButterflyWithoutChangingStructure(Butterfly* butterfly)
+inline void JSObject::setButterflyWithoutChangingStructure(VM& vm, Butterfly* butterfly)
{
- m_butterfly = butterfly;
+ m_butterfly.set(vm, this, butterfly);
}
inline CallType getCallData(JSValue value, CallData& callData)
inline JSObject::JSObject(VM& vm, Structure* structure, Butterfly* butterfly)
: JSCell(vm, structure)
- , m_butterfly(butterfly)
+ , m_butterfly(vm, this, butterfly)
{
+ vm.heap.ascribeOwner(this, butterfly);
}
inline JSValue JSObject::prototype() const
return structure()->storedPrototype();
}
-ALWAYS_INLINE bool JSObject::inlineGetOwnPropertySlot(ExecState* exec, PropertyName propertyName, PropertySlot& slot)
+ALWAYS_INLINE bool JSObject::inlineGetOwnPropertySlot(VM& vm, Structure& structure, PropertyName propertyName, PropertySlot& slot)
{
- PropertyOffset offset = structure()->get(exec->vm(), propertyName);
- if (LIKELY(isValidOffset(offset))) {
- JSValue value = getDirect(offset);
- if (structure()->hasGetterSetterProperties() && value.isGetterSetter())
- fillGetterPropertySlot(slot, offset);
- else
- slot.setValue(this, value, offset);
- return true;
- }
+ unsigned attributes;
+ PropertyOffset offset = structure.get(vm, propertyName, attributes);
+ if (!isValidOffset(offset))
+ return false;
+
+ JSValue value = getDirect(offset);
+ if (structure.hasGetterSetterProperties() && value.isGetterSetter())
+ fillGetterPropertySlot(slot, value, attributes, offset);
+ else if (structure.hasCustomGetterSetterProperties() && value.isCustomGetterSetter())
+ fillCustomGetterPropertySlot(slot, value, attributes, structure);
+ else
+ slot.setValue(this, attributes, value, offset);
- return getOwnPropertySlotSlow(exec, propertyName, slot);
+ return true;
+}
+
+ALWAYS_INLINE void JSObject::fillCustomGetterPropertySlot(PropertySlot& slot, JSValue customGetterSetter, unsigned attributes, Structure& structure)
+{
+ if (structure.isDictionary()) {
+ slot.setCustom(this, attributes, jsCast<CustomGetterSetter*>(customGetterSetter)->getter());
+ return;
+ }
+ slot.setCacheableCustom(this, attributes, jsCast<CustomGetterSetter*>(customGetterSetter)->getter());
}
// It may seem crazy to inline a function this large, especially a virtual function,
// but it makes a big difference to property lookup that derived classes can inline their
// base class call to this.
-ALWAYS_INLINE bool JSObject::getOwnPropertySlot(JSCell* cell, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
+ALWAYS_INLINE bool JSObject::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
{
- return jsCast<JSObject*>(cell)->inlineGetOwnPropertySlot(exec, propertyName, slot);
+ VM& vm = exec->vm();
+ Structure& structure = *object->structure(vm);
+ if (object->inlineGetOwnPropertySlot(vm, structure, propertyName, slot))
+ return true;
+ if (Optional<uint32_t> index = parseIndex(propertyName))
+ return getOwnPropertySlotByIndex(object, exec, index.value(), slot);
+ return false;
+}
+
+ALWAYS_INLINE bool JSObject::fastGetOwnPropertySlot(ExecState* exec, VM& vm, Structure& structure, PropertyName propertyName, PropertySlot& slot)
+{
+ if (LIKELY(!TypeInfo::overridesGetOwnPropertySlot(inlineTypeFlags())))
+ return inlineGetOwnPropertySlot(vm, structure, propertyName, slot);
+ return structure.classInfo()->methodTable.getOwnPropertySlot(this, exec, propertyName, slot);
}
// It may seem crazy to inline a function this large but it makes a big difference
// since this is function very hot in variable lookup
ALWAYS_INLINE bool JSObject::getPropertySlot(ExecState* exec, PropertyName propertyName, PropertySlot& slot)
{
+ VM& vm = exec->vm();
+ auto& structureIDTable = vm.heap.structureIDTable();
JSObject* object = this;
while (true) {
- if (object->fastGetOwnPropertySlot(exec, propertyName, slot))
+ Structure& structure = *structureIDTable.get(object->structureID());
+ if (object->fastGetOwnPropertySlot(exec, vm, structure, propertyName, slot))
return true;
- JSValue prototype = object->prototype();
+ JSValue prototype = structure.storedPrototype();
if (!prototype.isObject())
- return false;
+ break;
object = asObject(prototype);
}
+
+ if (Optional<uint32_t> index = parseIndex(propertyName))
+ return getPropertySlot(exec, index.value(), slot);
+ return false;
}
ALWAYS_INLINE bool JSObject::getPropertySlot(ExecState* exec, unsigned propertyName, PropertySlot& slot)
{
+ VM& vm = exec->vm();
+ auto& structureIDTable = vm.heap.structureIDTable();
JSObject* object = this;
while (true) {
- if (object->methodTable()->getOwnPropertySlotByIndex(object, exec, propertyName, slot))
+ Structure& structure = *structureIDTable.get(object->structureID());
+ if (structure.classInfo()->methodTable.getOwnPropertySlotByIndex(object, exec, propertyName, slot))
return true;
- JSValue prototype = object->prototype();
+ JSValue prototype = structure.storedPrototype();
if (!prototype.isObject())
return false;
object = asObject(prototype);
}
template<JSObject::PutMode mode>
-inline bool JSObject::putDirectInternal(VM& vm, PropertyName propertyName, JSValue value, unsigned attributes, PutPropertySlot& slot, JSCell* specificFunction)
+inline bool JSObject::putDirectInternal(VM& vm, PropertyName propertyName, JSValue value, unsigned attributes, PutPropertySlot& slot)
{
ASSERT(value);
ASSERT(value.isGetterSetter() == !!(attributes & Accessor));
ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
- ASSERT(propertyName.asIndex() == PropertyName::NotAnIndex);
+ ASSERT(!parseIndex(propertyName));
- if (structure()->isDictionary()) {
+ Structure* structure = this->structure(vm);
+ if (structure->isDictionary()) {
unsigned currentAttributes;
- JSCell* currentSpecificFunction;
- PropertyOffset offset = structure()->get(vm, propertyName, currentAttributes, currentSpecificFunction);
+ PropertyOffset offset = structure->get(vm, propertyName, currentAttributes);
if (offset != invalidOffset) {
- // If there is currently a specific function, and there now either isn't,
- // or the new value is different, then despecify.
- if (currentSpecificFunction && (specificFunction != currentSpecificFunction))
- structure()->despecifyDictionaryFunction(vm, propertyName);
if ((mode == PutModePut) && currentAttributes & ReadOnly)
return false;
putDirect(vm, offset, value);
- // At this point, the objects structure only has a specific value set if previously there
- // had been one set, and if the new value being specified is the same (otherwise we would
- // have despecified, above). So, if currentSpecificFunction is not set, or if the new
- // value is different (or there is no new value), then the slot now has no value - and
- // as such it is cachable.
- // If there was previously a value, and the new value is the same, then we cannot cache.
- if (!currentSpecificFunction || (specificFunction != currentSpecificFunction))
- slot.setExistingProperty(this, offset);
+ structure->didReplaceProperty(offset);
+ slot.setExistingProperty(this, offset);
+
+ if ((attributes & Accessor) != (currentAttributes & Accessor)) {
+ ASSERT(!(attributes & ReadOnly));
+ setStructure(vm, Structure::attributeChangeTransition(vm, structure, propertyName, attributes));
+ }
return true;
}
if ((mode == PutModePut) && !isExtensible())
return false;
- Butterfly* newButterfly = m_butterfly;
- if (structure()->putWillGrowOutOfLineStorage())
- newButterfly = growOutOfLineStorage(vm, structure()->outOfLineCapacity(), structure()->suggestedNewOutOfLineStorageCapacity());
- offset = structure()->addPropertyWithoutTransition(vm, propertyName, attributes, specificFunction);
- setButterfly(vm, newButterfly, structure());
+ DeferGC deferGC(vm.heap);
+ Butterfly* newButterfly = butterfly();
+ if (this->structure()->putWillGrowOutOfLineStorage())
+ newButterfly = growOutOfLineStorage(vm, this->structure()->outOfLineCapacity(), this->structure()->suggestedNewOutOfLineStorageCapacity());
+ offset = this->structure()->addPropertyWithoutTransition(vm, propertyName, attributes);
+ setStructureAndButterfly(vm, this->structure(), newButterfly);
validateOffset(offset);
- ASSERT(structure()->isValidOffset(offset));
+ ASSERT(this->structure()->isValidOffset(offset));
putDirect(vm, offset, value);
- // See comment on setNewProperty call below.
- if (!specificFunction)
- slot.setNewProperty(this, offset);
+ slot.setNewProperty(this, offset);
if (attributes & ReadOnly)
- structure()->setContainsReadOnlyProperties();
+ this->structure()->setContainsReadOnlyProperties();
return true;
}
PropertyOffset offset;
- size_t currentCapacity = structure()->outOfLineCapacity();
- if (Structure* structure = Structure::addPropertyTransitionToExistingStructure(this->structure(), propertyName, attributes, specificFunction, offset)) {
- Butterfly* newButterfly = m_butterfly;
- if (currentCapacity != structure->outOfLineCapacity())
+ size_t currentCapacity = this->structure()->outOfLineCapacity();
+ if (Structure* structure = Structure::addPropertyTransitionToExistingStructure(this->structure(), propertyName, attributes, offset)) {
+ DeferGC deferGC(vm.heap);
+ Butterfly* newButterfly = butterfly();
+ if (currentCapacity != structure->outOfLineCapacity()) {
+ ASSERT(structure != this->structure());
newButterfly = growOutOfLineStorage(vm, currentCapacity, structure->outOfLineCapacity());
+ }
validateOffset(offset);
ASSERT(structure->isValidOffset(offset));
- setButterfly(vm, newButterfly, structure);
+ setStructureAndButterfly(vm, structure, newButterfly);
putDirect(vm, offset, value);
- // This is a new property; transitions with specific values are not currently cachable,
- // so leave the slot in an uncachable state.
- if (!specificFunction)
- slot.setNewProperty(this, offset);
+ slot.setNewProperty(this, offset);
return true;
}
unsigned currentAttributes;
- JSCell* currentSpecificFunction;
- offset = structure()->get(vm, propertyName, currentAttributes, currentSpecificFunction);
+ offset = structure->get(vm, propertyName, currentAttributes);
if (offset != invalidOffset) {
if ((mode == PutModePut) && currentAttributes & ReadOnly)
return false;
- // There are three possibilities here:
- // (1) There is an existing specific value set, and we're overwriting with *the same value*.
- // * Do nothing - no need to despecify, but that means we can't cache (a cached
- // put could write a different value). Leave the slot in an uncachable state.
- // (2) There is a specific value currently set, but we're writing a different value.
- // * First, we have to despecify. Having done so, this is now a regular slot
- // with no specific value, so go ahead & cache like normal.
- // (3) Normal case, there is no specific value set.
- // * Go ahead & cache like normal.
- if (currentSpecificFunction) {
- // case (1) Do the put, then return leaving the slot uncachable.
- if (specificFunction == currentSpecificFunction) {
- putDirect(vm, offset, value);
- return true;
- }
- // case (2) Despecify, fall through to (3).
- setStructure(vm, Structure::despecifyFunctionTransition(vm, structure(), propertyName), m_butterfly);
- }
-
- // case (3) set the slot, do the put, return.
+ structure->didReplaceProperty(offset);
slot.setExistingProperty(this, offset);
putDirect(vm, offset, value);
+
+ if ((attributes & Accessor) != (currentAttributes & Accessor)) {
+ ASSERT(!(attributes & ReadOnly));
+ setStructure(vm, Structure::attributeChangeTransition(vm, structure, propertyName, attributes));
+ }
return true;
}
if ((mode == PutModePut) && !isExtensible())
return false;
- Structure* structure = Structure::addPropertyTransition(vm, this->structure(), propertyName, attributes, specificFunction, offset);
+ structure = Structure::addPropertyTransition(vm, structure, propertyName, attributes, offset, slot.context());
validateOffset(offset);
ASSERT(structure->isValidOffset(offset));
setStructureAndReallocateStorageIfNecessary(vm, structure);
putDirect(vm, offset, value);
- // This is a new property; transitions with specific values are not currently cachable,
- // so leave the slot in an uncachable state.
- if (!specificFunction)
- slot.setNewProperty(this, offset);
+ slot.setNewProperty(this, offset);
if (attributes & ReadOnly)
structure->setContainsReadOnlyProperties();
return true;
}
-inline void JSObject::setStructure(VM& vm, Structure* structure, Butterfly* butterfly)
-{
- JSCell::setStructure(vm, structure);
- ASSERT_UNUSED(butterfly, !butterfly == !(structure->outOfLineCapacity() || hasIndexingHeader(structure->indexingType())));
-}
-
inline void JSObject::setStructureAndReallocateStorageIfNecessary(VM& vm, unsigned oldCapacity, Structure* newStructure)
{
ASSERT(oldCapacity <= newStructure->outOfLineCapacity());
if (oldCapacity == newStructure->outOfLineCapacity()) {
- setStructure(vm, newStructure, m_butterfly);
+ setStructure(vm, newStructure);
return;
}
-
+
+ DeferGC deferGC(vm.heap);
Butterfly* newButterfly = growOutOfLineStorage(
vm, oldCapacity, newStructure->outOfLineCapacity());
- setButterfly(vm, newButterfly, newStructure);
+ setStructureAndButterfly(vm, newStructure, newButterfly);
}
inline void JSObject::setStructureAndReallocateStorageIfNecessary(VM& vm, Structure* newStructure)
{
setStructureAndReallocateStorageIfNecessary(
- vm, structure()->outOfLineCapacity(), newStructure);
+ vm, structure(vm)->outOfLineCapacity(), newStructure);
}
inline bool JSObject::putOwnDataProperty(VM& vm, PropertyName propertyName, JSValue value, PutPropertySlot& slot)
ASSERT(value);
ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
ASSERT(!structure()->hasGetterSetterProperties());
+ ASSERT(!structure()->hasCustomGetterSetterProperties());
- return putDirectInternal<PutModePut>(vm, propertyName, value, 0, slot, getCallableObject(value));
+ return putDirectInternal<PutModePut>(vm, propertyName, value, 0, slot);
}
inline void JSObject::putDirect(VM& vm, PropertyName propertyName, JSValue value, unsigned attributes)
{
ASSERT(!value.isGetterSetter() && !(attributes & Accessor));
- PutPropertySlot slot;
- putDirectInternal<PutModeDefineOwnProperty>(vm, propertyName, value, attributes, slot, getCallableObject(value));
+ ASSERT(!value.isCustomGetterSetter());
+ PutPropertySlot slot(this);
+ putDirectInternal<PutModeDefineOwnProperty>(vm, propertyName, value, attributes, slot);
}
inline void JSObject::putDirect(VM& vm, PropertyName propertyName, JSValue value, PutPropertySlot& slot)
{
ASSERT(!value.isGetterSetter());
- putDirectInternal<PutModeDefineOwnProperty>(vm, propertyName, value, 0, slot, getCallableObject(value));
+ ASSERT(!value.isCustomGetterSetter());
+ putDirectInternal<PutModeDefineOwnProperty>(vm, propertyName, value, 0, slot);
}
inline void JSObject::putDirectWithoutTransition(VM& vm, PropertyName propertyName, JSValue value, unsigned attributes)
{
+ DeferGC deferGC(vm.heap);
ASSERT(!value.isGetterSetter() && !(attributes & Accessor));
- Butterfly* newButterfly = m_butterfly;
+ ASSERT(!value.isCustomGetterSetter());
+ Butterfly* newButterfly = m_butterfly.get();
if (structure()->putWillGrowOutOfLineStorage())
newButterfly = growOutOfLineStorage(vm, structure()->outOfLineCapacity(), structure()->suggestedNewOutOfLineStorageCapacity());
- PropertyOffset offset = structure()->addPropertyWithoutTransition(vm, propertyName, attributes, getCallableObject(value));
- setButterfly(vm, newButterfly, structure());
+ PropertyOffset offset = structure()->addPropertyWithoutTransition(vm, propertyName, attributes);
+ setStructureAndButterfly(vm, structure(), newButterfly);
putDirect(vm, offset, value);
}
return methodTable()->defaultValue(this, exec, preferredType);
}
-ALWAYS_INLINE JSObject* Register::function() const
+ALWAYS_INLINE JSObject* Register::object() const
{
- if (!jsValue())
- return 0;
return asObject(jsValue());
}
-ALWAYS_INLINE Register Register::withCallee(JSObject* callee)
+ALWAYS_INLINE Register& Register::operator=(JSObject* object)
{
- Register r;
- r = JSValue(callee);
- return r;
+ u.value = JSValue::encode(JSValue(object));
+ return *this;
}
inline size_t offsetInButterfly(PropertyOffset offset)
return offsetInOutOfLineStorage(offset) + Butterfly::indexOfPropertyStorage();
}
+inline size_t JSObject::butterflyPreCapacity()
+{
+ if (UNLIKELY(hasIndexingHeader()))
+ return butterfly()->indexingHeader()->preCapacity(structure());
+ return 0;
+}
+
+inline size_t JSObject::butterflyTotalSize()
+{
+ Structure* structure = this->structure();
+ Butterfly* butterfly = this->butterfly();
+ size_t preCapacity;
+ size_t indexingPayloadSizeInBytes;
+ bool hasIndexingHeader = this->hasIndexingHeader();
+
+ if (UNLIKELY(hasIndexingHeader)) {
+ preCapacity = butterfly->indexingHeader()->preCapacity(structure);
+ indexingPayloadSizeInBytes = butterfly->indexingHeader()->indexingPayloadSizeInBytes(structure);
+ } else {
+ preCapacity = 0;
+ indexingPayloadSizeInBytes = 0;
+ }
+
+ return Butterfly::totalSize(preCapacity, structure->outOfLineCapacity(), hasIndexingHeader, indexingPayloadSizeInBytes);
+}
+
// Helpers for patching code where you want to emit a load or store and
// the base is:
// For inline offsets: a pointer to the out-of-line storage pointer.
COMPILE_ASSERT(!(sizeof(JSObject) % sizeof(WriteBarrierBase<Unknown>)), JSObject_inline_storage_has_correct_alignment);
-ALWAYS_INLINE Identifier makeIdentifier(ExecState* exec, const char* name)
+ALWAYS_INLINE Identifier makeIdentifier(VM& vm, const char* name)
{
- return Identifier(exec, name);
+ return Identifier::fromString(&vm, name);
}
-ALWAYS_INLINE Identifier makeIdentifier(ExecState*, const Identifier& name)
+ALWAYS_INLINE Identifier makeIdentifier(VM&, const Identifier& name)
{
return name;
}
// have the expected meanings.
#define JSC_NATIVE_INTRINSIC_FUNCTION(jsName, cppName, attributes, length, intrinsic) \
putDirectNativeFunction(\
- exec, globalObject, makeIdentifier(exec, (jsName)), (length), cppName, \
+ vm, globalObject, makeIdentifier(vm, (jsName)), (length), cppName, \
(intrinsic), (attributes))
// As above, but this assumes that the function you're defining doesn't have an
#define JSC_NATIVE_FUNCTION(jsName, cppName, attributes, length) \
JSC_NATIVE_INTRINSIC_FUNCTION(jsName, cppName, (attributes), (length), NoIntrinsic)
+// Identical helpers but for builtins. Note that currently, we don't support builtins that are
+// also intrinsics, but we probably will do that eventually.
+#define JSC_BUILTIN_FUNCTION(jsName, generatorName, attributes) \
+ putDirectBuiltinFunction(\
+ vm, globalObject, makeIdentifier(vm, (jsName)), (generatorName)(vm), (attributes))
+
} // namespace JSC
#endif // JSObject_h
projects / apple / javascriptcore.git / blobdiff