Reverted r119567, the fix for <http://webkit.org/b/88378>, because it broke the 32-bit build. * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): * jit/JITInlineMethods.h: (JSC::JIT::emitAllocateBasicJSObject): * llint/LowLevelInterpreter.asm: * runtime/JSGlobalData.h: (JSGlobalData): * runtime/JSGlobalThis.cpp: (JSC::JSGlobalThis::setUnwrappedObject): * runtime/JSObject.cpp: (JSC::JSObject::visitChildren): (JSC::JSObject::createInheritorID): * runtime/JSObject.h: (JSObject): (JSC::JSObject::resetInheritorID): (JSC): (JSC::JSObject::offsetOfInheritorID): (JSC::JSObject::inheritorID): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119568 268f45cc-cd09-0410-ab3c-d52691b4dbfc

commit: 115e664146fd8ca986198e689ce573e8bb89a531 [log] [tgz]
author: mitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Wed Jun 06 07:37:05 2012 +0000
committer: mitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Wed Jun 06 07:37:05 2012 +0000
tree: c79fabcd9e3502d2f78d32db811fec7427db5845
parent: a6e13e164472567a5ff7169e2ba1297600abe40a [diff]
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index 1149ecc..3dff8d9 100644
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog

@@ -1,3 +1,26 @@
+2012-06-06  Dan Bernstein  <mitz@apple.com>
+
+        Reverted r119567, the fix for <http://webkit.org/b/88378>, because it broke the 32-bit build.
+
+        * dfg/DFGSpeculativeJIT.h:
+        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitAllocateBasicJSObject):
+        * llint/LowLevelInterpreter.asm:
+        * runtime/JSGlobalData.h:
+        (JSGlobalData):
+        * runtime/JSGlobalThis.cpp:
+        (JSC::JSGlobalThis::setUnwrappedObject):
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::visitChildren):
+        (JSC::JSObject::createInheritorID):
+        * runtime/JSObject.h:
+        (JSObject):
+        (JSC::JSObject::resetInheritorID):
+        (JSC):
+        (JSC::JSObject::offsetOfInheritorID):
+        (JSC::JSObject::inheritorID):
+
 2012-06-05  Yuqiang Xian  <yuqiang.xian@intel.com>
 
         Improve Math.round and Math.floor intrinsic

diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
index 0f2c064..38cb5d5 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h

@@ -2121,6 +2121,9 @@
         // Initialize the object's classInfo pointer
         m_jit.storePtr(MacroAssembler::TrustedImmPtr(&ClassType::s_info), MacroAssembler::Address(resultGPR, JSCell::classInfoOffset()));
         
+        // Initialize the object's inheritorID.
+        m_jit.storePtr(MacroAssembler::TrustedImmPtr(0), MacroAssembler::Address(resultGPR, JSObject::offsetOfInheritorID()));
+        
         // Initialize the object's property storage pointer.
         m_jit.addPtr(MacroAssembler::TrustedImm32(sizeof(JSObject)), resultGPR, scratchGPR);
         m_jit.storePtr(scratchGPR, MacroAssembler::Address(resultGPR, ClassType::offsetOfPropertyStorage()));

diff --git a/Source/JavaScriptCore/jit/JITInlineMethods.h b/Source/JavaScriptCore/jit/JITInlineMethods.h
index db2af04..40985ac 100644
--- a/Source/JavaScriptCore/jit/JITInlineMethods.h
+++ b/Source/JavaScriptCore/jit/JITInlineMethods.h

@@ -425,6 +425,9 @@
     // initialize the object's classInfo pointer
     storePtr(TrustedImmPtr(&ClassType::s_info), Address(result, JSCell::classInfoOffset()));
 
+    // initialize the inheritor ID
+    storePtr(TrustedImmPtr(0), Address(result, JSObject::offsetOfInheritorID()));
+
     // initialize the object's property storage pointer
     addPtr(TrustedImm32(sizeof(JSObject)), result, storagePtr);
     storePtr(storagePtr, Address(result, ClassType::offsetOfPropertyStorage()));

diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
index 1e67ef0..d9c4728 100644
--- a/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
+++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

@@ -311,6 +311,7 @@
         loadp classInfoOffset[scratch1], scratch2
         storep scratch2, [result]
         storep structure, JSCell::m_structure[result]
+        storep 0, JSObject::m_inheritorID[result]
         addp sizeof JSObject, result, scratch1
         storep scratch1, JSObject::m_propertyStorage[result]
     end

diff --git a/Source/JavaScriptCore/runtime/JSGlobalData.h b/Source/JavaScriptCore/runtime/JSGlobalData.h
index c2af222..f883310 100644
--- a/Source/JavaScriptCore/runtime/JSGlobalData.h
+++ b/Source/JavaScriptCore/runtime/JSGlobalData.h

@@ -38,7 +38,6 @@
 #include "JSValue.h"
 #include "LLIntData.h"
 #include "NumericStrings.h"
-#include "PrivateName.h"
 #include "SmallStrings.h"
 #include "Strong.h"
 #include "Terminator.h"
@@ -282,8 +281,6 @@
         bool canUseRegExpJIT() { return m_canUseAssembler; }
 #endif
 
-        PrivateName m_inheritorIDKey;
-
         OwnPtr<ParserArena> parserArena;
         OwnPtr<Keywords> keywords;
         Interpreter* interpreter;

diff --git a/Source/JavaScriptCore/runtime/JSGlobalThis.cpp b/Source/JavaScriptCore/runtime/JSGlobalThis.cpp
index b2bbae5..abd31ac 100644
--- a/Source/JavaScriptCore/runtime/JSGlobalThis.cpp
+++ b/Source/JavaScriptCore/runtime/JSGlobalThis.cpp

@@ -53,7 +53,7 @@
     ASSERT_ARG(globalObject, globalObject);
     m_unwrappedObject.set(globalData, this, globalObject);
     setPrototype(globalData, globalObject->prototype());
-    resetInheritorID(globalData);
+    resetInheritorID();
 }
 
 } // namespace JSC

diff --git a/Source/JavaScriptCore/runtime/JSObject.cpp b/Source/JavaScriptCore/runtime/JSObject.cpp
index bacf331..8d9e4a9 100644
--- a/Source/JavaScriptCore/runtime/JSObject.cpp
+++ b/Source/JavaScriptCore/runtime/JSObject.cpp

@@ -98,6 +98,9 @@
         thisObject->m_propertyStorage.set(storage, StorageBarrier::Unchecked);
     }
 
+    if (thisObject->m_inheritorID)
+        visitor.append(&thisObject->m_inheritorID);
+
 #if !ASSERT_DISABLED
     visitor.m_isCheckingForDefaultMarkViolation = wasCheckingForDefaultMarkViolation;
 #endif
@@ -533,21 +536,15 @@
 
 Structure* JSObject::createInheritorID(JSGlobalData& globalData)
 {
-    ASSERT(!getDirectLocation(globalData, globalData.m_inheritorIDKey));
-
     JSGlobalObject* globalObject;
     if (isGlobalThis())
         globalObject = static_cast<JSGlobalThis*>(this)->unwrappedObject();
     else
         globalObject = structure()->globalObject();
     ASSERT(globalObject);
-    
-    Structure* inheritorID = createEmptyObjectStructure(globalData, globalObject, this);
-    ASSERT(inheritorID->isEmpty());
-
-    PutPropertySlot slot;
-    putDirectInternal<PutModeDefineOwnProperty>(globalData, globalData.m_inheritorIDKey, inheritorID, 0, slot, 0);
-    return inheritorID;
+    m_inheritorID.set(globalData, this, createEmptyObjectStructure(globalData, globalObject, this));
+    ASSERT(m_inheritorID->isEmpty());
+    return m_inheritorID.get();
 }
 
 PropertyStorage JSObject::growPropertyStorage(JSGlobalData& globalData, size_t oldSize, size_t newSize)

diff --git a/Source/JavaScriptCore/runtime/JSObject.h b/Source/JavaScriptCore/runtime/JSObject.h
index c831f8f..67aa151 100644
--- a/Source/JavaScriptCore/runtime/JSObject.h
+++ b/Source/JavaScriptCore/runtime/JSObject.h

@@ -236,6 +236,7 @@
         
         static size_t offsetOfInlineStorage();
         static size_t offsetOfPropertyStorage();
+        static size_t offsetOfInheritorID();
 
         static JS_EXPORTDATA const ClassInfo s_info;
 
@@ -263,9 +264,9 @@
         // To create derived types you likely want JSNonFinalObject, below.
         JSObject(JSGlobalData&, Structure*, PropertyStorage inlineStorage);
         
-        void resetInheritorID(JSGlobalData& globalData)
+        void resetInheritorID()
         {
-            removeDirect(globalData, globalData.m_inheritorIDKey);
+            m_inheritorID.clear();
         }
 
     private:
@@ -302,6 +303,7 @@
         Structure* createInheritorID(JSGlobalData&);
 
         StorageBarrier m_propertyStorage;
+        WriteBarrier<Structure> m_inheritorID;
     };
 
 
@@ -309,8 +311,8 @@
 #define JSNonFinalObject_inlineStorageCapacity 4
 #define JSFinalObject_inlineStorageCapacity 6
 #else
-#define JSNonFinalObject_inlineStorageCapacity 3
-#define JSFinalObject_inlineStorageCapacity 5
+#define JSNonFinalObject_inlineStorageCapacity 2
+#define JSFinalObject_inlineStorageCapacity 4
 #endif
 
 COMPILE_ASSERT((JSFinalObject_inlineStorageCapacity >= JSNonFinalObject_inlineStorageCapacity), final_storage_is_at_least_as_large_as_non_final);
@@ -415,6 +417,11 @@
     return OBJECT_OFFSETOF(JSObject, m_propertyStorage);
 }
 
+inline size_t JSObject::offsetOfInheritorID()
+{
+    return OBJECT_OFFSETOF(JSObject, m_inheritorID);
+}
+
 inline bool JSObject::isGlobalObject() const
 {
     return structure()->typeInfo().type() == GlobalObjectType;
@@ -507,10 +514,9 @@
 
 inline Structure* JSObject::inheritorID(JSGlobalData& globalData)
 {
-    if (WriteBarrierBase<Unknown>* location = getDirectLocation(globalData, globalData.m_inheritorIDKey)) {
-        Structure* inheritorID = jsCast<Structure*>(location->get());
-        ASSERT(inheritorID->isEmpty());
-        return inheritorID;
+    if (m_inheritorID) {
+        ASSERT(m_inheritorID->isEmpty());
+        return m_inheritorID.get();
     }
     return createInheritorID(globalData);
 }
commit	115e664146fd8ca986198e689ce573e8bb89a531	[log] [tgz]
author	mitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Wed Jun 06 07:37:05 2012 +0000
committer	mitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Wed Jun 06 07:37:05 2012 +0000
tree	c79fabcd9e3502d2f78d32db811fec7427db5845
parent	a6e13e164472567a5ff7169e2ba1297600abe40a [diff]