X-Git-Url: https://git.saurik.com/apple/javascriptcore.git/blobdiff_plain/6fe7ccc865dc7d7541b93c5bcaf6368d2c98a174..12899fa232562c774004a3a9d7d3149944dec712:/runtime/Structure.cpp diff --git a/runtime/Structure.cpp b/runtime/Structure.cpp index 074c8b3..950728c 100644 --- a/runtime/Structure.cpp +++ b/runtime/Structure.cpp @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008, 2009 Apple Inc. All rights reserved. + * Copyright (C) 2008, 2009, 2013 Apple Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -26,12 +26,13 @@ #include "config.h" #include "Structure.h" -#include "Identifier.h" +#include "CodeBlock.h" #include "JSObject.h" #include "JSPropertyNameIterator.h" #include "Lookup.h" #include "PropertyNameArray.h" #include "StructureChain.h" +#include "StructureRareDataInlines.h" #include #include #include @@ -68,7 +69,7 @@ bool StructureTransitionTable::contains(StringImpl* rep, unsigned attributes) co Structure* transition = singleTransition(); return transition && transition->m_nameInPrevious == rep && transition->m_attributesInPrevious == attributes; } - return map()->contains(make_pair(rep, attributes)); + return map()->get(make_pair(rep, attributes)); } inline Structure* StructureTransitionTable::get(StringImpl* rep, unsigned attributes) const @@ -80,21 +81,21 @@ inline Structure* StructureTransitionTable::get(StringImpl* rep, unsigned attrib return map()->get(make_pair(rep, attributes)); } -inline void StructureTransitionTable::add(JSGlobalData& globalData, Structure* structure) +inline void StructureTransitionTable::add(VM& vm, Structure* structure) { if (isUsingSingleSlot()) { Structure* existingTransition = singleTransition(); // This handles the first transition being added. if (!existingTransition) { - setSingleTransition(globalData, structure); + setSingleTransition(vm, structure); return; } // This handles the second transition being added // (or the first transition being despecified!) setMap(new TransitionMap()); - add(globalData, existingTransition); + add(vm, existingTransition); } // Add the structure to the map. @@ -102,13 +103,7 @@ inline void StructureTransitionTable::add(JSGlobalData& globalData, Structure* s // Newer versions of the STL have an std::make_pair function that takes rvalue references. // When either of the parameters are bitfields, the C++ compiler will try to bind them as lvalues, which is invalid. To work around this, use unary "+" to make the parameter an rvalue. // See https://bugs.webkit.org/show_bug.cgi?id=59261 for more details - TransitionMap::AddResult result = map()->add(globalData, make_pair(structure->m_nameInPrevious, +structure->m_attributesInPrevious), structure); - if (!result.isNewEntry) { - // There already is an entry! - we should only hit this when despecifying. - ASSERT(result.iterator.get().second->m_specificValueInPrevious); - ASSERT(!structure->m_specificValueInPrevious); - map()->set(globalData, result.iterator.get().first, structure); - } + map()->set(make_pair(structure->m_nameInPrevious, +structure->m_attributesInPrevious), structure); } void Structure::dumpStatistics() @@ -127,7 +122,7 @@ void Structure::dumpStatistics() switch (structure->m_transitionTable.size()) { case 0: ++numberLeaf; - if (!structure->m_previous) + if (!structure->previousID()) ++numberSingletons; break; @@ -136,34 +131,36 @@ void Structure::dumpStatistics() break; } - if (structure->m_propertyTable) { + if (structure->propertyTable()) { ++numberWithPropertyMaps; - totalPropertyMapsSize += structure->m_propertyTable->sizeInMemory(); + totalPropertyMapsSize += structure->propertyTable()->sizeInMemory(); } } - dataLog("Number of live Structures: %d\n", liveStructureSet.size()); - dataLog("Number of Structures using the single item optimization for transition map: %d\n", numberUsingSingleSlot); - dataLog("Number of Structures that are leaf nodes: %d\n", numberLeaf); - dataLog("Number of Structures that singletons: %d\n", numberSingletons); - dataLog("Number of Structures with PropertyMaps: %d\n", numberWithPropertyMaps); + dataLogF("Number of live Structures: %d\n", liveStructureSet.size()); + dataLogF("Number of Structures using the single item optimization for transition map: %d\n", numberUsingSingleSlot); + dataLogF("Number of Structures that are leaf nodes: %d\n", numberLeaf); + dataLogF("Number of Structures that singletons: %d\n", numberSingletons); + dataLogF("Number of Structures with PropertyMaps: %d\n", numberWithPropertyMaps); - dataLog("Size of a single Structures: %d\n", static_cast(sizeof(Structure))); - dataLog("Size of sum of all property maps: %d\n", totalPropertyMapsSize); - dataLog("Size of average of all property maps: %f\n", static_cast(totalPropertyMapsSize) / static_cast(liveStructureSet.size())); + dataLogF("Size of a single Structures: %d\n", static_cast(sizeof(Structure))); + dataLogF("Size of sum of all property maps: %d\n", totalPropertyMapsSize); + dataLogF("Size of average of all property maps: %f\n", static_cast(totalPropertyMapsSize) / static_cast(liveStructureSet.size())); #else - dataLog("Dumping Structure statistics is not enabled.\n"); + dataLogF("Dumping Structure statistics is not enabled.\n"); #endif } -Structure::Structure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue prototype, const TypeInfo& typeInfo, const ClassInfo* classInfo) - : JSCell(globalData, globalData.structureStructure.get()) - , m_typeInfo(typeInfo) - , m_globalObject(globalData, this, globalObject, WriteBarrier::MayBeNull) - , m_prototype(globalData, this, prototype) +Structure::Structure(VM& vm, JSGlobalObject* globalObject, JSValue prototype, const TypeInfo& typeInfo, const ClassInfo* classInfo, IndexingType indexingType, unsigned inlineCapacity) + : JSCell(vm, vm.structureStructure.get()) + , m_globalObject(vm, this, globalObject, WriteBarrier::MayBeNull) + , m_prototype(vm, this, prototype) , m_classInfo(classInfo) - , m_propertyStorageCapacity(typeInfo.isFinalObject() ? JSFinalObject_inlineStorageCapacity : JSNonFinalObject_inlineStorageCapacity) - , m_offset(noOffset) + , m_transitionWatchpointSet(InitializedWatching) + , m_offset(invalidOffset) + , m_typeInfo(typeInfo) + , m_indexingType(indexingType) + , m_inlineCapacity(inlineCapacity) , m_dictionaryKind(NoneDictionaryKind) , m_isPinnedPropertyTable(false) , m_hasGetterSetterProperties(false) @@ -175,17 +172,22 @@ Structure::Structure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSV , m_didTransition(false) , m_staticFunctionReified(false) { + ASSERT(inlineCapacity <= JSFinalObject::maxInlineCapacity()); + ASSERT(static_cast(inlineCapacity) < firstOutOfLineOffset); + ASSERT(!typeInfo.structureHasRareData()); } const ClassInfo Structure::s_info = { "Structure", 0, 0, 0, CREATE_METHOD_TABLE(Structure) }; -Structure::Structure(JSGlobalData& globalData) +Structure::Structure(VM& vm) : JSCell(CreatingEarlyCell) - , m_typeInfo(CompoundType, OverridesVisitChildren) - , m_prototype(globalData, this, jsNull()) + , m_prototype(vm, this, jsNull()) , m_classInfo(&s_info) - , m_propertyStorageCapacity(0) - , m_offset(noOffset) + , m_transitionWatchpointSet(InitializedWatching) + , m_offset(invalidOffset) + , m_typeInfo(CompoundType, OverridesVisitChildren) + , m_indexingType(0) + , m_inlineCapacity(0) , m_dictionaryKind(NoneDictionaryKind) , m_isPinnedPropertyTable(false) , m_hasGetterSetterProperties(false) @@ -199,13 +201,15 @@ Structure::Structure(JSGlobalData& globalData) { } -Structure::Structure(JSGlobalData& globalData, const Structure* previous) - : JSCell(globalData, globalData.structureStructure.get()) - , m_typeInfo(previous->typeInfo()) - , m_prototype(globalData, this, previous->storedPrototype()) +Structure::Structure(VM& vm, const Structure* previous) + : JSCell(vm, vm.structureStructure.get()) + , m_prototype(vm, this, previous->storedPrototype()) , m_classInfo(previous->m_classInfo) - , m_propertyStorageCapacity(previous->m_propertyStorageCapacity) - , m_offset(noOffset) + , m_transitionWatchpointSet(InitializedWatching) + , m_offset(invalidOffset) + , m_typeInfo(previous->typeInfo().type(), previous->typeInfo().flags() & ~StructureHasRareData) + , m_indexingType(previous->indexingTypeIncludingHistory()) + , m_inlineCapacity(previous->m_inlineCapacity) , m_dictionaryKind(previous->m_dictionaryKind) , m_isPinnedPropertyTable(false) , m_hasGetterSetterProperties(previous->m_hasGetterSetterProperties) @@ -217,19 +221,25 @@ Structure::Structure(JSGlobalData& globalData, const Structure* previous) , m_didTransition(true) , m_staticFunctionReified(previous->m_staticFunctionReified) { + if (previous->typeInfo().structureHasRareData() && previous->rareData()->needsCloning()) + cloneRareDataFrom(vm, previous); + else if (previous->previousID()) + m_previousOrRareData.set(vm, this, previous->previousID()); + + previous->notifyTransitionFromThisStructure(); if (previous->m_globalObject) - m_globalObject.set(globalData, this, previous->m_globalObject.get()); + m_globalObject.set(vm, this, previous->m_globalObject.get()); } void Structure::destroy(JSCell* cell) { - jsCast(cell)->Structure::~Structure(); + static_cast(cell)->Structure::~Structure(); } -void Structure::materializePropertyMap(JSGlobalData& globalData) +void Structure::materializePropertyMap(VM& vm) { ASSERT(structure()->classInfo() == &s_info); - ASSERT(!m_propertyTable); + ASSERT(!propertyTable()); Vector structures; structures.append(this); @@ -239,65 +249,66 @@ void Structure::materializePropertyMap(JSGlobalData& globalData) // Search for the last Structure with a property table. while ((structure = structure->previousID())) { if (structure->m_isPinnedPropertyTable) { - ASSERT(structure->m_propertyTable); - ASSERT(!structure->m_previous); + ASSERT(structure->propertyTable()); + ASSERT(!structure->previousID()); - m_propertyTable = structure->m_propertyTable->copy(globalData, 0, m_offset + 1); + propertyTable().set(vm, this, structure->propertyTable()->copy(vm, 0, numberOfSlotsForLastOffset(m_offset, m_inlineCapacity))); break; } structures.append(structure); } - if (!m_propertyTable) - createPropertyMap(m_offset + 1); + if (!propertyTable()) + createPropertyMap(vm, numberOfSlotsForLastOffset(m_offset, m_inlineCapacity)); - for (ptrdiff_t i = structures.size() - 2; i >= 0; --i) { + for (ptrdiff_t i = structures.size() - 1; i >= 0; --i) { structure = structures[i]; - PropertyMapEntry entry(globalData, this, structure->m_nameInPrevious.get(), structure->m_offset, structure->m_attributesInPrevious, structure->m_specificValueInPrevious.get()); - m_propertyTable->add(entry); + if (!structure->m_nameInPrevious) + continue; + PropertyMapEntry entry(vm, this, structure->m_nameInPrevious.get(), structure->m_offset, structure->m_attributesInPrevious, structure->m_specificValueInPrevious.get()); + propertyTable()->add(entry, m_offset, PropertyTable::PropertyOffsetMustNotChange); } + + checkOffsetConsistency(); } -void Structure::growPropertyStorageCapacity() +inline size_t nextOutOfLineStorageCapacity(size_t currentCapacity) { - if (isUsingInlineStorage()) - m_propertyStorageCapacity = JSObject::baseExternalStorageCapacity; - else - m_propertyStorageCapacity *= 2; + if (!currentCapacity) + return initialOutOfLineCapacity; + return currentCapacity * outOfLineGrowthFactor; } -size_t Structure::suggestedNewPropertyStorageSize() +size_t Structure::suggestedNewOutOfLineStorageCapacity() { - if (isUsingInlineStorage()) - return JSObject::baseExternalStorageCapacity; - return m_propertyStorageCapacity * 2; + return nextOutOfLineStorageCapacity(outOfLineCapacity()); } - -void Structure::despecifyDictionaryFunction(JSGlobalData& globalData, const Identifier& propertyName) + +void Structure::despecifyDictionaryFunction(VM& vm, PropertyName propertyName) { - StringImpl* rep = propertyName.impl(); + StringImpl* rep = propertyName.uid(); - materializePropertyMapIfNecessary(globalData); + materializePropertyMapIfNecessary(vm); ASSERT(isDictionary()); - ASSERT(m_propertyTable); + ASSERT(propertyTable()); - PropertyMapEntry* entry = m_propertyTable->find(rep).first; + PropertyMapEntry* entry = propertyTable()->find(rep).first; ASSERT(entry); entry->specificValue.clear(); } -Structure* Structure::addPropertyTransitionToExistingStructure(Structure* structure, const Identifier& propertyName, unsigned attributes, JSCell* specificValue, size_t& offset) +Structure* Structure::addPropertyTransitionToExistingStructure(Structure* structure, PropertyName propertyName, unsigned attributes, JSCell* specificValue, PropertyOffset& offset) { ASSERT(!structure->isDictionary()); ASSERT(structure->isObject()); - if (Structure* existingTransition = structure->m_transitionTable.get(propertyName.impl(), attributes)) { + if (Structure* existingTransition = structure->m_transitionTable.get(propertyName.uid(), attributes)) { JSCell* specificValueInPrevious = existingTransition->m_specificValueInPrevious.get(); if (specificValueInPrevious && specificValueInPrevious != specificValue) return 0; - ASSERT(existingTransition->m_offset != noOffset); + validateOffset(existingTransition->m_offset, existingTransition->inlineCapacity()); offset = existingTransition->m_offset; return existingTransition; } @@ -305,7 +316,35 @@ Structure* Structure::addPropertyTransitionToExistingStructure(Structure* struct return 0; } -Structure* Structure::addPropertyTransition(JSGlobalData& globalData, Structure* structure, const Identifier& propertyName, unsigned attributes, JSCell* specificValue, size_t& offset) +bool Structure::anyObjectInChainMayInterceptIndexedAccesses() const +{ + for (const Structure* current = this; ;) { + if (current->mayInterceptIndexedAccesses()) + return true; + + JSValue prototype = current->storedPrototype(); + if (prototype.isNull()) + return false; + + current = asObject(prototype)->structure(); + } +} + +bool Structure::needsSlowPutIndexing() const +{ + return anyObjectInChainMayInterceptIndexedAccesses() + || globalObject()->isHavingABadTime(); +} + +NonPropertyTransition Structure::suggestedArrayStorageTransition() const +{ + if (needsSlowPutIndexing()) + return AllocateSlowPutArrayStorage; + + return AllocateArrayStorage; +} + +Structure* Structure::addPropertyTransition(VM& vm, Structure* structure, PropertyName propertyName, unsigned attributes, JSCell* specificValue, PropertyOffset& offset) { // If we have a specific function, we may have got to this point if there is // already a transition with the correct property name and attributes, but @@ -314,7 +353,7 @@ Structure* Structure::addPropertyTransition(JSGlobalData& globalData, Structure* // In this case we clear the value of specificFunction which will result // in us adding a non-specific transition, and any subsequent lookup in // Structure::addPropertyTransitionToExistingStructure will just use that. - if (specificValue && structure->m_transitionTable.contains(propertyName.impl(), attributes)) + if (specificValue && structure->m_transitionTable.contains(propertyName.uid(), attributes)) specificValue = 0; ASSERT(!structure->isDictionary()); @@ -325,196 +364,235 @@ Structure* Structure::addPropertyTransition(JSGlobalData& globalData, Structure* specificValue = 0; if (structure->transitionCount() > s_maxTransitionLength) { - Structure* transition = toCacheableDictionaryTransition(globalData, structure); + Structure* transition = toCacheableDictionaryTransition(vm, structure); ASSERT(structure != transition); - offset = transition->putSpecificValue(globalData, propertyName, attributes, specificValue); - if (transition->propertyStorageSize() > transition->propertyStorageCapacity()) - transition->growPropertyStorageCapacity(); + offset = transition->putSpecificValue(vm, propertyName, attributes, specificValue); return transition; } - Structure* transition = create(globalData, structure); + Structure* transition = create(vm, structure); - transition->m_cachedPrototypeChain.setMayBeNull(globalData, transition, structure->m_cachedPrototypeChain.get()); - transition->m_previous.set(globalData, transition, structure); - transition->m_nameInPrevious = propertyName.impl(); + transition->m_cachedPrototypeChain.setMayBeNull(vm, transition, structure->m_cachedPrototypeChain.get()); + transition->setPreviousID(vm, transition, structure); + transition->m_nameInPrevious = propertyName.uid(); transition->m_attributesInPrevious = attributes; - transition->m_specificValueInPrevious.setMayBeNull(globalData, transition, specificValue); - - if (structure->m_propertyTable) { - if (structure->m_isPinnedPropertyTable) - transition->m_propertyTable = structure->m_propertyTable->copy(globalData, transition, structure->m_propertyTable->size() + 1); - else - transition->m_propertyTable = structure->m_propertyTable.release(); - } else { - if (structure->m_previous) - transition->materializePropertyMap(globalData); - else - transition->createPropertyMap(); - } + transition->m_specificValueInPrevious.setMayBeNull(vm, transition, specificValue); + transition->propertyTable().set(vm, transition, structure->takePropertyTableOrCloneIfPinned(vm, transition)); + transition->m_offset = structure->m_offset; - offset = transition->putSpecificValue(globalData, propertyName, attributes, specificValue); - if (transition->propertyStorageSize() > transition->propertyStorageCapacity()) - transition->growPropertyStorageCapacity(); + offset = transition->putSpecificValue(vm, propertyName, attributes, specificValue); - transition->m_offset = offset; - structure->m_transitionTable.add(globalData, transition); + checkOffset(transition->m_offset, transition->inlineCapacity()); + structure->m_transitionTable.add(vm, transition); + transition->checkOffsetConsistency(); + structure->checkOffsetConsistency(); return transition; } -Structure* Structure::removePropertyTransition(JSGlobalData& globalData, Structure* structure, const Identifier& propertyName, size_t& offset) +Structure* Structure::removePropertyTransition(VM& vm, Structure* structure, PropertyName propertyName, PropertyOffset& offset) { ASSERT(!structure->isUncacheableDictionary()); - Structure* transition = toUncacheableDictionaryTransition(globalData, structure); + Structure* transition = toUncacheableDictionaryTransition(vm, structure); offset = transition->remove(propertyName); + transition->checkOffsetConsistency(); return transition; } -Structure* Structure::changePrototypeTransition(JSGlobalData& globalData, Structure* structure, JSValue prototype) +Structure* Structure::changePrototypeTransition(VM& vm, Structure* structure, JSValue prototype) { - Structure* transition = create(globalData, structure); - - transition->m_prototype.set(globalData, transition, prototype); + Structure* transition = create(vm, structure); - // Don't set m_offset, as one can not transition to this. + transition->m_prototype.set(vm, transition, prototype); - structure->materializePropertyMapIfNecessary(globalData); - transition->m_propertyTable = structure->copyPropertyTableForPinning(globalData, transition); + structure->materializePropertyMapIfNecessary(vm); + transition->propertyTable().set(vm, transition, structure->copyPropertyTableForPinning(vm, transition)); + transition->m_offset = structure->m_offset; transition->pin(); + transition->checkOffsetConsistency(); return transition; } -Structure* Structure::despecifyFunctionTransition(JSGlobalData& globalData, Structure* structure, const Identifier& replaceFunction) +Structure* Structure::despecifyFunctionTransition(VM& vm, Structure* structure, PropertyName replaceFunction) { ASSERT(structure->m_specificFunctionThrashCount < maxSpecificFunctionThrashCount); - Structure* transition = create(globalData, structure); + Structure* transition = create(vm, structure); ++transition->m_specificFunctionThrashCount; - // Don't set m_offset, as one can not transition to this. - - structure->materializePropertyMapIfNecessary(globalData); - transition->m_propertyTable = structure->copyPropertyTableForPinning(globalData, transition); + structure->materializePropertyMapIfNecessary(vm); + transition->propertyTable().set(vm, transition, structure->copyPropertyTableForPinning(vm, transition)); + transition->m_offset = structure->m_offset; transition->pin(); if (transition->m_specificFunctionThrashCount == maxSpecificFunctionThrashCount) - transition->despecifyAllFunctions(globalData); + transition->despecifyAllFunctions(vm); else { - bool removed = transition->despecifyFunction(globalData, replaceFunction); + bool removed = transition->despecifyFunction(vm, replaceFunction); ASSERT_UNUSED(removed, removed); } + transition->checkOffsetConsistency(); return transition; } -Structure* Structure::attributeChangeTransition(JSGlobalData& globalData, Structure* structure, const Identifier& propertyName, unsigned attributes) +Structure* Structure::attributeChangeTransition(VM& vm, Structure* structure, PropertyName propertyName, unsigned attributes) { if (!structure->isUncacheableDictionary()) { - Structure* transition = create(globalData, structure); + Structure* transition = create(vm, structure); - // Don't set m_offset, as one can not transition to this. - - structure->materializePropertyMapIfNecessary(globalData); - transition->m_propertyTable = structure->copyPropertyTableForPinning(globalData, transition); + structure->materializePropertyMapIfNecessary(vm); + transition->propertyTable().set(vm, transition, structure->copyPropertyTableForPinning(vm, transition)); + transition->m_offset = structure->m_offset; transition->pin(); structure = transition; } - ASSERT(structure->m_propertyTable); - PropertyMapEntry* entry = structure->m_propertyTable->find(propertyName.impl()).first; + ASSERT(structure->propertyTable()); + PropertyMapEntry* entry = structure->propertyTable()->find(propertyName.uid()).first; ASSERT(entry); entry->attributes = attributes; + structure->checkOffsetConsistency(); return structure; } -Structure* Structure::toDictionaryTransition(JSGlobalData& globalData, Structure* structure, DictionaryKind kind) +Structure* Structure::toDictionaryTransition(VM& vm, Structure* structure, DictionaryKind kind) { ASSERT(!structure->isUncacheableDictionary()); - Structure* transition = create(globalData, structure); + Structure* transition = create(vm, structure); - structure->materializePropertyMapIfNecessary(globalData); - transition->m_propertyTable = structure->copyPropertyTableForPinning(globalData, transition); + structure->materializePropertyMapIfNecessary(vm); + transition->propertyTable().set(vm, transition, structure->copyPropertyTableForPinning(vm, transition)); + transition->m_offset = structure->m_offset; transition->m_dictionaryKind = kind; transition->pin(); + transition->checkOffsetConsistency(); return transition; } -Structure* Structure::toCacheableDictionaryTransition(JSGlobalData& globalData, Structure* structure) +Structure* Structure::toCacheableDictionaryTransition(VM& vm, Structure* structure) { - return toDictionaryTransition(globalData, structure, CachedDictionaryKind); + return toDictionaryTransition(vm, structure, CachedDictionaryKind); } -Structure* Structure::toUncacheableDictionaryTransition(JSGlobalData& globalData, Structure* structure) +Structure* Structure::toUncacheableDictionaryTransition(VM& vm, Structure* structure) { - return toDictionaryTransition(globalData, structure, UncachedDictionaryKind); + return toDictionaryTransition(vm, structure, UncachedDictionaryKind); } // In future we may want to cache this transition. -Structure* Structure::sealTransition(JSGlobalData& globalData, Structure* structure) +Structure* Structure::sealTransition(VM& vm, Structure* structure) { - Structure* transition = preventExtensionsTransition(globalData, structure); + Structure* transition = preventExtensionsTransition(vm, structure); - if (transition->m_propertyTable) { - PropertyTable::iterator end = transition->m_propertyTable->end(); - for (PropertyTable::iterator iter = transition->m_propertyTable->begin(); iter != end; ++iter) + if (transition->propertyTable()) { + PropertyTable::iterator end = transition->propertyTable()->end(); + for (PropertyTable::iterator iter = transition->propertyTable()->begin(); iter != end; ++iter) iter->attributes |= DontDelete; } + transition->checkOffsetConsistency(); return transition; } // In future we may want to cache this transition. -Structure* Structure::freezeTransition(JSGlobalData& globalData, Structure* structure) +Structure* Structure::freezeTransition(VM& vm, Structure* structure) { - Structure* transition = preventExtensionsTransition(globalData, structure); + Structure* transition = preventExtensionsTransition(vm, structure); - if (transition->m_propertyTable) { - PropertyTable::iterator iter = transition->m_propertyTable->begin(); - PropertyTable::iterator end = transition->m_propertyTable->end(); + if (transition->propertyTable()) { + PropertyTable::iterator iter = transition->propertyTable()->begin(); + PropertyTable::iterator end = transition->propertyTable()->end(); if (iter != end) transition->m_hasReadOnlyOrGetterSetterPropertiesExcludingProto = true; for (; iter != end; ++iter) iter->attributes |= iter->attributes & Accessor ? DontDelete : (DontDelete | ReadOnly); } + transition->checkOffsetConsistency(); return transition; } // In future we may want to cache this transition. -Structure* Structure::preventExtensionsTransition(JSGlobalData& globalData, Structure* structure) +Structure* Structure::preventExtensionsTransition(VM& vm, Structure* structure) { - Structure* transition = create(globalData, structure); + Structure* transition = create(vm, structure); // Don't set m_offset, as one can not transition to this. - structure->materializePropertyMapIfNecessary(globalData); - transition->m_propertyTable = structure->copyPropertyTableForPinning(globalData, transition); + structure->materializePropertyMapIfNecessary(vm); + transition->propertyTable().set(vm, transition, structure->copyPropertyTableForPinning(vm, transition)); + transition->m_offset = structure->m_offset; transition->m_preventExtensions = true; transition->pin(); + transition->checkOffsetConsistency(); + return transition; +} + +PropertyTable* Structure::takePropertyTableOrCloneIfPinned(VM& vm, Structure* owner) +{ + materializePropertyMapIfNecessaryForPinning(vm); + if (m_isPinnedPropertyTable) + return propertyTable()->copy(vm, owner, propertyTable()->size() + 1); + PropertyTable* takenPropertyTable = propertyTable().get(); + propertyTable().clear(); + return takenPropertyTable; +} + +Structure* Structure::nonPropertyTransition(VM& vm, Structure* structure, NonPropertyTransition transitionKind) +{ + unsigned attributes = toAttributes(transitionKind); + IndexingType indexingType = newIndexingType(structure->indexingTypeIncludingHistory(), transitionKind); + + if (JSGlobalObject* globalObject = structure->m_globalObject.get()) { + if (globalObject->isOriginalArrayStructure(structure)) { + Structure* result = globalObject->originalArrayStructureForIndexingType(indexingType); + if (result->indexingTypeIncludingHistory() == indexingType) { + structure->notifyTransitionFromThisStructure(); + return result; + } + } + } + + if (Structure* existingTransition = structure->m_transitionTable.get(0, attributes)) { + ASSERT(existingTransition->m_attributesInPrevious == attributes); + ASSERT(existingTransition->indexingTypeIncludingHistory() == indexingType); + return existingTransition; + } + + Structure* transition = create(vm, structure); + transition->setPreviousID(vm, transition, structure); + transition->m_attributesInPrevious = attributes; + transition->m_indexingType = indexingType; + transition->propertyTable().set(vm, transition, structure->takePropertyTableOrCloneIfPinned(vm, transition)); + transition->m_offset = structure->m_offset; + checkOffset(transition->m_offset, transition->inlineCapacity()); + + structure->m_transitionTable.add(vm, transition); + transition->checkOffsetConsistency(); return transition; } // In future we may want to cache this property. -bool Structure::isSealed(JSGlobalData& globalData) +bool Structure::isSealed(VM& vm) { if (isExtensible()) return false; - materializePropertyMapIfNecessary(globalData); - if (!m_propertyTable) + materializePropertyMapIfNecessary(vm); + if (!propertyTable()) return true; - PropertyTable::iterator end = m_propertyTable->end(); - for (PropertyTable::iterator iter = m_propertyTable->begin(); iter != end; ++iter) { + PropertyTable::iterator end = propertyTable()->end(); + for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter) { if ((iter->attributes & DontDelete) != DontDelete) return false; } @@ -522,17 +600,17 @@ bool Structure::isSealed(JSGlobalData& globalData) } // In future we may want to cache this property. -bool Structure::isFrozen(JSGlobalData& globalData) +bool Structure::isFrozen(VM& vm) { if (isExtensible()) return false; - materializePropertyMapIfNecessary(globalData); - if (!m_propertyTable) + materializePropertyMapIfNecessary(vm); + if (!propertyTable()) return true; - PropertyTable::iterator end = m_propertyTable->end(); - for (PropertyTable::iterator iter = m_propertyTable->begin(); iter != end; ++iter) { + PropertyTable::iterator end = propertyTable()->end(); + for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter) { if (!(iter->attributes & DontDelete)) return false; if (!(iter->attributes & (ReadOnly | Accessor))) @@ -541,71 +619,94 @@ bool Structure::isFrozen(JSGlobalData& globalData) return true; } -Structure* Structure::flattenDictionaryStructure(JSGlobalData& globalData, JSObject* object) +Structure* Structure::flattenDictionaryStructure(VM& vm, JSObject* object) { + checkOffsetConsistency(); ASSERT(isDictionary()); if (isUncacheableDictionary()) { - ASSERT(m_propertyTable); + ASSERT(propertyTable()); - size_t propertyCount = m_propertyTable->size(); + size_t propertyCount = propertyTable()->size(); + + // Holds our values compacted by insertion order. Vector values(propertyCount); + // Copies out our values from their hashed locations, compacting property table offsets as we go. unsigned i = 0; - PropertyTable::iterator end = m_propertyTable->end(); - for (PropertyTable::iterator iter = m_propertyTable->begin(); iter != end; ++iter, ++i) { - values[i] = object->getDirectOffset(iter->offset); - // Update property table to have the new property offsets - iter->offset = i; + PropertyTable::iterator end = propertyTable()->end(); + m_offset = invalidOffset; + for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter, ++i) { + values[i] = object->getDirect(iter->offset); + m_offset = iter->offset = offsetForPropertyNumber(i, m_inlineCapacity); } - // Copy the original property values into their final locations + // Copies in our values to their compacted locations. for (unsigned i = 0; i < propertyCount; i++) - object->putDirectOffset(globalData, i, values[i]); + object->putDirect(vm, offsetForPropertyNumber(i, m_inlineCapacity), values[i]); - m_propertyTable->clearDeletedOffsets(); + propertyTable()->clearDeletedOffsets(); + checkOffsetConsistency(); } m_dictionaryKind = NoneDictionaryKind; + + // If the object had a Butterfly but after flattening/compacting we no longer have need of it, + // we need to zero it out because the collector depends on the Structure to know the size for copying. + if (object->butterfly() && !this->outOfLineCapacity() && !hasIndexingHeader(this->indexingType())) + object->setButterfly(vm, 0, this); + return this; } -size_t Structure::addPropertyWithoutTransition(JSGlobalData& globalData, const Identifier& propertyName, unsigned attributes, JSCell* specificValue) +PropertyOffset Structure::addPropertyWithoutTransition(VM& vm, PropertyName propertyName, unsigned attributes, JSCell* specificValue) { - ASSERT(!m_enumerationCache); + ASSERT(!enumerationCache()); if (m_specificFunctionThrashCount == maxSpecificFunctionThrashCount) specificValue = 0; - materializePropertyMapIfNecessaryForPinning(globalData); + materializePropertyMapIfNecessaryForPinning(vm); pin(); - size_t offset = putSpecificValue(globalData, propertyName, attributes, specificValue); - if (propertyStorageSize() > propertyStorageCapacity()) - growPropertyStorageCapacity(); - return offset; + return putSpecificValue(vm, propertyName, attributes, specificValue); } -size_t Structure::removePropertyWithoutTransition(JSGlobalData& globalData, const Identifier& propertyName) +PropertyOffset Structure::removePropertyWithoutTransition(VM& vm, PropertyName propertyName) { ASSERT(isUncacheableDictionary()); - ASSERT(!m_enumerationCache); + ASSERT(!enumerationCache()); - materializePropertyMapIfNecessaryForPinning(globalData); + materializePropertyMapIfNecessaryForPinning(vm); pin(); - size_t offset = remove(propertyName); - return offset; + return remove(propertyName); } void Structure::pin() { - ASSERT(m_propertyTable); + ASSERT(propertyTable()); m_isPinnedPropertyTable = true; - m_previous.clear(); + clearPreviousID(); m_nameInPrevious.clear(); } +void Structure::allocateRareData(VM& vm) +{ + ASSERT(!typeInfo().structureHasRareData()); + StructureRareData* rareData = StructureRareData::create(vm, previous()); + m_typeInfo = TypeInfo(typeInfo().type(), typeInfo().flags() | StructureHasRareData); + m_previousOrRareData.set(vm, this, rareData); +} + +void Structure::cloneRareDataFrom(VM& vm, const Structure* other) +{ + ASSERT(other->typeInfo().structureHasRareData()); + StructureRareData* newRareData = StructureRareData::clone(vm, other->rareData()); + m_typeInfo = TypeInfo(typeInfo().type(), typeInfo().flags() | StructureHasRareData); + m_previousOrRareData.set(vm, this, newRareData); +} + #if DUMP_PROPERTYMAP_STATS struct PropertyMapStatisticsExitLogger { @@ -616,11 +717,11 @@ static PropertyMapStatisticsExitLogger logger; PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger() { - dataLog("\nJSC::PropertyMap statistics\n\n"); - dataLog("%d probes\n", numProbes); - dataLog("%d collisions (%.1f%%)\n", numCollisions, 100.0 * numCollisions / numProbes); - dataLog("%d rehashes\n", numRehashes); - dataLog("%d removes\n", numRemoves); + dataLogF("\nJSC::PropertyMap statistics\n\n"); + dataLogF("%d probes\n", numProbes); + dataLogF("%d collisions (%.1f%%)\n", numCollisions, 100.0 * numCollisions / numProbes); + dataLogF("%d rehashes\n", numRehashes); + dataLogF("%d removes\n", numRemoves); } #endif @@ -629,43 +730,49 @@ PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger() inline void Structure::checkConsistency() { + checkOffsetConsistency(); } #endif -PassOwnPtr Structure::copyPropertyTable(JSGlobalData& globalData, Structure* owner) +PropertyTable* Structure::copyPropertyTable(VM& vm, Structure* owner) { - return adoptPtr(m_propertyTable ? new PropertyTable(globalData, owner, *m_propertyTable) : 0); + if (!propertyTable()) + return 0; + return PropertyTable::clone(vm, owner, *propertyTable().get()); } -PassOwnPtr Structure::copyPropertyTableForPinning(JSGlobalData& globalData, Structure* owner) +PropertyTable* Structure::copyPropertyTableForPinning(VM& vm, Structure* owner) { - return adoptPtr(m_propertyTable ? new PropertyTable(globalData, owner, *m_propertyTable) : new PropertyTable(m_offset == noOffset ? 0 : m_offset)); + if (propertyTable()) + return PropertyTable::clone(vm, owner, *propertyTable().get()); + return PropertyTable::create(vm, numberOfSlotsForLastOffset(m_offset, m_inlineCapacity)); } -size_t Structure::get(JSGlobalData& globalData, StringImpl* propertyName, unsigned& attributes, JSCell*& specificValue) +PropertyOffset Structure::get(VM& vm, PropertyName propertyName, unsigned& attributes, JSCell*& specificValue) { - materializePropertyMapIfNecessary(globalData); - if (!m_propertyTable) - return WTF::notFound; + ASSERT(structure()->classInfo() == &s_info); + + materializePropertyMapIfNecessary(vm); + if (!propertyTable()) + return invalidOffset; - PropertyMapEntry* entry = m_propertyTable->find(propertyName).first; + PropertyMapEntry* entry = propertyTable()->find(propertyName.uid()).first; if (!entry) - return WTF::notFound; + return invalidOffset; attributes = entry->attributes; specificValue = entry->specificValue.get(); return entry->offset; } -bool Structure::despecifyFunction(JSGlobalData& globalData, const Identifier& propertyName) +bool Structure::despecifyFunction(VM& vm, PropertyName propertyName) { - materializePropertyMapIfNecessary(globalData); - if (!m_propertyTable) + materializePropertyMapIfNecessary(vm); + if (!propertyTable()) return false; - ASSERT(!propertyName.isNull()); - PropertyMapEntry* entry = m_propertyTable->find(propertyName.impl()).first; + PropertyMapEntry* entry = propertyTable()->find(propertyName.uid()).first; if (!entry) return false; @@ -674,89 +781,80 @@ bool Structure::despecifyFunction(JSGlobalData& globalData, const Identifier& pr return true; } -void Structure::despecifyAllFunctions(JSGlobalData& globalData) +void Structure::despecifyAllFunctions(VM& vm) { - materializePropertyMapIfNecessary(globalData); - if (!m_propertyTable) + materializePropertyMapIfNecessary(vm); + if (!propertyTable()) return; - PropertyTable::iterator end = m_propertyTable->end(); - for (PropertyTable::iterator iter = m_propertyTable->begin(); iter != end; ++iter) + PropertyTable::iterator end = propertyTable()->end(); + for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter) iter->specificValue.clear(); } -size_t Structure::putSpecificValue(JSGlobalData& globalData, const Identifier& propertyName, unsigned attributes, JSCell* specificValue) +PropertyOffset Structure::putSpecificValue(VM& vm, PropertyName propertyName, unsigned attributes, JSCell* specificValue) { - ASSERT(!propertyName.isNull()); - ASSERT(get(globalData, propertyName) == notFound); + ASSERT(!JSC::isValidOffset(get(vm, propertyName))); checkConsistency(); if (attributes & DontEnum) m_hasNonEnumerableProperties = true; - StringImpl* rep = propertyName.impl(); - - if (!m_propertyTable) - createPropertyMap(); - - unsigned newOffset; + StringImpl* rep = propertyName.uid(); - if (m_propertyTable->hasDeletedOffset()) - newOffset = m_propertyTable->getDeletedOffset(); - else - newOffset = m_propertyTable->size(); + if (!propertyTable()) + createPropertyMap(vm); - m_propertyTable->add(PropertyMapEntry(globalData, this, rep, newOffset, attributes, specificValue)); + PropertyOffset newOffset = propertyTable()->nextOffset(m_inlineCapacity); + propertyTable()->add(PropertyMapEntry(vm, this, rep, newOffset, attributes, specificValue), m_offset, PropertyTable::PropertyOffsetMayChange); + checkConsistency(); return newOffset; } -size_t Structure::remove(const Identifier& propertyName) +PropertyOffset Structure::remove(PropertyName propertyName) { - ASSERT(!propertyName.isNull()); - checkConsistency(); - StringImpl* rep = propertyName.impl(); + StringImpl* rep = propertyName.uid(); - if (!m_propertyTable) - return notFound; + if (!propertyTable()) + return invalidOffset; - PropertyTable::find_iterator position = m_propertyTable->find(rep); + PropertyTable::find_iterator position = propertyTable()->find(rep); if (!position.first) - return notFound; + return invalidOffset; - size_t offset = position.first->offset; + PropertyOffset offset = position.first->offset; - m_propertyTable->remove(position); - m_propertyTable->addDeletedOffset(offset); + propertyTable()->remove(position); + propertyTable()->addDeletedOffset(offset); checkConsistency(); return offset; } -void Structure::createPropertyMap(unsigned capacity) +void Structure::createPropertyMap(VM& vm, unsigned capacity) { - ASSERT(!m_propertyTable); + ASSERT(!propertyTable()); checkConsistency(); - m_propertyTable = adoptPtr(new PropertyTable(capacity)); - checkConsistency(); + propertyTable().set(vm, this, PropertyTable::create(vm, capacity)); } -void Structure::getPropertyNamesFromStructure(JSGlobalData& globalData, PropertyNameArray& propertyNames, EnumerationMode mode) +void Structure::getPropertyNamesFromStructure(VM& vm, PropertyNameArray& propertyNames, EnumerationMode mode) { - materializePropertyMapIfNecessary(globalData); - if (!m_propertyTable) + materializePropertyMapIfNecessary(vm); + if (!propertyTable()) return; bool knownUnique = !propertyNames.size(); - PropertyTable::iterator end = m_propertyTable->end(); - for (PropertyTable::iterator iter = m_propertyTable->begin(); iter != end; ++iter) { + PropertyTable::iterator end = propertyTable()->end(); + for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter) { ASSERT(m_hasNonEnumerableProperties || !(iter->attributes & DontEnum)); - if (!(iter->attributes & DontEnum) || (mode == IncludeDontEnumProperties)) { + if (iter->key->isIdentifier() && (!(iter->attributes & DontEnum) || mode == IncludeDontEnumProperties)) { if (knownUnique) propertyNames.addKnownUnique(iter->key); else @@ -765,43 +863,66 @@ void Structure::getPropertyNamesFromStructure(JSGlobalData& globalData, Property } } +JSValue Structure::prototypeForLookup(CodeBlock* codeBlock) const +{ + return prototypeForLookup(codeBlock->globalObject()); +} + void Structure::visitChildren(JSCell* cell, SlotVisitor& visitor) { Structure* thisObject = jsCast(cell); ASSERT_GC_OBJECT_INHERITS(thisObject, &s_info); ASSERT(thisObject->structure()->typeInfo().overridesVisitChildren()); + JSCell::visitChildren(thisObject, visitor); - if (thisObject->m_globalObject) - visitor.append(&thisObject->m_globalObject); + visitor.append(&thisObject->m_globalObject); if (!thisObject->isObject()) thisObject->m_cachedPrototypeChain.clear(); else { - if (thisObject->m_prototype) - visitor.append(&thisObject->m_prototype); - if (thisObject->m_cachedPrototypeChain) - visitor.append(&thisObject->m_cachedPrototypeChain); + visitor.append(&thisObject->m_prototype); + visitor.append(&thisObject->m_cachedPrototypeChain); } - if (thisObject->m_previous) - visitor.append(&thisObject->m_previous); - if (thisObject->m_specificValueInPrevious) - visitor.append(&thisObject->m_specificValueInPrevious); - if (thisObject->m_enumerationCache) - visitor.append(&thisObject->m_enumerationCache); - if (thisObject->m_propertyTable) { - PropertyTable::iterator end = thisObject->m_propertyTable->end(); - for (PropertyTable::iterator ptr = thisObject->m_propertyTable->begin(); ptr != end; ++ptr) { - if (ptr->specificValue) - visitor.append(&ptr->specificValue); - } + visitor.append(&thisObject->m_previousOrRareData); + visitor.append(&thisObject->m_specificValueInPrevious); + + if (thisObject->m_isPinnedPropertyTable) { + ASSERT(thisObject->m_propertyTableUnsafe); + visitor.append(&thisObject->m_propertyTableUnsafe); + } else if (thisObject->m_propertyTableUnsafe) + thisObject->m_propertyTableUnsafe.clear(); +} + +bool Structure::prototypeChainMayInterceptStoreTo(VM& vm, PropertyName propertyName) +{ + unsigned i = propertyName.asIndex(); + if (i != PropertyName::NotAnIndex) + return anyObjectInChainMayInterceptIndexedAccesses(); + + for (Structure* current = this; ;) { + JSValue prototype = current->storedPrototype(); + if (prototype.isNull()) + return false; + + current = prototype.asCell()->structure(); + + unsigned attributes; + JSCell* specificValue; + PropertyOffset offset = current->get(vm, propertyName, attributes, specificValue); + if (!JSC::isValidOffset(offset)) + continue; + + if (attributes & (ReadOnly | Accessor)) + return true; + + return false; } - if (thisObject->m_objectToStringValue) - visitor.append(&thisObject->m_objectToStringValue); } #if DO_PROPERTYMAP_CONSTENCY_CHECK void PropertyTable::checkConsistency() { + checkOffsetConsistency(); ASSERT(m_indexSize >= PropertyTable::MinimumTableSize); ASSERT(m_indexMask); ASSERT(m_indexSize == m_indexMask + 1); @@ -859,17 +980,17 @@ void PropertyTable::checkConsistency() void Structure::checkConsistency() { - if (!m_propertyTable) + if (!propertyTable()) return; if (!m_hasNonEnumerableProperties) { - PropertyTable::iterator end = m_propertyTable->end(); - for (PropertyTable::iterator iter = m_propertyTable->begin(); iter != end; ++iter) { + PropertyTable::iterator end = propertyTable()->end(); + for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter) { ASSERT(!(iter->attributes & DontEnum)); } } - m_propertyTable->checkConsistency(); + propertyTable()->checkConsistency(); } #endif // DO_PROPERTYMAP_CONSTENCY_CHECK