Changeset 259645 in webkit
- Timestamp:
- Apr 7, 2020 10:39:24 AM (4 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 15 edited
-
ChangeLog (modified) (1 diff)
-
dfg/DFGSpeculativeJIT.cpp (modified) (1 diff)
-
dfg/DFGSpeculativeJIT.h (modified) (1 diff)
-
ftl/FTLAbstractHeapRepository.cpp (modified) (1 diff)
-
ftl/FTLAbstractHeapRepository.h (modified) (3 diffs)
-
ftl/FTLLowerDFGToB3.cpp (modified) (3 diffs)
-
jit/AssemblyHelpers.h (modified) (1 diff)
-
runtime/BigIntObject.h (modified) (1 diff)
-
runtime/BooleanObject.h (modified) (1 diff)
-
runtime/JSDestructibleObject.h (modified) (1 diff)
-
runtime/JSWrapperObject.cpp (modified) (2 diffs)
-
runtime/JSWrapperObject.h (modified) (6 diffs)
-
runtime/NumberObject.h (modified) (1 diff)
-
runtime/StringObject.h (modified) (1 diff)
-
runtime/SymbolObject.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r259638 r259645 1 2020-04-07 Yusuke Suzuki <ysuzuki@apple.com> 2 3 [JSC] JSWrapperObject should use JSInternalFieldObjectImpl 4 https://bugs.webkit.org/show_bug.cgi?id=210019 5 6 Reviewed by Mark Lam. 7 8 JSWrapperObject's mechanism can be basically implemented by using JSInternalFieldObjectImpl. 9 We should leverage JSInternalFieldObjectImpl to implement JSWrapperObject since it can pave 10 the way to implementing Object-Allocation-Sinking and faster access to value etc. in DFG without 11 duplicating code. 12 13 We also noticed that we are storing classInfo to JSWrapperObject when allocating StringObject in 14 DFG and FTL while JSWrapperObject is no longer inheriting JSDestructibleObject! But it turned out 15 that this is safe since the subsequent JSWrapperObject::internalValue setting can overwrite it. 16 We remove this wrong store. 17 18 * dfg/DFGSpeculativeJIT.cpp: 19 (JSC::DFG::SpeculativeJIT::compileNewStringObject): 20 * dfg/DFGSpeculativeJIT.h: 21 (JSC::DFG::SpeculativeJIT::emitAllocateDestructibleObject): Deleted. 22 * ftl/FTLAbstractHeapRepository.cpp: 23 (JSC::FTL::AbstractHeapRepository::AbstractHeapRepository): 24 * ftl/FTLAbstractHeapRepository.h: 25 * ftl/FTLLowerDFGToB3.cpp: 26 (JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject): 27 (JSC::FTL::DFG::LowerDFGToB3::compileToStringOrCallStringConstructorOrStringValueOf): 28 * jit/AssemblyHelpers.h: 29 (JSC::AssemblyHelpers::emitAllocateDestructibleObject): Deleted. 30 * runtime/BigIntObject.h: 31 * runtime/BooleanObject.h: 32 * runtime/JSDestructibleObject.h: 33 (JSC::JSDestructibleObject::classInfo const): 34 (JSC::JSDestructibleObject::classInfoOffset): Deleted. 35 * runtime/JSWrapperObject.cpp: 36 (JSC::JSWrapperObject::visitChildren): 37 * runtime/JSWrapperObject.h: 38 (JSC::JSWrapperObject::internalValueOffset): 39 (JSC::JSWrapperObject::internalValue const): 40 (JSC::JSWrapperObject::setInternalValue): 41 (JSC::JSWrapperObject::createStructure): Deleted. 42 * runtime/NumberObject.h: 43 * runtime/StringObject.h: 44 * runtime/SymbolObject.h: 45 1 46 2020-04-07 Yusuke Suzuki <ysuzuki@apple.com> 2 47 -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
r259463 r259645 9862 9862 slowPath); 9863 9863 9864 m_jit.storePtr(9865 TrustedImmPtr(StringObject::info()),9866 JITCompiler::Address(resultGPR, JSDestructibleObject::classInfoOffset()));9867 9864 #if USE(JSVALUE64) 9868 9865 m_jit.store64( -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
r259320 r259645 1526 1526 } 1527 1527 1528 template<typename ClassType>1529 void emitAllocateDestructibleObject(GPRReg resultGPR, RegisteredStructure structure,1530 GPRReg scratchGPR1, GPRReg scratchGPR2, MacroAssembler::JumpList& slowPath)1531 {1532 m_jit.emitAllocateDestructibleObject<ClassType>(vm(), resultGPR, structure.get(), scratchGPR1, scratchGPR2, slowPath);1533 }1534 1535 1528 void emitAllocateRawObject(GPRReg resultGPR, RegisteredStructure, GPRReg storageGPR, unsigned numElements, unsigned vectorLength); 1536 1529 -
trunk/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.cpp
r251826 r259645 72 72 73 73 , JSString_value(JSRopeString_fiber0) 74 , JSWrapperObject_internalValue(const_cast<AbstractHeap&>(JSInternalFieldObjectImpl_internalFields[static_cast<unsigned>(JSWrapperObject::Field::WrappedValue)])) 74 75 75 76 , absolute(&root, "absolute") -
trunk/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h
r259463 r259645 98 98 macro(JSCell_typeInfoType, JSCell::typeInfoTypeOffset()) \ 99 99 macro(JSCell_usefulBytes, JSCell::indexingTypeAndMiscOffset()) \ 100 macro(JSDestructibleObject_classInfo, JSDestructibleObject::classInfoOffset()) \101 100 macro(JSFunction_executableOrRareData, JSFunction::offsetOfExecutableOrRareData()) \ 102 101 macro(JSFunction_scope, JSFunction::offsetOfScopeChain()) \ … … 120 119 macro(JSScope_next, JSScope::offsetOfNext()) \ 121 120 macro(JSSymbolTableObject_symbolTable, JSSymbolTableObject::offsetOfSymbolTable()) \ 122 macro(JSWrapperObject_internalValue, JSWrapperObject::internalValueOffset()) \123 121 macro(RegExpObject_regExpAndLastIndexIsNotWritableFlag, RegExpObject::offsetOfRegExpAndLastIndexIsNotWritableFlag()) \ 124 122 macro(RegExpObject_lastIndex, RegExpObject::offsetOfLastIndex()) \ … … 215 213 216 214 AbstractHeap& JSString_value; 215 AbstractHeap& JSWrapperObject_internalValue; 217 216 218 217 AbsoluteAbstractHeap absolute; -
trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
r259583 r259645 6399 6399 void compileNewStringObject() 6400 6400 { 6401 // FIXME: We should handle this as JSInternalFieldObject allocation. 6402 // https://bugs.webkit.org/show_bug.cgi?id=209453 6401 6403 RegisteredStructure structure = m_node->structure(); 6402 6404 LValue string = lowString(m_node->child1()); … … 6408 6410 6409 6411 LValue fastResultValue = allocateObject<StringObject>(structure, m_out.intPtrZero, slowCase); 6410 m_out.storePtr(m_out.constIntPtr(StringObject::info()), fastResultValue, m_heaps.JSDestructibleObject_classInfo);6411 6412 m_out.store64(string, fastResultValue, m_heaps.JSWrapperObject_internalValue); 6412 6413 mutatorFence(); … … 7406 7407 switch (m_node->child1().useKind()) { 7407 7408 case StringObjectUse: { 7409 // FIXME: We should convert this to GetInternalField(0). 7410 // https://bugs.webkit.org/show_bug.cgi?id=209453 7408 7411 LValue cell = lowCell(m_node->child1()); 7409 7412 speculateStringObjectForCell(m_node->child1(), cell); -
trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h
r259463 r259645 1872 1872 void emitConvertValueToBoolean(VM&, JSValueRegs, GPRReg result, GPRReg scratchIfShouldCheckMasqueradesAsUndefined, FPRReg, FPRReg, bool shouldCheckMasqueradesAsUndefined, JSGlobalObject*, bool negateResult = false); 1873 1873 1874 template<typename ClassType>1875 void emitAllocateDestructibleObject(VM& vm, GPRReg resultGPR, Structure* structure, GPRReg scratchGPR1, GPRReg scratchGPR2, JumpList& slowPath)1876 {1877 auto butterfly = TrustedImmPtr(nullptr);1878 emitAllocateJSObject<ClassType>(vm, resultGPR, TrustedImmPtr(structure), butterfly, scratchGPR1, scratchGPR2, slowPath);1879 storePtr(TrustedImmPtr(structure->classInfo()), Address(resultGPR, JSDestructibleObject::classInfoOffset()));1880 }1881 1882 1874 void emitInitializeInlineStorage(GPRReg baseGPR, unsigned inlineCapacity) 1883 1875 { -
trunk/Source/JavaScriptCore/runtime/BigIntObject.h
r253247 r259645 61 61 JS_EXPORT_PRIVATE BigIntObject(VM&, Structure*); 62 62 }; 63 static_assert(sizeof(BigIntObject) == sizeof(JSWrapperObject)); 63 64 64 65 } // namespace JSC -
trunk/Source/JavaScriptCore/runtime/BooleanObject.h
r253247 r259645 53 53 } 54 54 }; 55 static_assert(sizeof(BooleanObject) == sizeof(JSWrapperObject)); 55 56 56 57 } // namespace JSC -
trunk/Source/JavaScriptCore/runtime/JSDestructibleObject.h
r258059 r259645 39 39 40 40 const ClassInfo* classInfo() const { return m_classInfo; } 41 42 static ptrdiff_t classInfoOffset() { return OBJECT_OFFSETOF(JSDestructibleObject, m_classInfo); }43 41 44 42 protected: -
trunk/Source/JavaScriptCore/runtime/JSWrapperObject.cpp
r209897 r259645 24 24 25 25 #include "JSCInlines.h" 26 #include "JSInternalFieldObjectImplInlines.h" 26 27 27 28 namespace JSC { … … 31 32 void JSWrapperObject::visitChildren(JSCell* cell, SlotVisitor& visitor) 32 33 { 33 JSWrapperObject* thisObject = jsCast<JSWrapperObject*>(cell);34 auto* thisObject = jsCast<JSWrapperObject*>(cell); 34 35 ASSERT_GC_OBJECT_INHERITS(thisObject, info()); 35 JSObject::visitChildren(thisObject, visitor); 36 visitor.append(thisObject->m_internalValue); 36 Base::visitChildren(thisObject, visitor); 37 37 } 38 38 -
trunk/Source/JavaScriptCore/runtime/JSWrapperObject.h
r253588 r259645 22 22 #pragma once 23 23 24 #include "JS Object.h"24 #include "JSInternalFieldObjectImpl.h" 25 25 26 26 namespace JSC { … … 28 28 // This class is used as a base for classes such as String, 29 29 // Number, Boolean and Symbol which are wrappers for primitive types. 30 class JSWrapperObject : public JS NonFinalObject{30 class JSWrapperObject : public JSInternalFieldObjectImpl<1> { 31 31 public: 32 using Base = JS NonFinalObject;32 using Base = JSInternalFieldObjectImpl<1>; 33 33 34 34 template<typename, SubspaceAccess> … … 44 44 } 45 45 46 enum class Field : uint32_t { 47 WrappedValue = 0, 48 }; 49 static_assert(numberOfInternalFields == 1); 50 46 51 JSValue internalValue() const; 47 52 void setInternalValue(VM&, JSValue); 48 53 49 static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype) 50 { 51 return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info()); 52 } 53 54 static ptrdiff_t internalValueOffset() { return OBJECT_OFFSETOF(JSWrapperObject, m_internalValue); } 54 static ptrdiff_t internalValueOffset() { return offsetOfInternalField(static_cast<unsigned>(Field::WrappedValue)); } 55 55 static ptrdiff_t internalValueCellOffset() 56 56 { … … 66 66 67 67 JS_EXPORT_PRIVATE static void visitChildren(JSCell*, SlotVisitor&); 68 69 private:70 WriteBarrier<Unknown> m_internalValue;71 68 }; 72 69 … … 78 75 inline JSValue JSWrapperObject::internalValue() const 79 76 { 80 return m_internalValue.get();77 return internalField(static_cast<unsigned>(Field::WrappedValue)).get(); 81 78 } 82 79 … … 85 82 ASSERT(value); 86 83 ASSERT(!value.isObject()); 87 m_internalValue.set(vm, this, value);84 internalField(static_cast<unsigned>(Field::WrappedValue)).set(vm, this, value); 88 85 } 89 86 -
trunk/Source/JavaScriptCore/runtime/NumberObject.h
r253247 r259645 53 53 } 54 54 }; 55 static_assert(sizeof(NumberObject) == sizeof(JSWrapperObject)); 55 56 56 57 JS_EXPORT_PRIVATE NumberObject* constructNumber(JSGlobalObject*, JSValue); -
trunk/Source/JavaScriptCore/runtime/StringObject.h
r257399 r259645 77 77 JS_EXPORT_PRIVATE StringObject(VM&, Structure*); 78 78 }; 79 static_assert(sizeof(StringObject) == sizeof(JSWrapperObject)); 79 80 80 81 JS_EXPORT_PRIVATE StringObject* constructString(VM&, JSGlobalObject*, JSValue); -
trunk/Source/JavaScriptCore/runtime/SymbolObject.h
r253247 r259645 69 69 JS_EXPORT_PRIVATE SymbolObject(VM&, Structure*); 70 70 }; 71 static_assert(sizeof(SymbolObject) == sizeof(JSWrapperObject)); 71 72 72 73 } // namespace JSC
Note: See TracChangeset
for help on using the changeset viewer.
