Changeset 267113 in webkit
- Timestamp:
- Sep 15, 2020 4:38:23 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r267108 r267113 1 2020-09-15 Saam Barati <sbarati@apple.com> 2 3 CustomFunctionEquivalence PropertyCondition needs to check if the structure has the property 4 https://bugs.webkit.org/show_bug.cgi?id=216575 5 <rdar://problem/68286930> 6 7 Reviewed by Yusuke Suzuki. 8 9 * stress/has-static-property-property-condition-needs-to-check-if-structure-has-property.js: Added. 10 (foo): 11 1 12 2020-09-15 Yusuke Suzuki <ysuzuki@apple.com> 2 13 -
trunk/Source/JavaScriptCore/ChangeLog
r267108 r267113 1 2020-09-15 Saam Barati <sbarati@apple.com> 2 3 CustomFunctionEquivalence PropertyCondition needs to check if the structure has the property 4 https://bugs.webkit.org/show_bug.cgi?id=216575 5 <rdar://problem/68286930> 6 7 Reviewed by Yusuke Suzuki. 8 9 The CustomFunctionEquivalence PropertyCondition would only return false to 10 isStillValidAssumingImpurePropertyWatchpoint if the Structure's static 11 property table was reified or if the static property table did not contain the 12 property. However, this missed the obvious case of where we store to this 13 property in normal object storage without reifying the static property table. 14 The fix here is simple: we first check if the Structure's property table 15 has this property, and if so, return false. 16 17 This patch also renames CustomFunctionEquivalence to HasStaticProperty to 18 better capture what we're doing. 19 20 * bytecode/ObjectPropertyCondition.h: 21 (JSC::ObjectPropertyCondition::hasStaticProperty): 22 (JSC::ObjectPropertyCondition::customFunctionEquivalence): Deleted. 23 * bytecode/ObjectPropertyConditionSet.cpp: 24 (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition const): 25 (JSC::ObjectPropertyConditionSet::slotBaseCondition const): 26 (JSC::generateConditionsForPrototypePropertyHitCustom): 27 * bytecode/PropertyCondition.cpp: 28 (JSC::PropertyCondition::dumpInContext const): 29 (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint const): 30 (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint const): 31 (JSC::PropertyCondition::isStillValid const): 32 (JSC::PropertyCondition::isWatchableWhenValid const): 33 (WTF::printInternal): 34 * bytecode/PropertyCondition.h: 35 (JSC::PropertyCondition::hasStaticProperty): 36 (JSC::PropertyCondition::hash const): 37 (JSC::PropertyCondition::operator== const): 38 (JSC::PropertyCondition::customFunctionEquivalence): Deleted. 39 * tools/JSDollarVM.cpp: 40 (JSC::functionCreateStaticCustomValue): 41 (JSC::JSDollarVM::finishCreation): 42 1 43 2020-09-15 Yusuke Suzuki <ysuzuki@apple.com> 2 44 -
trunk/Source/JavaScriptCore/bytecode/ObjectPropertyCondition.h
r264488 r267113 123 123 } 124 124 125 static ObjectPropertyCondition customFunctionEquivalence(125 static ObjectPropertyCondition hasStaticProperty( 126 126 VM& vm, JSCell* owner, JSObject* object, UniquedStringImpl* uid) 127 127 { 128 128 ObjectPropertyCondition result; 129 129 result.m_object = object; 130 result.m_condition = PropertyCondition:: customFunctionEquivalence(uid);130 result.m_condition = PropertyCondition::hasStaticProperty(uid); 131 131 if (owner) 132 132 vm.heap.writeBarrier(owner); -
trunk/Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.cpp
r266496 r267113 68 68 case PropertyCondition::Presence: 69 69 case PropertyCondition::Equivalence: 70 case PropertyCondition:: CustomFunctionEquivalence:70 case PropertyCondition::HasStaticProperty: 71 71 if (sawBase) 72 72 return false; … … 88 88 if (condition.kind() == PropertyCondition::Presence 89 89 || condition.kind() == PropertyCondition::Equivalence 90 || condition.kind() == PropertyCondition:: CustomFunctionEquivalence) {90 || condition.kind() == PropertyCondition::HasStaticProperty) { 91 91 result = condition; 92 92 numFound++; … … 245 245 break; 246 246 } 247 case PropertyCondition:: CustomFunctionEquivalence: {247 case PropertyCondition::HasStaticProperty: { 248 248 auto entry = object->findPropertyHashEntry(vm, uid); 249 249 if (!entry) 250 250 return ObjectPropertyCondition(); 251 result = ObjectPropertyCondition:: customFunctionEquivalence(vm, owner, object, uid);251 result = ObjectPropertyCondition::hasStaticProperty(vm, owner, object, uid); 252 252 break; 253 253 } … … 410 410 kind = PropertyCondition::Equivalence; 411 411 } else if (structure->findPropertyHashEntry(uid)) 412 kind = PropertyCondition:: CustomFunctionEquivalence;412 kind = PropertyCondition::HasStaticProperty; 413 413 else if (attributes & PropertyAttribute::DontDelete) { 414 414 // This can't change, so we can blindly cache it. -
trunk/Source/JavaScriptCore/bytecode/PropertyCondition.cpp
r261895 r267113 55 55 out.print(m_header.type(), " of ", m_header.pointer(), " with ", inContext(requiredValue(), context)); 56 56 return; 57 case CustomFunctionEquivalence:57 case HasStaticProperty: 58 58 out.print(m_header.type(), " of ", m_header.pointer()); 59 59 return; … … 90 90 case AbsenceOfSetEffect: 91 91 case Equivalence: 92 case CustomFunctionEquivalence:92 case HasStaticProperty: 93 93 if (!structure->propertyAccessesAreCacheable()) { 94 94 if (PropertyConditionInternal::verbose) … … 254 254 return true; 255 255 } 256 case CustomFunctionEquivalence: { 256 case HasStaticProperty: { 257 if (isValidOffset(structure->getConcurrently(uid()))) 258 return false; 257 259 if (structure->staticPropertiesReified()) 258 260 return false; … … 274 276 case Absence: 275 277 case Equivalence: 276 case CustomFunctionEquivalence:278 case HasStaticProperty: 277 279 return structure->needImpurePropertyWatchpoint(); 278 280 case AbsenceOfSetEffect: … … 300 302 case Presence: 301 303 case Equivalence: 302 case CustomFunctionEquivalence:304 case HasStaticProperty: 303 305 if (structure->typeInfo().getOwnPropertySlotIsImpure()) 304 306 return false; … … 343 345 } 344 346 345 case CustomFunctionEquivalence: {347 case HasStaticProperty: { 346 348 // We just use the structure transition watchpoint for this. A structure S starts 347 349 // off with a property P in the static property hash table. If S transitions to … … 431 433 out.print("Equivalence"); 432 434 return; 433 case JSC::PropertyCondition:: CustomFunctionEquivalence:434 out.print(" CustomFunctionEquivalence");435 case JSC::PropertyCondition::HasStaticProperty: 436 out.print("HasStaticProperty"); 435 437 return; 436 438 case JSC::PropertyCondition::HasPrototype: -
trunk/Source/JavaScriptCore/bytecode/PropertyCondition.h
r264488 r267113 41 41 AbsenceOfSetEffect, 42 42 Equivalence, // An adaptive watchpoint on this will be a pair of watchpoints, and when the structure transitions, we will set the replacement watchpoint on the new structure. 43 CustomFunctionEquivalence, // Custom value or accessor.43 HasStaticProperty, // Custom value or accessor. 44 44 HasPrototype 45 45 }; … … 125 125 } 126 126 127 static PropertyCondition customFunctionEquivalence(UniquedStringImpl* uid)128 { 129 PropertyCondition result; 130 result.m_header = Header(uid, CustomFunctionEquivalence);127 static PropertyCondition hasStaticProperty(UniquedStringImpl* uid) 128 { 129 PropertyCondition result; 130 result.m_header = Header(uid, HasStaticProperty); 131 131 return result; 132 132 } … … 202 202 result ^= EncodedJSValueHash::hash(u.equivalence.value); 203 203 break; 204 case CustomFunctionEquivalence:204 case HasStaticProperty: 205 205 break; 206 206 } … … 224 224 case Equivalence: 225 225 return u.equivalence.value == other.u.equivalence.value; 226 case CustomFunctionEquivalence:226 case HasStaticProperty: 227 227 return true; 228 228 } -
trunk/Source/JavaScriptCore/tools/JSDollarVM.cpp
r266969 r267113 740 740 }; 741 741 742 static EncodedJSValue testStaticValueGetter(JSGlobalObject*, EncodedJSValue, PropertyName) 743 { 744 DollarVMAssertScope assertScope; 745 return JSValue::encode(jsUndefined()); 746 } 747 748 static bool testStaticValuePutter(JSGlobalObject* globalObject, EncodedJSValue thisValue, EncodedJSValue value) 749 { 750 DollarVMAssertScope assertScope; 751 VM& vm = globalObject->vm(); 752 753 JSObject* thisObject = jsDynamicCast<JSObject*>(vm, JSValue::decode(thisValue)); 754 RELEASE_ASSERT(thisObject); 755 756 return thisObject->putDirect(vm, PropertyName(Identifier::fromString(vm, "testStaticValue")), JSValue::decode(value)); 757 } 758 759 static const struct CompactHashIndex staticCustomValueTableIndex[2] = { 760 { 0, -1 }, 761 { -1, -1 }, 762 }; 763 764 static const struct HashTableValue staticCustomValueTableValues[1] = { 765 { "testStaticValue", static_cast<unsigned>(PropertyAttribute::CustomAccessor), NoIntrinsic, { (intptr_t)static_cast<PropertySlot::GetValueFunc>(testStaticValueGetter), (intptr_t)static_cast<PutPropertySlot::PutValueFunc>(testStaticValuePutter) } }, 766 }; 767 768 static const struct HashTable staticCustomValueTable = 769 { 1, 1, true, nullptr, staticCustomValueTableValues, staticCustomValueTableIndex }; 770 771 class StaticCustomValue : public JSNonFinalObject { 772 using Base = JSNonFinalObject; 773 public: 774 StaticCustomValue(VM& vm, Structure* structure) 775 : Base(vm, structure) 776 { 777 DollarVMAssertScope assertScope; 778 } 779 780 DECLARE_INFO; 781 782 static constexpr unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; 783 784 template<typename CellType, SubspaceAccess> 785 static CompleteSubspace* subspaceFor(VM& vm) 786 { 787 return &vm.cellSpace; 788 } 789 790 static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype) 791 { 792 DollarVMAssertScope assertScope; 793 return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info()); 794 } 795 796 static StaticCustomValue* create(VM& vm, Structure* structure) 797 { 798 DollarVMAssertScope assertScope; 799 StaticCustomValue* accessor = new (NotNull, allocateCell<StaticCustomValue>(vm.heap)) StaticCustomValue(vm, structure); 800 accessor->finishCreation(vm); 801 return accessor; 802 } 803 }; 804 742 805 class ObjectDoingSideEffectPutWithoutCorrectSlotStatus : public JSNonFinalObject { 743 806 using Base = JSNonFinalObject; … … 1546 1609 1547 1610 const ClassInfo StaticCustomAccessor::s_info = { "StaticCustomAccessor", &Base::s_info, &staticCustomAccessorTable, nullptr, CREATE_METHOD_TABLE(StaticCustomAccessor) }; 1611 const ClassInfo StaticCustomValue::s_info = { "StaticCustomValue", &Base::s_info, &staticCustomValueTable, nullptr, CREATE_METHOD_TABLE(StaticCustomValue) }; 1548 1612 const ClassInfo ObjectDoingSideEffectPutWithoutCorrectSlotStatus::s_info = { "ObjectDoingSideEffectPutWithoutCorrectSlotStatus", &Base::s_info, &staticCustomAccessorTable, nullptr, CREATE_METHOD_TABLE(ObjectDoingSideEffectPutWithoutCorrectSlotStatus) }; 1549 1613 … … 2533 2597 } 2534 2598 2599 static EncodedJSValue JSC_HOST_CALL functionCreateStaticCustomValue(JSGlobalObject* globalObject, CallFrame*) 2600 { 2601 DollarVMAssertScope assertScope; 2602 VM& vm = globalObject->vm(); 2603 JSLockHolder lock(vm); 2604 Structure* structure = StaticCustomValue::createStructure(vm, globalObject, jsNull()); 2605 auto* result = StaticCustomValue::create(vm, structure); 2606 return JSValue::encode(result); 2607 } 2608 2535 2609 static EncodedJSValue JSC_HOST_CALL functionCreateObjectDoingSideEffectPutWithoutCorrectSlotStatus(JSGlobalObject* globalObject, CallFrame* callFrame) 2536 2610 { … … 3251 3325 #endif 3252 3326 addFunction(vm, "createStaticCustomAccessor", functionCreateStaticCustomAccessor, 0); 3327 addFunction(vm, "createStaticCustomValue", functionCreateStaticCustomValue, 0); 3253 3328 addFunction(vm, "createObjectDoingSideEffectPutWithoutCorrectSlotStatus", functionCreateObjectDoingSideEffectPutWithoutCorrectSlotStatus, 0); 3254 3329 addFunction(vm, "createEmptyFunctionWithName", functionCreateEmptyFunctionWithName, 1);
Note: See TracChangeset
for help on using the changeset viewer.