Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (255541 => 255542)
--- trunk/Source/_javascript_Core/ChangeLog 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-02-01 06:18:18 UTC (rev 255542)
@@ -1,5 +1,66 @@
2020-01-31 Yusuke Suzuki <ysuz...@apple.com>
+ [JSC] Hold StructureID instead of Structure* in PolyProtoAccessChain and DFG::CommonData
+ https://bugs.webkit.org/show_bug.cgi?id=207086
+
+ Reviewed by Mark Lam.
+
+ PolyProtoAccessChain and DFG::CommonData are kept alive so long as associated AccessCase / DFG/FTL CodeBlock
+ is alive. They hold Vector<Structure*> / Vector<WriteBarrier<Structure*>>, but access frequency is low. And
+ We should hold Vector<StructureID> instead to cut 50% of the size.
+
+ * bytecode/AccessCase.cpp:
+ (JSC::AccessCase::commit):
+ (JSC::AccessCase::forEachDependentCell const):
+ (JSC::AccessCase::doesCalls const):
+ (JSC::AccessCase::visitWeak const):
+ (JSC::AccessCase::propagateTransitions const):
+ (JSC::AccessCase::generateWithGuard):
+ * bytecode/AccessCase.h:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::propagateTransitions):
+ (JSC::CodeBlock::determineLiveness):
+ (JSC::CodeBlock::stronglyVisitWeakReferences):
+ * bytecode/GetByStatus.cpp:
+ (JSC::GetByStatus::computeForStubInfoWithoutExitSiteFeedback):
+ * bytecode/InByIdStatus.cpp:
+ (JSC::InByIdStatus::computeFor):
+ (JSC::InByIdStatus::computeForStubInfo):
+ (JSC::InByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
+ * bytecode/InByIdStatus.h:
+ * bytecode/InstanceOfStatus.cpp:
+ (JSC::InstanceOfStatus::computeFor):
+ (JSC::InstanceOfStatus::computeForStubInfo):
+ * bytecode/InstanceOfStatus.h:
+ * bytecode/PolyProtoAccessChain.cpp:
+ (JSC::PolyProtoAccessChain::create):
+ (JSC::PolyProtoAccessChain::needImpurePropertyWatchpoint const):
+ (JSC::PolyProtoAccessChain::dump const):
+ * bytecode/PolyProtoAccessChain.h:
+ (JSC::PolyProtoAccessChain::chain const):
+ (JSC::PolyProtoAccessChain::forEach const):
+ (JSC::PolyProtoAccessChain::slotBaseStructure const):
+ (JSC::PolyProtoAccessChain:: const): Deleted.
+ * bytecode/PolymorphicAccess.cpp:
+ (JSC::PolymorphicAccess::regenerate):
+ * bytecode/PutByIdStatus.cpp:
+ (JSC::PutByIdStatus::computeForStubInfo):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::summary const):
+ (JSC::StructureStubInfo::summary):
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGCommonData.h:
+ * dfg/DFGDesiredWeakReferences.cpp:
+ (JSC::DFG::DesiredWeakReferences::reallyAdd):
+ * dfg/DFGPlan.cpp:
+ (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
+ * jit/Repatch.cpp:
+ (JSC::tryCacheGetBy):
+ (JSC::tryCachePutByID):
+ (JSC::tryCacheInByID):
+
+2020-01-31 Yusuke Suzuki <ysuz...@apple.com>
+
[JSC] ShrinkToFit some vectors kept by JIT data structures
https://bugs.webkit.org/show_bug.cgi?id=207085
Modified: trunk/Source/_javascript_Core/bytecode/AccessCase.cpp (255541 => 255542)
--- trunk/Source/_javascript_Core/bytecode/AccessCase.cpp 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/bytecode/AccessCase.cpp 2020-02-01 06:18:18 UTC (rev 255542)
@@ -190,7 +190,7 @@
if (m_identifier) {
if ((structure && structure->needImpurePropertyWatchpoint())
|| m_conditionSet.needImpurePropertyWatchpoint()
- || (m_polyProtoAccessChain && m_polyProtoAccessChain->needImpurePropertyWatchpoint()))
+ || (m_polyProtoAccessChain && m_polyProtoAccessChain->needImpurePropertyWatchpoint(vm)))
result.append(vm.ensureWatchpointSetForImpureProperty(m_identifier.uid()));
}
@@ -399,14 +399,14 @@
}
template<typename Functor>
-void AccessCase::forEachDependentCell(const Functor& functor) const
+void AccessCase::forEachDependentCell(VM& vm, const Functor& functor) const
{
m_conditionSet.forEachDependentCell(functor);
if (m_structure)
functor(m_structure.get());
if (m_polyProtoAccessChain) {
- for (Structure* structure : m_polyProtoAccessChain->chain())
- functor(structure);
+ for (StructureID structureID : m_polyProtoAccessChain->chain())
+ functor(vm.getStructure(structureID));
}
switch (type()) {
@@ -477,7 +477,7 @@
}
}
-bool AccessCase::doesCalls(Vector<JSCell*>* cellsToMarkIfDoesCalls) const
+bool AccessCase::doesCalls(VM& vm, Vector<JSCell*>* cellsToMarkIfDoesCalls) const
{
bool doesCalls = false;
switch (type()) {
@@ -528,7 +528,7 @@
}
if (doesCalls && cellsToMarkIfDoesCalls) {
- forEachDependentCell([&](JSCell* cell) {
+ forEachDependentCell(vm, [&](JSCell* cell) {
cellsToMarkIfDoesCalls->append(cell);
});
}
@@ -685,7 +685,7 @@
}
bool isValid = true;
- forEachDependentCell([&](JSCell* cell) {
+ forEachDependentCell(vm, [&](JSCell* cell) {
isValid &= vm.heap.isMarked(cell);
});
return isValid;
@@ -699,8 +699,8 @@
result &= m_structure->markIfCheap(visitor);
if (m_polyProtoAccessChain) {
- for (Structure* structure : m_polyProtoAccessChain->chain())
- result &= structure->markIfCheap(visitor);
+ for (StructureID structureID : m_polyProtoAccessChain->chain())
+ result &= visitor.vm().getStructure(structureID)->markIfCheap(visitor);
}
switch (m_type) {
@@ -755,7 +755,7 @@
if (m_polyProtoAccessChain) {
GPRReg baseForAccessGPR = state.scratchGPR;
jit.move(state.baseGPR, baseForAccessGPR);
- m_polyProtoAccessChain->forEach(structure(), [&] (Structure* structure, bool atEnd) {
+ m_polyProtoAccessChain->forEach(vm, structure(), [&] (Structure* structure, bool atEnd) {
fallThrough.append(
jit.branchStructure(
CCallHelpers::NotEqual,
Modified: trunk/Source/_javascript_Core/bytecode/AccessCase.h (255541 => 255542)
--- trunk/Source/_javascript_Core/bytecode/AccessCase.h 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/bytecode/AccessCase.h 2020-02-01 06:18:18 UTC (rev 255542)
@@ -179,7 +179,7 @@
// If you supply the optional vector, this will append the set of cells that this will need to keep alive
// past the call.
- bool doesCalls(Vector<JSCell*>* cellsToMark = nullptr) const;
+ bool doesCalls(VM&, Vector<JSCell*>* cellsToMark = nullptr) const;
bool isCustom() const
{
@@ -268,7 +268,7 @@
friend class PolymorphicAccess;
template<typename Functor>
- void forEachDependentCell(const Functor&) const;
+ void forEachDependentCell(VM&, const Functor&) const;
void visitAggregate(SlotVisitor&) const;
bool visitWeak(VM&) const;
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (255541 => 255542)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2020-02-01 06:18:18 UTC (rev 255542)
@@ -1133,8 +1133,8 @@
dfgCommon->recordedStatuses.markIfCheap(visitor);
- for (auto& weakReference : dfgCommon->weakStructureReferences)
- weakReference->markIfCheap(visitor);
+ for (StructureID structureID : dfgCommon->weakStructureReferences)
+ vm.getStructure(structureID)->markIfCheap(visitor);
for (auto& transition : dfgCommon->transitions) {
if (shouldMarkTransition(vm, transition)) {
@@ -1193,8 +1193,9 @@
}
}
if (allAreLiveSoFar) {
- for (unsigned i = 0; i < dfgCommon->weakStructureReferences.size(); ++i) {
- if (!vm.heap.isMarked(dfgCommon->weakStructureReferences[i].get())) {
+ for (StructureID structureID : dfgCommon->weakStructureReferences) {
+ Structure* structure = vm.getStructure(structureID);
+ if (!vm.heap.isMarked(structure)) {
allAreLiveSoFar = false;
break;
}
@@ -1720,8 +1721,8 @@
for (auto& weakReference : dfgCommon->weakReferences)
visitor.append(weakReference);
- for (auto& weakStructureReference : dfgCommon->weakStructureReferences)
- visitor.append(weakStructureReference);
+ for (StructureID structureID : dfgCommon->weakStructureReferences)
+ visitor.appendUnbarriered(visitor.vm().getStructure(structureID));
dfgCommon->livenessHasBeenProved = true;
#endif
Modified: trunk/Source/_javascript_Core/bytecode/GetByStatus.cpp (255541 => 255542)
--- trunk/Source/_javascript_Core/bytecode/GetByStatus.cpp 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/bytecode/GetByStatus.cpp 2020-02-01 06:18:18 UTC (rev 255542)
@@ -168,7 +168,7 @@
GetByStatus GetByStatus::computeForStubInfoWithoutExitSiteFeedback(
const ConcurrentJSLocker& locker, CodeBlock* profiledBlock, StructureStubInfo* stubInfo, CallLinkStatus::ExitSiteData callExitSiteData)
{
- StubInfoSummary summary = StructureStubInfo::summary(stubInfo);
+ StubInfoSummary summary = StructureStubInfo::summary(profiledBlock->vm(), stubInfo);
if (!isInlineable(summary))
return GetByStatus(summary, *stubInfo);
Modified: trunk/Source/_javascript_Core/bytecode/InByIdStatus.cpp (255541 => 255542)
--- trunk/Source/_javascript_Core/bytecode/InByIdStatus.cpp 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/bytecode/InByIdStatus.cpp 2020-02-01 06:18:18 UTC (rev 255542)
@@ -50,7 +50,7 @@
InByIdStatus result;
#if ENABLE(DFG_JIT)
- result = computeForStubInfoWithoutExitSiteFeedback(locker, map.get(CodeOrigin(bytecodeIndex)).stubInfo, uid);
+ result = computeForStubInfoWithoutExitSiteFeedback(locker, profiledBlock->vm(), map.get(CodeOrigin(bytecodeIndex)).stubInfo, uid);
if (!result.takesSlowPath() && didExit)
return InByIdStatus(TakesSlowPath);
@@ -96,7 +96,7 @@
InByIdStatus result;
{
ConcurrentJSLocker locker(context->optimizedCodeBlock->m_lock);
- result = computeForStubInfoWithoutExitSiteFeedback(locker, status.stubInfo, uid);
+ result = computeForStubInfoWithoutExitSiteFeedback(locker, profiledBlock->vm(), status.stubInfo, uid);
}
if (result.isSet())
return bless(result);
@@ -114,7 +114,7 @@
#if ENABLE(DFG_JIT)
InByIdStatus InByIdStatus::computeForStubInfo(const ConcurrentJSLocker& locker, CodeBlock* profiledBlock, StructureStubInfo* stubInfo, CodeOrigin codeOrigin, UniquedStringImpl* uid)
{
- InByIdStatus result = InByIdStatus::computeForStubInfoWithoutExitSiteFeedback(locker, stubInfo, uid);
+ InByIdStatus result = InByIdStatus::computeForStubInfoWithoutExitSiteFeedback(locker, profiledBlock->vm(), stubInfo, uid);
if (!result.takesSlowPath() && hasBadCacheExitSite(profiledBlock, codeOrigin.bytecodeIndex()))
return InByIdStatus(TakesSlowPath);
@@ -121,9 +121,9 @@
return result;
}
-InByIdStatus InByIdStatus::computeForStubInfoWithoutExitSiteFeedback(const ConcurrentJSLocker&, StructureStubInfo* stubInfo, UniquedStringImpl* uid)
+InByIdStatus InByIdStatus::computeForStubInfoWithoutExitSiteFeedback(const ConcurrentJSLocker&, VM& vm, StructureStubInfo* stubInfo, UniquedStringImpl* uid)
{
- StubInfoSummary summary = StructureStubInfo::summary(stubInfo);
+ StubInfoSummary summary = StructureStubInfo::summary(vm, stubInfo);
if (!isInlineable(summary))
return InByIdStatus(summary);
Modified: trunk/Source/_javascript_Core/bytecode/InByIdStatus.h (255541 => 255542)
--- trunk/Source/_javascript_Core/bytecode/InByIdStatus.h 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/bytecode/InByIdStatus.h 2020-02-01 06:18:18 UTC (rev 255542)
@@ -113,7 +113,7 @@
private:
#if ENABLE(DFG_JIT)
- static InByIdStatus computeForStubInfoWithoutExitSiteFeedback(const ConcurrentJSLocker&, StructureStubInfo*, UniquedStringImpl* uid);
+ static InByIdStatus computeForStubInfoWithoutExitSiteFeedback(const ConcurrentJSLocker&, VM&, StructureStubInfo*, UniquedStringImpl* uid);
#endif
bool appendVariant(const InByIdVariant&);
Modified: trunk/Source/_javascript_Core/bytecode/InstanceOfStatus.cpp (255541 => 255542)
--- trunk/Source/_javascript_Core/bytecode/InstanceOfStatus.cpp 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/bytecode/InstanceOfStatus.cpp 2020-02-01 06:18:18 UTC (rev 255542)
@@ -46,7 +46,7 @@
InstanceOfStatus result;
#if ENABLE(DFG_JIT)
- result = computeForStubInfo(locker, infoMap.get(CodeOrigin(bytecodeIndex)).stubInfo);
+ result = computeForStubInfo(locker, codeBlock->vm(), infoMap.get(CodeOrigin(bytecodeIndex)).stubInfo);
if (!result.takesSlowPath()) {
UnlinkedCodeBlock* unlinkedCodeBlock = codeBlock->unlinkedCodeBlock();
@@ -66,12 +66,12 @@
}
#if ENABLE(DFG_JIT)
-InstanceOfStatus InstanceOfStatus::computeForStubInfo(const ConcurrentJSLocker&, StructureStubInfo* stubInfo)
+InstanceOfStatus InstanceOfStatus::computeForStubInfo(const ConcurrentJSLocker&, VM& vm, StructureStubInfo* stubInfo)
{
// FIXME: We wouldn't have to bail for nonCell if we taught MatchStructure how to handle non
// cells. If we fixed that then we wouldn't be able to use summary();
// https://bugs.webkit.org/show_bug.cgi?id=185784
- StubInfoSummary summary = StructureStubInfo::summary(stubInfo);
+ StubInfoSummary summary = StructureStubInfo::summary(vm, stubInfo);
if (!isInlineable(summary))
return InstanceOfStatus(summary);
Modified: trunk/Source/_javascript_Core/bytecode/InstanceOfStatus.h (255541 => 255542)
--- trunk/Source/_javascript_Core/bytecode/InstanceOfStatus.h 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/bytecode/InstanceOfStatus.h 2020-02-01 06:18:18 UTC (rev 255542)
@@ -82,7 +82,7 @@
static InstanceOfStatus computeFor(CodeBlock*, ICStatusMap&, BytecodeIndex);
#if ENABLE(DFG_JIT)
- static InstanceOfStatus computeForStubInfo(const ConcurrentJSLocker&, StructureStubInfo*);
+ static InstanceOfStatus computeForStubInfo(const ConcurrentJSLocker&, VM&, StructureStubInfo*);
#endif
State state() const { return m_state; }
Modified: trunk/Source/_javascript_Core/bytecode/PolyProtoAccessChain.cpp (255541 => 255542)
--- trunk/Source/_javascript_Core/bytecode/PolyProtoAccessChain.cpp 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/bytecode/PolyProtoAccessChain.cpp 2020-02-01 06:18:18 UTC (rev 255542)
@@ -61,7 +61,7 @@
// To save memory, we don't include the base in the chain. We let
// AccessCase provide the base to us as needed.
if (iterationNumber)
- result->m_chain.append(structure);
+ result->m_chain.append(structure->id());
else
RELEASE_ASSERT(current == base);
@@ -83,10 +83,10 @@
return result;
}
-bool PolyProtoAccessChain::needImpurePropertyWatchpoint() const
+bool PolyProtoAccessChain::needImpurePropertyWatchpoint(VM& vm) const
{
- for (Structure* structure : m_chain) {
- if (structure->needImpurePropertyWatchpoint())
+ for (StructureID structureID : m_chain) {
+ if (vm.getStructure(structureID)->needImpurePropertyWatchpoint())
return true;
}
return false;
@@ -100,7 +100,7 @@
void PolyProtoAccessChain::dump(Structure* baseStructure, PrintStream& out) const
{
out.print("PolyPolyProtoAccessChain: [\n");
- forEach(baseStructure, [&] (Structure* structure, bool) {
+ forEach(baseStructure->vm(), baseStructure, [&] (Structure* structure, bool) {
out.print("\t");
structure->dump(out);
out.print("\n");
Modified: trunk/Source/_javascript_Core/bytecode/PolyProtoAccessChain.h (255541 => 255542)
--- trunk/Source/_javascript_Core/bytecode/PolyProtoAccessChain.h 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/bytecode/PolyProtoAccessChain.h 2020-02-01 06:18:18 UTC (rev 255542)
@@ -50,7 +50,7 @@
return makeUnique<PolyProtoAccessChain>(*this);
}
- const Vector<Structure*>& chain() const { return m_chain; }
+ const Vector<StructureID>& chain() const { return m_chain; }
void dump(Structure* baseStructure, PrintStream& out) const;
@@ -60,23 +60,23 @@
return !(*this == other);
}
- bool needImpurePropertyWatchpoint() const;
+ bool needImpurePropertyWatchpoint(VM&) const;
template <typename Func>
- void forEach(Structure* baseStructure, const Func& func) const
+ void forEach(VM& vm, Structure* baseStructure, const Func& func) const
{
bool atEnd = !m_chain.size();
func(baseStructure, atEnd);
for (unsigned i = 0; i < m_chain.size(); ++i) {
atEnd = i + 1 == m_chain.size();
- func(m_chain[i], atEnd);
+ func(vm.getStructure(m_chain[i]), atEnd);
}
}
- Structure* slotBaseStructure(Structure* baseStructure) const
+ Structure* slotBaseStructure(VM& vm, Structure* baseStructure) const
{
if (m_chain.size())
- return m_chain.last();
+ return vm.getStructure(m_chain.last());
return baseStructure;
}
@@ -85,7 +85,7 @@
// This does not include the base. We rely on AccessCase providing it for us. That said, this data
// structure is tied to the base that it was created with.
- Vector<Structure*> m_chain;
+ Vector<StructureID> m_chain;
};
}
Modified: trunk/Source/_javascript_Core/bytecode/PolymorphicAccess.cpp (255541 => 255542)
--- trunk/Source/_javascript_Core/bytecode/PolymorphicAccess.cpp 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/bytecode/PolymorphicAccess.cpp 2020-02-01 06:18:18 UTC (rev 255542)
@@ -725,7 +725,7 @@
bool doesCalls = false;
Vector<JSCell*> cellsToMark;
for (auto& entry : cases)
- doesCalls |= entry->doesCalls(&cellsToMark);
+ doesCalls |= entry->doesCalls(vm, &cellsToMark);
m_stubRoutine = createJITStubRoutine(code, vm, codeBlock, doesCalls, cellsToMark, WTFMove(state.m_callLinkInfos), codeBlockThatOwnsExceptionHandlers, callSiteIndexForExceptionHandling);
m_watchpoints = WTFMove(state.watchpoints);
Modified: trunk/Source/_javascript_Core/bytecode/PutByIdStatus.cpp (255541 => 255542)
--- trunk/Source/_javascript_Core/bytecode/PutByIdStatus.cpp 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/bytecode/PutByIdStatus.cpp 2020-02-01 06:18:18 UTC (rev 255542)
@@ -129,7 +129,7 @@
const ConcurrentJSLocker& locker, CodeBlock* profiledBlock, StructureStubInfo* stubInfo,
UniquedStringImpl* uid, CallLinkStatus::ExitSiteData callExitSiteData)
{
- StubInfoSummary summary = StructureStubInfo::summary(stubInfo);
+ StubInfoSummary summary = StructureStubInfo::summary(profiledBlock->vm(), stubInfo);
if (!isInlineable(summary))
return PutByIdStatus(summary);
Modified: trunk/Source/_javascript_Core/bytecode/StructureStubInfo.cpp (255541 => 255542)
--- trunk/Source/_javascript_Core/bytecode/StructureStubInfo.cpp 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/bytecode/StructureStubInfo.cpp 2020-02-01 06:18:18 UTC (rev 255542)
@@ -351,7 +351,7 @@
return true;
}
-StubInfoSummary StructureStubInfo::summary() const
+StubInfoSummary StructureStubInfo::summary(VM& vm) const
{
StubInfoSummary takesSlowPath = StubInfoSummary::TakesSlowPath;
StubInfoSummary simple = StubInfoSummary::Simple;
@@ -359,7 +359,7 @@
PolymorphicAccess* list = u.stub;
for (unsigned i = 0; i < list->size(); ++i) {
const AccessCase& access = list->at(i);
- if (access.doesCalls()) {
+ if (access.doesCalls(vm)) {
takesSlowPath = StubInfoSummary::TakesSlowPathAndMakesCalls;
simple = StubInfoSummary::MakesCalls;
break;
@@ -376,12 +376,12 @@
return simple;
}
-StubInfoSummary StructureStubInfo::summary(const StructureStubInfo* stubInfo)
+StubInfoSummary StructureStubInfo::summary(VM& vm, const StructureStubInfo* stubInfo)
{
if (!stubInfo)
return StubInfoSummary::NoInformation;
- return stubInfo->summary();
+ return stubInfo->summary(vm);
}
bool StructureStubInfo::containsPC(void* pc) const
Modified: trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h (255541 => 255542)
--- trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h 2020-02-01 06:18:18 UTC (rev 255542)
@@ -166,9 +166,9 @@
return false;
}
- StubInfoSummary summary() const;
+ StubInfoSummary summary(VM&) const;
- static StubInfoSummary summary(const StructureStubInfo*);
+ static StubInfoSummary summary(VM&, const StructureStubInfo*);
bool containsPC(void* pc) const;
Modified: trunk/Source/_javascript_Core/dfg/DFGCommonData.h (255541 => 255542)
--- trunk/Source/_javascript_Core/dfg/DFGCommonData.h 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/dfg/DFGCommonData.h 2020-02-01 06:18:18 UTC (rev 255542)
@@ -125,7 +125,7 @@
Vector<Identifier> dfgIdentifiers;
Vector<WeakReferenceTransition> transitions;
Vector<WriteBarrier<JSCell>> weakReferences;
- Vector<WriteBarrier<Structure>> weakStructureReferences;
+ Vector<StructureID> weakStructureReferences;
Vector<CatchEntrypointData> catchEntrypoints;
Bag<CodeBlockJettisoningWatchpoint> watchpoints;
Bag<AdaptiveStructureWatchpoint> adaptiveStructureWatchpoints;
Modified: trunk/Source/_javascript_Core/dfg/DFGDesiredWeakReferences.cpp (255541 => 255542)
--- trunk/Source/_javascript_Core/dfg/DFGDesiredWeakReferences.cpp 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/dfg/DFGDesiredWeakReferences.cpp 2020-02-01 06:18:18 UTC (rev 255542)
@@ -67,11 +67,12 @@
void DesiredWeakReferences::reallyAdd(VM& vm, CommonData* common)
{
+ ASSERT(vm.heap.isDeferred());
for (JSCell* target : m_references) {
if (Structure* structure = jsDynamicCast<Structure*>(vm, target)) {
ConcurrentJSLocker locker(m_codeBlock->m_lock);
- common->weakStructureReferences.append(
- WriteBarrier<Structure>(vm, m_codeBlock, structure));
+ // We do not emit WriteBarrier here since (1) GC is deferred and (2) we emit write-barrier on CodeBlock when finishing DFG::Plan::reallyAdd.
+ common->weakStructureReferences.append(structure->id());
} else {
// There are weird relationships in how optimized CodeBlocks
// point to other CodeBlocks. We don't want to have them be
Modified: trunk/Source/_javascript_Core/dfg/DFGPlan.cpp (255541 => 255542)
--- trunk/Source/_javascript_Core/dfg/DFGPlan.cpp 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/dfg/DFGPlan.cpp 2020-02-01 06:18:18 UTC (rev 255542)
@@ -624,8 +624,8 @@
for (WriteBarrier<JSCell>& reference : m_codeBlock->jitCode()->dfgCommon()->weakReferences)
trackedReferences.add(reference.get());
- for (WriteBarrier<Structure>& reference : m_codeBlock->jitCode()->dfgCommon()->weakStructureReferences)
- trackedReferences.add(reference.get());
+ for (StructureID structureID : m_codeBlock->jitCode()->dfgCommon()->weakStructureReferences)
+ trackedReferences.add(m_vm->getStructure(structureID));
for (WriteBarrier<Unknown>& constant : m_codeBlock->constants())
trackedReferences.add(constant.get());
Modified: trunk/Source/_javascript_Core/jit/Repatch.cpp (255541 => 255542)
--- trunk/Source/_javascript_Core/jit/Repatch.cpp 2020-02-01 05:22:47 UTC (rev 255541)
+++ trunk/Source/_javascript_Core/jit/Repatch.cpp 2020-02-01 06:18:18 UTC (rev 255542)
@@ -320,7 +320,7 @@
prototypeAccessChain = PolyProtoAccessChain::create(globalObject, baseCell, slot);
if (!prototypeAccessChain)
return GiveUpOnCache;
- RELEASE_ASSERT(slot.isCacheableCustom() || prototypeAccessChain->slotBaseStructure(structure)->get(vm, propertyName.uid()) == offset);
+ RELEASE_ASSERT(slot.isCacheableCustom() || prototypeAccessChain->slotBaseStructure(vm, structure)->get(vm, propertyName.uid()) == offset);
} else {
// We use ObjectPropertyConditionSet instead for faster accesses.
prototypeAccessChain = nullptr;
@@ -688,7 +688,7 @@
prototypeAccessChain = PolyProtoAccessChain::create(globalObject, baseCell, slot.base());
if (!prototypeAccessChain)
return GiveUpOnCache;
- offset = prototypeAccessChain->slotBaseStructure(baseCell->structure(vm))->get(vm, ident.impl());
+ offset = prototypeAccessChain->slotBaseStructure(vm, baseCell->structure(vm))->get(vm, ident.impl());
} else {
prototypeAccessChain = nullptr;
conditionSet = generateConditionsForPrototypePropertyHit(
@@ -790,7 +790,7 @@
prototypeAccessChain = PolyProtoAccessChain::create(globalObject, base, slot);
if (!prototypeAccessChain)
return GiveUpOnCache;
- RELEASE_ASSERT(slot.isCacheableCustom() || prototypeAccessChain->slotBaseStructure(structure)->get(vm, ident.impl()) == slot.cachedOffset());
+ RELEASE_ASSERT(slot.isCacheableCustom() || prototypeAccessChain->slotBaseStructure(vm, structure)->get(vm, ident.impl()) == slot.cachedOffset());
} else {
prototypeAccessChain = nullptr;
conditionSet = generateConditionsForPrototypePropertyHit(
