blob: 96573711cde538e9e525e1682fe3e16d8372b9b7 [file] [log] [blame]
/*
* Copyright (C) 2008, 2009, 2012, 2013, 2014 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef Structure_h
#define Structure_h
#include "ClassInfo.h"
#include "ConcurrentJITLock.h"
#include "IndexingType.h"
#include "JSCJSValue.h"
#include "JSCell.h"
#include "JSType.h"
#include "PropertyName.h"
#include "PropertyNameArray.h"
#include "PropertyOffset.h"
#include "Protect.h"
#include "PutPropertySlot.h"
#include "StructureIDBlob.h"
#include "StructureRareData.h"
#include "StructureTransitionTable.h"
#include "JSTypeInfo.h"
#include "Watchpoint.h"
#include "Weak.h"
#include "WriteBarrierInlines.h"
#include <wtf/CompilationThread.h>
#include <wtf/PassRefPtr.h>
#include <wtf/PrintStream.h>
#include <wtf/RefCounted.h>
#include <wtf/text/StringImpl.h>
namespace JSC {
class DeferGC;
class LLIntOffsetsExtractor;
class PropertyNameArray;
class PropertyNameArrayData;
class PropertyTable;
class StructureChain;
class SlotVisitor;
class JSString;
struct DumpContext;
// The out-of-line property storage capacity to use when first allocating out-of-line
// storage. Note that all objects start out without having any out-of-line storage;
// this comes into play only on the first property store that exhausts inline storage.
static const unsigned initialOutOfLineCapacity = 4;
// The factor by which to grow out-of-line storage when it is exhausted, after the
// initial allocation.
static const unsigned outOfLineGrowthFactor = 2;
class Structure : public JSCell {
public:
friend class StructureTransitionTable;
typedef JSCell Base;
static Structure* create(VM&, JSGlobalObject*, JSValue prototype, const TypeInfo&, const ClassInfo*, IndexingType = NonArray, unsigned inlineCapacity = 0);
~Structure();
protected:
void finishCreation(VM& vm)
{
Base::finishCreation(vm);
ASSERT(m_prototype);
ASSERT(m_prototype.isObject() || m_prototype.isNull());
}
void finishCreation(VM& vm, CreatingEarlyCellTag)
{
Base::finishCreation(vm, this, CreatingEarlyCell);
ASSERT(m_prototype);
ASSERT(m_prototype.isNull());
ASSERT(!vm.structureStructure);
}
public:
StructureID id() const { return m_blob.structureID(); }
int32_t objectInitializationBlob() const { return m_blob.blobExcludingStructureID(); }
int64_t idBlob() const { return m_blob.blob(); }
bool isProxy() const
{
JSType type = m_blob.type();
return type == ImpureProxyType || type == PureForwardingProxyType;
}
static void dumpStatistics();
JS_EXPORT_PRIVATE static Structure* addPropertyTransition(VM&, Structure*, PropertyName, unsigned attributes, JSCell* specificValue, PropertyOffset&, PutPropertySlot::Context = PutPropertySlot::UnknownContext);
static Structure* addPropertyTransitionToExistingStructureConcurrently(Structure*, StringImpl* uid, unsigned attributes, JSCell* specificValue, PropertyOffset&);
JS_EXPORT_PRIVATE static Structure* addPropertyTransitionToExistingStructure(Structure*, PropertyName, unsigned attributes, JSCell* specificValue, PropertyOffset&);
static Structure* removePropertyTransition(VM&, Structure*, PropertyName, PropertyOffset&);
JS_EXPORT_PRIVATE static Structure* changePrototypeTransition(VM&, Structure*, JSValue prototype);
JS_EXPORT_PRIVATE static Structure* despecifyFunctionTransition(VM&, Structure*, PropertyName);
static Structure* attributeChangeTransition(VM&, Structure*, PropertyName, unsigned attributes);
JS_EXPORT_PRIVATE static Structure* toCacheableDictionaryTransition(VM&, Structure*);
static Structure* toUncacheableDictionaryTransition(VM&, Structure*);
static Structure* sealTransition(VM&, Structure*);
static Structure* freezeTransition(VM&, Structure*);
static Structure* preventExtensionsTransition(VM&, Structure*);
static Structure* nonPropertyTransition(VM&, Structure*, NonPropertyTransition);
bool isSealed(VM&);
bool isFrozen(VM&);
bool isExtensible() const { return !m_preventExtensions; }
bool didTransition() const { return m_didTransition; }
bool putWillGrowOutOfLineStorage();
size_t suggestedNewOutOfLineStorageCapacity();
JS_EXPORT_PRIVATE Structure* flattenDictionaryStructure(VM&, JSObject*);
static const bool needsDestruction = true;
static const bool hasImmortalStructure = true;
static void destroy(JSCell*);
// These should be used with caution.
JS_EXPORT_PRIVATE PropertyOffset addPropertyWithoutTransition(VM&, PropertyName, unsigned attributes, JSCell* specificValue);
PropertyOffset removePropertyWithoutTransition(VM&, PropertyName);
void setPrototypeWithoutTransition(VM& vm, JSValue prototype) { m_prototype.set(vm, this, prototype); }
bool isDictionary() const { return m_dictionaryKind != NoneDictionaryKind; }
bool isUncacheableDictionary() const { return m_dictionaryKind == UncachedDictionaryKind; }
bool hasBeenFlattenedBefore() const { return m_hasBeenFlattenedBefore; }
bool propertyAccessesAreCacheable() { return m_dictionaryKind != UncachedDictionaryKind && !typeInfo().prohibitsPropertyCaching(); }
// We use SlowPath in GetByIdStatus for structures that may get new impure properties later to prevent
// DFG from inlining property accesses since structures don't transition when a new impure property appears.
bool takesSlowPathInDFGForImpureProperty()
{
return typeInfo().hasImpureGetOwnPropertySlot();
}
// Type accessors.
TypeInfo typeInfo() const { ASSERT(structure()->classInfo() == info()); return m_blob.typeInfo(m_outOfLineTypeFlags); }
bool isObject() const { return typeInfo().isObject(); }
IndexingType indexingType() const { return m_blob.indexingType() & AllArrayTypes; }
IndexingType indexingTypeIncludingHistory() const { return m_blob.indexingType(); }
bool mayInterceptIndexedAccesses() const
{
return !!(indexingTypeIncludingHistory() & MayHaveIndexedAccessors);
}
bool anyObjectInChainMayInterceptIndexedAccesses() const;
bool holesMustForwardToPrototype(VM&) const;
bool needsSlowPutIndexing() const;
NonPropertyTransition suggestedArrayStorageTransition() const;
JSGlobalObject* globalObject() const { return m_globalObject.get(); }
void setGlobalObject(VM& vm, JSGlobalObject* globalObject) { m_globalObject.set(vm, this, globalObject); }
JSValue storedPrototype() const { return m_prototype.get(); }
JSObject* storedPrototypeObject() const;
Structure* storedPrototypeStructure() const;
JSValue prototypeForLookup(ExecState*) const;
JSValue prototypeForLookup(JSGlobalObject*) const;
JSValue prototypeForLookup(CodeBlock*) const;
StructureChain* prototypeChain(VM&, JSGlobalObject*) const;
StructureChain* prototypeChain(ExecState*) const;
static void visitChildren(JSCell*, SlotVisitor&);
// Will just the prototype chain intercept this property access?
bool prototypeChainMayInterceptStoreTo(VM&, PropertyName);
bool transitionDidInvolveSpecificValue() const { return !!m_specificValueInPrevious; }
Structure* previousID() const
{
ASSERT(structure()->classInfo() == info());
if (m_hasRareData)
return rareData()->previousID();
return previous();
}
bool transitivelyTransitionedFrom(Structure* structureToFind);
unsigned outOfLineCapacity() const
{
ASSERT(checkOffsetConsistency());
unsigned outOfLineSize = this->outOfLineSize();
if (!outOfLineSize)
return 0;
if (outOfLineSize <= initialOutOfLineCapacity)
return initialOutOfLineCapacity;
ASSERT(outOfLineSize > initialOutOfLineCapacity);
COMPILE_ASSERT(outOfLineGrowthFactor == 2, outOfLineGrowthFactor_is_two);
return WTF::roundUpToPowerOfTwo(outOfLineSize);
}
unsigned outOfLineSize() const
{
ASSERT(checkOffsetConsistency());
ASSERT(structure()->classInfo() == info());
return numberOfOutOfLineSlotsForLastOffset(m_offset);
}
bool hasInlineStorage() const
{
return !!m_inlineCapacity;
}
unsigned inlineCapacity() const
{
return m_inlineCapacity;
}
unsigned inlineSize() const
{
return std::min<unsigned>(m_offset + 1, m_inlineCapacity);
}
unsigned totalStorageSize() const
{
return numberOfSlotsForLastOffset(m_offset, m_inlineCapacity);
}
unsigned totalStorageCapacity() const
{
ASSERT(structure()->classInfo() == info());
return outOfLineCapacity() + inlineCapacity();
}
bool isValidOffset(PropertyOffset offset) const
{
return JSC::isValidOffset(offset)
&& offset <= m_offset
&& (offset < m_inlineCapacity || offset >= firstOutOfLineOffset);
}
bool couldHaveIndexingHeader() const
{
return hasIndexedProperties(indexingType())
|| isTypedView(m_classInfo->typedArrayStorageType);
}
bool hasIndexingHeader(const JSCell*) const;
bool masqueradesAsUndefined(JSGlobalObject* lexicalGlobalObject);
PropertyOffset get(VM&, PropertyName);
PropertyOffset get(VM&, const WTF::String& name);
PropertyOffset get(VM&, PropertyName, unsigned& attributes, JSCell*& specificValue);
PropertyOffset getConcurrently(VM&, StringImpl* uid);
PropertyOffset getConcurrently(VM&, StringImpl* uid, unsigned& attributes, JSCell*& specificValue);
bool hasGetterSetterProperties() const { return m_hasGetterSetterProperties; }
bool hasReadOnlyOrGetterSetterPropertiesExcludingProto() const { return m_hasReadOnlyOrGetterSetterPropertiesExcludingProto; }
void setHasGetterSetterProperties(bool is__proto__)
{
m_hasGetterSetterProperties = true;
if (!is__proto__)
m_hasReadOnlyOrGetterSetterPropertiesExcludingProto = true;
}
bool hasCustomGetterSetterProperties() const { return m_hasCustomGetterSetterProperties; }
void setHasCustomGetterSetterProperties(bool is__proto__)
{
m_hasCustomGetterSetterProperties = true;
if (!is__proto__)
m_hasReadOnlyOrGetterSetterPropertiesExcludingProto = true;
}
void setContainsReadOnlyProperties()
{
m_hasReadOnlyOrGetterSetterPropertiesExcludingProto = true;
}
bool hasNonEnumerableProperties() const { return m_hasNonEnumerableProperties; }
bool isEmpty() const
{
ASSERT(checkOffsetConsistency());
return !JSC::isValidOffset(m_offset);
}
JS_EXPORT_PRIVATE void despecifyDictionaryFunction(VM&, PropertyName);
void disableSpecificFunctionTracking() { m_specificFunctionThrashCount = maxSpecificFunctionThrashCount; }
void setEnumerationCache(VM&, JSPropertyNameIterator* enumerationCache); // Defined in JSPropertyNameIterator.h.
JSPropertyNameIterator* enumerationCache(); // Defined in JSPropertyNameIterator.h.
void getPropertyNamesFromStructure(VM&, PropertyNameArray&, EnumerationMode);
JSString* objectToStringValue()
{
if (!m_hasRareData)
return 0;
return rareData()->objectToStringValue();
}
void setObjectToStringValue(VM& vm, JSString* value)
{
if (!m_hasRareData)
allocateRareData(vm);
rareData()->setObjectToStringValue(vm, value);
}
bool staticFunctionsReified()
{
return m_staticFunctionReified;
}
void setStaticFunctionsReified()
{
m_staticFunctionReified = true;
}
const ClassInfo* classInfo() const { return m_classInfo; }
static ptrdiff_t structureIDOffset()
{
return OBJECT_OFFSETOF(Structure, m_blob) + StructureIDBlob::structureIDOffset();
}
static ptrdiff_t prototypeOffset()
{
return OBJECT_OFFSETOF(Structure, m_prototype);
}
static ptrdiff_t globalObjectOffset()
{
return OBJECT_OFFSETOF(Structure, m_globalObject);
}
static ptrdiff_t classInfoOffset()
{
return OBJECT_OFFSETOF(Structure, m_classInfo);
}
static ptrdiff_t indexingTypeOffset()
{
return OBJECT_OFFSETOF(Structure, m_blob) + StructureIDBlob::indexingTypeOffset();
}
static Structure* createStructure(VM&);
bool transitionWatchpointSetHasBeenInvalidated() const
{
return m_transitionWatchpointSet.hasBeenInvalidated();
}
bool transitionWatchpointSetIsStillValid() const
{
return m_transitionWatchpointSet.isStillValid();
}
bool dfgShouldWatchIfPossible() const
{
// FIXME: We would like to not watch things that are unprofitable to watch, like
// dictionaries. Unfortunately, we can't do such things: a dictionary could get flattened,
// in which case it will start to appear watchable and so the DFG will think that it is
// watching it. We should come up with a comprehensive story for not watching things that
// aren't profitable to watch.
// https://bugs.webkit.org/show_bug.cgi?id=133625
return true;
}
bool dfgShouldWatch() const
{
return dfgShouldWatchIfPossible() && transitionWatchpointSetIsStillValid();
}
void addTransitionWatchpoint(Watchpoint* watchpoint) const
{
ASSERT(transitionWatchpointSetIsStillValid());
m_transitionWatchpointSet.add(watchpoint);
}
void notifyTransitionFromThisStructure() const
{
m_transitionWatchpointSet.fireAll();
}
InlineWatchpointSet& transitionWatchpointSet() const
{
return m_transitionWatchpointSet;
}
void dump(PrintStream&) const;
void dumpInContext(PrintStream&, DumpContext*) const;
void dumpBrief(PrintStream&, const CString&) const;
static void dumpContextHeader(PrintStream&);
DECLARE_EXPORT_INFO;
private:
friend class LLIntOffsetsExtractor;
JS_EXPORT_PRIVATE Structure(VM&, JSGlobalObject*, JSValue prototype, const TypeInfo&, const ClassInfo*, IndexingType, unsigned inlineCapacity);
Structure(VM&);
Structure(VM&, Structure*);
static Structure* create(VM&, Structure*);
static Structure* addPropertyTransitionToExistingStructureImpl(Structure*, StringImpl* uid, unsigned attributes, JSCell* specificValue, PropertyOffset&);
// This will return the structure that has a usable property table, that property table,
// and the list of structures that we visited before we got to it. If it returns a
// non-null structure, it will also lock the structure that it returns; it is your job
// to unlock it.
void findStructuresAndMapForMaterialization(Vector<Structure*, 8>& structures, Structure*&, PropertyTable*&);
typedef enum {
NoneDictionaryKind = 0,
CachedDictionaryKind = 1,
UncachedDictionaryKind = 2
} DictionaryKind;
static Structure* toDictionaryTransition(VM&, Structure*, DictionaryKind);
PropertyOffset putSpecificValue(VM&, PropertyName, unsigned attributes, JSCell* specificValue);
PropertyOffset remove(PropertyName);
void createPropertyMap(const GCSafeConcurrentJITLocker&, VM&, unsigned keyCount = 0);
void checkConsistency();
bool despecifyFunction(VM&, PropertyName);
void despecifyAllFunctions(VM&);
WriteBarrier<PropertyTable>& propertyTable();
PropertyTable* takePropertyTableOrCloneIfPinned(VM&);
PropertyTable* copyPropertyTable(VM&);
PropertyTable* copyPropertyTableForPinning(VM&);
JS_EXPORT_PRIVATE void materializePropertyMap(VM&);
ALWAYS_INLINE void materializePropertyMapIfNecessary(VM& vm, DeferGC&)
{
ASSERT(!isCompilationThread());
ASSERT(structure()->classInfo() == info());
ASSERT(checkOffsetConsistency());
if (!propertyTable() && previousID())
materializePropertyMap(vm);
}
ALWAYS_INLINE void materializePropertyMapIfNecessary(VM& vm, PropertyTable*& table)
{
ASSERT(!isCompilationThread());
ASSERT(structure()->classInfo() == info());
ASSERT(checkOffsetConsistency());
table = propertyTable().get();
if (!table && previousID()) {
DeferGC deferGC(vm.heap);
materializePropertyMap(vm);
table = propertyTable().get();
}
}
void materializePropertyMapIfNecessaryForPinning(VM& vm, DeferGC&)
{
ASSERT(structure()->classInfo() == info());
checkOffsetConsistency();
if (!propertyTable())
materializePropertyMap(vm);
}
void setPreviousID(VM& vm, Structure* structure)
{
if (m_hasRareData)
rareData()->setPreviousID(vm, structure);
else
m_previousOrRareData.set(vm, this, structure);
}
void clearPreviousID()
{
if (m_hasRareData)
rareData()->clearPreviousID();
else
m_previousOrRareData.clear();
}
int transitionCount() const
{
// Since the number of transitions is always the same as m_offset, we keep the size of Structure down by not storing both.
return numberOfSlotsForLastOffset(m_offset, m_inlineCapacity);
}
bool isValid(JSGlobalObject*, StructureChain* cachedPrototypeChain) const;
bool isValid(ExecState*, StructureChain* cachedPrototypeChain) const;
void pin();
Structure* previous() const
{
ASSERT(!m_hasRareData);
return static_cast<Structure*>(m_previousOrRareData.get());
}
StructureRareData* rareData() const
{
ASSERT(m_hasRareData);
return static_cast<StructureRareData*>(m_previousOrRareData.get());
}
bool checkOffsetConsistency() const;
void allocateRareData(VM&);
void cloneRareDataFrom(VM&, const Structure*);
static const int s_maxTransitionLength = 64;
static const int s_maxTransitionLengthForNonEvalPutById = 512;
static const unsigned maxSpecificFunctionThrashCount = 3;
// These need to be properly aligned at the beginning of the 'Structure'
// part of the object.
StructureIDBlob m_blob;
TypeInfo::OutOfLineTypeFlags m_outOfLineTypeFlags;
WriteBarrier<JSGlobalObject> m_globalObject;
WriteBarrier<Unknown> m_prototype;
mutable WriteBarrier<StructureChain> m_cachedPrototypeChain;
WriteBarrier<JSCell> m_previousOrRareData;
RefPtr<StringImpl> m_nameInPrevious;
WriteBarrier<JSCell> m_specificValueInPrevious;
const ClassInfo* m_classInfo;
StructureTransitionTable m_transitionTable;
// Should be accessed through propertyTable(). During GC, it may be set to 0 by another thread.
WriteBarrier<PropertyTable> m_propertyTableUnsafe;
mutable InlineWatchpointSet m_transitionWatchpointSet;
COMPILE_ASSERT(firstOutOfLineOffset < 256, firstOutOfLineOffset_fits);
// m_offset does not account for anonymous slots
PropertyOffset m_offset;
uint8_t m_inlineCapacity;
ConcurrentJITLock m_lock;
unsigned m_dictionaryKind : 2;
bool m_hasBeenFlattenedBefore : 1;
bool m_isPinnedPropertyTable : 1;
bool m_hasGetterSetterProperties : 1;
bool m_hasCustomGetterSetterProperties : 1;
bool m_hasReadOnlyOrGetterSetterPropertiesExcludingProto : 1;
bool m_hasNonEnumerableProperties : 1;
unsigned m_attributesInPrevious : 14;
unsigned m_specificFunctionThrashCount : 2;
unsigned m_preventExtensions : 1;
unsigned m_didTransition : 1;
unsigned m_staticFunctionReified : 1;
bool m_hasRareData : 1;
};
} // namespace JSC
#endif // Structure_h