https://bugs.webkit.org/show_bug.cgi?id=180895
Reviewed by Saam Barati.
If we don't have an indexing header then we point the butterfly
sizeof(IndexingHeader) past the end of the butterfly. This makes
the computation of the offset simpler since it doesn't depend on
the indexing headeriness of the butterfly.
* jit/JITOperations.cpp:
* runtime/JSObject.cpp:
(JSC::JSObject::createInitialUndecided):
(JSC::JSObject::createInitialInt32):
(JSC::JSObject::createInitialDouble):
(JSC::JSObject::createInitialContiguous):
(JSC::JSObject::createArrayStorage):
(JSC::JSObject::convertUndecidedToArrayStorage):
(JSC::JSObject::convertInt32ToArrayStorage):
(JSC::JSObject::convertDoubleToArrayStorage):
* runtime/JSObject.h:
(JSC::JSObject::setButterfly):
(JSC::JSObject::nukeStructureAndSetButterfly):
* runtime/JSObjectInlines.h:
(JSC::JSObject::prepareToPutDirectWithoutTransition):
(JSC::JSObject::putDirectInternal):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226000
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2017-12-16 Keith Miller <keith_miller@apple.com>
+
+ Indexing should only be computed when the new structure has an indexing header.
+ https://bugs.webkit.org/show_bug.cgi?id=180895
+
+ Reviewed by Saam Barati.
+
+ If we don't have an indexing header then we point the butterfly
+ sizeof(IndexingHeader) past the end of the butterfly. This makes
+ the computation of the offset simpler since it doesn't depend on
+ the indexing headeriness of the butterfly.
+
+ * jit/JITOperations.cpp:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::createInitialUndecided):
+ (JSC::JSObject::createInitialInt32):
+ (JSC::JSObject::createInitialDouble):
+ (JSC::JSObject::createInitialContiguous):
+ (JSC::JSObject::createArrayStorage):
+ (JSC::JSObject::convertUndecidedToArrayStorage):
+ (JSC::JSObject::convertInt32ToArrayStorage):
+ (JSC::JSObject::convertDoubleToArrayStorage):
+ * runtime/JSObject.h:
+ (JSC::JSObject::setButterfly):
+ (JSC::JSObject::nukeStructureAndSetButterfly):
+ * runtime/JSObjectInlines.h:
+ (JSC::JSObject::prepareToPutDirectWithoutTransition):
+ (JSC::JSObject::putDirectInternal):
+
2017-12-15 Ryan Haddad <ryanhaddad@apple.com>
Unreviewed, rolling out r225941.
ASSERT(!object->structure()->outOfLineCapacity());
Butterfly* result = object->allocateMoreOutOfLineStorage(vm, 0, initialOutOfLineCapacity);
- object->nukeStructureAndSetButterfly(vm, object->structureID(), result);
+ object->nukeStructureAndSetButterfly(vm, object->structureID(), result, object->indexingType());
return reinterpret_cast<char*>(result);
}
NativeCallFrameTracer tracer(&vm, exec);
Butterfly* result = object->allocateMoreOutOfLineStorage(vm, object->structure()->outOfLineCapacity(), newSize);
- object->nukeStructureAndSetButterfly(vm, object->structureID(), result);
+ object->nukeStructureAndSetButterfly(vm, object->structureID(), result, object->indexingType());
return reinterpret_cast<char*>(result);
}
StructureID oldStructureID = this->structureID();
Structure* oldStructure = vm.getStructure(oldStructureID);
Structure* newStructure = Structure::nonPropertyTransition(vm, oldStructure, NonPropertyTransition::AllocateUndecided);
- nukeStructureAndSetButterfly(vm, oldStructureID, newButterfly);
+ nukeStructureAndSetButterfly(vm, oldStructureID, newButterfly, newStructure->indexingType());
setStructure(vm, newStructure);
return newButterfly;
}
StructureID oldStructureID = this->structureID();
Structure* oldStructure = vm.getStructure(oldStructureID);
Structure* newStructure = Structure::nonPropertyTransition(vm, oldStructure, NonPropertyTransition::AllocateInt32);
- nukeStructureAndSetButterfly(vm, oldStructureID, newButterfly);
+ nukeStructureAndSetButterfly(vm, oldStructureID, newButterfly, newStructure->indexingType());
setStructure(vm, newStructure);
return newButterfly->contiguousInt32();
}
StructureID oldStructureID = this->structureID();
Structure* oldStructure = vm.getStructure(oldStructureID);
Structure* newStructure = Structure::nonPropertyTransition(vm, oldStructure, NonPropertyTransition::AllocateDouble);
- nukeStructureAndSetButterfly(vm, oldStructureID, newButterfly);
+ nukeStructureAndSetButterfly(vm, oldStructureID, newButterfly, newStructure->indexingType());
setStructure(vm, newStructure);
return newButterfly->contiguousDouble();
}
StructureID oldStructureID = this->structureID();
Structure* oldStructure = vm.getStructure(oldStructureID);
Structure* newStructure = Structure::nonPropertyTransition(vm, oldStructure, NonPropertyTransition::AllocateContiguous);
- nukeStructureAndSetButterfly(vm, oldStructureID, newButterfly);
+ nukeStructureAndSetButterfly(vm, oldStructureID, newButterfly, newStructure->indexingType());
setStructure(vm, newStructure);
return newButterfly->contiguous();
}
Butterfly* newButterfly = createArrayStorageButterfly(vm, this, oldStructure, length, vectorLength, butterfly());
ArrayStorage* result = newButterfly->arrayStorage();
Structure* newStructure = Structure::nonPropertyTransition(vm, oldStructure, suggestedArrayStorageTransition());
- nukeStructureAndSetButterfly(vm, oldStructureID, newButterfly);
+ nukeStructureAndSetButterfly(vm, oldStructureID, newButterfly, newStructure->indexingType());
setStructure(vm, newStructure);
return result;
}
StructureID oldStructureID = this->structureID();
Structure* oldStructure = vm.getStructure(oldStructureID);
Structure* newStructure = Structure::nonPropertyTransition(vm, oldStructure, transition);
- nukeStructureAndSetButterfly(vm, oldStructureID, storage->butterfly());
+ nukeStructureAndSetButterfly(vm, oldStructureID, storage->butterfly(), newStructure->indexingType());
setStructure(vm, newStructure);
return storage;
}
StructureID oldStructureID = this->structureID();
Structure* oldStructure = vm.getStructure(oldStructureID);
Structure* newStructure = Structure::nonPropertyTransition(vm, oldStructure, transition);
- nukeStructureAndSetButterfly(vm, oldStructureID, newStorage->butterfly());
+ nukeStructureAndSetButterfly(vm, oldStructureID, newStorage->butterfly(), newStructure->indexingType());
setStructure(vm, newStructure);
return newStorage;
}
StructureID oldStructureID = this->structureID();
Structure* oldStructure = vm.getStructure(oldStructureID);
Structure* newStructure = Structure::nonPropertyTransition(vm, oldStructure, transition);
- nukeStructureAndSetButterfly(vm, oldStructureID, newStorage->butterfly());
+ nukeStructureAndSetButterfly(vm, oldStructureID, newStorage->butterfly(), newStructure->indexingType());
setStructure(vm, newStructure);
return newStorage;
}
// Call this if you do need to change the structure, or if you changed something about a structure
// in-place.
- void nukeStructureAndSetButterfly(VM&, StructureID, Butterfly*);
+ void nukeStructureAndSetButterfly(VM&, StructureID oldStructureID, Butterfly*, IndexingType newIndexingType);
// Call this only if you are a JSGenericTypedArrayView or are clearing the butterfly.
void setButterflyWithIndexingMask(VM&, Butterfly*, uint32_t indexingMask);
inline void JSObject::setButterfly(VM& vm, Butterfly* butterfly)
{
- if (LIKELY(!structure(vm)->hijacksIndexingHeader())) {
+ if (hasIndexedProperties(indexingType())) {
m_butterflyIndexingMask = butterfly->computeIndexingMask();
ASSERT(m_butterflyIndexingMask >= butterfly->vectorLength());
}
m_butterfly.set(vm, this, butterfly);
}
-inline void JSObject::nukeStructureAndSetButterfly(VM& vm, StructureID oldStructureID, Butterfly* butterfly)
+inline void JSObject::nukeStructureAndSetButterfly(VM& vm, StructureID oldStructureID, Butterfly* butterfly, IndexingType newIndexingType)
{
- if (LIKELY(!vm.getStructure(oldStructureID)->hijacksIndexingHeader())) {
+ if (hasIndexedProperties(newIndexingType)) {
m_butterflyIndexingMask = butterfly->computeIndexingMask();
ASSERT(m_butterflyIndexingMask >= butterfly->vectorLength());
}
unsigned newOutOfLineCapacity = Structure::outOfLineCapacity(newLastOffset);
if (newOutOfLineCapacity != oldOutOfLineCapacity) {
Butterfly* butterfly = allocateMoreOutOfLineStorage(vm, oldOutOfLineCapacity, newOutOfLineCapacity);
- nukeStructureAndSetButterfly(vm, structureID, butterfly);
+ nukeStructureAndSetButterfly(vm, structureID, butterfly, structure->indexingType());
structure->setLastOffset(newLastOffset);
WTF::storeStoreFence();
setStructureIDDirectly(structureID);
if (currentCapacity != newStructure->outOfLineCapacity()) {
ASSERT(newStructure != this->structure());
newButterfly = allocateMoreOutOfLineStorage(vm, currentCapacity, newStructure->outOfLineCapacity());
- nukeStructureAndSetButterfly(vm, structureID, newButterfly);
+ nukeStructureAndSetButterfly(vm, structureID, newButterfly, newStructure->indexingType());
}
validateOffset(offset);
ASSERT(oldCapacity <= newCapacity);
if (oldCapacity != newCapacity) {
Butterfly* newButterfly = allocateMoreOutOfLineStorage(vm, oldCapacity, newCapacity);
- nukeStructureAndSetButterfly(vm, structureID, newButterfly);
+ nukeStructureAndSetButterfly(vm, structureID, newButterfly, newStructure->indexingType());
}
putDirect(vm, offset, value);
setStructure(vm, newStructure);
git://git.webkit.org / WebKit-https.git / commitdiff