Eagerly reify DOM prototype attributes
authormhahnenberg@apple.com <mhahnenberg@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 9 Jun 2014 18:53:32 +0000 (18:53 +0000)
committermhahnenberg@apple.com <mhahnenberg@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 9 Jun 2014 18:53:32 +0000 (18:53 +0000)
commit97e2fb159640bf4e463d82496e466786d02bbfc6
treef174c809a246c33b3eff856ed60e688f67644edd
parentd6310d2d418ab3d288396f7397e35e74ada38733
Eagerly reify DOM prototype attributes
https://bugs.webkit.org/show_bug.cgi?id=133558

Reviewed by Oliver Hunt.

Source/JavaScriptCore:
This allows us to get rid of a lot of the additional overhead of pushing DOM attributes up into the prototype.
By eagerly reifying the custom getters and setters into the actual JSObject we avoid having to override
getOwnPropertySlot for all of the DOM prototypes, which is a lot of the overhead of doing property lookups on
DOM wrappers.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LowLevelInterpreter.asm:
* runtime/BatchedTransitionOptimizer.h:
(JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
* runtime/CustomGetterSetter.cpp: Added.
(JSC::callCustomSetter):
* runtime/CustomGetterSetter.h: Added.
(JSC::CustomGetterSetter::create):
(JSC::CustomGetterSetter::getter):
(JSC::CustomGetterSetter::setter):
(JSC::CustomGetterSetter::createStructure):
(JSC::CustomGetterSetter::CustomGetterSetter):
* runtime/JSCJSValue.cpp:
(JSC::JSValue::putToPrimitive):
* runtime/JSCJSValue.h:
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::isCustomGetterSetter):
* runtime/JSCell.h:
* runtime/JSCellInlines.h:
(JSC::JSCell::isCustomGetterSetter):
(JSC::JSCell::canUseFastGetOwnProperty):
* runtime/JSFunction.cpp:
(JSC::JSFunction::isHostOrBuiltinFunction): Deleted.
(JSC::JSFunction::isBuiltinFunction): Deleted.
* runtime/JSFunction.h:
* runtime/JSFunctionInlines.h: Inlined some random functions that appeared hot during profiling.
(JSC::JSFunction::isBuiltinFunction):
(JSC::JSFunction::isHostOrBuiltinFunction):
* runtime/JSObject.cpp:
(JSC::JSObject::put):
(JSC::JSObject::putDirectCustomAccessor):
(JSC::JSObject::fillGetterPropertySlot):
(JSC::JSObject::fillCustomGetterPropertySlot):
(JSC::JSObject::getOwnPropertySlotSlow): Deleted.
* runtime/JSObject.h:
(JSC::JSObject::hasCustomGetterSetterProperties):
(JSC::JSObject::convertToDictionary):
(JSC::JSObject::inlineGetOwnPropertySlot):
(JSC::JSObject::getOwnPropertySlotSlow): Inlined because it looked hot during profiling.
(JSC::JSObject::putOwnDataProperty):
(JSC::JSObject::putDirect):
(JSC::JSObject::putDirectWithoutTransition):
* runtime/JSType.h:
* runtime/Lookup.h:
(JSC::reifyStaticProperties):
* runtime/PropertyDescriptor.h:
(JSC::PropertyDescriptor::PropertyDescriptor):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::nextOutOfLineStorageCapacity): Deleted.
(JSC::Structure::suggestedNewOutOfLineStorageCapacity): Deleted.
(JSC::Structure::get): Deleted.
* runtime/Structure.h:
(JSC::Structure::hasCustomGetterSetterProperties):
(JSC::Structure::setHasCustomGetterSetterProperties):
* runtime/StructureInlines.h:
(JSC::Structure::get): Inlined due to hotness.
(JSC::nextOutOfLineStorageCapacity): Inlined due to hotness.
(JSC::Structure::suggestedNewOutOfLineStorageCapacity): Inlined due to hotness.
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
* runtime/WriteBarrier.h:
(JSC::WriteBarrierBase<Unknown>::isCustomGetterSetter):

Source/WebCore:
No new tests.

This allows us to get rid of a lot of the additional overhead of pushing DOM attributes up into the prototype.
By eagerly reifying the custom getters and setters into the actual JSObject we avoid having to override
getOwnPropertySlot for all of the DOM prototypes, which is a lot of the overhead of doing property lookups on
DOM wrappers.

* bindings/scripts/CodeGeneratorJS.pm:
(prototypeHashTableAccessor): Changed to pass along the VM.
(AttributeShouldBeOnInstanceForCompatibility): We were being overly conservative in regard to touch events.
This caused us to store the touch event handler getters and setters on the JSElement instance, which caused
us to override getOwnPropertySlot for every JSElement subclass.
(InstanceOverridesGetOwnPropertySlot): This was being overly paranoid about generate a getOwnPropertySlot if
there was going to be a "constructor" property, even though we handled this in another place already.
(GenerateHeader): Generate a finishCreation for prototypes unless it's the JSDOMWindow. We can't correctly
handle the DOMWindow in this version of the patch because reifying the static properties requires a global object,
which hasn't been created yet when the prototype for the window object is being created.
(GenerateImplementation): Generate the finishCreation calls to reifyStaticProperties.

LayoutTests:
Updating a test expectation after this fix.

* js/dom/constructor-attributes-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@169703 268f45cc-cd09-0410-ab3c-d52691b4dbfc
38 files changed:
LayoutTests/ChangeLog
LayoutTests/js/dom/constructor-attributes-expected.txt
Source/JavaScriptCore/CMakeLists.txt
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj
Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters
Source/JavaScriptCore/llint/LLIntData.cpp
Source/JavaScriptCore/llint/LowLevelInterpreter.asm
Source/JavaScriptCore/runtime/BatchedTransitionOptimizer.h
Source/JavaScriptCore/runtime/CustomGetterSetter.cpp [new file with mode: 0644]
Source/JavaScriptCore/runtime/CustomGetterSetter.h [new file with mode: 0644]
Source/JavaScriptCore/runtime/JSCJSValue.cpp
Source/JavaScriptCore/runtime/JSCJSValue.h
Source/JavaScriptCore/runtime/JSCJSValueInlines.h
Source/JavaScriptCore/runtime/JSCell.h
Source/JavaScriptCore/runtime/JSCellInlines.h
Source/JavaScriptCore/runtime/JSFunction.cpp
Source/JavaScriptCore/runtime/JSFunction.h
Source/JavaScriptCore/runtime/JSFunctionInlines.h
Source/JavaScriptCore/runtime/JSObject.cpp
Source/JavaScriptCore/runtime/JSObject.h
Source/JavaScriptCore/runtime/JSPromiseFunctions.cpp
Source/JavaScriptCore/runtime/JSType.h
Source/JavaScriptCore/runtime/Lookup.h
Source/JavaScriptCore/runtime/MapConstructor.cpp
Source/JavaScriptCore/runtime/MapIteratorConstructor.cpp
Source/JavaScriptCore/runtime/PropertyDescriptor.h
Source/JavaScriptCore/runtime/SetConstructor.cpp
Source/JavaScriptCore/runtime/SetIteratorConstructor.cpp
Source/JavaScriptCore/runtime/Structure.cpp
Source/JavaScriptCore/runtime/Structure.h
Source/JavaScriptCore/runtime/StructureInlines.h
Source/JavaScriptCore/runtime/VM.cpp
Source/JavaScriptCore/runtime/VM.h
Source/JavaScriptCore/runtime/WeakMapConstructor.cpp
Source/JavaScriptCore/runtime/WriteBarrier.h
Source/WebCore/ChangeLog
Source/WebCore/bindings/scripts/CodeGeneratorJS.pm