Changeset 243560 in webkit
- Timestamp:
- Mar 27, 2019 1:29:29 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 24 edited
- 2 moved
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r243529 r243560 1 2019-03-27 Yusuke Suzuki <ysuzuki@apple.com> 2 3 [JSC] Owner of watchpoints should validate at GC finalizing phase 4 https://bugs.webkit.org/show_bug.cgi?id=195827 5 6 Reviewed by Filip Pizlo. 7 8 * stress/gc-should-reap-dead-watchpoints.js: Added. 9 (foo): 10 (A.prototype.y): 11 (A): 12 1 13 2019-03-26 Dominik Infuehr <dinfuehr@igalia.com> 2 14 -
trunk/Source/JavaScriptCore/ChangeLog
r243530 r243560 1 2019-03-27 Yusuke Suzuki <ysuzuki@apple.com> 2 3 [JSC] Owner of watchpoints should validate at GC finalizing phase 4 https://bugs.webkit.org/show_bug.cgi?id=195827 5 6 Reviewed by Filip Pizlo. 7 8 This patch fixes JSC's watchpoint liveness issue by the following two policies. 9 10 1. Watchpoint should have owner cell, and "fire" operation should be gaurded with owner cell's isLive check. 11 12 Watchpoints should hold its owner cell, and fire procedure should be guarded by `owner->isLive()`. 13 When the owner cell is destroyed, these watchpoints are destroyed too. But this destruction can 14 be delayed due to incremental sweeper. So the following condition can happen. 15 16 When we have a watchpoint like the following. 17 18 class XXXWatchpoint { 19 ObjectPropertyCondition m_key; 20 JSCell* m_owner; 21 }; 22 23 Both m_key's cell and m_owner is now unreachable from the root. So eventually, m_owner cell's destructor 24 is called and this watchpoint will be destroyed. But before that, m_key's cell can be destroyed. And this 25 watchpoint's fire procedure can be called since m_owner's destructor is not called yet. In this situation, 26 we encounter the destroyed cell held in m_key. This problem can be avoided if we guard fire procedure with 27 `m_owner->isLive()`. Until the owner cell is destroyed, this guard avoids "fire" procedure execution. And 28 once the destructor of m_owner is called, this watchpoint will be destroyed too. 29 30 2. Watchpoint liveness should be maintained by owner cell's unconditional finalizer 31 32 Watchpoints often hold weak references to the other cell (like, m_key in the above example). If we do not 33 delete watchpoints with dead cells when these weak cells become dead, these watchpoints continue holding dead cells, 34 and watchpoint's fire operation can use these dead cells accidentally. isLive / isStillLive check for these weak cells 35 in fire operation is not useful. Because these dead cells can be reused to the other live cells eventually, and this 36 isLive / isStillLive checks fail to see these cells are live if they are reused. Appropriate way is deleting watchpoints 37 with dead cells when finalizing GC. In this patch, we do this in unconditional finalizers in owner cells of watchpoints. 38 We already did this in CodeBlock etc. We add the same thing to StructureRareData which owns watchpoints for toString operations. 39 40 * JavaScriptCore.xcodeproj/project.pbxproj: 41 * Sources.txt: 42 * bytecode/AdaptiveInferredPropertyValueWatchpointBase.h: 43 (JSC::AdaptiveInferredPropertyValueWatchpointBase::StructureWatchpoint::StructureWatchpoint): Deleted. 44 (JSC::AdaptiveInferredPropertyValueWatchpointBase::PropertyWatchpoint::PropertyWatchpoint): Deleted. 45 * bytecode/CodeBlockJettisoningWatchpoint.h: 46 (JSC::CodeBlockJettisoningWatchpoint::CodeBlockJettisoningWatchpoint): Deleted. 47 * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp: 48 (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint): 49 (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal): 50 * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h: 51 (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::key const): Deleted. 52 * bytecode/StructureStubClearingWatchpoint.cpp: 53 (JSC::StructureStubClearingWatchpoint::fireInternal): 54 (JSC::WatchpointsOnStructureStubInfo::isValid const): 55 * bytecode/StructureStubClearingWatchpoint.h: 56 (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint): Deleted. 57 * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: 58 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::isValid const): 59 * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: 60 * dfg/DFGAdaptiveStructureWatchpoint.cpp: 61 (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal): 62 * dfg/DFGAdaptiveStructureWatchpoint.h: 63 (JSC::DFG::AdaptiveStructureWatchpoint::key const): Deleted. 64 * dfg/DFGDesiredWatchpoints.cpp: 65 (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add): 66 * heap/Heap.cpp: 67 (JSC::Heap::finalizeUnconditionalFinalizers): 68 * llint/LLIntSlowPaths.cpp: 69 (JSC::LLInt::setupGetByIdPrototypeCache): 70 * runtime/ArrayBuffer.cpp: 71 (JSC::ArrayBuffer::notifyIncommingReferencesOfTransfer): 72 * runtime/ArrayBufferNeuteringWatchpointSet.cpp: Renamed from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpoint.cpp. 73 (JSC::ArrayBufferNeuteringWatchpointSet::ArrayBufferNeuteringWatchpointSet): 74 (JSC::ArrayBufferNeuteringWatchpointSet::destroy): 75 (JSC::ArrayBufferNeuteringWatchpointSet::create): 76 (JSC::ArrayBufferNeuteringWatchpointSet::createStructure): 77 (JSC::ArrayBufferNeuteringWatchpointSet::fireAll): 78 * runtime/ArrayBufferNeuteringWatchpointSet.h: Renamed from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpoint.h. 79 * runtime/FunctionRareData.h: 80 * runtime/JSGlobalObject.cpp: 81 (JSC::JSGlobalObject::init): 82 (JSC::JSGlobalObject::tryInstallArraySpeciesWatchpoint): 83 * runtime/ObjectPropertyChangeAdaptiveWatchpoint.h: 84 (JSC::ObjectPropertyChangeAdaptiveWatchpoint::ObjectPropertyChangeAdaptiveWatchpoint): Deleted. 85 * runtime/StructureRareData.cpp: 86 (JSC::StructureRareData::finalizeUnconditionally): 87 * runtime/StructureRareData.h: 88 * runtime/VM.cpp: 89 (JSC::VM::VM): 90 1 91 2019-03-26 Saam Barati <sbarati@apple.com> 2 92 -
trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
r243365 r243560 745 745 0FFC92161B94FB3E0071DD66 /* DFGPropertyTypeKey.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FFC92151B94FB3E0071DD66 /* DFGPropertyTypeKey.h */; }; 746 746 0FFC99D1184EC8AD009C10AB /* ConstantMode.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FFC99D0184EC8AD009C10AB /* ConstantMode.h */; settings = {ATTRIBUTES = (Private, ); }; }; 747 0FFC99D5184EE318009C10AB /* ArrayBufferNeuteringWatchpoint .h in Headers */ = {isa = PBXBuildFile; fileRef = 0FFC99D3184EE318009C10AB /* ArrayBufferNeuteringWatchpoint.h */; settings = {ATTRIBUTES = (Private, ); }; };747 0FFC99D5184EE318009C10AB /* ArrayBufferNeuteringWatchpointSet.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FFC99D3184EE318009C10AB /* ArrayBufferNeuteringWatchpointSet.h */; settings = {ATTRIBUTES = (Private, ); }; }; 748 748 0FFFC95814EF90A200C72532 /* DFGCFAPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FFFC94C14EF909500C72532 /* DFGCFAPhase.h */; }; 749 749 0FFFC95A14EF90A900C72532 /* DFGCSEPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FFFC94E14EF909500C72532 /* DFGCSEPhase.h */; }; … … 3114 3114 0FFC92151B94FB3E0071DD66 /* DFGPropertyTypeKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGPropertyTypeKey.h; path = dfg/DFGPropertyTypeKey.h; sourceTree = "<group>"; }; 3115 3115 0FFC99D0184EC8AD009C10AB /* ConstantMode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ConstantMode.h; sourceTree = "<group>"; }; 3116 0FFC99D2184EE318009C10AB /* ArrayBufferNeuteringWatchpoint .cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ArrayBufferNeuteringWatchpoint.cpp; sourceTree = "<group>"; };3117 0FFC99D3184EE318009C10AB /* ArrayBufferNeuteringWatchpoint .h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArrayBufferNeuteringWatchpoint.h; sourceTree = "<group>"; };3116 0FFC99D2184EE318009C10AB /* ArrayBufferNeuteringWatchpointSet.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ArrayBufferNeuteringWatchpointSet.cpp; sourceTree = "<group>"; }; 3117 0FFC99D3184EE318009C10AB /* ArrayBufferNeuteringWatchpointSet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArrayBufferNeuteringWatchpointSet.h; sourceTree = "<group>"; }; 3118 3118 0FFFC94B14EF909500C72532 /* DFGCFAPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGCFAPhase.cpp; path = dfg/DFGCFAPhase.cpp; sourceTree = "<group>"; }; 3119 3119 0FFFC94C14EF909500C72532 /* DFGCFAPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCFAPhase.h; path = dfg/DFGCFAPhase.h; sourceTree = "<group>"; }; … … 6633 6633 A7A8AF2517ADB5F2005AB174 /* ArrayBuffer.cpp */, 6634 6634 A7A8AF2617ADB5F3005AB174 /* ArrayBuffer.h */, 6635 0FFC99D2184EE318009C10AB /* ArrayBufferNeuteringWatchpoint .cpp */,6636 0FFC99D3184EE318009C10AB /* ArrayBufferNeuteringWatchpoint .h */,6635 0FFC99D2184EE318009C10AB /* ArrayBufferNeuteringWatchpointSet.cpp */, 6636 0FFC99D3184EE318009C10AB /* ArrayBufferNeuteringWatchpointSet.h */, 6637 6637 0F30FB601DC2DE96003124F2 /* ArrayBufferSharingMode.h */, 6638 6638 A7A8AF2717ADB5F3005AB174 /* ArrayBufferView.cpp */, … … 8513 8513 0F8335B81639C1EA001443B5 /* ArrayAllocationProfile.h in Headers */, 8514 8514 A7A8AF3517ADB5F3005AB174 /* ArrayBuffer.h in Headers */, 8515 0FFC99D5184EE318009C10AB /* ArrayBufferNeuteringWatchpoint .h in Headers */,8515 0FFC99D5184EE318009C10AB /* ArrayBufferNeuteringWatchpointSet.h in Headers */, 8516 8516 0F30FB611DC2DE99003124F2 /* ArrayBufferSharingMode.h in Headers */, 8517 8517 A7A8AF3717ADB5F3005AB174 /* ArrayBufferView.h in Headers */, -
trunk/Source/JavaScriptCore/Sources.txt
r243365 r243560 693 693 runtime/ArgList.cpp 694 694 runtime/ArrayBuffer.cpp 695 runtime/ArrayBufferNeuteringWatchpoint .cpp695 runtime/ArrayBufferNeuteringWatchpointSet.cpp 696 696 runtime/ArrayBufferView.cpp 697 697 runtime/ArrayConstructor.cpp -
trunk/Source/JavaScriptCore/bytecode/AdaptiveInferredPropertyValueWatchpointBase.h
r233245 r243560 51 51 52 52 private: 53 class StructureWatchpoint : public Watchpoint {53 class StructureWatchpoint final : public Watchpoint { 54 54 public: 55 55 StructureWatchpoint() { } … … 57 57 void fireInternal(VM&, const FireDetail&) override; 58 58 }; 59 class PropertyWatchpoint : public Watchpoint {59 class PropertyWatchpoint final : public Watchpoint { 60 60 public: 61 61 PropertyWatchpoint() { } -
trunk/Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.h
r233245 r243560 32 32 class CodeBlock; 33 33 34 class CodeBlockJettisoningWatchpoint : public Watchpoint {34 class CodeBlockJettisoningWatchpoint final : public Watchpoint { 35 35 public: 36 36 CodeBlockJettisoningWatchpoint(CodeBlock* codeBlock) -
trunk/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp
r243420 r243560 33 33 namespace JSC { 34 34 35 LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint(const ObjectPropertyCondition& key, OpGetById::Metadata& getByIdMetadata) 36 : m_key(key) 35 LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint(CodeBlock* owner, const ObjectPropertyCondition& key, OpGetById::Metadata& getByIdMetadata) 36 : m_owner(owner) 37 , m_key(key) 37 38 , m_getByIdMetadata(getByIdMetadata) 38 39 { … … 50 51 void LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal(VM& vm, const FireDetail&) 51 52 { 53 if (!m_owner->isLive()) 54 return; 55 52 56 if (m_key.isWatchable(PropertyCondition::EnsureWatchability)) { 53 57 install(vm); -
trunk/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h
r240703 r243560 32 32 namespace JSC { 33 33 34 class LLIntPrototypeLoadAdaptiveStructureWatchpoint : public Watchpoint {34 class LLIntPrototypeLoadAdaptiveStructureWatchpoint final : public Watchpoint { 35 35 public: 36 LLIntPrototypeLoadAdaptiveStructureWatchpoint( const ObjectPropertyCondition&, OpGetById::Metadata&);36 LLIntPrototypeLoadAdaptiveStructureWatchpoint(CodeBlock*, const ObjectPropertyCondition&, OpGetById::Metadata&); 37 37 38 38 void install(VM&); … … 46 46 47 47 private: 48 CodeBlock* m_owner; 48 49 ObjectPropertyCondition m_key; 49 50 OpGetById::Metadata& m_getByIdMetadata; -
trunk/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp
r243420 r243560 37 37 void StructureStubClearingWatchpoint::fireInternal(VM& vm, const FireDetail&) 38 38 { 39 if (!m_holder.isValid()) 40 return; 41 39 42 if (!m_key || !m_key.isWatchable(PropertyCondition::EnsureWatchability)) { 40 43 // This will implicitly cause my own demise: stub reset removes all watchpoints. … … 53 56 54 57 m_key.object()->structure(vm)->addTransitionWatchpoint(this); 58 } 59 60 inline bool WatchpointsOnStructureStubInfo::isValid() const 61 { 62 return m_codeBlock->isLive(); 55 63 } 56 64 -
trunk/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.h
r235776 r243560 41 41 class WatchpointsOnStructureStubInfo; 42 42 43 class StructureStubClearingWatchpoint : public Watchpoint {43 class StructureStubClearingWatchpoint final : public Watchpoint { 44 44 WTF_MAKE_NONCOPYABLE(StructureStubClearingWatchpoint); 45 45 WTF_MAKE_FAST_ALLOCATED; … … 79 79 CodeBlock* codeBlock() const { return m_codeBlock; } 80 80 StructureStubInfo* stubInfo() const { return m_stubInfo; } 81 82 bool isValid() const; 81 83 82 84 private: -
trunk/Source/JavaScriptCore/dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp
r233245 r243560 52 52 } 53 53 54 bool AdaptiveInferredPropertyValueWatchpoint::isValid() const 55 { 56 return m_codeBlock->isLive(); 57 } 58 54 59 } } // namespace JSC::DFG 55 60 -
trunk/Source/JavaScriptCore/dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h
r233245 r243560 32 32 namespace JSC { namespace DFG { 33 33 34 class AdaptiveInferredPropertyValueWatchpoint : public AdaptiveInferredPropertyValueWatchpointBase {34 class AdaptiveInferredPropertyValueWatchpoint final : public AdaptiveInferredPropertyValueWatchpointBase { 35 35 public: 36 36 typedef AdaptiveInferredPropertyValueWatchpointBase Base; … … 38 38 39 39 private: 40 bool isValid() const override; 41 40 42 void handleFire(VM&, const FireDetail&) override; 41 43 -
trunk/Source/JavaScriptCore/dfg/DFGAdaptiveStructureWatchpoint.cpp
r243420 r243560 53 53 void AdaptiveStructureWatchpoint::fireInternal(VM& vm, const FireDetail& detail) 54 54 { 55 if (!m_codeBlock->isLive()) 56 return; 57 55 58 if (m_key.isWatchable(PropertyCondition::EnsureWatchability)) { 56 59 install(vm); -
trunk/Source/JavaScriptCore/dfg/DFGAdaptiveStructureWatchpoint.h
r233245 r243560 33 33 namespace JSC { namespace DFG { 34 34 35 class AdaptiveStructureWatchpoint : public Watchpoint {35 class AdaptiveStructureWatchpoint final : public Watchpoint { 36 36 public: 37 37 AdaptiveStructureWatchpoint(const ObjectPropertyCondition&, CodeBlock*); -
trunk/Source/JavaScriptCore/dfg/DFGDesiredWatchpoints.cpp
r240023 r243560 29 29 #if ENABLE(DFG_JIT) 30 30 31 #include "ArrayBufferNeuteringWatchpoint .h"31 #include "ArrayBufferNeuteringWatchpointSet.h" 32 32 #include "CodeBlock.h" 33 33 #include "JSCInlines.h" … … 40 40 VM& vm = *codeBlock->vm(); 41 41 Watchpoint* watchpoint = common.watchpoints.add(codeBlock); 42 ArrayBufferNeuteringWatchpoint * neuteringWatchpoint =43 ArrayBufferNeuteringWatchpoint ::create(vm);42 ArrayBufferNeuteringWatchpointSet* neuteringWatchpoint = 43 ArrayBufferNeuteringWatchpointSet::create(vm); 44 44 neuteringWatchpoint->set().add(watchpoint); 45 45 codeBlock->addConstant(neuteringWatchpoint); -
trunk/Source/JavaScriptCore/heap/Heap.cpp
r243467 r243560 596 596 }); 597 597 finalizeMarkedUnconditionalFinalizers<ExecutableToCodeBlockEdge>(vm()->executableToCodeBlockEdgesWithFinalizers); 598 finalizeMarkedUnconditionalFinalizers<StructureRareData>(vm()->structureRareDataSpace); 598 599 if (vm()->m_weakSetSpace) 599 600 finalizeMarkedUnconditionalFinalizers<JSWeakSet>(*vm()->m_weakSetSpace); -
trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
r242596 r243560 728 728 if (condition.condition().kind() == PropertyCondition::Presence) 729 729 offset = condition.condition().offset(); 730 watchpoints.add(co ndition, metadata)->install(vm);730 watchpoints.add(codeBlock, condition, metadata)->install(vm); 731 731 } 732 732 -
trunk/Source/JavaScriptCore/runtime/ArrayBuffer.cpp
r239535 r243560 27 27 #include "ArrayBuffer.h" 28 28 29 #include "ArrayBufferNeuteringWatchpoint .h"29 #include "ArrayBufferNeuteringWatchpointSet.h" 30 30 #include "JSArrayBufferView.h" 31 31 #include "JSCInlines.h" … … 383 383 if (JSArrayBufferView* view = jsDynamicCast<JSArrayBufferView*>(vm, cell)) 384 384 view->neuter(); 385 else if (ArrayBufferNeuteringWatchpoint * watchpoint = jsDynamicCast<ArrayBufferNeuteringWatchpoint*>(vm, cell))385 else if (ArrayBufferNeuteringWatchpointSet* watchpoint = jsDynamicCast<ArrayBufferNeuteringWatchpointSet*>(vm, cell)) 386 386 watchpoint->fireAll(); 387 387 } -
trunk/Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.cpp
r243558 r243560 25 25 26 26 #include "config.h" 27 #include "ArrayBufferNeuteringWatchpoint .h"27 #include "ArrayBufferNeuteringWatchpointSet.h" 28 28 29 29 #include "JSCInlines.h" … … 31 31 namespace JSC { 32 32 33 const ClassInfo ArrayBufferNeuteringWatchpoint ::s_info = {34 "ArrayBufferNeuteringWatchpoint ", nullptr, nullptr, nullptr,35 CREATE_METHOD_TABLE(ArrayBufferNeuteringWatchpoint )33 const ClassInfo ArrayBufferNeuteringWatchpointSet::s_info = { 34 "ArrayBufferNeuteringWatchpointSet", nullptr, nullptr, nullptr, 35 CREATE_METHOD_TABLE(ArrayBufferNeuteringWatchpointSet) 36 36 }; 37 37 38 ArrayBufferNeuteringWatchpoint ::ArrayBufferNeuteringWatchpoint(VM& vm)38 ArrayBufferNeuteringWatchpointSet::ArrayBufferNeuteringWatchpointSet(VM& vm) 39 39 : Base(vm, vm.arrayBufferNeuteringWatchpointStructure.get()) 40 40 , m_set(adoptRef(*new WatchpointSet(IsWatched))) … … 42 42 } 43 43 44 void ArrayBufferNeuteringWatchpoint ::destroy(JSCell* cell)44 void ArrayBufferNeuteringWatchpointSet::destroy(JSCell* cell) 45 45 { 46 static_cast<ArrayBufferNeuteringWatchpoint *>(cell)->ArrayBufferNeuteringWatchpoint::~ArrayBufferNeuteringWatchpoint();46 static_cast<ArrayBufferNeuteringWatchpointSet*>(cell)->ArrayBufferNeuteringWatchpointSet::~ArrayBufferNeuteringWatchpointSet(); 47 47 } 48 48 49 ArrayBufferNeuteringWatchpoint * ArrayBufferNeuteringWatchpoint::create(VM& vm)49 ArrayBufferNeuteringWatchpointSet* ArrayBufferNeuteringWatchpointSet::create(VM& vm) 50 50 { 51 ArrayBufferNeuteringWatchpoint * result = new52 (NotNull, allocateCell<ArrayBufferNeuteringWatchpoint >(vm.heap))53 ArrayBufferNeuteringWatchpoint (vm);51 ArrayBufferNeuteringWatchpointSet* result = new 52 (NotNull, allocateCell<ArrayBufferNeuteringWatchpointSet>(vm.heap)) 53 ArrayBufferNeuteringWatchpointSet(vm); 54 54 result->finishCreation(vm); 55 55 return result; 56 56 } 57 57 58 Structure* ArrayBufferNeuteringWatchpoint ::createStructure(VM& vm)58 Structure* ArrayBufferNeuteringWatchpointSet::createStructure(VM& vm) 59 59 { 60 60 return Structure::create(vm, 0, jsNull(), TypeInfo(CellType, StructureFlags), info()); 61 61 } 62 62 63 void ArrayBufferNeuteringWatchpoint ::fireAll()63 void ArrayBufferNeuteringWatchpointSet::fireAll() 64 64 { 65 65 m_set->fireAll(*vm(), "Array buffer was neutered"); -
trunk/Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.h
r243558 r243560 31 31 namespace JSC { 32 32 33 class ArrayBufferNeuteringWatchpoint final : public JSCell {33 class ArrayBufferNeuteringWatchpointSet final : public JSCell { 34 34 public: 35 35 typedef JSCell Base; … … 38 38 DECLARE_INFO; 39 39 40 static ArrayBufferNeuteringWatchpoint * create(VM&);40 static ArrayBufferNeuteringWatchpointSet* create(VM&); 41 41 42 42 static const bool needsDestruction = true; … … 50 50 51 51 private: 52 explicit ArrayBufferNeuteringWatchpoint (VM&);52 explicit ArrayBufferNeuteringWatchpointSet(VM&); 53 53 54 54 Ref<WatchpointSet> m_set; -
trunk/Source/JavaScriptCore/runtime/FunctionRareData.h
r239191 r243560 117 117 private: 118 118 119 class AllocationProfileClearingWatchpoint : public Watchpoint {119 class AllocationProfileClearingWatchpoint final : public Watchpoint { 120 120 public: 121 121 AllocationProfileClearingWatchpoint(FunctionRareData* rareData) -
trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
r243312 r243560 1104 1104 { 1105 1105 ObjectPropertyCondition condition = setupAdaptiveWatchpoint(arrayIteratorPrototype, m_vm.propertyNames->next); 1106 m_arrayIteratorPrototypeNext = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>( condition, m_arrayIteratorProtocolWatchpoint);1106 m_arrayIteratorPrototypeNext = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(this, condition, m_arrayIteratorProtocolWatchpoint); 1107 1107 m_arrayIteratorPrototypeNext->install(vm); 1108 1108 } 1109 1109 { 1110 1110 ObjectPropertyCondition condition = setupAdaptiveWatchpoint(this->arrayPrototype(), m_vm.propertyNames->iteratorSymbol); 1111 m_arrayPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>( condition, m_arrayIteratorProtocolWatchpoint);1111 m_arrayPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(this, condition, m_arrayIteratorProtocolWatchpoint); 1112 1112 m_arrayPrototypeSymbolIteratorWatchpoint->install(vm); 1113 1113 } … … 1115 1115 { 1116 1116 ObjectPropertyCondition condition = setupAdaptiveWatchpoint(mapIteratorPrototype, m_vm.propertyNames->next); 1117 m_mapIteratorPrototypeNextWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>( condition, m_mapIteratorProtocolWatchpoint);1117 m_mapIteratorPrototypeNextWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(this, condition, m_mapIteratorProtocolWatchpoint); 1118 1118 m_mapIteratorPrototypeNextWatchpoint->install(vm); 1119 1119 } 1120 1120 { 1121 1121 ObjectPropertyCondition condition = setupAdaptiveWatchpoint(m_mapPrototype.get(), m_vm.propertyNames->iteratorSymbol); 1122 m_mapPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>( condition, m_mapIteratorProtocolWatchpoint);1122 m_mapPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(this, condition, m_mapIteratorProtocolWatchpoint); 1123 1123 m_mapPrototypeSymbolIteratorWatchpoint->install(vm); 1124 1124 } … … 1126 1126 { 1127 1127 ObjectPropertyCondition condition = setupAdaptiveWatchpoint(setIteratorPrototype, m_vm.propertyNames->next); 1128 m_setIteratorPrototypeNextWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>( condition, m_setIteratorProtocolWatchpoint);1128 m_setIteratorPrototypeNextWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(this, condition, m_setIteratorProtocolWatchpoint); 1129 1129 m_setIteratorPrototypeNextWatchpoint->install(vm); 1130 1130 } 1131 1131 { 1132 1132 ObjectPropertyCondition condition = setupAdaptiveWatchpoint(m_setPrototype.get(), m_vm.propertyNames->iteratorSymbol); 1133 m_setPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>( condition, m_setIteratorProtocolWatchpoint);1133 m_setPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(this, condition, m_setIteratorProtocolWatchpoint); 1134 1134 m_setPrototypeSymbolIteratorWatchpoint->install(vm); 1135 1135 } … … 1137 1137 { 1138 1138 ObjectPropertyCondition condition = setupAdaptiveWatchpoint(m_stringIteratorPrototype.get(), m_vm.propertyNames->next); 1139 m_stringIteratorPrototypeNextWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>( condition, m_stringIteratorProtocolWatchpoint);1139 m_stringIteratorPrototypeNextWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(this, condition, m_stringIteratorProtocolWatchpoint); 1140 1140 m_stringIteratorPrototypeNextWatchpoint->install(vm); 1141 1141 } 1142 1142 { 1143 1143 ObjectPropertyCondition condition = setupAdaptiveWatchpoint(m_stringPrototype.get(), m_vm.propertyNames->iteratorSymbol); 1144 m_stringPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>( condition, m_stringIteratorProtocolWatchpoint);1144 m_stringPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(this, condition, m_stringIteratorProtocolWatchpoint); 1145 1145 m_stringPrototypeSymbolIteratorWatchpoint->install(vm); 1146 1146 } … … 1148 1148 { 1149 1149 ObjectPropertyCondition condition = setupAdaptiveWatchpoint(m_mapPrototype.get(), m_vm.propertyNames->set); 1150 m_mapPrototypeSetWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>( condition, m_mapSetWatchpoint);1150 m_mapPrototypeSetWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(this, condition, m_mapSetWatchpoint); 1151 1151 m_mapPrototypeSetWatchpoint->install(vm); 1152 1152 } … … 1154 1154 { 1155 1155 ObjectPropertyCondition condition = setupAdaptiveWatchpoint(m_setPrototype.get(), m_vm.propertyNames->add); 1156 m_setPrototypeAddWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>( condition, m_setAddWatchpoint);1156 m_setPrototypeAddWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(this, condition, m_setAddWatchpoint); 1157 1157 m_setPrototypeAddWatchpoint->install(vm); 1158 1158 } … … 1165 1165 1166 1166 ObjectPropertyCondition condition = setupAdaptiveWatchpoint(numberPrototype, m_vm.propertyNames->toString); 1167 m_numberPrototypeToStringWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>( condition, m_numberToStringWatchpoint);1167 m_numberPrototypeToStringWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(this, condition, m_numberToStringWatchpoint); 1168 1168 m_numberPrototypeToStringWatchpoint->install(vm); 1169 1169 m_numberProtoToStringFunction.set(vm, this, jsCast<JSFunction*>(numberPrototype->getDirect(vm, vm.propertyNames->toString))); … … 1893 1893 m_arraySpeciesWatchpoint.touch(vm, "Set up array species watchpoint."); 1894 1894 1895 m_arrayPrototypeConstructorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>( constructorCondition, m_arraySpeciesWatchpoint);1895 m_arrayPrototypeConstructorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(this, constructorCondition, m_arraySpeciesWatchpoint); 1896 1896 m_arrayPrototypeConstructorWatchpoint->install(vm); 1897 1897 1898 m_arrayConstructorSpeciesWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>( speciesCondition, m_arraySpeciesWatchpoint);1898 m_arrayConstructorSpeciesWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(this, speciesCondition, m_arraySpeciesWatchpoint); 1899 1899 m_arrayConstructorSpeciesWatchpoint->install(vm); 1900 1900 } -
trunk/Source/JavaScriptCore/runtime/ObjectPropertyChangeAdaptiveWatchpoint.h
r233245 r243560 31 31 32 32 template<typename Watchpoint> 33 class ObjectPropertyChangeAdaptiveWatchpoint : public AdaptiveInferredPropertyValueWatchpointBase {33 class ObjectPropertyChangeAdaptiveWatchpoint final : public AdaptiveInferredPropertyValueWatchpointBase { 34 34 public: 35 35 using Base = AdaptiveInferredPropertyValueWatchpointBase; 36 ObjectPropertyChangeAdaptiveWatchpoint( const ObjectPropertyCondition& condition, Watchpoint& watchpoint)36 ObjectPropertyChangeAdaptiveWatchpoint(JSCell* owner, const ObjectPropertyCondition& condition, Watchpoint& watchpoint) 37 37 : Base(condition) 38 , m_owner(owner) 38 39 , m_watchpoint(watchpoint) 39 40 { … … 42 43 43 44 private: 45 bool isValid() const override 46 { 47 return m_owner->isLive(); 48 } 49 44 50 void handleFire(VM& vm, const FireDetail&) override 45 51 { … … 47 53 } 48 54 55 JSCell* m_owner; 49 56 Watchpoint& m_watchpoint; 50 57 }; -
trunk/Source/JavaScriptCore/runtime/StructureRareData.cpp
r243420 r243560 79 79 // ----------- Object.prototype.toString() helper watchpoint classes ----------- 80 80 81 class ObjectToStringAdaptiveInferredPropertyValueWatchpoint : public AdaptiveInferredPropertyValueWatchpointBase {81 class ObjectToStringAdaptiveInferredPropertyValueWatchpoint final : public AdaptiveInferredPropertyValueWatchpointBase { 82 82 public: 83 83 typedef AdaptiveInferredPropertyValueWatchpointBase Base; … … 91 91 }; 92 92 93 class ObjectToStringAdaptiveStructureWatchpoint : public Watchpoint {93 class ObjectToStringAdaptiveStructureWatchpoint final : public Watchpoint { 94 94 public: 95 95 ObjectToStringAdaptiveStructureWatchpoint(const ObjectPropertyCondition&, StructureRareData*); 96 96 97 97 void install(VM&); 98 99 const ObjectPropertyCondition& key() const { return m_key; } 98 100 99 101 protected: … … 170 172 } 171 173 174 void StructureRareData::finalizeUnconditionally(VM& vm) 175 { 176 if (m_objectToStringAdaptiveInferredValueWatchpoint) { 177 if (!m_objectToStringAdaptiveInferredValueWatchpoint->key().isStillLive(vm)) { 178 clearObjectToStringValue(); 179 return; 180 } 181 } 182 for (auto* watchpoint : m_objectToStringAdaptiveWatchpointSet) { 183 if (!watchpoint->key().isStillLive(vm)) { 184 clearObjectToStringValue(); 185 return; 186 } 187 } 188 } 189 172 190 // ------------- Methods for Object.prototype.toString() helper watchpoint classes -------------- 173 191 -
trunk/Source/JavaScriptCore/runtime/StructureRareData.h
r240965 r243560 91 91 DECLARE_EXPORT_INFO; 92 92 93 void finalizeUnconditionally(VM&); 94 93 95 private: 94 96 friend class Structure; -
trunk/Source/JavaScriptCore/runtime/VM.cpp
r243312 r243560 31 31 32 32 #include "ArgList.h" 33 #include "ArrayBufferNeuteringWatchpoint .h"33 #include "ArrayBufferNeuteringWatchpointSet.h" 34 34 #include "BuiltinExecutables.h" 35 35 #include "BytecodeIntrinsicRegistry.h" … … 382 382 sparseArrayValueMapStructure.set(*this, SparseArrayValueMap::createStructure(*this, 0, jsNull())); 383 383 templateObjectDescriptorStructure.set(*this, JSTemplateObjectDescriptor::createStructure(*this, 0, jsNull())); 384 arrayBufferNeuteringWatchpointStructure.set(*this, ArrayBufferNeuteringWatchpoint ::createStructure(*this));384 arrayBufferNeuteringWatchpointStructure.set(*this, ArrayBufferNeuteringWatchpointSet::createStructure(*this)); 385 385 unlinkedFunctionExecutableStructure.set(*this, UnlinkedFunctionExecutable::createStructure(*this, 0, jsNull())); 386 386 unlinkedProgramCodeBlockStructure.set(*this, UnlinkedProgramCodeBlock::createStructure(*this, 0, jsNull()));
Note: See TracChangeset
for help on using the changeset viewer.