Unreviewed, rolling out r162713.
[WebKit-https.git] / Source / JavaScriptCore / runtime / Structure.cpp
1 /*
2  * Copyright (C) 2008, 2009, 2013 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #include "config.h"
27 #include "Structure.h"
28
29 #include "CodeBlock.h"
30 #include "DumpContext.h"
31 #include "JSObject.h"
32 #include "JSPropertyNameIterator.h"
33 #include "Lookup.h"
34 #include "PropertyNameArray.h"
35 #include "StructureChain.h"
36 #include "StructureRareDataInlines.h"
37 #include <wtf/CommaPrinter.h>
38 #include <wtf/RefCountedLeakCounter.h>
39 #include <wtf/RefPtr.h>
40 #include <wtf/Threading.h>
41
42 #define DUMP_STRUCTURE_ID_STATISTICS 0
43
44 #ifndef NDEBUG
45 #define DO_PROPERTYMAP_CONSTENCY_CHECK 0
46 #else
47 #define DO_PROPERTYMAP_CONSTENCY_CHECK 0
48 #endif
49
50 using namespace std;
51 using namespace WTF;
52
53 #if DUMP_PROPERTYMAP_STATS
54
55 int numProbes;
56 int numCollisions;
57 int numRehashes;
58 int numRemoves;
59
60 #endif
61
62 namespace JSC {
63
64 #if DUMP_STRUCTURE_ID_STATISTICS
65 static HashSet<Structure*>& liveStructureSet = *(new HashSet<Structure*>);
66 #endif
67
68 bool StructureTransitionTable::contains(StringImpl* rep, unsigned attributes) const
69 {
70     if (isUsingSingleSlot()) {
71         Structure* transition = singleTransition();
72         return transition && transition->m_nameInPrevious == rep && transition->m_attributesInPrevious == attributes;
73     }
74     return map()->get(std::make_pair(rep, attributes));
75 }
76
77 inline Structure* StructureTransitionTable::get(StringImpl* rep, unsigned attributes) const
78 {
79     if (isUsingSingleSlot()) {
80         Structure* transition = singleTransition();
81         return (transition && transition->m_nameInPrevious == rep && transition->m_attributesInPrevious == attributes) ? transition : 0;
82     }
83     return map()->get(std::make_pair(rep, attributes));
84 }
85
86 inline void StructureTransitionTable::add(VM& vm, Structure* structure)
87 {
88     if (isUsingSingleSlot()) {
89         Structure* existingTransition = singleTransition();
90
91         // This handles the first transition being added.
92         if (!existingTransition) {
93             setSingleTransition(vm, structure);
94             return;
95         }
96
97         // This handles the second transition being added
98         // (or the first transition being despecified!)
99         setMap(new TransitionMap());
100         add(vm, existingTransition);
101     }
102
103     // Add the structure to the map.
104
105     // Newer versions of the STL have an std::make_pair function that takes rvalue references.
106     // When either of the parameters are bitfields, the C++ compiler will try to bind them as lvalues, which is invalid. To work around this, use unary "+" to make the parameter an rvalue.
107     // See https://bugs.webkit.org/show_bug.cgi?id=59261 for more details
108     map()->set(std::make_pair(structure->m_nameInPrevious.get(), +structure->m_attributesInPrevious), structure);
109 }
110
111 void Structure::dumpStatistics()
112 {
113 #if DUMP_STRUCTURE_ID_STATISTICS
114     unsigned numberLeaf = 0;
115     unsigned numberUsingSingleSlot = 0;
116     unsigned numberSingletons = 0;
117     unsigned numberWithPropertyMaps = 0;
118     unsigned totalPropertyMapsSize = 0;
119
120     HashSet<Structure*>::const_iterator end = liveStructureSet.end();
121     for (HashSet<Structure*>::const_iterator it = liveStructureSet.begin(); it != end; ++it) {
122         Structure* structure = *it;
123
124         switch (structure->m_transitionTable.size()) {
125             case 0:
126                 ++numberLeaf;
127                 if (!structure->previousID())
128                     ++numberSingletons;
129                 break;
130
131             case 1:
132                 ++numberUsingSingleSlot;
133                 break;
134         }
135
136         if (structure->propertyTable()) {
137             ++numberWithPropertyMaps;
138             totalPropertyMapsSize += structure->propertyTable()->sizeInMemory();
139         }
140     }
141
142     dataLogF("Number of live Structures: %d\n", liveStructureSet.size());
143     dataLogF("Number of Structures using the single item optimization for transition map: %d\n", numberUsingSingleSlot);
144     dataLogF("Number of Structures that are leaf nodes: %d\n", numberLeaf);
145     dataLogF("Number of Structures that singletons: %d\n", numberSingletons);
146     dataLogF("Number of Structures with PropertyMaps: %d\n", numberWithPropertyMaps);
147
148     dataLogF("Size of a single Structures: %d\n", static_cast<unsigned>(sizeof(Structure)));
149     dataLogF("Size of sum of all property maps: %d\n", totalPropertyMapsSize);
150     dataLogF("Size of average of all property maps: %f\n", static_cast<double>(totalPropertyMapsSize) / static_cast<double>(liveStructureSet.size()));
151 #else
152     dataLogF("Dumping Structure statistics is not enabled.\n");
153 #endif
154 }
155
156 Structure::Structure(VM& vm, JSGlobalObject* globalObject, JSValue prototype, const TypeInfo& typeInfo, const ClassInfo* classInfo, IndexingType indexingType, unsigned inlineCapacity)
157     : JSCell(vm, vm.structureStructure.get())
158     , m_globalObject(vm, this, globalObject, WriteBarrier<JSGlobalObject>::MayBeNull)
159     , m_prototype(vm, this, prototype)
160     , m_classInfo(classInfo)
161     , m_transitionWatchpointSet(IsWatched)
162     , m_offset(invalidOffset)
163     , m_typeInfo(typeInfo)
164     , m_indexingType(indexingType)
165     , m_inlineCapacity(inlineCapacity)
166     , m_dictionaryKind(NoneDictionaryKind)
167     , m_isPinnedPropertyTable(false)
168     , m_hasGetterSetterProperties(false)
169     , m_hasReadOnlyOrGetterSetterPropertiesExcludingProto(false)
170     , m_hasNonEnumerableProperties(false)
171     , m_attributesInPrevious(0)
172     , m_specificFunctionThrashCount(0)
173     , m_preventExtensions(false)
174     , m_didTransition(false)
175     , m_staticFunctionReified(false)
176 {
177     ASSERT(inlineCapacity <= JSFinalObject::maxInlineCapacity());
178     ASSERT(static_cast<PropertyOffset>(inlineCapacity) < firstOutOfLineOffset);
179     ASSERT(!typeInfo.structureHasRareData());
180 }
181
182 const ClassInfo Structure::s_info = { "Structure", 0, 0, 0, CREATE_METHOD_TABLE(Structure) };
183
184 Structure::Structure(VM& vm)
185     : JSCell(CreatingEarlyCell)
186     , m_prototype(vm, this, jsNull())
187     , m_classInfo(info())
188     , m_transitionWatchpointSet(IsWatched)
189     , m_offset(invalidOffset)
190     , m_typeInfo(CompoundType, OverridesVisitChildren)
191     , m_indexingType(0)
192     , m_inlineCapacity(0)
193     , m_dictionaryKind(NoneDictionaryKind)
194     , m_isPinnedPropertyTable(false)
195     , m_hasGetterSetterProperties(false)
196     , m_hasReadOnlyOrGetterSetterPropertiesExcludingProto(false)
197     , m_hasNonEnumerableProperties(false)
198     , m_attributesInPrevious(0)
199     , m_specificFunctionThrashCount(0)
200     , m_preventExtensions(false)
201     , m_didTransition(false)
202     , m_staticFunctionReified(false)
203 {
204 }
205
206 Structure::Structure(VM& vm, const Structure* previous)
207     : JSCell(vm, vm.structureStructure.get())
208     , m_prototype(vm, this, previous->storedPrototype())
209     , m_classInfo(previous->m_classInfo)
210     , m_transitionWatchpointSet(IsWatched)
211     , m_offset(invalidOffset)
212     , m_typeInfo(previous->typeInfo().type(), previous->typeInfo().flags() & ~StructureHasRareData)
213     , m_indexingType(previous->indexingTypeIncludingHistory())
214     , m_inlineCapacity(previous->m_inlineCapacity)
215     , m_dictionaryKind(previous->m_dictionaryKind)
216     , m_isPinnedPropertyTable(false)
217     , m_hasGetterSetterProperties(previous->m_hasGetterSetterProperties)
218     , m_hasReadOnlyOrGetterSetterPropertiesExcludingProto(previous->m_hasReadOnlyOrGetterSetterPropertiesExcludingProto)
219     , m_hasNonEnumerableProperties(previous->m_hasNonEnumerableProperties)
220     , m_attributesInPrevious(0)
221     , m_specificFunctionThrashCount(previous->m_specificFunctionThrashCount)
222     , m_preventExtensions(previous->m_preventExtensions)
223     , m_didTransition(true)
224     , m_staticFunctionReified(previous->m_staticFunctionReified)
225 {
226     if (previous->typeInfo().structureHasRareData() && previous->rareData()->needsCloning())
227         cloneRareDataFrom(vm, previous);
228     else if (previous->previousID())
229         m_previousOrRareData.set(vm, this, previous->previousID());
230
231     previous->notifyTransitionFromThisStructure();
232     if (previous->m_globalObject)
233         m_globalObject.set(vm, this, previous->m_globalObject.get());
234 }
235
236 void Structure::destroy(JSCell* cell)
237 {
238     static_cast<Structure*>(cell)->Structure::~Structure();
239 }
240
241 void Structure::findStructuresAndMapForMaterialization(Vector<Structure*, 8>& structures, Structure*& structure, PropertyTable*& table)
242 {
243     ASSERT(structures.isEmpty());
244     table = 0;
245
246     for (structure = this; structure; structure = structure->previousID()) {
247         structure->m_lock.lock();
248         
249         table = structure->propertyTable().get();
250         if (table) {
251             // Leave the structure locked, so that the caller can do things to it atomically
252             // before it loses its property table.
253             return;
254         }
255         
256         structures.append(structure);
257         structure->m_lock.unlock();
258     }
259     
260     ASSERT(!structure);
261     ASSERT(!table);
262 }
263
264 void Structure::materializePropertyMap(VM& vm)
265 {
266     ASSERT(structure()->classInfo() == info());
267     ASSERT(!propertyTable());
268
269     Vector<Structure*, 8> structures;
270     Structure* structure;
271     PropertyTable* table;
272     
273     findStructuresAndMapForMaterialization(structures, structure, table);
274     
275     if (table) {
276         table = table->copy(vm, structure, numberOfSlotsForLastOffset(m_offset, m_inlineCapacity));
277         structure->m_lock.unlock();
278     }
279     
280     // Must hold the lock on this structure, since we will be modifying this structure's
281     // property map. We don't want getConcurrently() to see the property map in a half-baked
282     // state.
283     GCSafeConcurrentJITLocker locker(m_lock, vm.heap);
284     if (!table)
285         createPropertyMap(locker, vm, numberOfSlotsForLastOffset(m_offset, m_inlineCapacity));
286     else
287         propertyTable().set(vm, this, table);
288
289     for (size_t i = structures.size(); i--;) {
290         structure = structures[i];
291         if (!structure->m_nameInPrevious)
292             continue;
293         PropertyMapEntry entry(vm, this, structure->m_nameInPrevious.get(), structure->m_offset, structure->m_attributesInPrevious, structure->m_specificValueInPrevious.get());
294         propertyTable()->add(entry, m_offset, PropertyTable::PropertyOffsetMustNotChange);
295     }
296     
297     checkOffsetConsistency();
298 }
299
300 inline size_t nextOutOfLineStorageCapacity(size_t currentCapacity)
301 {
302     if (!currentCapacity)
303         return initialOutOfLineCapacity;
304     return currentCapacity * outOfLineGrowthFactor;
305 }
306
307 size_t Structure::suggestedNewOutOfLineStorageCapacity()
308 {
309     return nextOutOfLineStorageCapacity(outOfLineCapacity());
310 }
311  
312 void Structure::despecifyDictionaryFunction(VM& vm, PropertyName propertyName)
313 {
314     StringImpl* rep = propertyName.uid();
315
316     DeferGC deferGC(vm.heap);
317     materializePropertyMapIfNecessary(vm, deferGC);
318
319     ASSERT(isDictionary());
320     ASSERT(propertyTable());
321
322     PropertyMapEntry* entry = propertyTable()->find(rep).first;
323     ASSERT(entry);
324     entry->specificValue.clear();
325 }
326
327 Structure* Structure::addPropertyTransitionToExistingStructureImpl(Structure* structure, StringImpl* uid, unsigned attributes, JSCell* specificValue, PropertyOffset& offset)
328 {
329     ASSERT(!structure->isDictionary());
330     ASSERT(structure->isObject());
331
332     if (Structure* existingTransition = structure->m_transitionTable.get(uid, attributes)) {
333         JSCell* specificValueInPrevious = existingTransition->m_specificValueInPrevious.get();
334         if (specificValueInPrevious && specificValueInPrevious != specificValue)
335             return 0;
336         validateOffset(existingTransition->m_offset, existingTransition->inlineCapacity());
337         offset = existingTransition->m_offset;
338         return existingTransition;
339     }
340
341     return 0;
342 }
343
344 Structure* Structure::addPropertyTransitionToExistingStructure(Structure* structure, PropertyName propertyName, unsigned attributes, JSCell* specificValue, PropertyOffset& offset)
345 {
346     ASSERT(!isCompilationThread());
347     return addPropertyTransitionToExistingStructureImpl(structure, propertyName.uid(), attributes, specificValue, offset);
348 }
349
350 Structure* Structure::addPropertyTransitionToExistingStructureConcurrently(Structure* structure, StringImpl* uid, unsigned attributes, JSCell* specificValue, PropertyOffset& offset)
351 {
352     ConcurrentJITLocker locker(structure->m_lock);
353     return addPropertyTransitionToExistingStructureImpl(structure, uid, attributes, specificValue, offset);
354 }
355
356 bool Structure::anyObjectInChainMayInterceptIndexedAccesses() const
357 {
358     for (const Structure* current = this; ;) {
359         if (current->mayInterceptIndexedAccesses())
360             return true;
361         
362         JSValue prototype = current->storedPrototype();
363         if (prototype.isNull())
364             return false;
365         
366         current = asObject(prototype)->structure();
367     }
368 }
369
370 bool Structure::needsSlowPutIndexing() const
371 {
372     return anyObjectInChainMayInterceptIndexedAccesses()
373         || globalObject()->isHavingABadTime();
374 }
375
376 NonPropertyTransition Structure::suggestedArrayStorageTransition() const
377 {
378     if (needsSlowPutIndexing())
379         return AllocateSlowPutArrayStorage;
380     
381     return AllocateArrayStorage;
382 }
383
384 Structure* Structure::addPropertyTransition(VM& vm, Structure* structure, PropertyName propertyName, unsigned attributes, JSCell* specificValue, PropertyOffset& offset, PutPropertySlot::Context context)
385 {
386     // If we have a specific function, we may have got to this point if there is
387     // already a transition with the correct property name and attributes, but
388     // specialized to a different function.  In this case we just want to give up
389     // and despecialize the transition.
390     // In this case we clear the value of specificFunction which will result
391     // in us adding a non-specific transition, and any subsequent lookup in
392     // Structure::addPropertyTransitionToExistingStructure will just use that.
393     if (specificValue && structure->m_transitionTable.contains(propertyName.uid(), attributes))
394         specificValue = 0;
395
396     ASSERT(!structure->isDictionary());
397     ASSERT(structure->isObject());
398     ASSERT(!Structure::addPropertyTransitionToExistingStructure(structure, propertyName, attributes, specificValue, offset));
399     
400     if (structure->m_specificFunctionThrashCount == maxSpecificFunctionThrashCount)
401         specificValue = 0;
402
403     int maxTransitionLength;
404     if (context == PutPropertySlot::PutById)
405         maxTransitionLength = s_maxTransitionLengthForNonEvalPutById;
406     else
407         maxTransitionLength = s_maxTransitionLength;
408     if (structure->transitionCount() > maxTransitionLength) {
409         Structure* transition = toCacheableDictionaryTransition(vm, structure);
410         ASSERT(structure != transition);
411         offset = transition->putSpecificValue(vm, propertyName, attributes, specificValue);
412         return transition;
413     }
414     
415     Structure* transition = create(vm, structure);
416
417     transition->m_cachedPrototypeChain.setMayBeNull(vm, transition, structure->m_cachedPrototypeChain.get());
418     transition->setPreviousID(vm, transition, structure);
419     transition->m_nameInPrevious = propertyName.uid();
420     transition->m_attributesInPrevious = attributes;
421     transition->m_specificValueInPrevious.setMayBeNull(vm, transition, specificValue);
422     transition->propertyTable().set(vm, transition, structure->takePropertyTableOrCloneIfPinned(vm, transition));
423     transition->m_offset = structure->m_offset;
424
425     offset = transition->putSpecificValue(vm, propertyName, attributes, specificValue);
426
427     checkOffset(transition->m_offset, transition->inlineCapacity());
428     {
429         ConcurrentJITLocker locker(structure->m_lock);
430         structure->m_transitionTable.add(vm, transition);
431     }
432     transition->checkOffsetConsistency();
433     structure->checkOffsetConsistency();
434     return transition;
435 }
436
437 Structure* Structure::removePropertyTransition(VM& vm, Structure* structure, PropertyName propertyName, PropertyOffset& offset)
438 {
439     ASSERT(!structure->isUncacheableDictionary());
440
441     Structure* transition = toUncacheableDictionaryTransition(vm, structure);
442
443     offset = transition->remove(propertyName);
444
445     transition->checkOffsetConsistency();
446     return transition;
447 }
448
449 Structure* Structure::changePrototypeTransition(VM& vm, Structure* structure, JSValue prototype)
450 {
451     Structure* transition = create(vm, structure);
452
453     transition->m_prototype.set(vm, transition, prototype);
454
455     DeferGC deferGC(vm.heap);
456     structure->materializePropertyMapIfNecessary(vm, deferGC);
457     transition->propertyTable().set(vm, transition, structure->copyPropertyTableForPinning(vm, transition));
458     transition->m_offset = structure->m_offset;
459     transition->pin();
460
461     transition->checkOffsetConsistency();
462     return transition;
463 }
464
465 Structure* Structure::despecifyFunctionTransition(VM& vm, Structure* structure, PropertyName replaceFunction)
466 {
467     ASSERT(structure->m_specificFunctionThrashCount < maxSpecificFunctionThrashCount);
468     Structure* transition = create(vm, structure);
469
470     ++transition->m_specificFunctionThrashCount;
471
472     DeferGC deferGC(vm.heap);
473     structure->materializePropertyMapIfNecessary(vm, deferGC);
474     transition->propertyTable().set(vm, transition, structure->copyPropertyTableForPinning(vm, transition));
475     transition->m_offset = structure->m_offset;
476     transition->pin();
477
478     if (transition->m_specificFunctionThrashCount == maxSpecificFunctionThrashCount)
479         transition->despecifyAllFunctions(vm);
480     else {
481         bool removed = transition->despecifyFunction(vm, replaceFunction);
482         ASSERT_UNUSED(removed, removed);
483     }
484
485     transition->checkOffsetConsistency();
486     return transition;
487 }
488
489 Structure* Structure::attributeChangeTransition(VM& vm, Structure* structure, PropertyName propertyName, unsigned attributes)
490 {
491     DeferGC deferGC(vm.heap);
492     if (!structure->isUncacheableDictionary()) {
493         Structure* transition = create(vm, structure);
494
495         structure->materializePropertyMapIfNecessary(vm, deferGC);
496         transition->propertyTable().set(vm, transition, structure->copyPropertyTableForPinning(vm, transition));
497         transition->m_offset = structure->m_offset;
498         transition->pin();
499         
500         structure = transition;
501     }
502
503     ASSERT(structure->propertyTable());
504     PropertyMapEntry* entry = structure->propertyTable()->find(propertyName.uid()).first;
505     ASSERT(entry);
506     entry->attributes = attributes;
507
508     structure->checkOffsetConsistency();
509     return structure;
510 }
511
512 Structure* Structure::toDictionaryTransition(VM& vm, Structure* structure, DictionaryKind kind)
513 {
514     ASSERT(!structure->isUncacheableDictionary());
515     
516     Structure* transition = create(vm, structure);
517
518     DeferGC deferGC(vm.heap);
519     structure->materializePropertyMapIfNecessary(vm, deferGC);
520     transition->propertyTable().set(vm, transition, structure->copyPropertyTableForPinning(vm, transition));
521     transition->m_offset = structure->m_offset;
522     transition->m_dictionaryKind = kind;
523     transition->pin();
524
525     transition->checkOffsetConsistency();
526     return transition;
527 }
528
529 Structure* Structure::toCacheableDictionaryTransition(VM& vm, Structure* structure)
530 {
531     return toDictionaryTransition(vm, structure, CachedDictionaryKind);
532 }
533
534 Structure* Structure::toUncacheableDictionaryTransition(VM& vm, Structure* structure)
535 {
536     return toDictionaryTransition(vm, structure, UncachedDictionaryKind);
537 }
538
539 // In future we may want to cache this transition.
540 Structure* Structure::sealTransition(VM& vm, Structure* structure)
541 {
542     Structure* transition = preventExtensionsTransition(vm, structure);
543
544     if (transition->propertyTable()) {
545         PropertyTable::iterator end = transition->propertyTable()->end();
546         for (PropertyTable::iterator iter = transition->propertyTable()->begin(); iter != end; ++iter)
547             iter->attributes |= DontDelete;
548     }
549
550     transition->checkOffsetConsistency();
551     return transition;
552 }
553
554 // In future we may want to cache this transition.
555 Structure* Structure::freezeTransition(VM& vm, Structure* structure)
556 {
557     Structure* transition = preventExtensionsTransition(vm, structure);
558
559     if (transition->propertyTable()) {
560         PropertyTable::iterator iter = transition->propertyTable()->begin();
561         PropertyTable::iterator end = transition->propertyTable()->end();
562         if (iter != end)
563             transition->m_hasReadOnlyOrGetterSetterPropertiesExcludingProto = true;
564         for (; iter != end; ++iter)
565             iter->attributes |= iter->attributes & Accessor ? DontDelete : (DontDelete | ReadOnly);
566     }
567
568     transition->checkOffsetConsistency();
569     return transition;
570 }
571
572 // In future we may want to cache this transition.
573 Structure* Structure::preventExtensionsTransition(VM& vm, Structure* structure)
574 {
575     Structure* transition = create(vm, structure);
576
577     // Don't set m_offset, as one can not transition to this.
578
579     DeferGC deferGC(vm.heap);
580     structure->materializePropertyMapIfNecessary(vm, deferGC);
581     transition->propertyTable().set(vm, transition, structure->copyPropertyTableForPinning(vm, transition));
582     transition->m_offset = structure->m_offset;
583     transition->m_preventExtensions = true;
584     transition->pin();
585
586     transition->checkOffsetConsistency();
587     return transition;
588 }
589
590 PropertyTable* Structure::takePropertyTableOrCloneIfPinned(VM& vm, Structure* owner)
591 {
592     DeferGC deferGC(vm.heap);
593     materializePropertyMapIfNecessaryForPinning(vm, deferGC);
594     
595     if (m_isPinnedPropertyTable)
596         return propertyTable()->copy(vm, owner, propertyTable()->size() + 1);
597     
598     // Hold the lock while stealing the table - so that getConcurrently() on another thread
599     // will either have to bypass this structure, or will get to use the property table
600     // before it is stolen.
601     ConcurrentJITLocker locker(m_lock);
602     PropertyTable* takenPropertyTable = propertyTable().get();
603     propertyTable().clear();
604     return takenPropertyTable;
605 }
606
607 Structure* Structure::nonPropertyTransition(VM& vm, Structure* structure, NonPropertyTransition transitionKind)
608 {
609     unsigned attributes = toAttributes(transitionKind);
610     IndexingType indexingType = newIndexingType(structure->indexingTypeIncludingHistory(), transitionKind);
611     
612     if (JSGlobalObject* globalObject = structure->m_globalObject.get()) {
613         if (globalObject->isOriginalArrayStructure(structure)) {
614             Structure* result = globalObject->originalArrayStructureForIndexingType(indexingType);
615             if (result->indexingTypeIncludingHistory() == indexingType) {
616                 structure->notifyTransitionFromThisStructure();
617                 return result;
618             }
619         }
620     }
621     
622     if (Structure* existingTransition = structure->m_transitionTable.get(0, attributes)) {
623         ASSERT(existingTransition->m_attributesInPrevious == attributes);
624         ASSERT(existingTransition->indexingTypeIncludingHistory() == indexingType);
625         return existingTransition;
626     }
627     
628     Structure* transition = create(vm, structure);
629     transition->setPreviousID(vm, transition, structure);
630     transition->m_attributesInPrevious = attributes;
631     transition->m_indexingType = indexingType;
632     transition->propertyTable().set(vm, transition, structure->takePropertyTableOrCloneIfPinned(vm, transition));
633     transition->m_offset = structure->m_offset;
634     checkOffset(transition->m_offset, transition->inlineCapacity());
635     
636     {
637         ConcurrentJITLocker locker(structure->m_lock);
638         structure->m_transitionTable.add(vm, transition);
639     }
640     transition->checkOffsetConsistency();
641     return transition;
642 }
643
644 // In future we may want to cache this property.
645 bool Structure::isSealed(VM& vm)
646 {
647     if (isExtensible())
648         return false;
649
650     DeferGC deferGC(vm.heap);
651     materializePropertyMapIfNecessary(vm, deferGC);
652     if (!propertyTable())
653         return true;
654
655     PropertyTable::iterator end = propertyTable()->end();
656     for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter) {
657         if ((iter->attributes & DontDelete) != DontDelete)
658             return false;
659     }
660     return true;
661 }
662
663 // In future we may want to cache this property.
664 bool Structure::isFrozen(VM& vm)
665 {
666     if (isExtensible())
667         return false;
668
669     DeferGC deferGC(vm.heap);
670     materializePropertyMapIfNecessary(vm, deferGC);
671     if (!propertyTable())
672         return true;
673
674     PropertyTable::iterator end = propertyTable()->end();
675     for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter) {
676         if (!(iter->attributes & DontDelete))
677             return false;
678         if (!(iter->attributes & (ReadOnly | Accessor)))
679             return false;
680     }
681     return true;
682 }
683
684 Structure* Structure::flattenDictionaryStructure(VM& vm, JSObject* object)
685 {
686     checkOffsetConsistency();
687     ASSERT(isDictionary());
688     if (isUncacheableDictionary()) {
689         ASSERT(propertyTable());
690
691         size_t propertyCount = propertyTable()->size();
692
693         // Holds our values compacted by insertion order.
694         Vector<JSValue> values(propertyCount);
695
696         // Copies out our values from their hashed locations, compacting property table offsets as we go.
697         unsigned i = 0;
698         PropertyTable::iterator end = propertyTable()->end();
699         m_offset = invalidOffset;
700         for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter, ++i) {
701             values[i] = object->getDirect(iter->offset);
702             m_offset = iter->offset = offsetForPropertyNumber(i, m_inlineCapacity);
703         }
704         
705         // Copies in our values to their compacted locations.
706         for (unsigned i = 0; i < propertyCount; i++)
707             object->putDirect(vm, offsetForPropertyNumber(i, m_inlineCapacity), values[i]);
708
709         propertyTable()->clearDeletedOffsets();
710         checkOffsetConsistency();
711     }
712
713     m_dictionaryKind = NoneDictionaryKind;
714
715     // If the object had a Butterfly but after flattening/compacting we no longer have need of it,
716     // we need to zero it out because the collector depends on the Structure to know the size for copying.
717     if (object->butterfly() && !this->outOfLineCapacity() && !this->hasIndexingHeader(object))
718         object->setStructureAndButterfly(vm, this, 0);
719
720     return this;
721 }
722
723 PropertyOffset Structure::addPropertyWithoutTransition(VM& vm, PropertyName propertyName, unsigned attributes, JSCell* specificValue)
724 {
725     ASSERT(!enumerationCache());
726
727     if (m_specificFunctionThrashCount == maxSpecificFunctionThrashCount)
728         specificValue = 0;
729
730     DeferGC deferGC(vm.heap);
731     materializePropertyMapIfNecessaryForPinning(vm, deferGC);
732     
733     pin();
734
735     return putSpecificValue(vm, propertyName, attributes, specificValue);
736 }
737
738 PropertyOffset Structure::removePropertyWithoutTransition(VM& vm, PropertyName propertyName)
739 {
740     ASSERT(isUncacheableDictionary());
741     ASSERT(!enumerationCache());
742
743     DeferGC deferGC(vm.heap);
744     materializePropertyMapIfNecessaryForPinning(vm, deferGC);
745
746     pin();
747     return remove(propertyName);
748 }
749
750 void Structure::pin()
751 {
752     ASSERT(propertyTable());
753     m_isPinnedPropertyTable = true;
754     clearPreviousID();
755     m_nameInPrevious.clear();
756 }
757
758 void Structure::allocateRareData(VM& vm)
759 {
760     ASSERT(!typeInfo().structureHasRareData());
761     StructureRareData* rareData = StructureRareData::create(vm, previous());
762     m_typeInfo = TypeInfo(typeInfo().type(), typeInfo().flags() | StructureHasRareData);
763     m_previousOrRareData.set(vm, this, rareData);
764 }
765
766 void Structure::cloneRareDataFrom(VM& vm, const Structure* other)
767 {
768     ASSERT(other->typeInfo().structureHasRareData());
769     StructureRareData* newRareData = StructureRareData::clone(vm, other->rareData());
770     m_typeInfo = TypeInfo(typeInfo().type(), typeInfo().flags() | StructureHasRareData);
771     m_previousOrRareData.set(vm, this, newRareData);
772 }
773
774 #if DUMP_PROPERTYMAP_STATS
775
776 struct PropertyMapStatisticsExitLogger {
777     ~PropertyMapStatisticsExitLogger();
778 };
779
780 static PropertyMapStatisticsExitLogger logger;
781
782 PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger()
783 {
784     dataLogF("\nJSC::PropertyMap statistics\n\n");
785     dataLogF("%d probes\n", numProbes);
786     dataLogF("%d collisions (%.1f%%)\n", numCollisions, 100.0 * numCollisions / numProbes);
787     dataLogF("%d rehashes\n", numRehashes);
788     dataLogF("%d removes\n", numRemoves);
789 }
790
791 #endif
792
793 #if !DO_PROPERTYMAP_CONSTENCY_CHECK
794
795 inline void Structure::checkConsistency()
796 {
797     checkOffsetConsistency();
798 }
799
800 #endif
801
802 PropertyTable* Structure::copyPropertyTable(VM& vm, Structure* owner)
803 {
804     if (!propertyTable())
805         return 0;
806     return PropertyTable::clone(vm, owner, *propertyTable().get());
807 }
808
809 PropertyTable* Structure::copyPropertyTableForPinning(VM& vm, Structure* owner)
810 {
811     if (propertyTable())
812         return PropertyTable::clone(vm, owner, *propertyTable().get());
813     return PropertyTable::create(vm, numberOfSlotsForLastOffset(m_offset, m_inlineCapacity));
814 }
815
816 PropertyOffset Structure::getConcurrently(VM&, StringImpl* uid, unsigned& attributes, JSCell*& specificValue)
817 {
818     Vector<Structure*, 8> structures;
819     Structure* structure;
820     PropertyTable* table;
821     
822     findStructuresAndMapForMaterialization(structures, structure, table);
823     
824     if (table) {
825         PropertyMapEntry* entry = table->find(uid).first;
826         if (entry) {
827             attributes = entry->attributes;
828             specificValue = entry->specificValue.get();
829             PropertyOffset result = entry->offset;
830             structure->m_lock.unlock();
831             return result;
832         }
833         structure->m_lock.unlock();
834     }
835     
836     for (unsigned i = structures.size(); i--;) {
837         structure = structures[i];
838         if (structure->m_nameInPrevious.get() != uid)
839             continue;
840         
841         attributes = structure->m_attributesInPrevious;
842         specificValue = structure->m_specificValueInPrevious.get();
843         return structure->m_offset;
844     }
845     
846     return invalidOffset;
847 }
848
849 PropertyOffset Structure::get(VM& vm, PropertyName propertyName, unsigned& attributes, JSCell*& specificValue)
850 {
851     ASSERT(!isCompilationThread());
852     ASSERT(structure()->classInfo() == info());
853
854     DeferGC deferGC(vm.heap);
855     materializePropertyMapIfNecessary(vm, deferGC);
856     if (!propertyTable())
857         return invalidOffset;
858
859     PropertyMapEntry* entry = propertyTable()->find(propertyName.uid()).first;
860     if (!entry)
861         return invalidOffset;
862
863     attributes = entry->attributes;
864     specificValue = entry->specificValue.get();
865     return entry->offset;
866 }
867
868 bool Structure::despecifyFunction(VM& vm, PropertyName propertyName)
869 {
870     DeferGC deferGC(vm.heap);
871     materializePropertyMapIfNecessary(vm, deferGC);
872     if (!propertyTable())
873         return false;
874
875     PropertyMapEntry* entry = propertyTable()->find(propertyName.uid()).first;
876     if (!entry)
877         return false;
878
879     ASSERT(entry->specificValue);
880     entry->specificValue.clear();
881     return true;
882 }
883
884 void Structure::despecifyAllFunctions(VM& vm)
885 {
886     DeferGC deferGC(vm.heap);
887     materializePropertyMapIfNecessary(vm, deferGC);
888     if (!propertyTable())
889         return;
890
891     PropertyTable::iterator end = propertyTable()->end();
892     for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter)
893         iter->specificValue.clear();
894 }
895
896 PropertyOffset Structure::putSpecificValue(VM& vm, PropertyName propertyName, unsigned attributes, JSCell* specificValue)
897 {
898     GCSafeConcurrentJITLocker locker(m_lock, vm.heap);
899     
900     ASSERT(!JSC::isValidOffset(get(vm, propertyName)));
901
902     checkConsistency();
903     if (attributes & DontEnum)
904         m_hasNonEnumerableProperties = true;
905
906     StringImpl* rep = propertyName.uid();
907
908     if (!propertyTable())
909         createPropertyMap(locker, vm);
910
911     PropertyOffset newOffset = propertyTable()->nextOffset(m_inlineCapacity);
912
913     propertyTable()->add(PropertyMapEntry(vm, this, rep, newOffset, attributes, specificValue), m_offset, PropertyTable::PropertyOffsetMayChange);
914     
915     checkConsistency();
916     return newOffset;
917 }
918
919 PropertyOffset Structure::remove(PropertyName propertyName)
920 {
921     ConcurrentJITLocker locker(m_lock);
922     
923     checkConsistency();
924
925     StringImpl* rep = propertyName.uid();
926
927     if (!propertyTable())
928         return invalidOffset;
929
930     PropertyTable::find_iterator position = propertyTable()->find(rep);
931     if (!position.first)
932         return invalidOffset;
933
934     PropertyOffset offset = position.first->offset;
935
936     propertyTable()->remove(position);
937     propertyTable()->addDeletedOffset(offset);
938
939     checkConsistency();
940     return offset;
941 }
942
943 void Structure::createPropertyMap(const GCSafeConcurrentJITLocker&, VM& vm, unsigned capacity)
944 {
945     ASSERT(!propertyTable());
946
947     checkConsistency();
948     propertyTable().set(vm, this, PropertyTable::create(vm, capacity));
949 }
950
951 void Structure::getPropertyNamesFromStructure(VM& vm, PropertyNameArray& propertyNames, EnumerationMode mode)
952 {
953     DeferGC deferGC(vm.heap);
954     materializePropertyMapIfNecessary(vm, deferGC);
955     if (!propertyTable())
956         return;
957
958     bool knownUnique = !propertyNames.size();
959
960     PropertyTable::iterator end = propertyTable()->end();
961     for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter) {
962         ASSERT(m_hasNonEnumerableProperties || !(iter->attributes & DontEnum));
963         if (iter->key->isIdentifier() && (!(iter->attributes & DontEnum) || mode == IncludeDontEnumProperties)) {
964             if (knownUnique)
965                 propertyNames.addKnownUnique(iter->key);
966             else
967                 propertyNames.add(iter->key);
968         }
969     }
970 }
971
972 JSValue Structure::prototypeForLookup(CodeBlock* codeBlock) const
973 {
974     return prototypeForLookup(codeBlock->globalObject());
975 }
976
977 void Structure::visitChildren(JSCell* cell, SlotVisitor& visitor)
978 {
979     Structure* thisObject = jsCast<Structure*>(cell);
980     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
981     ASSERT(thisObject->structure()->typeInfo().overridesVisitChildren());
982
983     JSCell::visitChildren(thisObject, visitor);
984     visitor.append(&thisObject->m_globalObject);
985     if (!thisObject->isObject())
986         thisObject->m_cachedPrototypeChain.clear();
987     else {
988         visitor.append(&thisObject->m_prototype);
989         visitor.append(&thisObject->m_cachedPrototypeChain);
990     }
991     visitor.append(&thisObject->m_previousOrRareData);
992     visitor.append(&thisObject->m_specificValueInPrevious);
993
994     if (thisObject->m_isPinnedPropertyTable) {
995         ASSERT(thisObject->m_propertyTableUnsafe);
996         visitor.append(&thisObject->m_propertyTableUnsafe);
997     } else if (thisObject->m_propertyTableUnsafe)
998         thisObject->m_propertyTableUnsafe.clear();
999 }
1000
1001 bool Structure::prototypeChainMayInterceptStoreTo(VM& vm, PropertyName propertyName)
1002 {
1003     unsigned i = propertyName.asIndex();
1004     if (i != PropertyName::NotAnIndex)
1005         return anyObjectInChainMayInterceptIndexedAccesses();
1006     
1007     for (Structure* current = this; ;) {
1008         JSValue prototype = current->storedPrototype();
1009         if (prototype.isNull())
1010             return false;
1011         
1012         current = prototype.asCell()->structure();
1013         
1014         unsigned attributes;
1015         JSCell* specificValue;
1016         PropertyOffset offset = current->get(vm, propertyName, attributes, specificValue);
1017         if (!JSC::isValidOffset(offset))
1018             continue;
1019         
1020         if (attributes & (ReadOnly | Accessor))
1021             return true;
1022         
1023         return false;
1024     }
1025 }
1026
1027 void Structure::dump(PrintStream& out) const
1028 {
1029     out.print(RawPointer(this), ":[", classInfo()->className, ", {");
1030     
1031     Vector<Structure*, 8> structures;
1032     Structure* structure;
1033     PropertyTable* table;
1034     
1035     const_cast<Structure*>(this)->findStructuresAndMapForMaterialization(
1036         structures, structure, table);
1037     
1038     CommaPrinter comma;
1039     
1040     if (table) {
1041         PropertyTable::iterator iter = table->begin();
1042         PropertyTable::iterator end = table->end();
1043         for (; iter != end; ++iter)
1044             out.print(comma, iter->key, ":", static_cast<int>(iter->offset));
1045         
1046         structure->m_lock.unlock();
1047     }
1048     
1049     for (unsigned i = structures.size(); i--;) {
1050         Structure* structure = structures[i];
1051         if (!structure->m_nameInPrevious)
1052             continue;
1053         out.print(comma, structure->m_nameInPrevious.get(), ":", static_cast<int>(structure->m_offset));
1054     }
1055     
1056     out.print("}, ", IndexingTypeDump(indexingType()));
1057     
1058     if (m_prototype.get().isCell())
1059         out.print(", Proto:", RawPointer(m_prototype.get().asCell()));
1060     
1061     out.print("]");
1062 }
1063
1064 void Structure::dumpInContext(PrintStream& out, DumpContext* context) const
1065 {
1066     if (context)
1067         context->structures.dumpBrief(this, out);
1068     else
1069         dump(out);
1070 }
1071
1072 void Structure::dumpBrief(PrintStream& out, const CString& string) const
1073 {
1074     out.print("%", string, ":", classInfo()->className);
1075 }
1076
1077 void Structure::dumpContextHeader(PrintStream& out)
1078 {
1079     out.print("Structures:");
1080 }
1081
1082 #if DO_PROPERTYMAP_CONSTENCY_CHECK
1083
1084 void PropertyTable::checkConsistency()
1085 {
1086     checkOffsetConsistency();
1087     ASSERT(m_indexSize >= PropertyTable::MinimumTableSize);
1088     ASSERT(m_indexMask);
1089     ASSERT(m_indexSize == m_indexMask + 1);
1090     ASSERT(!(m_indexSize & m_indexMask));
1091
1092     ASSERT(m_keyCount <= m_indexSize / 2);
1093     ASSERT(m_keyCount + m_deletedCount <= m_indexSize / 2);
1094     ASSERT(m_deletedCount <= m_indexSize / 4);
1095
1096     unsigned indexCount = 0;
1097     unsigned deletedIndexCount = 0;
1098     for (unsigned a = 0; a != m_indexSize; ++a) {
1099         unsigned entryIndex = m_index[a];
1100         if (entryIndex == PropertyTable::EmptyEntryIndex)
1101             continue;
1102         if (entryIndex == deletedEntryIndex()) {
1103             ++deletedIndexCount;
1104             continue;
1105         }
1106         ASSERT(entryIndex < deletedEntryIndex());
1107         ASSERT(entryIndex - 1 <= usedCount());
1108         ++indexCount;
1109
1110         for (unsigned b = a + 1; b != m_indexSize; ++b)
1111             ASSERT(m_index[b] != entryIndex);
1112     }
1113     ASSERT(indexCount == m_keyCount);
1114     ASSERT(deletedIndexCount == m_deletedCount);
1115
1116     ASSERT(!table()[deletedEntryIndex() - 1].key);
1117
1118     unsigned nonEmptyEntryCount = 0;
1119     for (unsigned c = 0; c < usedCount(); ++c) {
1120         StringImpl* rep = table()[c].key;
1121         if (rep == PROPERTY_MAP_DELETED_ENTRY_KEY)
1122             continue;
1123         ++nonEmptyEntryCount;
1124         unsigned i = rep->existingHash();
1125         unsigned k = 0;
1126         unsigned entryIndex;
1127         while (1) {
1128             entryIndex = m_index[i & m_indexMask];
1129             ASSERT(entryIndex != PropertyTable::EmptyEntryIndex);
1130             if (rep == table()[entryIndex - 1].key)
1131                 break;
1132             if (k == 0)
1133                 k = 1 | doubleHash(rep->existingHash());
1134             i += k;
1135         }
1136         ASSERT(entryIndex == c + 1);
1137     }
1138
1139     ASSERT(nonEmptyEntryCount == m_keyCount);
1140 }
1141
1142 void Structure::checkConsistency()
1143 {
1144     if (!propertyTable())
1145         return;
1146
1147     if (!m_hasNonEnumerableProperties) {
1148         PropertyTable::iterator end = propertyTable()->end();
1149         for (PropertyTable::iterator iter = propertyTable()->begin(); iter != end; ++iter) {
1150             ASSERT(!(iter->attributes & DontEnum));
1151         }
1152     }
1153
1154     propertyTable()->checkConsistency();
1155 }
1156
1157 #endif // DO_PROPERTYMAP_CONSTENCY_CHECK
1158
1159 } // namespace JSC