X-Git-Url: https://git.saurik.com/apple/javascriptcore.git/blobdiff_plain/4e4e5a6f2694187498445a6ac6f1634ce8141119..ed1e77d3adeb83d26fd1dfb16dd84cabdcefd250:/runtime/Structure.h diff --git a/runtime/Structure.h b/runtime/Structure.h index 968443a..25a97fe 100644 --- a/runtime/Structure.h +++ b/runtime/Structure.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008, 2009 Apple Inc. All rights reserved. + * Copyright (C) 2008, 2009, 2012, 2013, 2014 Apple Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -10,10 +10,10 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR @@ -26,270 +26,597 @@ #ifndef Structure_h #define Structure_h -#include "Identifier.h" +#include "ClassInfo.h" +#include "ConcurrentJITLock.h" +#include "IndexingType.h" +#include "JSCJSValue.h" +#include "JSCell.h" #include "JSType.h" -#include "JSValue.h" -#include "PropertyMapHashTable.h" +#include "PropertyName.h" #include "PropertyNameArray.h" +#include "PropertyOffset.h" #include "Protect.h" -#include "StructureChain.h" +#include "PutPropertySlot.h" +#include "StructureIDBlob.h" +#include "StructureRareData.h" #include "StructureTransitionTable.h" #include "JSTypeInfo.h" -#include "UString.h" -#include "WeakGCPtr.h" +#include "Watchpoint.h" +#include "Weak.h" +#include "WriteBarrierInlines.h" +#include #include +#include #include -#ifndef NDEBUG -#define DUMP_PROPERTYMAP_STATS 0 -#else -#define DUMP_PROPERTYMAP_STATS 0 -#endif +namespace WTF { + +class UniquedStringImpl; + +} // namespace WTF namespace JSC { - class MarkStack; - class PropertyNameArray; - class PropertyNameArrayData; - - enum EnumerationMode { - ExcludeDontEnumProperties, - IncludeDontEnumProperties - }; - - class Structure : public RefCounted { - public: - friend class JIT; - friend class StructureTransitionTable; - static PassRefPtr create(JSValue prototype, const TypeInfo& typeInfo, unsigned anonymousSlotCount) - { - return adoptRef(new Structure(prototype, typeInfo, anonymousSlotCount)); - } +class DeferGC; +class LLIntOffsetsExtractor; +class PropertyNameArray; +class PropertyNameArrayData; +class PropertyTable; +class StructureChain; +class StructureShape; +class SlotVisitor; +class JSString; +struct DumpContext; + +// The out-of-line property storage capacity to use when first allocating out-of-line +// storage. Note that all objects start out without having any out-of-line storage; +// this comes into play only on the first property store that exhausts inline storage. +static const unsigned initialOutOfLineCapacity = 4; + +// The factor by which to grow out-of-line storage when it is exhausted, after the +// initial allocation. +static const unsigned outOfLineGrowthFactor = 2; + +struct PropertyMapEntry { + UniquedStringImpl* key; + PropertyOffset offset; + unsigned attributes; + + PropertyMapEntry() + : key(nullptr) + , offset(invalidOffset) + , attributes(0) + { + } + + PropertyMapEntry(UniquedStringImpl* key, PropertyOffset offset, unsigned attributes) + : key(key) + , offset(offset) + , attributes(attributes) + { + } +}; - static void startIgnoringLeaks(); - static void stopIgnoringLeaks(); +class Structure final : public JSCell { +public: + friend class StructureTransitionTable; - static void dumpStatistics(); + typedef JSCell Base; + static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; + + static Structure* create(VM&, JSGlobalObject*, JSValue prototype, const TypeInfo&, const ClassInfo*, IndexingType = NonArray, unsigned inlineCapacity = 0); - static PassRefPtr addPropertyTransition(Structure*, const Identifier& propertyName, unsigned attributes, JSCell* specificValue, size_t& offset); - static PassRefPtr addPropertyTransitionToExistingStructure(Structure*, const Identifier& propertyName, unsigned attributes, JSCell* specificValue, size_t& offset); - static PassRefPtr removePropertyTransition(Structure*, const Identifier& propertyName, size_t& offset); - static PassRefPtr changePrototypeTransition(Structure*, JSValue prototype); - static PassRefPtr despecifyFunctionTransition(Structure*, const Identifier&); - static PassRefPtr getterSetterTransition(Structure*); - static PassRefPtr toCacheableDictionaryTransition(Structure*); - static PassRefPtr toUncacheableDictionaryTransition(Structure*); + ~Structure(); - PassRefPtr flattenDictionaryStructure(JSObject*); +protected: + void finishCreation(VM& vm) + { + Base::finishCreation(vm); + ASSERT(m_prototype); + ASSERT(m_prototype.isObject() || m_prototype.isNull()); + } - ~Structure(); + void finishCreation(VM& vm, CreatingEarlyCellTag) + { + Base::finishCreation(vm, this, CreatingEarlyCell); + ASSERT(m_prototype); + ASSERT(m_prototype.isNull()); + ASSERT(!vm.structureStructure); + } - // These should be used with caution. - size_t addPropertyWithoutTransition(const Identifier& propertyName, unsigned attributes, JSCell* specificValue); - size_t removePropertyWithoutTransition(const Identifier& propertyName); - void setPrototypeWithoutTransition(JSValue prototype) { m_prototype = prototype; } +public: + StructureID id() const { return m_blob.structureID(); } + int32_t objectInitializationBlob() const { return m_blob.blobExcludingStructureID(); } + int64_t idBlob() const { return m_blob.blob(); } + + bool isProxy() const + { + JSType type = m_blob.type(); + return type == ImpureProxyType || type == PureForwardingProxyType; + } + + static void dumpStatistics(); + + JS_EXPORT_PRIVATE static Structure* addPropertyTransition(VM&, Structure*, PropertyName, unsigned attributes, PropertyOffset&, PutPropertySlot::Context = PutPropertySlot::UnknownContext); + static Structure* addPropertyTransitionToExistingStructureConcurrently(Structure*, UniquedStringImpl* uid, unsigned attributes, PropertyOffset&); + JS_EXPORT_PRIVATE static Structure* addPropertyTransitionToExistingStructure(Structure*, PropertyName, unsigned attributes, PropertyOffset&); + static Structure* removePropertyTransition(VM&, Structure*, PropertyName, PropertyOffset&); + JS_EXPORT_PRIVATE static Structure* changePrototypeTransition(VM&, Structure*, JSValue prototype); + JS_EXPORT_PRIVATE static Structure* attributeChangeTransition(VM&, Structure*, PropertyName, unsigned attributes); + JS_EXPORT_PRIVATE static Structure* toCacheableDictionaryTransition(VM&, Structure*); + static Structure* toUncacheableDictionaryTransition(VM&, Structure*); + JS_EXPORT_PRIVATE static Structure* sealTransition(VM&, Structure*); + JS_EXPORT_PRIVATE static Structure* freezeTransition(VM&, Structure*); + static Structure* preventExtensionsTransition(VM&, Structure*); + JS_EXPORT_PRIVATE static Structure* nonPropertyTransition(VM&, Structure*, NonPropertyTransition); + + JS_EXPORT_PRIVATE bool isSealed(VM&); + JS_EXPORT_PRIVATE bool isFrozen(VM&); + bool isExtensible() const { return !preventExtensions(); } + bool putWillGrowOutOfLineStorage(); + size_t suggestedNewOutOfLineStorageCapacity(); + + JS_EXPORT_PRIVATE Structure* flattenDictionaryStructure(VM&, JSObject*); + + static const bool needsDestruction = true; + static void destroy(JSCell*); + + // These should be used with caution. + JS_EXPORT_PRIVATE PropertyOffset addPropertyWithoutTransition(VM&, PropertyName, unsigned attributes); + PropertyOffset removePropertyWithoutTransition(VM&, PropertyName); + void setPrototypeWithoutTransition(VM& vm, JSValue prototype) { m_prototype.set(vm, this, prototype); } - bool isDictionary() const { return m_dictionaryKind != NoneDictionaryKind; } - bool isUncacheableDictionary() const { return m_dictionaryKind == UncachedDictionaryKind; } + bool isDictionary() const { return dictionaryKind() != NoneDictionaryKind; } + bool isUncacheableDictionary() const { return dictionaryKind() == UncachedDictionaryKind; } + + bool propertyAccessesAreCacheable() { return dictionaryKind() != UncachedDictionaryKind && !typeInfo().prohibitsPropertyCaching(); } + + // We use SlowPath in GetByIdStatus for structures that may get new impure properties later to prevent + // DFG from inlining property accesses since structures don't transition when a new impure property appears. + bool takesSlowPathInDFGForImpureProperty() + { + return typeInfo().hasImpureGetOwnPropertySlot(); + } - const TypeInfo& typeInfo() const { return m_typeInfo; } + // Type accessors. + TypeInfo typeInfo() const { ASSERT(structure()->classInfo() == info()); return m_blob.typeInfo(m_outOfLineTypeFlags); } + bool isObject() const { return typeInfo().isObject(); } - JSValue storedPrototype() const { return m_prototype; } - JSValue prototypeForLookup(ExecState*) const; - StructureChain* prototypeChain(ExecState*) const; + IndexingType indexingType() const { return m_blob.indexingType() & AllArrayTypes; } + IndexingType indexingTypeIncludingHistory() const { return m_blob.indexingType(); } + + bool mayInterceptIndexedAccesses() const + { + return !!(indexingTypeIncludingHistory() & MayHaveIndexedAccessors); + } + + bool anyObjectInChainMayInterceptIndexedAccesses() const; + bool holesMustForwardToPrototype(VM&) const; + + bool needsSlowPutIndexing() const; + NonPropertyTransition suggestedArrayStorageTransition() const; + + JSGlobalObject* globalObject() const { return m_globalObject.get(); } + void setGlobalObject(VM& vm, JSGlobalObject* globalObject) { m_globalObject.set(vm, this, globalObject); } + + JSValue storedPrototype() const { return m_prototype.get(); } + JSObject* storedPrototypeObject() const; + Structure* storedPrototypeStructure() const; + JSValue prototypeForLookup(ExecState*) const; + JSValue prototypeForLookup(JSGlobalObject*) const; + JSValue prototypeForLookup(CodeBlock*) const; + StructureChain* prototypeChain(VM&, JSGlobalObject*) const; + StructureChain* prototypeChain(ExecState*) const; + static void visitChildren(JSCell*, SlotVisitor&); + + // Will just the prototype chain intercept this property access? + bool prototypeChainMayInterceptStoreTo(VM&, PropertyName); + + Structure* previousID() const + { + ASSERT(structure()->classInfo() == info()); + if (hasRareData()) + return rareData()->previousID(); + return previous(); + } + bool transitivelyTransitionedFrom(Structure* structureToFind); - Structure* previousID() const { return m_previous.get(); } + unsigned outOfLineCapacity() const + { + ASSERT(checkOffsetConsistency()); + + unsigned outOfLineSize = this->outOfLineSize(); - void growPropertyStorageCapacity(); - unsigned propertyStorageCapacity() const { return m_propertyStorageCapacity; } - unsigned propertyStorageSize() const { return m_anonymousSlotCount + (m_propertyTable ? m_propertyTable->keyCount + (m_propertyTable->deletedOffsets ? m_propertyTable->deletedOffsets->size() : 0) : static_cast(m_offset + 1)); } - bool isUsingInlineStorage() const; + if (!outOfLineSize) + return 0; - size_t get(const Identifier& propertyName); - size_t get(const UString::Rep* rep, unsigned& attributes, JSCell*& specificValue); - size_t get(const Identifier& propertyName, unsigned& attributes, JSCell*& specificValue) - { - ASSERT(!propertyName.isNull()); - return get(propertyName.ustring().rep(), attributes, specificValue); - } - bool transitionedFor(const JSCell* specificValue) - { - return m_specificValueInPrevious == specificValue; - } - bool hasTransition(UString::Rep*, unsigned attributes); - bool hasTransition(const Identifier& propertyName, unsigned attributes) - { - return hasTransition(propertyName._ustring.rep(), attributes); - } + if (outOfLineSize <= initialOutOfLineCapacity) + return initialOutOfLineCapacity; - bool hasGetterSetterProperties() const { return m_hasGetterSetterProperties; } - void setHasGetterSetterProperties(bool hasGetterSetterProperties) { m_hasGetterSetterProperties = hasGetterSetterProperties; } + ASSERT(outOfLineSize > initialOutOfLineCapacity); + COMPILE_ASSERT(outOfLineGrowthFactor == 2, outOfLineGrowthFactor_is_two); + return WTF::roundUpToPowerOfTwo(outOfLineSize); + } + unsigned outOfLineSize() const + { + ASSERT(checkOffsetConsistency()); + ASSERT(structure()->classInfo() == info()); + + return numberOfOutOfLineSlotsForLastOffset(m_offset); + } + bool hasInlineStorage() const + { + return !!m_inlineCapacity; + } + unsigned inlineCapacity() const + { + return m_inlineCapacity; + } + unsigned inlineSize() const + { + return std::min(m_offset + 1, m_inlineCapacity); + } + unsigned totalStorageSize() const + { + return numberOfSlotsForLastOffset(m_offset, m_inlineCapacity); + } + unsigned totalStorageCapacity() const + { + ASSERT(structure()->classInfo() == info()); + return outOfLineCapacity() + inlineCapacity(); + } - bool hasNonEnumerableProperties() const { return m_hasNonEnumerableProperties; } + bool isValidOffset(PropertyOffset offset) const + { + return JSC::isValidOffset(offset) + && offset <= m_offset + && (offset < m_inlineCapacity || offset >= firstOutOfLineOffset); + } + + bool couldHaveIndexingHeader() const + { + return hasIndexedProperties(indexingType()) + || isTypedView(m_classInfo->typedArrayStorageType); + } + + bool hasIndexingHeader(const JSCell*) const; + + bool masqueradesAsUndefined(JSGlobalObject* lexicalGlobalObject); - bool hasAnonymousSlots() const { return !!m_anonymousSlotCount; } - unsigned anonymousSlotCount() const { return m_anonymousSlotCount; } - - bool isEmpty() const { return m_propertyTable ? !m_propertyTable->keyCount : m_offset == noOffset; } + PropertyOffset get(VM&, PropertyName); + PropertyOffset get(VM&, PropertyName, unsigned& attributes); - void despecifyDictionaryFunction(const Identifier& propertyName); - void disableSpecificFunctionTracking() { m_specificFunctionThrashCount = maxSpecificFunctionThrashCount; } + // This is a somewhat internalish method. It will call your functor while possibly holding the + // Structure's lock. There is no guarantee whether the lock is held or not in any particular + // call. So, you have to assume the worst. Also, the functor returns true if it wishes for you + // to continue or false if it's done. + template + void forEachPropertyConcurrently(const Functor&); + + PropertyOffset getConcurrently(UniquedStringImpl* uid); + PropertyOffset getConcurrently(UniquedStringImpl* uid, unsigned& attributes); + + Vector getPropertiesConcurrently(); + + void setHasGetterSetterPropertiesWithProtoCheck(bool is__proto__) + { + setHasGetterSetterProperties(true); + if (!is__proto__) + setHasReadOnlyOrGetterSetterPropertiesExcludingProto(true); + } + + void setContainsReadOnlyProperties() { setHasReadOnlyOrGetterSetterPropertiesExcludingProto(true); } + + void setHasCustomGetterSetterPropertiesWithProtoCheck(bool is__proto__) + { + setHasCustomGetterSetterProperties(true); + if (!is__proto__) + setHasReadOnlyOrGetterSetterPropertiesExcludingProto(true); + } + + bool isEmpty() const + { + ASSERT(checkOffsetConsistency()); + return !JSC::isValidOffset(m_offset); + } - void setEnumerationCache(JSPropertyNameIterator* enumerationCache); // Defined in JSPropertyNameIterator.h. - void clearEnumerationCache(JSPropertyNameIterator* enumerationCache); // Defined in JSPropertyNameIterator.h. - JSPropertyNameIterator* enumerationCache(); // Defined in JSPropertyNameIterator.h. - void getPropertyNames(PropertyNameArray&, EnumerationMode mode); - - private: + void setCachedPropertyNameEnumerator(VM&, JSPropertyNameEnumerator*); + JSPropertyNameEnumerator* cachedPropertyNameEnumerator() const; + bool canCachePropertyNameEnumerator() const; + bool canAccessPropertiesQuickly() const; - Structure(JSValue prototype, const TypeInfo&, unsigned anonymousSlotCount); - - typedef enum { - NoneDictionaryKind = 0, - CachedDictionaryKind = 1, - UncachedDictionaryKind = 2 - } DictionaryKind; - static PassRefPtr toDictionaryTransition(Structure*, DictionaryKind); - - size_t put(const Identifier& propertyName, unsigned attributes, JSCell* specificValue); - size_t remove(const Identifier& propertyName); - - void expandPropertyMapHashTable(); - void rehashPropertyMapHashTable(); - void rehashPropertyMapHashTable(unsigned newTableSize); - void createPropertyMapHashTable(); - void createPropertyMapHashTable(unsigned newTableSize); - void insertIntoPropertyMapHashTable(const PropertyMapEntry&); - void checkConsistency(); - - bool despecifyFunction(const Identifier&); - void despecifyAllFunctions(); - - PropertyMapHashTable* copyPropertyTable(); - void materializePropertyMap(); - void materializePropertyMapIfNecessary() - { - if (m_propertyTable || !m_previous) - return; - materializePropertyMap(); - } + void getPropertyNamesFromStructure(VM&, PropertyNameArray&, EnumerationMode); - signed char transitionCount() const - { - // Since the number of transitions is always the same as m_offset, we keep the size of Structure down by not storing both. - return m_offset == noOffset ? 0 : m_offset + 1; - } + JSString* objectToStringValue() + { + if (!hasRareData()) + return 0; + return rareData()->objectToStringValue(); + } - typedef std::pair Transition; - typedef HashMap TransitionTable; + void setObjectToStringValue(VM& vm, JSString* value) + { + if (!hasRareData()) + allocateRareData(vm); + rareData()->setObjectToStringValue(vm, value); + } + + const ClassInfo* classInfo() const { return m_classInfo; } + + static ptrdiff_t structureIDOffset() + { + return OBJECT_OFFSETOF(Structure, m_blob) + StructureIDBlob::structureIDOffset(); + } - inline bool transitionTableContains(const StructureTransitionTableHash::Key& key, JSCell* specificValue); - inline void transitionTableRemove(const StructureTransitionTableHash::Key& key, JSCell* specificValue); - inline void transitionTableAdd(const StructureTransitionTableHash::Key& key, Structure* structure, JSCell* specificValue); - inline bool transitionTableHasTransition(const StructureTransitionTableHash::Key& key) const; - inline Structure* transitionTableGet(const StructureTransitionTableHash::Key& key, JSCell* specificValue) const; + static ptrdiff_t prototypeOffset() + { + return OBJECT_OFFSETOF(Structure, m_prototype); + } - TransitionTable* transitionTable() const { ASSERT(!m_isUsingSingleSlot); return m_transitions.m_table; } - inline void setTransitionTable(TransitionTable* table); - Structure* singleTransition() const { ASSERT(m_isUsingSingleSlot); return m_transitions.m_singleTransition; } - void setSingleTransition(Structure* structure) { ASSERT(m_isUsingSingleSlot); m_transitions.m_singleTransition = structure; } + static ptrdiff_t globalObjectOffset() + { + return OBJECT_OFFSETOF(Structure, m_globalObject); + } + + static ptrdiff_t classInfoOffset() + { + return OBJECT_OFFSETOF(Structure, m_classInfo); + } - bool isValid(ExecState*, StructureChain* cachedPrototypeChain) const; + static ptrdiff_t indexingTypeOffset() + { + return OBJECT_OFFSETOF(Structure, m_blob) + StructureIDBlob::indexingTypeOffset(); + } - static const unsigned emptyEntryIndex = 0; + static Structure* createStructure(VM&); + + bool transitionWatchpointSetHasBeenInvalidated() const + { + return m_transitionWatchpointSet.hasBeenInvalidated(); + } + + bool transitionWatchpointSetIsStillValid() const + { + return m_transitionWatchpointSet.isStillValid(); + } + + bool dfgShouldWatchIfPossible() const + { + // FIXME: We would like to not watch things that are unprofitable to watch, like + // dictionaries. Unfortunately, we can't do such things: a dictionary could get flattened, + // in which case it will start to appear watchable and so the DFG will think that it is + // watching it. We should come up with a comprehensive story for not watching things that + // aren't profitable to watch. + // https://bugs.webkit.org/show_bug.cgi?id=133625 + return true; + } + + bool dfgShouldWatch() const + { + return dfgShouldWatchIfPossible() && transitionWatchpointSetIsStillValid(); + } + + void addTransitionWatchpoint(Watchpoint* watchpoint) const + { + ASSERT(transitionWatchpointSetIsStillValid()); + m_transitionWatchpointSet.add(watchpoint); + } + + void didTransitionFromThisStructure() const; + + InlineWatchpointSet& transitionWatchpointSet() const + { + return m_transitionWatchpointSet; + } + + WatchpointSet* ensurePropertyReplacementWatchpointSet(VM&, PropertyOffset); + void startWatchingPropertyForReplacements(VM& vm, PropertyOffset offset) + { + ensurePropertyReplacementWatchpointSet(vm, offset); + } + void startWatchingPropertyForReplacements(VM&, PropertyName); + WatchpointSet* propertyReplacementWatchpointSet(PropertyOffset); + void didReplaceProperty(PropertyOffset); + void didCachePropertyReplacement(VM&, PropertyOffset); - static const signed char s_maxTransitionLength = 64; + void startWatchingInternalPropertiesIfNecessary(VM& vm) + { + if (LIKELY(didWatchInternalProperties())) + return; + startWatchingInternalProperties(vm); + } + + void startWatchingInternalPropertiesIfNecessaryForEntireChain(VM& vm) + { + for (Structure* structure = this; structure; structure = structure->storedPrototypeStructure()) + structure->startWatchingInternalPropertiesIfNecessary(vm); + } - static const signed char noOffset = -1; + PassRefPtr toStructureShape(JSValue); + + // Determines if the two structures match enough that this one could be used for allocations + // of the other one. + bool canUseForAllocationsOf(Structure*); + + void dump(PrintStream&) const; + void dumpInContext(PrintStream&, DumpContext*) const; + void dumpBrief(PrintStream&, const CString&) const; + + static void dumpContextHeader(PrintStream&); + + DECLARE_EXPORT_INFO; + +private: + typedef enum { + NoneDictionaryKind = 0, + CachedDictionaryKind = 1, + UncachedDictionaryKind = 2 + } DictionaryKind; + +public: +#define DEFINE_BITFIELD(type, lowerName, upperName, width, offset) \ + static const uint32_t s_##lowerName##Shift = offset;\ + static const uint32_t s_##lowerName##Mask = ((1 << (width - 1)) | ((1 << (width - 1)) - 1));\ + type lowerName() const { return static_cast((m_bitField >> offset) & s_##lowerName##Mask); }\ + void set##upperName(type newValue) \ + {\ + m_bitField &= ~(s_##lowerName##Mask << offset);\ + m_bitField |= (newValue & s_##lowerName##Mask) << offset;\ + } - static const unsigned maxSpecificFunctionThrashCount = 3; + DEFINE_BITFIELD(DictionaryKind, dictionaryKind, DictionaryKind, 2, 0); + DEFINE_BITFIELD(bool, isPinnedPropertyTable, IsPinnedPropertyTable, 1, 2); + DEFINE_BITFIELD(bool, hasGetterSetterProperties, HasGetterSetterProperties, 1, 3); + DEFINE_BITFIELD(bool, hasReadOnlyOrGetterSetterPropertiesExcludingProto, HasReadOnlyOrGetterSetterPropertiesExcludingProto, 1, 4); + DEFINE_BITFIELD(bool, hasNonEnumerableProperties, HasNonEnumerableProperties, 1, 5); + DEFINE_BITFIELD(unsigned, attributesInPrevious, AttributesInPrevious, 14, 6); + DEFINE_BITFIELD(bool, preventExtensions, PreventExtensions, 1, 20); + DEFINE_BITFIELD(bool, didTransition, DidTransition, 1, 21); + DEFINE_BITFIELD(bool, staticFunctionsReified, StaticFunctionsReified, 1, 22); + DEFINE_BITFIELD(bool, hasRareData, HasRareData, 1, 23); + DEFINE_BITFIELD(bool, hasBeenFlattenedBefore, HasBeenFlattenedBefore, 1, 24); + DEFINE_BITFIELD(bool, hasCustomGetterSetterProperties, HasCustomGetterSetterProperties, 1, 25); + DEFINE_BITFIELD(bool, didWatchInternalProperties, DidWatchInternalProperties, 1, 26); + +private: + friend class LLIntOffsetsExtractor; + + JS_EXPORT_PRIVATE Structure(VM&, JSGlobalObject*, JSValue prototype, const TypeInfo&, const ClassInfo*, IndexingType, unsigned inlineCapacity); + Structure(VM&); + Structure(VM&, Structure*); + + static Structure* create(VM&, Structure*); + + static Structure* addPropertyTransitionToExistingStructureImpl(Structure*, UniquedStringImpl* uid, unsigned attributes, PropertyOffset&); - TypeInfo m_typeInfo; + // This will return the structure that has a usable property table, that property table, + // and the list of structures that we visited before we got to it. If it returns a + // non-null structure, it will also lock the structure that it returns; it is your job + // to unlock it. + void findStructuresAndMapForMaterialization(Vector& structures, Structure*&, PropertyTable*&); + + static Structure* toDictionaryTransition(VM&, Structure*, DictionaryKind); - JSValue m_prototype; - mutable RefPtr m_cachedPrototypeChain; + PropertyOffset add(VM&, PropertyName, unsigned attributes); + PropertyOffset remove(PropertyName); - RefPtr m_previous; - RefPtr m_nameInPrevious; - JSCell* m_specificValueInPrevious; + void createPropertyMap(const GCSafeConcurrentJITLocker&, VM&, unsigned keyCount = 0); + void checkConsistency(); - // 'm_isUsingSingleSlot' indicates whether we are using the single transition optimisation. - union { - TransitionTable* m_table; - Structure* m_singleTransition; - } m_transitions; + WriteBarrier& propertyTable(); + PropertyTable* takePropertyTableOrCloneIfPinned(VM&); + PropertyTable* copyPropertyTable(VM&); + PropertyTable* copyPropertyTableForPinning(VM&); + JS_EXPORT_PRIVATE void materializePropertyMap(VM&); + ALWAYS_INLINE void materializePropertyMapIfNecessary(VM& vm, DeferGC&) + { + ASSERT(!isCompilationThread()); + ASSERT(structure()->classInfo() == info()); + ASSERT(checkOffsetConsistency()); + if (!propertyTable() && previousID()) + materializePropertyMap(vm); + } + ALWAYS_INLINE void materializePropertyMapIfNecessary(VM& vm, PropertyTable*& table) + { + ASSERT(!isCompilationThread()); + ASSERT(structure()->classInfo() == info()); + ASSERT(checkOffsetConsistency()); + table = propertyTable().get(); + if (!table && previousID()) { + DeferGC deferGC(vm.heap); + materializePropertyMap(vm); + table = propertyTable().get(); + } + } + void materializePropertyMapIfNecessaryForPinning(VM& vm, DeferGC&) + { + ASSERT(structure()->classInfo() == info()); + checkOffsetConsistency(); + if (!propertyTable()) + materializePropertyMap(vm); + } - WeakGCPtr m_enumerationCache; + void setPreviousID(VM& vm, Structure* structure) + { + if (hasRareData()) + rareData()->setPreviousID(vm, structure); + else + m_previousOrRareData.set(vm, this, structure); + } - PropertyMapHashTable* m_propertyTable; + void clearPreviousID() + { + if (hasRareData()) + rareData()->clearPreviousID(); + else + m_previousOrRareData.clear(); + } - uint32_t m_propertyStorageCapacity; + int transitionCount() const + { + // Since the number of transitions is always the same as m_offset, we keep the size of Structure down by not storing both. + return numberOfSlotsForLastOffset(m_offset, m_inlineCapacity); + } - // m_offset does not account for anonymous slots - signed char m_offset; + bool isValid(JSGlobalObject*, StructureChain* cachedPrototypeChain) const; + bool isValid(ExecState*, StructureChain* cachedPrototypeChain) const; + + void pin(); - unsigned m_dictionaryKind : 2; - bool m_isPinnedPropertyTable : 1; - bool m_hasGetterSetterProperties : 1; - bool m_hasNonEnumerableProperties : 1; -#if COMPILER(WINSCW) - // Workaround for Symbian WINSCW compiler that cannot resolve unsigned type of the declared - // bitfield, when used as argument in make_pair() function calls in structure.ccp. - // This bitfield optimization is insignificant for the Symbian emulator target. - unsigned m_attributesInPrevious; -#else - unsigned m_attributesInPrevious : 7; -#endif - unsigned m_specificFunctionThrashCount : 2; - unsigned m_anonymousSlotCount : 5; - unsigned m_isUsingSingleSlot : 1; - // 4 free bits - }; + Structure* previous() const + { + ASSERT(!hasRareData()); + return static_cast(m_previousOrRareData.get()); + } - inline size_t Structure::get(const Identifier& propertyName) + StructureRareData* rareData() const { - ASSERT(!propertyName.isNull()); + ASSERT(hasRareData()); + return static_cast(m_previousOrRareData.get()); + } + + bool checkOffsetConsistency() const; - materializePropertyMapIfNecessary(); - if (!m_propertyTable) - return WTF::notFound; + JS_EXPORT_PRIVATE void allocateRareData(VM&); + + void startWatchingInternalProperties(VM&); - UString::Rep* rep = propertyName._ustring.rep(); + static const int s_maxTransitionLength = 64; + static const int s_maxTransitionLengthForNonEvalPutById = 512; - unsigned i = rep->existingHash(); + // These need to be properly aligned at the beginning of the 'Structure' + // part of the object. + StructureIDBlob m_blob; + TypeInfo::OutOfLineTypeFlags m_outOfLineTypeFlags; -#if DUMP_PROPERTYMAP_STATS - ++numProbes; -#endif + WriteBarrier m_globalObject; + WriteBarrier m_prototype; + mutable WriteBarrier m_cachedPrototypeChain; - unsigned entryIndex = m_propertyTable->entryIndices[i & m_propertyTable->sizeMask]; - if (entryIndex == emptyEntryIndex) - return WTF::notFound; + WriteBarrier m_previousOrRareData; - if (rep == m_propertyTable->entries()[entryIndex - 1].key) - return m_propertyTable->entries()[entryIndex - 1].offset; + RefPtr m_nameInPrevious; -#if DUMP_PROPERTYMAP_STATS - ++numCollisions; -#endif + const ClassInfo* m_classInfo; - unsigned k = 1 | WTF::doubleHash(rep->existingHash()); + StructureTransitionTable m_transitionTable; - while (1) { - i += k; + // Should be accessed through propertyTable(). During GC, it may be set to 0 by another thread. + WriteBarrier m_propertyTableUnsafe; -#if DUMP_PROPERTYMAP_STATS - ++numRehashes; -#endif + mutable InlineWatchpointSet m_transitionWatchpointSet; - entryIndex = m_propertyTable->entryIndices[i & m_propertyTable->sizeMask]; - if (entryIndex == emptyEntryIndex) - return WTF::notFound; + COMPILE_ASSERT(firstOutOfLineOffset < 256, firstOutOfLineOffset_fits); - if (rep == m_propertyTable->entries()[entryIndex - 1].key) - return m_propertyTable->entries()[entryIndex - 1].offset; - } - } + // m_offset does not account for anonymous slots + PropertyOffset m_offset; + + uint8_t m_inlineCapacity; + + ConcurrentJITLock m_lock; + + uint32_t m_bitField; +}; } // namespace JSC