Ignore:
Timestamp:
Jul 23, 2012, 7:13:19 PM (13 years ago)
Author:
[email protected]
Message:

Property storage should grow in reverse address direction, to support butterflies
https://bugs.webkit.org/show_bug.cgi?id=91788

Reviewed by Geoffrey Garen.

Changes property storage to grow to the left, and changes the property storage pointer to point
one 8-byte word (i.e. JSValue) to the right of the first value in the storage.

Also improved debug support somewhat, by adding a describe() function to the jsc command-line,
and a slow mode of object access in LLInt.

  • assembler/ARMv7Assembler.h:

(JSC::ARMv7Assembler::repatchCompact):

  • assembler/MacroAssemblerARMv7.h:

(MacroAssemblerARMv7):
(JSC::MacroAssemblerARMv7::isCompactPtrAlignedAddressOffset):
(JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::isCompactPtrAlignedAddressOffset):
(JSC::MacroAssemblerX86Common::repatchCompact):

  • assembler/X86Assembler.h:

(JSC::X86Assembler::repatchCompact):

  • bytecode/CodeBlock.cpp:

(JSC::dumpStructure):

  • bytecode/GetByIdStatus.h:

(JSC::GetByIdStatus::GetByIdStatus):

  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • dfg/DFGRepatch.cpp:

(JSC::DFG::tryCacheGetByID):
(JSC::DFG::emitPutTransitionStub):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • heap/ConservativeRoots.cpp:

(JSC::ConservativeRoots::genericAddPointer):

  • heap/CopiedSpace.h:

(CopiedSpace):

  • heap/CopiedSpaceInlineMethods.h:

(JSC::CopiedSpace::pinIfNecessary):
(JSC):

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::compileGetDirectOffset):

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::compileGetDirectOffset):

  • jit/JITStubs.cpp:

(JSC::JITThunks::tryCacheGetByID):

  • jsc.cpp:

(GlobalObject::finishCreation):
(functionDescribe):

  • llint/LLIntCommon.h:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/JSObject.cpp:

(JSC::JSObject::visitChildren):
(JSC::JSFinalObject::visitChildren):
(JSC::JSObject::growOutOfLineStorage):

  • runtime/JSObject.h:

(JSC::JSObject::getDirectLocation):
(JSC::JSObject::offsetForLocation):

  • runtime/JSValue.h:

(JSValue):

  • runtime/PropertyOffset.h:

(JSC::offsetInOutOfLineStorage):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/runtime/JSObject.cpp

    r123164 r123417  
    100100    if (storage) {
    101101        size_t storageSize = thisObject->structure()->outOfLineSizeForKnownNonFinalObject();
     102        size_t capacity = thisObject->structure()->outOfLineCapacity();
    102103        // We have this extra temp here to slake GCC's thirst for the blood of those who dereference type-punned pointers.
    103         void* temp = storage;
    104         visitor.copyAndAppend(&temp, thisObject->structure()->outOfLineCapacity() * sizeof(WriteBarrierBase<Unknown>), storage->slot(), storageSize);
    105         storage = static_cast<PropertyStorage>(temp);
     104        void* temp = storage - capacity - 1;
     105        visitor.copyAndAppend(&temp, capacity * sizeof(WriteBarrierBase<Unknown>), (storage - storageSize - 1)->slot(), storageSize);
     106        storage = static_cast<PropertyStorage>(temp) + capacity + 1;
    106107        thisObject->m_outOfLineStorage.set(storage, StorageBarrier::Unchecked);
    107108    }
     
    129130    if (storage) {
    130131        size_t storageSize = thisObject->structure()->outOfLineSizeForKnownFinalObject();
     132        size_t capacity = thisObject->structure()->outOfLineCapacity();
    131133        // We have this extra temp here to slake GCC's thirst for the blood of those who dereference type-punned pointers.
    132         void* temp = storage;
    133         visitor.copyAndAppend(&temp, thisObject->structure()->outOfLineCapacity() * sizeof(WriteBarrierBase<Unknown>), storage->slot(), storageSize);
    134         storage = static_cast<PropertyStorage>(temp);
     134        void* temp = storage - capacity - 1;
     135        visitor.copyAndAppend(&temp, thisObject->structure()->outOfLineCapacity() * sizeof(WriteBarrierBase<Unknown>), (storage - storageSize - 1)->slot(), storageSize);
     136        storage = static_cast<PropertyStorage>(temp) + capacity + 1;
    135137        thisObject->m_outOfLineStorage.set(storage, StorageBarrier::Unchecked);
    136138    }
     
    596598    // It's important that this function not rely on structure(), since
    597599    // we might be in the middle of a transition.
    598 
     600   
    599601    PropertyStorage oldPropertyStorage = m_outOfLineStorage.get();
    600602    PropertyStorage newPropertyStorage = 0;
     
    604606    if (!globalData.heap.tryAllocateStorage(sizeof(WriteBarrierBase<Unknown>) * newSize, &temp))
    605607        CRASH();
    606     newPropertyStorage = static_cast<PropertyStorage>(temp);
     608    newPropertyStorage = static_cast<PropertyStorage>(temp) + newSize + 1;
    607609   
    608     memcpy(newPropertyStorage, oldPropertyStorage, sizeof(WriteBarrierBase<Unknown>) * oldSize);
     610    memcpy(newPropertyStorage - oldSize - 1, oldPropertyStorage - oldSize - 1, sizeof(WriteBarrierBase<Unknown>) * oldSize);
    609611
    610612    ASSERT(newPropertyStorage);
Note: See TracChangeset for help on using the changeset viewer.