Extract the allocation profile from JSFunction into a rare object
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 16 Apr 2015 19:15:09 +0000 (19:15 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 16 Apr 2015 19:15:09 +0000 (19:15 +0000)
https://bugs.webkit.org/show_bug.cgi?id=143807
.:

Patch by Basile Clement <basile_clement@apple.com> on 2015-04-16
Reviewed by Filip Pizlo.

* WebKit.xcworkspace/contents.xcworkspacedata:

Source/JavaScriptCore:

Patch by Basile Clement <basile_clement@apple.com> on 2015-04-16
Reviewed by Filip Pizlo.

The allocation profile is only needed for those functions that are used
to create objects with [new].
Extracting it into its own JSCell removes the need for JSFunction and
JSCallee to be JSDestructibleObjects, which should improve performances in most
cases at the cost of an extra pointer dereference when the allocation profile
is actually needed.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGOperations.cpp:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_create_this):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_create_this):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/FunctionRareData.cpp: Added.
(JSC::FunctionRareData::create):
(JSC::FunctionRareData::destroy):
(JSC::FunctionRareData::createStructure):
(JSC::FunctionRareData::visitChildren):
(JSC::FunctionRareData::FunctionRareData):
(JSC::FunctionRareData::~FunctionRareData):
(JSC::FunctionRareData::finishCreation):
* runtime/FunctionRareData.h: Added.
(JSC::FunctionRareData::offsetOfAllocationProfile):
(JSC::FunctionRareData::allocationProfile):
(JSC::FunctionRareData::allocationStructure):
(JSC::FunctionRareData::allocationProfileWatchpointSet):
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::destroy): Deleted.
* runtime/JSBoundFunction.h:
* runtime/JSCallee.cpp:
(JSC::JSCallee::destroy): Deleted.
* runtime/JSCallee.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::JSFunction):
(JSC::JSFunction::createRareData):
(JSC::JSFunction::visitChildren):
(JSC::JSFunction::put):
(JSC::JSFunction::defineOwnProperty):
(JSC::JSFunction::destroy): Deleted.
(JSC::JSFunction::createAllocationProfile): Deleted.
* runtime/JSFunction.h:
(JSC::JSFunction::offsetOfRareData):
(JSC::JSFunction::rareData):
(JSC::JSFunction::allocationStructure):
(JSC::JSFunction::allocationProfileWatchpointSet):
(JSC::JSFunction::offsetOfAllocationProfile): Deleted.
(JSC::JSFunction::allocationProfile): Deleted.
* runtime/JSFunctionInlines.h:
(JSC::JSFunction::JSFunction):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@182899 268f45cc-cd09-0410-ab3c-d52691b4dbfc

26 files changed:
ChangeLog
Source/JavaScriptCore/CMakeLists.txt
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj
Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/dfg/DFGOperations.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
Source/JavaScriptCore/jit/JITOpcodes.cpp
Source/JavaScriptCore/jit/JITOpcodes32_64.cpp
Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
Source/JavaScriptCore/runtime/FunctionRareData.cpp [new file with mode: 0644]
Source/JavaScriptCore/runtime/FunctionRareData.h [new file with mode: 0644]
Source/JavaScriptCore/runtime/JSBoundFunction.cpp
Source/JavaScriptCore/runtime/JSBoundFunction.h
Source/JavaScriptCore/runtime/JSCallee.cpp
Source/JavaScriptCore/runtime/JSCallee.h
Source/JavaScriptCore/runtime/JSFunction.cpp
Source/JavaScriptCore/runtime/JSFunction.h
Source/JavaScriptCore/runtime/JSFunctionInlines.h
Source/JavaScriptCore/runtime/VM.cpp
Source/JavaScriptCore/runtime/VM.h
WebKit.xcworkspace/contents.xcworkspacedata

index e7eed051df45c87b1855a2486957ababd317299c..2914f61dbd160376de5281e31728ff7b2a95f8db 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2015-04-16  Basile Clement  <basile_clement@apple.com>
+
+        Extract the allocation profile from JSFunction into a rare object
+        https://bugs.webkit.org/show_bug.cgi?id=143807
+
+        Reviewed by Filip Pizlo.
+
+        * WebKit.xcworkspace/contents.xcworkspacedata:
+
 2015-04-16  Csaba Osztrogon√°c  <ossy@webkit.org>
 
         [EFL] Bump LLVM to version 3.6.0 on X86_64
index b028eed90c60da9d2c5ccdc6794731c5bb1fe3c1..102613f85f7fdef7af6e4bb6ef5efcdd37e943ec 100644 (file)
@@ -448,6 +448,7 @@ set(JavaScriptCore_RUNTIME_SOURCES
     runtime/FunctionExecutableDump.cpp
     runtime/FunctionHasExecutedCache.cpp
     runtime/FunctionPrototype.cpp
+    runtime/FunctionRareData.cpp
     runtime/GetterSetter.cpp
     runtime/Identifier.cpp
     runtime/IndexingType.cpp
index 40c0f528ce229996ce996ca2cec184d564f07698..397fc9327840bde6d6746ffd489eb27cc0230806 100644 (file)
@@ -1,3 +1,74 @@
+2015-04-16  Basile Clement  <basile_clement@apple.com>
+        Extract the allocation profile from JSFunction into a rare object
+        https://bugs.webkit.org/show_bug.cgi?id=143807
+        Reviewed by Filip Pizlo.
+        The allocation profile is only needed for those functions that are used
+        to create objects with [new].
+        Extracting it into its own JSCell removes the need for JSFunction and
+        JSCallee to be JSDestructibleObjects, which should improve performances in most
+        cases at the cost of an extra pointer dereference when the allocation profile
+        is actually needed.
+        * CMakeLists.txt:
+        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
+        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * dfg/DFGOperations.cpp:
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_create_this):
+        * jit/JITOpcodes32_64.cpp:
+        (JSC::JIT::emit_op_create_this):
+        * llint/LowLevelInterpreter32_64.asm:
+        * llint/LowLevelInterpreter64.asm:
+        * runtime/CommonSlowPaths.cpp:
+        (JSC::SLOW_PATH_DECL):
+        * runtime/FunctionRareData.cpp: Added.
+        (JSC::FunctionRareData::create):
+        (JSC::FunctionRareData::destroy):
+        (JSC::FunctionRareData::createStructure):
+        (JSC::FunctionRareData::visitChildren):
+        (JSC::FunctionRareData::FunctionRareData):
+        (JSC::FunctionRareData::~FunctionRareData):
+        (JSC::FunctionRareData::finishCreation):
+        * runtime/FunctionRareData.h: Added.
+        (JSC::FunctionRareData::offsetOfAllocationProfile):
+        (JSC::FunctionRareData::allocationProfile):
+        (JSC::FunctionRareData::allocationStructure):
+        (JSC::FunctionRareData::allocationProfileWatchpointSet):
+        * runtime/JSBoundFunction.cpp:
+        (JSC::JSBoundFunction::destroy): Deleted.
+        * runtime/JSBoundFunction.h:
+        * runtime/JSCallee.cpp:
+        (JSC::JSCallee::destroy): Deleted.
+        * runtime/JSCallee.h:
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::JSFunction):
+        (JSC::JSFunction::createRareData):
+        (JSC::JSFunction::visitChildren):
+        (JSC::JSFunction::put):
+        (JSC::JSFunction::defineOwnProperty):
+        (JSC::JSFunction::destroy): Deleted.
+        (JSC::JSFunction::createAllocationProfile): Deleted.
+        * runtime/JSFunction.h:
+        (JSC::JSFunction::offsetOfRareData):
+        (JSC::JSFunction::rareData):
+        (JSC::JSFunction::allocationStructure):
+        (JSC::JSFunction::allocationProfileWatchpointSet):
+        (JSC::JSFunction::offsetOfAllocationProfile): Deleted.
+        (JSC::JSFunction::allocationProfile): Deleted.
+        * runtime/JSFunctionInlines.h:
+        (JSC::JSFunction::JSFunction):
+        * runtime/VM.cpp:
+        (JSC::VM::VM):
+        * runtime/VM.h:
 2015-04-16  Csaba Osztrogon√°c  <ossy@webkit.org>
 
         Remove the unnecessary WTF_CHANGES define
index 7d4b7361d846f379ea5073294dfae3445716f97c..e65e3edd8a5620bcea9e1e99a00ab42c6df4f72b 100644 (file)
     <ClCompile Include="..\runtime\FunctionExecutableDump.cpp" />
     <ClCompile Include="..\runtime\FunctionHasExecutedCache.cpp" />
     <ClCompile Include="..\runtime\FunctionPrototype.cpp" />
+    <ClCompile Include="..\runtime\FunctionRareData.cpp" />
     <ClCompile Include="..\runtime\GetterSetter.cpp" />
     <ClCompile Include="..\runtime\Identifier.cpp" />
     <ClCompile Include="..\runtime\IndexingType.cpp" />
     <ClInclude Include="..\runtime\FunctionExecutableDump.h" />
     <ClInclude Include="..\runtime\FunctionHasExecutedCache.h" />
     <ClInclude Include="..\runtime\FunctionPrototype.h" />
+    <ClInclude Include="..\runtime\FunctionRareData.h" />
     <ClInclude Include="..\runtime\GenericArguments.h" />
     <ClInclude Include="..\runtime\GenericArgumentsInlines.h" />
     <ClInclude Include="..\runtime\GenericOffset.h" />
index 7621708517589fecff59eee56d1e1707ce8ef384..05826919c765a976a447da800f0fbe389f5fc616 100644 (file)
     <ClCompile Include="..\runtime\FunctionPrototype.cpp">
       <Filter>runtime</Filter>
     </ClCompile>
+    <ClCompile Include="..\runtime\FunctionRareData.cpp">
+      <Filter>runtime</Filter>
+    </ClCompile>
     <ClCompile Include="..\runtime\GetterSetter.cpp">
       <Filter>runtime</Filter>
     </ClCompile>
     <ClInclude Include="..\runtime\FunctionPrototype.h">
       <Filter>runtime</Filter>
     </ClInclude>
+    <ClInclude Include="..\runtime\FunctionRareData.h">
+      <Filter>runtime</Filter>
+    </ClInclude>
     <ClInclude Include="..\runtime\GetterSetter.h">
       <Filter>runtime</Filter>
     </ClInclude>
index 209d2428361c50cbdd5847857b19657f122b3a77..c9ca0d2e91c6c97e395111b46f59b26560681035 100644 (file)
                5DBB151B131D0B310056AD36 /* testapi.js in Copy Support Script */ = {isa = PBXBuildFile; fileRef = 14D857740A4696C80032146C /* testapi.js */; };
                5DBB1525131D0BD70056AD36 /* minidom.js in Copy Support Script */ = {isa = PBXBuildFile; fileRef = 1412110D0A48788700480255 /* minidom.js */; };
                5DE6E5B30E1728EC00180407 /* create_hash_table in Headers */ = {isa = PBXBuildFile; fileRef = F692A8540255597D01FF60F7 /* create_hash_table */; settings = {ATTRIBUTES = (); }; };
+               62D2D38F1ADF103F000206C1 /* FunctionRareData.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 62D2D38D1ADF103F000206C1 /* FunctionRareData.cpp */; };
+               62D2D3901ADF103F000206C1 /* FunctionRareData.h in Headers */ = {isa = PBXBuildFile; fileRef = 62D2D38E1ADF103F000206C1 /* FunctionRareData.h */; settings = {ATTRIBUTES = (Private, ); }; };
                6507D29E0E871E5E00D7D896 /* JSTypeInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 6507D2970E871E4A00D7D896 /* JSTypeInfo.h */; settings = {ATTRIBUTES = (Private, ); }; };
                651122FD14046A4C002B101D /* JavaScriptCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 932F5BD90822A1C700736975 /* JavaScriptCore.framework */; };
                651122FE14046A4C002B101D /* libedit.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 5D5D8AD00E0D0EBE00F9C692 /* libedit.dylib */; };
                5DAFD6CB146B686300FBEFB4 /* JSC.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = JSC.xcconfig; sourceTree = "<group>"; };
                5DDDF44614FEE72200B4FB4D /* LLIntDesiredOffsets.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = LLIntDesiredOffsets.h; path = LLIntOffsets/LLIntDesiredOffsets.h; sourceTree = BUILT_PRODUCTS_DIR; };
                5DE3D0F40DD8DDFB00468714 /* WebKitAvailability.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebKitAvailability.h; sourceTree = "<group>"; };
+               62D2D38D1ADF103F000206C1 /* FunctionRareData.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FunctionRareData.cpp; sourceTree = "<group>"; };
+               62D2D38E1ADF103F000206C1 /* FunctionRareData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FunctionRareData.h; sourceTree = "<group>"; };
                6507D2970E871E4A00D7D896 /* JSTypeInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSTypeInfo.h; sourceTree = "<group>"; };
                651122E5140469BA002B101D /* testRegExp.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = testRegExp.cpp; sourceTree = "<group>"; };
                6511230514046A4C002B101D /* testRegExp */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = testRegExp; sourceTree = BUILT_PRODUCTS_DIR; };
                                52B310FA1974AE610080857C /* FunctionHasExecutedCache.h */,
                                F692A85C0255597D01FF60F7 /* FunctionPrototype.cpp */,
                                F692A85D0255597D01FF60F7 /* FunctionPrototype.h */,
+                               62D2D38D1ADF103F000206C1 /* FunctionRareData.cpp */,
+                               62D2D38E1ADF103F000206C1 /* FunctionRareData.h */,
                                0FE050111AA9091100D33B33 /* GenericArguments.h */,
                                0FE050121AA9091100D33B33 /* GenericArgumentsInlines.h */,
                                0FE050131AA9091100D33B33 /* GenericOffset.h */,
                                0F2B9CF719D0BAC100B1D1B5 /* FTLExitTimeObjectMaterialization.h in Headers */,
                                0FB7F39715ED8E4600F167B2 /* Butterfly.h in Headers */,
                                0FB7F39815ED8E4600F167B2 /* ButterflyInlines.h in Headers */,
+                               62D2D3901ADF103F000206C1 /* FunctionRareData.h in Headers */,
                                C2FCAE1117A9C24E0034C735 /* BytecodeBasicBlock.h in Headers */,
                                0F21C27F14BEAA8200ADC64B /* BytecodeConventions.h in Headers */,
                                969A07230ED1CE3300F1F681 /* BytecodeGenerator.h in Headers */,
                                A5BA15EC182340B400A82E69 /* RemoteInspectorDebuggableConnection.mm in Sources */,
                                A5BA15EE182340B400A82E69 /* RemoteInspectorXPCConnection.mm in Sources */,
                                0F24E55017EE274900ABB217 /* Repatch.cpp in Sources */,
+                               62D2D38F1ADF103F000206C1 /* FunctionRareData.cpp in Sources */,
                                0F7700921402FF3C0078EB39 /* SamplingCounter.cpp in Sources */,
                                1429D8850ED21C3D00B89619 /* SamplingTool.cpp in Sources */,
                                70EC0EC61AA0D7DA00B6AAFA /* StringIteratorPrototype.cpp in Sources */,
index b7a6049135d13b8de34cbae041c515ea5bad253b..93c1ce3474b138a8388fc00c2fa7db577bac6c87 100644 (file)
@@ -229,7 +229,7 @@ JSCell* JIT_OPERATION operationCreateThis(ExecState* exec, JSObject* constructor
     ASSERT(jsCast<JSFunction*>(constructor)->methodTable(vm)->getConstructData(jsCast<JSFunction*>(constructor), constructData) == ConstructTypeJS);
 #endif
     
-    return constructEmptyObject(exec, jsCast<JSFunction*>(constructor)->allocationProfile(exec, inlineCapacity)->structure());
+    return constructEmptyObject(exec, jsCast<JSFunction*>(constructor)->rareData(exec, inlineCapacity)->allocationProfile()->structure());
 }
 
 EncodedJSValue JIT_OPERATION operationValueAdd(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
index d574d54eb07e2d25123a8c69c57570a5d82f8c7e..2cb085775836e8c91f45f85c9cffc9bb7a4e0306 100644 (file)
@@ -3497,12 +3497,16 @@ void SpeculativeJIT::compile(Node* node)
         GPRReg allocatorGPR = allocator.gpr();
         GPRReg structureGPR = structure.gpr();
         GPRReg scratchGPR = scratch.gpr();
+        // Rare data is only used to access the allocator & structure
+        // We can avoid using an additional GPR this way
+        GPRReg rareDataGPR = structureGPR;
         
         MacroAssembler::JumpList slowPath;
 
-        m_jit.loadPtr(JITCompiler::Address(calleeGPR, JSFunction::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()), allocatorGPR);
-        m_jit.loadPtr(JITCompiler::Address(calleeGPR, JSFunction::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()), structureGPR);
-        slowPath.append(m_jit.branchTestPtr(MacroAssembler::Zero, allocatorGPR));
+        m_jit.loadPtr(JITCompiler::Address(calleeGPR, JSFunction::offsetOfRareData()), rareDataGPR);
+        slowPath.append(m_jit.branchTestPtr(MacroAssembler::Zero, rareDataGPR));
+        m_jit.loadPtr(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()), allocatorGPR);
+        m_jit.loadPtr(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()), structureGPR);
         emitAllocateJSObject(resultGPR, allocatorGPR, structureGPR, TrustedImmPtr(0), scratchGPR, slowPath);
 
         addSlowPathGenerator(slowPathCall(slowPath, this, operationCreateThis, resultGPR, calleeGPR, node->inlineCapacity()));
index bdf1e66bed382d5239832dfd8489ec61a5680902..44980b1ba623322ff9bd60e3b749f5b86970da1a 100644 (file)
@@ -3568,12 +3568,16 @@ void SpeculativeJIT::compile(Node* node)
         GPRReg allocatorGPR = allocator.gpr();
         GPRReg structureGPR = structure.gpr();
         GPRReg scratchGPR = scratch.gpr();
+        // Rare data is only used to access the allocator & structure
+        // We can avoid using an additional GPR this way
+        GPRReg rareDataGPR = structureGPR;
 
         MacroAssembler::JumpList slowPath;
-        
-        m_jit.loadPtr(JITCompiler::Address(calleeGPR, JSFunction::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()), allocatorGPR);
-        m_jit.loadPtr(JITCompiler::Address(calleeGPR, JSFunction::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()), structureGPR);
-        slowPath.append(m_jit.branchTestPtr(MacroAssembler::Zero, allocatorGPR));
+
+        m_jit.loadPtr(JITCompiler::Address(calleeGPR, JSFunction::offsetOfRareData()), rareDataGPR);
+        slowPath.append(m_jit.branchTestPtr(MacroAssembler::Zero, rareDataGPR));
+        m_jit.loadPtr(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()), allocatorGPR);
+        m_jit.loadPtr(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()), structureGPR);
         emitAllocateJSObject(resultGPR, allocatorGPR, structureGPR, TrustedImmPtr(0), scratchGPR, slowPath);
 
         addSlowPathGenerator(slowPathCall(slowPath, this, operationCreateThis, resultGPR, calleeGPR, node->inlineCapacity()));
index 9834806082e956c09575d090f203d62e30818fee..4e821d0c3d5a3c5e6580d10396ec288963886b56 100644 (file)
@@ -695,15 +695,17 @@ void JIT::emit_op_create_this(Instruction* currentInstruction)
 {
     int callee = currentInstruction[2].u.operand;
     RegisterID calleeReg = regT0;
+    RegisterID rareDataReg = regT0;
     RegisterID resultReg = regT0;
     RegisterID allocatorReg = regT1;
     RegisterID structureReg = regT2;
     RegisterID scratchReg = regT3;
 
     emitGetVirtualRegister(callee, calleeReg);
-    loadPtr(Address(calleeReg, JSFunction::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()), allocatorReg);
-    loadPtr(Address(calleeReg, JSFunction::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()), structureReg);
-    addSlowCase(branchTestPtr(Zero, allocatorReg));
+    loadPtr(Address(calleeReg, JSFunction::offsetOfRareData()), rareDataReg);
+    addSlowCase(branchTestPtr(Zero, rareDataReg));
+    loadPtr(Address(rareDataReg, FunctionRareData::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()), allocatorReg);
+    loadPtr(Address(rareDataReg, FunctionRareData::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()), structureReg);
 
     emitAllocateJSObject(allocatorReg, structureReg, resultReg, scratchReg);
     emitPutVirtualRegister(currentInstruction[1].u.operand);
index 6835eebf935c0358c532ba89c040a3016830ea07..476165725a36e24bb2a7233ac31d52ea26b9b6f5 100644 (file)
@@ -914,15 +914,17 @@ void JIT::emit_op_create_this(Instruction* currentInstruction)
 {
     int callee = currentInstruction[2].u.operand;
     RegisterID calleeReg = regT0;
+    RegisterID rareDataReg = regT0;
     RegisterID resultReg = regT0;
     RegisterID allocatorReg = regT1;
     RegisterID structureReg = regT2;
     RegisterID scratchReg = regT3;
 
     emitLoadPayload(callee, calleeReg);
-    loadPtr(Address(calleeReg, JSFunction::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()), allocatorReg);
-    loadPtr(Address(calleeReg, JSFunction::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()), structureReg);
-    addSlowCase(branchTestPtr(Zero, allocatorReg));
+    loadPtr(Address(calleeReg, JSFunction::offsetOfRareData()), rareDataReg);
+    addSlowCase(branchTestPtr(Zero, rareDataReg));
+    loadPtr(Address(rareDataReg, FunctionRareData::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()), allocatorReg);
+    loadPtr(Address(rareDataReg, FunctionRareData::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()), structureReg);
 
     emitAllocateJSObject(allocatorReg, structureReg, resultReg, scratchReg);
     emitStoreCell(currentInstruction[1].u.operand, resultReg);
index 36367609688cf57630e6b1d7ee0af9f44ef72417..390c1c064d71843e5f86cd5f64e1a5ccccebed08 100644 (file)
@@ -740,9 +740,10 @@ _llint_op_create_this:
     traceExecution()
     loadi 8[PC], t0
     loadp PayloadOffset[cfr, t0, 8], t0
-    loadp JSFunction::m_allocationProfile + ObjectAllocationProfile::m_allocator[t0], t1
-    loadp JSFunction::m_allocationProfile + ObjectAllocationProfile::m_structure[t0], t2
-    btpz t1, .opCreateThisSlow
+    loadp JSFunction::m_rareData[t0], t4
+    btpz t4, .opCreateThisSlow
+    loadp FunctionRareData::m_allocationProfile + ObjectAllocationProfile::m_allocator[t4], t1
+    loadp FunctionRareData::m_allocationProfile + ObjectAllocationProfile::m_structure[t4], t2
     allocateJSObject(t1, t2, t0, t3, .opCreateThisSlow)
     loadi 4[PC], t1
     storei CellTag, TagOffset[cfr, t1, 8]
index f92816bdc2df87bdb376629378228646d2e2c1c3..9035e0f955eee77617686ad7a629588febf04601 100644 (file)
@@ -626,9 +626,10 @@ _llint_op_create_this:
     traceExecution()
     loadisFromInstruction(2, t0)
     loadp [cfr, t0, 8], t0
-    loadp JSFunction::m_allocationProfile + ObjectAllocationProfile::m_allocator[t0], t1
-    loadp JSFunction::m_allocationProfile + ObjectAllocationProfile::m_structure[t0], t2
-    btpz t1, .opCreateThisSlow
+    loadp JSFunction::m_rareData[t0], t4
+    btpz t4, .opCreateThisSlow
+    loadp FunctionRareData::m_allocationProfile + ObjectAllocationProfile::m_allocator[t4], t1
+    loadp FunctionRareData::m_allocationProfile + ObjectAllocationProfile::m_structure[t4], t2
     allocateJSObject(t1, t2, t0, t3, .opCreateThisSlow)
     loadisFromInstruction(1, t1)
     storeq t0, [cfr, t1, 8]
index ea376e984f56f5a5bdb0725965ed62341d8835d2..b8fa1abf8006e2af83932bc8970e82deaf1d6948 100644 (file)
@@ -236,7 +236,7 @@ SLOW_PATH_DECL(slow_path_create_this)
 #endif
 
     size_t inlineCapacity = pc[3].u.operand;
-    Structure* structure = constructor->allocationProfile(exec, inlineCapacity)->structure();
+    Structure* structure = constructor->rareData(exec, inlineCapacity)->allocationProfile()->structure();
     RETURN(constructEmptyObject(exec, structure));
 }
 
diff --git a/Source/JavaScriptCore/runtime/FunctionRareData.cpp b/Source/JavaScriptCore/runtime/FunctionRareData.cpp
new file mode 100644 (file)
index 0000000..1624f13
--- /dev/null
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "FunctionRareData.h"
+
+#include "JSCInlines.h"
+
+namespace JSC {
+
+const ClassInfo FunctionRareData::s_info = { "FunctionRareData", 0, 0, CREATE_METHOD_TABLE(FunctionRareData) };
+
+FunctionRareData* FunctionRareData::create(VM& vm, JSObject* prototype, size_t inlineCapacity)
+{
+    FunctionRareData* rareData = new (NotNull, allocateCell<FunctionRareData>(vm.heap)) FunctionRareData(vm);
+    rareData->finishCreation(vm, prototype, inlineCapacity);
+    return rareData;
+}
+
+void FunctionRareData::destroy(JSCell* cell)
+{
+    FunctionRareData* rareData = static_cast<FunctionRareData*>(cell);
+    rareData->FunctionRareData::~FunctionRareData();
+}
+
+Structure* FunctionRareData::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+{
+    return Structure::create(vm, globalObject, prototype, TypeInfo(CellType, StructureFlags), info());
+}
+
+void FunctionRareData::visitChildren(JSCell* cell, SlotVisitor& visitor)
+{
+    FunctionRareData* rareData = jsCast<FunctionRareData*>(cell);
+
+    rareData->m_allocationProfile.visitAggregate(visitor);
+}
+
+FunctionRareData::FunctionRareData(VM& vm)
+    : Base(vm, vm.functionRareDataStructure.get())
+    , m_allocationProfile()
+    // We initialize blind so that changes to the prototype after function creation but before
+    // the optimizer kicks in don't disable optimizations. Once the optimizer kicks in, the
+    // watchpoint will start watching and any changes will both force deoptimization and disable
+    // future attempts to optimize. This is necessary because we are guaranteed that the
+    // allocation profile is changed exactly once prior to optimizations kicking in. We could be
+    // smarter and count the number of times the prototype is clobbered and only optimize if it
+    // was clobbered exactly once, but that seems like overkill. In almost all cases it will be
+    // clobbered once, and if it's clobbered more than once, that will probably only occur
+    // before we started optimizing, anyway.
+    , m_allocationProfileWatchpoint(ClearWatchpoint)
+{
+}
+
+FunctionRareData::~FunctionRareData()
+{
+}
+
+void FunctionRareData::finishCreation(VM& vm, JSObject* prototype, size_t inlineCapacity)
+{
+    Base::finishCreation(vm);
+    m_allocationProfile.initialize(vm, this, prototype, inlineCapacity);
+}
+
+}
diff --git a/Source/JavaScriptCore/runtime/FunctionRareData.h b/Source/JavaScriptCore/runtime/FunctionRareData.h
new file mode 100644 (file)
index 0000000..2423bce
--- /dev/null
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef FunctionRareData_h
+#define FunctionRareData_h
+
+#include "JSCell.h"
+#include "ObjectAllocationProfile.h"
+#include "Watchpoint.h"
+
+namespace JSC {
+
+class JSGlobalObject;
+class LLIntOffsetsExtractor;
+namespace DFG {
+class SpeculativeJIT;
+class JITCompiler;
+}
+
+class FunctionRareData : public JSCell {
+    friend class JIT;
+    friend class DFG::SpeculativeJIT;
+    friend class DFG::JITCompiler;
+    friend class VM;
+    
+public:
+    typedef JSCell Base;
+    static const unsigned StructureFlags = StructureIsImmortal | Base::StructureFlags;
+
+    static FunctionRareData* create(VM&, JSObject* prototype, size_t inlineCapacity);
+
+    static const bool needsDestruction = true;
+    static void destroy(JSCell*);
+
+    static Structure* createStructure(VM&, JSGlobalObject*, JSValue prototype);
+
+    static void visitChildren(JSCell*, SlotVisitor&);
+
+    DECLARE_INFO;
+
+    static inline ptrdiff_t offsetOfAllocationProfile()
+    {
+        return OBJECT_OFFSETOF(FunctionRareData, m_allocationProfile);
+    }
+
+    ObjectAllocationProfile* allocationProfile()
+    {
+        return &m_allocationProfile;
+    }
+
+    Structure* allocationStructure() { return m_allocationProfile.structure(); }
+
+    InlineWatchpointSet& allocationProfileWatchpointSet()
+    {
+        return m_allocationProfileWatchpoint;
+    }
+
+protected:
+    FunctionRareData(VM&);
+    ~FunctionRareData();
+
+    void finishCreation(VM&, JSObject* prototype, size_t inlineCapacity);
+    using Base::finishCreation;
+
+private:
+
+    friend class LLIntOffsetsExtractor;
+
+    ObjectAllocationProfile m_allocationProfile;
+    InlineWatchpointSet m_allocationProfileWatchpoint;
+};
+
+} // namespace JSC
+
+#endif // FunctionRareData_h
index 6d015b04ab7865cacd297d6979ff2e7570302390..8c5cc2ed390482eac2e775a4f0c2d2d5c4c99e61 100644 (file)
@@ -86,11 +86,6 @@ JSBoundFunction* JSBoundFunction::create(VM& vm, JSGlobalObject* globalObject, J
     return function;
 }
 
-void JSBoundFunction::destroy(JSCell* cell)
-{
-    static_cast<JSBoundFunction*>(cell)->JSBoundFunction::~JSBoundFunction();
-}
-
 bool JSBoundFunction::customHasInstance(JSObject* object, ExecState* exec, JSValue value)
 {
     return jsCast<JSBoundFunction*>(object)->m_targetFunction->hasInstance(exec, value);
index 1795c962f17361426b5fa0618ca0e0ca5b3d8c41..af2a6323d5371e20560c0f2556cc5b87f62568e9 100644 (file)
@@ -40,8 +40,6 @@ public:
 
     static JSBoundFunction* create(VM&, JSGlobalObject*, JSObject* targetFunction, JSValue boundThis, JSValue boundArgs, int, const String&);
     
-    static void destroy(JSCell*);
-
     static bool customHasInstance(JSObject*, ExecState*, JSValue);
 
     JSObject* targetFunction() { return m_targetFunction.get(); }
index 56c837225f1afffd9fafc0c3cd15c9c3ea2da40e..d303296ccfdb945e6f89f17add11313f808e94e9 100644 (file)
@@ -39,11 +39,6 @@ namespace JSC {
 
 const ClassInfo JSCallee::s_info = { "Callee", &Base::s_info, 0, CREATE_METHOD_TABLE(JSCallee) };
 
-void JSCallee::destroy(JSCell* cell)
-{
-    static_cast<JSCallee*>(cell)->JSCallee::~JSCallee();
-}
-
 JSCallee::JSCallee(VM& vm, JSGlobalObject* globalObject, Structure* structure)
     : Base(vm, structure)
     , m_scope(vm, this, globalObject)
index 5cd82bf142000426972f15571ac69559c39e157b..1545eddc7324c5c90f13def5367d19b8c78bd6b9 100644 (file)
@@ -26,8 +26,8 @@
 #ifndef JSCallee_h
 #define JSCallee_h
 
-#include "JSDestructibleObject.h"
 #include "JSGlobalObject.h"
+#include "JSObject.h"
 #include "JSScope.h"
 
 namespace JSC {
@@ -36,7 +36,7 @@ class JSGlobalObject;
 class LLIntOffsetsExtractor;
 
 
-class JSCallee : public JSDestructibleObject {
+class JSCallee : public JSNonFinalObject {
     friend class JIT;
 #if ENABLE(DFG_JIT)
     friend class DFG::SpeculativeJIT;
@@ -45,7 +45,7 @@ class JSCallee : public JSDestructibleObject {
     friend class VM;
 
 public:
-    typedef JSDestructibleObject Base;
+    typedef JSNonFinalObject Base;
     const static unsigned StructureFlags = Base::StructureFlags | ImplementsHasInstance;
 
     static JSCallee* create(VM& vm, JSGlobalObject* globalObject, JSScope* scope)
@@ -55,8 +55,6 @@ public:
         return callee;
     }
     
-    static void destroy(JSCell*);
-
     JSScope* scope()
     {
         return m_scope.get();
index 40add08761ee4501c50861485017a0e29b81dba6..6840a40b2e90306e35f254b1f52197727c84df2c 100644 (file)
@@ -85,24 +85,9 @@ JSFunction* JSFunction::create(VM& vm, JSGlobalObject* globalObject, int length,
     return function;
 }
 
-void JSFunction::destroy(JSCell* cell)
-{
-    static_cast<JSFunction*>(cell)->JSFunction::~JSFunction();
-}
-
 JSFunction::JSFunction(VM& vm, JSGlobalObject* globalObject, Structure* structure)
     : Base(vm, globalObject, structure)
     , m_executable()
-    // We initialize blind so that changes to the prototype after function creation but before
-    // the optimizer kicks in don't disable optimizations. Once the optimizer kicks in, the
-    // watchpoint will start watching and any changes will both force deoptimization and disable
-    // future attempts to optimize. This is necessary because we are guaranteed that the
-    // allocation profile is changed exactly once prior to optimizations kicking in. We could be
-    // smarter and count the number of times the prototype is clobbered and only optimize if it
-    // was clobbered exactly once, but that seems like overkill. In almost all cases it will be
-    // clobbered once, and if it's clobbered more than once, that will probably only occur
-    // before we started optimizing, anyway.
-    , m_allocationProfileWatchpoint(ClearWatchpoint)
 {
 }
 
@@ -123,14 +108,15 @@ JSFunction* JSFunction::createBuiltinFunction(VM& vm, FunctionExecutable* execut
     return function;
 }
 
-ObjectAllocationProfile* JSFunction::createAllocationProfile(ExecState* exec, size_t inlineCapacity)
+FunctionRareData* JSFunction::createRareData(ExecState* exec, size_t inlineCapacity)
 {
     VM& vm = exec->vm();
     JSObject* prototype = jsDynamicCast<JSObject*>(get(exec, vm.propertyNames->prototype));
     if (!prototype)
         prototype = globalObject()->objectPrototype();
-    m_allocationProfile.initialize(globalObject()->vm(), this, prototype, inlineCapacity);
-    return &m_allocationProfile;
+    FunctionRareData* rareData = FunctionRareData::create(vm, prototype, inlineCapacity);
+    m_rareData.set(vm, this, rareData);
+    return m_rareData.get();
 }
 
 String JSFunction::name(ExecState* exec)
@@ -176,7 +162,8 @@ void JSFunction::visitChildren(JSCell* cell, SlotVisitor& visitor)
     Base::visitChildren(thisObject, visitor);
 
     visitor.append(&thisObject->m_executable);
-    thisObject->m_allocationProfile.visitAggregate(visitor);
+    if (thisObject->m_rareData)
+        visitor.append(&thisObject->m_rareData);
 }
 
 CallType JSFunction::getCallData(JSCell* cell, CallData& callData)
@@ -402,9 +389,11 @@ void JSFunction::put(JSCell* cell, ExecState* exec, PropertyName propertyName, J
         // following the rules set out in ECMA-262 8.12.9.
         PropertySlot slot(thisObject);
         thisObject->methodTable(exec->vm())->getOwnPropertySlot(thisObject, exec, propertyName, slot);
-        thisObject->m_allocationProfile.clear();
-        thisObject->m_allocationProfileWatchpoint.fireAll("Store to prototype property of a function");
-        // Don't allow this to be cached, since a [[Put]] must clear m_allocationProfile.
+        if (thisObject->m_rareData) {
+            thisObject->m_rareData->allocationProfileWatchpointSet().fireAll("Store to prototype property of a function");
+            thisObject->m_rareData.clear();
+        }
+        // Don't allow this to be cached, since a [[Put]] must clear m_rareData.
         PutPropertySlot dontCache(thisObject);
         Base::put(thisObject, exec, propertyName, value, dontCache);
         return;
@@ -449,8 +438,10 @@ bool JSFunction::defineOwnProperty(JSObject* object, ExecState* exec, PropertyNa
         // following the rules set out in ECMA-262 8.12.9.
         PropertySlot slot(thisObject);
         thisObject->methodTable(exec->vm())->getOwnPropertySlot(thisObject, exec, propertyName, slot);
-        thisObject->m_allocationProfile.clear();
-        thisObject->m_allocationProfileWatchpoint.fireAll("Store to prototype property of a function");
+        if (thisObject->m_rareData) {
+            thisObject->m_rareData->allocationProfileWatchpointSet().fireAll("Store to prototype property of a function");
+            thisObject->m_rareData.clear();
+        }
         return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException);
     }
 
index ef47776d419e1bffa7f5a80a8af6acbb132ab924..211cffdc11e50b613fe526abe8ca590764b4af35 100644 (file)
 #ifndef JSFunction_h
 #define JSFunction_h
 
+#include "FunctionRareData.h"
 #include "InternalFunction.h"
 #include "JSCallee.h"
 #include "JSScope.h"
-#include "ObjectAllocationProfile.h"
 #include "Watchpoint.h"
 
 namespace JSC {
@@ -48,7 +48,7 @@ class JITCompiler;
 JS_EXPORT_PRIVATE EncodedJSValue JSC_HOST_CALL callHostFunctionAsConstructor(ExecState*);
 
 JS_EXPORT_PRIVATE String getCalculatedDisplayName(CallFrame*, JSObject*);
-    
+
 class JSFunction : public JSCallee {
     friend class JIT;
     friend class DFG::SpeculativeJIT;
@@ -67,8 +67,6 @@ public:
 
     static JSFunction* createBuiltinFunction(VM&, FunctionExecutable*, JSGlobalObject*);
 
-    static void destroy(JSCell*);
-
     JS_EXPORT_PRIVATE String name(ExecState*);
     JS_EXPORT_PRIVATE String displayName(ExecState*);
     const String calculatedDisplayName(ExecState*);
@@ -100,23 +98,28 @@ public:
         return OBJECT_OFFSETOF(JSFunction, m_executable);
     }
 
-    static inline ptrdiff_t offsetOfAllocationProfile()
+    static inline ptrdiff_t offsetOfRareData()
     {
-        return OBJECT_OFFSETOF(JSFunction, m_allocationProfile);
+        return OBJECT_OFFSETOF(JSFunction, m_rareData);
     }
 
-    ObjectAllocationProfile* allocationProfile(ExecState* exec, unsigned inlineCapacity)
+    FunctionRareData* rareData(ExecState* exec, unsigned inlineCapacity)
     {
-        if (UNLIKELY(m_allocationProfile.isNull()))
-            return createAllocationProfile(exec, inlineCapacity);
-        return &m_allocationProfile;
+        if (UNLIKELY(!m_rareData))
+            return createRareData(exec, inlineCapacity);
+        return m_rareData.get();
     }
 
-    Structure* allocationStructure() { return m_allocationProfile.structure(); }
+    Structure* allocationStructure()
+    {
+        ASSERT(m_rareData);
+        return m_rareData.get()->allocationStructure();
+    }
 
     InlineWatchpointSet& allocationProfileWatchpointSet()
     {
-        return m_allocationProfileWatchpoint;
+        ASSERT(m_rareData);
+        return m_rareData.get()->allocationProfileWatchpointSet();
     }
 
     bool isHostOrBuiltinFunction() const;
@@ -131,7 +134,7 @@ protected:
     void finishCreation(VM&, NativeExecutable*, int length, const String& name);
     using Base::finishCreation;
 
-    ObjectAllocationProfile* createAllocationProfile(ExecState*, size_t inlineCapacity);
+    FunctionRareData* createRareData(ExecState*, size_t inlineCapacity);
 
     static bool getOwnPropertySlot(JSObject*, ExecState*, PropertyName, PropertySlot&);
     static void getOwnNonIndexPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode = EnumerationMode());
@@ -160,8 +163,7 @@ private:
     static EncodedJSValue nameGetter(ExecState*, JSObject*, EncodedJSValue, PropertyName);
 
     WriteBarrier<ExecutableBase> m_executable;
-    ObjectAllocationProfile m_allocationProfile;
-    InlineWatchpointSet m_allocationProfileWatchpoint;
+    WriteBarrier<FunctionRareData> m_rareData;
 };
 
 } // namespace JSC
index fcf38971cf6e8b7414a506780b36a5154d03d57d..f6c6d58ec6e5c1164cb27fa5e41618b4b8142f02 100644 (file)
@@ -41,7 +41,7 @@ inline JSFunction* JSFunction::createWithInvalidatedReallocationWatchpoint(
 inline JSFunction::JSFunction(VM& vm, FunctionExecutable* executable, JSScope* scope)
     : Base(vm, scope, scope->globalObject()->functionStructure())
     , m_executable(vm, this, executable)
-    , m_allocationProfileWatchpoint(ClearWatchpoint) // See comment in JSFunction.cpp concerning the reason for using ClearWatchpoint as opposed to IsWatched.
+    , m_rareData()
 {
 }
 
index c0e83c375aa92ea76c00e17f0a24354907cc9708..41c16bea3a07bcd91ec06942d9d3448de95d5195 100644 (file)
@@ -231,6 +231,7 @@ VM::VM(VMType vmType, HeapType heapType)
     propertyTableStructure.set(*this, PropertyTable::createStructure(*this, 0, jsNull()));
     weakMapDataStructure.set(*this, WeakMapData::createStructure(*this, 0, jsNull()));
     inferredValueStructure.set(*this, InferredValue::createStructure(*this, 0, jsNull()));
+    functionRareDataStructure.set(*this, FunctionRareData::createStructure(*this, 0, jsNull()));
 #if ENABLE(PROMISES)
     promiseDeferredStructure.set(*this, JSPromiseDeferred::createStructure(*this, 0, jsNull()));
     promiseReactionStructure.set(*this, JSPromiseReaction::createStructure(*this, 0, jsNull()));
index e2fa10a49f0ab601fb42a8b059361ae015365738..01eb2574d81a2d406e2b5f4035667dbaa46a8f98 100644 (file)
@@ -271,6 +271,7 @@ public:
     Strong<Structure> propertyTableStructure;
     Strong<Structure> weakMapDataStructure;
     Strong<Structure> inferredValueStructure;
+    Strong<Structure> functionRareDataStructure;
 #if ENABLE(PROMISES)
     Strong<Structure> promiseDeferredStructure;
     Strong<Structure> promiseReactionStructure;
index 5353ec3afb7cf465d25d675730bb992476d84116..16938cb9aaf2149b9351935025f7181db140fe34 100644 (file)
@@ -1,6 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Workspace
    version = "1.0">
+   <FileRef
+      location = "group:Source/JavaScriptCore/runtime/FunctionRareData.cpp">
+   </FileRef>
+   <FileRef
+      location = "group:Source/JavaScriptCore/runtime/FunctionRareData.h">
+   </FileRef>
+   <FileRef
+      location = "group:Source">
+   </FileRef>
    <FileRef
       location = "group:Source/bmalloc/bmalloc.xcodeproj">
    </FileRef>