Changeset 229362 in webkit


Ignore:
Timestamp:
Mar 7, 2018 9:18:49 AM (6 years ago)
Author:
Yusuke Suzuki
Message:

[JSC] Add more JSType based fast path for jsDynamicCast
https://bugs.webkit.org/show_bug.cgi?id=183403

Reviewed by Mark Lam.

We add more JSType based fast path for jsDynamicCast. Basically, we add miscellaneous JSTypes which
are used for jsDynamicCast in JSC, arguments types, and scope types.

We also add ClassInfo to JSScope and JSSegmentedVariableObject since they are used with jsDynamicCast.

  • jit/JITOperations.cpp:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::setUpCall):

  • runtime/ClonedArguments.h:

(JSC::ClonedArguments::specialsMaterialized const): Deleted.

  • runtime/DirectArguments.h:

(JSC::DirectArguments::subspaceFor): Deleted.
(JSC::DirectArguments::internalLength const): Deleted.
(JSC::DirectArguments::length const): Deleted.
(JSC::DirectArguments::isMappedArgument const): Deleted.
(JSC::DirectArguments::isMappedArgumentInDFG const): Deleted.
(JSC::DirectArguments::getIndexQuickly const): Deleted.
(JSC::DirectArguments::setIndexQuickly): Deleted.
(JSC::DirectArguments::callee): Deleted.
(JSC::DirectArguments::argument): Deleted.
(JSC::DirectArguments::overrodeThings const): Deleted.
(JSC::DirectArguments::initModifiedArgumentsDescriptorIfNecessary): Deleted.
(JSC::DirectArguments::setModifiedArgumentDescriptor): Deleted.
(JSC::DirectArguments::isModifiedArgumentDescriptor): Deleted.
(JSC::DirectArguments::offsetOfCallee): Deleted.
(JSC::DirectArguments::offsetOfLength): Deleted.
(JSC::DirectArguments::offsetOfMinCapacity): Deleted.
(JSC::DirectArguments::offsetOfMappedArguments): Deleted.
(JSC::DirectArguments::offsetOfModifiedArgumentsDescriptor): Deleted.
(JSC::DirectArguments::storageOffset): Deleted.
(JSC::DirectArguments::offsetOfSlot): Deleted.
(JSC::DirectArguments::allocationSize): Deleted.
(JSC::DirectArguments::storage): Deleted.

  • runtime/JSCast.h:
  • runtime/JSGlobalLexicalEnvironment.h:

(JSC::JSGlobalLexicalEnvironment::create): Deleted.
(JSC::JSGlobalLexicalEnvironment::isEmpty const): Deleted.
(JSC::JSGlobalLexicalEnvironment::createStructure): Deleted.
(JSC::JSGlobalLexicalEnvironment::JSGlobalLexicalEnvironment): Deleted.

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::finishCreation):

  • runtime/JSMap.h:

(JSC::isJSMap): Deleted.

  • runtime/JSModuleEnvironment.h:

(JSC::JSModuleEnvironment::create): Deleted.
(JSC::JSModuleEnvironment::createStructure): Deleted.
(JSC::JSModuleEnvironment::offsetOfModuleRecord): Deleted.
(JSC::JSModuleEnvironment::allocationSize): Deleted.
(JSC::JSModuleEnvironment::moduleRecord): Deleted.
(JSC::JSModuleEnvironment::moduleRecordSlot): Deleted.

  • runtime/JSObject.cpp:

(JSC::canDoFastPutDirectIndex):
(JSC::JSObject::defineOwnIndexedProperty):
(JSC::JSObject::putDirectIndexSlowOrBeyondVectorLength):

  • runtime/JSObject.h:

(JSC::JSFinalObject::allocationSize): Deleted.
(JSC::JSFinalObject::typeInfo): Deleted.
(JSC::JSFinalObject::defaultInlineCapacity): Deleted.
(JSC::JSFinalObject::maxInlineCapacity): Deleted.
(JSC::JSFinalObject::createStructure): Deleted.
(JSC::JSFinalObject::finishCreation): Deleted.
(JSC::JSFinalObject::JSFinalObject): Deleted.
(JSC::isJSFinalObject): Deleted.

  • runtime/JSScope.cpp:
  • runtime/JSScope.h:
  • runtime/JSSegmentedVariableObject.cpp:
  • runtime/JSSegmentedVariableObject.h:
  • runtime/JSSet.h:

(JSC::isJSSet): Deleted.

  • runtime/JSType.h:
  • runtime/JSWeakMap.h:

(JSC::isJSWeakMap): Deleted.

  • runtime/JSWeakSet.h:

(JSC::isJSWeakSet): Deleted.

  • runtime/JSWithScope.h:

(JSC::JSWithScope::object): Deleted.

  • runtime/MapConstructor.cpp:

(JSC::constructMap):
(JSC::mapPrivateFuncMapBucketHead):

  • runtime/MapPrototype.cpp:

(JSC::getMap):

  • runtime/NumberObject.cpp:

(JSC::NumberObject::finishCreation):

  • runtime/NumberPrototype.cpp:

(JSC::toThisNumber):
(JSC::numberProtoFuncToExponential):
(JSC::numberProtoFuncToFixed):
(JSC::numberProtoFuncToPrecision):
(JSC::numberProtoFuncToString):
(JSC::numberProtoFuncToLocaleString):
(JSC::numberProtoFuncValueOf):

  • runtime/ObjectConstructor.cpp:

(JSC::objectConstructorSeal):
(JSC::objectConstructorFreeze):
(JSC::objectConstructorIsSealed):
(JSC::objectConstructorIsFrozen):

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::finishCreation):

  • runtime/ScopedArguments.h:

(JSC::ScopedArguments::subspaceFor): Deleted.
(JSC::ScopedArguments::internalLength const): Deleted.
(JSC::ScopedArguments::length const): Deleted.
(JSC::ScopedArguments::isMappedArgument const): Deleted.
(JSC::ScopedArguments::isMappedArgumentInDFG const): Deleted.
(JSC::ScopedArguments::getIndexQuickly const): Deleted.
(JSC::ScopedArguments::setIndexQuickly): Deleted.
(JSC::ScopedArguments::callee): Deleted.
(JSC::ScopedArguments::overrodeThings const): Deleted.
(JSC::ScopedArguments::initModifiedArgumentsDescriptorIfNecessary): Deleted.
(JSC::ScopedArguments::setModifiedArgumentDescriptor): Deleted.
(JSC::ScopedArguments::isModifiedArgumentDescriptor): Deleted.
(JSC::ScopedArguments::offsetOfOverrodeThings): Deleted.
(JSC::ScopedArguments::offsetOfTotalLength): Deleted.
(JSC::ScopedArguments::offsetOfTable): Deleted.
(JSC::ScopedArguments::offsetOfScope): Deleted.
(JSC::ScopedArguments::overflowStorageOffset): Deleted.
(JSC::ScopedArguments::allocationSize): Deleted.
(JSC::ScopedArguments::overflowStorage const): Deleted.

  • runtime/SetConstructor.cpp:

(JSC::constructSet):
(JSC::setPrivateFuncSetBucketHead):

  • runtime/SetPrototype.cpp:

(JSC::getSet):

  • runtime/StrictEvalActivation.h:

(JSC::StrictEvalActivation::create): Deleted.
(JSC::StrictEvalActivation::createStructure): Deleted.

  • runtime/WeakMapPrototype.cpp:

(JSC::getWeakMap):

  • runtime/WeakSetPrototype.cpp:

(JSC::getWeakSet):

Location:
trunk/Source/JavaScriptCore
Files:
33 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r229356 r229362  
     12018-03-07  Yusuke Suzuki  <utatane.tea@gmail.com>
     2
     3        [JSC] Add more JSType based fast path for jsDynamicCast
     4        https://bugs.webkit.org/show_bug.cgi?id=183403
     5
     6        Reviewed by Mark Lam.
     7
     8        We add more JSType based fast path for jsDynamicCast. Basically, we add miscellaneous JSTypes which
     9        are used for jsDynamicCast in JSC, arguments types, and scope types.
     10
     11        We also add ClassInfo to JSScope and JSSegmentedVariableObject since they are used with jsDynamicCast.
     12
     13        * jit/JITOperations.cpp:
     14        * llint/LLIntSlowPaths.cpp:
     15        (JSC::LLInt::setUpCall):
     16        * runtime/ClonedArguments.h:
     17        (JSC::ClonedArguments::specialsMaterialized const): Deleted.
     18        * runtime/DirectArguments.h:
     19        (JSC::DirectArguments::subspaceFor): Deleted.
     20        (JSC::DirectArguments::internalLength const): Deleted.
     21        (JSC::DirectArguments::length const): Deleted.
     22        (JSC::DirectArguments::isMappedArgument const): Deleted.
     23        (JSC::DirectArguments::isMappedArgumentInDFG const): Deleted.
     24        (JSC::DirectArguments::getIndexQuickly const): Deleted.
     25        (JSC::DirectArguments::setIndexQuickly): Deleted.
     26        (JSC::DirectArguments::callee): Deleted.
     27        (JSC::DirectArguments::argument): Deleted.
     28        (JSC::DirectArguments::overrodeThings const): Deleted.
     29        (JSC::DirectArguments::initModifiedArgumentsDescriptorIfNecessary): Deleted.
     30        (JSC::DirectArguments::setModifiedArgumentDescriptor): Deleted.
     31        (JSC::DirectArguments::isModifiedArgumentDescriptor): Deleted.
     32        (JSC::DirectArguments::offsetOfCallee): Deleted.
     33        (JSC::DirectArguments::offsetOfLength): Deleted.
     34        (JSC::DirectArguments::offsetOfMinCapacity): Deleted.
     35        (JSC::DirectArguments::offsetOfMappedArguments): Deleted.
     36        (JSC::DirectArguments::offsetOfModifiedArgumentsDescriptor): Deleted.
     37        (JSC::DirectArguments::storageOffset): Deleted.
     38        (JSC::DirectArguments::offsetOfSlot): Deleted.
     39        (JSC::DirectArguments::allocationSize): Deleted.
     40        (JSC::DirectArguments::storage): Deleted.
     41        * runtime/JSCast.h:
     42        * runtime/JSGlobalLexicalEnvironment.h:
     43        (JSC::JSGlobalLexicalEnvironment::create): Deleted.
     44        (JSC::JSGlobalLexicalEnvironment::isEmpty const): Deleted.
     45        (JSC::JSGlobalLexicalEnvironment::createStructure): Deleted.
     46        (JSC::JSGlobalLexicalEnvironment::JSGlobalLexicalEnvironment): Deleted.
     47        * runtime/JSGlobalObject.cpp:
     48        (JSC::JSGlobalObject::finishCreation):
     49        * runtime/JSMap.h:
     50        (JSC::isJSMap): Deleted.
     51        * runtime/JSModuleEnvironment.h:
     52        (JSC::JSModuleEnvironment::create): Deleted.
     53        (JSC::JSModuleEnvironment::createStructure): Deleted.
     54        (JSC::JSModuleEnvironment::offsetOfModuleRecord): Deleted.
     55        (JSC::JSModuleEnvironment::allocationSize): Deleted.
     56        (JSC::JSModuleEnvironment::moduleRecord): Deleted.
     57        (JSC::JSModuleEnvironment::moduleRecordSlot): Deleted.
     58        * runtime/JSObject.cpp:
     59        (JSC::canDoFastPutDirectIndex):
     60        (JSC::JSObject::defineOwnIndexedProperty):
     61        (JSC::JSObject::putDirectIndexSlowOrBeyondVectorLength):
     62        * runtime/JSObject.h:
     63        (JSC::JSFinalObject::allocationSize): Deleted.
     64        (JSC::JSFinalObject::typeInfo): Deleted.
     65        (JSC::JSFinalObject::defaultInlineCapacity): Deleted.
     66        (JSC::JSFinalObject::maxInlineCapacity): Deleted.
     67        (JSC::JSFinalObject::createStructure): Deleted.
     68        (JSC::JSFinalObject::finishCreation): Deleted.
     69        (JSC::JSFinalObject::JSFinalObject): Deleted.
     70        (JSC::isJSFinalObject): Deleted.
     71        * runtime/JSScope.cpp:
     72        * runtime/JSScope.h:
     73        * runtime/JSSegmentedVariableObject.cpp:
     74        * runtime/JSSegmentedVariableObject.h:
     75        * runtime/JSSet.h:
     76        (JSC::isJSSet): Deleted.
     77        * runtime/JSType.h:
     78        * runtime/JSWeakMap.h:
     79        (JSC::isJSWeakMap): Deleted.
     80        * runtime/JSWeakSet.h:
     81        (JSC::isJSWeakSet): Deleted.
     82        * runtime/JSWithScope.h:
     83        (JSC::JSWithScope::object): Deleted.
     84        * runtime/MapConstructor.cpp:
     85        (JSC::constructMap):
     86        (JSC::mapPrivateFuncMapBucketHead):
     87        * runtime/MapPrototype.cpp:
     88        (JSC::getMap):
     89        * runtime/NumberObject.cpp:
     90        (JSC::NumberObject::finishCreation):
     91        * runtime/NumberPrototype.cpp:
     92        (JSC::toThisNumber):
     93        (JSC::numberProtoFuncToExponential):
     94        (JSC::numberProtoFuncToFixed):
     95        (JSC::numberProtoFuncToPrecision):
     96        (JSC::numberProtoFuncToString):
     97        (JSC::numberProtoFuncToLocaleString):
     98        (JSC::numberProtoFuncValueOf):
     99        * runtime/ObjectConstructor.cpp:
     100        (JSC::objectConstructorSeal):
     101        (JSC::objectConstructorFreeze):
     102        (JSC::objectConstructorIsSealed):
     103        (JSC::objectConstructorIsFrozen):
     104        * runtime/ProxyObject.cpp:
     105        (JSC::ProxyObject::finishCreation):
     106        * runtime/ScopedArguments.h:
     107        (JSC::ScopedArguments::subspaceFor): Deleted.
     108        (JSC::ScopedArguments::internalLength const): Deleted.
     109        (JSC::ScopedArguments::length const): Deleted.
     110        (JSC::ScopedArguments::isMappedArgument const): Deleted.
     111        (JSC::ScopedArguments::isMappedArgumentInDFG const): Deleted.
     112        (JSC::ScopedArguments::getIndexQuickly const): Deleted.
     113        (JSC::ScopedArguments::setIndexQuickly): Deleted.
     114        (JSC::ScopedArguments::callee): Deleted.
     115        (JSC::ScopedArguments::overrodeThings const): Deleted.
     116        (JSC::ScopedArguments::initModifiedArgumentsDescriptorIfNecessary): Deleted.
     117        (JSC::ScopedArguments::setModifiedArgumentDescriptor): Deleted.
     118        (JSC::ScopedArguments::isModifiedArgumentDescriptor): Deleted.
     119        (JSC::ScopedArguments::offsetOfOverrodeThings): Deleted.
     120        (JSC::ScopedArguments::offsetOfTotalLength): Deleted.
     121        (JSC::ScopedArguments::offsetOfTable): Deleted.
     122        (JSC::ScopedArguments::offsetOfScope): Deleted.
     123        (JSC::ScopedArguments::overflowStorageOffset): Deleted.
     124        (JSC::ScopedArguments::allocationSize): Deleted.
     125        (JSC::ScopedArguments::overflowStorage const): Deleted.
     126        * runtime/SetConstructor.cpp:
     127        (JSC::constructSet):
     128        (JSC::setPrivateFuncSetBucketHead):
     129        * runtime/SetPrototype.cpp:
     130        (JSC::getSet):
     131        * runtime/StrictEvalActivation.h:
     132        (JSC::StrictEvalActivation::create): Deleted.
     133        (JSC::StrictEvalActivation::createStructure): Deleted.
     134        * runtime/WeakMapPrototype.cpp:
     135        (JSC::getWeakMap):
     136        * runtime/WeakSetPrototype.cpp:
     137        (JSC::getWeakSet):
     138
    11392018-03-07  Dominik Infuehr  <dinfuehr@igalia.com>
    2140

  • trunk/Source/JavaScriptCore/jit/JITOperations.cpp

    r228720 r229362  
    939939    JSCell* calleeAsFunctionCell = getJSFunction(calleeAsValue);
    940940    if (!calleeAsFunctionCell) {
    941         if (calleeAsValue.isCell() && calleeAsValue.asCell()->type() == InternalFunctionType) {
     941        if (auto* internalFunction = jsDynamicCast<InternalFunction*>(*vm, calleeAsValue)) {
    942942            MacroAssemblerCodePtr codePtr = vm->getCTIInternalFunctionTrampolineFor(kind);
    943943            RELEASE_ASSERT(!!codePtr);
     
    946946                callLinkInfo->setSeen();
    947947            else
    948                 linkFor(execCallee, *callLinkInfo, nullptr, asObject(calleeAsValue), codePtr);
     948                linkFor(execCallee, *callLinkInfo, nullptr, internalFunction, codePtr);
    949949
    950950            return encodeResult(codePtr.executableAddress(), reinterpret_cast<void*>(callLinkInfo->callMode() == CallMode::Tail ? ReuseTheFrame : KeepTheFrame));
     
    10611061    calleeAsFunctionCell = getJSFunction(calleeAsValue);
    10621062    if (UNLIKELY(!calleeAsFunctionCell)) {
    1063         if (calleeAsValue.isCell() && calleeAsValue.asCell()->type() == InternalFunctionType) {
     1063        if (jsDynamicCast<InternalFunction*>(*vm, calleeAsValue)) {
    10641064            MacroAssemblerCodePtr codePtr = vm->getCTIInternalFunctionTrampolineFor(kind);
    10651065            ASSERT(!!codePtr);

  • trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

    r229354 r229362  
    13741374    JSCell* calleeAsFunctionCell = getJSFunction(calleeAsValue);
    13751375    if (!calleeAsFunctionCell) {
    1376         if (calleeAsValue.isCell() && calleeAsValue.asCell()->type() == InternalFunctionType) {
    1377             auto* internalFunction = jsCast<InternalFunction*>(calleeAsValue.asCell());
     1376        if (auto* internalFunction = jsDynamicCast<InternalFunction*>(vm, calleeAsValue)) {
    13781377            MacroAssemblerCodePtr codePtr = vm.getCTIInternalFunctionTrampolineFor(kind);
    13791378            ASSERT(!!codePtr);

  • trunk/Source/JavaScriptCore/runtime/ClonedArguments.h

    r208377 r229362  
    3838// the object claim to be "Arguments" from a toString standpoint, and to avoid materializing the
    3939// caller/callee/@@iterator properties unless someone asks for them.
    40 class ClonedArguments : public JSNonFinalObject {
     40class ClonedArguments final : public JSNonFinalObject {
    4141public:
    4242    typedef JSNonFinalObject Base;

  • trunk/Source/JavaScriptCore/runtime/DirectArguments.h

    r227643 r229362  
    4242// To speed allocation, this object will hold all of the arguments in-place. The arguments as well
    4343// as a table of flags saying which arguments were overridden.
    44 class DirectArguments : public GenericArguments<DirectArguments> {
     44class DirectArguments final : public GenericArguments<DirectArguments> {
    4545private:
    4646    DirectArguments(VM&, Structure*, unsigned length, unsigned capacity);

  • trunk/Source/JavaScriptCore/runtime/JSCast.h

    r228500 r229362  
    4949#define FOR_EACH_JS_DYNAMIC_CAST_JS_TYPE_OVERLOAD(macro) \
    5050    macro(JSObject, JSType::ObjectType, JSType::LastJSCObjectType) \
     51    macro(JSFinalObject, JSType::FinalObjectType, JSType::FinalObjectType) \
    5152    macro(JSFunction, JSType::JSFunctionType, JSType::JSFunctionType) \
    5253    macro(InternalFunction, JSType::InternalFunctionType, JSType::InternalFunctionType) \
    5354    macro(JSArray, JSType::ArrayType, JSType::DerivedArrayType) \
    5455    macro(JSArrayBufferView, FirstTypedArrayType, LastTypedArrayType) \
     56    macro(JSSet, JSType::JSSetType, JSType::JSSetType) \
     57    macro(JSMap, JSType::JSMapType, JSType::JSMapType) \
     58    macro(JSWeakSet, JSType::JSWeakSetType, JSType::JSWeakSetType) \
     59    macro(JSWeakMap, JSType::JSWeakMapType, JSType::JSWeakMapType) \
     60    macro(NumberObject, JSType::NumberObjectType, JSType::NumberObjectType) \
     61    macro(ProxyObject, JSType::ProxyObjectType, JSType::ProxyObjectType) \
     62    macro(DirectArguments, JSType::DirectArgumentsType, JSType::DirectArgumentsType) \
     63    macro(ScopedArguments, JSType::ScopedArgumentsType, JSType::ScopedArgumentsType) \
     64    macro(ClonedArguments, JSType::ClonedArgumentsType, JSType::ClonedArgumentsType) \
     65    macro(JSGlobalObject, JSType::GlobalObjectType, JSType::GlobalObjectType) \
     66    macro(JSGlobalLexicalEnvironment, JSType::GlobalLexicalEnvironmentType, JSType::GlobalLexicalEnvironmentType) \
     67    macro(JSSegmentedVariableObject, JSType::GlobalObjectType, JSType::GlobalLexicalEnvironmentType) \
     68    macro(JSModuleEnvironment, JSType::ModuleEnvironmentType, JSType::ModuleEnvironmentType) \
     69    macro(JSLexicalEnvironment, JSType::LexicalEnvironmentType, JSType::ModuleEnvironmentType) \
     70    macro(JSSymbolTableObject, JSType::GlobalObjectType, JSType::ModuleEnvironmentType) \
     71    macro(JSScope, JSType::GlobalObjectType, JSType::WithScopeType) \
    5572
    5673

  • trunk/Source/JavaScriptCore/runtime/JSGlobalLexicalEnvironment.h

    r222143 r229362  
    3030namespace JSC {
    3131
    32 class JSGlobalLexicalEnvironment : public JSSegmentedVariableObject {
     32class JSGlobalLexicalEnvironment final : public JSSegmentedVariableObject {
    3333
    3434public:
    35     typedef JSSegmentedVariableObject Base;
     35    using Base = JSSegmentedVariableObject;
    3636
    3737    static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot;

  • trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

    r229161 r229362  
    16001600    init(vm);
    16011601    setGlobalThis(vm, JSProxy::create(vm, JSProxy::createStructure(vm, this, getPrototypeDirect(vm), PureForwardingProxyType), this));
     1602    ASSERT(type() == GlobalObjectType);
    16021603}
    16031604
     
    16091610    init(vm);
    16101611    setGlobalThis(vm, thisValue);
     1612    ASSERT(type() == GlobalObjectType);
    16111613}
    16121614

  • trunk/Source/JavaScriptCore/runtime/JSMap.h

    r221110 r229362  
    6767};
    6868
    69 inline bool isJSMap(JSCell* from)
    70 {
    71     static_assert(std::is_final<JSMap>::value, "");
    72     return from->type() == JSMapType;
    73 }
    74 
    75 inline bool isJSMap(JSValue from)
    76 {
    77     static_assert(std::is_final<JSMap>::value, "");
    78     return from.isCell() && from.asCell()->type() == JSMapType;
    79 }
     69static_assert(std::is_final<JSMap>::value, "Required for JSType based casting");
    8070
    8171} // namespace JSC

  • trunk/Source/JavaScriptCore/runtime/JSModuleEnvironment.h

    r209123 r229362  
    3636class Register;
    3737
    38 class JSModuleEnvironment : public JSLexicalEnvironment {
     38class JSModuleEnvironment final : public JSLexicalEnvironment {
    3939    friend class JIT;
    4040    friend class LLIntOffsetsExtractor;
    4141public:
    42     typedef JSLexicalEnvironment Base;
     42    using Base = JSLexicalEnvironment;
    4343    static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames;
    4444

  • trunk/Source/JavaScriptCore/runtime/JSObject.cpp

    r228576 r229362  
    24082408}
    24092409
    2410 ALWAYS_INLINE static bool canDoFastPutDirectIndex(JSObject* object)
     2410ALWAYS_INLINE static bool canDoFastPutDirectIndex(VM& vm, JSObject* object)
    24112411{
    24122412    return isJSArray(object)
    2413         || isJSFinalObject(object)
     2413        || jsDynamicCast<JSFinalObject*>(vm, object)
    24142414        || TypeInfo::isArgumentsType(object->type());
    24152415}
     
    24282428        // however if the property currently exists missing attributes will override from their current 'true'
    24292429        // state (i.e. defineOwnProperty could be used to set a value without needing to entering 'SparseMode').
    2430         if (!descriptor.attributes() && descriptor.value() && canDoFastPutDirectIndex(this)) {
     2430        if (!descriptor.attributes() && descriptor.value() && canDoFastPutDirectIndex(vm, this)) {
    24312431            ASSERT(!descriptor.isAccessorDescriptor());
    24322432            scope.release();
     
    28822882    VM& vm = exec->vm();
    28832883   
    2884     if (!canDoFastPutDirectIndex(this)) {
     2884    if (!canDoFastPutDirectIndex(vm, this)) {
    28852885        PropertyDescriptor descriptor;
    28862886        descriptor.setDescriptor(value, attributes);

  • trunk/Source/JavaScriptCore/runtime/JSObject.h

    r228552 r229362  
    10971097class JSFinalObject;
    10981098
    1099 // JSFinalObject is a type of JSObject that contains sufficent internal
    1100 // storage to fully make use of the colloctor cell containing it.
    1101 class JSFinalObject : public JSObject {
     1099// JSFinalObject is a type of JSObject that contains sufficient internal
     1100// storage to fully make use of the collector cell containing it.
     1101class JSFinalObject final : public JSObject {
    11021102    friend class JSObject;
    11031103
     
    11941194    finalObject->finishCreation(vm);
    11951195    return finalObject;
    1196 }
    1197 
    1198 inline bool isJSFinalObject(JSCell* cell)
    1199 {
    1200     return cell->type() == FinalObjectType;
    1201 }
    1202 
    1203 inline bool isJSFinalObject(JSValue value)
    1204 {
    1205     return value.isCell() && isJSFinalObject(value.asCell());
    12061196}
    12071197

  • trunk/Source/JavaScriptCore/runtime/JSScope.cpp

    r222143 r229362  
    4040STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE(JSScope);
    4141
     42const ClassInfo JSScope::s_info = { "Scope", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSScope) };
     43
    4244void JSScope::visitChildren(JSCell* cell, SlotVisitor& visitor)
    4345{

  • trunk/Source/JavaScriptCore/runtime/JSScope.h

    r222143 r229362  
    3838class JSScope : public JSNonFinalObject {
    3939public:
    40     typedef JSNonFinalObject Base;
     40    using Base = JSNonFinalObject;
    4141    static const unsigned StructureFlags = Base::StructureFlags | OverridesToThis;
     42
     43    DECLARE_EXPORT_INFO;
    4244
    4345    friend class LLIntOffsetsExtractor;

  • trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp

    r210912 r229362  
    3434
    3535namespace JSC {
     36
     37const ClassInfo JSSegmentedVariableObject::s_info = { "SegmentedVariableObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSSegmentedVariableObject) };
    3638
    3739ScopeOffset JSSegmentedVariableObject::findVariableIndex(void* variableAddress)

  • trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h

    r225632 r229362  
    5555
    5656public:
    57     typedef JSSymbolTableObject Base;
     57    using Base = JSSymbolTableObject;
     58
     59    DECLARE_INFO;
    5860
    5961    bool isValidScopeOffset(ScopeOffset offset)

  • trunk/Source/JavaScriptCore/runtime/JSSet.h

    r221110 r229362  
    7272};
    7373
    74 inline bool isJSSet(JSCell* from)
    75 {
    76     static_assert(std::is_final<JSSet>::value, "");
    77     return from->type() == JSSetType;
    78 }
    79 
    80 inline bool isJSSet(JSValue from)
    81 {
    82     static_assert(std::is_final<JSSet>::value, "");
    83     return from.isCell() && from.asCell()->type() == JSSetType;
    84 }
     74static_assert(std::is_final<JSSet>::value, "Required for JSType based casting");
    8575
    8676} // namespace JSC

  • trunk/Source/JavaScriptCore/runtime/JSType.h

    r228500 r229362  
    6262    PureForwardingProxyType,
    6363    ImpureProxyType,
    64     WithScopeType,
    6564    DirectArgumentsType,
    6665    ScopedArgumentsType,
     
    8786    GetterSetterType,
    8887
     88    // JSScope <- JSWithScope
     89    //         <- StrictEvalActivation
     90    //         <- JSSymbolTableObject  <- JSLexicalEnvironment      <- JSModuleEnvironment
     91    //                                 <- JSSegmentedVariableObject <- JSGlobalLexicalEnvironment
     92    //                                                              <- JSGlobalObject
     93    // Start JSScope types.
    8994    // Start environment record types.
    9095    GlobalObjectType,
     96    GlobalLexicalEnvironmentType,
    9197    LexicalEnvironmentType,
    92     GlobalLexicalEnvironmentType,
    9398    ModuleEnvironmentType,
    9499    StrictEvalActivationType,
    95100    // End environment record types.
     101    WithScopeType,
     102    // End JSScope types.
    96103
    97104    RegExpObjectType,

  • trunk/Source/JavaScriptCore/runtime/JSWeakMap.h

    r225832 r229362  
    6363};
    6464
    65 inline bool isJSWeakMap(JSCell* from)
    66 {
    67     static_assert(std::is_final<JSWeakMap>::value, "");
    68     return from->type() == JSWeakMapType;
    69 }
    70 
    71 inline bool isJSWeakMap(JSValue from)
    72 {
    73     static_assert(std::is_final<JSWeakMap>::value, "");
    74     return from.isCell() && from.asCell()->type() == JSWeakMapType;
    75 }
     65static_assert(std::is_final<JSWeakMap>::value, "Required for JSType based casting");
    7666
    7767} // namespace JSC

  • trunk/Source/JavaScriptCore/runtime/JSWeakSet.h

    r225832 r229362  
    5858};
    5959
    60 inline bool isJSWeakSet(JSCell* from)
    61 {
    62     static_assert(std::is_final<JSWeakSet>::value, "");
    63     return from->type() == JSWeakSetType;
    64 }
    65 
    66 inline bool isJSWeakSet(JSValue from)
    67 {
    68     static_assert(std::is_final<JSWeakSet>::value, "");
    69     return from.isCell() && from.asCell()->type() == JSWeakSetType;
    70 }
     60static_assert(std::is_final<JSWeakSet>::value, "Required for JSType based casting");
    7161
    7262} // namespace JSC

  • trunk/Source/JavaScriptCore/runtime/JSWithScope.h

    r220778 r229362  
    3030namespace JSC {
    3131
    32 class JSWithScope : public JSScope {
     32class JSWithScope final : public JSScope {
    3333public:
    34     typedef JSScope Base;
     34    using Base = JSScope;
    3535
    3636    JS_EXPORT_PRIVATE static JSWithScope* create(VM&, JSGlobalObject*, JSScope* next, JSObject*);

  • trunk/Source/JavaScriptCore/runtime/MapConstructor.cpp

    r224487 r229362  
    7878    }
    7979
    80     if (isJSMap(iterable)) {
    81         JSMap* iterableMap = jsCast<JSMap*>(iterable);
     80    if (auto* iterableMap = jsDynamicCast<JSMap*>(vm, iterable)) {
    8281        if (iterableMap->canCloneFastAndNonObservable(mapStructure)) {
    8382            scope.release();
     
    124123EncodedJSValue JSC_HOST_CALL mapPrivateFuncMapBucketHead(ExecState* exec)
    125124{
    126     ASSERT(isJSMap(exec->argument(0)));
     125    ASSERT(jsDynamicCast<JSMap*>(exec->vm(), exec->argument(0)));
    127126    JSMap* map = jsCast<JSMap*>(exec->uncheckedArgument(0));
    128127    auto* head = map->head();

  • trunk/Source/JavaScriptCore/runtime/MapPrototype.cpp

    r225072 r229362  
    9090    }
    9191
    92     if (LIKELY(thisValue.asCell()->type() == JSMapType))
    93         return jsCast<JSMap*>(thisValue);
     92    auto* map = jsDynamicCast<JSMap*>(vm, thisValue.asCell());
     93    if (LIKELY(map))
     94        return map;
    9495    throwTypeError(callFrame, scope, ASCIILiteral("Map operation called on non-Map object"));
    9596    return nullptr;

  • trunk/Source/JavaScriptCore/runtime/NumberObject.cpp

    r217108 r229362  
    4242    Base::finishCreation(vm);
    4343    ASSERT(inherits(vm, info()));
     44    ASSERT(type() == NumberObjectType);
    4445}
    4546

  • trunk/Source/JavaScriptCore/runtime/NumberPrototype.cpp

    r227716 r229362  
    9090// ------------------------------ Functions ---------------------------
    9191
    92 static ALWAYS_INLINE bool toThisNumber(JSValue thisValue, double& x)
     92static ALWAYS_INLINE bool toThisNumber(VM& vm, JSValue thisValue, double& x)
    9393{
    9494    if (thisValue.isInt32()) {
     
    101101        return true;
    102102    }
    103    
    104     if (thisValue.isCell() && thisValue.asCell()->type() == NumberObjectType) {
    105         x = static_cast<const NumberObject*>(thisValue.asCell())->internalValue().asNumber();
     103
     104    if (auto* numberObject = jsDynamicCast<NumberObject*>(vm, thisValue)) {
     105        x = numberObject->internalValue().asNumber();
    106106        return true;
    107107    }
     
    408408
    409409    double x;
    410     if (!toThisNumber(exec->thisValue(), x))
     410    if (!toThisNumber(vm, exec->thisValue(), x))
    411411        return throwVMTypeError(exec, scope);
    412412
     
    445445
    446446    double x;
    447     if (!toThisNumber(exec->thisValue(), x))
     447    if (!toThisNumber(vm, exec->thisValue(), x))
    448448        return throwVMTypeError(exec, scope);
    449449
     
    483483
    484484    double x;
    485     if (!toThisNumber(exec->thisValue(), x))
     485    if (!toThisNumber(vm, exec->thisValue(), x))
    486486        return throwVMTypeError(exec, scope);
    487487
     
    581581
    582582    double doubleValue;
    583     if (!toThisNumber(state->thisValue(), doubleValue))
     583    if (!toThisNumber(vm, state->thisValue(), doubleValue))
    584584        return throwVMTypeError(state, scope);
    585585
     
    596596
    597597    double x;
    598     if (!toThisNumber(exec->thisValue(), x))
     598    if (!toThisNumber(vm, exec->thisValue(), x))
    599599        return throwVMTypeError(exec, scope);
    600600
     
    609609    double x;
    610610    JSValue thisValue = exec->thisValue();
    611     if (!toThisNumber(thisValue, x))
     611    if (!toThisNumber(vm, thisValue, x))
    612612        return throwVMTypeError(exec, scope, WTF::makeString("thisNumberValue called on incompatible ", asString(jsTypeStringForValue(exec, thisValue))->value(exec)));
    613613    return JSValue::encode(jsNumber(x));

  • trunk/Source/JavaScriptCore/runtime/ObjectConstructor.cpp

    r224784 r229362  
    716716    JSObject* object = asObject(obj);
    717717
    718     if (isJSFinalObject(object) && !hasIndexedProperties(object->indexingType())) {
     718    if (jsDynamicCast<JSFinalObject*>(vm, object) && !hasIndexedProperties(object->indexingType())) {
    719719        object->seal(vm);
    720720        return JSValue::encode(obj);
     
    736736    auto scope = DECLARE_THROW_SCOPE(vm);
    737737
    738     if (isJSFinalObject(object) && !hasIndexedProperties(object->indexingType())) {
     738    if (jsDynamicCast<JSFinalObject*>(vm, object) && !hasIndexedProperties(object->indexingType())) {
    739739        object->freeze(vm);
    740740        return object;
     
    783783
    784784    // Quick check for final objects.
    785     if (isJSFinalObject(object) && !hasIndexedProperties(object->indexingType()))
     785    if (jsDynamicCast<JSFinalObject*>(vm, object) && !hasIndexedProperties(object->indexingType()))
    786786        return JSValue::encode(jsBoolean(object->isSealed(vm)));
    787787
     
    801801
    802802    // Quick check for final objects.
    803     if (isJSFinalObject(object) && !hasIndexedProperties(object->indexingType()))
     803    if (jsDynamicCast<JSFinalObject*>(vm, object) && !hasIndexedProperties(object->indexingType()))
    804804        return JSValue::encode(jsBoolean(object->isFrozen(vm)));
    805805

  • trunk/Source/JavaScriptCore/runtime/ProxyObject.cpp

    r224309 r229362  
    8888    auto scope = DECLARE_THROW_SCOPE(vm);
    8989    Base::finishCreation(vm);
     90    ASSERT(type() == ProxyObjectType);
    9091    if (!target.isObject()) {
    9192        throwTypeError(exec, scope, ASCIILiteral("A Proxy's 'target' should be an Object"));

  • trunk/Source/JavaScriptCore/runtime/ScopedArguments.h

    r225314 r229362  
    3737// table's ScopedArgumentsTable and the activation, or its overflow storage, to handle all indexed
    3838// lookups.
    39 class ScopedArguments : public GenericArguments<ScopedArguments> {
     39class ScopedArguments final : public GenericArguments<ScopedArguments> {
    4040private:
    4141    ScopedArguments(VM&, Structure*, unsigned totalLength);

  • trunk/Source/JavaScriptCore/runtime/SetConstructor.cpp

    r224487 r229362  
    7878    }
    7979
    80     if (isJSSet(iterable)) {
    81         JSSet* iterableSet = jsCast<JSSet*>(iterable);
     80    if (auto* iterableSet = jsDynamicCast<JSSet*>(vm, iterable)) {
    8281        if (iterableSet->canCloneFastAndNonObservable(setStructure)) {
    8382            scope.release();
     
    110109EncodedJSValue JSC_HOST_CALL setPrivateFuncSetBucketHead(ExecState* exec)
    111110{
    112     ASSERT(isJSSet(exec->argument(0)));
     111    ASSERT(jsDynamicCast<JSSet*>(exec->vm(), exec->argument(0)));
    113112    JSSet* set = jsCast<JSSet*>(exec->uncheckedArgument(0));
    114113    auto* head = set->head();

  • trunk/Source/JavaScriptCore/runtime/SetPrototype.cpp

    r225072 r229362  
    8787        return nullptr;
    8888    }
    89     if (LIKELY(thisValue.asCell()->type() == JSSetType))
    90         return jsCast<JSSet*>(thisValue);
     89    auto* set = jsDynamicCast<JSSet*>(vm, thisValue.asCell());
     90    if (LIKELY(set))
     91        return set;
    9192    throwTypeError(callFrame, scope, ASCIILiteral("Set operation called on non-Set object"));
    9293    return nullptr;

  • trunk/Source/JavaScriptCore/runtime/StrictEvalActivation.h

    r222143 r229362  
    3030namespace JSC {
    3131
    32 class StrictEvalActivation : public JSScope {
     32class StrictEvalActivation final : public JSScope {
    3333public:
    34     typedef JSScope Base;
    35     static const unsigned StructureFlags = Base::StructureFlags;
     34    using Base = JSScope;
    3635
    3736    static StrictEvalActivation* create(ExecState* exec, JSScope* currentScope)

  • trunk/Source/JavaScriptCore/runtime/WeakMapPrototype.cpp

    r227723 r229362  
    6363    }
    6464
    65     if (LIKELY(isJSWeakMap(asObject(value))))
    66         return jsCast<JSWeakMap*>(value);
     65    auto* map = jsDynamicCast<JSWeakMap*>(vm, asObject(value));
     66    if (LIKELY(map))
     67        return map;
    6768
    6869    throwTypeError(callFrame, scope, WTF::ASCIILiteral("Called WeakMap function on a non-WeakMap object"));

  • trunk/Source/JavaScriptCore/runtime/WeakSetPrototype.cpp

    r227723 r229362  
    6161    }
    6262
    63     if (LIKELY(isJSWeakSet(asObject(value))))
    64         return jsCast<JSWeakSet*>(value);
     63    auto* set = jsDynamicCast<JSWeakSet*>(vm, asObject(value));
     64    if (LIKELY(set))
     65        return set;
    6566
    6667    throwTypeError(callFrame, scope, WTF::ASCIILiteral("Called WeakSet function on a non-WeakSet object"));
Note: See TracChangeset for help on using the changeset viewer.