Changeset 219981 in webkit for trunk/Source/JavaScriptCore/runtime/PropertySlot.h

Timestamp:

Jul 27, 2017, 5:35:49 AM (8 years ago)

Author:

Yusuke Suzuki

Message:

Hoist DOM binding attribute getter prologue into JavaScriptCore taking advantage of DOMJIT / CheckSubClass
​https://bugs.webkit.org/show_bug.cgi?id=171637

Reviewed by Darin Adler.

JSTests:

• stress/domjit-getter-complex-with-incorrect-object.js:

(i.shouldThrow):

• stress/domjit-getter-type-check.js: Copied from JSTests/stress/domjit-getter-complex-with-incorrect-object.js.

(shouldBe):
(i.shouldThrow):

Source/JavaScriptCore:

Each DOM attribute getter has the code to perform ClassInfo check. But it is largely duplicate and causes code bloating.
In this patch, we move ClassInfo check from WebCore to JSC and reduce code size.

We introduce DOMAnnotation which has ClassInfo* and DOMJIT::GetterSetter*. If the getter is not DOMJIT getter, this
DOMJIT::GetterSetter becomes nullptr. We support such a CustomAccessorGetter in all the JIT tiers.

In IC, we drop CheckSubClass completely since IC's Structure check subsumes it. We do not enable this optimization for
op_get_by_id_with_this case yet.
In DFG and FTL, we emit CheckSubClass node. Which is typically removed by CheckStructure leading to CheckSubClass.

And we add DOMAttributeGetterSetter, which is derived class of CustomGetterSetter. It holds DOMAnnotation and perform
ClassInfo check.

• CMakeLists.txt:
• JavaScriptCore.xcodeproj/project.pbxproj:
• bytecode/AccessCase.cpp:

(JSC::AccessCase::generateImpl):

• bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):

• bytecode/GetByIdVariant.cpp:

(JSC::GetByIdVariant::GetByIdVariant):
(JSC::GetByIdVariant::operator=):
(JSC::GetByIdVariant::attemptToMerge):
(JSC::GetByIdVariant::dumpInContext):

• bytecode/GetByIdVariant.h:

(JSC::GetByIdVariant::customAccessorGetter):
(JSC::GetByIdVariant::domAttribute):
(JSC::GetByIdVariant::domJIT): Deleted.

• bytecode/GetterSetterAccessCase.cpp:

(JSC::GetterSetterAccessCase::create):
(JSC::GetterSetterAccessCase::GetterSetterAccessCase):
(JSC::GetterSetterAccessCase::emitDOMJITGetter):

• bytecode/GetterSetterAccessCase.h:

(JSC::GetterSetterAccessCase::domAttribute):
(JSC::GetterSetterAccessCase::customAccessor):
(JSC::GetterSetterAccessCase::domJIT): Deleted.

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::instantiateLexicalVariables):

• create_hash_table:
• dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::blessCallDOMGetter):
(JSC::DFG::ByteCodeParser::handleDOMJITGetter):
(JSC::DFG::ByteCodeParser::handleGetById):

• dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

• dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

• dfg/DFGNode.h:
• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCallDOMGetter):

• dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callCustomGetter):

• domjit/DOMJITGetterSetter.h:

(JSC::DOMJIT::GetterSetter::GetterSetter):
(JSC::DOMJIT::GetterSetter::getter):
(JSC::DOMJIT::GetterSetter::compiler):
(JSC::DOMJIT::GetterSetter::resultType):
(JSC::DOMJIT::GetterSetter::~GetterSetter): Deleted.
(JSC::DOMJIT::GetterSetter::setter): Deleted.
(JSC::DOMJIT::GetterSetter::thisClassInfo): Deleted.

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCallDOMGetter):

• jit/Repatch.cpp:

(JSC::tryCacheGetByID):

• jsc.cpp:

(WTF::DOMJITGetter::DOMJITAttribute::DOMJITAttribute):
(WTF::DOMJITGetter::DOMJITAttribute::callDOMGetter):
(WTF::DOMJITGetter::customGetter):
(WTF::DOMJITGetter::finishCreation):
(WTF::DOMJITGetterComplex::DOMJITAttribute::DOMJITAttribute):
(WTF::DOMJITGetterComplex::DOMJITAttribute::callDOMGetter):
(WTF::DOMJITGetterComplex::customGetter):
(WTF::DOMJITGetterComplex::finishCreation):
(WTF::DOMJITGetter::DOMJITNodeDOMJIT::DOMJITNodeDOMJIT): Deleted.
(WTF::DOMJITGetter::DOMJITNodeDOMJIT::slowCall): Deleted.
(WTF::DOMJITGetter::domJITNodeGetterSetter): Deleted.
(WTF::DOMJITGetterComplex::DOMJITNodeDOMJIT::DOMJITNodeDOMJIT): Deleted.
(WTF::DOMJITGetterComplex::DOMJITNodeDOMJIT::slowCall): Deleted.
(WTF::DOMJITGetterComplex::domJITNodeGetterSetter): Deleted.

• runtime/CustomGetterSetter.h:

(JSC::CustomGetterSetter::create):
(JSC::CustomGetterSetter::setter):
(JSC::CustomGetterSetter::CustomGetterSetter):
(): Deleted.

• runtime/DOMAnnotation.h: Added.

(JSC::operator==):
(JSC::operator!=):

• runtime/DOMAttributeGetterSetter.cpp: Added.
• runtime/DOMAttributeGetterSetter.h: Copied from Source/JavaScriptCore/runtime/CustomGetterSetter.h.

(JSC::isDOMAttributeGetterSetter):

• runtime/Error.cpp:

(JSC::throwDOMAttributeGetterTypeError):

• runtime/Error.h:

(JSC::throwVMDOMAttributeGetterTypeError):

• runtime/JSCustomGetterSetterFunction.cpp:

(JSC::JSCustomGetterSetterFunction::customGetterSetterFunctionCall):

• runtime/JSObject.cpp:

(JSC::JSObject::putInlineSlow):
(JSC::JSObject::deleteProperty):
(JSC::JSObject::getOwnStaticPropertySlot):
(JSC::JSObject::reifyAllStaticProperties):
(JSC::JSObject::fillGetterPropertySlot):
(JSC::JSObject::findPropertyHashEntry): Deleted.

• runtime/JSObject.h:

(JSC::JSObject::getOwnNonIndexPropertySlot):
(JSC::JSObject::fillCustomGetterPropertySlot):

• runtime/Lookup.cpp:

(JSC::setUpStaticFunctionSlot):

• runtime/Lookup.h:

(JSC::HashTableValue::domJIT):
(JSC::getStaticPropertySlotFromTable):
(JSC::putEntry):
(JSC::lookupPut):
(JSC::reifyStaticProperty):
(JSC::reifyStaticProperties):
Each static property table has a new field ClassInfo*. It indicates that which ClassInfo check DOMAttribute registered in
this static property table requires.

• runtime/ProgramExecutable.cpp:

(JSC::ProgramExecutable::initializeGlobalProperties):

• runtime/PropertyName.h:
• runtime/PropertySlot.cpp:

(JSC::PropertySlot::customGetter):
(JSC::PropertySlot::customAccessorGetter):

• runtime/PropertySlot.h:

(JSC::PropertySlot::domAttribute):
(JSC::PropertySlot::setCustom):
(JSC::PropertySlot::setCacheableCustom):
(JSC::PropertySlot::getValue):
(JSC::PropertySlot::domJIT): Deleted.

• runtime/VM.cpp:

(JSC::VM::VM):

• runtime/VM.h:

Source/WebCore:

We use DOMAttribute. When DOMAttribute is specified, ClassInfo check is performed by JSC side.
So, we can drop ClassInfo check from the actual function.

We also simplify DOMJIT::GetterSetter to make it smaller size.

WebCore size comparison

Before: 48443292
After: 48087800 (0.7% reduction)

Speedometer Scores show 0.8% improvement.

Before: 158.9 +- 0.46
After: 160.2 +- 0.36

Dromaeo DOM core Scores show 5.8% improvement.

Before After

Total Score: 8424.12runs/s ±1.38% 8911.60runs/s ±1.47%

DOM Attributes 12627.27runs/s ±1.87% 14023.17runs/s ±1.87%
DOM Modification 1207.82runs/s ±2.48% 1204.21runs/s ±3.05%
DOM Query 68068.82runs/s ±0.63% 74273.38runs/s ±0.69%
DOM Traversal 1240.07runs/s ±1.96% 1256.64runs/s ±1.77%

Performance improvement can be explained by the following optimizations.

1. Type checks are typically eliminated in all the JIT tiers. IC / DFG / FTL can drop type checks since get_by_id operation already performs a structure check which subsumes this type check.
2. Direct getter call by CallDOMGetter without creating IC in DFG and FTL.

• bindings/js/JSDOMAttribute.h:

(WebCore::IDLAttribute::get):
Add CastedThisErrorBehavior::Assert case. When this is specified, we perform casting without using jsDynamicCast.

• bindings/scripts/CodeGeneratorJS.pm:

(IsAcceleratedDOMAttribute):
(GetJSCAttributesForAttribute):
(GenerateHeader):
(GeneratePropertiesHashTable):
(GenerateImplementation):
(GenerateAttributeGetterTrampolineDefinition):
(GenerateAttributeGetterDefinition):
(GenerateCallbackImplementationContent):
(GenerateHashTableValueArray):
(GenerateHashTable):
(GenerateConstructorHelperMethods):
Update CodeGeneratorJS to emit DOMAttribute. And DOMJIT::GetterSetter becomes changed to be smaller size.

• bindings/scripts/test/JS/JSInterfaceName.cpp:

(WebCore::JSInterfaceNamePrototype::finishCreation):

• bindings/scripts/test/JS/JSMapLike.cpp:

(WebCore::JSMapLikePrototype::finishCreation):

• bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:

(WebCore::JSReadOnlyMapLikePrototype::finishCreation):

• bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:

(WebCore::JSTestActiveDOMObjectPrototype::finishCreation):
(WebCore::jsTestActiveDOMObjectExcitingAttr):

• bindings/scripts/test/JS/JSTestCEReactions.cpp:

(WebCore::JSTestCEReactionsPrototype::finishCreation):
(WebCore::jsTestCEReactionsAttributeWithCEReactions):
(WebCore::jsTestCEReactionsReflectAttributeWithCEReactions):
(WebCore::jsTestCEReactionsStringifierAttribute):

• bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:

(WebCore::JSTestCEReactionsStringifierPrototype::finishCreation):
(WebCore::jsTestCEReactionsStringifierValue):

• bindings/scripts/test/JS/JSTestCallTracer.cpp:

(WebCore::JSTestCallTracerPrototype::finishCreation):
(WebCore::jsTestCallTracerTestAttributeInterface):
(WebCore::jsTestCallTracerTestAttributeSpecified):

• bindings/scripts/test/JS/JSTestCallbackInterface.cpp:

(WebCore::JSTestCallbackInterfaceConstructor::initializeProperties):

• bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:

(WebCore::JSTestClassWithJSBuiltinConstructorPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:

(WebCore::JSTestCustomConstructorWithNoInterfaceObjectPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestDOMJIT.cpp:

(WebCore::JSTestDOMJITPrototype::finishCreation):
(WebCore::TestDOMJITAnyAttrDOMJIT::TestDOMJITAnyAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITAnyAttr): Deleted.
(WebCore::TestDOMJITBooleanAttrDOMJIT::TestDOMJITBooleanAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITBooleanAttr): Deleted.
(WebCore::TestDOMJITByteAttrDOMJIT::TestDOMJITByteAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITByteAttr): Deleted.
(WebCore::TestDOMJITOctetAttrDOMJIT::TestDOMJITOctetAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITOctetAttr): Deleted.
(WebCore::TestDOMJITShortAttrDOMJIT::TestDOMJITShortAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITShortAttr): Deleted.
(WebCore::TestDOMJITUnsignedShortAttrDOMJIT::TestDOMJITUnsignedShortAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITUnsignedShortAttr): Deleted.
(WebCore::TestDOMJITLongAttrDOMJIT::TestDOMJITLongAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITLongAttr): Deleted.
(WebCore::TestDOMJITUnsignedLongAttrDOMJIT::TestDOMJITUnsignedLongAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITUnsignedLongAttr): Deleted.
(WebCore::TestDOMJITLongLongAttrDOMJIT::TestDOMJITLongLongAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITLongLongAttr): Deleted.
(WebCore::TestDOMJITUnsignedLongLongAttrDOMJIT::TestDOMJITUnsignedLongLongAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITUnsignedLongLongAttr): Deleted.
(WebCore::TestDOMJITFloatAttrDOMJIT::TestDOMJITFloatAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITFloatAttr): Deleted.
(WebCore::TestDOMJITUnrestrictedFloatAttrDOMJIT::TestDOMJITUnrestrictedFloatAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITUnrestrictedFloatAttr): Deleted.
(WebCore::TestDOMJITDoubleAttrDOMJIT::TestDOMJITDoubleAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITDoubleAttr): Deleted.
(WebCore::TestDOMJITUnrestrictedDoubleAttrDOMJIT::TestDOMJITUnrestrictedDoubleAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITUnrestrictedDoubleAttr): Deleted.
(WebCore::TestDOMJITDomStringAttrDOMJIT::TestDOMJITDomStringAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITDomStringAttr): Deleted.
(WebCore::TestDOMJITByteStringAttrDOMJIT::TestDOMJITByteStringAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITByteStringAttr): Deleted.
(WebCore::TestDOMJITUsvStringAttrDOMJIT::TestDOMJITUsvStringAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITUsvStringAttr): Deleted.
(WebCore::TestDOMJITNodeAttrDOMJIT::TestDOMJITNodeAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITNodeAttr): Deleted.
(WebCore::TestDOMJITBooleanNullableAttrDOMJIT::TestDOMJITBooleanNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITBooleanNullableAttr): Deleted.
(WebCore::TestDOMJITByteNullableAttrDOMJIT::TestDOMJITByteNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITByteNullableAttr): Deleted.
(WebCore::TestDOMJITOctetNullableAttrDOMJIT::TestDOMJITOctetNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITOctetNullableAttr): Deleted.
(WebCore::TestDOMJITShortNullableAttrDOMJIT::TestDOMJITShortNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITShortNullableAttr): Deleted.
(WebCore::TestDOMJITUnsignedShortNullableAttrDOMJIT::TestDOMJITUnsignedShortNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITUnsignedShortNullableAttr): Deleted.
(WebCore::TestDOMJITLongNullableAttrDOMJIT::TestDOMJITLongNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITLongNullableAttr): Deleted.
(WebCore::TestDOMJITUnsignedLongNullableAttrDOMJIT::TestDOMJITUnsignedLongNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITUnsignedLongNullableAttr): Deleted.
(WebCore::TestDOMJITLongLongNullableAttrDOMJIT::TestDOMJITLongLongNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITLongLongNullableAttr): Deleted.
(WebCore::TestDOMJITUnsignedLongLongNullableAttrDOMJIT::TestDOMJITUnsignedLongLongNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITUnsignedLongLongNullableAttr): Deleted.
(WebCore::TestDOMJITFloatNullableAttrDOMJIT::TestDOMJITFloatNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITFloatNullableAttr): Deleted.
(WebCore::TestDOMJITUnrestrictedFloatNullableAttrDOMJIT::TestDOMJITUnrestrictedFloatNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITUnrestrictedFloatNullableAttr): Deleted.
(WebCore::TestDOMJITDoubleNullableAttrDOMJIT::TestDOMJITDoubleNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITDoubleNullableAttr): Deleted.
(WebCore::TestDOMJITUnrestrictedDoubleNullableAttrDOMJIT::TestDOMJITUnrestrictedDoubleNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITUnrestrictedDoubleNullableAttr): Deleted.
(WebCore::TestDOMJITDomStringNullableAttrDOMJIT::TestDOMJITDomStringNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITDomStringNullableAttr): Deleted.
(WebCore::TestDOMJITByteStringNullableAttrDOMJIT::TestDOMJITByteStringNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITByteStringNullableAttr): Deleted.
(WebCore::TestDOMJITUsvStringNullableAttrDOMJIT::TestDOMJITUsvStringNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITUsvStringNullableAttr): Deleted.
(WebCore::TestDOMJITNodeNullableAttrDOMJIT::TestDOMJITNodeNullableAttrDOMJIT): Deleted.
(WebCore::domJITGetterSetterForTestDOMJITNodeNullableAttr): Deleted.

• bindings/scripts/test/JS/JSTestDOMJIT.h:
• bindings/scripts/test/JS/JSTestEventConstructor.cpp:

(WebCore::JSTestEventConstructorPrototype::finishCreation):
(WebCore::jsTestEventConstructorAttr1):
(WebCore::jsTestEventConstructorAttr2):
(WebCore::jsTestEventConstructorAttr3):

• bindings/scripts/test/JS/JSTestEventTarget.cpp:

(WebCore::JSTestEventTargetPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestException.cpp:

(WebCore::JSTestExceptionPrototype::finishCreation):
(WebCore::jsTestExceptionName):

• bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:

(WebCore::JSTestGenerateIsReachablePrototype::finishCreation):
(WebCore::jsTestGenerateIsReachableASecretAttribute):

• bindings/scripts/test/JS/JSTestGlobalObject.cpp:

(WebCore::jsTestGlobalObjectRegularAttribute):

• bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp:

(WebCore::JSTestIndexedSetterNoIdentifierPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp:

(WebCore::JSTestIndexedSetterThrowingExceptionPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp:

(WebCore::JSTestIndexedSetterWithIdentifierPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestInterface.cpp:

(WebCore::JSTestInterfaceConstructor::initializeProperties):
(WebCore::JSTestInterfacePrototype::finishCreation):
(WebCore::jsTestInterfaceImplementsStr1):
(WebCore::jsTestInterfaceImplementsStr2):
(WebCore::jsTestInterfaceImplementsStr3):
(WebCore::jsTestInterfaceImplementsNode):
(WebCore::jsTestInterfaceSupplementalStr1):
(WebCore::jsTestInterfaceSupplementalStr2):
(WebCore::jsTestInterfaceSupplementalStr3):
(WebCore::jsTestInterfaceSupplementalNode):

• bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:

(WebCore::JSTestInterfaceLeadingUnderscorePrototype::finishCreation):
(WebCore::jsTestInterfaceLeadingUnderscoreReadonly):

• bindings/scripts/test/JS/JSTestIterable.cpp:

(WebCore::JSTestIterablePrototype::finishCreation):

• bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:

(WebCore::JSTestJSBuiltinConstructorPrototype::finishCreation):
(WebCore::jsTestJSBuiltinConstructorTestAttributeCustom):
(WebCore::jsTestJSBuiltinConstructorTestAttributeRWCustom):

• bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:

(WebCore::JSTestMediaQueryListListenerPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp:

(WebCore::JSTestNamedAndIndexedSetterNoIdentifierPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp:

(WebCore::JSTestNamedAndIndexedSetterThrowingExceptionPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp:

(WebCore::JSTestNamedAndIndexedSetterWithIdentifierPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedConstructor.cpp:

(WebCore::JSTestNamedConstructorPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp:

(WebCore::JSTestNamedDeleterNoIdentifierPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp:

(WebCore::JSTestNamedDeleterThrowingExceptionPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp:

(WebCore::JSTestNamedDeleterWithIdentifierPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp:

(WebCore::JSTestNamedDeleterWithIndexedGetterPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp:

(WebCore::JSTestNamedGetterCallWithPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp:

(WebCore::JSTestNamedGetterNoIdentifierPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp:

(WebCore::JSTestNamedGetterWithIdentifierPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp:

(WebCore::JSTestNamedSetterNoIdentifierPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp:

(WebCore::JSTestNamedSetterThrowingExceptionPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp:

(WebCore::JSTestNamedSetterWithIdentifierPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.cpp:

(WebCore::JSTestNamedSetterWithIndexedGetterPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.cpp:

(WebCore::JSTestNamedSetterWithIndexedGetterAndSetterPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp:

(WebCore::JSTestNamedSetterWithOverrideBuiltinsPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp:

(WebCore::JSTestNamedSetterWithUnforgablePropertiesPrototype::finishCreation):
(WebCore::jsTestNamedSetterWithUnforgablePropertiesUnforgeableAttribute):

• bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp:

(WebCore::JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltinsPrototype::finishCreation):
(WebCore::jsTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltinsUnforgeableAttribute):

• bindings/scripts/test/JS/JSTestNode.cpp:

(WebCore::JSTestNodePrototype::finishCreation):
(WebCore::jsTestNodeName):

• bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::JSTestObjConstructor::initializeProperties):
(WebCore::JSTestObjPrototype::finishCreation):
(WebCore::jsTestObjReadOnlyLongAttr):
(WebCore::jsTestObjReadOnlyStringAttr):
(WebCore::jsTestObjReadOnlyTestObjAttr):
(WebCore::jsTestObjEnumAttr):
(WebCore::jsTestObjByteAttr):
(WebCore::jsTestObjOctetAttr):
(WebCore::jsTestObjShortAttr):
(WebCore::jsTestObjClampedShortAttr):
(WebCore::jsTestObjEnforceRangeShortAttr):
(WebCore::jsTestObjUnsignedShortAttr):
(WebCore::jsTestObjLongAttr):
(WebCore::jsTestObjLongLongAttr):
(WebCore::jsTestObjUnsignedLongLongAttr):
(WebCore::jsTestObjStringAttr):
(WebCore::jsTestObjUsvstringAttr):
(WebCore::jsTestObjTestObjAttr):
(WebCore::jsTestObjTestNullableObjAttr):
(WebCore::jsTestObjUnforgeableAttr):
(WebCore::jsTestObjStringAttrTreatingNullAsEmptyString):
(WebCore::jsTestObjUsvstringAttrTreatingNullAsEmptyString):
(WebCore::jsTestObjByteStringAttrTreatingNullAsEmptyString):
(WebCore::jsTestObjStringLongRecordAttr):
(WebCore::jsTestObjUsvstringLongRecordAttr):
(WebCore::jsTestObjStringObjRecordAttr):
(WebCore::jsTestObjStringNullableObjRecordAttr):
(WebCore::jsTestObjDictionaryAttr):
(WebCore::jsTestObjNullableDictionaryAttr):
(WebCore::jsTestObjAnnotatedTypeInUnionAttr):
(WebCore::jsTestObjAnnotatedTypeInSequenceAttr):
(WebCore::jsTestObjImplementationEnumAttr):
(WebCore::jsTestObjXMLObjAttr):
(WebCore::jsTestObjCreate):
(WebCore::jsTestObjReflectedStringAttr):
(WebCore::jsTestObjReflectedUSVStringAttr):
(WebCore::jsTestObjReflectedIntegralAttr):
(WebCore::jsTestObjReflectedUnsignedIntegralAttr):
(WebCore::jsTestObjReflectedBooleanAttr):
(WebCore::jsTestObjReflectedURLAttr):
(WebCore::jsTestObjReflectedUSVURLAttr):
(WebCore::jsTestObjReflectedCustomIntegralAttr):
(WebCore::jsTestObjReflectedCustomBooleanAttr):
(WebCore::jsTestObjReflectedCustomURLAttr):
(WebCore::jsTestObjEnabledAtRuntimeAttribute):
(WebCore::jsTestObjEnabledBySettingAttribute):
(WebCore::jsTestObjTypedArrayAttr):
(WebCore::jsTestObjAttributeWithGetterException):
(WebCore::jsTestObjAttributeWithSetterException):
(WebCore::jsTestObjStringAttrWithGetterException):
(WebCore::jsTestObjStringAttrWithSetterException):
(WebCore::jsTestObjCustomAttr):
(WebCore::jsTestObjOnfoo):
(WebCore::jsTestObjOnwebkitfoo):
(WebCore::jsTestObjWithScriptStateAttribute):
(WebCore::jsTestObjWithCallWithAndSetterCallWithAttribute):
(WebCore::jsTestObjWithScriptExecutionContextAttribute):
(WebCore::jsTestObjWithScriptStateAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttribute):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateAttributeRaises):
(WebCore::jsTestObjWithScriptExecutionContextAndScriptStateWithSpacesAttribute):
(WebCore::jsTestObjConditionalAttr1):
(WebCore::jsTestObjConditionalAttr2):
(WebCore::jsTestObjConditionalAttr3):
(WebCore::jsTestObjCachedAttribute1):
(WebCore::jsTestObjCachedAttribute2):
(WebCore::jsTestObjAnyAttribute):
(WebCore::jsTestObjObjectAttribute):
(WebCore::jsTestObjContentDocument):
(WebCore::jsTestObjMutablePoint):
(WebCore::jsTestObjStrawberry):
(WebCore::jsTestObjDescription):
(WebCore::jsTestObjId):
(WebCore::jsTestObjHash):
(WebCore::jsTestObjReplaceableAttribute):
(WebCore::jsTestObjNullableDoubleAttribute):
(WebCore::jsTestObjNullableLongAttribute):
(WebCore::jsTestObjNullableBooleanAttribute):
(WebCore::jsTestObjNullableStringAttribute):
(WebCore::jsTestObjNullableLongSettableAttribute):
(WebCore::jsTestObjNullableStringSettableAttribute):
(WebCore::jsTestObjNullableUSVStringSettableAttribute):
(WebCore::jsTestObjNullableByteStringSettableAttribute):
(WebCore::jsTestObjNullableStringValue):
(WebCore::jsTestObjAttribute):
(WebCore::jsTestObjAttributeWithReservedEnumType):
(WebCore::jsTestObjPutForwardsAttribute):
(WebCore::jsTestObjPutForwardsNullableAttribute):
(WebCore::jsTestObjStringifierAttribute):
(WebCore::jsTestObjConditionallyReadWriteAttribute):
(WebCore::jsTestObjConditionalAndConditionallyReadWriteAttribute):

• bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:

(WebCore::JSTestOverloadedConstructorsPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:

(WebCore::JSTestOverloadedConstructorsWithSequencePrototype::finishCreation):

• bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:

(WebCore::JSTestOverrideBuiltinsPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestPluginInterface.cpp:

(WebCore::JSTestPluginInterfacePrototype::finishCreation):

• bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:

(WebCore::JSTestPromiseRejectionEventPrototype::finishCreation):
(WebCore::jsTestPromiseRejectionEventReason):

• bindings/scripts/test/JS/JSTestSerialization.cpp:

(WebCore::JSTestSerializationPrototype::finishCreation):
(WebCore::jsTestSerializationFirstStringAttribute):
(WebCore::jsTestSerializationSecondLongAttribute):
(WebCore::jsTestSerializationThirdUnserializableAttribute):
(WebCore::jsTestSerializationFourthUnrestrictedDoubleAttribute):
(WebCore::jsTestSerializationFifthLongAttribute):
(WebCore::jsTestSerializationSixthTypedefAttribute):
(WebCore::jsTestSerializationSeventhDirectlySerializableAttribute):
(WebCore::jsTestSerializationEighthIndirectlyAttribute):

• bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.cpp:

(WebCore::JSTestSerializationIndirectInheritancePrototype::finishCreation):

• bindings/scripts/test/JS/JSTestSerializationInherit.cpp:

(WebCore::JSTestSerializationInheritPrototype::finishCreation):
(WebCore::jsTestSerializationInheritInheritLongAttribute):

• bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:

(WebCore::JSTestSerializationInheritFinalPrototype::finishCreation):
(WebCore::jsTestSerializationInheritFinalFinalLongAttributeFoo):
(WebCore::jsTestSerializationInheritFinalFinalLongAttributeBar):

• bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:

(WebCore::JSTestSerializedScriptValueInterfacePrototype::finishCreation):
(WebCore::jsTestSerializedScriptValueInterfaceValue):
(WebCore::jsTestSerializedScriptValueInterfaceReadonlyValue):
(WebCore::jsTestSerializedScriptValueInterfaceCachedValue):
(WebCore::jsTestSerializedScriptValueInterfacePorts):
(WebCore::jsTestSerializedScriptValueInterfaceCachedReadonlyValue):

• bindings/scripts/test/JS/JSTestStringifier.cpp:

(WebCore::JSTestStringifierPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp:

(WebCore::JSTestStringifierAnonymousOperationPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp:

(WebCore::JSTestStringifierNamedOperationPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp:

(WebCore::JSTestStringifierOperationImplementedAsPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp:

(WebCore::JSTestStringifierOperationNamedToStringPrototype::finishCreation):

• bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp:

(WebCore::JSTestStringifierReadOnlyAttributePrototype::finishCreation):
(WebCore::jsTestStringifierReadOnlyAttributeIdentifier):

• bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp:

(WebCore::JSTestStringifierReadWriteAttributePrototype::finishCreation):
(WebCore::jsTestStringifierReadWriteAttributeIdentifier):

• bindings/scripts/test/JS/JSTestTypedefs.cpp:

(WebCore::JSTestTypedefsConstructor::initializeProperties):
(WebCore::JSTestTypedefsPrototype::finishCreation):
(WebCore::jsTestTypedefsUnsignedLongLongAttr):
(WebCore::jsTestTypedefsSerializedScriptValue):
(WebCore::jsTestTypedefsAttributeWithClamp):
(WebCore::jsTestTypedefsAttributeWithClampInTypedef):
(WebCore::jsTestTypedefsAttrWithGetterException):
(WebCore::jsTestTypedefsAttrWithSetterException):
(WebCore::jsTestTypedefsStringAttrWithGetterException):
(WebCore::jsTestTypedefsStringAttrWithSetterException):
(WebCore::jsTestTypedefsBufferSourceAttr):
(WebCore::jsTestTypedefsDomTimeStampAttr):
They are binding test rebaselines.

• domjit/DOMJITIDLTypeFilter.h:
• domjit/JSDocumentDOMJIT.cpp:

(WebCore::compileDocumentDocumentElementAttribute):
(WebCore::compileDocumentBodyAttribute):
(WebCore::DocumentDocumentElementDOMJIT::callDOMGetter): Deleted.
(WebCore::DocumentBodyDOMJIT::callDOMGetter): Deleted.

• domjit/JSNodeDOMJIT.cpp:

(WebCore::compileNodeFirstChildAttribute):
(WebCore::compileNodeLastChildAttribute):
(WebCore::compileNodeNextSiblingAttribute):
(WebCore::compileNodePreviousSiblingAttribute):
(WebCore::compileNodeParentNodeAttribute):
(WebCore::compileNodeNodeTypeAttribute):
(WebCore::compileNodeOwnerDocumentAttribute):
(WebCore::NodeFirstChildDOMJIT::callDOMGetter): Deleted.
(WebCore::NodeLastChildDOMJIT::callDOMGetter): Deleted.
(WebCore::NodeNextSiblingDOMJIT::callDOMGetter): Deleted.
(WebCore::NodePreviousSiblingDOMJIT::callDOMGetter): Deleted.
(WebCore::NodeParentNodeDOMJIT::callDOMGetter): Deleted.
(WebCore::NodeNodeTypeDOMJIT::callDOMGetter): Deleted.
(WebCore::NodeOwnerDocumentDOMJIT::callDOMGetter): Deleted.
DOMJIT::GetterSetter becomes smaller constexpr data.

LayoutTests:

• js/dom/dom-getters-type-check-expected.txt: Added.
• js/dom/dom-getters-type-check.html: Added.

File:

• trunk/Source/JavaScriptCore/runtime/PropertySlot.h (modified) (10 diffs)

trunk/Source/JavaScriptCore/runtime/PropertySlot.h

@@ -21 +21 @@
 #pragma once
 
+#include "DOMAnnotation.h"
 #include "JSCJSValue.h"
 #include "PropertyName.h"
@@ -28 +29 @@
 
 namespace JSC {
-namespace DOMJIT {
-class GetterSetter;
-}
 class ExecState;
 class GetterSetter;
@@ -38 +36 @@
 // ECMA 262-3 8.6.1
 // Property attributes
-enum Attribute {
+enum Attribute : unsigned {
     None              = 0,
     ReadOnly          = 1 << 1,  // property can be only read, not written
@@ -53 +51 @@
     ClassStructure    = 1 << 12, // property is a lazy class structure - only used by static hashtables
     PropertyCallback  = 1 << 13, // property that is a lazy property callback - only used by static hashtables
-    DOMJITAttribute   = 1 << 14, // property is a DOM JIT attribute - only used by static hashtables
-    DOMJITFunction    = 1 << 15, // property is a DOM JIT function - only used by static hashtables
+    DOMAttribute      = 1 << 14, // property is a simple DOM attribute - only used by static hashtables
+    DOMJITAttribute   = 1 << 15, // property is a DOM JIT attribute - only used by static hashtables
+    DOMJITFunction    = 1 << 16, // property is a DOM JIT function - only used by static hashtables
     BuiltinOrFunction = Builtin | Function, // helper only used by static hashtables
     BuiltinOrFunctionOrLazyProperty = Builtin | Function | CellProperty | ClassStructure | PropertyCallback, // helper only used by static hashtables
@@ -91 +90 @@
     enum class AdditionalDataType : uint8_t {
         None,
-        DOMJIT, // Annotated with DOMJIT information.
+        DOMAttribute, // Annotated with DOMAttribute information.
         ModuleNamespace, // ModuleNamespaceObject's environment access.
     };
@@ -171 +170 @@
     }
 
-    DOMJIT::GetterSetter* domJIT() const
-    {
-        if (m_additionalDataType == AdditionalDataType::DOMJIT)
-            return m_additionalData.domJIT;
-        return nullptr;
+    std::optional<DOMAttributeAnnotation> domAttribute() const
+    {
+        if (m_additionalDataType == AdditionalDataType::DOMAttribute)
+            return m_additionalData.domAttribute;
+        return std::nullopt;
     }
 
@@ -251 +250 @@
         m_offset = invalidOffset;
     }
+
+    void setCustom(JSObject* slotBase, unsigned attributes, GetValueFunc getValue, DOMAttributeAnnotation domAttribute)
+    {
+        setCustom(slotBase, attributes, getValue);
+        m_additionalDataType = AdditionalDataType::DOMAttribute;
+        m_additionalData.domAttribute = domAttribute;
+    }
     
     void setCacheableCustom(JSObject* slotBase, unsigned attributes, GetValueFunc getValue)
@@ -266 +272 @@
     }
 
-    void setCacheableCustom(JSObject* slotBase, unsigned attributes, GetValueFunc getValue, DOMJIT::GetterSetter* domJIT)
+    void setCacheableCustom(JSObject* slotBase, unsigned attributes, GetValueFunc getValue, DOMAttributeAnnotation domAttribute)
     {
         setCacheableCustom(slotBase, attributes, getValue);
-        if (domJIT) {
-            m_additionalDataType = AdditionalDataType::DOMJIT;
-            m_additionalData.domJIT = domJIT;
-        }
+        m_additionalDataType = AdditionalDataType::DOMAttribute;
+        m_additionalData.domAttribute = domAttribute;
     }
 
@@ -370 +374 @@
     AdditionalDataType m_additionalDataType;
     union {
-        DOMJIT::GetterSetter* domJIT;
+        DOMAttributeAnnotation domAttribute;
         ModuleNamespaceSlot moduleNamespaceSlot;
     } m_additionalData;
@@ -393 +397 @@
     if (m_propertyType == TypeGetter)
         return functionGetter(exec);
+    if (m_propertyType == TypeCustomAccessor)
+        return customAccessorGetter(exec, Identifier::from(exec, propertyName));
     return customGetter(exec, Identifier::from(exec, propertyName));
 }