Changeset 191150 in webkit


Ignore:
Timestamp:
Oct 15, 2015 4:41:01 PM (8 years ago)
Author:
bshafiei@apple.com
Message:

Roll out r190896. rdar://problem/23128791

Location:
tags/Safari-602.1.7/Source/JavaScriptCore
Files:
3 deleted
54 edited
1 copied

Legend:

Unmodified
Added
Removed
  • tags/Safari-602.1.7/Source/JavaScriptCore/CMakeLists.txt

    r190896 r191150  
    169169    dfg/DFGConstantFoldingPhase.cpp
    170170    dfg/DFGConstantHoistingPhase.cpp
    171     dfg/DFGCopyBarrierOptimizationPhase.cpp
    172171    dfg/DFGCriticalEdgeBreakingPhase.cpp
    173172    dfg/DFGDCEPhase.cpp
  • tags/Safari-602.1.7/Source/JavaScriptCore/ChangeLog

    r191149 r191150  
     12015-10-15  Babak Shafiei  <bshafiei@apple.com>
     2
     3        Roll out r190896.
     4
    152015-10-15  Babak Shafiei  <bshafiei@apple.com>
    26
  • tags/Safari-602.1.7/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj

    r190896 r191150  
    403403    <ClCompile Include="..\dfg\DFGConstantFoldingPhase.cpp" />
    404404    <ClCompile Include="..\dfg\DFGConstantHoistingPhase.cpp" />
    405     <ClCompile Include="..\dfg\DFGCopyBarrierOptimizationPhase.cpp" />
    406405    <ClCompile Include="..\dfg\DFGCPSRethreadingPhase.cpp" />
    407406    <ClCompile Include="..\dfg\DFGCriticalEdgeBreakingPhase.cpp" />
     
    11401139    <ClInclude Include="..\dfg\DFGConstantFoldingPhase.h" />
    11411140    <ClInclude Include="..\dfg\DFGConstantHoistingPhase.h" />
    1142     <ClInclude Include="..\dfg\DFGCopyBarrierOptimizationPhase.h" />
    11431141    <ClInclude Include="..\dfg\DFGCPSRethreadingPhase.h" />
    11441142    <ClInclude Include="..\dfg\DFGCriticalEdgeBreakingPhase.h" />
     
    13401338    <ClInclude Include="..\heap\CopiedSpace.h" />
    13411339    <ClInclude Include="..\heap\CopiedSpaceInlines.h" />
    1342     <ClInclude Include="..\heap\CopyBarrier.h" />
    13431340    <ClInclude Include="..\heap\CopyToken.h" />
    13441341    <ClInclude Include="..\heap\CopyVisitor.h" />
    13451342    <ClInclude Include="..\heap\CopyVisitorInlines.h" />
    13461343    <ClInclude Include="..\heap\CopyWorkList.h" />
     1344    <ClInclude Include="..\heap\CopyWriteBarrier.h" />
    13471345    <ClInclude Include="..\heap\DeferGC.h" />
    13481346    <ClInclude Include="..\heap\EdenGCActivityCallback.h" />
  • tags/Safari-602.1.7/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

    r190896 r191150  
    8787                0F05C3B41683CF9200BAF45B /* DFGArrayifySlowPathGenerator.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F05C3B21683CF8F00BAF45B /* DFGArrayifySlowPathGenerator.h */; };
    8888                0F0776BF14FF002B00102332 /* JITCompilationEffort.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F0776BD14FF002800102332 /* JITCompilationEffort.h */; settings = {ATTRIBUTES = (Private, ); }; };
    89                 0F0981F71BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F0981F51BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.cpp */; };
    90                 0F0981F81BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F0981F61BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.h */; };
    9189                0F0A75221B94BFA900110660 /* InferredType.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F0A75201B94BFA900110660 /* InferredType.cpp */; };
    9290                0F0A75231B94BFA900110660 /* InferredType.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F0A75211B94BFA900110660 /* InferredType.h */; settings = {ATTRIBUTES = (Private, ); }; };
     
    411409                0F7B294B14C3CD2F007C3DB1 /* DFGCapabilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FD82E1F14172C2F00179C94 /* DFGCapabilities.h */; };
    412410                0F7B294D14C3CD4C007C3DB1 /* DFGCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FC0977E1469EBC400CF2442 /* DFGCommon.h */; settings = {ATTRIBUTES = (Private, ); }; };
    413                 0F7C11AD1BC3862C00C74CDB /* CopyBarrier.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F7C11AC1BC3862C00C74CDB /* CopyBarrier.h */; settings = {ATTRIBUTES = (Private, ); }; };
    414411                0F8023EA1613832B00A0BA45 /* ByValInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F8023E91613832300A0BA45 /* ByValInfo.h */; settings = {ATTRIBUTES = (Private, ); }; };
    415412                0F8335B71639C1E6001443B5 /* ArrayAllocationProfile.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F8335B41639C1E3001443B5 /* ArrayAllocationProfile.cpp */; };
     
    938935                2A4EC90B1860D6C20094F782 /* WriteBarrierBuffer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2A4EC9091860D6C20094F782 /* WriteBarrierBuffer.cpp */; };
    939936                2A4EC90C1860D6C20094F782 /* WriteBarrierBuffer.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A4EC90A1860D6C20094F782 /* WriteBarrierBuffer.h */; settings = {ATTRIBUTES = (Private, ); }; };
     937                2A68295B1875F80500B6C3E2 /* CopyWriteBarrier.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A68295A1875F80500B6C3E2 /* CopyWriteBarrier.h */; settings = {ATTRIBUTES = (Private, ); }; };
    940938                2A6F462617E959CE00C45C98 /* HeapOperation.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A6F462517E959CE00C45C98 /* HeapOperation.h */; settings = {ATTRIBUTES = (Private, ); }; };
    941939                2A7A58EF1808A4C40020BDF7 /* DeferGC.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2A7A58EE1808A4C40020BDF7 /* DeferGC.cpp */; };
     
    19421940                0F05C3B21683CF8F00BAF45B /* DFGArrayifySlowPathGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGArrayifySlowPathGenerator.h; path = dfg/DFGArrayifySlowPathGenerator.h; sourceTree = "<group>"; };
    19431941                0F0776BD14FF002800102332 /* JITCompilationEffort.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITCompilationEffort.h; sourceTree = "<group>"; };
    1944                 0F0981F51BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGCopyBarrierOptimizationPhase.cpp; path = dfg/DFGCopyBarrierOptimizationPhase.cpp; sourceTree = "<group>"; };
    1945                 0F0981F61BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCopyBarrierOptimizationPhase.h; path = dfg/DFGCopyBarrierOptimizationPhase.h; sourceTree = "<group>"; };
    19461942                0F0A75201B94BFA900110660 /* InferredType.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = InferredType.cpp; sourceTree = "<group>"; };
    19471943                0F0A75211B94BFA900110660 /* InferredType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = InferredType.h; sourceTree = "<group>"; };
     
    22642260                0F79085319A290B200F6310C /* DFGStructureRegistrationPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGStructureRegistrationPhase.cpp; path = dfg/DFGStructureRegistrationPhase.cpp; sourceTree = "<group>"; };
    22652261                0F79085419A290B200F6310C /* DFGStructureRegistrationPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGStructureRegistrationPhase.h; path = dfg/DFGStructureRegistrationPhase.h; sourceTree = "<group>"; };
    2266                 0F7C11AC1BC3862C00C74CDB /* CopyBarrier.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CopyBarrier.h; sourceTree = "<group>"; };
    22672262                0F8023E91613832300A0BA45 /* ByValInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ByValInfo.h; sourceTree = "<group>"; };
    22682263                0F8335B41639C1E3001443B5 /* ArrayAllocationProfile.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ArrayAllocationProfile.cpp; sourceTree = "<group>"; };
     
    27612756                2A4EC9091860D6C20094F782 /* WriteBarrierBuffer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WriteBarrierBuffer.cpp; sourceTree = "<group>"; };
    27622757                2A4EC90A1860D6C20094F782 /* WriteBarrierBuffer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WriteBarrierBuffer.h; sourceTree = "<group>"; };
     2758                2A68295A1875F80500B6C3E2 /* CopyWriteBarrier.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CopyWriteBarrier.h; sourceTree = "<group>"; };
    27632759                2A6F462517E959CE00C45C98 /* HeapOperation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HeapOperation.h; sourceTree = "<group>"; };
    27642760                2A7A58EE1808A4C40020BDF7 /* DeferGC.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DeferGC.cpp; sourceTree = "<group>"; };
     
    42554251                                C2EAA3F8149A830800FCE112 /* CopiedSpace.h */,
    42564252                                C2C8D02B14A3C6B200578E65 /* CopiedSpaceInlines.h */,
    4257                                 0F7C11AC1BC3862C00C74CDB /* CopyBarrier.h */,
    42584253                                0F5A52CF17ADD717008ECB2D /* CopyToken.h */,
    42594254                                C2239D1216262BDD005AC5FD /* CopyVisitor.cpp */,
     
    42614256                                C2239D1416262BDD005AC5FD /* CopyVisitorInlines.h */,
    42624257                                C218D13F1655CFD50062BB81 /* CopyWorkList.h */,
     4258                                2A68295A1875F80500B6C3E2 /* CopyWriteBarrier.h */,
    42634259                                2A7A58EE1808A4C40020BDF7 /* DeferGC.cpp */,
    42644260                                0F136D4B174AD69B0075B354 /* DeferGC.h */,
     
    52525248                                0FED67B71B26256D0066CE15 /* DFGConstantHoistingPhase.cpp */,
    52535249                                0FED67B81B26256D0066CE15 /* DFGConstantHoistingPhase.h */,
    5254                                 0F0981F51BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.cpp */,
    5255                                 0F0981F61BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.h */,
    52565250                                0FBE0F6B16C1DB010082C5E8 /* DFGCPSRethreadingPhase.cpp */,
    52575251                                0FBE0F6C16C1DB010082C5E8 /* DFGCPSRethreadingPhase.h */,
     
    60956089                                C2239D1916262BDD005AC5FD /* CopyVisitorInlines.h in Headers */,
    60966090                                C218D1401655CFD50062BB81 /* CopyWorkList.h in Headers */,
     6091                                2A68295B1875F80500B6C3E2 /* CopyWriteBarrier.h in Headers */,
    60976092                                C4F4B6F41A05C944005CAB76 /* cpp_generator.py in Headers */,
    60986093                                C4F4B6F31A05C944005CAB76 /* cpp_generator_templates.py in Headers */,
     
    65346529                                0F5EF91F16878F7D003E5C25 /* JITThunks.h in Headers */,
    65356530                                0FC712E317CD8793008CC93C /* JITToDFGDeferredCompilationCallback.h in Headers */,
    6536                                 0F0981F81BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.h in Headers */,
    65376531                                A76F54A313B28AAB00EF2BCE /* JITWriteBarrier.h in Headers */,
    65386532                                840480131021A1D9008E7F01 /* JSAPIValueWrapper.h in Headers */,
     
    67816775                                BC18C4500E16F5CD00B34460 /* Profile.h in Headers */,
    67826776                                95CD45770E1C4FDD0085358E /* ProfileGenerator.h in Headers */,
    6783                                 0F7C11AD1BC3862C00C74CDB /* CopyBarrier.h in Headers */,
    67846777                                BC18C4510E16F5CD00B34460 /* ProfileNode.h in Headers */,
    67856778                                0FF729A5166AD351000F5BA3 /* ProfilerBytecode.h in Headers */,
     
    81328125                                2A4EC90B1860D6C20094F782 /* WriteBarrierBuffer.cpp in Sources */,
    81338126                                0FC8150B14043C0E00CFA603 /* WriteBarrierSupport.cpp in Sources */,
    8134                                 0F0981F71BC5E565004814F8 /* DFGCopyBarrierOptimizationPhase.cpp in Sources */,
    81358127                                A7E5AB3A1799E4B200D2833D /* X86Disassembler.cpp in Sources */,
    81368128                                863C6D9C1521111A00585E4E /* YarrCanonicalizeUCS2.cpp in Sources */,
  • tags/Safari-602.1.7/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp

    r191016 r191150  
    608608                    CCallHelpers::Address(baseForAccessGPR, JSObject::butterflyOffset()),
    609609                    loadedValueGPR);
    610                 jit.removeSpaceBits(loadedValueGPR);
    611610                storageGPR = loadedValueGPR;
    612611            }
     
    895894        } else {
    896895            jit.loadPtr(CCallHelpers::Address(baseGPR, JSObject::butterflyOffset()), scratchGPR);
    897             state.failAndIgnore.append(jit.branchIfNotToSpace(scratchGPR));
    898896            jit.storeValue(
    899897                valueRegs,
     
    959957           
    960958                jit.loadPtr(CCallHelpers::Address(baseGPR, JSObject::butterflyOffset()), scratchGPR3);
    961                 slowPath.append(jit.branchIfNotToSpace(scratchGPR3));
    962959                jit.loadPtr(&copiedAllocator->m_currentRemaining, scratchGPR);
    963960                slowPath.append(
     
    10031000                    offsetInInlineStorage(m_offset) * sizeof(JSValue)));
    10041001        } else {
    1005             if (!scratchGPRHasStorage) {
     1002            if (!scratchGPRHasStorage)
    10061003                jit.loadPtr(CCallHelpers::Address(baseGPR, JSObject::butterflyOffset()), scratchGPR);
    1007                 state.failAndIgnore.append(jit.branchIfNotToSpace(scratchGPR));
    1008             }
    10091004            jit.storeValue(
    10101005                valueRegs,
     
    10931088    case ArrayLength: {
    10941089        jit.loadPtr(CCallHelpers::Address(baseGPR, JSObject::butterflyOffset()), scratchGPR);
    1095         jit.removeSpaceBits(scratchGPR);
    10961090        jit.load32(CCallHelpers::Address(scratchGPR, ArrayStorage::lengthOffset()), scratchGPR);
    10971091        state.failAndIgnore.append(
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h

    r190896 r191150  
    19691969        break;
    19701970    case GetButterfly:
    1971     case GetButterflyReadOnly:
    19721971    case AllocatePropertyStorage:
    19731972    case ReallocatePropertyStorage:
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp

    r190896 r191150  
    193193                   
    194194                case GetButterfly:
    195                 case GetButterflyReadOnly:
    196195                    // This barely works. The danger is that the GetButterfly is used by something that
    197196                    // does something escaping to a candidate. Fortunately, the only butterfly-using ops
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGClobberize.h

    r190896 r191150  
    732732        def(HeapLocation(ButterflyLoc, JSObject_butterfly, node->child1()), LazyNode(node));
    733733        return;
    734 
    735     case GetButterflyReadOnly:
    736         // This rule is separate to prevent CSE of GetButterfly with GetButterflyReadOnly. But in reality,
    737         // this works because we don't introduce GetButterflyReadOnly until the bitter end of compilation.
    738         read(JSObject_butterfly);
    739         def(HeapLocation(ButterflyReadOnlyLoc, JSObject_butterfly, node->child1()), LazyNode(node));
    740         return;
    741734       
    742735    case Arrayify:
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGDoesGC.cpp

    r190896 r191150  
    9999    case GetExecutable:
    100100    case GetButterfly:
    101     case GetButterflyReadOnly:
    102101    case CheckArray:
    103102    case GetScope:
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp

    r190896 r191150  
    10661066        case CheckHasInstance:
    10671067        case CreateThis:
    1068         case GetButterfly:
    1069         case GetButterflyReadOnly: {
     1068        case GetButterfly: {
    10701069            fixEdge<CellUse>(node->child1());
    10711070            break;
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGHeapLocation.cpp

    r190896 r191150  
    9393        return;
    9494       
    95     case ButterflyReadOnlyLoc:
    96         out.print("ButterflyReadOnlyLoc");
    97         return;
    98        
    9995    case CheckHasInstanceLoc:
    10096        out.print("CheckHasInstanceLoc");
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGHeapLocation.h

    r190896 r191150  
    4040    ArrayLengthLoc,
    4141    ButterflyLoc,
    42     ButterflyReadOnlyLoc,
    4342    CheckHasInstanceLoc,
    4443    ClosureVariableLoc,
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGLICMPhase.cpp

    r190896 r191150  
    7474        m_graph.m_dominators.computeIfNecessary(m_graph);
    7575        m_graph.m_naturalLoops.computeIfNecessary(m_graph);
    76 
    77         if (verbose) {
    78             dataLog("Graph before LICM:\n");
    79             m_graph.dump();
    80         }
    8176       
    8277        m_data.resize(m_graph.m_naturalLoops.numLoops());
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGNodeType.h

    r190896 r191150  
    188188    macro(ReallocatePropertyStorage, NodeMustGenerate | NodeResultStorage) \
    189189    macro(GetButterfly, NodeResultStorage) \
    190     macro(GetButterflyReadOnly, NodeResultStorage) /* A node used to replace GetButterfly at the bitter end of compilation. */\
    191190    macro(CheckArray, NodeMustGenerate) \
    192191    macro(Arrayify, NodeMustGenerate) \
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGOperations.cpp

    r190896 r191150  
    644644        return bitwise_cast<char*>(exec->vm().throwException(exec, createRangeError(exec, ASCIILiteral("Array size is not a small enough positive integer."))));
    645645
    646     JSArray* result = JSArray::create(*vm, arrayStructure, size);
    647     result->butterfly(); // Ensure that the backing store is in to-space.
    648     return bitwise_cast<char*>(result);
     646    return bitwise_cast<char*>(JSArray::create(*vm, arrayStructure, size));
    649647}
    650648
     
    11771175
    11781176    return exec->codeBlock()->stringSwitchJumpTable(tableIndex).offsetForValue(string->value(exec).impl(), std::numeric_limits<int32_t>::min());
    1179 }
    1180 
    1181 char* JIT_OPERATION operationGetButterfly(ExecState* exec, JSCell* cell)
    1182 {
    1183     VM& vm = exec->vm();
    1184     NativeCallFrameTracer tracer(&vm, exec);
    1185 
    1186     dataLog("Ran the barrier.\n");
    1187 
    1188     return bitwise_cast<char*>(jsCast<JSObject*>(cell)->butterfly());
    1189 }
    1190 
    1191 char* JIT_OPERATION operationGetArrayBufferVector(ExecState* exec, JSCell* cell)
    1192 {
    1193     VM& vm = exec->vm();
    1194     NativeCallFrameTracer tracer(&vm, exec);
    1195 
    1196     return bitwise_cast<char*>(jsCast<JSArrayBufferView*>(cell)->vector());
    11971177}
    11981178
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGOperations.h

    r190896 r191150  
    131131char* JIT_OPERATION operationSwitchString(ExecState*, size_t tableIndex, JSString*);
    132132int32_t JIT_OPERATION operationSwitchStringAndGetBranchOffset(ExecState*, size_t tableIndex, JSString*);
    133 char* JIT_OPERATION operationGetButterfly(ExecState*, JSCell*);
    134 char* JIT_OPERATION operationGetArrayBufferVector(ExecState*, JSCell*);
    135133void JIT_OPERATION operationNotifyWrite(ExecState*, WatchpointSet*);
    136134void JIT_OPERATION operationThrowStackOverflowForVarargs(ExecState*) WTF_INTERNAL;
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGPlan.cpp

    r190896 r191150  
    3939#include "DFGConstantFoldingPhase.h"
    4040#include "DFGConstantHoistingPhase.h"
    41 #include "DFGCopyBarrierOptimizationPhase.h"
    4241#include "DFGCriticalEdgeBreakingPhase.h"
    4342#include "DFGDCEPhase.h"
     
    360359        performCPSRethreading(dfg);
    361360        performDCE(dfg);
    362         if (Options::enableCopyBarrierOptimization())
    363             performCopyBarrierOptimization(dfg);
    364361        performPhantomInsertion(dfg);
    365362        performStackLayout(dfg);
     
    441438        performCleanUp(dfg);
    442439        performDCE(dfg); // We rely on this to kill dead code that won't be recognized as dead by LLVM.
    443         if (Options::enableCopyBarrierOptimization())
    444             performCopyBarrierOptimization(dfg);
    445440        performStackLayout(dfg);
    446441        performLivenessAnalysis(dfg);
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp

    r190896 r191150  
    443443        }
    444444           
    445         case GetButterfly:
    446         case GetButterflyReadOnly:
     445        case GetButterfly:
    447446        case GetIndexedPropertyStorage:
    448447        case AllocatePropertyStorage:
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGSafeToExecute.h

    r190896 r191150  
    192192    case GetExecutable:
    193193    case GetButterfly:
    194     case GetButterflyReadOnly:
    195194    case CheckArray:
    196195    case Arrayify:
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

    r190896 r191150  
    43894389            MacroAssembler::Address(baseReg, JSArrayBufferView::offsetOfVector()),
    43904390            storageReg);
    4391 
    4392         addSlowPathGenerator(
    4393             slowPathCall(
    4394                 m_jit.branchIfNotToSpace(storageReg),
    4395                 this, operationGetArrayBufferVector, storageReg, baseReg));
    43964391        break;
    43974392    }
     
    44144409        MacroAssembler::Address(baseGPR, JSArrayBufferView::offsetOfMode()),
    44154410        TrustedImm32(WastefulTypedArray));
    4416 
     4411   
    44174412    m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSObject::butterflyOffset()), dataGPR);
    4418     m_jit.removeSpaceBits(dataGPR);
    44194413    m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSArrayBufferView::offsetOfVector()), vectorGPR);
    4420     m_jit.removeSpaceBits(vectorGPR);
    44214414    m_jit.loadPtr(MacroAssembler::Address(dataGPR, Butterfly::offsetOfArrayBuffer()), dataGPR);
    44224415    m_jit.loadPtr(MacroAssembler::Address(dataGPR, ArrayBuffer::offsetOfData()), dataGPR);
     
    44294422   
    44304423    done.link(&m_jit);
    4431 
     4424   
    44324425    int32Result(vectorGPR, node);
    44334426}
     
    54955488
    54965489    storageResult(scratchGPR1, node);
    5497 }
    5498 
    5499 void SpeculativeJIT::compileGetButterfly(Node* node)
    5500 {
    5501     SpeculateCellOperand base(this, node->child1());
    5502     GPRTemporary result(this, Reuse, base);
    5503    
    5504     GPRReg baseGPR = base.gpr();
    5505     GPRReg resultGPR = result.gpr();
    5506    
    5507     m_jit.loadPtr(JITCompiler::Address(baseGPR, JSObject::butterflyOffset()), resultGPR);
    5508 
    5509     switch (node->op()) {
    5510     case GetButterfly:
    5511         addSlowPathGenerator(
    5512             slowPathCall(
    5513                 m_jit.branchIfNotToSpace(resultGPR),
    5514                 this, operationGetButterfly, resultGPR, baseGPR));
    5515         break;
    5516 
    5517     case GetButterflyReadOnly:
    5518         m_jit.removeSpaceBits(resultGPR);
    5519         break;
    5520 
    5521     default:
    5522         DFG_CRASH(m_jit.graph(), node, "Bad node type");
    5523         break;
    5524     }
    5525    
    5526     storageResult(resultGPR, node);
    55275490}
    55285491
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h

    r190896 r191150  
    21482148    void compileAllocatePropertyStorage(Node*);
    21492149    void compileReallocatePropertyStorage(Node*);
    2150     void compileGetButterfly(Node*);
    21512150   
    21522151#if USE(JSVALUE32_64)
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

    r190896 r191150  
    40244024        break;
    40254025       
    4026     case GetButterfly:
    4027     case GetButterflyReadOnly:
    4028         compileGetButterfly(node);
    4029         break;
     4026    case GetButterfly: {
     4027        SpeculateCellOperand base(this, node->child1());
     4028        GPRTemporary result(this, Reuse, base);
     4029       
     4030        GPRReg baseGPR = base.gpr();
     4031        GPRReg resultGPR = result.gpr();
     4032       
     4033        m_jit.loadPtr(JITCompiler::Address(baseGPR, JSObject::butterflyOffset()), resultGPR);
     4034       
     4035        storageResult(resultGPR, node);
     4036        break;
     4037    }
    40304038
    40314039    case GetIndexedPropertyStorage: {
     
    46164624        GPRReg enumeratorGPR = enumerator.gpr();
    46174625
    4618         MacroAssembler::JumpList slowPath;
    4619 
    46204626        // Check the structure
    46214627        m_jit.load32(MacroAssembler::Address(baseGPR, JSCell::structureIDOffset()), scratchGPR);
    4622         slowPath.append(
    4623             m_jit.branch32(
    4624                 MacroAssembler::NotEqual,
    4625                 scratchGPR,
    4626                 MacroAssembler::Address(
    4627                     enumeratorGPR, JSPropertyNameEnumerator::cachedStructureIDOffset())));
     4628        MacroAssembler::Jump wrongStructure = m_jit.branch32(MacroAssembler::NotEqual,
     4629            scratchGPR, MacroAssembler::Address(enumeratorGPR, JSPropertyNameEnumerator::cachedStructureIDOffset()));
    46284630       
    46294631        // Compute the offset
     
    46474649        // We use resultPayloadGPR as a temporary here. We have to make sure clobber it after getting the
    46484650        // value out of indexGPR and enumeratorGPR because resultPayloadGPR could reuse either of those registers.
    4649         m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSObject::butterflyOffset()), resultPayloadGPR);
    4650         slowPath.append(m_jit.branchIfNotToSpace(resultPayloadGPR));
     4651        m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSObject::butterflyOffset()), resultPayloadGPR);
    46514652        int32_t offsetOfFirstProperty = static_cast<int32_t>(offsetInButterfly(firstOutOfLineOffset)) * sizeof(EncodedJSValue);
    46524653        m_jit.load32(MacroAssembler::BaseIndex(resultPayloadGPR, scratchGPR, MacroAssembler::TimesEight, offsetOfFirstProperty + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), resultTagGPR);
     
    46554656        done.link(&m_jit);
    46564657
    4657         addSlowPathGenerator(slowPathCall(slowPath, this, operationGetByValCell, resultTagGPR, resultPayloadGPR, baseGPR, propertyGPR));
     4658        addSlowPathGenerator(slowPathCall(wrongStructure, this, operationGetByValCell, resultTagGPR, resultPayloadGPR, baseGPR, propertyGPR));
    46584659#endif
    46594660
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

    r190896 r191150  
    40384038        break;
    40394039       
    4040     case GetButterfly:
    4041     case GetButterflyReadOnly:
    4042         compileGetButterfly(node);
    4043         break;
     4040    case GetButterfly: {
     4041        SpeculateCellOperand base(this, node->child1());
     4042        GPRTemporary result(this, Reuse, base);
     4043       
     4044        GPRReg baseGPR = base.gpr();
     4045        GPRReg resultGPR = result.gpr();
     4046       
     4047        m_jit.loadPtr(JITCompiler::Address(baseGPR, JSObject::butterflyOffset()), resultGPR);
     4048       
     4049        storageResult(resultGPR, node);
     4050        break;
     4051    }
    40444052
    40454053    case GetIndexedPropertyStorage: {
     
    46374645        GPRReg scratch2GPR = scratch2.gpr();
    46384646
    4639         MacroAssembler::JumpList slowPath;
    4640 
    46414647        // Check the structure
    46424648        m_jit.load32(MacroAssembler::Address(baseGPR, JSCell::structureIDOffset()), scratch1GPR);
    4643         slowPath.append(
    4644             m_jit.branch32(
    4645                 MacroAssembler::NotEqual,
    4646                 scratch1GPR,
    4647                 MacroAssembler::Address(
    4648                     enumeratorGPR, JSPropertyNameEnumerator::cachedStructureIDOffset())));
     4649        MacroAssembler::Jump wrongStructure = m_jit.branch32(MacroAssembler::NotEqual,
     4650            scratch1GPR, MacroAssembler::Address(enumeratorGPR, JSPropertyNameEnumerator::cachedStructureIDOffset()));
    46494651       
    46504652        // Compute the offset
     
    46604662        outOfLineAccess.link(&m_jit);
    46614663        m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSObject::butterflyOffset()), scratch2GPR);
    4662         slowPath.append(m_jit.branchIfNotToSpace(scratch2GPR));
    46634664        m_jit.move(indexGPR, scratch1GPR);
    46644665        m_jit.sub32(MacroAssembler::Address(enumeratorGPR, JSPropertyNameEnumerator::cachedInlineCapacityOffset()), scratch1GPR);
     
    46704671        done.link(&m_jit);
    46714672
    4672         addSlowPathGenerator(slowPathCall(slowPath, this, operationGetByVal, resultGPR, baseGPR, propertyGPR));
     4673        addSlowPathGenerator(slowPathCall(wrongStructure, this, operationGetByVal, resultGPR, baseGPR, propertyGPR));
    46734674
    46744675        jsValueResult(resultGPR, node);
  • tags/Safari-602.1.7/Source/JavaScriptCore/dfg/DFGTypeCheckHoistingPhase.cpp

    r190896 r191150  
    248248                case ReallocatePropertyStorage:
    249249                case GetButterfly:
    250                 case GetButterflyReadOnly:
    251250                case GetByVal:
    252251                case PutByValDirect:
     
    327326                case ReallocatePropertyStorage:
    328327                case GetButterfly:
    329                 case GetButterflyReadOnly:
    330328                case GetByVal:
    331329                case PutByValDirect:
  • tags/Safari-602.1.7/Source/JavaScriptCore/ftl/FTLCapabilities.cpp

    r190896 r191150  
    6969    case PutStructure:
    7070    case GetButterfly:
    71     case GetButterflyReadOnly:
    7271    case NewObject:
    7372    case NewArray:
  • tags/Safari-602.1.7/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp

    r190916 r191150  
    567567            compileGetButterfly();
    568568            break;
    569         case GetButterflyReadOnly:
    570             compileGetButterflyReadOnly();
    571             break;
    572569        case ConstantStoragePointer:
    573570            compileConstantStoragePointer();
     
    22862283    void compileGetButterfly()
    22872284    {
    2288         setStorage(loadButterflyWithBarrier(lowCell(m_node->child1())));
    2289     }
    2290 
    2291     void compileGetButterflyReadOnly()
    2292     {
    2293         setStorage(loadButterflyReadOnly(lowCell(m_node->child1())));
     2285        setStorage(m_out.loadPtr(lowCell(m_node->child1()), m_heaps.JSObject_butterfly));
    22942286    }
    22952287   
     
    23262318        }
    23272319       
    2328         setStorage(loadVectorWithBarrier(cell));
     2320        setStorage(m_out.loadPtr(cell, m_heaps.JSArrayBufferView_vector));
    23292321    }
    23302322   
     
    23462338        LValue basePtr = lowCell(m_node->child1());   
    23472339
    2348         LBasicBlock simpleCase = FTL_NEW_BLOCK(m_out, ("GetTypedArrayByteOffset wasteless typed array"));
    2349         LBasicBlock wastefulCase = FTL_NEW_BLOCK(m_out, ("GetTypedArrayByteOffset wasteful typed array"));
    2350         LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("GetTypedArrayByteOffset continuation"));
     2340        LBasicBlock simpleCase = FTL_NEW_BLOCK(m_out, ("wasteless typed array"));
     2341        LBasicBlock wastefulCase = FTL_NEW_BLOCK(m_out, ("wasteful typed array"));
     2342        LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("continuation branch"));
    23512343       
    23522344        LValue mode = m_out.load32(basePtr, m_heaps.JSArrayBufferView_mode);
     
    23552347            unsure(simpleCase), unsure(wastefulCase));
    23562348
     2349        // begin simple case       
    23572350        LBasicBlock lastNext = m_out.appendTo(simpleCase, wastefulCase);
    23582351
     
    23612354        m_out.jump(continuation);
    23622355
     2356        // begin wasteful case
    23632357        m_out.appendTo(wastefulCase, continuation);
    23642358
    2365         LValue vectorPtr = loadVectorReadOnly(basePtr);
    2366         LValue butterflyPtr = loadButterflyReadOnly(basePtr);
     2359        LValue vectorPtr = m_out.loadPtr(basePtr, m_heaps.JSArrayBufferView_vector);
     2360        LValue butterflyPtr = m_out.loadPtr(basePtr, m_heaps.JSObject_butterfly);
    23672361        LValue arrayBufferPtr = m_out.loadPtr(butterflyPtr, m_heaps.Butterfly_arrayBuffer);
    23682362        LValue dataPtr = m_out.loadPtr(arrayBufferPtr, m_heaps.ArrayBuffer_data);
     
    23732367        m_out.appendTo(continuation, lastNext);
    23742368
     2369        // output
    23752370        setInt32(m_out.castToInt32(m_out.phi(m_out.intPtr, simpleOut, wastefulOut)));
    23762371    }
     
    40564051                    propertyBase = weakPointer(method.prototype()->value().asCell());
    40574052                if (!isInlineOffset(method.offset()))
    4058                     propertyBase = loadButterflyReadOnly(propertyBase);
     4053                    propertyBase = m_out.loadPtr(propertyBase, m_heaps.JSObject_butterfly);
    40594054                result = loadProperty(
    40604055                    propertyBase, data.identifierNumber, method.offset());
     
    41244119                    storage = base;
    41254120                else
    4126                     storage = loadButterflyWithBarrier(base);
     4121                    storage = m_out.loadPtr(base, m_heaps.JSObject_butterfly);
    41274122            } else {
    41284123                m_graph.m_plan.transitions.addLazily(
     
    53585353
    53595354        m_out.appendTo(outOfLineLoad, slowCase);
    5360         LValue storage = loadButterflyReadOnly(base);
     5355        LValue storage = m_out.loadPtr(base, m_heaps.JSObject_butterfly);
    53615356        LValue realIndex = m_out.signExt(
    53625357            m_out.neg(m_out.sub(index, m_out.load32(enumerator, m_heaps.JSPropertyNameEnumerator_cachedInlineCapacity))),
     
    60106005       
    60116006        if (previousStructure->outOfLineCapacity() == nextStructure->outOfLineCapacity())
    6012             return loadButterflyWithBarrier(object);
     6007            return m_out.loadPtr(object, m_heaps.JSObject_butterfly);
    60136008       
    60146009        LValue result;
     
    60176012        else {
    60186013            result = reallocatePropertyStorage(
    6019                 object, loadButterflyWithBarrier(object),
     6014                object, m_out.loadPtr(object, m_heaps.JSObject_butterfly),
    60206015                previousStructure, nextStructure);
    60216016        }
     
    61306125       
    61316126        return call;
    6132     }
    6133 
    6134     LValue loadButterflyWithBarrier(LValue object)
    6135     {
    6136         return copyBarrier(
    6137             object, m_out.loadPtr(object, m_heaps.JSObject_butterfly), operationGetButterfly);
    6138     }
    6139    
    6140     LValue loadVectorWithBarrier(LValue object)
    6141     {
    6142         return copyBarrier(
    6143             object, m_out.loadPtr(object, m_heaps.JSArrayBufferView_vector),
    6144             operationGetArrayBufferVector);
    6145     }
    6146    
    6147     LValue copyBarrier(LValue object, LValue pointer, P_JITOperation_EC slowPathFunction)
    6148     {
    6149         LBasicBlock slowPath = FTL_NEW_BLOCK(m_out, ("loadButterflyWithBarrier slow path"));
    6150         LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("loadButterflyWithBarrier continuation"));
    6151 
    6152         ValueFromBlock fastResult = m_out.anchor(pointer);
    6153         m_out.branch(
    6154             m_out.testIsZeroPtr(pointer, m_out.constIntPtr(CopyBarrierBase::spaceBits)),
    6155             usually(continuation), rarely(slowPath));
    6156 
    6157         LBasicBlock lastNext = m_out.appendTo(slowPath, continuation);
    6158 
    6159         LValue call = lazySlowPath(
    6160             [=] (const Vector<Location>& locations) -> RefPtr<LazySlowPath::Generator> {
    6161                 return createLazyCallGenerator(
    6162                     slowPathFunction, locations[0].directGPR(), locations[1].directGPR());
    6163             }, object);
    6164         ValueFromBlock slowResult = m_out.anchor(call);
    6165         m_out.jump(continuation);
    6166 
    6167         m_out.appendTo(continuation, lastNext);
    6168         return m_out.phi(m_out.intPtr, fastResult, slowResult);
    6169     }
    6170 
    6171     LValue loadButterflyReadOnly(LValue object)
    6172     {
    6173         return removeSpaceBits(m_out.loadPtr(object, m_heaps.JSObject_butterfly));
    6174     }
    6175 
    6176     LValue loadVectorReadOnly(LValue object)
    6177     {
    6178         return removeSpaceBits(m_out.loadPtr(object, m_heaps.JSArrayBufferView_vector));
    6179     }
    6180 
    6181     LValue removeSpaceBits(LValue storage)
    6182     {
    6183         return m_out.bitAnd(
    6184             storage, m_out.constIntPtr(~static_cast<intptr_t>(CopyBarrierBase::spaceBits)));
    61856127    }
    61866128   
  • tags/Safari-602.1.7/Source/JavaScriptCore/ftl/FTLOperations.cpp

    r190896 r191150  
    4949        vm, nullptr, 0, structure->outOfLineCapacity(), false, IndexingHeader(), 0);
    5050   
    51     JSObject* result = JSFinalObject::create(exec, structure, butterfly);
    52     result->butterfly(); // Ensure that the butterfly is in to-space.
    53     return result;
     51    return JSFinalObject::create(exec, structure, butterfly);
    5452}
    5553
  • tags/Safari-602.1.7/Source/JavaScriptCore/ftl/FTLOutput.h

    r190896 r191150  
    363363    LValue testIsZero64(LValue value, LValue mask) { return isZero64(bitAnd(value, mask)); }
    364364    LValue testNonZero64(LValue value, LValue mask) { return notZero64(bitAnd(value, mask)); }
    365     LValue testIsZeroPtr(LValue value, LValue mask) { return isNull(bitAnd(value, mask)); }
    366     LValue testNonZeroPtr(LValue value, LValue mask) { return notNull(bitAnd(value, mask)); }
    367365   
    368366    LValue select(LValue value, LValue taken, LValue notTaken) { return buildSelect(m_builder, value, taken, notTaken); }
  • tags/Safari-602.1.7/Source/JavaScriptCore/heap/CopyVisitorInlines.h

    r190896 r191150  
    3434inline bool CopyVisitor::checkIfShouldCopy(void* oldPtr)
    3535{
    36     if (!oldPtr)
    37         return false;
    3836    CopiedBlock* block = CopiedSpace::blockFor(oldPtr);
    3937    if (block->isOversize() || block->isPinned())
  • tags/Safari-602.1.7/Source/JavaScriptCore/heap/Heap.cpp

    r190896 r191150  
    10011001}
    10021002
    1003 void* Heap::copyBarrier(const JSCell*, void*& pointer)
    1004 {
    1005     // Do nothing for now.
    1006     return pointer;
    1007 }
    1008 
    10091003void Heap::collectAndSweep(HeapOperation collectionType)
    10101004{
  • tags/Safari-602.1.7/Source/JavaScriptCore/heap/Heap.h

    r190896 r191150  
    109109    void writeBarrier(const JSCell*, JSCell*);
    110110
    111     JS_EXPORT_PRIVATE static void* copyBarrier(const JSCell* owner, void*& copiedSpacePointer);
    112 
    113111    WriteBarrierBuffer& writeBarrierBuffer() { return m_writeBarrierBuffer; }
    114112    void flushWriteBarrierBuffer(JSCell*);
  • tags/Safari-602.1.7/Source/JavaScriptCore/heap/HeapInlines.h

    r190896 r191150  
    2727#define HeapInlines_h
    2828
    29 #include "CopyBarrier.h"
    3029#include "Heap.h"
    3130#include "JSCell.h"
  • tags/Safari-602.1.7/Source/JavaScriptCore/jit/AssemblyHelpers.h

    r190896 r191150  
    3030
    3131#include "CodeBlock.h"
    32 #include "CopyBarrier.h"
    3332#include "FPRInfo.h"
    3433#include "GPRInfo.h"
     
    755754        return branchPtr(condition, leftHandSide, TrustedImmPtr(structure));
    756755#endif
    757     }
    758 
    759     Jump branchIfNotToSpace(GPRReg storageGPR)
    760     {
    761         return branchTest32(NonZero, storageGPR, TrustedImm32(CopyBarrierBase::spaceBits));
    762     }
    763 
    764     void removeSpaceBits(GPRReg storageGPR)
    765     {
    766         andPtr(TrustedImmPtr(~static_cast<uintptr_t>(CopyBarrierBase::spaceBits)), storageGPR);
    767756    }
    768757   
  • tags/Safari-602.1.7/Source/JavaScriptCore/jit/JIT.cpp

    r190896 r191150  
    181181        if (Options::eagerlyUpdateTopCallFrame())
    182182            updateTopCallFrame();
    183 
    184         unsigned bytecodeOffset = m_bytecodeOffset;
    185183       
    186184        switch (opcodeID) {
     
    317315            RELEASE_ASSERT_NOT_REACHED();
    318316        }
    319 
    320         if (false)
    321             dataLog("At ", bytecodeOffset, ": ", m_slowCases.size(), "\n");
    322317    }
    323318
     
    439434        }
    440435
    441         if (false)
    442             dataLog("At ", firstTo, " slow: ", iter - m_slowCases.begin(), "\n");
    443 
    444436        RELEASE_ASSERT_WITH_MESSAGE(iter == m_slowCases.end() || firstTo != iter->to, "Not enough jumps linked in slow case codegen.");
    445437        RELEASE_ASSERT_WITH_MESSAGE(firstTo == (iter - 1)->to, "Too many jumps linked in slow case codegen.");
  • tags/Safari-602.1.7/Source/JavaScriptCore/jit/JITOpcodes.cpp

    r190896 r191150  
    11541154    linkSlowCaseIfNotJSCell(iter, base); // base cell check
    11551155    linkSlowCase(iter); // base array check
    1156     linkSlowCase(iter); // read barrier
    11571156    linkSlowCase(iter); // vector length check
    11581157    linkSlowCase(iter); // empty value
     
    11981197    outOfLineAccess.link(this);
    11991198    loadPtr(Address(regT0, JSObject::butterflyOffset()), regT0);
    1200     addSlowCase(branchIfNotToSpace(regT0));
    12011199    sub32(Address(regT2, JSPropertyNameEnumerator::cachedInlineCapacityOffset()), regT1);
    12021200    neg32(regT1);
     
    12141212    int base = currentInstruction[2].u.operand;
    12151213    linkSlowCaseIfNotJSCell(iter, base);
    1216     linkSlowCase(iter);
    12171214    linkSlowCase(iter);
    12181215
  • tags/Safari-602.1.7/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp

    r190896 r191150  
    11751175    outOfLineAccess.link(this);
    11761176    loadPtr(Address(regT0, JSObject::butterflyOffset()), regT0);
    1177     addSlowCase(branchIfNotToSpace(regT0));
    11781177    sub32(Address(regT1, JSPropertyNameEnumerator::cachedInlineCapacityOffset()), regT2);
    11791178    neg32(regT2);
     
    11911190    int base = currentInstruction[2].u.operand;
    11921191    linkSlowCaseIfNotJSCell(iter, base);
    1193     linkSlowCase(iter);
    11941192    linkSlowCase(iter);
    11951193
  • tags/Safari-602.1.7/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

    r190896 r191150  
    166166    badType = patchableBranch32(NotEqual, regT2, TrustedImm32(DoubleShape));
    167167    loadPtr(Address(regT0, JSObject::butterflyOffset()), regT2);
    168     slowCases.append(branchIfNotToSpace(regT2));
    169168    slowCases.append(branch32(AboveOrEqual, regT1, Address(regT2, Butterfly::offsetOfPublicLength())));
    170169    loadDouble(BaseIndex(regT2, regT1, TimesEight), fpRegT0);
     
    180179    badType = patchableBranch32(NotEqual, regT2, TrustedImm32(expectedShape));
    181180    loadPtr(Address(regT0, JSObject::butterflyOffset()), regT2);
    182     slowCases.append(branchIfNotToSpace(regT2));
    183181    slowCases.append(branch32(AboveOrEqual, regT1, Address(regT2, Butterfly::offsetOfPublicLength())));
    184182    load64(BaseIndex(regT2, regT1, TimesEight), regT0);
     
    196194
    197195    loadPtr(Address(regT0, JSObject::butterflyOffset()), regT2);
    198     slowCases.append(branchIfNotToSpace(regT2));
    199196    slowCases.append(branch32(AboveOrEqual, regT1, Address(regT2, ArrayStorage::vectorLengthOffset())));
    200197
     
    255252    nonCell.link(this);
    256253   
    257     linkSlowCase(iter); // read barrier
    258254    linkSlowCase(iter); // vector length check
    259255    linkSlowCase(iter); // empty value
     
    328324   
    329325    loadPtr(Address(regT0, JSObject::butterflyOffset()), regT2);
    330     slowCases.append(branchIfNotToSpace(regT2));
    331326    Jump outOfBounds = branch32(AboveOrEqual, regT1, Address(regT2, Butterfly::offsetOfPublicLength()));
    332327
     
    384379    badType = patchableBranch32(NotEqual, regT2, TrustedImm32(ArrayStorageShape));
    385380    loadPtr(Address(regT0, JSObject::butterflyOffset()), regT2);
    386     slowCases.append(branchIfNotToSpace(regT2));
    387381    slowCases.append(branch32(AboveOrEqual, regT1, Address(regT2, ArrayStorage::vectorLengthOffset())));
    388382
     
    455449    linkSlowCase(iter); // base not array check
    456450   
    457     linkSlowCase(iter); // read barrier
    458451    linkSlowCase(iter); // out of bounds
    459    
     452
    460453    JITArrayMode mode = chooseArrayMode(profile);
    461454    switch (mode) {
     
    788781            }
    789782            loadPtr(Address(base, JSObject::butterflyOffset()), scratch);
    790             addSlowCase(branchIfNotToSpace(scratch));
    791783            neg32(offset);
    792784            signExtend32ToPtr(offset, offset);
     
    868860        return;
    869861
    870     if (resolveType == GlobalProperty || resolveType == GlobalPropertyWithVarInjectionChecks) {
    871         linkSlowCase(iter); // bad structure
    872         linkSlowCase(iter); // read barrier
    873     }
     862    if (resolveType == GlobalProperty || resolveType == GlobalPropertyWithVarInjectionChecks)
     863        linkSlowCase(iter);
    874864
    875865    if (resolveType == GlobalLexicalVarWithVarInjectionChecks) // Var injections check.
     
    880870        linkSlowCase(iter); // emitLoadWithStructureCheck
    881871        linkSlowCase(iter); // emitLoadWithStructureCheck
    882         linkSlowCase(iter); // read barrier
    883872        // GlobalLexicalVar
    884873        linkSlowCase(iter); // TDZ check.
     
    934923           
    935924            loadPtr(Address(regT0, JSObject::butterflyOffset()), regT0);
    936             addSlowCase(branchIfNotToSpace(regT0));
    937925            loadPtr(operandSlot, regT1);
    938926            negPtr(regT1);
     
    10281016        && currentInstruction[5].u.watchpointSet->state() != IsInvalidated)
    10291017        linkCount++;
    1030     if (resolveType == GlobalProperty || resolveType == GlobalPropertyWithVarInjectionChecks) {
    1031         linkCount++; // bad structure
    1032         linkCount++; // read barrier
    1033     }
     1018    if (resolveType == GlobalProperty || resolveType == GlobalPropertyWithVarInjectionChecks)
     1019        linkCount++;
    10341020    if (getPutInfo.initializationMode() != Initialization && (resolveType == GlobalLexicalVar || resolveType == GlobalLexicalVarWithVarInjectionChecks)) // TDZ check.
    10351021        linkCount++;
     
    10381024        linkCount++; // emitLoadWithStructureCheck
    10391025        linkCount++; // emitLoadWithStructureCheck
    1040         linkCount++; // read barrier
    10411026
    10421027        // GlobalLexicalVar
     
    14561441    badType = patchableBranch32(NotEqual, scratch, TrustedImm32(typeForTypedArrayType(type)));
    14571442    slowCases.append(branch32(AboveOrEqual, property, Address(base, JSArrayBufferView::offsetOfLength())));
    1458     loadPtr(Address(base, JSArrayBufferView::offsetOfVector()), scratch);
    1459     slowCases.append(branchIfNotToSpace(scratch));
     1443    loadPtr(Address(base, JSArrayBufferView::offsetOfVector()), base);
    14601444   
    14611445    switch (elementSize(type)) {
    14621446    case 1:
    14631447        if (isSigned(type))
    1464             load8SignedExtendTo32(BaseIndex(scratch, property, TimesOne), resultPayload);
     1448            load8SignedExtendTo32(BaseIndex(base, property, TimesOne), resultPayload);
    14651449        else
    1466             load8(BaseIndex(scratch, property, TimesOne), resultPayload);
     1450            load8(BaseIndex(base, property, TimesOne), resultPayload);
    14671451        break;
    14681452    case 2:
    14691453        if (isSigned(type))
    1470             load16SignedExtendTo32(BaseIndex(scratch, property, TimesTwo), resultPayload);
     1454            load16SignedExtendTo32(BaseIndex(base, property, TimesTwo), resultPayload);
    14711455        else
    1472             load16(BaseIndex(scratch, property, TimesTwo), resultPayload);
     1456            load16(BaseIndex(base, property, TimesTwo), resultPayload);
    14731457        break;
    14741458    case 4:
    1475         load32(BaseIndex(scratch, property, TimesFour), resultPayload);
     1459        load32(BaseIndex(base, property, TimesFour), resultPayload);
    14761460        break;
    14771461    default:
     
    15281512    badType = patchableBranch32(NotEqual, scratch, TrustedImm32(typeForTypedArrayType(type)));
    15291513    slowCases.append(branch32(AboveOrEqual, property, Address(base, JSArrayBufferView::offsetOfLength())));
    1530     loadPtr(Address(base, JSArrayBufferView::offsetOfVector()), scratch);
    1531     slowCases.append(branchIfNotToSpace(scratch));
     1514    loadPtr(Address(base, JSArrayBufferView::offsetOfVector()), base);
    15321515   
    15331516    switch (elementSize(type)) {
    15341517    case 4:
    1535         loadFloat(BaseIndex(scratch, property, TimesFour), fpRegT0);
     1518        loadFloat(BaseIndex(base, property, TimesFour), fpRegT0);
    15361519        convertFloatToDouble(fpRegT0, fpRegT0);
    15371520        break;
    15381521    case 8: {
    1539         loadDouble(BaseIndex(scratch, property, TimesEight), fpRegT0);
     1522        loadDouble(BaseIndex(base, property, TimesEight), fpRegT0);
    15401523        break;
    15411524    }
     
    15971580    // path expects the base to be unclobbered.
    15981581    loadPtr(Address(base, JSArrayBufferView::offsetOfVector()), lateScratch);
    1599     slowCases.append(branchIfNotToSpace(lateScratch));
    16001582   
    16011583    if (isClamped(type)) {
     
    16831665    // path expects the base to be unclobbered.
    16841666    loadPtr(Address(base, JSArrayBufferView::offsetOfVector()), lateScratch);
    1685     slowCases.append(branchIfNotToSpace(lateScratch));
    16861667   
    16871668    switch (elementSize(type)) {
  • tags/Safari-602.1.7/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

    r190916 r191150  
    221221const PutByIdSecondaryTypeObjectOrOther = 0x40
    222222const PutByIdSecondaryTypeTop = 0x48
    223 
    224 const CopyBarrierSpaceBits = 3
    225223
    226224const CallOpCodeSize = 9
     
    666664end
    667665
    668 macro copyBarrier(value, slow)
    669     btpnz value, CopyBarrierSpaceBits, slow
    670 end
    671 
    672666macro functionPrologue()
    673667    if X86 or X86_WIN or X86_64 or X86_64_WIN
  • tags/Safari-602.1.7/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

    r190916 r191150  
    11891189
    11901190
    1191 macro loadPropertyAtVariableOffset(propertyOffsetAsInt, objectAndStorage, value, slow)
     1191macro loadPropertyAtVariableOffset(propertyOffsetAsInt, objectAndStorage, value)
    11921192    bilt propertyOffsetAsInt, firstOutOfLineOffset, .isInline
    11931193    loadp JSObject::m_butterfly[objectAndStorage], objectAndStorage
    1194     copyBarrier(objectAndStorage, slow)
    11951194    negi propertyOffsetAsInt
    11961195    sxi2q propertyOffsetAsInt, propertyOffsetAsInt
     
    12031202
    12041203
    1205 macro storePropertyAtVariableOffset(propertyOffsetAsInt, objectAndStorage, value, slow)
     1204macro storePropertyAtVariableOffset(propertyOffsetAsInt, objectAndStorage, value)
    12061205    bilt propertyOffsetAsInt, firstOutOfLineOffset, .isInline
    12071206    loadp JSObject::m_butterfly[objectAndStorage], objectAndStorage
    1208     copyBarrier(objectAndStorage, slow)
    12091207    negi propertyOffsetAsInt
    12101208    sxi2q propertyOffsetAsInt, propertyOffsetAsInt
     
    12251223    loadisFromInstruction(5, t1)
    12261224    loadisFromInstruction(1, t2)
    1227     loadPropertyAtVariableOffset(t1, t3, t0, .opGetByIdSlow)
     1225    loadPropertyAtVariableOffset(t1, t3, t0)
    12281226    storeq t0, [cfr, t2, 8]
    12291227    valueProfile(t0, 8, t1)
     
    12461244    loadisFromInstruction(1, t1)
    12471245    loadp JSObject::m_butterfly[t3], t0
    1248     copyBarrier(t0, .opGetArrayLengthSlow)
    12491246    loadi -sizeof IndexingHeader + IndexingHeader::u.lengths.publicLength[t0], t0
    12501247    bilt t0, 0, .opGetArrayLengthSlow
     
    13901387    loadConstantOrVariable(t1, t2)
    13911388    loadisFromInstruction(5, t1)
    1392     storePropertyAtVariableOffset(t1, t0, t2, .opPutByIdSlow)
     1389    storePropertyAtVariableOffset(t1, t0, t2)
    13931390    dispatch(9)
    13941391
     
    14091406    sxi2q t1, t1
    14101407    loadp JSObject::m_butterfly[t0], t3
    1411     copyBarrier(t3, .opGetByValSlow)
    14121408    andi IndexingShapeMask, t2
    14131409    bieq t2, Int32Shape, .opGetByValIsContiguous
     
    14801476    sxi2q t3, t3
    14811477    loadp JSObject::m_butterfly[t1], t0
    1482     copyBarrier(t0, .opPutByValSlow)
    14831478    andi IndexingShapeMask, t2
    14841479    bineq t2, Int32Shape, .opPutByValNotInt32
     
    20011996end
    20021997
    2003 macro getProperty(slow)
     1998macro getProperty()
    20041999    loadisFromInstruction(6, t1)
    2005     loadPropertyAtVariableOffset(t1, t0, t2, slow)
     2000    loadPropertyAtVariableOffset(t1, t0, t2)
    20062001    valueProfile(t2, 7, t0)
    20072002    loadisFromInstruction(1, t0)
     
    20342029    bineq t0, GlobalProperty, .gGlobalVar
    20352030    loadWithStructureCheck(2, .gDynamic)
    2036     getProperty(.gDynamic)
     2031    getProperty()
    20372032    dispatch(8)
    20382033
     
    20592054    bineq t0, GlobalPropertyWithVarInjectionChecks, .gGlobalVarWithVarInjectionChecks
    20602055    loadWithStructureCheck(2, .gDynamic)
    2061     getProperty(.gDynamic)
     2056    getProperty()
    20622057    dispatch(8)
    20632058
     
    20892084
    20902085
    2091 macro putProperty(slow)
     2086macro putProperty()
    20922087    loadisFromInstruction(3, t1)
    20932088    loadConstantOrVariable(t1, t2)
    20942089    loadisFromInstruction(6, t1)
    2095     storePropertyAtVariableOffset(t1, t0, t2, slow)
     2090    storePropertyAtVariableOffset(t1, t0, t2)
    20962091end
    20972092
     
    21512146    writeBarrierOnOperands(1, 3)
    21522147    loadWithStructureCheck(1, .pDynamic)
    2153     putProperty(.pDynamic)
     2148    putProperty()
    21542149    dispatch(7)
    21552150
     
    21782173    writeBarrierOnOperands(1, 3)
    21792174    loadWithStructureCheck(1, .pDynamic)
    2180     putProperty(.pDynamic)
     2175    putProperty()
    21812176    dispatch(7)
    21822177
  • tags/Safari-602.1.7/Source/JavaScriptCore/runtime/DirectArguments.cpp

    r190896 r191150  
    9898        visitor.copyLater(
    9999            thisObject, DirectArgumentsOverridesCopyToken,
    100             thisObject->m_overrides.getWithoutBarrier(), thisObject->overridesSize());
     100            thisObject->m_overrides.get(), thisObject->overridesSize());
    101101    }
    102102}
     
    109109    RELEASE_ASSERT(token == DirectArgumentsOverridesCopyToken);
    110110   
    111     void* oldOverrides = thisObject->m_overrides.getWithoutBarrier();
     111    bool* oldOverrides = thisObject->m_overrides.get();
     112    if (!oldOverrides)
     113        return;
     114   
    112115    if (visitor.checkIfShouldCopy(oldOverrides)) {
    113116        bool* newOverrides = static_cast<bool*>(visitor.allocateNewSpace(thisObject->overridesSize()));
    114117        memcpy(newOverrides, oldOverrides, thisObject->m_length);
    115         thisObject->m_overrides.setWithoutBarrier(newOverrides);
     118        thisObject->m_overrides.setWithoutWriteBarrier(newOverrides);
    116119        visitor.didCopy(oldOverrides, thisObject->overridesSize());
    117120    }
     
    133136    void* backingStore;
    134137    RELEASE_ASSERT(vm.heap.tryAllocateStorage(this, overridesSize(), &backingStore));
    135     bool* overrides = static_cast<bool*>(backingStore);
    136     m_overrides.set(vm, this, overrides);
     138    m_overrides.set(vm, this, static_cast<bool*>(backingStore));
    137139    for (unsigned i = m_length; i--;)
    138         overrides[i] = false;
     140        m_overrides.get()[i] = false;
    139141}
    140142
     
    148150{
    149151    overrideThingsIfNecessary(vm);
    150     m_overrides.get(this)[index] = true;
     152    m_overrides.get()[index] = true;
    151153}
    152154
  • tags/Safari-602.1.7/Source/JavaScriptCore/runtime/DirectArguments.h

    r190896 r191150  
    7474    bool canAccessIndexQuickly(uint32_t i) const
    7575    {
    76         return i < m_length && (!m_overrides || !m_overrides.get(this)[i]);
     76        return i < m_length && (!m_overrides || !m_overrides.get()[i]);
    7777    }
    7878
     
    149149    uint32_t m_length; // Always the actual length of captured arguments and never what was stored into the length property.
    150150    uint32_t m_minCapacity; // The max of this and length determines the capacity of this object. It may be the actual capacity, or maybe something smaller. We arrange it this way to be kind to the JITs.
    151     CopyBarrier<bool> m_overrides; // If non-null, it means that length, callee, and caller are fully materialized properties.
     151    CopyWriteBarrier<bool> m_overrides; // If non-null, it means that length, callee, and caller are fully materialized properties.
    152152};
    153153
  • tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSArray.cpp

    r190896 r191150  
    393393bool JSArray::setLength(ExecState* exec, unsigned newLength, bool throwException)
    394394{
    395     Butterfly* butterfly = m_butterfly.get(this);
    396395    switch (indexingType()) {
    397396    case ArrayClass:
     
    410409    case ArrayWithDouble:
    411410    case ArrayWithContiguous: {
    412         if (newLength == butterfly->publicLength())
     411        if (newLength == m_butterfly->publicLength())
    413412            return true;
    414413        if (newLength >= MAX_ARRAY_INDEX // This case ensures that we can do fast push.
     
    419418                ensureArrayStorage(exec->vm()));
    420419        }
    421         if (newLength > butterfly->publicLength()) {
     420        if (newLength > m_butterfly->publicLength()) {
    422421            ensureLength(exec->vm(), newLength);
    423422            return true;
    424423        }
    425424
    426         unsigned lengthToClear = butterfly->publicLength() - newLength;
     425        unsigned lengthToClear = m_butterfly->publicLength() - newLength;
    427426        unsigned costToAllocateNewButterfly = 64; // a heuristic.
    428427        if (lengthToClear > newLength && lengthToClear > costToAllocateNewButterfly) {
     
    432431
    433432        if (indexingType() == ArrayWithDouble) {
    434             for (unsigned i = butterfly->publicLength(); i-- > newLength;)
    435                 butterfly->contiguousDouble()[i] = PNaN;
     433            for (unsigned i = m_butterfly->publicLength(); i-- > newLength;)
     434                m_butterfly->contiguousDouble()[i] = PNaN;
    436435        } else {
    437             for (unsigned i = butterfly->publicLength(); i-- > newLength;)
    438                 butterfly->contiguous()[i].clear();
    439         }
    440         butterfly->setPublicLength(newLength);
     436            for (unsigned i = m_butterfly->publicLength(); i-- > newLength;)
     437                m_butterfly->contiguous()[i].clear();
     438        }
     439        m_butterfly->setPublicLength(newLength);
    441440        return true;
    442441    }
     
    454453JSValue JSArray::pop(ExecState* exec)
    455454{
    456     Butterfly* butterfly = m_butterfly.get(this);
    457    
    458455    switch (indexingType()) {
    459456    case ArrayClass:
     
    461458       
    462459    case ArrayWithUndecided:
    463         if (!butterfly->publicLength())
     460        if (!m_butterfly->publicLength())
    464461            return jsUndefined();
    465462        // We have nothing but holes. So, drop down to the slow version.
     
    468465    case ArrayWithInt32:
    469466    case ArrayWithContiguous: {
    470         unsigned length = butterfly->publicLength();
     467        unsigned length = m_butterfly->publicLength();
    471468       
    472469        if (!length--)
    473470            return jsUndefined();
    474471       
    475         RELEASE_ASSERT(length < butterfly->vectorLength());
    476         JSValue value = butterfly->contiguous()[length].get();
     472        RELEASE_ASSERT(length < m_butterfly->vectorLength());
     473        JSValue value = m_butterfly->contiguous()[length].get();
    477474        if (value) {
    478             butterfly->contiguous()[length].clear();
    479             butterfly->setPublicLength(length);
     475            m_butterfly->contiguous()[length].clear();
     476            m_butterfly->setPublicLength(length);
    480477            return value;
    481478        }
     
    484481       
    485482    case ArrayWithDouble: {
    486         unsigned length = butterfly->publicLength();
     483        unsigned length = m_butterfly->publicLength();
    487484       
    488485        if (!length--)
    489486            return jsUndefined();
    490487       
    491         RELEASE_ASSERT(length < butterfly->vectorLength());
    492         double value = butterfly->contiguousDouble()[length];
     488        RELEASE_ASSERT(length < m_butterfly->vectorLength());
     489        double value = m_butterfly->contiguousDouble()[length];
    493490        if (value == value) {
    494             butterfly->contiguousDouble()[length] = PNaN;
    495             butterfly->setPublicLength(length);
     491            m_butterfly->contiguousDouble()[length] = PNaN;
     492            m_butterfly->setPublicLength(length);
    496493            return JSValue(JSValue::EncodeAsDouble, value);
    497494        }
     
    500497       
    501498    case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES: {
    502         ArrayStorage* storage = butterfly->arrayStorage();
     499        ArrayStorage* storage = m_butterfly->arrayStorage();
    503500   
    504501        unsigned length = storage->length();
     
    551548void JSArray::push(ExecState* exec, JSValue value)
    552549{
    553     Butterfly* butterfly = m_butterfly.get(this);
    554    
    555550    switch (indexingType()) {
    556551    case ArrayClass: {
     
    572567        }
    573568
    574         unsigned length = butterfly->publicLength();
    575         ASSERT(length <= butterfly->vectorLength());
    576         if (length < butterfly->vectorLength()) {
    577             butterfly->contiguousInt32()[length].setWithoutWriteBarrier(value);
    578             butterfly->setPublicLength(length + 1);
     569        unsigned length = m_butterfly->publicLength();
     570        ASSERT(length <= m_butterfly->vectorLength());
     571        if (length < m_butterfly->vectorLength()) {
     572            m_butterfly->contiguousInt32()[length].setWithoutWriteBarrier(value);
     573            m_butterfly->setPublicLength(length + 1);
    579574            return;
    580575        }
     
    592587
    593588    case ArrayWithContiguous: {
    594         unsigned length = butterfly->publicLength();
    595         ASSERT(length <= butterfly->vectorLength());
    596         if (length < butterfly->vectorLength()) {
    597             butterfly->contiguous()[length].set(exec->vm(), this, value);
    598             butterfly->setPublicLength(length + 1);
     589        unsigned length = m_butterfly->publicLength();
     590        ASSERT(length <= m_butterfly->vectorLength());
     591        if (length < m_butterfly->vectorLength()) {
     592            m_butterfly->contiguous()[length].set(exec->vm(), this, value);
     593            m_butterfly->setPublicLength(length + 1);
    599594            return;
    600595        }
     
    624619        }
    625620
    626         unsigned length = butterfly->publicLength();
    627         ASSERT(length <= butterfly->vectorLength());
    628         if (length < butterfly->vectorLength()) {
    629             butterfly->contiguousDouble()[length] = valueAsDouble;
    630             butterfly->setPublicLength(length + 1);
     621        unsigned length = m_butterfly->publicLength();
     622        ASSERT(length <= m_butterfly->vectorLength());
     623        if (length < m_butterfly->vectorLength()) {
     624            m_butterfly->contiguousDouble()[length] = valueAsDouble;
     625            m_butterfly->setPublicLength(length + 1);
    631626            return;
    632627        }
     
    654649       
    655650    case ArrayWithArrayStorage: {
    656         ArrayStorage* storage = butterfly->arrayStorage();
     651        ArrayStorage* storage = m_butterfly->arrayStorage();
    657652
    658653        // Fast case - push within vector, always update m_length & m_numValuesInVector.
     
    702697        auto& resultButterfly = *resultArray->butterfly();
    703698        if (arrayType == ArrayWithDouble)
    704             memcpy(resultButterfly.contiguousDouble().data(), m_butterfly.get(this)->contiguousDouble().data() + startIndex, sizeof(JSValue) * count);
     699            memcpy(resultButterfly.contiguousDouble().data(), m_butterfly->contiguousDouble().data() + startIndex, sizeof(JSValue) * count);
    705700        else
    706             memcpy(resultButterfly.contiguous().data(), m_butterfly.get(this)->contiguous().data() + startIndex, sizeof(JSValue) * count);
     701            memcpy(resultButterfly.contiguous().data(), m_butterfly->contiguous().data() + startIndex, sizeof(JSValue) * count);
    707702        resultButterfly.setPublicLength(count);
    708703
     
    721716    ASSERT(newArrayType == fastConcatType(vm, *this, otherArray));
    722717
    723     unsigned thisArraySize = m_butterfly.get(this)->publicLength();
    724     unsigned otherArraySize = otherArray.m_butterfly.get(this)->publicLength();
     718    unsigned thisArraySize = m_butterfly->publicLength();
     719    unsigned otherArraySize = otherArray.m_butterfly->publicLength();
    725720    ASSERT(thisArraySize + otherArraySize < MIN_SPARSE_ARRAY_INDEX);
    726721
     
    734729    if (newArrayType == ArrayWithDouble) {
    735730        auto buffer = resultButterfly.contiguousDouble().data();
    736         memcpy(buffer, m_butterfly.get(this)->contiguousDouble().data(), sizeof(JSValue) * thisArraySize);
     731        memcpy(buffer, m_butterfly->contiguousDouble().data(), sizeof(JSValue) * thisArraySize);
    737732        memcpy(buffer + thisArraySize, otherButterfly.contiguousDouble().data(), sizeof(JSValue) * otherArraySize);
    738733    } else {
    739734        auto buffer = resultButterfly.contiguous().data();
    740         memcpy(buffer, m_butterfly.get(this)->contiguous().data(), sizeof(JSValue) * thisArraySize);
     735        memcpy(buffer, m_butterfly->contiguous().data(), sizeof(JSValue) * thisArraySize);
    741736        memcpy(buffer + thisArraySize, otherButterfly.contiguous().data(), sizeof(JSValue) * otherArraySize);
    742737    }
     
    811806        // the start of the Butterfly, which needs to point at the first indexed property in the used
    812807        // portion of the vector.
    813         Butterfly* butterfly = m_butterfly.get(this)->shift(structure(), count);
    814         m_butterfly.setWithoutBarrier(butterfly);
    815         storage = butterfly->arrayStorage();
     808        m_butterfly.setWithoutWriteBarrier(m_butterfly->shift(structure(), count));
     809        storage = m_butterfly->arrayStorage();
    816810        storage->m_indexBias += count;
    817811
     
    855849    VM& vm = exec->vm();
    856850    RELEASE_ASSERT(count > 0);
    857 
    858     Butterfly* butterfly = m_butterfly.get(this);
    859851   
    860852    switch (indexingType()) {
     
    868860    case ArrayWithInt32:
    869861    case ArrayWithContiguous: {
    870         unsigned oldLength = butterfly->publicLength();
     862        unsigned oldLength = m_butterfly->publicLength();
    871863        RELEASE_ASSERT(count <= oldLength);
    872864       
     
    883875        if (this->structure(vm)->holesMustForwardToPrototype(vm)) {
    884876            for (unsigned i = startIndex; i < end; ++i) {
    885                 JSValue v = butterfly->contiguous()[i + count].get();
     877                JSValue v = m_butterfly->contiguous()[i + count].get();
    886878                if (UNLIKELY(!v)) {
    887879                    startIndex = i;
    888880                    return shiftCountWithArrayStorage(vm, startIndex, count, ensureArrayStorage(vm));
    889881                }
    890                 butterfly->contiguous()[i].setWithoutWriteBarrier(v);
     882                m_butterfly->contiguous()[i].setWithoutWriteBarrier(v);
    891883            }
    892884        } else {
    893             memmove(butterfly->contiguous().data() + startIndex,
    894                 butterfly->contiguous().data() + startIndex + count,
     885            memmove(m_butterfly->contiguous().data() + startIndex,
     886                m_butterfly->contiguous().data() + startIndex + count,
    895887                sizeof(JSValue) * (end - startIndex));
    896888        }
    897889
    898890        for (unsigned i = end; i < oldLength; ++i)
    899             butterfly->contiguous()[i].clear();
    900        
    901         butterfly->setPublicLength(oldLength - count);
     891            m_butterfly->contiguous()[i].clear();
     892       
     893        m_butterfly->setPublicLength(oldLength - count);
    902894        return true;
    903895    }
    904896       
    905897    case ArrayWithDouble: {
    906         unsigned oldLength = butterfly->publicLength();
     898        unsigned oldLength = m_butterfly->publicLength();
    907899        RELEASE_ASSERT(count <= oldLength);
    908900       
     
    919911        if (this->structure(vm)->holesMustForwardToPrototype(vm)) {
    920912            for (unsigned i = startIndex; i < end; ++i) {
    921                 double v = butterfly->contiguousDouble()[i + count];
     913                double v = m_butterfly->contiguousDouble()[i + count];
    922914                if (UNLIKELY(v != v)) {
    923915                    startIndex = i;
    924916                    return shiftCountWithArrayStorage(vm, startIndex, count, ensureArrayStorage(vm));
    925917                }
    926                 butterfly->contiguousDouble()[i] = v;
     918                m_butterfly->contiguousDouble()[i] = v;
    927919            }
    928920        } else {
    929             memmove(butterfly->contiguousDouble().data() + startIndex,
    930                 butterfly->contiguousDouble().data() + startIndex + count,
     921            memmove(m_butterfly->contiguousDouble().data() + startIndex,
     922                m_butterfly->contiguousDouble().data() + startIndex + count,
    931923                sizeof(JSValue) * (end - startIndex));
    932924        }
    933925        for (unsigned i = end; i < oldLength; ++i)
    934             butterfly->contiguousDouble()[i] = PNaN;
    935        
    936         butterfly->setPublicLength(oldLength - count);
     926            m_butterfly->contiguousDouble()[i] = PNaN;
     927       
     928        m_butterfly->setPublicLength(oldLength - count);
    937929        return true;
    938930    }
     
    995987bool JSArray::unshiftCountWithAnyIndexingType(ExecState* exec, unsigned startIndex, unsigned count)
    996988{
    997     Butterfly* butterfly = m_butterfly.get(this);
    998    
    999989    switch (indexingType()) {
    1000990    case ArrayClass:
     
    1005995    case ArrayWithInt32:
    1006996    case ArrayWithContiguous: {
    1007         unsigned oldLength = butterfly->publicLength();
     997        unsigned oldLength = m_butterfly->publicLength();
    1008998       
    1009999        // We may have to walk the entire array to do the unshift. We're willing to do so
     
    10131003       
    10141004        ensureLength(exec->vm(), oldLength + count);
    1015         butterfly = m_butterfly.get(this);
    10161005
    10171006        // We have to check for holes before we start moving things around so that we don't get halfway
    10181007        // through shifting and then realize we should have been in ArrayStorage mode.
    10191008        for (unsigned i = oldLength; i-- > startIndex;) {
    1020             JSValue v = butterfly->contiguous()[i].get();
     1009            JSValue v = m_butterfly->contiguous()[i].get();
    10211010            if (UNLIKELY(!v))
    10221011                return unshiftCountWithArrayStorage(exec, startIndex, count, ensureArrayStorage(exec->vm()));
     
    10241013
    10251014        for (unsigned i = oldLength; i-- > startIndex;) {
    1026             JSValue v = butterfly->contiguous()[i].get();
     1015            JSValue v = m_butterfly->contiguous()[i].get();
    10271016            ASSERT(v);
    1028             butterfly->contiguous()[i + count].setWithoutWriteBarrier(v);
     1017            m_butterfly->contiguous()[i + count].setWithoutWriteBarrier(v);
    10291018        }
    10301019       
     
    10381027       
    10391028    case ArrayWithDouble: {
    1040         unsigned oldLength = butterfly->publicLength();
     1029        unsigned oldLength = m_butterfly->publicLength();
    10411030       
    10421031        // We may have to walk the entire array to do the unshift. We're willing to do so
     
    10461035       
    10471036        ensureLength(exec->vm(), oldLength + count);
    1048         butterfly = m_butterfly.get(this);
    10491037       
    10501038        // We have to check for holes before we start moving things around so that we don't get halfway
    10511039        // through shifting and then realize we should have been in ArrayStorage mode.
    10521040        for (unsigned i = oldLength; i-- > startIndex;) {
    1053             double v = butterfly->contiguousDouble()[i];
     1041            double v = m_butterfly->contiguousDouble()[i];
    10541042            if (UNLIKELY(v != v))
    10551043                return unshiftCountWithArrayStorage(exec, startIndex, count, ensureArrayStorage(exec->vm()));
     
    10571045
    10581046        for (unsigned i = oldLength; i-- > startIndex;) {
    1059             double v = butterfly->contiguousDouble()[i];
     1047            double v = m_butterfly->contiguousDouble()[i];
    10601048            ASSERT(v == v);
    1061             butterfly->contiguousDouble()[i + count] = v;
     1049            m_butterfly->contiguousDouble()[i + count] = v;
    10621050        }
    10631051       
     
    10851073    unsigned vectorEnd;
    10861074    WriteBarrier<Unknown>* vector;
    1087 
    1088     Butterfly* butterfly = m_butterfly.get(this);
    10891075   
    10901076    switch (indexingType()) {
     
    11001086    case ArrayWithInt32:
    11011087    case ArrayWithContiguous: {
    1102         vectorEnd = butterfly->publicLength();
    1103         vector = butterfly->contiguous().data();
     1088        vectorEnd = m_butterfly->publicLength();
     1089        vector = m_butterfly->contiguous().data();
    11041090        break;
    11051091    }
     
    11081094        vector = 0;
    11091095        vectorEnd = 0;
    1110         for (; i < butterfly->publicLength(); ++i) {
    1111             double v = butterfly->contiguousDouble()[i];
     1096        for (; i < m_butterfly->publicLength(); ++i) {
     1097            double v = butterfly()->contiguousDouble()[i];
    11121098            if (v != v)
    11131099                break;
     
    11181104   
    11191105    case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES: {
    1120         ArrayStorage* storage = butterfly->arrayStorage();
     1106        ArrayStorage* storage = m_butterfly->arrayStorage();
    11211107       
    11221108        vector = storage->m_vector;
     
    11561142    ASSERT(length == this->length());
    11571143
    1158     Butterfly* butterfly = m_butterfly.get(this);
    1159    
    11601144    switch (indexingType()) {
    11611145    case ArrayClass:
     
    11701154    case ArrayWithInt32:
    11711155    case ArrayWithContiguous: {
    1172         vector = butterfly->contiguous().data();
    1173         vectorEnd = butterfly->publicLength();
     1156        vector = m_butterfly->contiguous().data();
     1157        vectorEnd = m_butterfly->publicLength();
    11741158        break;
    11751159    }
     
    11781162        vector = 0;
    11791163        vectorEnd = 0;
    1180         for (; i < butterfly->publicLength(); ++i) {
    1181             ASSERT(i < butterfly->vectorLength());
    1182             double v = butterfly->contiguousDouble()[i];
     1164        for (; i < m_butterfly->publicLength(); ++i) {
     1165            ASSERT(i < butterfly()->vectorLength());
     1166            double v = m_butterfly->contiguousDouble()[i];
    11831167            if (v != v)
    11841168                break;
     
    11891173       
    11901174    case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES: {
    1191         ArrayStorage* storage = butterfly->arrayStorage();
     1175        ArrayStorage* storage = m_butterfly->arrayStorage();
    11921176        vector = storage->m_vector;
    11931177        vectorEnd = min(length, storage->vectorLength());
  • tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp

    r190896 r191150  
    8989    unsigned byteOffset, unsigned length)
    9090    : m_structure(structure)
     91    , m_vector(static_cast<uint8_t*>(arrayBuffer->data()) + byteOffset)
    9192    , m_length(length)
    9293    , m_mode(WastefulTypedArray)
    9394{
    94     m_vector = static_cast<uint8_t*>(arrayBuffer->data()) + byteOffset;
    9595    IndexingHeader indexingHeader;
    9696    indexingHeader.setArrayBuffer(arrayBuffer.get());
     
    102102    unsigned byteOffset, unsigned length, DataViewTag)
    103103    : m_structure(structure)
     104    , m_vector(static_cast<uint8_t*>(arrayBuffer->data()) + byteOffset)
    104105    , m_length(length)
    105106    , m_mode(DataViewMode)
    106107    , m_butterfly(0)
    107108{
    108     m_vector = static_cast<uint8_t*>(arrayBuffer->data()) + byteOffset;
    109109}
    110110
    111111JSArrayBufferView::JSArrayBufferView(VM& vm, ConstructionContext& context)
    112112    : Base(vm, context.structure(), context.butterfly())
     113    , m_vector(context.vector())
    113114    , m_length(context.length())
    114115    , m_mode(context.mode())
    115116{
    116     m_vector.setWithoutBarrier(static_cast<char*>(context.vector()));
    117117}
    118118
     
    216216    ASSERT(thisObject->m_mode == OversizeTypedArray || thisObject->m_mode == WastefulTypedArray);
    217217    if (thisObject->m_mode == OversizeTypedArray)
    218         fastFree(thisObject->m_vector.getWithoutBarrier());
     218        fastFree(thisObject->m_vector);
    219219}
    220220
  • tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSArrayBufferView.h

    r190896 r191150  
    162162    void neuter();
    163163   
    164     void* vector() { return m_vector.get(this); }
     164    void* vector() { return m_vector; }
    165165    unsigned byteOffset();
    166166    unsigned length() const { return m_length; }
     
    178178    ArrayBuffer* existingBufferInButterfly();
    179179
    180     CopyBarrier<char> m_vector; // this is really a void*, but void would not work here.
     180    void* m_vector;
    181181    uint32_t m_length;
    182182    TypedArrayMode m_mode;
  • tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h

    r190896 r191150  
    6060    ASSERT(hasArrayBuffer());
    6161    m_length = 0;
    62     m_vector.clear();
     62    m_vector = 0;
    6363}
    6464
     
    6969   
    7070    ptrdiff_t delta =
    71         bitwise_cast<uint8_t*>(m_vector.get(this)) - static_cast<uint8_t*>(buffer()->data());
     71        static_cast<uint8_t*>(m_vector) - static_cast<uint8_t*>(buffer()->data());
    7272   
    7373    unsigned result = static_cast<unsigned>(delta);
  • tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h

    r190896 r191150  
    109109    const typename Adaptor::Type* typedVector() const
    110110    {
    111         return bitwise_cast<const typename Adaptor::Type*>(m_vector.get(this));
     111        return static_cast<const typename Adaptor::Type*>(m_vector);
    112112    }
    113113    typename Adaptor::Type* typedVector()
    114114    {
    115         return bitwise_cast<typename Adaptor::Type*>(m_vector.get(this));
     115        return static_cast<typename Adaptor::Type*>(m_vector);
    116116    }
    117117
  • tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h

    r190896 r191150  
    442442    case FastTypedArray: {
    443443        if (thisObject->m_vector)
    444             visitor.copyLater(thisObject, TypedArrayVectorCopyToken, thisObject->m_vector.getWithoutBarrier(), thisObject->byteSize());
     444            visitor.copyLater(thisObject, TypedArrayVectorCopyToken, thisObject->m_vector, thisObject->byteSize());
    445445        break;
    446446    }
     
    469469   
    470470    if (token == TypedArrayVectorCopyToken
    471         && visitor.checkIfShouldCopy(thisObject->m_vector.getWithoutBarrier())) {
     471        && visitor.checkIfShouldCopy(thisObject->m_vector)) {
    472472        ASSERT(thisObject->m_vector);
    473         void* oldVector = thisObject->m_vector.get(thisObject);
     473        void* oldVector = thisObject->m_vector;
    474474        void* newVector = visitor.allocateNewSpace(thisObject->byteSize());
    475475        memcpy(newVector, oldVector, thisObject->byteSize());
    476         thisObject->m_vector.setWithoutBarrier(static_cast<char*>(newVector));
     476        thisObject->m_vector = newVector;
    477477        visitor.didCopy(oldVector, thisObject->byteSize());
    478478    }
     
    509509        ASSERT(thisObject->m_vector);
    510510        // Reuse already allocated memory if at all possible.
    511         thisObject->m_butterfly.setWithoutBarrier(
    512             bitwise_cast<IndexingHeader*>(thisObject->m_vector.get(thisObject))->butterfly());
     511        thisObject->m_butterfly.setWithoutWriteBarrier(
     512            static_cast<IndexingHeader*>(thisObject->m_vector)->butterfly());
    513513    } else {
    514514        VM& vm = *heap->vm();
     
    522522    switch (thisObject->m_mode) {
    523523    case FastTypedArray:
    524         buffer = ArrayBuffer::create(thisObject->m_vector.get(thisObject), thisObject->byteLength());
     524        buffer = ArrayBuffer::create(thisObject->m_vector, thisObject->byteLength());
    525525        break;
    526526       
     
    529529        // cost, since right now this case will cause the GC to think that we reallocated
    530530        // the whole buffer.
    531         buffer = ArrayBuffer::createAdopted(thisObject->m_vector.get(thisObject), thisObject->byteLength());
     531        buffer = ArrayBuffer::createAdopted(thisObject->m_vector, thisObject->byteLength());
    532532        break;
    533533       
     
    538538
    539539    thisObject->butterfly()->indexingHeader()->setArrayBuffer(buffer.get());
    540     thisObject->m_vector.setWithoutBarrier(static_cast<char*>(buffer->data()));
     540    thisObject->m_vector = buffer->data();
    541541    thisObject->m_mode = WastefulTypedArray;
    542542    heap->addReference(thisObject, buffer.get());
  • tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSMap.h

    r190896 r191150  
    118118    JSMap(VM& vm, Structure* structure)
    119119        : Base(vm, structure)
    120         , m_mapData(vm, this)
     120        , m_mapData(vm)
    121121    {
    122122    }
  • tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSObject.cpp

    r191149 r191150  
    151151        }
    152152       
    153         m_butterfly.setWithoutBarrier(newButterfly);
     153        m_butterfly.setWithoutWriteBarrier(newButterfly);
    154154        visitor.didCopy(butterfly->base(preCapacity, propertyCapacity), capacityInBytes);
    155155    }
     
    207207    JSCell::visitChildren(thisObject, visitor);
    208208
    209     Butterfly* butterfly = thisObject->m_butterfly.getWithoutBarrier();
     209    Butterfly* butterfly = thisObject->butterfly();
    210210    if (butterfly)
    211211        thisObject->visitButterfly(visitor, butterfly, thisObject->structure(visitor.vm())->outOfLineSize());
     
    224224        return;
    225225   
    226     Butterfly* butterfly = thisObject->m_butterfly.getWithoutBarrier();
     226    Butterfly* butterfly = thisObject->butterfly();
    227227    if (butterfly)
    228228        thisObject->copyButterfly(visitor, butterfly, thisObject->structure()->outOfLineSize());
     
    342342       
    343343    case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
    344         ArrayStorage* storage = thisObject->m_butterfly.get(thisObject)->arrayStorage();
     344        ArrayStorage* storage = thisObject->m_butterfly->arrayStorage();
    345345        if (i >= storage->length())
    346346            return false;
     
    515515    case NonArrayWithArrayStorage:
    516516    case ArrayWithArrayStorage: {
    517         ArrayStorage* storage = thisObject->m_butterfly.get(thisObject)->arrayStorage();
     517        ArrayStorage* storage = thisObject->m_butterfly->arrayStorage();
    518518       
    519519        if (propertyName >= storage->vectorLength())
     
    537537    case NonArrayWithSlowPutArrayStorage:
    538538    case ArrayWithSlowPutArrayStorage: {
    539         ArrayStorage* storage = thisObject->m_butterfly.get(thisObject)->arrayStorage();
     539        ArrayStorage* storage = thisObject->m_butterfly->arrayStorage();
    540540       
    541541        if (propertyName >= storage->vectorLength())
     
    614614        break;
    615615    case ALL_ARRAY_STORAGE_INDEXING_TYPES:
    616         enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, m_butterfly.get(this)->arrayStorage());
     616        enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, m_butterfly->arrayStorage());
    617617        break;
    618618       
     
    644644    unsigned vectorLength = std::max(length, BASE_VECTOR_LEN);
    645645    Butterfly* newButterfly = Butterfly::createOrGrowArrayRight(
    646         m_butterfly.get(this), vm, this, structure(), structure()->outOfLineCapacity(), false, 0,
     646        m_butterfly.get(), vm, this, structure(), structure()->outOfLineCapacity(), false, 0,
    647647        elementSize * vectorLength);
    648648    newButterfly->setPublicLength(length);
     
    696696    ASSERT_UNUSED(oldType, !hasIndexedProperties(oldType));
    697697    Butterfly* newButterfly = Butterfly::createOrGrowArrayRight(
    698         m_butterfly.get(this), vm, this, structure, structure->outOfLineCapacity(), false, 0,
     698        m_butterfly.get(), vm, this, structure, structure->outOfLineCapacity(), false, 0,
    699699        ArrayStorage::sizeFor(vectorLength));
    700700    RELEASE_ASSERT(newButterfly);
     
    720720    ASSERT(hasUndecided(indexingType()));
    721721    setStructure(vm, Structure::nonPropertyTransition(vm, structure(vm), AllocateInt32));
    722     return m_butterfly.get(this)->contiguousInt32();
     722    return m_butterfly->contiguousInt32();
    723723}
    724724
     
    726726{
    727727    ASSERT(hasUndecided(indexingType()));
    728 
    729     Butterfly* butterfly = m_butterfly.get(this);
    730     for (unsigned i = butterfly->vectorLength(); i--;)
    731         butterfly->contiguousDouble()[i] = PNaN;
     728   
     729    for (unsigned i = m_butterfly->vectorLength(); i--;)
     730        m_butterfly->contiguousDouble()[i] = PNaN;
    732731   
    733732    setStructure(vm, Structure::nonPropertyTransition(vm, structure(vm), AllocateDouble));
    734     return m_butterfly.get(this)->contiguousDouble();
     733    return m_butterfly->contiguousDouble();
    735734}
    736735
     
    739738    ASSERT(hasUndecided(indexingType()));
    740739    setStructure(vm, Structure::nonPropertyTransition(vm, structure(vm), AllocateContiguous));
    741     return m_butterfly.get(this)->contiguous();
     740    return m_butterfly->contiguous();
    742741}
    743742
     
    745744{
    746745    Structure* structure = this->structure(vm);
    747     unsigned publicLength = m_butterfly.get(this)->publicLength();
     746    unsigned publicLength = m_butterfly->publicLength();
    748747    unsigned propertyCapacity = structure->outOfLineCapacity();
    749748    unsigned propertySize = structure->outOfLineSize();
     
    754753    memcpy(
    755754        newButterfly->propertyStorage() - propertySize,
    756         m_butterfly.get(this)->propertyStorage() - propertySize,
     755        m_butterfly->propertyStorage() - propertySize,
    757756        propertySize * sizeof(EncodedJSValue));
    758757   
     
    772771    ASSERT(hasUndecided(indexingType()));
    773772
    774     unsigned vectorLength = m_butterfly.get(this)->vectorLength();
     773    unsigned vectorLength = m_butterfly->vectorLength();
    775774    ArrayStorage* storage = constructConvertedArrayStorageWithoutCopyingElements(vm, vectorLength);
    776775    // No need to copy elements.
     
    789788{
    790789    ASSERT(hasInt32(indexingType()));
    791 
    792     Butterfly* butterfly = m_butterfly.get(this);
    793     for (unsigned i = butterfly->vectorLength(); i--;) {
    794         WriteBarrier<Unknown>* current = &butterfly->contiguousInt32()[i];
     790   
     791    for (unsigned i = m_butterfly->vectorLength(); i--;) {
     792        WriteBarrier<Unknown>* current = &m_butterfly->contiguousInt32()[i];
    795793        double* currentAsDouble = bitwise_cast<double*>(current);
    796794        JSValue v = current->get();
     
    804802   
    805803    setStructure(vm, Structure::nonPropertyTransition(vm, structure(vm), AllocateDouble));
    806     return m_butterfly.get(this)->contiguousDouble();
     804    return m_butterfly->contiguousDouble();
    807805}
    808806
     
    812810   
    813811    setStructure(vm, Structure::nonPropertyTransition(vm, structure(vm), AllocateContiguous));
    814     return m_butterfly.get(this)->contiguous();
     812    return m_butterfly->contiguous();
    815813}
    816814
     
    820818    ASSERT(hasInt32(indexingType()));
    821819
    822     unsigned vectorLength = m_butterfly.get(this)->vectorLength();
     820    unsigned vectorLength = m_butterfly->vectorLength();
    823821    ArrayStorage* newStorage = constructConvertedArrayStorageWithoutCopyingElements(vm, vectorLength);
    824     Butterfly* butterfly = m_butterfly.get(this);
    825     for (unsigned i = 0; i < butterfly->publicLength(); i++) {
    826         JSValue v = butterfly->contiguous()[i].get();
     822    for (unsigned i = 0; i < m_butterfly->publicLength(); i++) {
     823        JSValue v = m_butterfly->contiguous()[i].get();
    827824        if (v) {
    828825            newStorage->m_vector[i].setWithoutWriteBarrier(v);
     
    845842{
    846843    ASSERT(hasDouble(indexingType()));
    847 
    848     Butterfly* butterfly = m_butterfly.get(this);
    849     for (unsigned i = butterfly->vectorLength(); i--;) {
    850         double* current = &butterfly->contiguousDouble()[i];
     844   
     845    for (unsigned i = m_butterfly->vectorLength(); i--;) {
     846        double* current = &m_butterfly->contiguousDouble()[i];
    851847        WriteBarrier<Unknown>* currentAsValue = bitwise_cast<WriteBarrier<Unknown>*>(current);
    852848        double value = *current;
     
    860856   
    861857    setStructure(vm, Structure::nonPropertyTransition(vm, structure(vm), AllocateContiguous));
    862     return m_butterfly.get(this)->contiguous();
     858    return m_butterfly->contiguous();
    863859}
    864860
     
    868864    ASSERT(hasDouble(indexingType()));
    869865
    870     unsigned vectorLength = m_butterfly.get(this)->vectorLength();
     866    unsigned vectorLength = m_butterfly->vectorLength();
    871867    ArrayStorage* newStorage = constructConvertedArrayStorageWithoutCopyingElements(vm, vectorLength);
    872     Butterfly* butterfly = m_butterfly.get(this);
    873     for (unsigned i = 0; i < butterfly->publicLength(); i++) {
    874         double value = butterfly->contiguousDouble()[i];
     868    for (unsigned i = 0; i < m_butterfly->publicLength(); i++) {
     869        double value = m_butterfly->contiguousDouble()[i];
    875870        if (value == value) {
    876871            newStorage->m_vector[i].setWithoutWriteBarrier(JSValue(JSValue::EncodeAsDouble, value));
     
    895890    ASSERT(hasContiguous(indexingType()));
    896891
    897     unsigned vectorLength = m_butterfly.get(this)->vectorLength();
     892    unsigned vectorLength = m_butterfly->vectorLength();
    898893    ArrayStorage* newStorage = constructConvertedArrayStorageWithoutCopyingElements(vm, vectorLength);
    899     Butterfly* butterfly = m_butterfly.get(this);
    900     for (unsigned i = 0; i < butterfly->publicLength(); i++) {
    901         JSValue v = butterfly->contiguous()[i].get();
     894    for (unsigned i = 0; i < m_butterfly->publicLength(); i++) {
     895        JSValue v = m_butterfly->contiguous()[i].get();
    902896        if (v) {
    903897            newStorage->m_vector[i].setWithoutWriteBarrier(v);
     
    964958void JSObject::setIndexQuicklyToUndecided(VM& vm, unsigned index, JSValue value)
    965959{
    966     ASSERT(index < m_butterfly.get(this)->publicLength());
    967     ASSERT(index < m_butterfly.get(this)->vectorLength());
     960    ASSERT(index < m_butterfly->publicLength());
     961    ASSERT(index < m_butterfly->vectorLength());
    968962    convertUndecidedForValue(vm, value);
    969963    setIndexQuickly(vm, index, value);
     
    11211115       
    11221116    case ALL_ARRAY_STORAGE_INDEXING_TYPES:
    1123         return enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, m_butterfly.get(this)->arrayStorage());
     1117        return enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, m_butterfly->arrayStorage());
    11241118       
    11251119    default:
     
    13631357       
    13641358    case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
    1365         ArrayStorage* storage = thisObject->m_butterfly.get(thisObject)->arrayStorage();
     1359        ArrayStorage* storage = thisObject->m_butterfly->arrayStorage();
    13661360       
    13671361        if (i < storage->vectorLength()) {
     
    15531547           
    15541548        case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
    1555             ArrayStorage* storage = object->m_butterfly.get(object)->arrayStorage();
     1549            ArrayStorage* storage = object->m_butterfly->arrayStorage();
    15561550           
    15571551            unsigned usedVectorLength = std::min(storage->length(), storage->vectorLength());
     
    17061700{
    17071701    VM& vm = exec->vm();
    1708     auto map = m_butterfly.get(this)->arrayStorage()->m_sparseMap.get();
     1702    auto map = m_butterfly->arrayStorage()->m_sparseMap.get();
    17091703
    17101704    if (descriptor.isDataDescriptor()) {
     
    17651759        notifyPresenceOfIndexedAccessors(exec->vm());
    17661760
    1767     SparseArrayValueMap* map = m_butterfly.get(this)->arrayStorage()->m_sparseMap.get();
     1761    SparseArrayValueMap* map = m_butterfly->arrayStorage()->m_sparseMap.get();
    17681762    RELEASE_ASSERT(map);
    17691763
     
    17971791
    17981792        putIndexedDescriptor(exec, entryInMap, descriptor, defaults);
    1799         Butterfly* butterfly = m_butterfly.get(this);
    1800         if (index >= butterfly->arrayStorage()->length())
    1801             butterfly->arrayStorage()->setLength(index + 1);
     1793        if (index >= m_butterfly->arrayStorage()->length())
     1794            m_butterfly->arrayStorage()->setLength(index + 1);
    18021795        return true;
    18031796    }
     
    19191912    ASSERT((indexingType() & IndexingShapeMask) == indexingShape);
    19201913    ASSERT(!indexingShouldBeSparse());
    1921 
    1922     Butterfly* butterfly = m_butterfly.get(this);
    19231914   
    19241915    // For us to get here, the index is either greater than the public length, or greater than
    19251916    // or equal to the vector length.
    1926     ASSERT(i >= butterfly->vectorLength());
     1917    ASSERT(i >= m_butterfly->vectorLength());
    19271918   
    19281919    VM& vm = exec->vm();
     
    19301921    if (i >= MAX_ARRAY_INDEX - 1
    19311922        || (i >= MIN_SPARSE_ARRAY_INDEX
    1932             && !isDenseEnoughForVector(i, countElements<indexingShape>(butterfly)))
    1933         || indexIsSufficientlyBeyondLengthForSparseMap(i, butterfly->vectorLength())) {
     1923            && !isDenseEnoughForVector(i, countElements<indexingShape>(butterfly())))
     1924        || indexIsSufficientlyBeyondLengthForSparseMap(i, m_butterfly->vectorLength())) {
    19341925        ASSERT(i <= MAX_ARRAY_INDEX);
    19351926        ensureArrayStorageSlow(vm);
     
    19421933
    19431934    ensureLength(vm, i + 1);
    1944     butterfly = m_butterfly.get(this);
    1945 
    1946     RELEASE_ASSERT(i < butterfly->vectorLength());
     1935
     1936    RELEASE_ASSERT(i < m_butterfly->vectorLength());
    19471937    switch (indexingShape) {
    19481938    case Int32Shape:
    19491939        ASSERT(value.isInt32());
    1950         butterfly->contiguousInt32()[i].setWithoutWriteBarrier(value);
     1940        m_butterfly->contiguousInt32()[i].setWithoutWriteBarrier(value);
    19511941        break;
    19521942       
     
    19551945        double valueAsDouble = value.asNumber();
    19561946        ASSERT(valueAsDouble == valueAsDouble);
    1957         butterfly->contiguousDouble()[i] = valueAsDouble;
     1947        m_butterfly->contiguousDouble()[i] = valueAsDouble;
    19581948        break;
    19591949    }
    19601950       
    19611951    case ContiguousShape:
    1962         butterfly->contiguous()[i].set(vm, this, value);
     1952        m_butterfly->contiguous()[i].set(vm, this, value);
    19631953        break;
    19641954       
     
    22342224    case ALL_INT32_INDEXING_TYPES: {
    22352225        if (attributes) {
    2236             if (i < m_butterfly.get(this)->vectorLength())
     2226            if (i < m_butterfly->vectorLength())
    22372227                return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm));
    22382228            return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, convertInt32ToArrayStorage(vm));
     
    22482238    case ALL_DOUBLE_INDEXING_TYPES: {
    22492239        if (attributes) {
    2250             if (i < m_butterfly.get(this)->vectorLength())
     2240            if (i < m_butterfly->vectorLength())
    22512241                return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm));
    22522242            return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, convertDoubleToArrayStorage(vm));
     
    22672257    case ALL_CONTIGUOUS_INDEXING_TYPES: {
    22682258        if (attributes) {
    2269             if (i < m_butterfly.get(this)->vectorLength())
     2259            if (i < m_butterfly->vectorLength())
    22702260                return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm));
    22712261            return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, convertContiguousToArrayStorage(vm));
     
    22772267    case ALL_ARRAY_STORAGE_INDEXING_TYPES:
    22782268        if (attributes) {
    2279             if (i < m_butterfly.get(this)->vectorLength())
     2269            if (i < m_butterfly->vectorLength())
    22802270                return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm));
    22812271        }
     
    23582348   
    23592349    if (hasIndexedProperties(indexingType())) {
    2360         vectorLength = m_butterfly.get(this)->vectorLength();
    2361         length = m_butterfly.get(this)->publicLength();
     2350        vectorLength = m_butterfly->vectorLength();
     2351        length = m_butterfly->publicLength();
    23622352    } else {
    23632353        vectorLength = 0;
     
    24652455void JSObject::ensureLengthSlow(VM& vm, unsigned length)
    24662456{
    2467     Butterfly* butterfly = m_butterfly.get(this);
    2468    
    24692457    ASSERT(length < MAX_ARRAY_INDEX);
    24702458    ASSERT(hasContiguous(indexingType()) || hasInt32(indexingType()) || hasDouble(indexingType()) || hasUndecided(indexingType()));
    2471     ASSERT(length > butterfly->vectorLength());
     2459    ASSERT(length > m_butterfly->vectorLength());
    24722460   
    24732461    unsigned newVectorLength = std::min(
    24742462        length << 1,
    24752463        MAX_STORAGE_VECTOR_LENGTH);
    2476     unsigned oldVectorLength = butterfly->vectorLength();
     2464    unsigned oldVectorLength = m_butterfly->vectorLength();
    24772465    DeferGC deferGC(vm.heap);
    2478     butterfly = butterfly->growArrayRight(
     2466    m_butterfly.set(vm, this, m_butterfly->growArrayRight(
    24792467        vm, this, structure(), structure()->outOfLineCapacity(), true,
    24802468        oldVectorLength * sizeof(EncodedJSValue),
    2481         newVectorLength * sizeof(EncodedJSValue));
    2482     m_butterfly.set(vm, this, butterfly);
    2483 
    2484     butterfly->setVectorLength(newVectorLength);
     2469        newVectorLength * sizeof(EncodedJSValue)));
     2470
     2471    m_butterfly->setVectorLength(newVectorLength);
    24852472
    24862473    if (hasDouble(indexingType())) {
    24872474        for (unsigned i = oldVectorLength; i < newVectorLength; ++i)
    2488             butterfly->contiguousDouble().data()[i] = PNaN;
     2475            m_butterfly->contiguousDouble().data()[i] = PNaN;
    24892476    }
    24902477}
     
    24992486
    25002487    DeferGC deferGC(vm.heap);
    2501     Butterfly* newButterfly = m_butterfly.get(this)->resizeArray(vm, this, structure(), 0, ArrayStorage::sizeFor(length));
     2488    Butterfly* newButterfly = m_butterfly->resizeArray(vm, this, structure(), 0, ArrayStorage::sizeFor(length));
    25022489    m_butterfly.set(vm, this, newButterfly);
    2503     newButterfly->setVectorLength(length);
    2504     newButterfly->setPublicLength(length);
     2490    m_butterfly->setVectorLength(length);
     2491    m_butterfly->setPublicLength(length);
    25052492}
    25062493
     
    25122499    // capacity, since we might have already mutated the structure in-place.
    25132500   
    2514     return Butterfly::createOrGrowPropertyStorage(m_butterfly.get(this), vm, this, structure(vm), oldSize, newSize);
     2501    return Butterfly::createOrGrowPropertyStorage(m_butterfly.get(), vm, this, structure(vm), oldSize, newSize);
    25152502}
    25162503
     
    27992786       
    28002787    case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
    2801         ArrayStorage* storage = object->m_butterfly.get(object)->arrayStorage();
     2788        ArrayStorage* storage = object->m_butterfly->arrayStorage();
    28022789        if (storage->m_sparseMap.get())
    28032790            return 0;
  • tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSObject.h

    r190896 r191150  
    3131#include "ClassInfo.h"
    3232#include "CommonIdentifiers.h"
    33 #include "CopyBarrier.h"
     33#include "CopyWriteBarrier.h"
    3434#include "CustomGetterSetter.h"
    3535#include "DeferGC.h"
     
    132132        if (!hasIndexedProperties(indexingType()))
    133133            return 0;
    134         return m_butterfly.get(this)->publicLength();
     134        return m_butterfly->publicLength();
    135135    }
    136136       
     
    139139        if (!hasIndexedProperties(indexingType()))
    140140            return 0;
    141         return m_butterfly.get(this)->vectorLength();
     141        return m_butterfly->vectorLength();
    142142    }
    143143       
     
    182182    bool canGetIndexQuickly(unsigned i)
    183183    {
    184         Butterfly* butterfly = m_butterfly.get(this);
    185184        switch (indexingType()) {
    186185        case ALL_BLANK_INDEXING_TYPES:
     
    189188        case ALL_INT32_INDEXING_TYPES:
    190189        case ALL_CONTIGUOUS_INDEXING_TYPES:
    191             return i < butterfly->vectorLength() && butterfly->contiguous()[i];
     190            return i < m_butterfly->vectorLength() && m_butterfly->contiguous()[i];
    192191        case ALL_DOUBLE_INDEXING_TYPES: {
    193             if (i >= butterfly->vectorLength())
     192            if (i >= m_butterfly->vectorLength())
    194193                return false;
    195             double value = butterfly->contiguousDouble()[i];
     194            double value = m_butterfly->contiguousDouble()[i];
    196195            if (value != value)
    197196                return false;
     
    199198        }
    200199        case ALL_ARRAY_STORAGE_INDEXING_TYPES:
    201             return i < butterfly->arrayStorage()->vectorLength() && butterfly->arrayStorage()->m_vector[i];
     200            return i < m_butterfly->arrayStorage()->vectorLength() && m_butterfly->arrayStorage()->m_vector[i];
    202201        default:
    203202            RELEASE_ASSERT_NOT_REACHED();
     
    208207    JSValue getIndexQuickly(unsigned i)
    209208    {
    210         Butterfly* butterfly = m_butterfly.get(this);
    211209        switch (indexingType()) {
    212210        case ALL_INT32_INDEXING_TYPES:
    213             return jsNumber(butterfly->contiguous()[i].get().asInt32());
     211            return jsNumber(m_butterfly->contiguous()[i].get().asInt32());
    214212        case ALL_CONTIGUOUS_INDEXING_TYPES:
    215             return butterfly->contiguous()[i].get();
     213            return m_butterfly->contiguous()[i].get();
    216214        case ALL_DOUBLE_INDEXING_TYPES:
    217             return JSValue(JSValue::EncodeAsDouble, butterfly->contiguousDouble()[i]);
     215            return JSValue(JSValue::EncodeAsDouble, m_butterfly->contiguousDouble()[i]);
    218216        case ALL_ARRAY_STORAGE_INDEXING_TYPES:
    219             return butterfly->arrayStorage()->m_vector[i].get();
     217            return m_butterfly->arrayStorage()->m_vector[i].get();
    220218        default:
    221219            RELEASE_ASSERT_NOT_REACHED();
     
    226224    JSValue tryGetIndexQuickly(unsigned i) const
    227225    {
    228         Butterfly* butterfly = m_butterfly.get(this);
    229226        switch (indexingType()) {
    230227        case ALL_BLANK_INDEXING_TYPES:
     
    232229            break;
    233230        case ALL_INT32_INDEXING_TYPES:
    234             if (i < butterfly->publicLength()) {
    235                 JSValue result = butterfly->contiguous()[i].get();
     231            if (i < m_butterfly->publicLength()) {
     232                JSValue result = m_butterfly->contiguous()[i].get();
    236233                ASSERT(result.isInt32() || !result);
    237234                return result;
     
    239236            break;
    240237        case ALL_CONTIGUOUS_INDEXING_TYPES:
    241             if (i < butterfly->publicLength())
    242                 return butterfly->contiguous()[i].get();
     238            if (i < m_butterfly->publicLength())
     239                return m_butterfly->contiguous()[i].get();
    243240            break;
    244241        case ALL_DOUBLE_INDEXING_TYPES: {
    245             if (i >= butterfly->publicLength())
     242            if (i >= m_butterfly->publicLength())
    246243                break;
    247             double result = butterfly->contiguousDouble()[i];
     244            double result = m_butterfly->contiguousDouble()[i];
    248245            if (result != result)
    249246                break;
     
    251248        }
    252249        case ALL_ARRAY_STORAGE_INDEXING_TYPES:
    253             if (i < butterfly->arrayStorage()->vectorLength())
    254                 return butterfly->arrayStorage()->m_vector[i].get();
     250            if (i < m_butterfly->arrayStorage()->vectorLength())
     251                return m_butterfly->arrayStorage()->m_vector[i].get();
    255252            break;
    256253        default:
     
    280277    bool canSetIndexQuickly(unsigned i)
    281278    {
    282         Butterfly* butterfly = m_butterfly.get(this);
    283279        switch (indexingType()) {
    284280        case ALL_BLANK_INDEXING_TYPES:
     
    290286        case NonArrayWithArrayStorage:
    291287        case ArrayWithArrayStorage:
    292             return i < butterfly->vectorLength();
     288            return i < m_butterfly->vectorLength();
    293289        case NonArrayWithSlowPutArrayStorage:
    294290        case ArrayWithSlowPutArrayStorage:
    295             return i < butterfly->arrayStorage()->vectorLength()
    296                 && !!butterfly->arrayStorage()->m_vector[i];
     291            return i < m_butterfly->arrayStorage()->vectorLength()
     292                && !!m_butterfly->arrayStorage()->m_vector[i];
    297293        default:
    298294            RELEASE_ASSERT_NOT_REACHED();
     
    311307        case ALL_CONTIGUOUS_INDEXING_TYPES:
    312308        case ALL_ARRAY_STORAGE_INDEXING_TYPES:
    313             return i < m_butterfly.get(this)->vectorLength();
     309            return i < m_butterfly->vectorLength();
    314310        default:
    315311            RELEASE_ASSERT_NOT_REACHED();
     
    320316    void setIndexQuickly(VM& vm, unsigned i, JSValue v)
    321317    {
    322         Butterfly* butterfly = m_butterfly.get(this);
    323318        switch (indexingType()) {
    324319        case ALL_INT32_INDEXING_TYPES: {
    325             ASSERT(i < butterfly->vectorLength());
     320            ASSERT(i < m_butterfly->vectorLength());
    326321            if (!v.isInt32()) {
    327322                convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(vm, i, v);
     
    331326        }
    332327        case ALL_CONTIGUOUS_INDEXING_TYPES: {
    333             ASSERT(i < butterfly->vectorLength());
    334             butterfly->contiguous()[i].set(vm, this, v);
    335             if (i >= butterfly->publicLength())
    336                 butterfly->setPublicLength(i + 1);
     328            ASSERT(i < m_butterfly->vectorLength());
     329            m_butterfly->contiguous()[i].set(vm, this, v);
     330            if (i >= m_butterfly->publicLength())
     331                m_butterfly->setPublicLength(i + 1);
    337332            break;
    338333        }
    339334        case ALL_DOUBLE_INDEXING_TYPES: {
    340             ASSERT(i < butterfly->vectorLength());
     335            ASSERT(i < m_butterfly->vectorLength());
    341336            if (!v.isNumber()) {
    342337                convertDoubleToContiguousWhilePerformingSetIndex(vm, i, v);
     
    348343                return;
    349344            }
    350             butterfly->contiguousDouble()[i] = value;
    351             if (i >= butterfly->publicLength())
    352                 butterfly->setPublicLength(i + 1);
     345            m_butterfly->contiguousDouble()[i] = value;
     346            if (i >= m_butterfly->publicLength())
     347                m_butterfly->setPublicLength(i + 1);
    353348            break;
    354349        }
    355350        case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
    356             ArrayStorage* storage = butterfly->arrayStorage();
     351            ArrayStorage* storage = m_butterfly->arrayStorage();
    357352            WriteBarrier<Unknown>& x = storage->m_vector[i];
    358353            JSValue old = x.get();
     
    377372    void initializeIndex(VM& vm, unsigned i, JSValue v, IndexingType indexingType)
    378373    {
    379         Butterfly* butterfly = m_butterfly.get(this);
    380374        switch (indexingType) {
    381375        case ALL_UNDECIDED_INDEXING_TYPES: {
     
    384378        }
    385379        case ALL_INT32_INDEXING_TYPES: {
    386             ASSERT(i < butterfly->publicLength());
    387             ASSERT(i < butterfly->vectorLength());
     380            ASSERT(i < m_butterfly->publicLength());
     381            ASSERT(i < m_butterfly->vectorLength());
    388382            if (!v.isInt32()) {
    389383                convertInt32ToDoubleOrContiguousWhilePerformingSetIndex(vm, i, v);
     
    393387        }
    394388        case ALL_CONTIGUOUS_INDEXING_TYPES: {
    395             ASSERT(i < butterfly->publicLength());
    396             ASSERT(i < butterfly->vectorLength());
    397             butterfly->contiguous()[i].set(vm, this, v);
     389            ASSERT(i < m_butterfly->publicLength());
     390            ASSERT(i < m_butterfly->vectorLength());
     391            m_butterfly->contiguous()[i].set(vm, this, v);
    398392            break;
    399393        }
    400394        case ALL_DOUBLE_INDEXING_TYPES: {
    401             ASSERT(i < butterfly->publicLength());
    402             ASSERT(i < butterfly->vectorLength());
     395            ASSERT(i < m_butterfly->publicLength());
     396            ASSERT(i < m_butterfly->vectorLength());
    403397            if (!v.isNumber()) {
    404398                convertDoubleToContiguousWhilePerformingSetIndex(vm, i, v);
     
    410404                return;
    411405            }
    412             butterfly->contiguousDouble()[i] = value;
     406            m_butterfly->contiguousDouble()[i] = value;
    413407            break;
    414408        }
    415409        case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
    416             ArrayStorage* storage = butterfly->arrayStorage();
     410            ArrayStorage* storage = m_butterfly->arrayStorage();
    417411            ASSERT(i < storage->length());
    418412            ASSERT(i < storage->m_numValuesInVector);
     
    435429            return false;
    436430        case ALL_ARRAY_STORAGE_INDEXING_TYPES:
    437             return !!m_butterfly.get(this)->arrayStorage()->m_sparseMap;
     431            return !!m_butterfly->arrayStorage()->m_sparseMap;
    438432        default:
    439433            RELEASE_ASSERT_NOT_REACHED();
     
    452446            return false;
    453447        case ALL_ARRAY_STORAGE_INDEXING_TYPES:
    454             return m_butterfly.get(this)->arrayStorage()->inSparseMode();
     448            return m_butterfly->arrayStorage()->inSparseMode();
    455449        default:
    456450            RELEASE_ASSERT_NOT_REACHED();
     
    557551    }
    558552       
    559     const Butterfly* butterfly() const { return m_butterfly.get(this); }
    560     Butterfly* butterfly() { return m_butterfly.get(this); }
    561        
    562     ConstPropertyStorage outOfLineStorage() const { return m_butterfly.get(this)->propertyStorage(); }
    563     PropertyStorage outOfLineStorage() { return m_butterfly.get(this)->propertyStorage(); }
     553    const Butterfly* butterfly() const { return m_butterfly.get(); }
     554    Butterfly* butterfly() { return m_butterfly.get(); }
     555       
     556    ConstPropertyStorage outOfLineStorage() const { return m_butterfly->propertyStorage(); }
     557    PropertyStorage outOfLineStorage() { return m_butterfly->propertyStorage(); }
    564558
    565559    const WriteBarrierBase<Unknown>* locationForOffset(PropertyOffset offset) const
     
    663657    {
    664658        if (LIKELY(hasInt32(indexingType())))
    665             return m_butterfly.get(this)->contiguousInt32();
     659            return m_butterfly->contiguousInt32();
    666660           
    667661        return ensureInt32Slow(vm);
     
    675669    {
    676670        if (LIKELY(hasDouble(indexingType())))
    677             return m_butterfly.get(this)->contiguousDouble();
     671            return m_butterfly->contiguousDouble();
    678672           
    679673        return ensureDoubleSlow(vm);
     
    685679    {
    686680        if (LIKELY(hasContiguous(indexingType())))
    687             return m_butterfly.get(this)->contiguous();
     681            return m_butterfly->contiguous();
    688682           
    689683        return ensureContiguousSlow(vm);
     
    697691    {
    698692        if (LIKELY(hasAnyArrayStorage(indexingType())))
    699             return m_butterfly.get(this)->arrayStorage();
     693            return m_butterfly->arrayStorage();
    700694
    701695        return ensureArrayStorageSlow(vm);
     
    743737    {
    744738        ASSERT(hasAnyArrayStorage(indexingType()));
    745         return m_butterfly.get(this)->arrayStorage();
     739        return m_butterfly->arrayStorage();
    746740    }
    747741       
     
    752746        switch (indexingType()) {
    753747        case ALL_ARRAY_STORAGE_INDEXING_TYPES:
    754             return m_butterfly.get(this)->arrayStorage();
     748            return m_butterfly->arrayStorage();
    755749               
    756750        default:
     
    816810        ASSERT(length < MAX_ARRAY_INDEX);
    817811        ASSERT(hasContiguous(indexingType()) || hasInt32(indexingType()) || hasDouble(indexingType()) || hasUndecided(indexingType()));
    818 
    819         if (m_butterfly.get(this)->vectorLength() < length)
     812           
     813        if (m_butterfly->vectorLength() < length)
    820814            ensureLengthSlow(vm, length);
    821815           
    822         if (m_butterfly.get(this)->publicLength() < length)
    823             m_butterfly.get(this)->setPublicLength(length);
     816        if (m_butterfly->publicLength() < length)
     817            m_butterfly->setPublicLength(length);
    824818    }
    825819       
     
    881875
    882876protected:
    883     CopyBarrier<Butterfly> m_butterfly;
     877    CopyWriteBarrier<Butterfly> m_butterfly;
    884878#if USE(JSVALUE32_64)
    885879private:
     
    13551349    ASSERT(!value.isGetterSetter() && !(attributes & Accessor));
    13561350    ASSERT(!value.isCustomGetterSetter());
    1357     Butterfly* newButterfly = m_butterfly.get(this);
     1351    Butterfly* newButterfly = m_butterfly.get();
    13581352    if (structure()->putWillGrowOutOfLineStorage())
    13591353        newButterfly = growOutOfLineStorage(vm, structure()->outOfLineCapacity(), structure()->suggestedNewOutOfLineStorageCapacity());
  • tags/Safari-602.1.7/Source/JavaScriptCore/runtime/JSSet.h

    r190896 r191150  
    113113    JSSet(VM& vm, Structure* structure)
    114114        : Base(vm, structure)
    115         , m_setData(vm, this)
     115        , m_setData(vm)
    116116    {
    117117    }
  • tags/Safari-602.1.7/Source/JavaScriptCore/runtime/MapData.h

    r190896 r191150  
    11/*
    2  * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
     2 * Copyright (C) 2013 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    2727#define MapData_h
    2828
    29 #include "CopyBarrier.h"
    3029#include "JSCell.h"
    3130#include "WeakGCMapInlines.h"
     
    9695    };
    9796
    98     MapDataImpl(VM&, JSCell* owner);
     97    MapDataImpl(VM&);
    9998
    10099    void set(ExecState*, JSCell* owner, KeyType, JSValue);
     
    138137    int32_t m_size;
    139138    int32_t m_deletedCount;
    140     JSCell* m_owner;
    141     CopyBarrier<Entry> m_entries;
     139    Entry* m_entries;
    142140    WeakGCMap<JSIterator*, JSIterator> m_iterators;
    143141};
    144142
    145143template<typename Entry, typename JSIterator>
    146 ALWAYS_INLINE MapDataImpl<Entry, JSIterator>::MapDataImpl(VM& vm, JSCell* owner)
     144ALWAYS_INLINE MapDataImpl<Entry, JSIterator>::MapDataImpl(VM& vm)
    147145    : m_capacity(0)
    148146    , m_size(0)
    149147    , m_deletedCount(0)
    150     , m_owner(owner)
     148    , m_entries(nullptr)
    151149    , m_iterators(vm)
    152150{
     
    185183    if (!ensureSlot())
    186184        return false;
    187     Entry* entry = &m_mapData->m_entries.get(m_mapData->m_owner)[m_index];
     185    Entry* entry = &m_mapData->m_entries[m_index];
    188186    pair = WTF::KeyValuePair<JSValue, JSValue>(entry->key().get(), entry->value().get());
    189187    m_index += 1;
     
    207205        return m_index;
    208206
    209     Entry* entries = m_mapData->m_entries.get(m_mapData->m_owner);
     207    Entry* entries = m_mapData->m_entries;
    210208    size_t end = m_mapData->m_size;
    211209    while (static_cast<size_t>(m_index) < end && !entries[m_index].key())
  • tags/Safari-602.1.7/Source/JavaScriptCore/runtime/MapDataInlines.h

    r190896 r191150  
    4848    m_size = 0;
    4949    m_deletedCount = 0;
    50     m_entries.clear();
     50    m_entries = nullptr;
    5151    m_iterators.forEach([](JSIterator* iterator, JSIterator*) {
    5252        iterator->iteratorData()->didRemoveAllEntries();
     
    6161        if (iter == m_stringKeyedTable.end())
    6262            return 0;
    63         return &m_entries.get(m_owner)[iter->value];
     63        return &m_entries[iter->value];
    6464    }
    6565    if (key.value.isSymbol()) {
     
    6767        if (iter == m_symbolKeyedTable.end())
    6868            return 0;
    69         return &m_entries.get(m_owner)[iter->value];
     69        return &m_entries[iter->value];
    7070    }
    7171    if (key.value.isCell()) {
     
    7373        if (iter == m_cellKeyedTable.end())
    7474            return 0;
    75         return &m_entries.get(m_owner)[iter->value];
     75        return &m_entries[iter->value];
    7676    }
    7777
     
    7979    if (iter == m_valueKeyedTable.end())
    8080        return 0;
    81     return &m_entries.get(m_owner)[iter->value];
     81    return &m_entries[iter->value];
    8282}
    8383
     
    9494    typename Map::iterator location = map.find(key);
    9595    if (location != map.end())
    96         return &m_entries.get(m_owner)[location->value];
     96        return &m_entries[location->value];
    9797
    9898    if (!ensureSpaceForAppend(exec, owner))
     
    101101    auto result = map.add(key, m_size);
    102102    RELEASE_ASSERT(result.isNewEntry);
    103     Entry* entry = &m_entries.get(m_owner)[m_size++];
     103    Entry* entry = &m_entries[m_size++];
    104104    new (entry) Entry();
    105105    entry->setKey(exec->vm(), owner, keyValue.value);
     
    165165        m_valueKeyedTable.remove(iter);
    166166    }
    167     m_entries.get(m_owner)[location].clear();
     167    m_entries[location].clear();
    168168    m_deletedCount++;
    169169    return true;
     
    177177    RELEASE_ASSERT(newCapacity > 0);
    178178    for (int32_t i = 0; i < m_size; i++) {
    179         Entry& entry = m_entries.getWithoutBarrier()[i];
     179        Entry& entry = m_entries[i];
    180180        if (!entry.key()) {
    181181            m_iterators.forEach([newEnd](JSIterator* iterator, JSIterator*) {
     
    196196    // Fixup for the hashmaps
    197197    for (auto ptr = m_valueKeyedTable.begin(); ptr != m_valueKeyedTable.end(); ++ptr)
    198         ptr->value = m_entries.getWithoutBarrier()[ptr->value].key().get().asInt32();
     198        ptr->value = m_entries[ptr->value].key().get().asInt32();
    199199    for (auto ptr = m_cellKeyedTable.begin(); ptr != m_cellKeyedTable.end(); ++ptr)
    200         ptr->value = m_entries.getWithoutBarrier()[ptr->value].key().get().asInt32();
     200        ptr->value = m_entries[ptr->value].key().get().asInt32();
    201201    for (auto ptr = m_stringKeyedTable.begin(); ptr != m_stringKeyedTable.end(); ++ptr)
    202         ptr->value = m_entries.getWithoutBarrier()[ptr->value].key().get().asInt32();
     202        ptr->value = m_entries[ptr->value].key().get().asInt32();
    203203    for (auto ptr = m_symbolKeyedTable.begin(); ptr != m_symbolKeyedTable.end(); ++ptr)
    204         ptr->value = m_entries.getWithoutBarrier()[ptr->value].key().get().asInt32();
     204        ptr->value = m_entries[ptr->value].key().get().asInt32();
    205205
    206206    ASSERT((m_size - newEnd) == m_deletedCount);
     
    209209    m_capacity = newCapacity;
    210210    m_size = newEnd;
    211     m_entries.setWithoutBarrier(destination);
     211    m_entries = destination;
    212212}
    213213
     
    218218    RELEASE_ASSERT(newCapacity > 0);
    219219    ASSERT(newCapacity >= m_capacity);
    220     memcpy(destination, m_entries.getWithoutBarrier(), sizeof(Entry) * m_size);
     220    memcpy(destination, m_entries, sizeof(Entry) * m_size);
    221221    m_capacity = newCapacity;
    222     m_entries.setWithoutBarrier(destination);
     222    m_entries = destination;
    223223}
    224224
     
    237237    }
    238238    Entry* newEntries = static_cast<Entry*>(newStorage);
    239     // Do a read barrier to ensure that m_entries points to to-space for the remainder of this GC epoch.
    240     m_entries.get(m_owner);
    241239    if (shouldPack())
    242240        replaceAndPackBackingStore(newEntries, requiredSize);
     
    250248inline void MapDataImpl<Entry, JSIterator>::visitChildren(JSCell* owner, SlotVisitor& visitor)
    251249{
    252     Entry* entries = m_entries.getWithoutBarrier();
     250    Entry* entries = m_entries;
    253251    if (!entries)
    254252        return;
     
    264262    }
    265263
    266     visitor.copyLater(owner, MapBackingStoreCopyToken, m_entries.getWithoutBarrier(), capacityInBytes());
     264    visitor.copyLater(owner, MapBackingStoreCopyToken, entries, capacityInBytes());
    267265}
    268266
     
    270268inline void MapDataImpl<Entry, JSIterator>::copyBackingStore(CopyVisitor& visitor, CopyToken token)
    271269{
    272     if (token == MapBackingStoreCopyToken && visitor.checkIfShouldCopy(m_entries.getWithoutBarrier())) {
    273         Entry* oldEntries = m_entries.getWithoutBarrier();
     270    if (token == MapBackingStoreCopyToken && visitor.checkIfShouldCopy(m_entries)) {
     271        Entry* oldEntries = m_entries;
    274272        Entry* newEntries = static_cast<Entry*>(visitor.allocateNewSpace(capacityInBytes()));
    275273        if (shouldPack())
  • tags/Safari-602.1.7/Source/JavaScriptCore/runtime/Options.h

    r190896 r191150  
    204204    v(bool, enableMovHintRemoval, true, nullptr) \
    205205    v(bool, enableObjectAllocationSinking, true, nullptr) \
    206     v(bool, enableCopyBarrierOptimization, true, nullptr) \
    207206    \
    208207    v(bool, enableConcurrentJIT, true, "allows the DFG / FTL compilation in threads other than the executing JS thread") \
Note: See TracChangeset for help on using the changeset viewer.