X-Git-Url: https://git.saurik.com/apple/javascriptcore.git/blobdiff_plain/6fe7ccc865dc7d7541b93c5bcaf6368d2c98a174..2656c66b5b30d5597e842a751c7f19ad6c2fe31a:/runtime/Structure.cpp diff --git a/runtime/Structure.cpp b/runtime/Structure.cpp index 074c8b3..1305ecb 100644 --- a/runtime/Structure.cpp +++ b/runtime/Structure.cpp @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008, 2009 Apple Inc. All rights reserved. + * Copyright (C) 2008, 2009, 2013 Apple Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -10,10 +10,10 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR @@ -26,12 +26,18 @@ #include "config.h" #include "Structure.h" -#include "Identifier.h" +#include "CodeBlock.h" +#include "DumpContext.h" +#include "JSCInlines.h" #include "JSObject.h" #include "JSPropertyNameIterator.h" #include "Lookup.h" +#include "PropertyMapHashTable.h" #include "PropertyNameArray.h" #include "StructureChain.h" +#include "StructureRareDataInlines.h" +#include +#include #include #include #include @@ -47,15 +53,6 @@ using namespace std; using namespace WTF; -#if DUMP_PROPERTYMAP_STATS - -int numProbes; -int numCollisions; -int numRehashes; -int numRemoves; - -#endif - namespace JSC { #if DUMP_STRUCTURE_ID_STATISTICS @@ -68,7 +65,7 @@ bool StructureTransitionTable::contains(StringImpl* rep, unsigned attributes) co Structure* transition = singleTransition(); return transition && transition->m_nameInPrevious == rep && transition->m_attributesInPrevious == attributes; } - return map()->contains(make_pair(rep, attributes)); + return map()->get(std::make_pair(rep, attributes)); } inline Structure* StructureTransitionTable::get(StringImpl* rep, unsigned attributes) const @@ -77,24 +74,24 @@ inline Structure* StructureTransitionTable::get(StringImpl* rep, unsigned attrib Structure* transition = singleTransition(); return (transition && transition->m_nameInPrevious == rep && transition->m_attributesInPrevious == attributes) ? transition : 0; } - return map()->get(make_pair(rep, attributes)); + return map()->get(std::make_pair(rep, attributes)); } -inline void StructureTransitionTable::add(JSGlobalData& globalData, Structure* structure) +inline void StructureTransitionTable::add(VM& vm, Structure* structure) { if (isUsingSingleSlot()) { Structure* existingTransition = singleTransition(); // This handles the first transition being added. if (!existingTransition) { - setSingleTransition(globalData, structure); + setSingleTransition(vm, structure); return; } // This handles the second transition being added // (or the first transition being despecified!) setMap(new TransitionMap()); - add(globalData, existingTransition); + add(vm, existingTransition); } // Add the structure to the map. @@ -102,13 +99,7 @@ inline void StructureTransitionTable::add(JSGlobalData& globalData, Structure* s // Newer versions of the STL have an std::make_pair function that takes rvalue references. // When either of the parameters are bitfields, the C++ compiler will try to bind them as lvalues, which is invalid. To work around this, use unary "+" to make the parameter an rvalue. // See https://bugs.webkit.org/show_bug.cgi?id=59261 for more details - TransitionMap::AddResult result = map()->add(globalData, make_pair(structure->m_nameInPrevious, +structure->m_attributesInPrevious), structure); - if (!result.isNewEntry) { - // There already is an entry! - we should only hit this when despecifying. - ASSERT(result.iterator.get().second->m_specificValueInPrevious); - ASSERT(!structure->m_specificValueInPrevious); - map()->set(globalData, result.iterator.get().first, structure); - } + map()->set(std::make_pair(structure->m_nameInPrevious.get(), +structure->m_attributesInPrevious), structure); } void Structure::dumpStatistics() @@ -127,7 +118,7 @@ void Structure::dumpStatistics() switch (structure->m_transitionTable.size()) { case 0: ++numberLeaf; - if (!structure->m_previous) + if (!structure->previousID()) ++numberSingletons; break; @@ -136,79 +127,100 @@ void Structure::dumpStatistics() break; } - if (structure->m_propertyTable) { + if (structure->propertyTable()) { ++numberWithPropertyMaps; - totalPropertyMapsSize += structure->m_propertyTable->sizeInMemory(); + totalPropertyMapsSize += structure->propertyTable()->sizeInMemory(); } } - dataLog("Number of live Structures: %d\n", liveStructureSet.size()); - dataLog("Number of Structures using the single item optimization for transition map: %d\n", numberUsingSingleSlot); - dataLog("Number of Structures that are leaf nodes: %d\n", numberLeaf); - dataLog("Number of Structures that singletons: %d\n", numberSingletons); - dataLog("Number of Structures with PropertyMaps: %d\n", numberWithPropertyMaps); + dataLogF("Number of live Structures: %d\n", liveStructureSet.size()); + dataLogF("Number of Structures using the single item optimization for transition map: %d\n", numberUsingSingleSlot); + dataLogF("Number of Structures that are leaf nodes: %d\n", numberLeaf); + dataLogF("Number of Structures that singletons: %d\n", numberSingletons); + dataLogF("Number of Structures with PropertyMaps: %d\n", numberWithPropertyMaps); - dataLog("Size of a single Structures: %d\n", static_cast(sizeof(Structure))); - dataLog("Size of sum of all property maps: %d\n", totalPropertyMapsSize); - dataLog("Size of average of all property maps: %f\n", static_cast(totalPropertyMapsSize) / static_cast(liveStructureSet.size())); + dataLogF("Size of a single Structures: %d\n", static_cast(sizeof(Structure))); + dataLogF("Size of sum of all property maps: %d\n", totalPropertyMapsSize); + dataLogF("Size of average of all property maps: %f\n", static_cast(totalPropertyMapsSize) / static_cast(liveStructureSet.size())); #else - dataLog("Dumping Structure statistics is not enabled.\n"); + dataLogF("Dumping Structure statistics is not enabled.\n"); #endif } -Structure::Structure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue prototype, const TypeInfo& typeInfo, const ClassInfo* classInfo) - : JSCell(globalData, globalData.structureStructure.get()) - , m_typeInfo(typeInfo) - , m_globalObject(globalData, this, globalObject, WriteBarrier::MayBeNull) - , m_prototype(globalData, this, prototype) +Structure::Structure(VM& vm, JSGlobalObject* globalObject, JSValue prototype, const TypeInfo& typeInfo, const ClassInfo* classInfo, IndexingType indexingType, unsigned inlineCapacity) + : JSCell(vm, vm.structureStructure.get()) + , m_blob(vm.heap.structureIDTable().allocateID(this), indexingType, typeInfo) + , m_outOfLineTypeFlags(typeInfo.outOfLineTypeFlags()) + , m_globalObject(vm, this, globalObject, WriteBarrier::MayBeNull) + , m_prototype(vm, this, prototype) , m_classInfo(classInfo) - , m_propertyStorageCapacity(typeInfo.isFinalObject() ? JSFinalObject_inlineStorageCapacity : JSNonFinalObject_inlineStorageCapacity) - , m_offset(noOffset) + , m_transitionWatchpointSet(IsWatched) + , m_offset(invalidOffset) + , m_inlineCapacity(inlineCapacity) , m_dictionaryKind(NoneDictionaryKind) + , m_hasBeenFlattenedBefore(false) , m_isPinnedPropertyTable(false) - , m_hasGetterSetterProperties(false) - , m_hasReadOnlyOrGetterSetterPropertiesExcludingProto(false) + , m_hasGetterSetterProperties(classInfo->hasStaticSetterOrReadonlyProperties(vm)) + , m_hasCustomGetterSetterProperties(false) + , m_hasReadOnlyOrGetterSetterPropertiesExcludingProto(classInfo->hasStaticSetterOrReadonlyProperties(vm)) , m_hasNonEnumerableProperties(false) , m_attributesInPrevious(0) , m_specificFunctionThrashCount(0) , m_preventExtensions(false) , m_didTransition(false) , m_staticFunctionReified(false) + , m_hasRareData(false) { + ASSERT(inlineCapacity <= JSFinalObject::maxInlineCapacity()); + ASSERT(static_cast(inlineCapacity) < firstOutOfLineOffset); + ASSERT(!m_hasRareData); + ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties(vm)); + ASSERT(hasGetterSetterProperties() || !m_classInfo->hasStaticSetterOrReadonlyProperties(vm)); } const ClassInfo Structure::s_info = { "Structure", 0, 0, 0, CREATE_METHOD_TABLE(Structure) }; -Structure::Structure(JSGlobalData& globalData) +Structure::Structure(VM& vm) : JSCell(CreatingEarlyCell) - , m_typeInfo(CompoundType, OverridesVisitChildren) - , m_prototype(globalData, this, jsNull()) - , m_classInfo(&s_info) - , m_propertyStorageCapacity(0) - , m_offset(noOffset) + , m_prototype(vm, this, jsNull()) + , m_classInfo(info()) + , m_transitionWatchpointSet(IsWatched) + , m_offset(invalidOffset) + , m_inlineCapacity(0) , m_dictionaryKind(NoneDictionaryKind) + , m_hasBeenFlattenedBefore(false) , m_isPinnedPropertyTable(false) - , m_hasGetterSetterProperties(false) - , m_hasReadOnlyOrGetterSetterPropertiesExcludingProto(false) + , m_hasGetterSetterProperties(m_classInfo->hasStaticSetterOrReadonlyProperties(vm)) + , m_hasCustomGetterSetterProperties(false) + , m_hasReadOnlyOrGetterSetterPropertiesExcludingProto(m_classInfo->hasStaticSetterOrReadonlyProperties(vm)) , m_hasNonEnumerableProperties(false) , m_attributesInPrevious(0) , m_specificFunctionThrashCount(0) , m_preventExtensions(false) , m_didTransition(false) , m_staticFunctionReified(false) + , m_hasRareData(false) { + TypeInfo typeInfo = TypeInfo(CompoundType, OverridesVisitChildren | StructureIsImmortal); + m_blob = StructureIDBlob(vm.heap.structureIDTable().allocateID(this), 0, typeInfo); + m_outOfLineTypeFlags = typeInfo.outOfLineTypeFlags(); + + ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties(vm)); + ASSERT(hasGetterSetterProperties() || !m_classInfo->hasStaticSetterOrReadonlyProperties(vm)); } -Structure::Structure(JSGlobalData& globalData, const Structure* previous) - : JSCell(globalData, globalData.structureStructure.get()) - , m_typeInfo(previous->typeInfo()) - , m_prototype(globalData, this, previous->storedPrototype()) +Structure::Structure(VM& vm, Structure* previous) + : JSCell(vm, vm.structureStructure.get()) + , m_prototype(vm, this, previous->storedPrototype()) , m_classInfo(previous->m_classInfo) - , m_propertyStorageCapacity(previous->m_propertyStorageCapacity) - , m_offset(noOffset) + , m_transitionWatchpointSet(IsWatched) + , m_offset(invalidOffset) + , m_inlineCapacity(previous->m_inlineCapacity) , m_dictionaryKind(previous->m_dictionaryKind) + , m_hasBeenFlattenedBefore(previous->m_hasBeenFlattenedBefore) , m_isPinnedPropertyTable(false) , m_hasGetterSetterProperties(previous->m_hasGetterSetterProperties) + , m_hasCustomGetterSetterProperties(previous->m_hasCustomGetterSetterProperties) , m_hasReadOnlyOrGetterSetterPropertiesExcludingProto(previous->m_hasReadOnlyOrGetterSetterPropertiesExcludingProto) , m_hasNonEnumerableProperties(previous->m_hasNonEnumerableProperties) , m_attributesInPrevious(0) @@ -216,88 +228,120 @@ Structure::Structure(JSGlobalData& globalData, const Structure* previous) , m_preventExtensions(previous->m_preventExtensions) , m_didTransition(true) , m_staticFunctionReified(previous->m_staticFunctionReified) + , m_hasRareData(false) { + TypeInfo typeInfo = previous->typeInfo(); + m_blob = StructureIDBlob(vm.heap.structureIDTable().allocateID(this), previous->indexingTypeIncludingHistory(), typeInfo); + m_outOfLineTypeFlags = typeInfo.outOfLineTypeFlags(); + + ASSERT(!previous->typeInfo().structureIsImmortal()); + if (previous->m_hasRareData && previous->rareData()->needsCloning()) + cloneRareDataFrom(vm, previous); + setPreviousID(vm, previous); + + previous->notifyTransitionFromThisStructure(); if (previous->m_globalObject) - m_globalObject.set(globalData, this, previous->m_globalObject.get()); + m_globalObject.set(vm, this, previous->m_globalObject.get()); + ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties(vm)); + ASSERT(hasGetterSetterProperties() || !m_classInfo->hasStaticSetterOrReadonlyProperties(vm)); } -void Structure::destroy(JSCell* cell) +Structure::~Structure() { - jsCast(cell)->Structure::~Structure(); + if (typeInfo().structureIsImmortal()) + return; + Heap::heap(this)->structureIDTable().deallocateID(this, m_blob.structureID()); } -void Structure::materializePropertyMap(JSGlobalData& globalData) +void Structure::destroy(JSCell* cell) { - ASSERT(structure()->classInfo() == &s_info); - ASSERT(!m_propertyTable); - - Vector structures; - structures.append(this); - - Structure* structure = this; + static_cast(cell)->Structure::~Structure(); +} - // Search for the last Structure with a property table. - while ((structure = structure->previousID())) { - if (structure->m_isPinnedPropertyTable) { - ASSERT(structure->m_propertyTable); - ASSERT(!structure->m_previous); +void Structure::findStructuresAndMapForMaterialization(Vector& structures, Structure*& structure, PropertyTable*& table) +{ + ASSERT(structures.isEmpty()); + table = 0; - m_propertyTable = structure->m_propertyTable->copy(globalData, 0, m_offset + 1); - break; + for (structure = this; structure; structure = structure->previousID()) { + structure->m_lock.lock(); + + table = structure->propertyTable().get(); + if (table) { + // Leave the structure locked, so that the caller can do things to it atomically + // before it loses its property table. + return; } - + structures.append(structure); + structure->m_lock.unlock(); } - - if (!m_propertyTable) - createPropertyMap(m_offset + 1); - - for (ptrdiff_t i = structures.size() - 2; i >= 0; --i) { - structure = structures[i]; - PropertyMapEntry entry(globalData, this, structure->m_nameInPrevious.get(), structure->m_offset, structure->m_attributesInPrevious, structure->m_specificValueInPrevious.get()); - m_propertyTable->add(entry); - } + + ASSERT(!structure); + ASSERT(!table); } -void Structure::growPropertyStorageCapacity() +void Structure::materializePropertyMap(VM& vm) { - if (isUsingInlineStorage()) - m_propertyStorageCapacity = JSObject::baseExternalStorageCapacity; + ASSERT(structure()->classInfo() == info()); + ASSERT(!propertyTable()); + + Vector structures; + Structure* structure; + PropertyTable* table; + + findStructuresAndMapForMaterialization(structures, structure, table); + + if (table) { + table = table->copy(vm, numberOfSlotsForLastOffset(m_offset, m_inlineCapacity)); + structure->m_lock.unlock(); + } + + // Must hold the lock on this structure, since we will be modifying this structure's + // property map. We don't want getConcurrently() to see the property map in a half-baked + // state. + GCSafeConcurrentJITLocker locker(m_lock, vm.heap); + if (!table) + createPropertyMap(locker, vm, numberOfSlotsForLastOffset(m_offset, m_inlineCapacity)); else - m_propertyStorageCapacity *= 2; -} + propertyTable().set(vm, this, table); -size_t Structure::suggestedNewPropertyStorageSize() -{ - if (isUsingInlineStorage()) - return JSObject::baseExternalStorageCapacity; - return m_propertyStorageCapacity * 2; + for (size_t i = structures.size(); i--;) { + structure = structures[i]; + if (!structure->m_nameInPrevious) + continue; + PropertyMapEntry entry(vm, this, structure->m_nameInPrevious.get(), structure->m_offset, structure->m_attributesInPrevious, structure->m_specificValueInPrevious.get()); + propertyTable()->add(entry, m_offset, PropertyTable::PropertyOffsetMustNotChange); + } + + checkOffsetConsistency(); } -void Structure::despecifyDictionaryFunction(JSGlobalData& globalData, const Identifier& propertyName) +void Structure::despecifyDictionaryFunction(VM& vm, PropertyName propertyName) { - StringImpl* rep = propertyName.impl(); + StringImpl* rep = propertyName.uid(); - materializePropertyMapIfNecessary(globalData); + DeferGC deferGC(vm.heap); + materializePropertyMapIfNecessary(vm, deferGC); ASSERT(isDictionary()); - ASSERT(m_propertyTable); + ASSERT(propertyTable()); - PropertyMapEntry* entry = m_propertyTable->find(rep).first; + PropertyMapEntry* entry = propertyTable()->get(rep); ASSERT(entry); entry->specificValue.clear(); } -Structure* Structure::addPropertyTransitionToExistingStructure(Structure* structure, const Identifier& propertyName, unsigned attributes, JSCell* specificValue, size_t& offset) +Structure* Structure::addPropertyTransitionToExistingStructureImpl(Structure* structure, StringImpl* uid, unsigned attributes, JSCell* specificValue, PropertyOffset& offset) { ASSERT(!structure->isDictionary()); ASSERT(structure->isObject()); - if (Structure* existingTransition = structure->m_transitionTable.get(propertyName.impl(), attributes)) { + if (Structure* existingTransition = structure->m_transitionTable.get(uid, attributes)) { JSCell* specificValueInPrevious = existingTransition->m_specificValueInPrevious.get(); if (specificValueInPrevious && specificValueInPrevious != specificValue) return 0; - ASSERT(existingTransition->m_offset != noOffset); + validateOffset(existingTransition->m_offset, existingTransition->inlineCapacity()); offset = existingTransition->m_offset; return existingTransition; } @@ -305,7 +349,71 @@ Structure* Structure::addPropertyTransitionToExistingStructure(Structure* struct return 0; } -Structure* Structure::addPropertyTransition(JSGlobalData& globalData, Structure* structure, const Identifier& propertyName, unsigned attributes, JSCell* specificValue, size_t& offset) +Structure* Structure::addPropertyTransitionToExistingStructure(Structure* structure, PropertyName propertyName, unsigned attributes, JSCell* specificValue, PropertyOffset& offset) +{ + ASSERT(!isCompilationThread()); + return addPropertyTransitionToExistingStructureImpl(structure, propertyName.uid(), attributes, specificValue, offset); +} + +Structure* Structure::addPropertyTransitionToExistingStructureConcurrently(Structure* structure, StringImpl* uid, unsigned attributes, JSCell* specificValue, PropertyOffset& offset) +{ + ConcurrentJITLocker locker(structure->m_lock); + return addPropertyTransitionToExistingStructureImpl(structure, uid, attributes, specificValue, offset); +} + +bool Structure::anyObjectInChainMayInterceptIndexedAccesses() const +{ + for (const Structure* current = this; ;) { + if (current->mayInterceptIndexedAccesses()) + return true; + + JSValue prototype = current->storedPrototype(); + if (prototype.isNull()) + return false; + + current = asObject(prototype)->structure(); + } +} + +bool Structure::holesMustForwardToPrototype(VM& vm) const +{ + if (this->mayInterceptIndexedAccesses()) + return true; + + JSValue prototype = this->storedPrototype(); + if (!prototype.isObject()) + return false; + JSObject* object = asObject(prototype); + + while (true) { + Structure& structure = *object->structure(vm); + if (hasIndexedProperties(object->indexingType()) || structure.mayInterceptIndexedAccesses()) + return true; + prototype = structure.storedPrototype(); + if (!prototype.isObject()) + return false; + object = asObject(prototype); + } + + RELEASE_ASSERT_NOT_REACHED(); + return false; +} + +bool Structure::needsSlowPutIndexing() const +{ + return anyObjectInChainMayInterceptIndexedAccesses() + || globalObject()->isHavingABadTime(); +} + +NonPropertyTransition Structure::suggestedArrayStorageTransition() const +{ + if (needsSlowPutIndexing()) + return AllocateSlowPutArrayStorage; + + return AllocateArrayStorage; +} + +Structure* Structure::addPropertyTransition(VM& vm, Structure* structure, PropertyName propertyName, unsigned attributes, JSCell* specificValue, PropertyOffset& offset, PutPropertySlot::Context context) { // If we have a specific function, we may have got to this point if there is // already a transition with the correct property name and attributes, but @@ -314,7 +422,7 @@ Structure* Structure::addPropertyTransition(JSGlobalData& globalData, Structure* // In this case we clear the value of specificFunction which will result // in us adding a non-specific transition, and any subsequent lookup in // Structure::addPropertyTransitionToExistingStructure will just use that. - if (specificValue && structure->m_transitionTable.contains(propertyName.impl(), attributes)) + if (specificValue && structure->m_transitionTable.contains(propertyName.uid(), attributes)) specificValue = 0; ASSERT(!structure->isDictionary()); @@ -324,197 +432,263 @@ Structure* Structure::addPropertyTransition(JSGlobalData& globalData, Structure* if (structure->m_specificFunctionThrashCount == maxSpecificFunctionThrashCount) specificValue = 0; - if (structure->transitionCount() > s_maxTransitionLength) { - Structure* transition = toCacheableDictionaryTransition(globalData, structure); + int maxTransitionLength; + if (context == PutPropertySlot::PutById) + maxTransitionLength = s_maxTransitionLengthForNonEvalPutById; + else + maxTransitionLength = s_maxTransitionLength; + if (structure->transitionCount() > maxTransitionLength) { + Structure* transition = toCacheableDictionaryTransition(vm, structure); ASSERT(structure != transition); - offset = transition->putSpecificValue(globalData, propertyName, attributes, specificValue); - if (transition->propertyStorageSize() > transition->propertyStorageCapacity()) - transition->growPropertyStorageCapacity(); + offset = transition->putSpecificValue(vm, propertyName, attributes, specificValue); return transition; } - Structure* transition = create(globalData, structure); + Structure* transition = create(vm, structure); - transition->m_cachedPrototypeChain.setMayBeNull(globalData, transition, structure->m_cachedPrototypeChain.get()); - transition->m_previous.set(globalData, transition, structure); - transition->m_nameInPrevious = propertyName.impl(); + transition->m_cachedPrototypeChain.setMayBeNull(vm, transition, structure->m_cachedPrototypeChain.get()); + transition->m_nameInPrevious = propertyName.uid(); transition->m_attributesInPrevious = attributes; - transition->m_specificValueInPrevious.setMayBeNull(globalData, transition, specificValue); - - if (structure->m_propertyTable) { - if (structure->m_isPinnedPropertyTable) - transition->m_propertyTable = structure->m_propertyTable->copy(globalData, transition, structure->m_propertyTable->size() + 1); - else - transition->m_propertyTable = structure->m_propertyTable.release(); - } else { - if (structure->m_previous) - transition->materializePropertyMap(globalData); - else - transition->createPropertyMap(); - } - - offset = transition->putSpecificValue(globalData, propertyName, attributes, specificValue); - if (transition->propertyStorageSize() > transition->propertyStorageCapacity()) - transition->growPropertyStorageCapacity(); - - transition->m_offset = offset; - structure->m_transitionTable.add(globalData, transition); + transition->m_specificValueInPrevious.setMayBeNull(vm, transition, specificValue); + transition->propertyTable().set(vm, transition, structure->takePropertyTableOrCloneIfPinned(vm)); + transition->m_offset = structure->m_offset; + + offset = transition->putSpecificValue(vm, propertyName, attributes, specificValue); + + checkOffset(transition->m_offset, transition->inlineCapacity()); + { + ConcurrentJITLocker locker(structure->m_lock); + structure->m_transitionTable.add(vm, transition); + } + transition->checkOffsetConsistency(); + structure->checkOffsetConsistency(); return transition; } -Structure* Structure::removePropertyTransition(JSGlobalData& globalData, Structure* structure, const Identifier& propertyName, size_t& offset) +Structure* Structure::removePropertyTransition(VM& vm, Structure* structure, PropertyName propertyName, PropertyOffset& offset) { ASSERT(!structure->isUncacheableDictionary()); - Structure* transition = toUncacheableDictionaryTransition(globalData, structure); + Structure* transition = toUncacheableDictionaryTransition(vm, structure); offset = transition->remove(propertyName); + transition->checkOffsetConsistency(); return transition; } -Structure* Structure::changePrototypeTransition(JSGlobalData& globalData, Structure* structure, JSValue prototype) +Structure* Structure::changePrototypeTransition(VM& vm, Structure* structure, JSValue prototype) { - Structure* transition = create(globalData, structure); - - transition->m_prototype.set(globalData, transition, prototype); + Structure* transition = create(vm, structure); - // Don't set m_offset, as one can not transition to this. + transition->m_prototype.set(vm, transition, prototype); - structure->materializePropertyMapIfNecessary(globalData); - transition->m_propertyTable = structure->copyPropertyTableForPinning(globalData, transition); + DeferGC deferGC(vm.heap); + structure->materializePropertyMapIfNecessary(vm, deferGC); + transition->propertyTable().set(vm, transition, structure->copyPropertyTableForPinning(vm)); + transition->m_offset = structure->m_offset; transition->pin(); + transition->checkOffsetConsistency(); return transition; } -Structure* Structure::despecifyFunctionTransition(JSGlobalData& globalData, Structure* structure, const Identifier& replaceFunction) +Structure* Structure::despecifyFunctionTransition(VM& vm, Structure* structure, PropertyName replaceFunction) { ASSERT(structure->m_specificFunctionThrashCount < maxSpecificFunctionThrashCount); - Structure* transition = create(globalData, structure); + Structure* transition = create(vm, structure); ++transition->m_specificFunctionThrashCount; - // Don't set m_offset, as one can not transition to this. - - structure->materializePropertyMapIfNecessary(globalData); - transition->m_propertyTable = structure->copyPropertyTableForPinning(globalData, transition); + DeferGC deferGC(vm.heap); + structure->materializePropertyMapIfNecessary(vm, deferGC); + transition->propertyTable().set(vm, transition, structure->copyPropertyTableForPinning(vm)); + transition->m_offset = structure->m_offset; transition->pin(); if (transition->m_specificFunctionThrashCount == maxSpecificFunctionThrashCount) - transition->despecifyAllFunctions(globalData); + transition->despecifyAllFunctions(vm); else { - bool removed = transition->despecifyFunction(globalData, replaceFunction); + bool removed = transition->despecifyFunction(vm, replaceFunction); ASSERT_UNUSED(removed, removed); } + transition->checkOffsetConsistency(); return transition; } -Structure* Structure::attributeChangeTransition(JSGlobalData& globalData, Structure* structure, const Identifier& propertyName, unsigned attributes) +Structure* Structure::attributeChangeTransition(VM& vm, Structure* structure, PropertyName propertyName, unsigned attributes) { + DeferGC deferGC(vm.heap); if (!structure->isUncacheableDictionary()) { - Structure* transition = create(globalData, structure); + Structure* transition = create(vm, structure); - // Don't set m_offset, as one can not transition to this. - - structure->materializePropertyMapIfNecessary(globalData); - transition->m_propertyTable = structure->copyPropertyTableForPinning(globalData, transition); + structure->materializePropertyMapIfNecessary(vm, deferGC); + transition->propertyTable().set(vm, transition, structure->copyPropertyTableForPinning(vm)); + transition->m_offset = structure->m_offset; transition->pin(); structure = transition; } - ASSERT(structure->m_propertyTable); - PropertyMapEntry* entry = structure->m_propertyTable->find(propertyName.impl()).first; + ASSERT(structure->propertyTable()); + PropertyMapEntry* entry = structure->propertyTable()->get(propertyName.uid()); ASSERT(entry); entry->attributes = attributes; + structure->checkOffsetConsistency(); return structure; } -Structure* Structure::toDictionaryTransition(JSGlobalData& globalData, Structure* structure, DictionaryKind kind) +Structure* Structure::toDictionaryTransition(VM& vm, Structure* structure, DictionaryKind kind) { ASSERT(!structure->isUncacheableDictionary()); - Structure* transition = create(globalData, structure); + Structure* transition = create(vm, structure); - structure->materializePropertyMapIfNecessary(globalData); - transition->m_propertyTable = structure->copyPropertyTableForPinning(globalData, transition); + DeferGC deferGC(vm.heap); + structure->materializePropertyMapIfNecessary(vm, deferGC); + transition->propertyTable().set(vm, transition, structure->copyPropertyTableForPinning(vm)); + transition->m_offset = structure->m_offset; transition->m_dictionaryKind = kind; transition->pin(); + transition->checkOffsetConsistency(); return transition; } -Structure* Structure::toCacheableDictionaryTransition(JSGlobalData& globalData, Structure* structure) +Structure* Structure::toCacheableDictionaryTransition(VM& vm, Structure* structure) { - return toDictionaryTransition(globalData, structure, CachedDictionaryKind); + return toDictionaryTransition(vm, structure, CachedDictionaryKind); } -Structure* Structure::toUncacheableDictionaryTransition(JSGlobalData& globalData, Structure* structure) +Structure* Structure::toUncacheableDictionaryTransition(VM& vm, Structure* structure) { - return toDictionaryTransition(globalData, structure, UncachedDictionaryKind); + return toDictionaryTransition(vm, structure, UncachedDictionaryKind); } // In future we may want to cache this transition. -Structure* Structure::sealTransition(JSGlobalData& globalData, Structure* structure) +Structure* Structure::sealTransition(VM& vm, Structure* structure) { - Structure* transition = preventExtensionsTransition(globalData, structure); + Structure* transition = preventExtensionsTransition(vm, structure); - if (transition->m_propertyTable) { - PropertyTable::iterator end = transition->m_propertyTable->end(); - for (PropertyTable::iterator iter = transition->m_propertyTable->begin(); iter != end; ++iter) + if (transition->propertyTable()) { + PropertyTable::iterator end = transition->propertyTable()->end(); + for (PropertyTable::iterator iter = transition->propertyTable()->begin(); iter != end; ++iter) iter->attributes |= DontDelete; } + transition->checkOffsetConsistency(); return transition; } // In future we may want to cache this transition. -Structure* Structure::freezeTransition(JSGlobalData& globalData, Structure* structure) +Structure* Structure::freezeTransition(VM& vm, Structure* structure) { - Structure* transition = preventExtensionsTransition(globalData, structure); + Structure* transition = preventExtensionsTransition(vm, structure); - if (transition->m_propertyTable) { - PropertyTable::iterator iter = transition->m_propertyTable->begin(); - PropertyTable::iterator end = transition->m_propertyTable->end(); + if (transition->propertyTable()) { + PropertyTable::iterator iter = transition->propertyTable()->begin(); + PropertyTable::iterator end = transition->propertyTable()->end(); if (iter != end) transition->m_hasReadOnlyOrGetterSetterPropertiesExcludingProto = true; for (; iter != end; ++iter) iter->attributes |= iter->attributes & Accessor ? DontDelete : (DontDelete | ReadOnly); } + ASSERT(transition->hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !transition->classInfo()->hasStaticSetterOrReadonlyProperties(vm)); + ASSERT(transition->hasGetterSetterProperties() || !transition->classInfo()->hasStaticSetterOrReadonlyProperties(vm)); + transition->checkOffsetConsistency(); return transition; } // In future we may want to cache this transition. -Structure* Structure::preventExtensionsTransition(JSGlobalData& globalData, Structure* structure) +Structure* Structure::preventExtensionsTransition(VM& vm, Structure* structure) { - Structure* transition = create(globalData, structure); + Structure* transition = create(vm, structure); // Don't set m_offset, as one can not transition to this. - structure->materializePropertyMapIfNecessary(globalData); - transition->m_propertyTable = structure->copyPropertyTableForPinning(globalData, transition); + DeferGC deferGC(vm.heap); + structure->materializePropertyMapIfNecessary(vm, deferGC); + transition->propertyTable().set(vm, transition, structure->copyPropertyTableForPinning(vm)); + transition->m_offset = structure->m_offset; transition->m_preventExtensions = true; transition->pin(); + transition->checkOffsetConsistency(); + return transition; +} + +PropertyTable* Structure::takePropertyTableOrCloneIfPinned(VM& vm) +{ + DeferGC deferGC(vm.heap); + materializePropertyMapIfNecessaryForPinning(vm, deferGC); + + if (m_isPinnedPropertyTable) + return propertyTable()->copy(vm, propertyTable()->size() + 1); + + // Hold the lock while stealing the table - so that getConcurrently() on another thread + // will either have to bypass this structure, or will get to use the property table + // before it is stolen. + ConcurrentJITLocker locker(m_lock); + PropertyTable* takenPropertyTable = propertyTable().get(); + propertyTable().clear(); + return takenPropertyTable; +} + +Structure* Structure::nonPropertyTransition(VM& vm, Structure* structure, NonPropertyTransition transitionKind) +{ + unsigned attributes = toAttributes(transitionKind); + IndexingType indexingType = newIndexingType(structure->indexingTypeIncludingHistory(), transitionKind); + + if (JSGlobalObject* globalObject = structure->m_globalObject.get()) { + if (globalObject->isOriginalArrayStructure(structure)) { + Structure* result = globalObject->originalArrayStructureForIndexingType(indexingType); + if (result->indexingTypeIncludingHistory() == indexingType) { + structure->notifyTransitionFromThisStructure(); + return result; + } + } + } + + Structure* existingTransition; + if (!structure->isDictionary() && (existingTransition = structure->m_transitionTable.get(0, attributes))) { + ASSERT(existingTransition->m_attributesInPrevious == attributes); + ASSERT(existingTransition->indexingTypeIncludingHistory() == indexingType); + return existingTransition; + } + + Structure* transition = create(vm, structure); + transition->m_attributesInPrevious = attributes; + transition->m_blob.setIndexingType(indexingType); + transition->propertyTable().set(vm, transition, structure->takePropertyTableOrCloneIfPinned(vm)); + transition->m_offset = structure->m_offset; + checkOffset(transition->m_offset, transition->inlineCapacity()); + + if (structure->isDictionary()) + transition->pin(); + else { + ConcurrentJITLocker locker(structure->m_lock); + structure->m_transitionTable.add(vm, transition); + } + transition->checkOffsetConsistency(); return transition; } // In future we may want to cache this property. -bool Structure::isSealed(JSGlobalData& globalData) +bool Structure::isSealed(VM& vm) { if (isExtensible()) return false; - materializePropertyMapIfNecessary(globalData); - if (!m_propertyTable) + DeferGC deferGC(vm.heap); + materializePropertyMapIfNecessary(vm, deferGC); + if (!propertyTable()) return true; - PropertyTable::iterator end = m_propertyTable->end(); - for (PropertyTable::iterator iter = m_propertyTable->begin(); iter != end; ++iter) { + PropertyTable::iterator end = propertyTable()->end(); + for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter) { if ((iter->attributes & DontDelete) != DontDelete) return false; } @@ -522,17 +696,18 @@ bool Structure::isSealed(JSGlobalData& globalData) } // In future we may want to cache this property. -bool Structure::isFrozen(JSGlobalData& globalData) +bool Structure::isFrozen(VM& vm) { if (isExtensible()) return false; - materializePropertyMapIfNecessary(globalData); - if (!m_propertyTable) + DeferGC deferGC(vm.heap); + materializePropertyMapIfNecessary(vm, deferGC); + if (!propertyTable()) return true; - PropertyTable::iterator end = m_propertyTable->end(); - for (PropertyTable::iterator iter = m_propertyTable->begin(); iter != end; ++iter) { + PropertyTable::iterator end = propertyTable()->end(); + for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter) { if (!(iter->attributes & DontDelete)) return false; if (!(iter->attributes & (ReadOnly | Accessor))) @@ -541,86 +716,141 @@ bool Structure::isFrozen(JSGlobalData& globalData) return true; } -Structure* Structure::flattenDictionaryStructure(JSGlobalData& globalData, JSObject* object) +Structure* Structure::flattenDictionaryStructure(VM& vm, JSObject* object) { + checkOffsetConsistency(); ASSERT(isDictionary()); + + size_t beforeOutOfLineCapacity = this->outOfLineCapacity(); if (isUncacheableDictionary()) { - ASSERT(m_propertyTable); + ASSERT(propertyTable()); - size_t propertyCount = m_propertyTable->size(); + size_t propertyCount = propertyTable()->size(); + + // Holds our values compacted by insertion order. Vector values(propertyCount); + // Copies out our values from their hashed locations, compacting property table offsets as we go. unsigned i = 0; - PropertyTable::iterator end = m_propertyTable->end(); - for (PropertyTable::iterator iter = m_propertyTable->begin(); iter != end; ++iter, ++i) { - values[i] = object->getDirectOffset(iter->offset); - // Update property table to have the new property offsets - iter->offset = i; + PropertyTable::iterator end = propertyTable()->end(); + m_offset = invalidOffset; + for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter, ++i) { + values[i] = object->getDirect(iter->offset); + m_offset = iter->offset = offsetForPropertyNumber(i, m_inlineCapacity); } - // Copy the original property values into their final locations + // Copies in our values to their compacted locations. for (unsigned i = 0; i < propertyCount; i++) - object->putDirectOffset(globalData, i, values[i]); + object->putDirect(vm, offsetForPropertyNumber(i, m_inlineCapacity), values[i]); - m_propertyTable->clearDeletedOffsets(); + propertyTable()->clearDeletedOffsets(); + checkOffsetConsistency(); } m_dictionaryKind = NoneDictionaryKind; + m_hasBeenFlattenedBefore = true; + + size_t afterOutOfLineCapacity = this->outOfLineCapacity(); + + if (beforeOutOfLineCapacity != afterOutOfLineCapacity) { + ASSERT(beforeOutOfLineCapacity > afterOutOfLineCapacity); + // If the object had a Butterfly but after flattening/compacting we no longer have need of it, + // we need to zero it out because the collector depends on the Structure to know the size for copying. + if (object->butterfly() && !afterOutOfLineCapacity && !this->hasIndexingHeader(object)) + object->setStructureAndButterfly(vm, this, 0); + // If the object was down-sized to the point where the base of the Butterfly is no longer within the + // first CopiedBlock::blockSize bytes, we'll get the wrong answer if we try to mask the base back to + // the CopiedBlock header. To prevent this case we need to memmove the Butterfly down. + else if (object->butterfly()) + object->shiftButterflyAfterFlattening(vm, beforeOutOfLineCapacity, afterOutOfLineCapacity); + } + return this; } -size_t Structure::addPropertyWithoutTransition(JSGlobalData& globalData, const Identifier& propertyName, unsigned attributes, JSCell* specificValue) +PropertyOffset Structure::addPropertyWithoutTransition(VM& vm, PropertyName propertyName, unsigned attributes, JSCell* specificValue) { - ASSERT(!m_enumerationCache); + ASSERT(!enumerationCache()); if (m_specificFunctionThrashCount == maxSpecificFunctionThrashCount) specificValue = 0; - materializePropertyMapIfNecessaryForPinning(globalData); + DeferGC deferGC(vm.heap); + materializePropertyMapIfNecessaryForPinning(vm, deferGC); pin(); - size_t offset = putSpecificValue(globalData, propertyName, attributes, specificValue); - if (propertyStorageSize() > propertyStorageCapacity()) - growPropertyStorageCapacity(); - return offset; + return putSpecificValue(vm, propertyName, attributes, specificValue); } -size_t Structure::removePropertyWithoutTransition(JSGlobalData& globalData, const Identifier& propertyName) +PropertyOffset Structure::removePropertyWithoutTransition(VM& vm, PropertyName propertyName) { ASSERT(isUncacheableDictionary()); - ASSERT(!m_enumerationCache); + ASSERT(!enumerationCache()); - materializePropertyMapIfNecessaryForPinning(globalData); + DeferGC deferGC(vm.heap); + materializePropertyMapIfNecessaryForPinning(vm, deferGC); pin(); - size_t offset = remove(propertyName); - return offset; + return remove(propertyName); } void Structure::pin() { - ASSERT(m_propertyTable); + ASSERT(propertyTable()); m_isPinnedPropertyTable = true; - m_previous.clear(); + clearPreviousID(); m_nameInPrevious.clear(); } +void Structure::allocateRareData(VM& vm) +{ + ASSERT(!m_hasRareData); + StructureRareData* rareData = StructureRareData::create(vm, previous()); + m_previousOrRareData.set(vm, this, rareData); + m_hasRareData = true; + ASSERT(m_hasRareData); +} + +void Structure::cloneRareDataFrom(VM& vm, const Structure* other) +{ + ASSERT(!m_hasRareData); + ASSERT(other->m_hasRareData); + StructureRareData* newRareData = StructureRareData::clone(vm, other->rareData()); + m_previousOrRareData.set(vm, this, newRareData); + m_hasRareData = true; + ASSERT(m_hasRareData); +} + #if DUMP_PROPERTYMAP_STATS +PropertyMapHashTableStats* propertyMapHashTableStats = 0; + struct PropertyMapStatisticsExitLogger { + PropertyMapStatisticsExitLogger(); ~PropertyMapStatisticsExitLogger(); }; -static PropertyMapStatisticsExitLogger logger; +DEFINE_GLOBAL_FOR_LOGGING(PropertyMapStatisticsExitLogger, logger, ); + +PropertyMapStatisticsExitLogger::PropertyMapStatisticsExitLogger() +{ + propertyMapHashTableStats = adoptPtr(new PropertyMapHashTableStats()).leakPtr(); +} PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger() { - dataLog("\nJSC::PropertyMap statistics\n\n"); - dataLog("%d probes\n", numProbes); - dataLog("%d collisions (%.1f%%)\n", numCollisions, 100.0 * numCollisions / numProbes); - dataLog("%d rehashes\n", numRehashes); - dataLog("%d removes\n", numRemoves); + unsigned finds = propertyMapHashTableStats->numFinds; + unsigned collisions = propertyMapHashTableStats->numCollisions; + dataLogF("\nJSC::PropertyMap statistics for process %d\n\n", getCurrentProcessID()); + dataLogF("%d finds\n", finds); + dataLogF("%d collisions (%.1f%%)\n", collisions, 100.0 * collisions / finds); + dataLogF("%d lookups\n", propertyMapHashTableStats->numLookups.load()); + dataLogF("%d lookup probings\n", propertyMapHashTableStats->numLookupProbing.load()); + dataLogF("%d adds\n", propertyMapHashTableStats->numAdds.load()); + dataLogF("%d removes\n", propertyMapHashTableStats->numRemoves.load()); + dataLogF("%d rehashes\n", propertyMapHashTableStats->numRehashes.load()); + dataLogF("%d reinserts\n", propertyMapHashTableStats->numReinserts.load()); } #endif @@ -629,43 +859,66 @@ PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger() inline void Structure::checkConsistency() { + checkOffsetConsistency(); } #endif -PassOwnPtr Structure::copyPropertyTable(JSGlobalData& globalData, Structure* owner) +PropertyTable* Structure::copyPropertyTable(VM& vm) { - return adoptPtr(m_propertyTable ? new PropertyTable(globalData, owner, *m_propertyTable) : 0); + if (!propertyTable()) + return 0; + return PropertyTable::clone(vm, *propertyTable().get()); } -PassOwnPtr Structure::copyPropertyTableForPinning(JSGlobalData& globalData, Structure* owner) +PropertyTable* Structure::copyPropertyTableForPinning(VM& vm) { - return adoptPtr(m_propertyTable ? new PropertyTable(globalData, owner, *m_propertyTable) : new PropertyTable(m_offset == noOffset ? 0 : m_offset)); + if (propertyTable()) + return PropertyTable::clone(vm, *propertyTable().get()); + return PropertyTable::create(vm, numberOfSlotsForLastOffset(m_offset, m_inlineCapacity)); } -size_t Structure::get(JSGlobalData& globalData, StringImpl* propertyName, unsigned& attributes, JSCell*& specificValue) +PropertyOffset Structure::getConcurrently(VM&, StringImpl* uid, unsigned& attributes, JSCell*& specificValue) { - materializePropertyMapIfNecessary(globalData); - if (!m_propertyTable) - return WTF::notFound; - - PropertyMapEntry* entry = m_propertyTable->find(propertyName).first; - if (!entry) - return WTF::notFound; - - attributes = entry->attributes; - specificValue = entry->specificValue.get(); - return entry->offset; + Vector structures; + Structure* structure; + PropertyTable* table; + + findStructuresAndMapForMaterialization(structures, structure, table); + + if (table) { + PropertyMapEntry* entry = table->get(uid); + if (entry) { + attributes = entry->attributes; + specificValue = entry->specificValue.get(); + PropertyOffset result = entry->offset; + structure->m_lock.unlock(); + return result; + } + structure->m_lock.unlock(); + } + + for (unsigned i = structures.size(); i--;) { + structure = structures[i]; + if (structure->m_nameInPrevious.get() != uid) + continue; + + attributes = structure->m_attributesInPrevious; + specificValue = structure->m_specificValueInPrevious.get(); + return structure->m_offset; + } + + return invalidOffset; } -bool Structure::despecifyFunction(JSGlobalData& globalData, const Identifier& propertyName) +bool Structure::despecifyFunction(VM& vm, PropertyName propertyName) { - materializePropertyMapIfNecessary(globalData); - if (!m_propertyTable) + DeferGC deferGC(vm.heap); + materializePropertyMapIfNecessary(vm, deferGC); + if (!propertyTable()) return false; - ASSERT(!propertyName.isNull()); - PropertyMapEntry* entry = m_propertyTable->find(propertyName.impl()).first; + PropertyMapEntry* entry = propertyTable()->get(propertyName.uid()); if (!entry) return false; @@ -674,89 +927,86 @@ bool Structure::despecifyFunction(JSGlobalData& globalData, const Identifier& pr return true; } -void Structure::despecifyAllFunctions(JSGlobalData& globalData) +void Structure::despecifyAllFunctions(VM& vm) { - materializePropertyMapIfNecessary(globalData); - if (!m_propertyTable) + DeferGC deferGC(vm.heap); + materializePropertyMapIfNecessary(vm, deferGC); + if (!propertyTable()) return; - PropertyTable::iterator end = m_propertyTable->end(); - for (PropertyTable::iterator iter = m_propertyTable->begin(); iter != end; ++iter) + PropertyTable::iterator end = propertyTable()->end(); + for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter) iter->specificValue.clear(); } -size_t Structure::putSpecificValue(JSGlobalData& globalData, const Identifier& propertyName, unsigned attributes, JSCell* specificValue) +PropertyOffset Structure::putSpecificValue(VM& vm, PropertyName propertyName, unsigned attributes, JSCell* specificValue) { - ASSERT(!propertyName.isNull()); - ASSERT(get(globalData, propertyName) == notFound); + GCSafeConcurrentJITLocker locker(m_lock, vm.heap); + + ASSERT(!JSC::isValidOffset(get(vm, propertyName))); checkConsistency(); if (attributes & DontEnum) m_hasNonEnumerableProperties = true; - StringImpl* rep = propertyName.impl(); - - if (!m_propertyTable) - createPropertyMap(); - - unsigned newOffset; + StringImpl* rep = propertyName.uid(); - if (m_propertyTable->hasDeletedOffset()) - newOffset = m_propertyTable->getDeletedOffset(); - else - newOffset = m_propertyTable->size(); + if (!propertyTable()) + createPropertyMap(locker, vm); - m_propertyTable->add(PropertyMapEntry(globalData, this, rep, newOffset, attributes, specificValue)); + PropertyOffset newOffset = propertyTable()->nextOffset(m_inlineCapacity); + propertyTable()->add(PropertyMapEntry(vm, propertyTable().get(), rep, newOffset, attributes, specificValue), m_offset, PropertyTable::PropertyOffsetMayChange); + checkConsistency(); return newOffset; } -size_t Structure::remove(const Identifier& propertyName) +PropertyOffset Structure::remove(PropertyName propertyName) { - ASSERT(!propertyName.isNull()); - + ConcurrentJITLocker locker(m_lock); + checkConsistency(); - StringImpl* rep = propertyName.impl(); + StringImpl* rep = propertyName.uid(); - if (!m_propertyTable) - return notFound; + if (!propertyTable()) + return invalidOffset; - PropertyTable::find_iterator position = m_propertyTable->find(rep); + PropertyTable::find_iterator position = propertyTable()->find(rep); if (!position.first) - return notFound; + return invalidOffset; - size_t offset = position.first->offset; + PropertyOffset offset = position.first->offset; - m_propertyTable->remove(position); - m_propertyTable->addDeletedOffset(offset); + propertyTable()->remove(position); + propertyTable()->addDeletedOffset(offset); checkConsistency(); return offset; } -void Structure::createPropertyMap(unsigned capacity) +void Structure::createPropertyMap(const GCSafeConcurrentJITLocker&, VM& vm, unsigned capacity) { - ASSERT(!m_propertyTable); + ASSERT(!propertyTable()); checkConsistency(); - m_propertyTable = adoptPtr(new PropertyTable(capacity)); - checkConsistency(); + propertyTable().set(vm, this, PropertyTable::create(vm, capacity)); } -void Structure::getPropertyNamesFromStructure(JSGlobalData& globalData, PropertyNameArray& propertyNames, EnumerationMode mode) +void Structure::getPropertyNamesFromStructure(VM& vm, PropertyNameArray& propertyNames, EnumerationMode mode) { - materializePropertyMapIfNecessary(globalData); - if (!m_propertyTable) + DeferGC deferGC(vm.heap); + materializePropertyMapIfNecessary(vm, deferGC); + if (!propertyTable()) return; bool knownUnique = !propertyNames.size(); - PropertyTable::iterator end = m_propertyTable->end(); - for (PropertyTable::iterator iter = m_propertyTable->begin(); iter != end; ++iter) { + PropertyTable::iterator end = propertyTable()->end(); + for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter) { ASSERT(m_hasNonEnumerableProperties || !(iter->attributes & DontEnum)); - if (!(iter->attributes & DontEnum) || (mode == IncludeDontEnumProperties)) { + if (!iter->key->isEmptyUnique() && (!(iter->attributes & DontEnum) || mode == IncludeDontEnumProperties)) { if (knownUnique) propertyNames.addKnownUnique(iter->key); else @@ -765,43 +1015,130 @@ void Structure::getPropertyNamesFromStructure(JSGlobalData& globalData, Property } } +JSValue Structure::prototypeForLookup(CodeBlock* codeBlock) const +{ + return prototypeForLookup(codeBlock->globalObject()); +} + void Structure::visitChildren(JSCell* cell, SlotVisitor& visitor) { Structure* thisObject = jsCast(cell); - ASSERT_GC_OBJECT_INHERITS(thisObject, &s_info); + ASSERT_GC_OBJECT_INHERITS(thisObject, info()); ASSERT(thisObject->structure()->typeInfo().overridesVisitChildren()); + JSCell::visitChildren(thisObject, visitor); - if (thisObject->m_globalObject) - visitor.append(&thisObject->m_globalObject); + visitor.append(&thisObject->m_globalObject); if (!thisObject->isObject()) thisObject->m_cachedPrototypeChain.clear(); else { - if (thisObject->m_prototype) - visitor.append(&thisObject->m_prototype); - if (thisObject->m_cachedPrototypeChain) - visitor.append(&thisObject->m_cachedPrototypeChain); - } - if (thisObject->m_previous) - visitor.append(&thisObject->m_previous); - if (thisObject->m_specificValueInPrevious) - visitor.append(&thisObject->m_specificValueInPrevious); - if (thisObject->m_enumerationCache) - visitor.append(&thisObject->m_enumerationCache); - if (thisObject->m_propertyTable) { - PropertyTable::iterator end = thisObject->m_propertyTable->end(); - for (PropertyTable::iterator ptr = thisObject->m_propertyTable->begin(); ptr != end; ++ptr) { - if (ptr->specificValue) - visitor.append(&ptr->specificValue); + visitor.append(&thisObject->m_prototype); + visitor.append(&thisObject->m_cachedPrototypeChain); + } + visitor.append(&thisObject->m_previousOrRareData); + visitor.append(&thisObject->m_specificValueInPrevious); + + if (thisObject->m_isPinnedPropertyTable) { + ASSERT(thisObject->m_propertyTableUnsafe); + visitor.append(&thisObject->m_propertyTableUnsafe); + } else if (thisObject->m_propertyTableUnsafe) + thisObject->m_propertyTableUnsafe.clear(); +} + +bool Structure::prototypeChainMayInterceptStoreTo(VM& vm, PropertyName propertyName) +{ + unsigned i = propertyName.asIndex(); + if (i != PropertyName::NotAnIndex) + return anyObjectInChainMayInterceptIndexedAccesses(); + + for (Structure* current = this; ;) { + JSValue prototype = current->storedPrototype(); + if (prototype.isNull()) + return false; + + current = prototype.asCell()->structure(vm); + + unsigned attributes; + JSCell* specificValue; + PropertyOffset offset = current->get(vm, propertyName, attributes, specificValue); + if (!JSC::isValidOffset(offset)) + continue; + + if (attributes & (ReadOnly | Accessor)) + return true; + + return false; + } +} + +void Structure::dump(PrintStream& out) const +{ + out.print(RawPointer(this), ":[", classInfo()->className, ", {"); + + Vector structures; + Structure* structure; + PropertyTable* table; + + const_cast(this)->findStructuresAndMapForMaterialization( + structures, structure, table); + + CommaPrinter comma; + + if (table) { + PropertyTable::iterator iter = table->begin(); + PropertyTable::iterator end = table->end(); + for (; iter != end; ++iter) { + out.print(comma, iter->key, ":", static_cast(iter->offset)); + if (iter->specificValue) { + DumpContext dummyContext; + out.print("=>", RawPointer(iter->specificValue.get())); + } } + + structure->m_lock.unlock(); } - if (thisObject->m_objectToStringValue) - visitor.append(&thisObject->m_objectToStringValue); + + for (unsigned i = structures.size(); i--;) { + Structure* structure = structures[i]; + if (!structure->m_nameInPrevious) + continue; + out.print(comma, structure->m_nameInPrevious.get(), ":", static_cast(structure->m_offset)); + if (structure->m_specificValueInPrevious) { + DumpContext dummyContext; + out.print("=>", RawPointer(structure->m_specificValueInPrevious.get())); + } + } + + out.print("}, ", IndexingTypeDump(indexingType())); + + if (m_prototype.get().isCell()) + out.print(", Proto:", RawPointer(m_prototype.get().asCell())); + + out.print("]"); +} + +void Structure::dumpInContext(PrintStream& out, DumpContext* context) const +{ + if (context) + context->structures.dumpBrief(this, out); + else + dump(out); +} + +void Structure::dumpBrief(PrintStream& out, const CString& string) const +{ + out.print("%", string, ":", classInfo()->className); +} + +void Structure::dumpContextHeader(PrintStream& out) +{ + out.print("Structures:"); } #if DO_PROPERTYMAP_CONSTENCY_CHECK void PropertyTable::checkConsistency() { + checkOffsetConsistency(); ASSERT(m_indexSize >= PropertyTable::MinimumTableSize); ASSERT(m_indexMask); ASSERT(m_indexSize == m_indexMask + 1); @@ -859,19 +1196,30 @@ void PropertyTable::checkConsistency() void Structure::checkConsistency() { - if (!m_propertyTable) + if (!propertyTable()) return; if (!m_hasNonEnumerableProperties) { - PropertyTable::iterator end = m_propertyTable->end(); - for (PropertyTable::iterator iter = m_propertyTable->begin(); iter != end; ++iter) { + PropertyTable::iterator end = propertyTable()->end(); + for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter) { ASSERT(!(iter->attributes & DontEnum)); } } - m_propertyTable->checkConsistency(); + propertyTable()->checkConsistency(); } #endif // DO_PROPERTYMAP_CONSTENCY_CHECK +bool ClassInfo::hasStaticSetterOrReadonlyProperties(VM& vm) const +{ + for (const ClassInfo* ci = this; ci; ci = ci->parentClass) { + if (const HashTable* table = ci->propHashTable(vm)) { + if (table->hasSetterOrReadonlyProperties) + return true; + } + } + return false; +} + } // namespace JSC