Context Navigation

← Previous Changeset
Next Changeset →

Changeset 233426 in webkit

Timestamp:

Jul 2, 2018, 10:51:21 AM (7 years ago)

Author:

mark.lam@apple.com

Message:

Builtins and host functions should get their own structures.
https://bugs.webkit.org/show_bug.cgi?id=187211
<rdar://problem/41646336>

Reviewed by Saam Barati.

JSTests:

stress/regress-187211.js: Added.

Source/JavaScriptCore:

JSFunctions do lazy reification of properties, but ordinary functions applies
different rules of property reification than builtin and host functions. Hence,
we should give builtins and host functions their own structures.

runtime/JSFunction.cpp:

(JSC::JSFunction::selectStructureForNewFuncExp):
(JSC::JSFunction::create):
(JSC::JSFunction::getOwnPropertySlot):

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):

runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::hostFunctionStructure const):
(JSC::JSGlobalObject::arrowFunctionStructure const):
(JSC::JSGlobalObject::sloppyFunctionStructure const):
(JSC::JSGlobalObject::strictFunctionStructure const):

Location:

trunk

Files:

: 1 added
: 5 edited

JSTests/ChangeLog (modified) (1 diff)
JSTests/stress/regress-187211.js (added)
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
Source/JavaScriptCore/runtime/JSFunction.cpp (modified) (4 diffs)
Source/JavaScriptCore/runtime/JSGlobalObject.cpp (modified) (2 diffs)
Source/JavaScriptCore/runtime/JSGlobalObject.h (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/JSTests/ChangeLog

-              r233377
+              r233426
+-06-30  Mark Lam  <mark.lam@apple.com>
+        Builtins and host functions should get their own structures.
+        https://bugs.webkit.org/show_bug.cgi?id=187211
+        <rdar://problem/41646336>
+        Reviewed by Saam Barati.
+        * stress/regress-187211.js: Added.
 -06-29  Saam Barati  <sbarati@apple.com>

trunk/Source/JavaScriptCore/ChangeLog

-              r233410
+              r233426
+-07-01  Mark Lam  <mark.lam@apple.com>
+        Builtins and host functions should get their own structures.
+        https://bugs.webkit.org/show_bug.cgi?id=187211
+        <rdar://problem/41646336>
+        Reviewed by Saam Barati.
+        JSFunctions do lazy reification of properties, but ordinary functions applies
+        different rules of property reification than builtin and host functions.  Hence,
+        we should give builtins and host functions their own structures.
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::selectStructureForNewFuncExp):
+        (JSC::JSFunction::create):
+        (JSC::JSFunction::getOwnPropertySlot):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::init):
+        (JSC::JSGlobalObject::visitChildren):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::hostFunctionStructure const):
+        (JSC::JSGlobalObject::arrowFunctionStructure const):
+        (JSC::JSGlobalObject::sloppyFunctionStructure const):
+        (JSC::JSGlobalObject::strictFunctionStructure const):
 -07-01  David Kilzer  <ddkilzer@apple.com>

trunk/Source/JavaScriptCore/runtime/JSFunction.cpp

-              r233122
+              r233426
  *  Copyright (C) 1999-2002 Harri Porten (porten@kde.org)
  *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
  *  Copyright (C) 2003-2009, 2015-2017 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003-2018 Apple Inc. All rights reserved.
  *  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
  *  Copyright (C) 2007 Maks Orlovich
 …
 Structure* JSFunction::selectStructureForNewFuncExp(JSGlobalObject* globalObject, FunctionExecutable* executable)
+{
+    ASSERT(!executable->isHostFunction());
+    bool isBuiltin = executable->isBuiltinFunction();
     if (executable->isArrowFunction())
         return globalObject->arrowFunctionStructure();
+        return globalObject->arrowFunctionStructure(isBuiltin);
     if (executable->isStrictMode())
         return globalObject->strictFunctionStructure();
     return globalObject->sloppyFunctionStructure();
+        return globalObject->strictFunctionStructure(isBuiltin);
+    return globalObject->sloppyFunctionStructure(isBuiltin);
+}
 …
+{
     NativeExecutable* executable = vm.getHostFunction(nativeFunction, intrinsic, nativeConstructor, signature, name);
     Structure* structure = globalObject->strictFunctionStructure();
+    Structure* structure = globalObject->hostFunctionStructure();
     JSFunction* function = new (NotNull, allocateCell<JSFunction>(vm.heap)) JSFunction(vm, globalObject, structure);
     // Can't do this during initialization because getHostFunction might do a GC allocation.
 …
         slot.setCacheableCustom(thisObject, PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum | PropertyAttribute::DontDelete, argumentsGetter);
         return true;
+    }
+    if (propertyName == vm.propertyNames->caller) {
+    } else if (propertyName == vm.propertyNames->caller) {
         if (!thisObject->jsExecutable()->hasCallerAndArgumentsProperties())
             return Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

-              r233245
+              r233426
     ExecState* exec = JSGlobalObject::globalExec();
+    m_strictFunctionStructure.set(vm, this, JSFunction::createStructure(vm, this, m_functionPrototype.get()));
+    m_sloppyFunctionStructure.set(vm, this, JSFunction::createStructure(vm, this, m_functionPrototype.get()));
+    m_arrowFunctionStructure.set(vm, this, JSFunction::createStructure(vm, this, m_functionPrototype.get()));
+    m_hostFunctionStructure.set(vm, this, JSFunction::createStructure(vm, this, m_functionPrototype.get()));
+    auto initFunctionStructures = [&] (FunctionStructures& structures) {
+        structures.strictFunctionStructure.set(vm, this, JSFunction::createStructure(vm, this, m_functionPrototype.get()));
+        structures.sloppyFunctionStructure.set(vm, this, JSFunction::createStructure(vm, this, m_functionPrototype.get()));
+        structures.arrowFunctionStructure.set(vm, this, JSFunction::createStructure(vm, this, m_functionPrototype.get()));
+    };
+    initFunctionStructures(m_builtinFunctions);
+    initFunctionStructures(m_ordinaryFunctions);
     m_customGetterSetterFunctionStructure.initLater(
         [] (const Initializer<Structure>& init) {
 …
     visitor.append(thisObject->m_errorStructure);
     visitor.append(thisObject->m_calleeStructure);
+    visitor.append(thisObject->m_strictFunctionStructure);
+    visitor.append(thisObject->m_sloppyFunctionStructure);
+    visitor.append(thisObject->m_arrowFunctionStructure);
+    visitor.append(thisObject->m_hostFunctionStructure);
+    auto visitFunctionStructures = [&] (FunctionStructures& structures) {
+        visitor.append(structures.arrowFunctionStructure);
+        visitor.append(structures.sloppyFunctionStructure);
+        visitor.append(structures.strictFunctionStructure);
+    };
+    visitFunctionStructures(thisObject->m_builtinFunctions);
+    visitFunctionStructures(thisObject->m_ordinaryFunctions);
     thisObject->m_customGetterSetterFunctionStructure.visit(visitor);
     thisObject->m_boundFunctionStructure.visit(visitor);

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

-              r232442
+              r233426
     WriteBarrier<Structure> m_nullPrototypeObjectStructure;
     WriteBarrier<Structure> m_calleeStructure;
+    WriteBarrier<Structure> m_strictFunctionStructure;
+    WriteBarrier<Structure> m_arrowFunctionStructure;
+    WriteBarrier<Structure> m_sloppyFunctionStructure;
+    WriteBarrier<Structure> m_hostFunctionStructure;
+    struct FunctionStructures {
+        WriteBarrier<Structure> arrowFunctionStructure;
+        WriteBarrier<Structure> sloppyFunctionStructure;
+        WriteBarrier<Structure> strictFunctionStructure;
+    };
+    FunctionStructures m_builtinFunctions;
+    FunctionStructures m_ordinaryFunctions;
     LazyProperty<JSGlobalObject, Structure> m_boundFunctionStructure;
     LazyProperty<JSGlobalObject, Structure> m_customGetterSetterFunctionStructure;
 …
     Structure* errorStructure() const { return m_errorStructure.get(); }
     Structure* calleeStructure() const { return m_calleeStructure.get(); }
+    Structure* strictFunctionStructure() const { return m_strictFunctionStructure.get(); }
+    Structure* sloppyFunctionStructure() const { return m_sloppyFunctionStructure.get(); }
+    Structure* arrowFunctionStructure() const { return m_arrowFunctionStructure.get(); }
+    Structure* hostFunctionStructure() const { return m_hostFunctionStructure.get(); }
+    Structure* arrowFunctionStructure(bool isBuiltin) const
+    {
+        if (isBuiltin)
+            return m_builtinFunctions.arrowFunctionStructure.get();
+        return m_ordinaryFunctions.arrowFunctionStructure.get();
+    }
+    Structure* sloppyFunctionStructure(bool isBuiltin) const
+    {
+        if (isBuiltin)
+            return m_builtinFunctions.sloppyFunctionStructure.get();
+        return m_ordinaryFunctions.sloppyFunctionStructure.get();
+    }
+    Structure* strictFunctionStructure(bool isBuiltin) const
+    {
+        if (isBuiltin)
+            return m_builtinFunctions.strictFunctionStructure.get();
+        return m_ordinaryFunctions.strictFunctionStructure.get();
+    }
     Structure* boundFunctionStructure() const { return m_boundFunctionStructure.get(this); }
     Structure* customGetterSetterFunctionStructure() const { return m_customGetterSetterFunctionStructure.get(this); }

Note: See TracChangeset for help on using the changeset viewer.