Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

166166 0F4680D414BBD24900BFE272 /* HostCallReturnValue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F4680D014BBC5F800BFE272 /* HostCallReturnValue.cpp */; };
167167 0F4680D514BBD24B00BFE272 /* HostCallReturnValue.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4680D114BBC5F800BFE272 /* HostCallReturnValue.h */; settings = {ATTRIBUTES = (Private, ); }; };
168168 0F493AFA16D0CAD30084508B /* SourceProvider.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F493AF816D0CAD10084508B /* SourceProvider.cpp */; };
 169 0F4E1A0E173AEDDC007EE2D3 /* IntendedStructureChain.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F4E1A0C173AEDDC007EE2D3 /* IntendedStructureChain.cpp */; };
 170 0F4E1A0F173AEDDC007EE2D3 /* IntendedStructureChain.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4E1A0D173AEDDC007EE2D3 /* IntendedStructureChain.h */; settings = {ATTRIBUTES = (Private, ); }; };
 171 0F4E1A12173AF07B007EE2D3 /* DFGDesiredStructureChains.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4E1A11173AF078007EE2D3 /* DFGDesiredStructureChains.h */; settings = {ATTRIBUTES = (Private, ); }; };
 172 0F4E1A13173AF07E007EE2D3 /* DFGDesiredStructureChains.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F4E1A10173AF078007EE2D3 /* DFGDesiredStructureChains.cpp */; };
169173 0F5541B11613C1FB00CE3E25 /* SpecialPointer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F5541AF1613C1FB00CE3E25 /* SpecialPointer.cpp */; };
170174 0F5541B21613C1FB00CE3E25 /* SpecialPointer.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5541B01613C1FB00CE3E25 /* SpecialPointer.h */; settings = {ATTRIBUTES = (Private, ); }; };
171175 0F55C19417276E4600CEABFD /* DFGAbstractValue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F55C19317276E4600CEABFD /* DFGAbstractValue.cpp */; };

11341138 0F4680D014BBC5F800BFE272 /* HostCallReturnValue.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HostCallReturnValue.cpp; sourceTree = "<group>"; };
11351139 0F4680D114BBC5F800BFE272 /* HostCallReturnValue.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HostCallReturnValue.h; sourceTree = "<group>"; };
11361140 0F493AF816D0CAD10084508B /* SourceProvider.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SourceProvider.cpp; sourceTree = "<group>"; };
 1141 0F4E1A0C173AEDDC007EE2D3 /* IntendedStructureChain.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = IntendedStructureChain.cpp; sourceTree = "<group>"; };
 1142 0F4E1A0D173AEDDC007EE2D3 /* IntendedStructureChain.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = IntendedStructureChain.h; sourceTree = "<group>"; };
 1143 0F4E1A10173AF078007EE2D3 /* DFGDesiredStructureChains.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; name = DFGDesiredStructureChains.cpp; path = dfg/DFGDesiredStructureChains.cpp; sourceTree = "<group>"; };
 1144 0F4E1A11173AF078007EE2D3 /* DFGDesiredStructureChains.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = DFGDesiredStructureChains.h; path = dfg/DFGDesiredStructureChains.h; sourceTree = "<group>"; };
11371145 0F5541AF1613C1FB00CE3E25 /* SpecialPointer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SpecialPointer.cpp; sourceTree = "<group>"; };
11381146 0F5541B01613C1FB00CE3E25 /* SpecialPointer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SpecialPointer.h; sourceTree = "<group>"; };
11391147 0F55C19317276E4600CEABFD /* DFGAbstractValue.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGAbstractValue.cpp; path = dfg/DFGAbstractValue.cpp; sourceTree = "<group>"; };

26132621 0FB7F38F15ED8E3800F167B2 /* IndexingType.h */,
26142622 E178636C0D9BEEC300D74E75 /* InitializeThreading.cpp */,
26152623 E178633F0D9BEC0000D74E75 /* InitializeThreading.h */,
 2624 0F4E1A0C173AEDDC007EE2D3 /* IntendedStructureChain.cpp */,
 2625 0F4E1A0D173AEDDC007EE2D3 /* IntendedStructureChain.h */,
26162626 BC9BB95B0E19680600DF8855 /* InternalFunction.cpp */,
26172627 BC11667A0E199C05008066DD /* InternalFunction.h */,
26182628 86BF642A148DB2B5004DE36A /* Intrinsic.h */,

26342644 A7B4ACAE1484C9CE00B38A36 /* JSExportMacros.h */,
26352645 F692A85E0255597D01FF60F7 /* JSFunction.cpp */,
26362646 F692A85F0255597D01FF60F7 /* JSFunction.h */,
2637  E18E3A570DF9278C00D90B34 /* VM.cpp */,
2638  E18E3A560DF9278C00D90B34 /* VM.h */,
26392647 14DE0D680D02431400AACCA2 /* JSGlobalObject.cpp */,
26402648 A8E894330CD0603F00367179 /* JSGlobalObject.h */,
26412649 BC756FC60E2031B200DE7D12 /* JSGlobalObjectFunctions.cpp */,

27742782 5D53726E0E1C54880021E549 /* Tracing.h */,
27752783 0FEB3ECB16237F4700AB67AD /* TypedArrayDescriptor.h */,
27762784 866739D113BFDE710023D87C /* Uint16WithFraction.h */,
 2785 E18E3A570DF9278C00D90B34 /* VM.cpp */,
 2786 E18E3A560DF9278C00D90B34 /* VM.h */,
27772787 14BFCE6810CDB1FC00364CCE /* WeakGCMap.h */,
27782788 1420BE7A10AA6DDB00F455D2 /* WeakRandom.h */,
27792789 A7DCB77912E3D90500911940 /* WriteBarrier.h */,

28172827 86EC9DB31328DF44002B2AD7 /* dfg */ = {
28182828 isa = PBXGroup;
28192829 children = (
 2830 0F4E1A10173AF078007EE2D3 /* DFGDesiredStructureChains.cpp */,
 2831 0F4E1A11173AF078007EE2D3 /* DFGDesiredStructureChains.h */,
28202832 0F62016D143FCD2F0068B77C /* DFGAbstractState.cpp */,
28212833 0F62016E143FCD2F0068B77C /* DFGAbstractState.h */,
28222834 0F55C19317276E4600CEABFD /* DFGAbstractValue.cpp */,

31913203 0F73D7AF165A143000ACAB71 /* ClosureCallStubRoutine.h in Headers */,
31923204 969A07970ED1D3AE00F1F681 /* CodeBlock.h in Headers */,
31933205 0F8F94411667633200D61971 /* CodeBlockHash.h in Headers */,
 3206 0F4E1A0F173AEDDC007EE2D3 /* IntendedStructureChain.h in Headers */,
31943207 0F96EBB316676EF6008BADE3 /* CodeBlockWithJITType.h in Headers */,
31953208 A77F1822164088B200640A47 /* CodeCache.h in Headers */,
31963209 86E116B10FE75AC800B512BC /* CodeLocation.h in Headers */,

32743287 0FC0976A1468A6F700CF2442 /* DFGOSRExit.h in Headers */,
32753288 0FC0977114693AF500CF2442 /* DFGOSRExitCompiler.h in Headers */,
32763289 0FEFC9AB1681A3B600567F53 /* DFGOSRExitJumpPlaceholder.h in Headers */,
 3290 0F4E1A12173AF07B007EE2D3 /* DFGDesiredStructureChains.h in Headers */,
32773291 0FFFC95C14EF90AF00C72532 /* DFGPhase.h in Headers */,
32783292 0FFFC95E14EF90B700C72532 /* DFGPredictionPropagationPhase.h in Headers */,
32793293 86EC9DD11328DF82002B2AD7 /* DFGRegisterBank.h in Headers */,

41844198 1428083A107EC0750013E7B2 /* JSStack.cpp in Sources */,
41854199 147F39D5107EC37600427A48 /* JSString.cpp in Sources */,
41864200 2600B5A6152BAAA70091EE5F /* JSStringJoiner.cpp in Sources */,
 4201 0F4E1A0E173AEDDC007EE2D3 /* IntendedStructureChain.cpp in Sources */,
41874202 1482B74E0A43032800517CFC /* JSStringRef.cpp in Sources */,
41884203 146AAB380B66A94400E55F16 /* JSStringRefCF.cpp in Sources */,
41894204 0F919D0C157EE09F004A4E7D /* JSSymbolTableObject.cpp in Sources */,

42084223 0F4680A814BA7FAB00BFE272 /* LLIntExceptions.cpp in Sources */,
42094224 0F4680A414BA7F8D00BFE272 /* LLIntSlowPaths.cpp in Sources */,
42104225 0F0B839C14BCF46300885B4F /* LLIntThunks.cpp in Sources */,
 4226 0F4E1A13173AF07E007EE2D3 /* DFGDesiredStructureChains.cpp in Sources */,
42114227 14469DDE107EC7E700650446 /* Lookup.cpp in Sources */,
42124228 0F4680CC14BBB17A00BFE272 /* LowLevelInterpreter.cpp in Sources */,
42134229 14B723B212D7DA46003BD5ED /* MachineStackMarker.cpp in Sources */,
149766

Source/JavaScriptCore/bytecode/GetByIdStatus.cpp

@@GetByIdStatus GetByIdStatus::computeFrom
6464#endif
6565}
6666
67 void GetByIdStatus::computeForChain(GetByIdStatus& result, CodeBlock* profiledBlock, StringImpl* uid, Structure* structure)
 67void GetByIdStatus::computeForChain(GetByIdStatus& result, CodeBlock* profiledBlock, StringImpl* uid)
6868{
6969#if ENABLE(JIT) && ENABLE(VALUE_PROFILER)
7070 // Validate the chain. If the chain is invalid, then currently the best thing

@@void GetByIdStatus::computeForChain(GetB
7777 // have now is that if the structure chain has changed between when it was
7878 // cached on in the baseline JIT and when the DFG tried to inline the access,
7979 // then we fall back on a polymorphic access.
80  Structure* currentStructure = structure;
81  JSObject* currentObject = 0;
82  for (unsigned i = 0; i < result.m_chain.size(); ++i) {
83  ASSERT(!currentStructure->isDictionary());
84  currentObject = asObject(currentStructure->prototypeForLookup(profiledBlock));
85  currentStructure = result.m_chain[i];
86  if (currentObject->structure() != currentStructure)
87  return;
88  }
 80 if (!result.m_chain->isStillValid())
 81 return;
8982
90  ASSERT(currentObject);
 83 JSObject* currentObject = result.m_chain->terminalPrototype();
 84 Structure* currentStructure = result.m_chain->last();
 85
 86 ASSERT_UNUSED(currentObject, currentObject);
9187
9288 unsigned attributesIgnored;
9389 JSCell* specificValue;

@@void GetByIdStatus::computeForChain(GetB
9995 if (!isValidOffset(result.m_offset))
10096 return;
10197
102  result.m_structureSet.add(structure);
 98 result.m_structureSet.add(result.m_chain->head());
10399 result.m_specificValue = JSValue(specificValue);
104100#else
105101 UNUSED_PARAM(result);
106102 UNUSED_PARAM(profiledBlock);
107103 UNUSED_PARAM(uid);
108  UNUSED_PARAM(structure);
109104 UNREACHABLE_FOR_PLATFORM();
110105#endif
111106}

@@GetByIdStatus GetByIdStatus::computeFor(
218213 case access_get_by_id_proto: {
219214 if (!stubInfo.u.getByIdProto.isDirect)
220215 return GetByIdStatus(MakesCalls, true);
221  result.m_chain.append(stubInfo.u.getByIdProto.prototypeStructure.get());
222  computeForChain(
223  result, profiledBlock, uid,
224  stubInfo.u.getByIdProto.baseObjectStructure.get());
 216 result.m_chain = adoptRef(new IntendedStructureChain(
 217 profiledBlock,
 218 stubInfo.u.getByIdProto.baseObjectStructure.get(),
 219 stubInfo.u.getByIdProto.prototypeStructure.get()));
 220 computeForChain(result, profiledBlock, uid);
225221 break;
226222 }
227223
228224 case access_get_by_id_chain: {
229225 if (!stubInfo.u.getByIdChain.isDirect)
230226 return GetByIdStatus(MakesCalls, true);
231  for (unsigned i = 0; i < stubInfo.u.getByIdChain.count; ++i)
232  result.m_chain.append(stubInfo.u.getByIdChain.chain->head()[i].get());
233  computeForChain(
234  result, profiledBlock, uid,
235  stubInfo.u.getByIdChain.baseObjectStructure.get());
 227 result.m_chain = adoptRef(new IntendedStructureChain(
 228 profiledBlock,
 229 stubInfo.u.getByIdChain.baseObjectStructure.get(),
 230 stubInfo.u.getByIdChain.chain.get(),
 231 stubInfo.u.getByIdChain.count));
 232 computeForChain(result, profiledBlock, uid);
236233 break;
237234 }
238235
149766

Source/JavaScriptCore/bytecode/GetByIdStatus.h

2626#ifndef GetByIdStatus_h
2727#define GetByIdStatus_h
2828
 29#include "IntendedStructureChain.h"
2930#include "PropertyOffset.h"
3031#include "StructureSet.h"
3132#include <wtf/NotFound.h>

@@public:
5960
6061 GetByIdStatus(
6162 State state, bool wasSeenInJIT, const StructureSet& structureSet = StructureSet(),
62  PropertyOffset offset = invalidOffset, JSValue specificValue = JSValue(), Vector<Structure*> chain = Vector<Structure*>())
 63 PropertyOffset offset = invalidOffset, JSValue specificValue = JSValue(), PassRefPtr<IntendedStructureChain> chain = nullptr)
6364 : m_state(state)
6465 , m_structureSet(structureSet)
6566 , m_chain(chain)

@@public:
8283 bool makesCalls() const { return m_state == MakesCalls; }
8384
8485 const StructureSet& structureSet() const { return m_structureSet; }
85  const Vector<Structure*>& chain() const { return m_chain; } // Returns empty vector if this is a direct access.
 86 IntendedStructureChain* chain() const { return const_cast<IntendedStructureChain*>(m_chain.get()); } // Returns null if this is a direct access.
8687 JSValue specificValue() const { return m_specificValue; } // Returns JSValue() if there is no specific value.
8788 PropertyOffset offset() const { return m_offset; }
8889
8990 bool wasSeenInJIT() const { return m_wasSeenInJIT; }
9091
9192private:
92  static void computeForChain(GetByIdStatus& result, CodeBlock*, StringImpl* uid, Structure*);
 93 static void computeForChain(GetByIdStatus& result, CodeBlock*, StringImpl* uid);
9394 static GetByIdStatus computeFromLLInt(CodeBlock*, unsigned bytecodeIndex, StringImpl* uid);
9495
9596 State m_state;
9697 StructureSet m_structureSet;
97  Vector<Structure*> m_chain;
 98 RefPtr<IntendedStructureChain> m_chain;
9899 JSValue m_specificValue;
99100 PropertyOffset m_offset;
100101 bool m_wasSeenInJIT;
149766

Source/JavaScriptCore/bytecode/PutByIdStatus.cpp

@@PutByIdStatus PutByIdStatus::computeFrom
7272 if (!isValidOffset(offset))
7373 return PutByIdStatus(NoInformation, 0, 0, 0, invalidOffset);
7474
75  return PutByIdStatus(SimpleTransition, structure, newStructure, chain, offset);
 75 return PutByIdStatus(
 76 SimpleTransition, structure, newStructure,
 77 adoptRef(new IntendedStructureChain(profiledBlock, structure, chain)), offset);
7678#else
7779 return PutByIdStatus(NoInformation, 0, 0, 0, invalidOffset);
7880#endif

@@PutByIdStatus PutByIdStatus::computeFor(
125127 SimpleTransition,
126128 stubInfo.u.putByIdTransition.previousStructure.get(),
127129 stubInfo.u.putByIdTransition.structure.get(),
128  stubInfo.u.putByIdTransition.chain.get(),
 130 adoptRef(new IntendedStructureChain(
 131 profiledBlock, stubInfo.u.putByIdTransition.previousStructure.get(),
 132 stubInfo.u.putByIdTransition.chain.get())),
129133 offset);
130134 }
131135 return PutByIdStatus(TakesSlowPath, 0, 0, 0, invalidOffset);

@@PutByIdStatus PutByIdStatus::computeFor(
172176 if (structure->typeInfo().type() == StringType)
173177 return PutByIdStatus(TakesSlowPath);
174178
 179 RefPtr<IntendedStructureChain> chain;
175180 if (!isDirect) {
 181 chain = adoptRef(new IntendedStructureChain(globalObject, structure));
 182
176183 // If the prototype chain has setters or read-only properties, then give up.
177  if (structure->prototypeChainMayInterceptStoreTo(vm, uid))
 184 if (chain->mayInterceptStoreTo(vm, uid))
178185 return PutByIdStatus(TakesSlowPath);
179186
180187 // If the prototype chain hasn't been normalized (i.e. there are proxies or dictionaries)

@@PutByIdStatus PutByIdStatus::computeFor(
184191 // dictionaries if we have evidence to suggest that those objects were never used as
185192 // prototypes in a cacheable prototype access - i.e. there's a good chance that some of
186193 // the other checks below will fail.
187  if (!isPrototypeChainNormalized(globalObject, structure))
 194 if (!chain->isNormalized())
188195 return PutByIdStatus(TakesSlowPath);
189196 }
190197

@@PutByIdStatus PutByIdStatus::computeFor(
207214 ASSERT(!transition->transitionDidInvolveSpecificValue());
208215 ASSERT(isValidOffset(offset));
209216
210  return PutByIdStatus(
211  SimpleTransition, structure, transition,
212  structure->prototypeChain(vm, globalObject), offset);
 217 return PutByIdStatus(SimpleTransition, structure, transition, chain.release(), offset);
213218}
214219
215220} // namespace JSC
149766

Source/JavaScriptCore/bytecode/PutByIdStatus.h

2626#ifndef PutByIdStatus_h
2727#define PutByIdStatus_h
2828
 29#include "IntendedStructureChain.h"
2930#include "PropertyOffset.h"
3031#include <wtf/NotFound.h>
3132#include <wtf/text/StringImpl.h>

@@public:
7677 State state,
7778 Structure* oldStructure,
7879 Structure* newStructure,
79  StructureChain* structureChain,
 80 PassRefPtr<IntendedStructureChain> structureChain,
8081 PropertyOffset offset)
8182 : m_state(state)
8283 , m_oldStructure(oldStructure)

@@public:
103104
104105 Structure* oldStructure() const { return m_oldStructure; }
105106 Structure* newStructure() const { return m_newStructure; }
106  StructureChain* structureChain() const { return m_structureChain; }
 107 IntendedStructureChain* structureChain() const { return m_structureChain.get(); }
107108 PropertyOffset offset() const { return m_offset; }
108109
109110private:

@@private:
112113 State m_state;
113114 Structure* m_oldStructure;
114115 Structure* m_newStructure;
115  StructureChain* m_structureChain;
 116 RefPtr<IntendedStructureChain> m_structureChain;
116117 PropertyOffset m_offset;
117118};
118119
149766

Source/JavaScriptCore/dfg/DFGAbstractState.cpp

@@bool AbstractState::executeEffects(unsig
12771277 // Assert things that we can't handle and that the computeFor() method
12781278 // above won't be able to return.
12791279 ASSERT(status.structureSet().size() == 1);
1280  ASSERT(status.chain().isEmpty());
 1280 ASSERT(!status.chain());
12811281
12821282 if (status.specificValue())
12831283 forNode(node).set(m_graph, status.specificValue());
149766

Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

@@void ByteCodeParser::handleGetById(
17251725
17261726 addToGraph(CheckStructure, OpInfo(m_graph.addStructureSet(getByIdStatus.structureSet())), base);
17271727
1728  if (!getByIdStatus.chain().isEmpty()) {
 1728 if (getByIdStatus.chain()) {
 1729 m_graph.m_chains.addLazily(getByIdStatus.chain());
17291730 Structure* currentStructure = getByIdStatus.structureSet().singletonStructure();
17301731 JSObject* currentObject = 0;
1731  for (unsigned i = 0; i < getByIdStatus.chain().size(); ++i) {
 1732 for (unsigned i = 0; i < getByIdStatus.chain()->size(); ++i) {
17321733 currentObject = asObject(currentStructure->prototypeForLookup(m_inlineStackTop->m_codeBlock));
1733  currentStructure = getByIdStatus.chain()[i];
 1734 currentStructure = getByIdStatus.chain()->at(i);
17341735 base = addStructureTransitionCheck(currentObject, currentStructure);
17351736 }
17361737 }

@@bool ByteCodeParser::parseBlock(unsigned
26082609 storageAccessData.offset = indexRelativeToBase(putByIdStatus.offset());
26092610 storageAccessData.identifierNumber = identifierNumber;
26102611 m_graph.m_storageAccessData.append(storageAccessData);
2611  } else if (!hasExitSite
2612  && putByIdStatus.isSimpleTransition()
2613  && structureChainIsStillValid(
2614  direct,
2615  putByIdStatus.oldStructure(),
2616  putByIdStatus.structureChain())) {
 2612 } else if (
 2613 !hasExitSite
 2614 && putByIdStatus.isSimpleTransition()
 2615 && (!putByIdStatus.structureChain()
 2616 || putByIdStatus.structureChain()->isStillValid())) {
26172617
 2618 m_graph.m_chains.addLazily(putByIdStatus.structureChain());
 2619
26182620 addToGraph(CheckStructure, OpInfo(m_graph.addStructureSet(putByIdStatus.oldStructure())), base);
26192621 if (!direct) {
26202622 if (!putByIdStatus.oldStructure()->storedPrototype().isNull()) {

@@bool ByteCodeParser::parseBlock(unsigned
26222624 putByIdStatus.oldStructure()->storedPrototype().asCell());
26232625 }
26242626
2625  for (WriteBarrier<Structure>* it = putByIdStatus.structureChain()->head(); *it; ++it) {
2626  JSValue prototype = (*it)->storedPrototype();
 2627 for (unsigned i = 0; i < putByIdStatus.structureChain()->size(); ++i) {
 2628 JSValue prototype = putByIdStatus.structureChain()->at(i)->storedPrototype();
26272629 if (prototype.isNull())
26282630 continue;
26292631 ASSERT(prototype.isCell());
149766

Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp

@@private:
163163 }
164164
165165 ASSERT(status.structureSet().size() == 1);
166  ASSERT(status.chain().isEmpty());
 166 ASSERT(!status.chain());
167167 ASSERT(status.structureSet().singletonStructure() == structure);
168168
169169 // Now before we do anything else, push the CFA forward over the GetById

@@private:
259259 structure->storedPrototype().asCell());
260260 }
261261
262  for (WriteBarrier<Structure>* it = status.structureChain()->head(); *it; ++it) {
263  JSValue prototype = (*it)->storedPrototype();
 262 m_graph.m_chains.addLazily(status.structureChain());
 263
 264 for (unsigned i = 0; i < status.structureChain()->size(); ++i) {
 265 JSValue prototype = status.structureChain()->at(i)->storedPrototype();
264266 if (prototype.isNull())
265267 continue;
266268 ASSERT(prototype.isCell());
149766

Source/JavaScriptCore/dfg/DFGDesiredStructureChains.cpp

 1/*
 2 * Copyright (C) 2013 Apple Inc. All rights reserved.
 3 *
 4 * Redistribution and use in source and binary forms, with or without
 5 * modification, are permitted provided that the following conditions
 6 * are met:
 7 * 1. Redistributions of source code must retain the above copyright
 8 * notice, this list of conditions and the following disclaimer.
 9 * 2. Redistributions in binary form must reproduce the above copyright
 10 * notice, this list of conditions and the following disclaimer in the
 11 * documentation and/or other materials provided with the distribution.
 12 *
 13 * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
 14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR
 17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 24 */
 25
 26#include "config.h"
 27#include "DFGDesiredStructureChains.h"
 28
 29#if ENABLE(DFG_JIT)
 30
 31namespace JSC { namespace DFG {
 32
 33DesiredStructureChains::DesiredStructureChains() { }
 34DesiredStructureChains::~DesiredStructureChains() { }
 35
 36bool DesiredStructureChains::areStillValid() const
 37{
 38 for (unsigned i = 0; i < m_vector.size(); ++i) {
 39 if (!m_vector[i]->isStillValid())
 40 return false;
 41 }
 42 return true;
 43}
 44
 45} } // namespace JSC::DFG
 46
 47#endif // ENABLE(DFG_JIT)
 48
0

Source/JavaScriptCore/dfg/DFGDesiredStructureChains.h

 1/*
 2 * Copyright (C) 2013 Apple Inc. All rights reserved.
 3 *
 4 * Redistribution and use in source and binary forms, with or without
 5 * modification, are permitted provided that the following conditions
 6 * are met:
 7 * 1. Redistributions of source code must retain the above copyright
 8 * notice, this list of conditions and the following disclaimer.
 9 * 2. Redistributions in binary form must reproduce the above copyright
 10 * notice, this list of conditions and the following disclaimer in the
 11 * documentation and/or other materials provided with the distribution.
 12 *
 13 * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
 14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR
 17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 24 */
 25
 26#ifndef DFGDesiredStructureChains_h
 27#define DFGDesiredStructureChains_h
 28
 29#include <wtf/Platform.h>
 30
 31#if ENABLE(DFG_JIT)
 32
 33#include "IntendedStructureChain.h"
 34#include <wtf/Vector.h>
 35
 36namespace JSC { namespace DFG {
 37
 38class DesiredStructureChains {
 39public:
 40 DesiredStructureChains();
 41 ~DesiredStructureChains();
 42
 43 void addLazily(PassRefPtr<IntendedStructureChain> chain)
 44 {
 45 m_vector.append(chain);
 46 }
 47
 48 bool areStillValid() const;
 49private:
 50 Vector<RefPtr<IntendedStructureChain> > m_vector;
 51};
 52
 53} } // namespace JSC::DFG
 54
 55#endif // ENABLE(DFG_JIT)
 56
 57#endif // DFGDesiredStructureChains_h
 58
0

Source/JavaScriptCore/dfg/DFGGraph.cpp

@@void Graph::resetExitStates()
430430 }
431431}
432432
 433bool Graph::isStillValid() const
 434{
 435 return m_watchpoints.areStillValid()
 436 && m_chains.areStillValid();
 437}
 438
433439} } // namespace JSC::DFG
434440
435441#endif
149766

Source/JavaScriptCore/dfg/DFGGraph.h

3535#include "DFGAssemblyHelpers.h"
3636#include "DFGBasicBlock.h"
3737#include "DFGDesiredIdentifiers.h"
 38#include "DFGDesiredStructureChains.h"
3839#include "DFGDesiredWatchpoints.h"
3940#include "DFGDominators.h"
4041#include "DFGLongLivedState.h"

@@public:
695696 }
696697 }
697698
 699 bool isStillValid() const;
 700
698701 VM& m_vm;
699702 CodeBlock* m_codeBlock;
700703 RefPtr<Profiler::Compilation> m_compilation;

@@public:
724727 Operands<JSValue> m_mustHandleValues;
725728 DesiredWatchpoints m_watchpoints;
726729 DesiredIdentifiers m_identifiers;
 730 DesiredStructureChains m_chains;
727731
728732 OptimizationFixpointState m_fixpointState;
729733 GraphForm m_form;
149766

Source/JavaScriptCore/dfg/DFGJITCompiler.cpp

@@bool JITCompiler::compile()
275275
276276bool JITCompiler::link(RefPtr<JSC::JITCode>& entry)
277277{
278  if (!m_graph.m_watchpoints.areStillValid())
 278 if (!m_graph.isStillValid())
279279 return false;
280280
281281 LinkBuffer linkBuffer(*m_vm, this, m_codeBlock, JITCompilationCanFail);

@@bool JITCompiler::compileFunction()
372372
373373bool JITCompiler::linkFunction(RefPtr<JSC::JITCode>& entry, MacroAssemblerCodePtr& entryWithArityCheck)
374374{
375  if (!m_graph.m_watchpoints.areStillValid())
 375 if (!m_graph.isStillValid())
376376 return false;
377377
378378 // === Link ===
149766

Source/JavaScriptCore/ftl/FTLLink.cpp

@@static void compileEntry(CCallHelpers& j
4949
5050bool link(State& state, RefPtr<JSC::JITCode>& jitCode, MacroAssemblerCodePtr& jitCodeWithArityCheck)
5151{
52  if (!state.graph.m_watchpoints.areStillValid()) {
 52 if (!state.graph.isStillValid()) {
5353 LLVMDisposeExecutionEngine(state.engine);
5454 return false;
5555 }
149766

Source/JavaScriptCore/runtime/IntendedStructureChain.cpp

 1/*
 2 * Copyright (C) 2013 Apple Inc. All rights reserved.
 3 *
 4 * Redistribution and use in source and binary forms, with or without
 5 * modification, are permitted provided that the following conditions
 6 * are met:
 7 * 1. Redistributions of source code must retain the above copyright
 8 * notice, this list of conditions and the following disclaimer.
 9 * 2. Redistributions in binary form must reproduce the above copyright
 10 * notice, this list of conditions and the following disclaimer in the
 11 * documentation and/or other materials provided with the distribution.
 12 *
 13 * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
 14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR
 17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 24 */
 25
 26#include "config.h"
 27#include "IntendedStructureChain.h"
 28
 29#include "CodeBlock.h"
 30#include "Operations.h"
 31#include "StructureChain.h"
 32
 33namespace JSC {
 34
 35IntendedStructureChain::IntendedStructureChain(JSGlobalObject* globalObject, Structure* head)
 36 : m_globalObject(globalObject)
 37 , m_head(head)
 38{
 39 for (Structure* current = head; current; current = current->storedPrototypeStructure())
 40 m_vector.append(current);
 41}
 42
 43IntendedStructureChain::IntendedStructureChain(CodeBlock* codeBlock, Structure* head, Structure* prototypeStructure)
 44 : m_globalObject(codeBlock->globalObject())
 45 , m_head(head)
 46{
 47 m_vector.append(prototypeStructure);
 48}
 49
 50IntendedStructureChain::IntendedStructureChain(CodeBlock* codeBlock, Structure* head, StructureChain* chain)
 51 : m_globalObject(codeBlock->globalObject())
 52 , m_head(head)
 53{
 54 for (unsigned i = 0; chain->head()[i]; ++i)
 55 m_vector.append(chain->head()[i].get());
 56}
 57
 58IntendedStructureChain::IntendedStructureChain(CodeBlock* codeBlock, Structure* head, StructureChain* chain, unsigned count)
 59 : m_globalObject(codeBlock->globalObject())
 60 , m_head(head)
 61{
 62 for (unsigned i = 0; i < count; ++i)
 63 m_vector.append(chain->head()[i].get());
 64}
 65
 66IntendedStructureChain::~IntendedStructureChain()
 67{
 68}
 69
 70bool IntendedStructureChain::isStillValid() const
 71{
 72 JSValue currentPrototype = m_head->prototypeForLookup(m_globalObject);
 73 for (unsigned i = 0; i < m_vector.size(); ++i) {
 74 if (asObject(currentPrototype)->structure() != m_vector[i])
 75 return false;
 76 currentPrototype = m_vector[i]->storedPrototype();
 77 }
 78 return true;
 79}
 80
 81bool IntendedStructureChain::matches(StructureChain* chain) const
 82{
 83 for (unsigned i = 0; i < m_vector.size(); ++i) {
 84 if (m_vector[i] != chain->head()[i].get())
 85 return false;
 86 }
 87 if (chain->head()[m_vector.size()])
 88 return false;
 89 return true;
 90}
 91
 92StructureChain* IntendedStructureChain::chain(VM& vm) const
 93{
 94 ASSERT(isStillValid());
 95 StructureChain* result = StructureChain::create(vm, m_head);
 96 ASSERT(matches(result));
 97 return result;
 98}
 99
 100bool IntendedStructureChain::mayInterceptStoreTo(VM& vm, StringImpl* uid)
 101{
 102 for (unsigned i = 0; i < m_vector.size(); ++i) {
 103 unsigned attributes;
 104 JSCell* specificValue;
 105 PropertyOffset offset = m_vector[i]->getConcurrently(vm, uid, attributes, specificValue);
 106 if (!isValidOffset(offset))
 107 continue;
 108 if (attributes & (ReadOnly | Accessor))
 109 return true;
 110 return false;
 111 }
 112 return false;
 113}
 114
 115bool IntendedStructureChain::isNormalized()
 116{
 117 if (m_head->typeInfo().type() == ProxyType)
 118 return false;
 119 for (unsigned i = 0; i < m_vector.size(); ++i) {
 120 Structure* structure = m_vector[i];
 121 if (structure->typeInfo().type() == ProxyType)
 122 return false;
 123 if (structure->isDictionary())
 124 return false;
 125 }
 126 return true;
 127}
 128
 129JSObject* IntendedStructureChain::terminalPrototype() const
 130{
 131 ASSERT(!m_vector.isEmpty());
 132 if (m_vector.size() == 1)
 133 return asObject(m_head->prototypeForLookup(m_globalObject));
 134 return asObject(m_vector[m_vector.size() - 2]->storedPrototype());
 135}
 136
 137} // namespace JSC
 138
0

Source/JavaScriptCore/runtime/IntendedStructureChain.h

 1/*
 2 * Copyright (C) 2013 Apple Inc. All rights reserved.
 3 *
 4 * Redistribution and use in source and binary forms, with or without
 5 * modification, are permitted provided that the following conditions
 6 * are met:
 7 * 1. Redistributions of source code must retain the above copyright
 8 * notice, this list of conditions and the following disclaimer.
 9 * 2. Redistributions in binary form must reproduce the above copyright
 10 * notice, this list of conditions and the following disclaimer in the
 11 * documentation and/or other materials provided with the distribution.
 12 *
 13 * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
 14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR
 17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 24 */
 25
 26#ifndef IntendedStructureChain_h
 27#define IntendedStructureChain_h
 28
 29#include "Structure.h"
 30#include <wtf/RefCounted.h>
 31
 32namespace JSC {
 33
 34class CodeBlock;
 35class JSGlobalObject;
 36class StructureChain;
 37class VM;
 38
 39class IntendedStructureChain : public RefCounted<IntendedStructureChain> {
 40public:
 41 IntendedStructureChain(JSGlobalObject* globalObject, Structure* head);
 42 IntendedStructureChain(CodeBlock* codeBlock, Structure* head, Structure* prototypeStructure);
 43 IntendedStructureChain(CodeBlock* codeBlock, Structure* head, StructureChain* chain);
 44 IntendedStructureChain(CodeBlock* codeBlock, Structure* head, StructureChain* chain, unsigned count);
 45 ~IntendedStructureChain();
 46
 47 bool isStillValid() const;
 48 bool matches(StructureChain*) const;
 49 StructureChain* chain(VM&) const;
 50 bool mayInterceptStoreTo(VM&, StringImpl* uid);
 51 bool isNormalized();
 52
 53 Structure* head() const { return m_head; }
 54
 55 size_t size() const { return m_vector.size(); }
 56 Structure* at(size_t index) { return m_vector[index]; }
 57 Structure* operator[](size_t index) { return at(index); }
 58
 59 JSObject* terminalPrototype() const;
 60
 61 Structure* last() const { return m_vector.last(); }
 62private:
 63 JSGlobalObject* m_globalObject;
 64 Structure* m_head;
 65 Vector<Structure*> m_vector;
 66};
 67
 68} // namespace JSC
 69
 70#endif // IntendedStructureChain_h
0

Source/JavaScriptCore/runtime/Structure.cpp

@@void Structure::visitChildren(JSCell* ce
970970 thisObject->m_propertyTableUnsafe.clear();
971971}
972972
973 bool Structure::prototypeChainMayInterceptStoreTo(VM& vm, StringImpl* uid)
 973bool Structure::prototypeChainMayInterceptStoreTo(VM& vm, PropertyName propertyName)
974974{
975  // Note, this method is called from two kinds of places: (1) assertions and (2)
976  // the compilation thread. As such, it does things somewhat carefully to ensure
977  // thread safety. Currently that only affects the way we do Structure::get().
978 
979  unsigned i = toUInt32FromStringImpl(uid);
 975 unsigned i = propertyName.asIndex();
980976 if (i != PropertyName::NotAnIndex)
981977 return anyObjectInChainMayInterceptIndexedAccesses();
982978

@@bool Structure::prototypeChainMayInterce
989985
990986 unsigned attributes;
991987 JSCell* specificValue;
992  PropertyOffset offset = current->getConcurrently(vm, uid, attributes, specificValue);
 988 PropertyOffset offset = current->get(vm, propertyName, attributes, specificValue);
993989 if (!JSC::isValidOffset(offset))
994990 continue;
995991

@@bool Structure::prototypeChainMayInterce
1000996 }
1001997}
1002998
1003 bool Structure::prototypeChainMayInterceptStoreTo(VM& vm, PropertyName propertyName)
1004 {
1005  return prototypeChainMayInterceptStoreTo(vm, propertyName.uid());
1006 }
1007 
1008999#if DO_PROPERTYMAP_CONSTENCY_CHECK
10091000
10101001void PropertyTable::checkConsistency()
149766

Source/JavaScriptCore/runtime/Structure.h

@@public:
154154 void setGlobalObject(VM& vm, JSGlobalObject* globalObject) { m_globalObject.set(vm, this, globalObject); }
155155
156156 JSValue storedPrototype() const { return m_prototype.get(); }
 157 JSObject* storedPrototypeObject() const;
 158 Structure* storedPrototypeStructure() const;
157159 JSValue prototypeForLookup(ExecState*) const;
158160 JSValue prototypeForLookup(JSGlobalObject*) const;
159161 JSValue prototypeForLookup(CodeBlock*) const;

@@public:
162164 static void visitChildren(JSCell*, SlotVisitor&);
163165
164166 // Will just the prototype chain intercept this property access?
165  bool prototypeChainMayInterceptStoreTo(VM&, StringImpl* uid);
166167 bool prototypeChainMayInterceptStoreTo(VM&, PropertyName);
167168
168169 bool transitionDidInvolveSpecificValue() const { return !!m_specificValueInPrevious; }
149766

Source/JavaScriptCore/runtime/StructureInlines.h

@@inline Structure* Structure::create(VM&
5656 return newStructure;
5757}
5858
 59inline JSObject* Structure::storedPrototypeObject() const
 60{
 61 JSValue value = m_prototype.get();
 62 if (value.isNull())
 63 return 0;
 64 return asObject(value);
 65}
 66
 67inline Structure* Structure::storedPrototypeStructure() const
 68{
 69 JSObject* object = storedPrototypeObject();
 70 if (!object)
 71 return 0;
 72 return object->structure();
 73}
 74
5975inline PropertyOffset Structure::get(VM& vm, PropertyName propertyName)
6076{
6177 ASSERT(!isCompilationThread());
149766