[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.15.1-1414-gc69ee75
oliver at apple.com
oliver at apple.com
Thu Oct 29 20:31:14 UTC 2009
The following commit has been merged in the webkit-1.1 branch:
commit ae8658946d4beca0ccfb6b260a24b06066d44151
Author: oliver at apple.com <oliver at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Mon Sep 21 15:45:13 2009 +0000
Re-land SNES fix, with correct assertion
RS=Maciej Stachowiak
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48582 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 949a19c..2f30dec 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,40 @@
+2009-09-21 Oliver Hunt <oliver at apple.com>
+
+ RS=Maciej Stachowiak.
+
+ Re-land SNES fix with corrected assertion.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::resolveGlobal):
+ (JSC::Interpreter::tryCachePutByID):
+ (JSC::Interpreter::tryCacheGetByID):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::tryCachePutByID):
+ (JSC::JITThunks::tryCacheGetByID):
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/BatchedTransitionOptimizer.h:
+ (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::removeDirect):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::getEnumerablePropertyNames):
+ (JSC::Structure::despecifyDictionaryFunction):
+ (JSC::Structure::addPropertyTransitionToExistingStructure):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::removePropertyTransition):
+ (JSC::Structure::toDictionaryTransition):
+ (JSC::Structure::toCacheableDictionaryTransition):
+ (JSC::Structure::toUncacheableDictionaryTransition):
+ (JSC::Structure::fromDictionaryTransition):
+ (JSC::Structure::removePropertyWithoutTransition):
+ * runtime/Structure.h:
+ (JSC::Structure::isDictionary):
+ (JSC::Structure::isUncacheableDictionary):
+ (JSC::Structure::):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::isCacheable):
+
2009-09-21 Adam Roben <aroben at apple.com>
Revert r48573, as it caused many assertion failures
diff --git a/JavaScriptCore/interpreter/Interpreter.cpp b/JavaScriptCore/interpreter/Interpreter.cpp
index dda667e..624832c 100644
--- a/JavaScriptCore/interpreter/Interpreter.cpp
+++ b/JavaScriptCore/interpreter/Interpreter.cpp
@@ -169,7 +169,7 @@ NEVER_INLINE bool Interpreter::resolveGlobal(CallFrame* callFrame, Instruction*
PropertySlot slot(globalObject);
if (globalObject->getPropertySlot(callFrame, ident, slot)) {
JSValue result = slot.getValue(callFrame, ident);
- if (slot.isCacheable() && !globalObject->structure()->isDictionary() && slot.slotBase() == globalObject) {
+ if (slot.isCacheable() && !globalObject->structure()->isUncacheableDictionary() && slot.slotBase() == globalObject) {
if (vPC[4].u.structure)
vPC[4].u.structure->deref();
globalObject->structure()->ref();
@@ -953,7 +953,7 @@ NEVER_INLINE void Interpreter::tryCachePutByID(CallFrame* callFrame, CodeBlock*
JSCell* baseCell = asCell(baseValue);
Structure* structure = baseCell->structure();
- if (structure->isDictionary()) {
+ if (structure->isUncacheableDictionary()) {
vPC[0] = getOpcode(op_put_by_id_generic);
return;
}
@@ -1040,7 +1040,7 @@ NEVER_INLINE void Interpreter::tryCacheGetByID(CallFrame* callFrame, CodeBlock*
Structure* structure = asCell(baseValue)->structure();
- if (structure->isDictionary()) {
+ if (structure->isUncacheableDictionary()) {
vPC[0] = getOpcode(op_get_by_id_generic);
return;
}
diff --git a/JavaScriptCore/jit/JITStubs.cpp b/JavaScriptCore/jit/JITStubs.cpp
index 1e960d5..f197526 100644
--- a/JavaScriptCore/jit/JITStubs.cpp
+++ b/JavaScriptCore/jit/JITStubs.cpp
@@ -679,7 +679,7 @@ NEVER_INLINE void JITThunks::tryCachePutByID(CallFrame* callFrame, CodeBlock* co
JSCell* baseCell = asCell(baseValue);
Structure* structure = baseCell->structure();
- if (structure->isDictionary()) {
+ if (structure->isUncacheableDictionary()) {
ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_put_by_id_generic));
return;
}
@@ -743,7 +743,7 @@ NEVER_INLINE void JITThunks::tryCacheGetByID(CallFrame* callFrame, CodeBlock* co
JSCell* baseCell = asCell(baseValue);
Structure* structure = baseCell->structure();
- if (structure->isDictionary()) {
+ if (structure->isUncacheableDictionary()) {
ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_get_by_id_generic));
return;
}
@@ -1154,7 +1154,7 @@ DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id_method_check)
JSObject* slotBaseObject;
if (baseValue.isCell()
&& slot.isCacheable()
- && !(structure = asCell(baseValue)->structure())->isDictionary()
+ && !(structure = asCell(baseValue)->structure())->isUncacheableDictionary()
&& (slotBaseObject = asObject(slot.slotBase()))->getPropertySpecificValue(callFrame, ident, specific)
&& specific
) {
@@ -1228,7 +1228,7 @@ DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id_self_fail)
if (baseValue.isCell()
&& slot.isCacheable()
- && !asCell(baseValue)->structure()->isDictionary()
+ && !asCell(baseValue)->structure()->isUncacheableDictionary()
&& slot.slotBase() == baseValue) {
CodeBlock* codeBlock = callFrame->codeBlock();
@@ -1299,7 +1299,7 @@ DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id_proto_list)
CHECK_FOR_EXCEPTION();
- if (!baseValue.isCell() || !slot.isCacheable() || asCell(baseValue)->structure()->isDictionary()) {
+ if (!baseValue.isCell() || !slot.isCacheable() || asCell(baseValue)->structure()->isUncacheableDictionary()) {
ctiPatchCallByReturnAddress(callFrame->codeBlock(), STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_proto_fail));
return JSValue::encode(result);
}
@@ -2188,7 +2188,7 @@ DEFINE_STUB_FUNCTION(EncodedJSValue, op_resolve_global)
PropertySlot slot(globalObject);
if (globalObject->getPropertySlot(callFrame, ident, slot)) {
JSValue result = slot.getValue(callFrame, ident);
- if (slot.isCacheable() && !globalObject->structure()->isDictionary() && slot.slotBase() == globalObject) {
+ if (slot.isCacheable() && !globalObject->structure()->isUncacheableDictionary() && slot.slotBase() == globalObject) {
GlobalResolveInfo& globalResolveInfo = callFrame->codeBlock()->globalResolveInfo(globalResolveInfoIndex);
if (globalResolveInfo.structure)
globalResolveInfo.structure->deref();
diff --git a/JavaScriptCore/runtime/BatchedTransitionOptimizer.h b/JavaScriptCore/runtime/BatchedTransitionOptimizer.h
index b9f738f..929a5e7 100644
--- a/JavaScriptCore/runtime/BatchedTransitionOptimizer.h
+++ b/JavaScriptCore/runtime/BatchedTransitionOptimizer.h
@@ -38,7 +38,7 @@ namespace JSC {
: m_object(object)
{
if (!m_object->structure()->isDictionary())
- m_object->setStructure(Structure::toDictionaryTransition(m_object->structure()));
+ m_object->setStructure(Structure::toCacheableDictionaryTransition(m_object->structure()));
}
~BatchedTransitionOptimizer()
diff --git a/JavaScriptCore/runtime/JSObject.cpp b/JavaScriptCore/runtime/JSObject.cpp
index 8c14fdd..74af4b1 100644
--- a/JavaScriptCore/runtime/JSObject.cpp
+++ b/JavaScriptCore/runtime/JSObject.cpp
@@ -471,7 +471,7 @@ JSObject* JSObject::unwrappedObject()
void JSObject::removeDirect(const Identifier& propertyName)
{
size_t offset;
- if (m_structure->isDictionary()) {
+ if (m_structure->isUncacheableDictionary()) {
offset = m_structure->removePropertyWithoutTransition(propertyName);
if (offset != WTF::notFound)
putDirectOffset(offset, jsUndefined());
diff --git a/JavaScriptCore/runtime/Structure.cpp b/JavaScriptCore/runtime/Structure.cpp
index 34c27b7..7209b5f 100644
--- a/JavaScriptCore/runtime/Structure.cpp
+++ b/JavaScriptCore/runtime/Structure.cpp
@@ -127,7 +127,7 @@ Structure::Structure(JSValue prototype, const TypeInfo& typeInfo)
, m_propertyTable(0)
, m_propertyStorageCapacity(JSObject::inlineStorageCapacity)
, m_offset(noOffset)
- , m_isDictionary(false)
+ , m_dictionaryKind(NoneDictionaryKind)
, m_isPinnedPropertyTable(false)
, m_hasGetterSetterProperties(false)
, m_attributesInPrevious(0)
@@ -290,7 +290,7 @@ void Structure::getOwnEnumerablePropertyNames(ExecState* exec, PropertyNameArray
void Structure::getEnumerablePropertyNames(ExecState* exec, PropertyNameArray& propertyNames, JSObject* baseObject)
{
- bool shouldCache = propertyNames.shouldCache() && !(propertyNames.size() || m_isDictionary);
+ bool shouldCache = propertyNames.shouldCache() && !(propertyNames.size() || isDictionary());
if (shouldCache && m_cachedPropertyNameArrayData) {
if (m_cachedPropertyNameArrayData->cachedPrototypeChain() == prototypeChain(exec)) {
@@ -349,7 +349,7 @@ void Structure::despecifyDictionaryFunction(const Identifier& propertyName)
materializePropertyMapIfNecessary();
- ASSERT(m_isDictionary);
+ ASSERT(isDictionary());
ASSERT(m_propertyTable);
unsigned i = rep->computedHash();
@@ -391,7 +391,7 @@ void Structure::despecifyDictionaryFunction(const Identifier& propertyName)
PassRefPtr<Structure> Structure::addPropertyTransitionToExistingStructure(Structure* structure, const Identifier& propertyName, unsigned attributes, JSCell* specificValue, size_t& offset)
{
- ASSERT(!structure->m_isDictionary);
+ ASSERT(!structure->isDictionary());
ASSERT(structure->typeInfo().type() == ObjectType);
if (Structure* existingTransition = structure->table.get(make_pair(propertyName.ustring().rep(), attributes), specificValue)) {
@@ -405,12 +405,12 @@ PassRefPtr<Structure> Structure::addPropertyTransitionToExistingStructure(Struct
PassRefPtr<Structure> Structure::addPropertyTransition(Structure* structure, const Identifier& propertyName, unsigned attributes, JSCell* specificValue, size_t& offset)
{
- ASSERT(!structure->m_isDictionary);
+ ASSERT(!structure->isDictionary());
ASSERT(structure->typeInfo().type() == ObjectType);
ASSERT(!Structure::addPropertyTransitionToExistingStructure(structure, propertyName, attributes, specificValue, offset));
if (structure->transitionCount() > s_maxTransitionLength) {
- RefPtr<Structure> transition = toDictionaryTransition(structure);
+ RefPtr<Structure> transition = toCacheableDictionaryTransition(structure);
ASSERT(structure != transition);
offset = transition->put(propertyName, attributes, specificValue);
if (transition->propertyStorageSize() > transition->propertyStorageCapacity())
@@ -454,9 +454,9 @@ PassRefPtr<Structure> Structure::addPropertyTransition(Structure* structure, con
PassRefPtr<Structure> Structure::removePropertyTransition(Structure* structure, const Identifier& propertyName, size_t& offset)
{
- ASSERT(!structure->m_isDictionary);
+ ASSERT(!structure->isUncacheableDictionary());
- RefPtr<Structure> transition = toDictionaryTransition(structure);
+ RefPtr<Structure> transition = toUncacheableDictionaryTransition(structure);
offset = transition->remove(propertyName);
@@ -554,25 +554,35 @@ PassRefPtr<Structure> Structure::getterSetterTransition(Structure* structure)
return transition.release();
}
-PassRefPtr<Structure> Structure::toDictionaryTransition(Structure* structure)
+PassRefPtr<Structure> Structure::toDictionaryTransition(Structure* structure, DictionaryKind kind)
{
- ASSERT(!structure->m_isDictionary);
-
+ ASSERT(!structure->isUncacheableDictionary());
+
RefPtr<Structure> transition = create(structure->m_prototype, structure->typeInfo());
- transition->m_isDictionary = true;
+ transition->m_dictionaryKind = kind;
transition->m_propertyStorageCapacity = structure->m_propertyStorageCapacity;
transition->m_hasGetterSetterProperties = structure->m_hasGetterSetterProperties;
-
+
structure->materializePropertyMapIfNecessary();
transition->m_propertyTable = structure->copyPropertyTable();
transition->m_isPinnedPropertyTable = true;
-
+
return transition.release();
}
+PassRefPtr<Structure> Structure::toCacheableDictionaryTransition(Structure* structure)
+{
+ return toDictionaryTransition(structure, CachedDictionaryKind);
+}
+
+PassRefPtr<Structure> Structure::toUncacheableDictionaryTransition(Structure* structure)
+{
+ return toDictionaryTransition(structure, UncachedDictionaryKind);
+}
+
PassRefPtr<Structure> Structure::fromDictionaryTransition(Structure* structure)
{
- ASSERT(structure->m_isDictionary);
+ ASSERT(structure->isDictionary());
// Since dictionary Structures are not shared, and no opcodes specialize
// for them, we don't need to allocate a new Structure when transitioning
@@ -581,7 +591,7 @@ PassRefPtr<Structure> Structure::fromDictionaryTransition(Structure* structure)
// FIMXE: We can make this more efficient by canonicalizing the Structure (draining the
// deleted offsets vector) before transitioning from dictionary.
if (!structure->m_propertyTable || !structure->m_propertyTable->deletedOffsets || structure->m_propertyTable->deletedOffsets->isEmpty())
- structure->m_isDictionary = false;
+ structure->m_dictionaryKind = NoneDictionaryKind;
return structure;
}
@@ -600,7 +610,7 @@ size_t Structure::addPropertyWithoutTransition(const Identifier& propertyName, u
size_t Structure::removePropertyWithoutTransition(const Identifier& propertyName)
{
- ASSERT(m_isDictionary);
+ ASSERT(isUncacheableDictionary());
materializePropertyMapIfNecessary();
diff --git a/JavaScriptCore/runtime/Structure.h b/JavaScriptCore/runtime/Structure.h
index f7cb04b..ed9f6e5 100644
--- a/JavaScriptCore/runtime/Structure.h
+++ b/JavaScriptCore/runtime/Structure.h
@@ -70,7 +70,8 @@ namespace JSC {
static PassRefPtr<Structure> despecifyFunctionTransition(Structure*, const Identifier&);
static PassRefPtr<Structure> addAnonymousSlotsTransition(Structure*, unsigned count);
static PassRefPtr<Structure> getterSetterTransition(Structure*);
- static PassRefPtr<Structure> toDictionaryTransition(Structure*);
+ static PassRefPtr<Structure> toCacheableDictionaryTransition(Structure*);
+ static PassRefPtr<Structure> toUncacheableDictionaryTransition(Structure*);
static PassRefPtr<Structure> fromDictionaryTransition(Structure*);
~Structure();
@@ -81,8 +82,9 @@ namespace JSC {
size_t addPropertyWithoutTransition(const Identifier& propertyName, unsigned attributes, JSCell* specificValue);
size_t removePropertyWithoutTransition(const Identifier& propertyName);
void setPrototypeWithoutTransition(JSValue prototype) { m_prototype = prototype; }
-
- bool isDictionary() const { return m_isDictionary; }
+
+ bool isDictionary() const { return m_dictionaryKind != NoneDictionaryKind; }
+ bool isUncacheableDictionary() const { return m_dictionaryKind == UncachedDictionaryKind; }
const TypeInfo& typeInfo() const { return m_typeInfo; }
@@ -127,6 +129,13 @@ namespace JSC {
private:
Structure(JSValue prototype, const TypeInfo&);
+
+ typedef enum {
+ NoneDictionaryKind = 0,
+ CachedDictionaryKind = 1,
+ UncachedDictionaryKind = 2
+ } DictionaryKind;
+ static PassRefPtr<Structure> toDictionaryTransition(Structure*, DictionaryKind);
size_t put(const Identifier& propertyName, unsigned attributes, JSCell* specificValue);
size_t remove(const Identifier& propertyName);
@@ -187,7 +196,7 @@ namespace JSC {
size_t m_propertyStorageCapacity;
signed char m_offset;
- bool m_isDictionary : 1;
+ unsigned m_dictionaryKind : 2;
bool m_isPinnedPropertyTable : 1;
bool m_hasGetterSetterProperties : 1;
#if COMPILER(WINSCW)
diff --git a/JavaScriptCore/runtime/StructureChain.cpp b/JavaScriptCore/runtime/StructureChain.cpp
index eb57a5a..6e8a0ee 100644
--- a/JavaScriptCore/runtime/StructureChain.cpp
+++ b/JavaScriptCore/runtime/StructureChain.cpp
@@ -51,6 +51,7 @@ bool StructureChain::isCacheable() const
uint32_t i = 0;
while (m_vector[i]) {
+ // Both classes of dictionary structure may change arbitrarily so we can't cache them
if (m_vector[i]->isDictionary())
return false;
if (!m_vector[i++]->typeInfo().hasDefaultGetPropertyNames())
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list