Changeset 191150 in webkit
- Timestamp:
- Oct 15, 2015 4:41:01 PM (8 years ago)
- Location:
- tags/Safari-602.1.7/Source/JavaScriptCore
- Files:
-
- 3 deleted
- 54 edited
- 1 copied
Legend:
- Unmodified
- Added
- Removed
-
tags/Safari-602.1.7/Source/JavaScriptCore/CMakeLists.txt
r190896 r191150 169 169 dfg/DFGConstantFoldingPhase.cpp 170 170 dfg/DFGConstantHoistingPhase.cpp 171 dfg/DFGCopyBarrierOptimizationPhase.cpp172 171 dfg/DFGCriticalEdgeBreakingPhase.cpp 173 172 dfg/DFGDCEPhase.cpp -
tags/Safari-602.1.7/Source/JavaScriptCore/ChangeLog
r191149 r191150 1 2015-10-15 Babak Shafiei <bshafiei@apple.com> 2 3 Roll out r190896. 4 1 5 2015-10-15 Babak Shafiei <bshafiei@apple.com> 2 6 -
tags/Safari-602.1.7/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj
r190896 r191150 403 403 <ClCompile Include="..\dfg\DFGConstantFoldingPhase.cpp" /> 404 404 <ClCompile Include="..\dfg\DFGConstantHoistingPhase.cpp" /> 405 <ClCompile Include="..\dfg\DFGCopyBarrierOptimizationPhase.cpp" />406 405 <ClCompile Include="..\dfg\DFGCPSRethreadingPhase.cpp" /> 407 406 <ClCompile Include="..\dfg\DFGCriticalEdgeBreakingPhase.cpp" /> … … 1140 1139 <ClInclude Include="..\dfg\DFGConstantFoldingPhase.h" /> 1141 1140 <ClInclude Include="..\dfg\DFGConstantHoistingPhase.h" /> 1142 <ClInclude Include="..\dfg\DFGCopyBarrierOptimizationPhase.h" />1143 1141 <ClInclude Include="..\dfg\DFGCPSRethreadingPhase.h" /> 1144 1142 <ClInclude Include="..\dfg\DFGCriticalEdgeBreakingPhase.h" /> … … 1340 1338 <ClInclude Include="..\heap\CopiedSpace.h" /> 1341 1339 <ClInclude Include="..\heap\CopiedSpaceInlines.h" /> 1342 <ClInclude Include="..\heap\CopyBarrier.h" />1343 1340 <ClInclude Include="..\heap\CopyToken.h" /> 1344 1341 <ClInclude Include="..\heap\CopyVisitor.h" /> 1345 1342 <ClInclude Include="..\heap\CopyVisitorInlines.h" /> 1346 1343 <ClInclude Include="..\heap\CopyWorkList.h" /> 1344 <ClInclude Include="..\heap\CopyWriteBarrier.h" /> 1347 1345 <ClInclude Include="..\heap\DeferGC.h" /> 1348 1346 <ClInclude Include="..\heap\EdenGCActivityCallback.h" /> -
tags/Safari-602.1.7/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
r190896 r191150 87 87 0F05C3B41683CF9200BAF45B /* DFGArrayifySlowPathGenerator.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F05C3B21683CF8F00BAF45B /* DFGArrayifySlowPathGenerator.h */; }; 88 88 0F0776BF14FF002B00102332 /* JITCompilationEffort.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F0776BD14FF002800102332 /* JITCompilationEffort.h */; settings = {ATTRIBUTES = (Private, ); }; }; 89 0F0981F71BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F0981F51BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.cpp */; };90 0F0981F81BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F0981F61BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.h */; };91 89 0F0A75221B94BFA900110660 /* InferredType.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F0A75201B94BFA900110660 /* InferredType.cpp */; }; 92 90 0F0A75231B94BFA900110660 /* InferredType.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F0A75211B94BFA900110660 /* InferredType.h */; settings = {ATTRIBUTES = (Private, ); }; }; … … 411 409 0F7B294B14C3CD2F007C3DB1 /* DFGCapabilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FD82E1F14172C2F00179C94 /* DFGCapabilities.h */; }; 412 410 0F7B294D14C3CD4C007C3DB1 /* DFGCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FC0977E1469EBC400CF2442 /* DFGCommon.h */; settings = {ATTRIBUTES = (Private, ); }; }; 413 0F7C11AD1BC3862C00C74CDB /* CopyBarrier.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F7C11AC1BC3862C00C74CDB /* CopyBarrier.h */; settings = {ATTRIBUTES = (Private, ); }; };414 411 0F8023EA1613832B00A0BA45 /* ByValInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F8023E91613832300A0BA45 /* ByValInfo.h */; settings = {ATTRIBUTES = (Private, ); }; }; 415 412 0F8335B71639C1E6001443B5 /* ArrayAllocationProfile.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F8335B41639C1E3001443B5 /* ArrayAllocationProfile.cpp */; }; … … 938 935 2A4EC90B1860D6C20094F782 /* WriteBarrierBuffer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2A4EC9091860D6C20094F782 /* WriteBarrierBuffer.cpp */; }; 939 936 2A4EC90C1860D6C20094F782 /* WriteBarrierBuffer.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A4EC90A1860D6C20094F782 /* WriteBarrierBuffer.h */; settings = {ATTRIBUTES = (Private, ); }; }; 937 2A68295B1875F80500B6C3E2 /* CopyWriteBarrier.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A68295A1875F80500B6C3E2 /* CopyWriteBarrier.h */; settings = {ATTRIBUTES = (Private, ); }; }; 940 938 2A6F462617E959CE00C45C98 /* HeapOperation.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A6F462517E959CE00C45C98 /* HeapOperation.h */; settings = {ATTRIBUTES = (Private, ); }; }; 941 939 2A7A58EF1808A4C40020BDF7 /* DeferGC.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2A7A58EE1808A4C40020BDF7 /* DeferGC.cpp */; }; … … 1942 1940 0F05C3B21683CF8F00BAF45B /* DFGArrayifySlowPathGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGArrayifySlowPathGenerator.h; path = dfg/DFGArrayifySlowPathGenerator.h; sourceTree = "<group>"; }; 1943 1941 0F0776BD14FF002800102332 /* JITCompilationEffort.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITCompilationEffort.h; sourceTree = "<group>"; }; 1944 0F0981F51BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGCopyBarrierOptimizationPhase.cpp; path = dfg/DFGCopyBarrierOptimizationPhase.cpp; sourceTree = "<group>"; };1945 0F0981F61BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCopyBarrierOptimizationPhase.h; path = dfg/DFGCopyBarrierOptimizationPhase.h; sourceTree = "<group>"; };1946 1942 0F0A75201B94BFA900110660 /* InferredType.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = InferredType.cpp; sourceTree = "<group>"; }; 1947 1943 0F0A75211B94BFA900110660 /* InferredType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = InferredType.h; sourceTree = "<group>"; }; … … 2264 2260 0F79085319A290B200F6310C /* DFGStructureRegistrationPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGStructureRegistrationPhase.cpp; path = dfg/DFGStructureRegistrationPhase.cpp; sourceTree = "<group>"; }; 2265 2261 0F79085419A290B200F6310C /* DFGStructureRegistrationPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGStructureRegistrationPhase.h; path = dfg/DFGStructureRegistrationPhase.h; sourceTree = "<group>"; }; 2266 0F7C11AC1BC3862C00C74CDB /* CopyBarrier.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CopyBarrier.h; sourceTree = "<group>"; };2267 2262 0F8023E91613832300A0BA45 /* ByValInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ByValInfo.h; sourceTree = "<group>"; }; 2268 2263 0F8335B41639C1E3001443B5 /* ArrayAllocationProfile.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ArrayAllocationProfile.cpp; sourceTree = "<group>"; }; … … 2761 2756 2A4EC9091860D6C20094F782 /* WriteBarrierBuffer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WriteBarrierBuffer.cpp; sourceTree = "<group>"; }; 2762 2757 2A4EC90A1860D6C20094F782 /* WriteBarrierBuffer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WriteBarrierBuffer.h; sourceTree = "<group>"; }; 2758 2A68295A1875F80500B6C3E2 /* CopyWriteBarrier.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CopyWriteBarrier.h; sourceTree = "<group>"; }; 2763 2759 2A6F462517E959CE00C45C98 /* HeapOperation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HeapOperation.h; sourceTree = "<group>"; }; 2764 2760 2A7A58EE1808A4C40020BDF7 /* DeferGC.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DeferGC.cpp; sourceTree = "<group>"; }; … … 4255 4251 C2EAA3F8149A830800FCE112 /* CopiedSpace.h */, 4256 4252 C2C8D02B14A3C6B200578E65 /* CopiedSpaceInlines.h */, 4257 0F7C11AC1BC3862C00C74CDB /* CopyBarrier.h */,4258 4253 0F5A52CF17ADD717008ECB2D /* CopyToken.h */, 4259 4254 C2239D1216262BDD005AC5FD /* CopyVisitor.cpp */, … … 4261 4256 C2239D1416262BDD005AC5FD /* CopyVisitorInlines.h */, 4262 4257 C218D13F1655CFD50062BB81 /* CopyWorkList.h */, 4258 2A68295A1875F80500B6C3E2 /* CopyWriteBarrier.h */, 4263 4259 2A7A58EE1808A4C40020BDF7 /* DeferGC.cpp */, 4264 4260 0F136D4B174AD69B0075B354 /* DeferGC.h */, … … 5252 5248 0FED67B71B26256D0066CE15 /* DFGConstantHoistingPhase.cpp */, 5253 5249 0FED67B81B26256D0066CE15 /* DFGConstantHoistingPhase.h */, 5254 0F0981F51BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.cpp */,5255 0F0981F61BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.h */,5256 5250 0FBE0F6B16C1DB010082C5E8 /* DFGCPSRethreadingPhase.cpp */, 5257 5251 0FBE0F6C16C1DB010082C5E8 /* DFGCPSRethreadingPhase.h */, … … 6095 6089 C2239D1916262BDD005AC5FD /* CopyVisitorInlines.h in Headers */, 6096 6090 C218D1401655CFD50062BB81 /* CopyWorkList.h in Headers */, 6091 2A68295B1875F80500B6C3E2 /* CopyWriteBarrier.h in Headers */, 6097 6092 C4F4B6F41A05C944005CAB76 /* cpp_generator.py in Headers */, 6098 6093 C4F4B6F31A05C944005CAB76 /* cpp_generator_templates.py in Headers */, … … 6534 6529 0F5EF91F16878F7D003E5C25 /* JITThunks.h in Headers */, 6535 6530 0FC712E317CD8793008CC93C /* JITToDFGDeferredCompilationCallback.h in Headers */, 6536 0F0981F81BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.h in Headers */,6537 6531 A76F54A313B28AAB00EF2BCE /* JITWriteBarrier.h in Headers */, 6538 6532 840480131021A1D9008E7F01 /* JSAPIValueWrapper.h in Headers */, … … 6781 6775 BC18C4500E16F5CD00B34460 /* Profile.h in Headers */, 6782 6776 95CD45770E1C4FDD0085358E /* ProfileGenerator.h in Headers */, 6783 0F7C11AD1BC3862C00C74CDB /* CopyBarrier.h in Headers */,6784 6777 BC18C4510E16F5CD00B34460 /* ProfileNode.h in Headers */, 6785 6778 0FF729A5166AD351000F5BA3 /* ProfilerBytecode.h in Headers */, … … 8132 8125 2A4EC90B1860D6C20094F782 /* WriteBarrierBuffer.cpp in Sources */, 8133 8126 0FC8150B14043C0E00CFA603 /* WriteBarrierSupport.cpp in Sources */, 8134 0F0981F71BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.cpp in Sources */,8135 8127 A7E5AB3A1799E4B200D2833D /* X86Disassembler.cpp in Sources */, 8136 8128 863C6D9C1521111A00585E4E /* YarrCanonicalizeUCS2.cpp in Sources */, -
tags/Safari-602.1.7/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp
r191016 r191150 608 608 CCallHelpers::Address(baseForAccessGPR, JSObject::butterflyOffset()), 609 609 loadedValueGPR); 610 jit.removeSpaceBits(loadedValueGPR);611 610 storageGPR = loadedValueGPR; 612 611 } … … 895 894 } else { 896 895 jit.loadPtr(CCallHelpers::Address(baseGPR, JSObject::butterflyOffset()), scratchGPR); 897 state.failAndIgnore.append(jit.branchIfNotToSpace(scratchGPR));898 896 jit.storeValue( 899 897 valueRegs, … … 959 957 960 958 jit.loadPtr(CCallHelpers::Address(baseGPR, JSObject::butterflyOffset()), scratchGPR3); 961 slowPath.append(jit.branchIfNotToSpace(scratchGPR3));962 959 jit.loadPtr(&copiedAllocator->m_currentRemaining, scratchGPR); 963 960 slowPath.append( … … 1003 1000 offsetInInlineStorage(m_offset) * sizeof(JSValue))); 1004 1001 } else { 1005 if (!scratchGPRHasStorage) {1002 if (!scratchGPRHasStorage) 1006 1003 jit.loadPtr(CCallHelpers::Address(baseGPR, JSObject::butterflyOffset()), scratchGPR); 1007 state.failAndIgnore.append(jit.branchIfNotToSpace(scratchGPR));1008 }1009 1004 jit.storeValue( 1010 1005 valueRegs, … … 1093 1088 case ArrayLength: { 1094 1089 jit.loadPtr(CCallHelpers::Address(baseGPR, JSObject::butterflyOffset()), scratchGPR); 1095 jit.removeSpaceBits(scratchGPR);1096 1090 jit.load32(CCallHelpers::Address(scratchGPR, ArrayStorage::lengthOffset()), scratchGPR); 1097 1091 state.failAndIgnore.append( -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
r190896 r191150 1969 1969 break; 1970 1970 case GetButterfly: 1971 case GetButterflyReadOnly:1972 1971 case AllocatePropertyStorage: 1973 1972 case ReallocatePropertyStorage: -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp
r190896 r191150 193 193 194 194 case GetButterfly: 195 case GetButterflyReadOnly:196 195 // This barely works. The danger is that the GetButterfly is used by something that 197 196 // does something escaping to a candidate. Fortunately, the only butterfly-using ops -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGClobberize.h
r190896 r191150 732 732 def(HeapLocation(ButterflyLoc, JSObject_butterfly, node->child1()), LazyNode(node)); 733 733 return; 734 735 case GetButterflyReadOnly:736 // This rule is separate to prevent CSE of GetButterfly with GetButterflyReadOnly. But in reality,737 // this works because we don't introduce GetButterflyReadOnly until the bitter end of compilation.738 read(JSObject_butterfly);739 def(HeapLocation(ButterflyReadOnlyLoc, JSObject_butterfly, node->child1()), LazyNode(node));740 return;741 734 742 735 case Arrayify: -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGDoesGC.cpp
r190896 r191150 99 99 case GetExecutable: 100 100 case GetButterfly: 101 case GetButterflyReadOnly:102 101 case CheckArray: 103 102 case GetScope: -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
r190896 r191150 1066 1066 case CheckHasInstance: 1067 1067 case CreateThis: 1068 case GetButterfly: 1069 case GetButterflyReadOnly: { 1068 case GetButterfly: { 1070 1069 fixEdge<CellUse>(node->child1()); 1071 1070 break; -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGHeapLocation.cpp
r190896 r191150 93 93 return; 94 94 95 case ButterflyReadOnlyLoc:96 out.print("ButterflyReadOnlyLoc");97 return;98 99 95 case CheckHasInstanceLoc: 100 96 out.print("CheckHasInstanceLoc"); -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGHeapLocation.h
r190896 r191150 40 40 ArrayLengthLoc, 41 41 ButterflyLoc, 42 ButterflyReadOnlyLoc,43 42 CheckHasInstanceLoc, 44 43 ClosureVariableLoc, -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGLICMPhase.cpp
r190896 r191150 74 74 m_graph.m_dominators.computeIfNecessary(m_graph); 75 75 m_graph.m_naturalLoops.computeIfNecessary(m_graph); 76 77 if (verbose) {78 dataLog("Graph before LICM:\n");79 m_graph.dump();80 }81 76 82 77 m_data.resize(m_graph.m_naturalLoops.numLoops()); -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGNodeType.h
r190896 r191150 188 188 macro(ReallocatePropertyStorage, NodeMustGenerate | NodeResultStorage) \ 189 189 macro(GetButterfly, NodeResultStorage) \ 190 macro(GetButterflyReadOnly, NodeResultStorage) /* A node used to replace GetButterfly at the bitter end of compilation. */\191 190 macro(CheckArray, NodeMustGenerate) \ 192 191 macro(Arrayify, NodeMustGenerate) \ -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGOperations.cpp
r190896 r191150 644 644 return bitwise_cast<char*>(exec->vm().throwException(exec, createRangeError(exec, ASCIILiteral("Array size is not a small enough positive integer.")))); 645 645 646 JSArray* result = JSArray::create(*vm, arrayStructure, size); 647 result->butterfly(); // Ensure that the backing store is in to-space. 648 return bitwise_cast<char*>(result); 646 return bitwise_cast<char*>(JSArray::create(*vm, arrayStructure, size)); 649 647 } 650 648 … … 1177 1175 1178 1176 return exec->codeBlock()->stringSwitchJumpTable(tableIndex).offsetForValue(string->value(exec).impl(), std::numeric_limits<int32_t>::min()); 1179 }1180 1181 char* JIT_OPERATION operationGetButterfly(ExecState* exec, JSCell* cell)1182 {1183 VM& vm = exec->vm();1184 NativeCallFrameTracer tracer(&vm, exec);1185 1186 dataLog("Ran the barrier.\n");1187 1188 return bitwise_cast<char*>(jsCast<JSObject*>(cell)->butterfly());1189 }1190 1191 char* JIT_OPERATION operationGetArrayBufferVector(ExecState* exec, JSCell* cell)1192 {1193 VM& vm = exec->vm();1194 NativeCallFrameTracer tracer(&vm, exec);1195 1196 return bitwise_cast<char*>(jsCast<JSArrayBufferView*>(cell)->vector());1197 1177 } 1198 1178 -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGOperations.h
r190896 r191150 131 131 char* JIT_OPERATION operationSwitchString(ExecState*, size_t tableIndex, JSString*); 132 132 int32_t JIT_OPERATION operationSwitchStringAndGetBranchOffset(ExecState*, size_t tableIndex, JSString*); 133 char* JIT_OPERATION operationGetButterfly(ExecState*, JSCell*);134 char* JIT_OPERATION operationGetArrayBufferVector(ExecState*, JSCell*);135 133 void JIT_OPERATION operationNotifyWrite(ExecState*, WatchpointSet*); 136 134 void JIT_OPERATION operationThrowStackOverflowForVarargs(ExecState*) WTF_INTERNAL; -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGPlan.cpp
r190896 r191150 39 39 #include "DFGConstantFoldingPhase.h" 40 40 #include "DFGConstantHoistingPhase.h" 41 #include "DFGCopyBarrierOptimizationPhase.h"42 41 #include "DFGCriticalEdgeBreakingPhase.h" 43 42 #include "DFGDCEPhase.h" … … 360 359 performCPSRethreading(dfg); 361 360 performDCE(dfg); 362 if (Options::enableCopyBarrierOptimization())363 performCopyBarrierOptimization(dfg);364 361 performPhantomInsertion(dfg); 365 362 performStackLayout(dfg); … … 441 438 performCleanUp(dfg); 442 439 performDCE(dfg); // We rely on this to kill dead code that won't be recognized as dead by LLVM. 443 if (Options::enableCopyBarrierOptimization())444 performCopyBarrierOptimization(dfg);445 440 performStackLayout(dfg); 446 441 performLivenessAnalysis(dfg); -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
r190896 r191150 443 443 } 444 444 445 case GetButterfly: 446 case GetButterflyReadOnly: 445 case GetButterfly: 447 446 case GetIndexedPropertyStorage: 448 447 case AllocatePropertyStorage: -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGSafeToExecute.h
r190896 r191150 192 192 case GetExecutable: 193 193 case GetButterfly: 194 case GetButterflyReadOnly:195 194 case CheckArray: 196 195 case Arrayify: -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
r190896 r191150 4389 4389 MacroAssembler::Address(baseReg, JSArrayBufferView::offsetOfVector()), 4390 4390 storageReg); 4391 4392 addSlowPathGenerator(4393 slowPathCall(4394 m_jit.branchIfNotToSpace(storageReg),4395 this, operationGetArrayBufferVector, storageReg, baseReg));4396 4391 break; 4397 4392 } … … 4414 4409 MacroAssembler::Address(baseGPR, JSArrayBufferView::offsetOfMode()), 4415 4410 TrustedImm32(WastefulTypedArray)); 4416 4411 4417 4412 m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSObject::butterflyOffset()), dataGPR); 4418 m_jit.removeSpaceBits(dataGPR);4419 4413 m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSArrayBufferView::offsetOfVector()), vectorGPR); 4420 m_jit.removeSpaceBits(vectorGPR);4421 4414 m_jit.loadPtr(MacroAssembler::Address(dataGPR, Butterfly::offsetOfArrayBuffer()), dataGPR); 4422 4415 m_jit.loadPtr(MacroAssembler::Address(dataGPR, ArrayBuffer::offsetOfData()), dataGPR); … … 4429 4422 4430 4423 done.link(&m_jit); 4431 4424 4432 4425 int32Result(vectorGPR, node); 4433 4426 } … … 5495 5488 5496 5489 storageResult(scratchGPR1, node); 5497 }5498 5499 void SpeculativeJIT::compileGetButterfly(Node* node)5500 {5501 SpeculateCellOperand base(this, node->child1());5502 GPRTemporary result(this, Reuse, base);5503 5504 GPRReg baseGPR = base.gpr();5505 GPRReg resultGPR = result.gpr();5506 5507 m_jit.loadPtr(JITCompiler::Address(baseGPR, JSObject::butterflyOffset()), resultGPR);5508 5509 switch (node->op()) {5510 case GetButterfly:5511 addSlowPathGenerator(5512 slowPathCall(5513 m_jit.branchIfNotToSpace(resultGPR),5514 this, operationGetButterfly, resultGPR, baseGPR));5515 break;5516 5517 case GetButterflyReadOnly:5518 m_jit.removeSpaceBits(resultGPR);5519 break;5520 5521 default:5522 DFG_CRASH(m_jit.graph(), node, "Bad node type");5523 break;5524 }5525 5526 storageResult(resultGPR, node);5527 5490 } 5528 5491 -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
r190896 r191150 2148 2148 void compileAllocatePropertyStorage(Node*); 2149 2149 void compileReallocatePropertyStorage(Node*); 2150 void compileGetButterfly(Node*);2151 2150 2152 2151 #if USE(JSVALUE32_64) -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
r190896 r191150 4024 4024 break; 4025 4025 4026 case GetButterfly: 4027 case GetButterflyReadOnly: 4028 compileGetButterfly(node); 4029 break; 4026 case GetButterfly: { 4027 SpeculateCellOperand base(this, node->child1()); 4028 GPRTemporary result(this, Reuse, base); 4029 4030 GPRReg baseGPR = base.gpr(); 4031 GPRReg resultGPR = result.gpr(); 4032 4033 m_jit.loadPtr(JITCompiler::Address(baseGPR, JSObject::butterflyOffset()), resultGPR); 4034 4035 storageResult(resultGPR, node); 4036 break; 4037 } 4030 4038 4031 4039 case GetIndexedPropertyStorage: { … … 4616 4624 GPRReg enumeratorGPR = enumerator.gpr(); 4617 4625 4618 MacroAssembler::JumpList slowPath;4619 4620 4626 // Check the structure 4621 4627 m_jit.load32(MacroAssembler::Address(baseGPR, JSCell::structureIDOffset()), scratchGPR); 4622 slowPath.append( 4623 m_jit.branch32( 4624 MacroAssembler::NotEqual, 4625 scratchGPR, 4626 MacroAssembler::Address( 4627 enumeratorGPR, JSPropertyNameEnumerator::cachedStructureIDOffset()))); 4628 MacroAssembler::Jump wrongStructure = m_jit.branch32(MacroAssembler::NotEqual, 4629 scratchGPR, MacroAssembler::Address(enumeratorGPR, JSPropertyNameEnumerator::cachedStructureIDOffset())); 4628 4630 4629 4631 // Compute the offset … … 4647 4649 // We use resultPayloadGPR as a temporary here. We have to make sure clobber it after getting the 4648 4650 // value out of indexGPR and enumeratorGPR because resultPayloadGPR could reuse either of those registers. 4649 m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSObject::butterflyOffset()), resultPayloadGPR); 4650 slowPath.append(m_jit.branchIfNotToSpace(resultPayloadGPR)); 4651 m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSObject::butterflyOffset()), resultPayloadGPR); 4651 4652 int32_t offsetOfFirstProperty = static_cast<int32_t>(offsetInButterfly(firstOutOfLineOffset)) * sizeof(EncodedJSValue); 4652 4653 m_jit.load32(MacroAssembler::BaseIndex(resultPayloadGPR, scratchGPR, MacroAssembler::TimesEight, offsetOfFirstProperty + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), resultTagGPR); … … 4655 4656 done.link(&m_jit); 4656 4657 4657 addSlowPathGenerator(slowPathCall( slowPath, this, operationGetByValCell, resultTagGPR, resultPayloadGPR, baseGPR, propertyGPR));4658 addSlowPathGenerator(slowPathCall(wrongStructure, this, operationGetByValCell, resultTagGPR, resultPayloadGPR, baseGPR, propertyGPR)); 4658 4659 #endif 4659 4660 -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
r190896 r191150 4038 4038 break; 4039 4039 4040 case GetButterfly: 4041 case GetButterflyReadOnly: 4042 compileGetButterfly(node); 4043 break; 4040 case GetButterfly: { 4041 SpeculateCellOperand base(this, node->child1()); 4042 GPRTemporary result(this, Reuse, base); 4043 4044 GPRReg baseGPR = base.gpr(); 4045 GPRReg resultGPR = result.gpr(); 4046 4047 m_jit.loadPtr(JITCompiler::Address(baseGPR, JSObject::butterflyOffset()), resultGPR); 4048 4049 storageResult(resultGPR, node); 4050 break; 4051 } 4044 4052 4045 4053 case GetIndexedPropertyStorage: { … … 4637 4645 GPRReg scratch2GPR = scratch2.gpr(); 4638 4646 4639 MacroAssembler::JumpList slowPath;4640 4641 4647 // Check the structure 4642 4648 m_jit.load32(MacroAssembler::Address(baseGPR, JSCell::structureIDOffset()), scratch1GPR); 4643 slowPath.append( 4644 m_jit.branch32( 4645 MacroAssembler::NotEqual, 4646 scratch1GPR, 4647 MacroAssembler::Address( 4648 enumeratorGPR, JSPropertyNameEnumerator::cachedStructureIDOffset()))); 4649 MacroAssembler::Jump wrongStructure = m_jit.branch32(MacroAssembler::NotEqual, 4650 scratch1GPR, MacroAssembler::Address(enumeratorGPR, JSPropertyNameEnumerator::cachedStructureIDOffset())); 4649 4651 4650 4652 // Compute the offset … … 4660 4662 outOfLineAccess.link(&m_jit); 4661 4663 m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSObject::butterflyOffset()), scratch2GPR); 4662 slowPath.append(m_jit.branchIfNotToSpace(scratch2GPR));4663 4664 m_jit.move(indexGPR, scratch1GPR); 4664 4665 m_jit.sub32(MacroAssembler::Address(enumeratorGPR, JSPropertyNameEnumerator::cachedInlineCapacityOffset()), scratch1GPR); … … 4670 4671 done.link(&m_jit); 4671 4672 4672 addSlowPathGenerator(slowPathCall( slowPath, this, operationGetByVal, resultGPR, baseGPR, propertyGPR));4673 addSlowPathGenerator(slowPathCall(wrongStructure, this, operationGetByVal, resultGPR, baseGPR, propertyGPR)); 4673 4674 4674 4675 jsValueResult(resultGPR, node); -
tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGTypeCheckHoistingPhase.cpp
r190896 r191150 248 248 case ReallocatePropertyStorage: 249 249 case GetButterfly: 250 case GetButterflyReadOnly:251 250 case GetByVal: 252 251 case PutByValDirect: … … 327 326 case ReallocatePropertyStorage: 328 327 case GetButterfly: 329 case GetButterflyReadOnly:330 328 case GetByVal: 331 329 case PutByValDirect: -
tags/Safari-602.1.7/Source/JavaScriptCore/ftl/FTLCapabilities.cpp
r190896 r191150 69 69 case PutStructure: 70 70 case GetButterfly: 71 case GetButterflyReadOnly:72 71 case NewObject: 73 72 case NewArray: -
tags/Safari-602.1.7/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp
r190916 r191150 567 567 compileGetButterfly(); 568 568 break; 569 case GetButterflyReadOnly:570 compileGetButterflyReadOnly();571 break;572 569 case ConstantStoragePointer: 573 570 compileConstantStoragePointer(); … … 2286 2283 void compileGetButterfly() 2287 2284 { 2288 setStorage(loadButterflyWithBarrier(lowCell(m_node->child1()))); 2289 } 2290 2291 void compileGetButterflyReadOnly() 2292 { 2293 setStorage(loadButterflyReadOnly(lowCell(m_node->child1()))); 2285 setStorage(m_out.loadPtr(lowCell(m_node->child1()), m_heaps.JSObject_butterfly)); 2294 2286 } 2295 2287 … … 2326 2318 } 2327 2319 2328 setStorage( loadVectorWithBarrier(cell));2320 setStorage(m_out.loadPtr(cell, m_heaps.JSArrayBufferView_vector)); 2329 2321 } 2330 2322 … … 2346 2338 LValue basePtr = lowCell(m_node->child1()); 2347 2339 2348 LBasicBlock simpleCase = FTL_NEW_BLOCK(m_out, (" GetTypedArrayByteOffsetwasteless typed array"));2349 LBasicBlock wastefulCase = FTL_NEW_BLOCK(m_out, (" GetTypedArrayByteOffsetwasteful typed array"));2350 LBasicBlock continuation = FTL_NEW_BLOCK(m_out, (" GetTypedArrayByteOffset continuation"));2340 LBasicBlock simpleCase = FTL_NEW_BLOCK(m_out, ("wasteless typed array")); 2341 LBasicBlock wastefulCase = FTL_NEW_BLOCK(m_out, ("wasteful typed array")); 2342 LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("continuation branch")); 2351 2343 2352 2344 LValue mode = m_out.load32(basePtr, m_heaps.JSArrayBufferView_mode); … … 2355 2347 unsure(simpleCase), unsure(wastefulCase)); 2356 2348 2349 // begin simple case 2357 2350 LBasicBlock lastNext = m_out.appendTo(simpleCase, wastefulCase); 2358 2351 … … 2361 2354 m_out.jump(continuation); 2362 2355 2356 // begin wasteful case 2363 2357 m_out.appendTo(wastefulCase, continuation); 2364 2358 2365 LValue vectorPtr = loadVectorReadOnly(basePtr);2366 LValue butterflyPtr = loadButterflyReadOnly(basePtr);2359 LValue vectorPtr = m_out.loadPtr(basePtr, m_heaps.JSArrayBufferView_vector); 2360 LValue butterflyPtr = m_out.loadPtr(basePtr, m_heaps.JSObject_butterfly); 2367 2361 LValue arrayBufferPtr = m_out.loadPtr(butterflyPtr, m_heaps.Butterfly_arrayBuffer); 2368 2362 LValue dataPtr = m_out.loadPtr(arrayBufferPtr, m_heaps.ArrayBuffer_data); … … 2373 2367 m_out.appendTo(continuation, lastNext); 2374 2368 2369 // output 2375 2370 setInt32(m_out.castToInt32(m_out.phi(m_out.intPtr, simpleOut, wastefulOut))); 2376 2371 } … … 4056 4051 propertyBase = weakPointer(method.prototype()->value().asCell()); 4057 4052 if (!isInlineOffset(method.offset())) 4058 propertyBase = loadButterflyReadOnly(propertyBase);4053 propertyBase = m_out.loadPtr(propertyBase, m_heaps.JSObject_butterfly); 4059 4054 result = loadProperty( 4060 4055 propertyBase, data.identifierNumber, method.offset()); … … 4124 4119 storage = base; 4125 4120 else 4126 storage = loadButterflyWithBarrier(base);4121 storage = m_out.loadPtr(base, m_heaps.JSObject_butterfly); 4127 4122 } else { 4128 4123 m_graph.m_plan.transitions.addLazily( … … 5358 5353 5359 5354 m_out.appendTo(outOfLineLoad, slowCase); 5360 LValue storage = loadButterflyReadOnly(base);5355 LValue storage = m_out.loadPtr(base, m_heaps.JSObject_butterfly); 5361 5356 LValue realIndex = m_out.signExt( 5362 5357 m_out.neg(m_out.sub(index, m_out.load32(enumerator, m_heaps.JSPropertyNameEnumerator_cachedInlineCapacity))), … … 6010 6005 6011 6006 if (previousStructure->outOfLineCapacity() == nextStructure->outOfLineCapacity()) 6012 return loadButterflyWithBarrier(object);6007 return m_out.loadPtr(object, m_heaps.JSObject_butterfly); 6013 6008 6014 6009 LValue result; … … 6017 6012 else { 6018 6013 result = reallocatePropertyStorage( 6019 object, loadButterflyWithBarrier(object),6014 object, m_out.loadPtr(object, m_heaps.JSObject_butterfly), 6020 6015 previousStructure, nextStructure); 6021 6016 } … … 6130 6125 6131 6126 return call; 6132 }6133 6134 LValue loadButterflyWithBarrier(LValue object)6135 {6136 return copyBarrier(6137 object, m_out.loadPtr(object, m_heaps.JSObject_butterfly), operationGetButterfly);6138 }6139 6140 LValue loadVectorWithBarrier(LValue object)6141 {6142 return copyBarrier(6143 object, m_out.loadPtr(object, m_heaps.JSArrayBufferView_vector),6144 operationGetArrayBufferVector);6145 }6146 6147 LValue copyBarrier(LValue object, LValue pointer, P_JITOperation_EC slowPathFunction)6148 {6149 LBasicBlock slowPath = FTL_NEW_BLOCK(m_out, ("loadButterflyWithBarrier slow path"));6150 LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("loadButterflyWithBarrier continuation"));6151 6152 ValueFromBlock fastResult = m_out.anchor(pointer);6153 m_out.branch(6154 m_out.testIsZeroPtr(pointer, m_out.constIntPtr(CopyBarrierBase::spaceBits)),6155 usually(continuation), rarely(slowPath));6156 6157 LBasicBlock lastNext = m_out.appendTo(slowPath, continuation);6158 6159 LValue call = lazySlowPath(6160 [=] (const Vector<Location>& locations) -> RefPtr<LazySlowPath::Generator> {6161 return createLazyCallGenerator(6162 slowPathFunction, locations[0].directGPR(), locations[1].directGPR());6163 }, object);6164 ValueFromBlock slowResult = m_out.anchor(call);6165 m_out.jump(continuation);6166 6167 m_out.appendTo(continuation, lastNext);6168 return m_out.phi(m_out.intPtr, fastResult, slowResult);6169 }6170 6171 LValue loadButterflyReadOnly(LValue object)6172 {6173 return removeSpaceBits(m_out.loadPtr(object, m_heaps.JSObject_butterfly));6174 }6175 6176 LValue loadVectorReadOnly(LValue object)6177 {6178 return removeSpaceBits(m_out.loadPtr(object, m_heaps.JSArrayBufferView_vector));6179 }6180 6181 LValue removeSpaceBits(LValue storage)6182 {6183 return m_out.bitAnd(6184 storage, m_out.constIntPtr(~static_cast<intptr_t>(CopyBarrierBase::spaceBits)));6185 6127 } 6186 6128 -
tags/Safari-602.1.7/Source/JavaScriptCore/ftl/FTLOperations.cpp
r190896 r191150 49 49 vm, nullptr, 0, structure->outOfLineCapacity(), false, IndexingHeader(), 0); 50 50 51 JSObject* result = JSFinalObject::create(exec, structure, butterfly); 52 result->butterfly(); // Ensure that the butterfly is in to-space. 53 return result; 51 return JSFinalObject::create(exec, structure, butterfly); 54 52 } 55 53 -
tags/Safari-602.1.7/Source/JavaScriptCore/ftl/FTLOutput.h
r190896 r191150 363 363 LValue testIsZero64(LValue value, LValue mask) { return isZero64(bitAnd(value, mask)); } 364 364 LValue testNonZero64(LValue value, LValue mask) { return notZero64(bitAnd(value, mask)); } 365 LValue testIsZeroPtr(LValue value, LValue mask) { return isNull(bitAnd(value, mask)); }366 LValue testNonZeroPtr(LValue value, LValue mask) { return notNull(bitAnd(value, mask)); }367 365 368 366 LValue select(LValue value, LValue taken, LValue notTaken) { return buildSelect(m_builder, value, taken, notTaken); } -
tags/Safari-602.1.7/Source/JavaScriptCore/heap/CopyVisitorInlines.h
r190896 r191150 34 34 inline bool CopyVisitor::checkIfShouldCopy(void* oldPtr) 35 35 { 36 if (!oldPtr)37 return false;38 36 CopiedBlock* block = CopiedSpace::blockFor(oldPtr); 39 37 if (block->isOversize() || block->isPinned()) -
tags/Safari-602.1.7/Source/JavaScriptCore/heap/Heap.cpp
r190896 r191150 1001 1001 } 1002 1002 1003 void* Heap::copyBarrier(const JSCell*, void*& pointer)1004 {1005 // Do nothing for now.1006 return pointer;1007 }1008 1009 1003 void Heap::collectAndSweep(HeapOperation collectionType) 1010 1004 { -
tags/Safari-602.1.7/Source/JavaScriptCore/heap/Heap.h
r190896 r191150 109 109 void writeBarrier(const JSCell*, JSCell*); 110 110 111 JS_EXPORT_PRIVATE static void* copyBarrier(const JSCell* owner, void*& copiedSpacePointer);112 113 111 WriteBarrierBuffer& writeBarrierBuffer() { return m_writeBarrierBuffer; } 114 112 void flushWriteBarrierBuffer(JSCell*); -
tags/Safari-602.1.7/Source/JavaScriptCore/heap/HeapInlines.h
r190896 r191150 27 27 #define HeapInlines_h 28 28 29 #include "CopyBarrier.h"30 29 #include "Heap.h" 31 30 #include "JSCell.h" -
tags/Safari-602.1.7/Source/JavaScriptCore/jit/AssemblyHelpers.h
r190896 r191150 30 30 31 31 #include "CodeBlock.h" 32 #include "CopyBarrier.h"33 32 #include "FPRInfo.h" 34 33 #include "GPRInfo.h" … … 755 754 return branchPtr(condition, leftHandSide, TrustedImmPtr(structure)); 756 755 #endif 757 }758 759 Jump branchIfNotToSpace(GPRReg storageGPR)760 {761 return branchTest32(NonZero, storageGPR, TrustedImm32(CopyBarrierBase::spaceBits));762 }763 764 void removeSpaceBits(GPRReg storageGPR)765 {766 andPtr(TrustedImmPtr(~static_cast<uintptr_t>(CopyBarrierBase::spaceBits)), storageGPR);767 756 } 768 757 -
tags/Safari-602.1.7/Source/JavaScriptCore/jit/JIT.cpp
r190896 r191150 181 181 if (Options::eagerlyUpdateTopCallFrame()) 182 182 updateTopCallFrame(); 183 184 unsigned bytecodeOffset = m_bytecodeOffset;185 183 186 184 switch (opcodeID) { … … 317 315 RELEASE_ASSERT_NOT_REACHED(); 318 316 } 319 320 if (false)321 dataLog("At ", bytecodeOffset, ": ", m_slowCases.size(), "\n");322 317 } 323 318 … … 439 434 } 440 435 441 if (false)442 dataLog("At ", firstTo, " slow: ", iter - m_slowCases.begin(), "\n");443 444 436 RELEASE_ASSERT_WITH_MESSAGE(iter == m_slowCases.end() || firstTo != iter->to, "Not enough jumps linked in slow case codegen."); 445 437 RELEASE_ASSERT_WITH_MESSAGE(firstTo == (iter - 1)->to, "Too many jumps linked in slow case codegen."); -
tags/Safari-602.1.7/Source/JavaScriptCore/jit/JITOpcodes.cpp
r190896 r191150 1154 1154 linkSlowCaseIfNotJSCell(iter, base); // base cell check 1155 1155 linkSlowCase(iter); // base array check 1156 linkSlowCase(iter); // read barrier1157 1156 linkSlowCase(iter); // vector length check 1158 1157 linkSlowCase(iter); // empty value … … 1198 1197 outOfLineAccess.link(this); 1199 1198 loadPtr(Address(regT0, JSObject::butterflyOffset()), regT0); 1200 addSlowCase(branchIfNotToSpace(regT0));1201 1199 sub32(Address(regT2, JSPropertyNameEnumerator::cachedInlineCapacityOffset()), regT1); 1202 1200 neg32(regT1); … … 1214 1212 int base = currentInstruction[2].u.operand; 1215 1213 linkSlowCaseIfNotJSCell(iter, base); 1216 linkSlowCase(iter);1217 1214 linkSlowCase(iter); 1218 1215 -
tags/Safari-602.1.7/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp
r190896 r191150 1175 1175 outOfLineAccess.link(this); 1176 1176 loadPtr(Address(regT0, JSObject::butterflyOffset()), regT0); 1177 addSlowCase(branchIfNotToSpace(regT0));1178 1177 sub32(Address(regT1, JSPropertyNameEnumerator::cachedInlineCapacityOffset()), regT2); 1179 1178 neg32(regT2); … … 1191 1190 int base = currentInstruction[2].u.operand; 1192 1191 linkSlowCaseIfNotJSCell(iter, base); 1193 linkSlowCase(iter);1194 1192 linkSlowCase(iter); 1195 1193 -
tags/Safari-602.1.7/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
r190896 r191150 166 166 badType = patchableBranch32(NotEqual, regT2, TrustedImm32(DoubleShape)); 167 167 loadPtr(Address(regT0, JSObject::butterflyOffset()), regT2); 168 slowCases.append(branchIfNotToSpace(regT2));169 168 slowCases.append(branch32(AboveOrEqual, regT1, Address(regT2, Butterfly::offsetOfPublicLength()))); 170 169 loadDouble(BaseIndex(regT2, regT1, TimesEight), fpRegT0); … … 180 179 badType = patchableBranch32(NotEqual, regT2, TrustedImm32(expectedShape)); 181 180 loadPtr(Address(regT0, JSObject::butterflyOffset()), regT2); 182 slowCases.append(branchIfNotToSpace(regT2));183 181 slowCases.append(branch32(AboveOrEqual, regT1, Address(regT2, Butterfly::offsetOfPublicLength()))); 184 182 load64(BaseIndex(regT2, regT1, TimesEight), regT0); … … 196 194 197 195 loadPtr(Address(regT0, JSObject::butterflyOffset()), regT2); 198 slowCases.append(branchIfNotToSpace(regT2));199 196 slowCases.append(branch32(AboveOrEqual, regT1, Address(regT2, ArrayStorage::vectorLengthOffset()))); 200 197 … … 255 252 nonCell.link(this); 256 253 257 linkSlowCase(iter); // read barrier258 254 linkSlowCase(iter); // vector length check 259 255 linkSlowCase(iter); // empty value … … 328 324 329 325 loadPtr(Address(regT0, JSObject::butterflyOffset()), regT2); 330 slowCases.append(branchIfNotToSpace(regT2));331 326 Jump outOfBounds = branch32(AboveOrEqual, regT1, Address(regT2, Butterfly::offsetOfPublicLength())); 332 327 … … 384 379 badType = patchableBranch32(NotEqual, regT2, TrustedImm32(ArrayStorageShape)); 385 380 loadPtr(Address(regT0, JSObject::butterflyOffset()), regT2); 386 slowCases.append(branchIfNotToSpace(regT2));387 381 slowCases.append(branch32(AboveOrEqual, regT1, Address(regT2, ArrayStorage::vectorLengthOffset()))); 388 382 … … 455 449 linkSlowCase(iter); // base not array check 456 450 457 linkSlowCase(iter); // read barrier458 451 linkSlowCase(iter); // out of bounds 459 452 460 453 JITArrayMode mode = chooseArrayMode(profile); 461 454 switch (mode) { … … 788 781 } 789 782 loadPtr(Address(base, JSObject::butterflyOffset()), scratch); 790 addSlowCase(branchIfNotToSpace(scratch));791 783 neg32(offset); 792 784 signExtend32ToPtr(offset, offset); … … 868 860 return; 869 861 870 if (resolveType == GlobalProperty || resolveType == GlobalPropertyWithVarInjectionChecks) { 871 linkSlowCase(iter); // bad structure 872 linkSlowCase(iter); // read barrier 873 } 862 if (resolveType == GlobalProperty || resolveType == GlobalPropertyWithVarInjectionChecks) 863 linkSlowCase(iter); 874 864 875 865 if (resolveType == GlobalLexicalVarWithVarInjectionChecks) // Var injections check. … … 880 870 linkSlowCase(iter); // emitLoadWithStructureCheck 881 871 linkSlowCase(iter); // emitLoadWithStructureCheck 882 linkSlowCase(iter); // read barrier883 872 // GlobalLexicalVar 884 873 linkSlowCase(iter); // TDZ check. … … 934 923 935 924 loadPtr(Address(regT0, JSObject::butterflyOffset()), regT0); 936 addSlowCase(branchIfNotToSpace(regT0));937 925 loadPtr(operandSlot, regT1); 938 926 negPtr(regT1); … … 1028 1016 && currentInstruction[5].u.watchpointSet->state() != IsInvalidated) 1029 1017 linkCount++; 1030 if (resolveType == GlobalProperty || resolveType == GlobalPropertyWithVarInjectionChecks) { 1031 linkCount++; // bad structure 1032 linkCount++; // read barrier 1033 } 1018 if (resolveType == GlobalProperty || resolveType == GlobalPropertyWithVarInjectionChecks) 1019 linkCount++; 1034 1020 if (getPutInfo.initializationMode() != Initialization && (resolveType == GlobalLexicalVar || resolveType == GlobalLexicalVarWithVarInjectionChecks)) // TDZ check. 1035 1021 linkCount++; … … 1038 1024 linkCount++; // emitLoadWithStructureCheck 1039 1025 linkCount++; // emitLoadWithStructureCheck 1040 linkCount++; // read barrier1041 1026 1042 1027 // GlobalLexicalVar … … 1456 1441 badType = patchableBranch32(NotEqual, scratch, TrustedImm32(typeForTypedArrayType(type))); 1457 1442 slowCases.append(branch32(AboveOrEqual, property, Address(base, JSArrayBufferView::offsetOfLength()))); 1458 loadPtr(Address(base, JSArrayBufferView::offsetOfVector()), scratch); 1459 slowCases.append(branchIfNotToSpace(scratch)); 1443 loadPtr(Address(base, JSArrayBufferView::offsetOfVector()), base); 1460 1444 1461 1445 switch (elementSize(type)) { 1462 1446 case 1: 1463 1447 if (isSigned(type)) 1464 load8SignedExtendTo32(BaseIndex( scratch, property, TimesOne), resultPayload);1448 load8SignedExtendTo32(BaseIndex(base, property, TimesOne), resultPayload); 1465 1449 else 1466 load8(BaseIndex( scratch, property, TimesOne), resultPayload);1450 load8(BaseIndex(base, property, TimesOne), resultPayload); 1467 1451 break; 1468 1452 case 2: 1469 1453 if (isSigned(type)) 1470 load16SignedExtendTo32(BaseIndex( scratch, property, TimesTwo), resultPayload);1454 load16SignedExtendTo32(BaseIndex(base, property, TimesTwo), resultPayload); 1471 1455 else 1472 load16(BaseIndex( scratch, property, TimesTwo), resultPayload);1456 load16(BaseIndex(base, property, TimesTwo), resultPayload); 1473 1457 break; 1474 1458 case 4: 1475 load32(BaseIndex( scratch, property, TimesFour), resultPayload);1459 load32(BaseIndex(base, property, TimesFour), resultPayload); 1476 1460 break; 1477 1461 default: … … 1528 1512 badType = patchableBranch32(NotEqual, scratch, TrustedImm32(typeForTypedArrayType(type))); 1529 1513 slowCases.append(branch32(AboveOrEqual, property, Address(base, JSArrayBufferView::offsetOfLength()))); 1530 loadPtr(Address(base, JSArrayBufferView::offsetOfVector()), scratch); 1531 slowCases.append(branchIfNotToSpace(scratch)); 1514 loadPtr(Address(base, JSArrayBufferView::offsetOfVector()), base); 1532 1515 1533 1516 switch (elementSize(type)) { 1534 1517 case 4: 1535 loadFloat(BaseIndex( scratch, property, TimesFour), fpRegT0);1518 loadFloat(BaseIndex(base, property, TimesFour), fpRegT0); 1536 1519 convertFloatToDouble(fpRegT0, fpRegT0); 1537 1520 break; 1538 1521 case 8: { 1539 loadDouble(BaseIndex( scratch, property, TimesEight), fpRegT0);1522 loadDouble(BaseIndex(base, property, TimesEight), fpRegT0); 1540 1523 break; 1541 1524 } … … 1597 1580 // path expects the base to be unclobbered. 1598 1581 loadPtr(Address(base, JSArrayBufferView::offsetOfVector()), lateScratch); 1599 slowCases.append(branchIfNotToSpace(lateScratch));1600 1582 1601 1583 if (isClamped(type)) { … … 1683 1665 // path expects the base to be unclobbered. 1684 1666 loadPtr(Address(base, JSArrayBufferView::offsetOfVector()), lateScratch); 1685 slowCases.append(branchIfNotToSpace(lateScratch));1686 1667 1687 1668 switch (elementSize(type)) { -
tags/Safari-602.1.7/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
r190916 r191150 221 221 const PutByIdSecondaryTypeObjectOrOther = 0x40 222 222 const PutByIdSecondaryTypeTop = 0x48 223 224 const CopyBarrierSpaceBits = 3225 223 226 224 const CallOpCodeSize = 9 … … 666 664 end 667 665 668 macro copyBarrier(value, slow)669 btpnz value, CopyBarrierSpaceBits, slow670 end671 672 666 macro functionPrologue() 673 667 if X86 or X86_WIN or X86_64 or X86_64_WIN -
tags/Safari-602.1.7/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
r190916 r191150 1189 1189 1190 1190 1191 macro loadPropertyAtVariableOffset(propertyOffsetAsInt, objectAndStorage, value , slow)1191 macro loadPropertyAtVariableOffset(propertyOffsetAsInt, objectAndStorage, value) 1192 1192 bilt propertyOffsetAsInt, firstOutOfLineOffset, .isInline 1193 1193 loadp JSObject::m_butterfly[objectAndStorage], objectAndStorage 1194 copyBarrier(objectAndStorage, slow)1195 1194 negi propertyOffsetAsInt 1196 1195 sxi2q propertyOffsetAsInt, propertyOffsetAsInt … … 1203 1202 1204 1203 1205 macro storePropertyAtVariableOffset(propertyOffsetAsInt, objectAndStorage, value , slow)1204 macro storePropertyAtVariableOffset(propertyOffsetAsInt, objectAndStorage, value) 1206 1205 bilt propertyOffsetAsInt, firstOutOfLineOffset, .isInline 1207 1206 loadp JSObject::m_butterfly[objectAndStorage], objectAndStorage 1208 copyBarrier(objectAndStorage, slow)1209 1207 negi propertyOffsetAsInt 1210 1208 sxi2q propertyOffsetAsInt, propertyOffsetAsInt … … 1225 1223 loadisFromInstruction(5, t1) 1226 1224 loadisFromInstruction(1, t2) 1227 loadPropertyAtVariableOffset(t1, t3, t0 , .opGetByIdSlow)1225 loadPropertyAtVariableOffset(t1, t3, t0) 1228 1226 storeq t0, [cfr, t2, 8] 1229 1227 valueProfile(t0, 8, t1) … … 1246 1244 loadisFromInstruction(1, t1) 1247 1245 loadp JSObject::m_butterfly[t3], t0 1248 copyBarrier(t0, .opGetArrayLengthSlow)1249 1246 loadi -sizeof IndexingHeader + IndexingHeader::u.lengths.publicLength[t0], t0 1250 1247 bilt t0, 0, .opGetArrayLengthSlow … … 1390 1387 loadConstantOrVariable(t1, t2) 1391 1388 loadisFromInstruction(5, t1) 1392 storePropertyAtVariableOffset(t1, t0, t2 , .opPutByIdSlow)1389 storePropertyAtVariableOffset(t1, t0, t2) 1393 1390 dispatch(9) 1394 1391 … … 1409 1406 sxi2q t1, t1 1410 1407 loadp JSObject::m_butterfly[t0], t3 1411 copyBarrier(t3, .opGetByValSlow)1412 1408 andi IndexingShapeMask, t2 1413 1409 bieq t2, Int32Shape, .opGetByValIsContiguous … … 1480 1476 sxi2q t3, t3 1481 1477 loadp JSObject::m_butterfly[t1], t0 1482 copyBarrier(t0, .opPutByValSlow)1483 1478 andi IndexingShapeMask, t2 1484 1479 bineq t2, Int32Shape, .opPutByValNotInt32 … … 2001 1996 end 2002 1997 2003 macro getProperty( slow)1998 macro getProperty() 2004 1999 loadisFromInstruction(6, t1) 2005 loadPropertyAtVariableOffset(t1, t0, t2 , slow)2000 loadPropertyAtVariableOffset(t1, t0, t2) 2006 2001 valueProfile(t2, 7, t0) 2007 2002 loadisFromInstruction(1, t0) … … 2034 2029 bineq t0, GlobalProperty, .gGlobalVar 2035 2030 loadWithStructureCheck(2, .gDynamic) 2036 getProperty( .gDynamic)2031 getProperty() 2037 2032 dispatch(8) 2038 2033 … … 2059 2054 bineq t0, GlobalPropertyWithVarInjectionChecks, .gGlobalVarWithVarInjectionChecks 2060 2055 loadWithStructureCheck(2, .gDynamic) 2061 getProperty( .gDynamic)2056 getProperty() 2062 2057 dispatch(8) 2063 2058 … … 2089 2084 2090 2085 2091 macro putProperty( slow)2086 macro putProperty() 2092 2087 loadisFromInstruction(3, t1) 2093 2088 loadConstantOrVariable(t1, t2) 2094 2089 loadisFromInstruction(6, t1) 2095 storePropertyAtVariableOffset(t1, t0, t2 , slow)2090 storePropertyAtVariableOffset(t1, t0, t2) 2096 2091 end 2097 2092 … … 2151 2146 writeBarrierOnOperands(1, 3) 2152 2147 loadWithStructureCheck(1, .pDynamic) 2153 putProperty( .pDynamic)2148 putProperty() 2154 2149 dispatch(7) 2155 2150 … … 2178 2173 writeBarrierOnOperands(1, 3) 2179 2174 loadWithStructureCheck(1, .pDynamic) 2180 putProperty( .pDynamic)2175 putProperty() 2181 2176 dispatch(7) 2182 2177 -
tags/Safari-602.1.7/Source/JavaScriptCore/runtime/DirectArguments.cpp
r190896 r191150 98 98 visitor.copyLater( 99 99 thisObject, DirectArgumentsOverridesCopyToken, 100 thisObject->m_overrides.get WithoutBarrier(), thisObject->overridesSize());100 thisObject->m_overrides.get(), thisObject->overridesSize()); 101 101 } 102 102 } … … 109 109 RELEASE_ASSERT(token == DirectArgumentsOverridesCopyToken); 110 110 111 void* oldOverrides = thisObject->m_overrides.getWithoutBarrier(); 111 bool* oldOverrides = thisObject->m_overrides.get(); 112 if (!oldOverrides) 113 return; 114 112 115 if (visitor.checkIfShouldCopy(oldOverrides)) { 113 116 bool* newOverrides = static_cast<bool*>(visitor.allocateNewSpace(thisObject->overridesSize())); 114 117 memcpy(newOverrides, oldOverrides, thisObject->m_length); 115 thisObject->m_overrides.setWithout Barrier(newOverrides);118 thisObject->m_overrides.setWithoutWriteBarrier(newOverrides); 116 119 visitor.didCopy(oldOverrides, thisObject->overridesSize()); 117 120 } … … 133 136 void* backingStore; 134 137 RELEASE_ASSERT(vm.heap.tryAllocateStorage(this, overridesSize(), &backingStore)); 135 bool* overrides = static_cast<bool*>(backingStore); 136 m_overrides.set(vm, this, overrides); 138 m_overrides.set(vm, this, static_cast<bool*>(backingStore)); 137 139 for (unsigned i = m_length; i--;) 138 overrides[i] = false;140 m_overrides.get()[i] = false; 139 141 } 140 142 … … 148 150 { 149 151 overrideThingsIfNecessary(vm); 150 m_overrides.get( this)[index] = true;152 m_overrides.get()[index] = true; 151 153 } 152 154 -
tags/Safari-602.1.7/Source/JavaScriptCore/runtime/DirectArguments.h
r190896 r191150 74 74 bool canAccessIndexQuickly(uint32_t i) const 75 75 { 76 return i < m_length && (!m_overrides || !m_overrides.get( this)[i]);76 return i < m_length && (!m_overrides || !m_overrides.get()[i]); 77 77 } 78 78 … … 149 149 uint32_t m_length; // Always the actual length of captured arguments and never what was stored into the length property. 150 150 uint32_t m_minCapacity; // The max of this and length determines the capacity of this object. It may be the actual capacity, or maybe something smaller. We arrange it this way to be kind to the JITs. 151 Copy Barrier<bool> m_overrides; // If non-null, it means that length, callee, and caller are fully materialized properties.151 CopyWriteBarrier<bool> m_overrides; // If non-null, it means that length, callee, and caller are fully materialized properties. 152 152 }; 153 153 -
tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSArray.cpp
r190896 r191150 393 393 bool JSArray::setLength(ExecState* exec, unsigned newLength, bool throwException) 394 394 { 395 Butterfly* butterfly = m_butterfly.get(this);396 395 switch (indexingType()) { 397 396 case ArrayClass: … … 410 409 case ArrayWithDouble: 411 410 case ArrayWithContiguous: { 412 if (newLength == butterfly->publicLength())411 if (newLength == m_butterfly->publicLength()) 413 412 return true; 414 413 if (newLength >= MAX_ARRAY_INDEX // This case ensures that we can do fast push. … … 419 418 ensureArrayStorage(exec->vm())); 420 419 } 421 if (newLength > butterfly->publicLength()) {420 if (newLength > m_butterfly->publicLength()) { 422 421 ensureLength(exec->vm(), newLength); 423 422 return true; 424 423 } 425 424 426 unsigned lengthToClear = butterfly->publicLength() - newLength;425 unsigned lengthToClear = m_butterfly->publicLength() - newLength; 427 426 unsigned costToAllocateNewButterfly = 64; // a heuristic. 428 427 if (lengthToClear > newLength && lengthToClear > costToAllocateNewButterfly) { … … 432 431 433 432 if (indexingType() == ArrayWithDouble) { 434 for (unsigned i = butterfly->publicLength(); i-- > newLength;)435 butterfly->contiguousDouble()[i] = PNaN;433 for (unsigned i = m_butterfly->publicLength(); i-- > newLength;) 434 m_butterfly->contiguousDouble()[i] = PNaN; 436 435 } else { 437 for (unsigned i = butterfly->publicLength(); i-- > newLength;)438 butterfly->contiguous()[i].clear();439 } 440 butterfly->setPublicLength(newLength);436 for (unsigned i = m_butterfly->publicLength(); i-- > newLength;) 437 m_butterfly->contiguous()[i].clear(); 438 } 439 m_butterfly->setPublicLength(newLength); 441 440 return true; 442 441 } … … 454 453 JSValue JSArray::pop(ExecState* exec) 455 454 { 456 Butterfly* butterfly = m_butterfly.get(this);457 458 455 switch (indexingType()) { 459 456 case ArrayClass: … … 461 458 462 459 case ArrayWithUndecided: 463 if (! butterfly->publicLength())460 if (!m_butterfly->publicLength()) 464 461 return jsUndefined(); 465 462 // We have nothing but holes. So, drop down to the slow version. … … 468 465 case ArrayWithInt32: 469 466 case ArrayWithContiguous: { 470 unsigned length = butterfly->publicLength();467 unsigned length = m_butterfly->publicLength(); 471 468 472 469 if (!length--) 473 470 return jsUndefined(); 474 471 475 RELEASE_ASSERT(length < butterfly->vectorLength());476 JSValue value = butterfly->contiguous()[length].get();472 RELEASE_ASSERT(length < m_butterfly->vectorLength()); 473 JSValue value = m_butterfly->contiguous()[length].get(); 477 474 if (value) { 478 butterfly->contiguous()[length].clear();479 butterfly->setPublicLength(length);475 m_butterfly->contiguous()[length].clear(); 476 m_butterfly->setPublicLength(length); 480 477 return value; 481 478 } … … 484 481 485 482 case ArrayWithDouble: { 486 unsigned length = butterfly->publicLength();483 unsigned length = m_butterfly->publicLength(); 487 484 488 485 if (!length--) 489 486 return jsUndefined(); 490 487 491 RELEASE_ASSERT(length < butterfly->vectorLength());492 double value = butterfly->contiguousDouble()[length];488 RELEASE_ASSERT(length < m_butterfly->vectorLength()); 489 double value = m_butterfly->contiguousDouble()[length]; 493 490 if (value == value) { 494 butterfly->contiguousDouble()[length] = PNaN;495 butterfly->setPublicLength(length);491 m_butterfly->contiguousDouble()[length] = PNaN; 492 m_butterfly->setPublicLength(length); 496 493 return JSValue(JSValue::EncodeAsDouble, value); 497 494 } … … 500 497 501 498 case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES: { 502 ArrayStorage* storage = butterfly->arrayStorage();499 ArrayStorage* storage = m_butterfly->arrayStorage(); 503 500 504 501 unsigned length = storage->length(); … … 551 548 void JSArray::push(ExecState* exec, JSValue value) 552 549 { 553 Butterfly* butterfly = m_butterfly.get(this);554 555 550 switch (indexingType()) { 556 551 case ArrayClass: { … … 572 567 } 573 568 574 unsigned length = butterfly->publicLength();575 ASSERT(length <= butterfly->vectorLength());576 if (length < butterfly->vectorLength()) {577 butterfly->contiguousInt32()[length].setWithoutWriteBarrier(value);578 butterfly->setPublicLength(length + 1);569 unsigned length = m_butterfly->publicLength(); 570 ASSERT(length <= m_butterfly->vectorLength()); 571 if (length < m_butterfly->vectorLength()) { 572 m_butterfly->contiguousInt32()[length].setWithoutWriteBarrier(value); 573 m_butterfly->setPublicLength(length + 1); 579 574 return; 580 575 } … … 592 587 593 588 case ArrayWithContiguous: { 594 unsigned length = butterfly->publicLength();595 ASSERT(length <= butterfly->vectorLength());596 if (length < butterfly->vectorLength()) {597 butterfly->contiguous()[length].set(exec->vm(), this, value);598 butterfly->setPublicLength(length + 1);589 unsigned length = m_butterfly->publicLength(); 590 ASSERT(length <= m_butterfly->vectorLength()); 591 if (length < m_butterfly->vectorLength()) { 592 m_butterfly->contiguous()[length].set(exec->vm(), this, value); 593 m_butterfly->setPublicLength(length + 1); 599 594 return; 600 595 } … … 624 619 } 625 620 626 unsigned length = butterfly->publicLength();627 ASSERT(length <= butterfly->vectorLength());628 if (length < butterfly->vectorLength()) {629 butterfly->contiguousDouble()[length] = valueAsDouble;630 butterfly->setPublicLength(length + 1);621 unsigned length = m_butterfly->publicLength(); 622 ASSERT(length <= m_butterfly->vectorLength()); 623 if (length < m_butterfly->vectorLength()) { 624 m_butterfly->contiguousDouble()[length] = valueAsDouble; 625 m_butterfly->setPublicLength(length + 1); 631 626 return; 632 627 } … … 654 649 655 650 case ArrayWithArrayStorage: { 656 ArrayStorage* storage = butterfly->arrayStorage();651 ArrayStorage* storage = m_butterfly->arrayStorage(); 657 652 658 653 // Fast case - push within vector, always update m_length & m_numValuesInVector. … … 702 697 auto& resultButterfly = *resultArray->butterfly(); 703 698 if (arrayType == ArrayWithDouble) 704 memcpy(resultButterfly.contiguousDouble().data(), m_butterfly .get(this)->contiguousDouble().data() + startIndex, sizeof(JSValue) * count);699 memcpy(resultButterfly.contiguousDouble().data(), m_butterfly->contiguousDouble().data() + startIndex, sizeof(JSValue) * count); 705 700 else 706 memcpy(resultButterfly.contiguous().data(), m_butterfly .get(this)->contiguous().data() + startIndex, sizeof(JSValue) * count);701 memcpy(resultButterfly.contiguous().data(), m_butterfly->contiguous().data() + startIndex, sizeof(JSValue) * count); 707 702 resultButterfly.setPublicLength(count); 708 703 … … 721 716 ASSERT(newArrayType == fastConcatType(vm, *this, otherArray)); 722 717 723 unsigned thisArraySize = m_butterfly .get(this)->publicLength();724 unsigned otherArraySize = otherArray.m_butterfly .get(this)->publicLength();718 unsigned thisArraySize = m_butterfly->publicLength(); 719 unsigned otherArraySize = otherArray.m_butterfly->publicLength(); 725 720 ASSERT(thisArraySize + otherArraySize < MIN_SPARSE_ARRAY_INDEX); 726 721 … … 734 729 if (newArrayType == ArrayWithDouble) { 735 730 auto buffer = resultButterfly.contiguousDouble().data(); 736 memcpy(buffer, m_butterfly .get(this)->contiguousDouble().data(), sizeof(JSValue) * thisArraySize);731 memcpy(buffer, m_butterfly->contiguousDouble().data(), sizeof(JSValue) * thisArraySize); 737 732 memcpy(buffer + thisArraySize, otherButterfly.contiguousDouble().data(), sizeof(JSValue) * otherArraySize); 738 733 } else { 739 734 auto buffer = resultButterfly.contiguous().data(); 740 memcpy(buffer, m_butterfly .get(this)->contiguous().data(), sizeof(JSValue) * thisArraySize);735 memcpy(buffer, m_butterfly->contiguous().data(), sizeof(JSValue) * thisArraySize); 741 736 memcpy(buffer + thisArraySize, otherButterfly.contiguous().data(), sizeof(JSValue) * otherArraySize); 742 737 } … … 811 806 // the start of the Butterfly, which needs to point at the first indexed property in the used 812 807 // portion of the vector. 813 Butterfly* butterfly = m_butterfly.get(this)->shift(structure(), count); 814 m_butterfly.setWithoutBarrier(butterfly); 815 storage = butterfly->arrayStorage(); 808 m_butterfly.setWithoutWriteBarrier(m_butterfly->shift(structure(), count)); 809 storage = m_butterfly->arrayStorage(); 816 810 storage->m_indexBias += count; 817 811 … … 855 849 VM& vm = exec->vm(); 856 850 RELEASE_ASSERT(count > 0); 857 858 Butterfly* butterfly = m_butterfly.get(this);859 851 860 852 switch (indexingType()) { … … 868 860 case ArrayWithInt32: 869 861 case ArrayWithContiguous: { 870 unsigned oldLength = butterfly->publicLength();862 unsigned oldLength = m_butterfly->publicLength(); 871 863 RELEASE_ASSERT(count <= oldLength); 872 864 … … 883 875 if (this->structure(vm)->holesMustForwardToPrototype(vm)) { 884 876 for (unsigned i = startIndex; i < end; ++i) { 885 JSValue v = butterfly->contiguous()[i + count].get();877 JSValue v = m_butterfly->contiguous()[i + count].get(); 886 878 if (UNLIKELY(!v)) { 887 879 startIndex = i; 888 880 return shiftCountWithArrayStorage(vm, startIndex, count, ensureArrayStorage(vm)); 889 881 } 890 butterfly->contiguous()[i].setWithoutWriteBarrier(v);882 m_butterfly->contiguous()[i].setWithoutWriteBarrier(v); 891 883 } 892 884 } else { 893 memmove( butterfly->contiguous().data() + startIndex,894 butterfly->contiguous().data() + startIndex + count,885 memmove(m_butterfly->contiguous().data() + startIndex, 886 m_butterfly->contiguous().data() + startIndex + count, 895 887 sizeof(JSValue) * (end - startIndex)); 896 888 } 897 889 898 890 for (unsigned i = end; i < oldLength; ++i) 899 butterfly->contiguous()[i].clear();900 901 butterfly->setPublicLength(oldLength - count);891 m_butterfly->contiguous()[i].clear(); 892 893 m_butterfly->setPublicLength(oldLength - count); 902 894 return true; 903 895 } 904 896 905 897 case ArrayWithDouble: { 906 unsigned oldLength = butterfly->publicLength();898 unsigned oldLength = m_butterfly->publicLength(); 907 899 RELEASE_ASSERT(count <= oldLength); 908 900 … … 919 911 if (this->structure(vm)->holesMustForwardToPrototype(vm)) { 920 912 for (unsigned i = startIndex; i < end; ++i) { 921 double v = butterfly->contiguousDouble()[i + count];913 double v = m_butterfly->contiguousDouble()[i + count]; 922 914 if (UNLIKELY(v != v)) { 923 915 startIndex = i; 924 916 return shiftCountWithArrayStorage(vm, startIndex, count, ensureArrayStorage(vm)); 925 917 } 926 butterfly->contiguousDouble()[i] = v;918 m_butterfly->contiguousDouble()[i] = v; 927 919 } 928 920 } else { 929 memmove( butterfly->contiguousDouble().data() + startIndex,930 butterfly->contiguousDouble().data() + startIndex + count,921 memmove(m_butterfly->contiguousDouble().data() + startIndex, 922 m_butterfly->contiguousDouble().data() + startIndex + count, 931 923 sizeof(JSValue) * (end - startIndex)); 932 924 } 933 925 for (unsigned i = end; i < oldLength; ++i) 934 butterfly->contiguousDouble()[i] = PNaN;935 936 butterfly->setPublicLength(oldLength - count);926 m_butterfly->contiguousDouble()[i] = PNaN; 927 928 m_butterfly->setPublicLength(oldLength - count); 937 929 return true; 938 930 } … … 995 987 bool JSArray::unshiftCountWithAnyIndexingType(ExecState* exec, unsigned startIndex, unsigned count) 996 988 { 997 Butterfly* butterfly = m_butterfly.get(this);998 999 989 switch (indexingType()) { 1000 990 case ArrayClass: … … 1005 995 case ArrayWithInt32: 1006 996 case ArrayWithContiguous: { 1007 unsigned oldLength = butterfly->publicLength();997 unsigned oldLength = m_butterfly->publicLength(); 1008 998 1009 999 // We may have to walk the entire array to do the unshift. We're willing to do so … … 1013 1003 1014 1004 ensureLength(exec->vm(), oldLength + count); 1015 butterfly = m_butterfly.get(this);1016 1005 1017 1006 // We have to check for holes before we start moving things around so that we don't get halfway 1018 1007 // through shifting and then realize we should have been in ArrayStorage mode. 1019 1008 for (unsigned i = oldLength; i-- > startIndex;) { 1020 JSValue v = butterfly->contiguous()[i].get();1009 JSValue v = m_butterfly->contiguous()[i].get(); 1021 1010 if (UNLIKELY(!v)) 1022 1011 return unshiftCountWithArrayStorage(exec, startIndex, count, ensureArrayStorage(exec->vm())); … … 1024 1013 1025 1014 for (unsigned i = oldLength; i-- > startIndex;) { 1026 JSValue v = butterfly->contiguous()[i].get();1015 JSValue v = m_butterfly->contiguous()[i].get(); 1027 1016 ASSERT(v); 1028 butterfly->contiguous()[i + count].setWithoutWriteBarrier(v);1017 m_butterfly->contiguous()[i + count].setWithoutWriteBarrier(v); 1029 1018 } 1030 1019 … … 1038 1027 1039 1028 case ArrayWithDouble: { 1040 unsigned oldLength = butterfly->publicLength();1029 unsigned oldLength = m_butterfly->publicLength(); 1041 1030 1042 1031 // We may have to walk the entire array to do the unshift. We're willing to do so … … 1046 1035 1047 1036 ensureLength(exec->vm(), oldLength + count); 1048 butterfly = m_butterfly.get(this);1049 1037 1050 1038 // We have to check for holes before we start moving things around so that we don't get halfway 1051 1039 // through shifting and then realize we should have been in ArrayStorage mode. 1052 1040 for (unsigned i = oldLength; i-- > startIndex;) { 1053 double v = butterfly->contiguousDouble()[i];1041 double v = m_butterfly->contiguousDouble()[i]; 1054 1042 if (UNLIKELY(v != v)) 1055 1043 return unshiftCountWithArrayStorage(exec, startIndex, count, ensureArrayStorage(exec->vm())); … … 1057 1045 1058 1046 for (unsigned i = oldLength; i-- > startIndex;) { 1059 double v = butterfly->contiguousDouble()[i];1047 double v = m_butterfly->contiguousDouble()[i]; 1060 1048 ASSERT(v == v); 1061 butterfly->contiguousDouble()[i + count] = v;1049 m_butterfly->contiguousDouble()[i + count] = v; 1062 1050 } 1063 1051 … … 1085 1073 unsigned vectorEnd; 1086 1074 WriteBarrier<Unknown>* vector; 1087 1088 Butterfly* butterfly = m_butterfly.get(this);1089 1075 1090 1076 switch (indexingType()) { … … 1100 1086 case ArrayWithInt32: 1101 1087 case ArrayWithContiguous: { 1102 vectorEnd = butterfly->publicLength();1103 vector = butterfly->contiguous().data();1088 vectorEnd = m_butterfly->publicLength(); 1089 vector = m_butterfly->contiguous().data(); 1104 1090 break; 1105 1091 } … … 1108 1094 vector = 0; 1109 1095 vectorEnd = 0; 1110 for (; i < butterfly->publicLength(); ++i) {1111 double v = butterfly ->contiguousDouble()[i];1096 for (; i < m_butterfly->publicLength(); ++i) { 1097 double v = butterfly()->contiguousDouble()[i]; 1112 1098 if (v != v) 1113 1099 break; … … 1118 1104 1119 1105 case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES: { 1120 ArrayStorage* storage = butterfly->arrayStorage();1106 ArrayStorage* storage = m_butterfly->arrayStorage(); 1121 1107 1122 1108 vector = storage->m_vector; … … 1156 1142 ASSERT(length == this->length()); 1157 1143 1158 Butterfly* butterfly = m_butterfly.get(this);1159 1160 1144 switch (indexingType()) { 1161 1145 case ArrayClass: … … 1170 1154 case ArrayWithInt32: 1171 1155 case ArrayWithContiguous: { 1172 vector = butterfly->contiguous().data();1173 vectorEnd = butterfly->publicLength();1156 vector = m_butterfly->contiguous().data(); 1157 vectorEnd = m_butterfly->publicLength(); 1174 1158 break; 1175 1159 } … … 1178 1162 vector = 0; 1179 1163 vectorEnd = 0; 1180 for (; i < butterfly->publicLength(); ++i) {1181 ASSERT(i < butterfly ->vectorLength());1182 double v = butterfly->contiguousDouble()[i];1164 for (; i < m_butterfly->publicLength(); ++i) { 1165 ASSERT(i < butterfly()->vectorLength()); 1166 double v = m_butterfly->contiguousDouble()[i]; 1183 1167 if (v != v) 1184 1168 break; … … 1189 1173 1190 1174 case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES: { 1191 ArrayStorage* storage = butterfly->arrayStorage();1175 ArrayStorage* storage = m_butterfly->arrayStorage(); 1192 1176 vector = storage->m_vector; 1193 1177 vectorEnd = min(length, storage->vectorLength()); -
tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp
r190896 r191150 89 89 unsigned byteOffset, unsigned length) 90 90 : m_structure(structure) 91 , m_vector(static_cast<uint8_t*>(arrayBuffer->data()) + byteOffset) 91 92 , m_length(length) 92 93 , m_mode(WastefulTypedArray) 93 94 { 94 m_vector = static_cast<uint8_t*>(arrayBuffer->data()) + byteOffset;95 95 IndexingHeader indexingHeader; 96 96 indexingHeader.setArrayBuffer(arrayBuffer.get()); … … 102 102 unsigned byteOffset, unsigned length, DataViewTag) 103 103 : m_structure(structure) 104 , m_vector(static_cast<uint8_t*>(arrayBuffer->data()) + byteOffset) 104 105 , m_length(length) 105 106 , m_mode(DataViewMode) 106 107 , m_butterfly(0) 107 108 { 108 m_vector = static_cast<uint8_t*>(arrayBuffer->data()) + byteOffset;109 109 } 110 110 111 111 JSArrayBufferView::JSArrayBufferView(VM& vm, ConstructionContext& context) 112 112 : Base(vm, context.structure(), context.butterfly()) 113 , m_vector(context.vector()) 113 114 , m_length(context.length()) 114 115 , m_mode(context.mode()) 115 116 { 116 m_vector.setWithoutBarrier(static_cast<char*>(context.vector()));117 117 } 118 118 … … 216 216 ASSERT(thisObject->m_mode == OversizeTypedArray || thisObject->m_mode == WastefulTypedArray); 217 217 if (thisObject->m_mode == OversizeTypedArray) 218 fastFree(thisObject->m_vector .getWithoutBarrier());218 fastFree(thisObject->m_vector); 219 219 } 220 220 -
tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSArrayBufferView.h
r190896 r191150 162 162 void neuter(); 163 163 164 void* vector() { return m_vector .get(this); }164 void* vector() { return m_vector; } 165 165 unsigned byteOffset(); 166 166 unsigned length() const { return m_length; } … … 178 178 ArrayBuffer* existingBufferInButterfly(); 179 179 180 CopyBarrier<char> m_vector; // this is really a void*, but void would not work here.180 void* m_vector; 181 181 uint32_t m_length; 182 182 TypedArrayMode m_mode; -
tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h
r190896 r191150 60 60 ASSERT(hasArrayBuffer()); 61 61 m_length = 0; 62 m_vector .clear();62 m_vector = 0; 63 63 } 64 64 … … 69 69 70 70 ptrdiff_t delta = 71 bitwise_cast<uint8_t*>(m_vector.get(this)) - static_cast<uint8_t*>(buffer()->data());71 static_cast<uint8_t*>(m_vector) - static_cast<uint8_t*>(buffer()->data()); 72 72 73 73 unsigned result = static_cast<unsigned>(delta); -
tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h
r190896 r191150 109 109 const typename Adaptor::Type* typedVector() const 110 110 { 111 return bitwise_cast<const typename Adaptor::Type*>(m_vector.get(this));111 return static_cast<const typename Adaptor::Type*>(m_vector); 112 112 } 113 113 typename Adaptor::Type* typedVector() 114 114 { 115 return bitwise_cast<typename Adaptor::Type*>(m_vector.get(this));115 return static_cast<typename Adaptor::Type*>(m_vector); 116 116 } 117 117 -
tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h
r190896 r191150 442 442 case FastTypedArray: { 443 443 if (thisObject->m_vector) 444 visitor.copyLater(thisObject, TypedArrayVectorCopyToken, thisObject->m_vector .getWithoutBarrier(), thisObject->byteSize());444 visitor.copyLater(thisObject, TypedArrayVectorCopyToken, thisObject->m_vector, thisObject->byteSize()); 445 445 break; 446 446 } … … 469 469 470 470 if (token == TypedArrayVectorCopyToken 471 && visitor.checkIfShouldCopy(thisObject->m_vector .getWithoutBarrier())) {471 && visitor.checkIfShouldCopy(thisObject->m_vector)) { 472 472 ASSERT(thisObject->m_vector); 473 void* oldVector = thisObject->m_vector .get(thisObject);473 void* oldVector = thisObject->m_vector; 474 474 void* newVector = visitor.allocateNewSpace(thisObject->byteSize()); 475 475 memcpy(newVector, oldVector, thisObject->byteSize()); 476 thisObject->m_vector .setWithoutBarrier(static_cast<char*>(newVector));476 thisObject->m_vector = newVector; 477 477 visitor.didCopy(oldVector, thisObject->byteSize()); 478 478 } … … 509 509 ASSERT(thisObject->m_vector); 510 510 // Reuse already allocated memory if at all possible. 511 thisObject->m_butterfly.setWithout Barrier(512 bitwise_cast<IndexingHeader*>(thisObject->m_vector.get(thisObject))->butterfly());511 thisObject->m_butterfly.setWithoutWriteBarrier( 512 static_cast<IndexingHeader*>(thisObject->m_vector)->butterfly()); 513 513 } else { 514 514 VM& vm = *heap->vm(); … … 522 522 switch (thisObject->m_mode) { 523 523 case FastTypedArray: 524 buffer = ArrayBuffer::create(thisObject->m_vector .get(thisObject), thisObject->byteLength());524 buffer = ArrayBuffer::create(thisObject->m_vector, thisObject->byteLength()); 525 525 break; 526 526 … … 529 529 // cost, since right now this case will cause the GC to think that we reallocated 530 530 // the whole buffer. 531 buffer = ArrayBuffer::createAdopted(thisObject->m_vector .get(thisObject), thisObject->byteLength());531 buffer = ArrayBuffer::createAdopted(thisObject->m_vector, thisObject->byteLength()); 532 532 break; 533 533 … … 538 538 539 539 thisObject->butterfly()->indexingHeader()->setArrayBuffer(buffer.get()); 540 thisObject->m_vector .setWithoutBarrier(static_cast<char*>(buffer->data()));540 thisObject->m_vector = buffer->data(); 541 541 thisObject->m_mode = WastefulTypedArray; 542 542 heap->addReference(thisObject, buffer.get()); -
tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSMap.h
r190896 r191150 118 118 JSMap(VM& vm, Structure* structure) 119 119 : Base(vm, structure) 120 , m_mapData(vm , this)120 , m_mapData(vm) 121 121 { 122 122 } -
tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSObject.cpp
r191149 r191150 151 151 } 152 152 153 m_butterfly.setWithout Barrier(newButterfly);153 m_butterfly.setWithoutWriteBarrier(newButterfly); 154 154 visitor.didCopy(butterfly->base(preCapacity, propertyCapacity), capacityInBytes); 155 155 } … … 207 207 JSCell::visitChildren(thisObject, visitor); 208 208 209 Butterfly* butterfly = thisObject-> m_butterfly.getWithoutBarrier();209 Butterfly* butterfly = thisObject->butterfly(); 210 210 if (butterfly) 211 211 thisObject->visitButterfly(visitor, butterfly, thisObject->structure(visitor.vm())->outOfLineSize()); … … 224 224 return; 225 225 226 Butterfly* butterfly = thisObject-> m_butterfly.getWithoutBarrier();226 Butterfly* butterfly = thisObject->butterfly(); 227 227 if (butterfly) 228 228 thisObject->copyButterfly(visitor, butterfly, thisObject->structure()->outOfLineSize()); … … 342 342 343 343 case ALL_ARRAY_STORAGE_INDEXING_TYPES: { 344 ArrayStorage* storage = thisObject->m_butterfly .get(thisObject)->arrayStorage();344 ArrayStorage* storage = thisObject->m_butterfly->arrayStorage(); 345 345 if (i >= storage->length()) 346 346 return false; … … 515 515 case NonArrayWithArrayStorage: 516 516 case ArrayWithArrayStorage: { 517 ArrayStorage* storage = thisObject->m_butterfly .get(thisObject)->arrayStorage();517 ArrayStorage* storage = thisObject->m_butterfly->arrayStorage(); 518 518 519 519 if (propertyName >= storage->vectorLength()) … … 537 537 case NonArrayWithSlowPutArrayStorage: 538 538 case ArrayWithSlowPutArrayStorage: { 539 ArrayStorage* storage = thisObject->m_butterfly .get(thisObject)->arrayStorage();539 ArrayStorage* storage = thisObject->m_butterfly->arrayStorage(); 540 540 541 541 if (propertyName >= storage->vectorLength()) … … 614 614 break; 615 615 case ALL_ARRAY_STORAGE_INDEXING_TYPES: 616 enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, m_butterfly .get(this)->arrayStorage());616 enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, m_butterfly->arrayStorage()); 617 617 break; 618 618 … … 644 644 unsigned vectorLength = std::max(length, BASE_VECTOR_LEN); 645 645 Butterfly* newButterfly = Butterfly::createOrGrowArrayRight( 646 m_butterfly.get( this), vm, this, structure(), structure()->outOfLineCapacity(), false, 0,646 m_butterfly.get(), vm, this, structure(), structure()->outOfLineCapacity(), false, 0, 647 647 elementSize * vectorLength); 648 648 newButterfly->setPublicLength(length); … … 696 696 ASSERT_UNUSED(oldType, !hasIndexedProperties(oldType)); 697 697 Butterfly* newButterfly = Butterfly::createOrGrowArrayRight( 698 m_butterfly.get( this), vm, this, structure, structure->outOfLineCapacity(), false, 0,698 m_butterfly.get(), vm, this, structure, structure->outOfLineCapacity(), false, 0, 699 699 ArrayStorage::sizeFor(vectorLength)); 700 700 RELEASE_ASSERT(newButterfly); … … 720 720 ASSERT(hasUndecided(indexingType())); 721 721 setStructure(vm, Structure::nonPropertyTransition(vm, structure(vm), AllocateInt32)); 722 return m_butterfly .get(this)->contiguousInt32();722 return m_butterfly->contiguousInt32(); 723 723 } 724 724 … … 726 726 { 727 727 ASSERT(hasUndecided(indexingType())); 728 729 Butterfly* butterfly = m_butterfly.get(this); 730 for (unsigned i = butterfly->vectorLength(); i--;) 731 butterfly->contiguousDouble()[i] = PNaN; 728 729 for (unsigned i = m_butterfly->vectorLength(); i--;) 730 m_butterfly->contiguousDouble()[i] = PNaN; 732 731 733 732 setStructure(vm, Structure::nonPropertyTransition(vm, structure(vm), AllocateDouble)); 734 return m_butterfly .get(this)->contiguousDouble();733 return m_butterfly->contiguousDouble(); 735 734 } 736 735 … … 739 738 ASSERT(hasUndecided(indexingType())); 740 739 setStructure(vm, Structure::nonPropertyTransition(vm, structure(vm), AllocateContiguous)); 741 return m_butterfly .get(this)->contiguous();740 return m_butterfly->contiguous(); 742 741 } 743 742 … … 745 744 { 746 745 Structure* structure = this->structure(vm); 747 unsigned publicLength = m_butterfly .get(this)->publicLength();746 unsigned publicLength = m_butterfly->publicLength(); 748 747 unsigned propertyCapacity = structure->outOfLineCapacity(); 749 748 unsigned propertySize = structure->outOfLineSize(); … … 754 753 memcpy( 755 754 newButterfly->propertyStorage() - propertySize, 756 m_butterfly .get(this)->propertyStorage() - propertySize,755 m_butterfly->propertyStorage() - propertySize, 757 756 propertySize * sizeof(EncodedJSValue)); 758 757 … … 772 771 ASSERT(hasUndecided(indexingType())); 773 772 774 unsigned vectorLength = m_butterfly .get(this)->vectorLength();773 unsigned vectorLength = m_butterfly->vectorLength(); 775 774 ArrayStorage* storage = constructConvertedArrayStorageWithoutCopyingElements(vm, vectorLength); 776 775 // No need to copy elements. … … 789 788 { 790 789 ASSERT(hasInt32(indexingType())); 791 792 Butterfly* butterfly = m_butterfly.get(this); 793 for (unsigned i = butterfly->vectorLength(); i--;) { 794 WriteBarrier<Unknown>* current = &butterfly->contiguousInt32()[i]; 790 791 for (unsigned i = m_butterfly->vectorLength(); i--;) { 792 WriteBarrier<Unknown>* current = &m_butterfly->contiguousInt32()[i]; 795 793 double* currentAsDouble = bitwise_cast<double*>(current); 796 794 JSValue v = current->get(); … … 804 802 805 803 setStructure(vm, Structure::nonPropertyTransition(vm, structure(vm), AllocateDouble)); 806 return m_butterfly .get(this)->contiguousDouble();804 return m_butterfly->contiguousDouble(); 807 805 } 808 806 … … 812 810 813 811 setStructure(vm, Structure::nonPropertyTransition(vm, structure(vm), AllocateContiguous)); 814 return m_butterfly .get(this)->contiguous();812 return m_butterfly->contiguous(); 815 813 } 816 814 … … 820 818 ASSERT(hasInt32(indexingType())); 821 819 822 unsigned vectorLength = m_butterfly .get(this)->vectorLength();820 unsigned vectorLength = m_butterfly->vectorLength(); 823 821 ArrayStorage* newStorage = constructConvertedArrayStorageWithoutCopyingElements(vm, vectorLength); 824 Butterfly* butterfly = m_butterfly.get(this); 825 for (unsigned i = 0; i < butterfly->publicLength(); i++) { 826 JSValue v = butterfly->contiguous()[i].get(); 822 for (unsigned i = 0; i < m_butterfly->publicLength(); i++) { 823 JSValue v = m_butterfly->contiguous()[i].get(); 827 824 if (v) { 828 825 newStorage->m_vector[i].setWithoutWriteBarrier(v); … … 845 842 { 846 843 ASSERT(hasDouble(indexingType())); 847 848 Butterfly* butterfly = m_butterfly.get(this); 849 for (unsigned i = butterfly->vectorLength(); i--;) { 850 double* current = &butterfly->contiguousDouble()[i]; 844 845 for (unsigned i = m_butterfly->vectorLength(); i--;) { 846 double* current = &m_butterfly->contiguousDouble()[i]; 851 847 WriteBarrier<Unknown>* currentAsValue = bitwise_cast<WriteBarrier<Unknown>*>(current); 852 848 double value = *current; … … 860 856 861 857 setStructure(vm, Structure::nonPropertyTransition(vm, structure(vm), AllocateContiguous)); 862 return m_butterfly .get(this)->contiguous();858 return m_butterfly->contiguous(); 863 859 } 864 860 … … 868 864 ASSERT(hasDouble(indexingType())); 869 865 870 unsigned vectorLength = m_butterfly .get(this)->vectorLength();866 unsigned vectorLength = m_butterfly->vectorLength(); 871 867 ArrayStorage* newStorage = constructConvertedArrayStorageWithoutCopyingElements(vm, vectorLength); 872 Butterfly* butterfly = m_butterfly.get(this); 873 for (unsigned i = 0; i < butterfly->publicLength(); i++) { 874 double value = butterfly->contiguousDouble()[i]; 868 for (unsigned i = 0; i < m_butterfly->publicLength(); i++) { 869 double value = m_butterfly->contiguousDouble()[i]; 875 870 if (value == value) { 876 871 newStorage->m_vector[i].setWithoutWriteBarrier(JSValue(JSValue::EncodeAsDouble, value)); … … 895 890 ASSERT(hasContiguous(indexingType())); 896 891 897 unsigned vectorLength = m_butterfly .get(this)->vectorLength();892 unsigned vectorLength = m_butterfly->vectorLength(); 898 893 ArrayStorage* newStorage = constructConvertedArrayStorageWithoutCopyingElements(vm, vectorLength); 899 Butterfly* butterfly = m_butterfly.get(this); 900 for (unsigned i = 0; i < butterfly->publicLength(); i++) { 901 JSValue v = butterfly->contiguous()[i].get(); 894 for (unsigned i = 0; i < m_butterfly->publicLength(); i++) { 895 JSValue v = m_butterfly->contiguous()[i].get(); 902 896 if (v) { 903 897 newStorage->m_vector[i].setWithoutWriteBarrier(v); … … 964 958 void JSObject::setIndexQuicklyToUndecided(VM& vm, unsigned index, JSValue value) 965 959 { 966 ASSERT(index < m_butterfly .get(this)->publicLength());967 ASSERT(index < m_butterfly .get(this)->vectorLength());960 ASSERT(index < m_butterfly->publicLength()); 961 ASSERT(index < m_butterfly->vectorLength()); 968 962 convertUndecidedForValue(vm, value); 969 963 setIndexQuickly(vm, index, value); … … 1121 1115 1122 1116 case ALL_ARRAY_STORAGE_INDEXING_TYPES: 1123 return enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, m_butterfly .get(this)->arrayStorage());1117 return enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, m_butterfly->arrayStorage()); 1124 1118 1125 1119 default: … … 1363 1357 1364 1358 case ALL_ARRAY_STORAGE_INDEXING_TYPES: { 1365 ArrayStorage* storage = thisObject->m_butterfly .get(thisObject)->arrayStorage();1359 ArrayStorage* storage = thisObject->m_butterfly->arrayStorage(); 1366 1360 1367 1361 if (i < storage->vectorLength()) { … … 1553 1547 1554 1548 case ALL_ARRAY_STORAGE_INDEXING_TYPES: { 1555 ArrayStorage* storage = object->m_butterfly .get(object)->arrayStorage();1549 ArrayStorage* storage = object->m_butterfly->arrayStorage(); 1556 1550 1557 1551 unsigned usedVectorLength = std::min(storage->length(), storage->vectorLength()); … … 1706 1700 { 1707 1701 VM& vm = exec->vm(); 1708 auto map = m_butterfly .get(this)->arrayStorage()->m_sparseMap.get();1702 auto map = m_butterfly->arrayStorage()->m_sparseMap.get(); 1709 1703 1710 1704 if (descriptor.isDataDescriptor()) { … … 1765 1759 notifyPresenceOfIndexedAccessors(exec->vm()); 1766 1760 1767 SparseArrayValueMap* map = m_butterfly .get(this)->arrayStorage()->m_sparseMap.get();1761 SparseArrayValueMap* map = m_butterfly->arrayStorage()->m_sparseMap.get(); 1768 1762 RELEASE_ASSERT(map); 1769 1763 … … 1797 1791 1798 1792 putIndexedDescriptor(exec, entryInMap, descriptor, defaults); 1799 Butterfly* butterfly = m_butterfly.get(this); 1800 if (index >= butterfly->arrayStorage()->length()) 1801 butterfly->arrayStorage()->setLength(index + 1); 1793 if (index >= m_butterfly->arrayStorage()->length()) 1794 m_butterfly->arrayStorage()->setLength(index + 1); 1802 1795 return true; 1803 1796 } … … 1919 1912 ASSERT((indexingType() & IndexingShapeMask) == indexingShape); 1920 1913 ASSERT(!indexingShouldBeSparse()); 1921 1922 Butterfly* butterfly = m_butterfly.get(this);1923 1914 1924 1915 // For us to get here, the index is either greater than the public length, or greater than 1925 1916 // or equal to the vector length. 1926 ASSERT(i >= butterfly->vectorLength());1917 ASSERT(i >= m_butterfly->vectorLength()); 1927 1918 1928 1919 VM& vm = exec->vm(); … … 1930 1921 if (i >= MAX_ARRAY_INDEX - 1 1931 1922 || (i >= MIN_SPARSE_ARRAY_INDEX 1932 && !isDenseEnoughForVector(i, countElements<indexingShape>(butterfly )))1933 || indexIsSufficientlyBeyondLengthForSparseMap(i, butterfly->vectorLength())) {1923 && !isDenseEnoughForVector(i, countElements<indexingShape>(butterfly()))) 1924 || indexIsSufficientlyBeyondLengthForSparseMap(i, m_butterfly->vectorLength())) { 1934 1925 ASSERT(i <= MAX_ARRAY_INDEX); 1935 1926 ensureArrayStorageSlow(vm); … … 1942 1933 1943 1934 ensureLength(vm, i + 1); 1944 butterfly = m_butterfly.get(this); 1945 1946 RELEASE_ASSERT(i < butterfly->vectorLength()); 1935 1936 RELEASE_ASSERT(i < m_butterfly->vectorLength()); 1947 1937 switch (indexingShape) { 1948 1938 case Int32Shape: 1949 1939 ASSERT(value.isInt32()); 1950 butterfly->contiguousInt32()[i].setWithoutWriteBarrier(value);1940 m_butterfly->contiguousInt32()[i].setWithoutWriteBarrier(value); 1951 1941 break; 1952 1942 … … 1955 1945 double valueAsDouble = value.asNumber(); 1956 1946 ASSERT(valueAsDouble == valueAsDouble); 1957 butterfly->contiguousDouble()[i] = valueAsDouble;1947 m_butterfly->contiguousDouble()[i] = valueAsDouble; 1958 1948 break; 1959 1949 } 1960 1950 1961 1951 case ContiguousShape: 1962 butterfly->contiguous()[i].set(vm, this, value);1952 m_butterfly->contiguous()[i].set(vm, this, value); 1963 1953 break; 1964 1954 … … 2234 2224 case ALL_INT32_INDEXING_TYPES: { 2235 2225 if (attributes) { 2236 if (i < m_butterfly .get(this)->vectorLength())2226 if (i < m_butterfly->vectorLength()) 2237 2227 return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm)); 2238 2228 return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, convertInt32ToArrayStorage(vm)); … … 2248 2238 case ALL_DOUBLE_INDEXING_TYPES: { 2249 2239 if (attributes) { 2250 if (i < m_butterfly .get(this)->vectorLength())2240 if (i < m_butterfly->vectorLength()) 2251 2241 return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm)); 2252 2242 return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, convertDoubleToArrayStorage(vm)); … … 2267 2257 case ALL_CONTIGUOUS_INDEXING_TYPES: { 2268 2258 if (attributes) { 2269 if (i < m_butterfly .get(this)->vectorLength())2259 if (i < m_butterfly->vectorLength()) 2270 2260 return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm)); 2271 2261 return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, convertContiguousToArrayStorage(vm)); … … 2277 2267 case ALL_ARRAY_STORAGE_INDEXING_TYPES: 2278 2268 if (attributes) { 2279 if (i < m_butterfly .get(this)->vectorLength())2269 if (i < m_butterfly->vectorLength()) 2280 2270 return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm)); 2281 2271 } … … 2358 2348 2359 2349 if (hasIndexedProperties(indexingType())) { 2360 vectorLength = m_butterfly .get(this)->vectorLength();2361 length = m_butterfly .get(this)->publicLength();2350 vectorLength = m_butterfly->vectorLength(); 2351 length = m_butterfly->publicLength(); 2362 2352 } else { 2363 2353 vectorLength = 0; … … 2465 2455 void JSObject::ensureLengthSlow(VM& vm, unsigned length) 2466 2456 { 2467 Butterfly* butterfly = m_butterfly.get(this);2468 2469 2457 ASSERT(length < MAX_ARRAY_INDEX); 2470 2458 ASSERT(hasContiguous(indexingType()) || hasInt32(indexingType()) || hasDouble(indexingType()) || hasUndecided(indexingType())); 2471 ASSERT(length > butterfly->vectorLength());2459 ASSERT(length > m_butterfly->vectorLength()); 2472 2460 2473 2461 unsigned newVectorLength = std::min( 2474 2462 length << 1, 2475 2463 MAX_STORAGE_VECTOR_LENGTH); 2476 unsigned oldVectorLength = butterfly->vectorLength();2464 unsigned oldVectorLength = m_butterfly->vectorLength(); 2477 2465 DeferGC deferGC(vm.heap); 2478 butterfly =butterfly->growArrayRight(2466 m_butterfly.set(vm, this, m_butterfly->growArrayRight( 2479 2467 vm, this, structure(), structure()->outOfLineCapacity(), true, 2480 2468 oldVectorLength * sizeof(EncodedJSValue), 2481 newVectorLength * sizeof(EncodedJSValue)); 2482 m_butterfly.set(vm, this, butterfly); 2483 2484 butterfly->setVectorLength(newVectorLength); 2469 newVectorLength * sizeof(EncodedJSValue))); 2470 2471 m_butterfly->setVectorLength(newVectorLength); 2485 2472 2486 2473 if (hasDouble(indexingType())) { 2487 2474 for (unsigned i = oldVectorLength; i < newVectorLength; ++i) 2488 butterfly->contiguousDouble().data()[i] = PNaN;2475 m_butterfly->contiguousDouble().data()[i] = PNaN; 2489 2476 } 2490 2477 } … … 2499 2486 2500 2487 DeferGC deferGC(vm.heap); 2501 Butterfly* newButterfly = m_butterfly .get(this)->resizeArray(vm, this, structure(), 0, ArrayStorage::sizeFor(length));2488 Butterfly* newButterfly = m_butterfly->resizeArray(vm, this, structure(), 0, ArrayStorage::sizeFor(length)); 2502 2489 m_butterfly.set(vm, this, newButterfly); 2503 newButterfly->setVectorLength(length);2504 newButterfly->setPublicLength(length);2490 m_butterfly->setVectorLength(length); 2491 m_butterfly->setPublicLength(length); 2505 2492 } 2506 2493 … … 2512 2499 // capacity, since we might have already mutated the structure in-place. 2513 2500 2514 return Butterfly::createOrGrowPropertyStorage(m_butterfly.get( this), vm, this, structure(vm), oldSize, newSize);2501 return Butterfly::createOrGrowPropertyStorage(m_butterfly.get(), vm, this, structure(vm), oldSize, newSize); 2515 2502 } 2516 2503 … … 2799 2786 2800 2787 case ALL_ARRAY_STORAGE_INDEXING_TYPES: { 2801 ArrayStorage* storage = object->m_butterfly .get(object)->arrayStorage();2788 ArrayStorage* storage = object->m_butterfly->arrayStorage(); 2802 2789 if (storage->m_sparseMap.get()) 2803 2790 return 0; -
tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSObject.h
r190896 r191150 31 31 #include "ClassInfo.h" 32 32 #include "CommonIdentifiers.h" 33 #include "Copy Barrier.h"33 #include "CopyWriteBarrier.h" 34 34 #include "CustomGetterSetter.h" 35 35 #include "DeferGC.h" … … 132 132 if (!hasIndexedProperties(indexingType())) 133 133 return 0; 134 return m_butterfly .get(this)->publicLength();134 return m_butterfly->publicLength(); 135 135 } 136 136 … … 139 139 if (!hasIndexedProperties(indexingType())) 140 140 return 0; 141 return m_butterfly .get(this)->vectorLength();141 return m_butterfly->vectorLength(); 142 142 } 143 143 … … 182 182 bool canGetIndexQuickly(unsigned i) 183 183 { 184 Butterfly* butterfly = m_butterfly.get(this);185 184 switch (indexingType()) { 186 185 case ALL_BLANK_INDEXING_TYPES: … … 189 188 case ALL_INT32_INDEXING_TYPES: 190 189 case ALL_CONTIGUOUS_INDEXING_TYPES: 191 return i < butterfly->vectorLength() &&butterfly->contiguous()[i];190 return i < m_butterfly->vectorLength() && m_butterfly->contiguous()[i]; 192 191 case ALL_DOUBLE_INDEXING_TYPES: { 193 if (i >= butterfly->vectorLength())192 if (i >= m_butterfly->vectorLength()) 194 193 return false; 195 double value = butterfly->contiguousDouble()[i];194 double value = m_butterfly->contiguousDouble()[i]; 196 195 if (value != value) 197 196 return false; … … 199 198 } 200 199 case ALL_ARRAY_STORAGE_INDEXING_TYPES: 201 return i < butterfly->arrayStorage()->vectorLength() &&butterfly->arrayStorage()->m_vector[i];200 return i < m_butterfly->arrayStorage()->vectorLength() && m_butterfly->arrayStorage()->m_vector[i]; 202 201 default: 203 202 RELEASE_ASSERT_NOT_REACHED(); … … 208 207 JSValue getIndexQuickly(unsigned i) 209 208 { 210 Butterfly* butterfly = m_butterfly.get(this);211 209 switch (indexingType()) { 212 210 case ALL_INT32_INDEXING_TYPES: 213 return jsNumber( butterfly->contiguous()[i].get().asInt32());211 return jsNumber(m_butterfly->contiguous()[i].get().asInt32()); 214 212 case ALL_CONTIGUOUS_INDEXING_TYPES: 215 return butterfly->contiguous()[i].get();213 return m_butterfly->contiguous()[i].get(); 216 214 case ALL_DOUBLE_INDEXING_TYPES: 217 return JSValue(JSValue::EncodeAsDouble, butterfly->contiguousDouble()[i]);215 return JSValue(JSValue::EncodeAsDouble, m_butterfly->contiguousDouble()[i]); 218 216 case ALL_ARRAY_STORAGE_INDEXING_TYPES: 219 return butterfly->arrayStorage()->m_vector[i].get();217 return m_butterfly->arrayStorage()->m_vector[i].get(); 220 218 default: 221 219 RELEASE_ASSERT_NOT_REACHED(); … … 226 224 JSValue tryGetIndexQuickly(unsigned i) const 227 225 { 228 Butterfly* butterfly = m_butterfly.get(this);229 226 switch (indexingType()) { 230 227 case ALL_BLANK_INDEXING_TYPES: … … 232 229 break; 233 230 case ALL_INT32_INDEXING_TYPES: 234 if (i < butterfly->publicLength()) {235 JSValue result = butterfly->contiguous()[i].get();231 if (i < m_butterfly->publicLength()) { 232 JSValue result = m_butterfly->contiguous()[i].get(); 236 233 ASSERT(result.isInt32() || !result); 237 234 return result; … … 239 236 break; 240 237 case ALL_CONTIGUOUS_INDEXING_TYPES: 241 if (i < butterfly->publicLength())242 return butterfly->contiguous()[i].get();238 if (i < m_butterfly->publicLength()) 239 return m_butterfly->contiguous()[i].get(); 243 240 break; 244 241 case ALL_DOUBLE_INDEXING_TYPES: { 245 if (i >= butterfly->publicLength())242 if (i >= m_butterfly->publicLength()) 246 243 break; 247 double result = butterfly->contiguousDouble()[i];244 double result = m_butterfly->contiguousDouble()[i]; 248 245 if (result != result) 249 246 break; … … 251 248 } 252 249 case ALL_ARRAY_STORAGE_INDEXING_TYPES: 253 if (i < butterfly->arrayStorage()->vectorLength())254 return butterfly->arrayStorage()->m_vector[i].get();250 if (i < m_butterfly->arrayStorage()->vectorLength()) 251 return m_butterfly->arrayStorage()->m_vector[i].get(); 255 252 break; 256 253 default: … … 280 277 bool canSetIndexQuickly(unsigned i) 281 278 { 282 Butterfly* butterfly = m_butterfly.get(this);283 279 switch (indexingType()) { 284 280 case ALL_BLANK_INDEXING_TYPES: … … 290 286 case NonArrayWithArrayStorage: 291 287 case ArrayWithArrayStorage: 292 return i < butterfly->vectorLength();288 return i < m_butterfly->vectorLength(); 293 289 case NonArrayWithSlowPutArrayStorage: 294 290 case ArrayWithSlowPutArrayStorage: 295 return i < butterfly->arrayStorage()->vectorLength()296 && !! butterfly->arrayStorage()->m_vector[i];291 return i < m_butterfly->arrayStorage()->vectorLength() 292 && !!m_butterfly->arrayStorage()->m_vector[i]; 297 293 default: 298 294 RELEASE_ASSERT_NOT_REACHED(); … … 311 307 case ALL_CONTIGUOUS_INDEXING_TYPES: 312 308 case ALL_ARRAY_STORAGE_INDEXING_TYPES: 313 return i < m_butterfly .get(this)->vectorLength();309 return i < m_butterfly->vectorLength(); 314 310 default: 315 311 RELEASE_ASSERT_NOT_REACHED(); … … 320 316 void setIndexQuickly(VM& vm, unsigned i, JSValue v) 321 317 { 322 Butterfly* butterfly = m_butterfly.get(this);323 318 switch (indexingType()) { 324 319 case ALL_INT32_INDEXING_TYPES: { 325 ASSERT(i < butterfly->vectorLength());320 ASSERT(i < m_butterfly->vectorLength()); 326 321 if (!v.isInt32()) { 327 322 convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(vm, i, v); … … 331 326 } 332 327 case ALL_CONTIGUOUS_INDEXING_TYPES: { 333 ASSERT(i < butterfly->vectorLength());334 butterfly->contiguous()[i].set(vm, this, v);335 if (i >= butterfly->publicLength())336 butterfly->setPublicLength(i + 1);328 ASSERT(i < m_butterfly->vectorLength()); 329 m_butterfly->contiguous()[i].set(vm, this, v); 330 if (i >= m_butterfly->publicLength()) 331 m_butterfly->setPublicLength(i + 1); 337 332 break; 338 333 } 339 334 case ALL_DOUBLE_INDEXING_TYPES: { 340 ASSERT(i < butterfly->vectorLength());335 ASSERT(i < m_butterfly->vectorLength()); 341 336 if (!v.isNumber()) { 342 337 convertDoubleToContiguousWhilePerformingSetIndex(vm, i, v); … … 348 343 return; 349 344 } 350 butterfly->contiguousDouble()[i] = value;351 if (i >= butterfly->publicLength())352 butterfly->setPublicLength(i + 1);345 m_butterfly->contiguousDouble()[i] = value; 346 if (i >= m_butterfly->publicLength()) 347 m_butterfly->setPublicLength(i + 1); 353 348 break; 354 349 } 355 350 case ALL_ARRAY_STORAGE_INDEXING_TYPES: { 356 ArrayStorage* storage = butterfly->arrayStorage();351 ArrayStorage* storage = m_butterfly->arrayStorage(); 357 352 WriteBarrier<Unknown>& x = storage->m_vector[i]; 358 353 JSValue old = x.get(); … … 377 372 void initializeIndex(VM& vm, unsigned i, JSValue v, IndexingType indexingType) 378 373 { 379 Butterfly* butterfly = m_butterfly.get(this);380 374 switch (indexingType) { 381 375 case ALL_UNDECIDED_INDEXING_TYPES: { … … 384 378 } 385 379 case ALL_INT32_INDEXING_TYPES: { 386 ASSERT(i < butterfly->publicLength());387 ASSERT(i < butterfly->vectorLength());380 ASSERT(i < m_butterfly->publicLength()); 381 ASSERT(i < m_butterfly->vectorLength()); 388 382 if (!v.isInt32()) { 389 383 convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(vm, i, v); … … 393 387 } 394 388 case ALL_CONTIGUOUS_INDEXING_TYPES: { 395 ASSERT(i < butterfly->publicLength());396 ASSERT(i < butterfly->vectorLength());397 butterfly->contiguous()[i].set(vm, this, v);389 ASSERT(i < m_butterfly->publicLength()); 390 ASSERT(i < m_butterfly->vectorLength()); 391 m_butterfly->contiguous()[i].set(vm, this, v); 398 392 break; 399 393 } 400 394 case ALL_DOUBLE_INDEXING_TYPES: { 401 ASSERT(i < butterfly->publicLength());402 ASSERT(i < butterfly->vectorLength());395 ASSERT(i < m_butterfly->publicLength()); 396 ASSERT(i < m_butterfly->vectorLength()); 403 397 if (!v.isNumber()) { 404 398 convertDoubleToContiguousWhilePerformingSetIndex(vm, i, v); … … 410 404 return; 411 405 } 412 butterfly->contiguousDouble()[i] = value;406 m_butterfly->contiguousDouble()[i] = value; 413 407 break; 414 408 } 415 409 case ALL_ARRAY_STORAGE_INDEXING_TYPES: { 416 ArrayStorage* storage = butterfly->arrayStorage();410 ArrayStorage* storage = m_butterfly->arrayStorage(); 417 411 ASSERT(i < storage->length()); 418 412 ASSERT(i < storage->m_numValuesInVector); … … 435 429 return false; 436 430 case ALL_ARRAY_STORAGE_INDEXING_TYPES: 437 return !!m_butterfly .get(this)->arrayStorage()->m_sparseMap;431 return !!m_butterfly->arrayStorage()->m_sparseMap; 438 432 default: 439 433 RELEASE_ASSERT_NOT_REACHED(); … … 452 446 return false; 453 447 case ALL_ARRAY_STORAGE_INDEXING_TYPES: 454 return m_butterfly .get(this)->arrayStorage()->inSparseMode();448 return m_butterfly->arrayStorage()->inSparseMode(); 455 449 default: 456 450 RELEASE_ASSERT_NOT_REACHED(); … … 557 551 } 558 552 559 const Butterfly* butterfly() const { return m_butterfly.get( this); }560 Butterfly* butterfly() { return m_butterfly.get( this); }561 562 ConstPropertyStorage outOfLineStorage() const { return m_butterfly .get(this)->propertyStorage(); }563 PropertyStorage outOfLineStorage() { return m_butterfly .get(this)->propertyStorage(); }553 const Butterfly* butterfly() const { return m_butterfly.get(); } 554 Butterfly* butterfly() { return m_butterfly.get(); } 555 556 ConstPropertyStorage outOfLineStorage() const { return m_butterfly->propertyStorage(); } 557 PropertyStorage outOfLineStorage() { return m_butterfly->propertyStorage(); } 564 558 565 559 const WriteBarrierBase<Unknown>* locationForOffset(PropertyOffset offset) const … … 663 657 { 664 658 if (LIKELY(hasInt32(indexingType()))) 665 return m_butterfly .get(this)->contiguousInt32();659 return m_butterfly->contiguousInt32(); 666 660 667 661 return ensureInt32Slow(vm); … … 675 669 { 676 670 if (LIKELY(hasDouble(indexingType()))) 677 return m_butterfly .get(this)->contiguousDouble();671 return m_butterfly->contiguousDouble(); 678 672 679 673 return ensureDoubleSlow(vm); … … 685 679 { 686 680 if (LIKELY(hasContiguous(indexingType()))) 687 return m_butterfly .get(this)->contiguous();681 return m_butterfly->contiguous(); 688 682 689 683 return ensureContiguousSlow(vm); … … 697 691 { 698 692 if (LIKELY(hasAnyArrayStorage(indexingType()))) 699 return m_butterfly .get(this)->arrayStorage();693 return m_butterfly->arrayStorage(); 700 694 701 695 return ensureArrayStorageSlow(vm); … … 743 737 { 744 738 ASSERT(hasAnyArrayStorage(indexingType())); 745 return m_butterfly .get(this)->arrayStorage();739 return m_butterfly->arrayStorage(); 746 740 } 747 741 … … 752 746 switch (indexingType()) { 753 747 case ALL_ARRAY_STORAGE_INDEXING_TYPES: 754 return m_butterfly .get(this)->arrayStorage();748 return m_butterfly->arrayStorage(); 755 749 756 750 default: … … 816 810 ASSERT(length < MAX_ARRAY_INDEX); 817 811 ASSERT(hasContiguous(indexingType()) || hasInt32(indexingType()) || hasDouble(indexingType()) || hasUndecided(indexingType())); 818 819 if (m_butterfly .get(this)->vectorLength() < length)812 813 if (m_butterfly->vectorLength() < length) 820 814 ensureLengthSlow(vm, length); 821 815 822 if (m_butterfly .get(this)->publicLength() < length)823 m_butterfly .get(this)->setPublicLength(length);816 if (m_butterfly->publicLength() < length) 817 m_butterfly->setPublicLength(length); 824 818 } 825 819 … … 881 875 882 876 protected: 883 Copy Barrier<Butterfly> m_butterfly;877 CopyWriteBarrier<Butterfly> m_butterfly; 884 878 #if USE(JSVALUE32_64) 885 879 private: … … 1355 1349 ASSERT(!value.isGetterSetter() && !(attributes & Accessor)); 1356 1350 ASSERT(!value.isCustomGetterSetter()); 1357 Butterfly* newButterfly = m_butterfly.get( this);1351 Butterfly* newButterfly = m_butterfly.get(); 1358 1352 if (structure()->putWillGrowOutOfLineStorage()) 1359 1353 newButterfly = growOutOfLineStorage(vm, structure()->outOfLineCapacity(), structure()->suggestedNewOutOfLineStorageCapacity()); -
tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSSet.h
r190896 r191150 113 113 JSSet(VM& vm, Structure* structure) 114 114 : Base(vm, structure) 115 , m_setData(vm , this)115 , m_setData(vm) 116 116 { 117 117 } -
tags/Safari-602.1.7/Source/JavaScriptCore/runtime/MapData.h
r190896 r191150 1 1 /* 2 * Copyright (C) 2013 , 2015Apple Inc. All rights reserved.2 * Copyright (C) 2013 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 27 27 #define MapData_h 28 28 29 #include "CopyBarrier.h"30 29 #include "JSCell.h" 31 30 #include "WeakGCMapInlines.h" … … 96 95 }; 97 96 98 MapDataImpl(VM& , JSCell* owner);97 MapDataImpl(VM&); 99 98 100 99 void set(ExecState*, JSCell* owner, KeyType, JSValue); … … 138 137 int32_t m_size; 139 138 int32_t m_deletedCount; 140 JSCell* m_owner; 141 CopyBarrier<Entry> m_entries; 139 Entry* m_entries; 142 140 WeakGCMap<JSIterator*, JSIterator> m_iterators; 143 141 }; 144 142 145 143 template<typename Entry, typename JSIterator> 146 ALWAYS_INLINE MapDataImpl<Entry, JSIterator>::MapDataImpl(VM& vm , JSCell* owner)144 ALWAYS_INLINE MapDataImpl<Entry, JSIterator>::MapDataImpl(VM& vm) 147 145 : m_capacity(0) 148 146 , m_size(0) 149 147 , m_deletedCount(0) 150 , m_ owner(owner)148 , m_entries(nullptr) 151 149 , m_iterators(vm) 152 150 { … … 185 183 if (!ensureSlot()) 186 184 return false; 187 Entry* entry = &m_mapData->m_entries .get(m_mapData->m_owner)[m_index];185 Entry* entry = &m_mapData->m_entries[m_index]; 188 186 pair = WTF::KeyValuePair<JSValue, JSValue>(entry->key().get(), entry->value().get()); 189 187 m_index += 1; … … 207 205 return m_index; 208 206 209 Entry* entries = m_mapData->m_entries .get(m_mapData->m_owner);207 Entry* entries = m_mapData->m_entries; 210 208 size_t end = m_mapData->m_size; 211 209 while (static_cast<size_t>(m_index) < end && !entries[m_index].key()) -
tags/Safari-602.1.7/Source/JavaScriptCore/runtime/MapDataInlines.h
r190896 r191150 48 48 m_size = 0; 49 49 m_deletedCount = 0; 50 m_entries .clear();50 m_entries = nullptr; 51 51 m_iterators.forEach([](JSIterator* iterator, JSIterator*) { 52 52 iterator->iteratorData()->didRemoveAllEntries(); … … 61 61 if (iter == m_stringKeyedTable.end()) 62 62 return 0; 63 return &m_entries .get(m_owner)[iter->value];63 return &m_entries[iter->value]; 64 64 } 65 65 if (key.value.isSymbol()) { … … 67 67 if (iter == m_symbolKeyedTable.end()) 68 68 return 0; 69 return &m_entries .get(m_owner)[iter->value];69 return &m_entries[iter->value]; 70 70 } 71 71 if (key.value.isCell()) { … … 73 73 if (iter == m_cellKeyedTable.end()) 74 74 return 0; 75 return &m_entries .get(m_owner)[iter->value];75 return &m_entries[iter->value]; 76 76 } 77 77 … … 79 79 if (iter == m_valueKeyedTable.end()) 80 80 return 0; 81 return &m_entries .get(m_owner)[iter->value];81 return &m_entries[iter->value]; 82 82 } 83 83 … … 94 94 typename Map::iterator location = map.find(key); 95 95 if (location != map.end()) 96 return &m_entries .get(m_owner)[location->value];96 return &m_entries[location->value]; 97 97 98 98 if (!ensureSpaceForAppend(exec, owner)) … … 101 101 auto result = map.add(key, m_size); 102 102 RELEASE_ASSERT(result.isNewEntry); 103 Entry* entry = &m_entries .get(m_owner)[m_size++];103 Entry* entry = &m_entries[m_size++]; 104 104 new (entry) Entry(); 105 105 entry->setKey(exec->vm(), owner, keyValue.value); … … 165 165 m_valueKeyedTable.remove(iter); 166 166 } 167 m_entries .get(m_owner)[location].clear();167 m_entries[location].clear(); 168 168 m_deletedCount++; 169 169 return true; … … 177 177 RELEASE_ASSERT(newCapacity > 0); 178 178 for (int32_t i = 0; i < m_size; i++) { 179 Entry& entry = m_entries .getWithoutBarrier()[i];179 Entry& entry = m_entries[i]; 180 180 if (!entry.key()) { 181 181 m_iterators.forEach([newEnd](JSIterator* iterator, JSIterator*) { … … 196 196 // Fixup for the hashmaps 197 197 for (auto ptr = m_valueKeyedTable.begin(); ptr != m_valueKeyedTable.end(); ++ptr) 198 ptr->value = m_entries .getWithoutBarrier()[ptr->value].key().get().asInt32();198 ptr->value = m_entries[ptr->value].key().get().asInt32(); 199 199 for (auto ptr = m_cellKeyedTable.begin(); ptr != m_cellKeyedTable.end(); ++ptr) 200 ptr->value = m_entries .getWithoutBarrier()[ptr->value].key().get().asInt32();200 ptr->value = m_entries[ptr->value].key().get().asInt32(); 201 201 for (auto ptr = m_stringKeyedTable.begin(); ptr != m_stringKeyedTable.end(); ++ptr) 202 ptr->value = m_entries .getWithoutBarrier()[ptr->value].key().get().asInt32();202 ptr->value = m_entries[ptr->value].key().get().asInt32(); 203 203 for (auto ptr = m_symbolKeyedTable.begin(); ptr != m_symbolKeyedTable.end(); ++ptr) 204 ptr->value = m_entries .getWithoutBarrier()[ptr->value].key().get().asInt32();204 ptr->value = m_entries[ptr->value].key().get().asInt32(); 205 205 206 206 ASSERT((m_size - newEnd) == m_deletedCount); … … 209 209 m_capacity = newCapacity; 210 210 m_size = newEnd; 211 m_entries .setWithoutBarrier(destination);211 m_entries = destination; 212 212 } 213 213 … … 218 218 RELEASE_ASSERT(newCapacity > 0); 219 219 ASSERT(newCapacity >= m_capacity); 220 memcpy(destination, m_entries .getWithoutBarrier(), sizeof(Entry) * m_size);220 memcpy(destination, m_entries, sizeof(Entry) * m_size); 221 221 m_capacity = newCapacity; 222 m_entries .setWithoutBarrier(destination);222 m_entries = destination; 223 223 } 224 224 … … 237 237 } 238 238 Entry* newEntries = static_cast<Entry*>(newStorage); 239 // Do a read barrier to ensure that m_entries points to to-space for the remainder of this GC epoch.240 m_entries.get(m_owner);241 239 if (shouldPack()) 242 240 replaceAndPackBackingStore(newEntries, requiredSize); … … 250 248 inline void MapDataImpl<Entry, JSIterator>::visitChildren(JSCell* owner, SlotVisitor& visitor) 251 249 { 252 Entry* entries = m_entries .getWithoutBarrier();250 Entry* entries = m_entries; 253 251 if (!entries) 254 252 return; … … 264 262 } 265 263 266 visitor.copyLater(owner, MapBackingStoreCopyToken, m_entries.getWithoutBarrier(), capacityInBytes());264 visitor.copyLater(owner, MapBackingStoreCopyToken, entries, capacityInBytes()); 267 265 } 268 266 … … 270 268 inline void MapDataImpl<Entry, JSIterator>::copyBackingStore(CopyVisitor& visitor, CopyToken token) 271 269 { 272 if (token == MapBackingStoreCopyToken && visitor.checkIfShouldCopy(m_entries .getWithoutBarrier())) {273 Entry* oldEntries = m_entries .getWithoutBarrier();270 if (token == MapBackingStoreCopyToken && visitor.checkIfShouldCopy(m_entries)) { 271 Entry* oldEntries = m_entries; 274 272 Entry* newEntries = static_cast<Entry*>(visitor.allocateNewSpace(capacityInBytes())); 275 273 if (shouldPack()) -
tags/Safari-602.1.7/Source/JavaScriptCore/runtime/Options.h
r190896 r191150 204 204 v(bool, enableMovHintRemoval, true, nullptr) \ 205 205 v(bool, enableObjectAllocationSinking, true, nullptr) \ 206 v(bool, enableCopyBarrierOptimization, true, nullptr) \207 206 \ 208 207 v(bool, enableConcurrentJIT, true, "allows the DFG / FTL compilation in threads other than the executing JS thread") \
Note: See TracChangeset
for help on using the changeset viewer.