Skip to site navigation (Press enter)

[webkit-changes] [223123] trunk/Source/JavaScriptCore

sbarati Mon, 09 Oct 2017 22:12:08 -0700

Title: [223123] trunk/Source/_javascript_Core

Revision: 223123
Author: sbar...@apple.com
Date: 2017-10-09 22:11:27 -0700 (Mon, 09 Oct 2017)

Log Message

We don't need to clearEmptyObjectStructureForPrototype because JSGlobalObject* is part of the cache's key
https://bugs.webkit.org/show_bug.cgi?id=177987


Reviewed by Filip Pizlo.

* runtime/JSProxy.cpp:
(JSC::JSProxy::setTarget):
* runtime/PrototypeMap.cpp:
(JSC::PrototypeMap::clearEmptyObjectStructureForPrototype): Deleted.
* runtime/PrototypeMap.h:

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/runtime/JSProxy.cpp
trunk/Source/_javascript_Core/runtime/PrototypeMap.cpp
trunk/Source/_javascript_Core/runtime/PrototypeMap.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (223122 => 223123)


--- trunk/Source/_javascript_Core/ChangeLog	2017-10-10 04:44:51 UTC (rev 223122)
+++ trunk/Source/_javascript_Core/ChangeLog	2017-10-10 05:11:27 UTC (rev 223123)
@@ -1,3 +1,16 @@
+2017-10-09  Saam Barati  <sbar...@apple.com>
+
+        We don't need to clearEmptyObjectStructureForPrototype because JSGlobalObject* is part of the cache's key
+        https://bugs.webkit.org/show_bug.cgi?id=177987
+
+        Reviewed by Filip Pizlo.
+
+        * runtime/JSProxy.cpp:
+        (JSC::JSProxy::setTarget):
+        * runtime/PrototypeMap.cpp:
+        (JSC::PrototypeMap::clearEmptyObjectStructureForPrototype): Deleted.
+        * runtime/PrototypeMap.h:
+
 2017-10-09  Filip Pizlo  <fpi...@apple.com>
 
         JSCell::didBecomePrototype is racy

Modified: trunk/Source/_javascript_Core/runtime/JSProxy.cpp (223122 => 223123)


--- trunk/Source/_javascript_Core/runtime/JSProxy.cpp	2017-10-10 04:44:51 UTC (rev 223122)
+++ trunk/Source/_javascript_Core/runtime/JSProxy.cpp	2017-10-10 05:11:27 UTC (rev 223123)
@@ -45,25 +45,8 @@
 
 void JSProxy::setTarget(VM& vm, JSGlobalObject* globalObject)
 {
-    ASSERT_ARG(globalObject, globalObject);
-    JSGlobalObject* previousGlobalObject = jsCast<JSGlobalObject*>(m_target.get());
-
     m_target.set(vm, this, globalObject);
     setPrototypeDirect(vm, globalObject->getPrototypeDirect());
-
-    PrototypeMap& prototypeMap = vm.prototypeMap;
-    if (!mayBePrototype())
-        return;
-
-    // previousGlobalObject cannot be null because in order for this JSProxy to be used as a prototype
-    // of an object, we must have previously called setTarget() and associated it with a JSGlobalObject.
-    RELEASE_ASSERT(previousGlobalObject);
-
-    // This is slow but constant time. We think it's very rare for a proxy
-    // to be a prototype, and reasonably rare to retarget a proxy,
-    // so slow constant time is OK.
-    for (size_t i = 0; i <= JSFinalObject::maxInlineCapacity(); ++i)
-        prototypeMap.clearEmptyObjectStructureForPrototype(previousGlobalObject, this, i);
 }
 
 String JSProxy::className(const JSObject* object)

Modified: trunk/Source/_javascript_Core/runtime/PrototypeMap.cpp (223122 => 223123)


--- trunk/Source/_javascript_Core/runtime/PrototypeMap.cpp	2017-10-10 04:44:51 UTC (rev 223122)
+++ trunk/Source/_javascript_Core/runtime/PrototypeMap.cpp	2017-10-10 05:11:27 UTC (rev 223123)
@@ -78,10 +78,4 @@
     return createEmptyStructure(globalObject, prototype, JSFinalObject::typeInfo(), JSFinalObject::info(), JSFinalObject::defaultIndexingType, inlineCapacity, makePolyProtoStructure);
 }
 
-void PrototypeMap::clearEmptyObjectStructureForPrototype(JSGlobalObject* globalObject, JSObject* object, unsigned inlineCapacity)
-{
-    m_structures.remove(PrototypeKey(object, inlineCapacity, JSFinalObject::info(), globalObject));
-    m_structures.remove(PrototypeKey(nullptr, inlineCapacity, JSFinalObject::info(), globalObject));
-}
-
 } // namespace JSC

Modified: trunk/Source/_javascript_Core/runtime/PrototypeMap.h (223122 => 223123)


--- trunk/Source/_javascript_Core/runtime/PrototypeMap.h	2017-10-10 04:44:51 UTC (rev 223122)
+++ trunk/Source/_javascript_Core/runtime/PrototypeMap.h	2017-10-10 05:11:27 UTC (rev 223123)
@@ -48,7 +48,6 @@
 
     JS_EXPORT_PRIVATE Structure* emptyObjectStructureForPrototype(JSGlobalObject*, JSObject*, unsigned inlineCapacity, bool makePolyProtoStructure = false);
     JS_EXPORT_PRIVATE Structure* emptyStructureForPrototypeFromBaseStructure(JSGlobalObject*, JSObject*, Structure*);
-    void clearEmptyObjectStructureForPrototype(JSGlobalObject*, JSObject*, unsigned inlineCapacity);
 
 private:
     Structure* createEmptyStructure(JSGlobalObject*, JSObject* prototype, const TypeInfo&, const ClassInfo*, IndexingType, unsigned inlineCapacity, bool makePolyProtoStructure);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes