[webkit-changes] [285004] trunk/Source/JavaScriptCore

Thu, 28 Oct 2021 14:23:13 -0700

Title: [285004] trunk/Source/_javascript_Core
Revision
285004
Author
sbar...@apple.com
Date
2021-10-28 14:22:35 -0700 (Thu, 28 Oct 2021)

Log Message

Don't call type() on Structure, instead call type() on its typeInfo()
https://bugs.webkit.org/show_bug.cgi?id=232414

Reviewed by Yusuke Suzuki.

* dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* runtime/Structure.h:
(JSC::Structure::type):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (285003 => 285004)


--- trunk/Source/_javascript_Core/ChangeLog	2021-10-28 21:21:39 UTC (rev 285003)
+++ trunk/Source/_javascript_Core/ChangeLog	2021-10-28 21:22:35 UTC (rev 285004)
@@ -1,3 +1,19 @@
+2021-10-28  Saam Barati  <sbar...@apple.com>
+
+        Don't call type() on Structure, instead call type() on its typeInfo()
+        https://bugs.webkit.org/show_bug.cgi?id=232414
+
+        Reviewed by Yusuke Suzuki.
+
+        * dfg/DFGOperations.cpp:
+        (JSC::DFG::JSC_DEFINE_JIT_OPERATION):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
+        * runtime/Structure.h:
+        (JSC::Structure::type):
+
 2021-10-27  Dmitry Bezhetskov  <dbezhets...@igalia.com>
 
         [WASM-Function-References] Add call_ref spec tests

Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.cpp (285003 => 285004)


--- trunk/Source/_javascript_Core/dfg/DFGOperations.cpp	2021-10-28 21:21:39 UTC (rev 285003)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.cpp	2021-10-28 21:22:35 UTC (rev 285004)
@@ -3114,7 +3114,7 @@
             length * sizeof(EncodedJSValue));
     }
 
-    if (structure->type() == JSType::ArrayType)
+    if (structure->typeInfo().type() == JSType::ArrayType)
         return bitwise_cast<char*>(JSArray::createWithButterfly(vm, nullptr, structure, butterfly));
     return bitwise_cast<char*>(JSFinalObject::createWithButterfly(vm, structure, butterfly));
 }
@@ -3130,7 +3130,7 @@
             vm, nullptr, 0, structure->outOfLineCapacity(), false, IndexingHeader(), 0);
     }
     
-    if (structure->type() == JSType::ArrayType)
+    if (structure->typeInfo().type() == JSType::ArrayType)
         return JSArray::createWithButterfly(vm, nullptr, structure, butterfly);
     return JSFinalObject::createWithButterfly(vm, structure, butterfly);
 }
@@ -3152,7 +3152,7 @@
             sizeof(EncodedJSValue) * length);
     }
     
-    if (structure->type() == JSType::ArrayType)
+    if (structure->typeInfo().type() == JSType::ArrayType)
         return JSArray::createWithButterfly(vm, nullptr, structure, butterfly);
     return JSFinalObject::createWithButterfly(vm, structure, butterfly);
 }

Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (285003 => 285004)


--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2021-10-28 21:21:39 UTC (rev 285003)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2021-10-28 21:22:35 UTC (rev 285004)
@@ -134,7 +134,7 @@
     }
 
     Allocator allocator;
-    if (structure->type() == JSType::ArrayType)
+    if (structure->typeInfo().type() == JSType::ArrayType)
         allocator = allocatorForNonVirtualConcurrently<JSArray>(vm, JSArray::allocationSize(inlineCapacity), AllocatorForMode::AllocatorIfExists);
     else
         allocator = allocatorForNonVirtualConcurrently<JSFinalObject>(vm, JSFinalObject::allocationSize(inlineCapacity), AllocatorForMode::AllocatorIfExists);

Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (285003 => 285004)


--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp	2021-10-28 21:21:39 UTC (rev 285003)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp	2021-10-28 21:22:35 UTC (rev 285004)
@@ -13866,7 +13866,7 @@
             
             if (structure->outOfLineCapacity() || hasIndexedProperties(structure->indexingType())) {
                 Allocator cellAllocator;
-                if (structure->type() == JSType::ArrayType)
+                if (structure->typeInfo().type() == JSType::ArrayType)
                     cellAllocator = allocatorForNonVirtualConcurrently<JSArray>(vm(), JSArray::allocationSize(structure->inlineCapacity()), AllocatorForMode::AllocatorIfExists);
                 else
                     cellAllocator = allocatorForNonVirtualConcurrently<JSFinalObject>(vm(), JSFinalObject::allocationSize(structure->inlineCapacity()), AllocatorForMode::AllocatorIfExists);

Modified: trunk/Source/_javascript_Core/runtime/Structure.h (285003 => 285004)


--- trunk/Source/_javascript_Core/runtime/Structure.h	2021-10-28 21:21:39 UTC (rev 285003)
+++ trunk/Source/_javascript_Core/runtime/Structure.h	2021-10-28 21:22:35 UTC (rev 285004)
@@ -264,6 +264,10 @@
     // Type accessors.
     TypeInfo typeInfo() const { return m_blob.typeInfo(m_outOfLineTypeFlags); }
     bool isObject() const { return typeInfo().isObject(); }
+protected:
+    // You probably want typeInfo().type()
+    JSType type() { return JSCell::type(); }
+public:
 
     IndexingType indexingType() const { return m_blob.indexingModeIncludingHistory() & AllWritableArrayTypes; }
     IndexingType indexingMode() const  { return m_blob.indexingModeIncludingHistory() & AllArrayTypes; }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to