[JSC][DFG][DOMJIT] Extend CheckDOM to CheckSubClass
https://bugs.webkit.org/show_bug.cgi?id=172098
Reviewed by Saam Barati.
JSTests:
* stress/check-sub-class.js: Added.
(shouldBe):
(shouldThrow):
(calling):
(array.forEach):
(i.array.forEach):
Source/JavaScriptCore:
In this patch, we generalize CheckDOM to CheckSubClass.
It can accept any ClassInfo and perform ClassInfo check
in DFG / FTL. Now, we add a new function pointer to ClassInfo,
checkSubClassPatchpoint. It can create DOMJIT patchpoint
for that ClassInfo. It it natural that ClassInfo holds the
way to emit DOMJIT::Patchpoint to perform CheckSubClass
rather than having it in each DOMJIT getter / function
signature annotation.
One problem is that it enlarges the size of ClassInfo.
But this is the best place to put this function pointer.
By doing so, we can add a patchpoint for CheckSubClass
in an non-intrusive manner: WebCore can inject patchpoints
without interactive JSC.
We still have a way to reduce the size of ClassInfo if
we move ArrayBuffer related methods out to the other places.
This patch touches many files because we add a new function
pointer to ClassInfo. But they are basically mechanical change.
* API/JSAPIWrapperObject.mm:
* API/JSCallbackConstructor.cpp:
* API/JSCallbackFunction.cpp:
* API/JSCallbackObject.cpp:
* API/ObjCCallbackFunction.mm:
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
* bytecode/DOMJITAccessCasePatchpointParams.h:
(JSC::DOMJITAccessCasePatchpointParams::DOMJITAccessCasePatchpointParams):
* bytecode/EvalCodeBlock.cpp:
* bytecode/FunctionCodeBlock.cpp:
* bytecode/GetterSetterAccessCase.cpp:
(JSC::GetterSetterAccessCase::emitDOMJITGetter):
* bytecode/ModuleProgramCodeBlock.cpp:
* bytecode/ProgramCodeBlock.cpp:
* bytecode/UnlinkedCodeBlock.cpp:
* bytecode/UnlinkedEvalCodeBlock.cpp:
* bytecode/UnlinkedFunctionCodeBlock.cpp:
* bytecode/UnlinkedFunctionExecutable.cpp:
* bytecode/UnlinkedModuleProgramCodeBlock.cpp:
* bytecode/UnlinkedProgramCodeBlock.cpp:
* debugger/DebuggerScope.cpp:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleDOMJITGetter):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGDOMJITPatchpointParams.h:
(JSC::DFG::DOMJITPatchpointParams::DOMJITPatchpointParams):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::attemptToMakeCallDOM):
(JSC::DFG::FixupPhase::fixupCheckSubClass):
(JSC::DFG::FixupPhase::fixupCheckDOM): Deleted.
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasClassInfo):
(JSC::DFG::Node::classInfo):
(JSC::DFG::Node::hasCheckDOMPatchpoint): Deleted.
(JSC::DFG::Node::checkDOMPatchpoint): Deleted.
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCheckSubClass):
(JSC::DFG::SpeculativeJIT::compileCheckDOM): Deleted.
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::vm):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* domjit/DOMJITGetterSetter.h:
* domjit/DOMJITPatchpointParams.h:
(JSC::DOMJIT::PatchpointParams::PatchpointParams):
(JSC::DOMJIT::PatchpointParams::vm):
* domjit/DOMJITSignature.h:
(JSC::DOMJIT::Signature::Signature):
(JSC::DOMJIT::Signature::checkDOM): Deleted.
* ftl/FTLAbstractHeapRepository.h:
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLDOMJITPatchpointParams.h:
(JSC::FTL::DOMJITPatchpointParams::DOMJITPatchpointParams):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckDOM): Deleted.
* inspector/JSInjectedScriptHost.cpp:
* inspector/JSInjectedScriptHostPrototype.cpp:
* inspector/JSJavaScriptCallFrame.cpp:
* inspector/JSJavaScriptCallFramePrototype.cpp:
* jsc.cpp:
(WTF::DOMJITNode::checkSubClassPatchpoint):
(WTF::DOMJITFunctionObject::checkSubClassPatchpoint):
(WTF::DOMJITFunctionObject::finishCreation):
(WTF::DOMJITCheckSubClassObject::DOMJITCheckSubClassObject):
(WTF::DOMJITCheckSubClassObject::createStructure):
(WTF::DOMJITCheckSubClassObject::create):
(WTF::DOMJITCheckSubClassObject::safeFunction):
(WTF::DOMJITCheckSubClassObject::unsafeFunction):
(WTF::DOMJITCheckSubClassObject::finishCreation):
(GlobalObject::finishCreation):
(functionCreateDOMJITCheckSubClassObject):
(WTF::DOMJITNode::checkDOMJITNode): Deleted.
(WTF::DOMJITFunctionObject::checkDOMJITNode): Deleted.
* runtime/AbstractModuleRecord.cpp:
* runtime/ArrayBufferNeuteringWatchpoint.cpp:
* runtime/ArrayConstructor.cpp:
* runtime/ArrayIteratorPrototype.cpp:
* runtime/ArrayPrototype.cpp:
* runtime/AsyncFunctionConstructor.cpp:
* runtime/AsyncFunctionPrototype.cpp:
* runtime/AtomicsObject.cpp:
* runtime/BooleanConstructor.cpp:
* runtime/BooleanObject.cpp:
* runtime/BooleanPrototype.cpp:
* runtime/ClassInfo.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
(JSC::ClassInfo::dump):
* runtime/ClassInfo.h:
(JSC::ClassInfo::offsetOfParentClass):
* runtime/ClonedArguments.cpp:
* runtime/ConsoleObject.cpp:
* runtime/CustomGetterSetter.cpp:
* runtime/DateConstructor.cpp:
* runtime/DateInstance.cpp:
* runtime/DatePrototype.cpp:
* runtime/DirectArguments.cpp:
* runtime/Error.cpp:
* runtime/ErrorConstructor.cpp:
* runtime/ErrorInstance.cpp:
* runtime/ErrorPrototype.cpp:
* runtime/EvalExecutable.cpp:
* runtime/Exception.cpp:
* runtime/ExceptionHelpers.cpp:
* runtime/ExecutableBase.cpp:
* runtime/FunctionConstructor.cpp:
* runtime/FunctionExecutable.cpp:
* runtime/FunctionPrototype.cpp:
* runtime/FunctionRareData.cpp:
* runtime/GeneratorFunctionConstructor.cpp:
* runtime/GeneratorFunctionPrototype.cpp:
* runtime/GeneratorPrototype.cpp:
* runtime/GetterSetter.cpp:
* runtime/HashMapImpl.cpp:
* runtime/HashMapImpl.h:
* runtime/InferredType.cpp:
(JSC::InferredType::create):
* runtime/InferredTypeTable.cpp:
* runtime/InferredValue.cpp:
* runtime/InspectorInstrumentationObject.cpp:
* runtime/InternalFunction.cpp:
* runtime/IntlCollator.cpp:
* runtime/IntlCollatorConstructor.cpp:
* runtime/IntlCollatorPrototype.cpp:
* runtime/IntlDateTimeFormat.cpp:
* runtime/IntlDateTimeFormatConstructor.cpp:
* runtime/IntlDateTimeFormatPrototype.cpp:
* runtime/IntlNumberFormat.cpp:
* runtime/IntlNumberFormatConstructor.cpp:
* runtime/IntlNumberFormatPrototype.cpp:
* runtime/IntlObject.cpp:
* runtime/IteratorPrototype.cpp:
* runtime/JSAPIValueWrapper.cpp:
* runtime/JSArray.cpp:
* runtime/JSArrayBuffer.cpp:
* runtime/JSArrayBufferConstructor.cpp:
* runtime/JSArrayBufferPrototype.cpp:
* runtime/JSArrayBufferView.cpp:
* runtime/JSAsyncFunction.cpp:
* runtime/JSBoundFunction.cpp:
* runtime/JSCallee.cpp:
* runtime/JSCustomGetterSetterFunction.cpp:
* runtime/JSDataView.cpp:
* runtime/JSDataViewPrototype.cpp:
* runtime/JSEnvironmentRecord.cpp:
* runtime/JSFixedArray.cpp:
* runtime/JSFunction.cpp:
* runtime/JSGeneratorFunction.cpp:
* runtime/JSGlobalLexicalEnvironment.cpp:
* runtime/JSGlobalObject.cpp:
* runtime/JSInternalPromise.cpp:
* runtime/JSInternalPromiseConstructor.cpp:
* runtime/JSInternalPromiseDeferred.cpp:
* runtime/JSInternalPromisePrototype.cpp:
* runtime/JSLexicalEnvironment.cpp:
* runtime/JSMap.cpp:
* runtime/JSMapIterator.cpp:
* runtime/JSModuleEnvironment.cpp:
* runtime/JSModuleLoader.cpp:
* runtime/JSModuleNamespaceObject.cpp:
* runtime/JSModuleRecord.cpp:
* runtime/JSNativeStdFunction.cpp:
* runtime/JSONObject.cpp:
* runtime/JSObject.cpp:
* runtime/JSPromise.cpp:
* runtime/JSPromiseConstructor.cpp:
* runtime/JSPromiseDeferred.cpp:
* runtime/JSPromisePrototype.cpp:
* runtime/JSPropertyNameEnumerator.cpp:
* runtime/JSPropertyNameIterator.cpp:
* runtime/JSProxy.cpp:
* runtime/JSScriptFetcher.cpp:
* runtime/JSSet.cpp:
* runtime/JSSetIterator.cpp:
* runtime/JSSourceCode.cpp:
* runtime/JSString.cpp:
* runtime/JSStringIterator.cpp:
* runtime/JSSymbolTableObject.cpp:
* runtime/JSTemplateRegistryKey.cpp:
* runtime/JSTypedArrayConstructors.cpp:
* runtime/JSTypedArrayPrototypes.cpp:
* runtime/JSTypedArrayViewConstructor.cpp:
* runtime/JSTypedArrays.cpp:
* runtime/JSWeakMap.cpp:
* runtime/JSWeakSet.cpp:
* runtime/JSWithScope.cpp:
* runtime/MapConstructor.cpp:
* runtime/MapIteratorPrototype.cpp:
* runtime/MapPrototype.cpp:
* runtime/MathObject.cpp:
* runtime/ModuleLoaderPrototype.cpp:
* runtime/ModuleProgramExecutable.cpp:
* runtime/NativeErrorConstructor.cpp:
* runtime/NativeExecutable.cpp:
* runtime/NativeStdFunctionCell.cpp:
* runtime/NullGetterFunction.cpp:
* runtime/NullSetterFunction.cpp:
* runtime/NumberConstructor.cpp:
* runtime/NumberObject.cpp:
* runtime/NumberPrototype.cpp:
* runtime/ObjectConstructor.cpp:
* runtime/ObjectPrototype.cpp:
* runtime/ProgramExecutable.cpp:
* runtime/PropertyTable.cpp:
* runtime/ProxyConstructor.cpp:
* runtime/ProxyObject.cpp:
* runtime/ProxyRevoke.cpp:
* runtime/ReflectObject.cpp:
* runtime/RegExp.cpp:
* runtime/RegExpConstructor.cpp:
* runtime/RegExpObject.cpp:
* runtime/RegExpPrototype.cpp:
* runtime/ScopedArguments.cpp:
* runtime/ScopedArgumentsTable.cpp:
* runtime/ScriptExecutable.cpp:
* runtime/SetConstructor.cpp:
* runtime/SetIteratorPrototype.cpp:
* runtime/SetPrototype.cpp:
* runtime/SparseArrayValueMap.cpp:
* runtime/StrictEvalActivation.cpp:
* runtime/StringConstructor.cpp:
* runtime/StringIteratorPrototype.cpp:
* runtime/StringObject.cpp:
* runtime/StringPrototype.cpp:
* runtime/Structure.cpp:
* runtime/StructureChain.cpp:
* runtime/StructureRareData.cpp:
* runtime/Symbol.cpp:
* runtime/SymbolConstructor.cpp:
* runtime/SymbolObject.cpp:
* runtime/SymbolPrototype.cpp:
* runtime/SymbolTable.cpp:
* runtime/WeakMapConstructor.cpp:
* runtime/WeakMapData.cpp:
* runtime/WeakMapPrototype.cpp:
* runtime/WeakSetConstructor.cpp:
* runtime/WeakSetPrototype.cpp:
* testRegExp.cpp:
* tools/JSDollarVM.cpp:
* tools/JSDollarVMPrototype.cpp:
* wasm/JSWebAssembly.cpp:
* wasm/js/JSWebAssemblyCodeBlock.cpp:
* wasm/js/JSWebAssemblyCompileError.cpp:
* wasm/js/JSWebAssemblyInstance.cpp:
* wasm/js/JSWebAssemblyLinkError.cpp:
* wasm/js/JSWebAssemblyMemory.cpp:
* wasm/js/JSWebAssemblyModule.cpp:
* wasm/js/JSWebAssemblyRuntimeError.cpp:
* wasm/js/JSWebAssemblyTable.cpp:
* wasm/js/WebAssemblyCompileErrorConstructor.cpp:
* wasm/js/WebAssemblyCompileErrorPrototype.cpp:
* wasm/js/WebAssemblyFunction.cpp:
* wasm/js/WebAssemblyFunctionBase.cpp:
* wasm/js/WebAssemblyInstanceConstructor.cpp:
* wasm/js/WebAssemblyInstancePrototype.cpp:
* wasm/js/WebAssemblyLinkErrorConstructor.cpp:
* wasm/js/WebAssemblyLinkErrorPrototype.cpp:
* wasm/js/WebAssemblyMemoryConstructor.cpp:
* wasm/js/WebAssemblyMemoryPrototype.cpp:
* wasm/js/WebAssemblyModuleConstructor.cpp:
* wasm/js/WebAssemblyModulePrototype.cpp:
* wasm/js/WebAssemblyModuleRecord.cpp:
* wasm/js/WebAssemblyPrototype.cpp:
* wasm/js/WebAssemblyRuntimeErrorConstructor.cpp:
* wasm/js/WebAssemblyRuntimeErrorPrototype.cpp:
* wasm/js/WebAssemblyTableConstructor.cpp:
* wasm/js/WebAssemblyTablePrototype.cpp:
* wasm/js/WebAssemblyToJSCallee.cpp:
* wasm/js/WebAssemblyWrapperFunction.cpp:
Source/WebCore:
Add DOMJIT interface IDL attribute. Which allows us to define checkSubClassPatchpointFor${className}
function for that ClassInfo. And we move CheckSubClass patchpoint implementation to ClassInfo's member
* CMakeLists.txt:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSDOMGlobalObject.cpp:
* bindings/js/JSDOMWindowBase.cpp:
* bindings/js/JSDOMWindowProperties.cpp:
* bindings/js/JSDOMWindowShell.cpp:
* bindings/js/JSReadableStreamPrivateConstructors.cpp:
* bindings/js/JSWorkerGlobalScopeBase.cpp:
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateImplementation):
(GenerateImplementationIterableFunctions):
(GenerateConstructorHelperMethods):
* bindings/scripts/IDLAttributes.json:
* bindings/scripts/test/JS/JSInterfaceName.cpp:
* bindings/scripts/test/JS/JSMapLike.cpp:
* bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestCEReactions.cpp:
* bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
* bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
* bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
* bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
* bindings/scripts/test/JS/JSTestDOMJIT.cpp:
* bindings/scripts/test/JS/JSTestDOMJIT.h:
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
* bindings/scripts/test/JS/JSTestGlobalObject.cpp:
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
* bindings/scripts/test/JS/JSTestIterable.cpp:
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
* bindings/scripts/test/JS/JSTestNode.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
* bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
* bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
* bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
* bindings/scripts/test/JS/JSTestSerialization.cpp:
* bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
* bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
* bridge/c/CRuntimeObject.cpp:
* bridge/c/c_instance.cpp:
* bridge/objc/ObjCRuntimeObject.mm:
* bridge/objc/objc_instance.mm:
* bridge/objc/objc_runtime.mm:
* bridge/runtime_array.cpp:
* bridge/runtime_method.cpp:
* bridge/runtime_object.cpp:
* dom/Document.idl:
* dom/DocumentFragment.idl:
* dom/Element.idl:
* dom/Event.idl:
* dom/Node.idl:
* domjit/JSDocumentDOMJIT.cpp:
(WebCore::checkSubClassPatchpointForJSDocument):
(WebCore::DocumentDocumentElementDOMJIT::checkDOM): Deleted.
(WebCore::DocumentBodyDOMJIT::checkDOM): Deleted.
* domjit/JSDocumentFragmentDOMJIT.cpp: Copied from Source/JavaScriptCore/runtime/JSMap.cpp.
(WebCore::checkSubClassPatchpointForJSDocumentFragment):
* domjit/JSElementDOMJIT.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
(WebCore::checkSubClassPatchpointForJSElement):
* domjit/JSEventDOMJIT.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
(WebCore::checkSubClassPatchpointForJSEvent):
* domjit/JSNodeDOMJIT.cpp:
(WebCore::checkSubClassPatchpointForJSNode):
(WebCore::NodeFirstChildDOMJIT::checkDOM): Deleted.
(WebCore::NodeLastChildDOMJIT::checkDOM): Deleted.
(WebCore::NodeNextSiblingDOMJIT::checkDOM): Deleted.
(WebCore::NodePreviousSiblingDOMJIT::checkDOM): Deleted.
(WebCore::NodeParentNodeDOMJIT::checkDOM): Deleted.
(WebCore::NodeNodeTypeDOMJIT::checkDOM): Deleted.
(WebCore::NodeOwnerDocumentDOMJIT::checkDOM): Deleted.
Source/WebKit/mac:
* Plugins/Hosted/ProxyInstance.mm:
* Plugins/Hosted/ProxyRuntimeObject.mm:
Source/WebKit2:
* WebProcess/Plugins/Netscape/JSNPMethod.cpp:
* WebProcess/Plugins/Netscape/JSNPObject.cpp:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@217108 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/bytecode/EvalCodeBlock.cpp b/Source/JavaScriptCore/bytecode/EvalCodeBlock.cpp
index 5232a0e..2e91fc5 100644
--- a/Source/JavaScriptCore/bytecode/EvalCodeBlock.cpp
+++ b/Source/JavaScriptCore/bytecode/EvalCodeBlock.cpp
@@ -33,7 +33,7 @@
namespace JSC {
const ClassInfo EvalCodeBlock::s_info = {
- "EvalCodeBlock", &Base::s_info, 0,
+ "EvalCodeBlock", &Base::s_info, nullptr, nullptr,
CREATE_METHOD_TABLE(EvalCodeBlock)
};
