Changeset 52956 in webkit for trunk/JavaScriptCore/runtime

Timestamp:

Jan 7, 2010, 4:15:05 PM (15 years ago)

Author:

[email protected]

Message:

Reviewed by Geoffrey Garen.

​https://bugs.webkit.org/show_bug.cgi?id=33057
REGRESSION(r49365): typeof(xhr.responseText) != "string" in Windows

<rdar://problem/7296920> REGRESSION: WebKit fails to start PeaceKeeper benchmark

Test: fast/js/webcore-string-comparison.html

In r49365, some code was moved from JSString.cpp to JSString.h, and as a result, WebCore
got a way to directly instantiate JSStrings over DLL borders. Since vftable for JSString was
not exported, objects created from WebCore got a different vptr, and JavaScriptCore
optimizations that relied on vptr of all JSString objects being equal failed.

• config.h: Added a JS_EXPORTCLASS macro for exporting classes. It's currently the same as JS_EXPORTDATA, but it clearly needed a new name.

• runtime/InitializeThreading.cpp: (JSC::initializeThreadingOnce):
• runtime/JSGlobalData.cpp: (JSC::JSGlobalData::storeVPtrs): (JSC::JSGlobalData::JSGlobalData): (JSC::JSGlobalData::createNonDefault): (JSC::JSGlobalData::create): (JSC::JSGlobalData::sharedInstance):
• runtime/JSGlobalData.h: Store vptrs just once, no need to repeatedly pick and copy them. This makes it possible to assert vptr correctness in object destructors (which don't have access to JSGlobalData, and even Heap::heap(this) will fail for fake objects created from storeVPtrs()).

• runtime/JSArray.cpp: (JSC::JSArray::~JSArray): Assert that vptr is what we expect it to be. It's important to assert in destructor, because MSVC changes the vptr after constructor is invoked.
• runtime/JSByteArray.cpp: (JSC::JSByteArray::~JSByteArray): Ditto.
• runtime/JSByteArray.h: Ditto.
• runtime/JSFunction.h: Ditto.
• runtime/JSFunction.cpp: (JSC::JSFunction::~JSFunction): Ditto.

• runtime/JSCell.h: (JSC::JSCell::setVPtr): Added a method to substitute vptr for another one.

• runtime/JSString.h: Export JSString class together with its vftable, and tell other libraries tp import it. This is needed on platforms that have a separate JavaScriptCore dynamic library - and on Mac, we already did the export via JavaScriptCore.exp. (JSC::JSString::~JSString): Assert tha vptr is what we expect it to be. (JSC::fixupVPtr): Store a previously saved primary vftable pointer (do nothing if building JavaScriptCore itself). (JSC::jsSingleCharacterString): Call fixupVPtr in case this is call across DLL boundary. (JSC::jsSingleCharacterSubstring): Ditto. (JSC::jsNontrivialString): Ditto. (JSC::jsString): Ditto. (JSC::jsSubstring): Ditto. (JSC::jsOwnedString): Ditto.

• JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export the new static JSGlobalData members that are used in WebCore via inline functions.

Location:

trunk/JavaScriptCore/runtime

Files:

• InitializeThreading.cpp (modified) (1 diff)
• JSArray.cpp (modified) (1 diff)
• JSByteArray.cpp (modified) (1 diff)
• JSByteArray.h (modified) (2 diffs)
• JSCell.h (modified) (2 diffs)
• JSFunction.cpp (modified) (1 diff)
• JSFunction.h (modified) (1 diff)
• JSGlobalData.cpp (modified) (6 diffs)
• JSGlobalData.h (modified) (3 diffs)
• JSString.h (modified) (10 diffs)

trunk/JavaScriptCore/runtime/InitializeThreading.cpp

@@ -50 +50 @@
     WTF::initializeThreading();
     initializeUString();
+    JSGlobalData::storeVPtrs();
 #if ENABLE(JSC_MULTIPLE_THREADS)
     s_dtoaP5Mutex = new Mutex;

trunk/JavaScriptCore/runtime/JSArray.cpp

@@ -186 +186 @@
 JSArray::~JSArray()
 {
+    ASSERT(vptr() == JSGlobalData::jsArrayVPtr);
     checkConsistency(DestructorConsistencyCheck);
 

trunk/JavaScriptCore/runtime/JSByteArray.cpp

@@ -43 +43 @@
     putDirect(exec->globalData().propertyNames->length, jsNumber(exec, m_storage->length()), ReadOnly | DontDelete);
 }
-    
+
+#if !ASSERT_DISABLED
+JSByteArray::~JSByteArray()
+{
+    ASSERT(vptr() == JSGlobalData::jsByteArrayVPtr);
+}
+#endif
+
+
 PassRefPtr<Structure> JSByteArray::createStructure(JSValue prototype)
 {

trunk/JavaScriptCore/runtime/JSByteArray.h

@@ -34 +34 @@
 
     class JSByteArray : public JSObject {
-        friend struct VPtrSet;
+        friend class JSGlobalData;
     public:
         bool canAccessIndex(unsigned i) { return i < m_storage->length(); }
@@ -92 +92 @@
         WTF::ByteArray* storage() const { return m_storage.get(); }
 
+#if !ASSERT_DISABLED
+        virtual ~JSByteArray();
+#endif
+
     protected:
         static const unsigned StructureFlags = OverridesGetOwnPropertySlot | OverridesGetPropertyNames | JSObject::StructureFlags;

trunk/JavaScriptCore/runtime/JSCell.h

@@ -44 +44 @@
         friend class JSAPIValueWrapper;
         friend class JSZombie;
-        friend struct VPtrSet;
+        friend class JSGlobalData;
 
     private:
@@ -112 +112 @@
         virtual JSValue getJSNumber();
         void* vptr() { return *reinterpret_cast<void**>(this); }
+        void setVPtr(void* vptr) { *reinterpret_cast<void**>(this) = vptr; }
 
     private:

trunk/JavaScriptCore/runtime/JSFunction.cpp

@@ -82 +82 @@
 JSFunction::~JSFunction()
 {
+    ASSERT(vptr() == JSGlobalData::jsFunctionVPtr);
+
     // JIT code for other functions may have had calls linked directly to the code for this function; these links
     // are based on a check for the this pointer value for this JSFunction - which will no longer be valid once

trunk/JavaScriptCore/runtime/JSFunction.h

@@ -37 +37 @@
     class JSFunction : public InternalFunction {
         friend class JIT;
-        friend struct VPtrSet;
+        friend class JSGlobalData;
 
         typedef InternalFunction Base;

trunk/JavaScriptCore/runtime/JSGlobalData.cpp

@@ -72 +72 @@
 extern JSC_CONST_HASHTABLE HashTable stringTable;
 
-struct VPtrSet {
-    VPtrSet();
-
-    void* jsArrayVPtr;
-    void* jsByteArrayVPtr;
-    void* jsStringVPtr;
-    void* jsFunctionVPtr;
-};
-
-VPtrSet::VPtrSet()
+void* JSGlobalData::jsArrayVPtr;
+void* JSGlobalData::jsByteArrayVPtr;
+void* JSGlobalData::jsStringVPtr;
+void* JSGlobalData::jsFunctionVPtr;
+
+void JSGlobalData::storeVPtrs()
 {
     CollectorCell cell;
@@ -88 +84 @@
     COMPILE_ASSERT(sizeof(JSArray) <= sizeof(CollectorCell), sizeof_JSArray_must_be_less_than_CollectorCell);
     JSCell* jsArray = new (storage) JSArray(JSArray::createStructure(jsNull()));
-    jsArrayVPtr = jsArray->vptr();
+    JSGlobalData::jsArrayVPtr = jsArray->vptr();
     jsArray->~JSCell();
 
     COMPILE_ASSERT(sizeof(JSByteArray) <= sizeof(CollectorCell), sizeof_JSByteArray_must_be_less_than_CollectorCell);
     JSCell* jsByteArray = new (storage) JSByteArray(JSByteArray::VPtrStealingHack);
-    jsByteArrayVPtr = jsByteArray->vptr();
+    JSGlobalData::jsByteArrayVPtr = jsByteArray->vptr();
     jsByteArray->~JSCell();
 
     COMPILE_ASSERT(sizeof(JSString) <= sizeof(CollectorCell), sizeof_JSString_must_be_less_than_CollectorCell);
     JSCell* jsString = new (storage) JSString(JSString::VPtrStealingHack);
-    jsStringVPtr = jsString->vptr();
+    JSGlobalData::jsStringVPtr = jsString->vptr();
     jsString->~JSCell();
 
     COMPILE_ASSERT(sizeof(JSFunction) <= sizeof(CollectorCell), sizeof_JSFunction_must_be_less_than_CollectorCell);
     JSCell* jsFunction = new (storage) JSFunction(JSFunction::createStructure(jsNull()));
-    jsFunctionVPtr = jsFunction->vptr();
+    JSGlobalData::jsFunctionVPtr = jsFunction->vptr();
     jsFunction->~JSCell();
 }
 
-JSGlobalData::JSGlobalData(bool isShared, const VPtrSet& vptrSet)
+JSGlobalData::JSGlobalData(bool isShared)
     : isSharedInstance(isShared)
     , clientData(0)
@@ -131 +127 @@
     , numberStructure(JSNumberCell::createStructure(jsNull()))
 #endif
-    , jsArrayVPtr(vptrSet.jsArrayVPtr)
-    , jsByteArrayVPtr(vptrSet.jsByteArrayVPtr)
-    , jsStringVPtr(vptrSet.jsStringVPtr)
-    , jsFunctionVPtr(vptrSet.jsFunctionVPtr)
     , identifierTable(createIdentifierTable())
     , propertyNames(new CommonIdentifiers(this))
@@ -150 +142 @@
     , functionCodeBlockBeingReparsed(0)
     , firstStringifierToMark(0)
-    , markStack(vptrSet.jsArrayVPtr)
+    , markStack(jsArrayVPtr)
     , cachedUTCOffset(NaN)
     , weakRandom(static_cast<int>(currentTime()))
@@ -205 +197 @@
 PassRefPtr<JSGlobalData> JSGlobalData::createNonDefault()
 {
-    return adoptRef(new JSGlobalData(false, VPtrSet()));
+    return adoptRef(new JSGlobalData(false));
 }
 
 PassRefPtr<JSGlobalData> JSGlobalData::create()
 {
-    JSGlobalData* globalData = new JSGlobalData(false, VPtrSet());
+    JSGlobalData* globalData = new JSGlobalData(false);
     setDefaultIdentifierTable(globalData->identifierTable);
     setCurrentIdentifierTable(globalData->identifierTable);
@@ -233 +225 @@
     JSGlobalData*& instance = sharedInstanceInternal();
     if (!instance) {
-        instance = new JSGlobalData(true, VPtrSet());
+        instance = new JSGlobalData(true);
 #if ENABLE(JSC_MULTIPLE_THREADS)
         instance->makeUsableFromMultipleThreads();

trunk/JavaScriptCore/runtime/JSGlobalData.h

@@ -63 +63 @@
     struct HashTable;
     struct Instruction;    
-    struct VPtrSet;
 
     struct DSTOffsetCache {
@@ -131 +130 @@
 #endif
 
-        void* jsArrayVPtr;
-        void* jsByteArrayVPtr;
-        void* jsStringVPtr;
-        void* jsFunctionVPtr;
+        static void storeVPtrs();
+        static JS_EXPORTDATA void* jsArrayVPtr;
+        static JS_EXPORTDATA void* jsByteArrayVPtr;
+        static JS_EXPORTDATA void* jsStringVPtr;
+        static JS_EXPORTDATA void* jsFunctionVPtr;
 
         IdentifierTable* identifierTable;
@@ -195 +195 @@
         void dumpSampleData(ExecState* exec);
     private:
-        JSGlobalData(bool isShared, const VPtrSet&);
+        JSGlobalData(bool isShared);
         static JSGlobalData*& sharedInstanceInternal();
         void createNativeThunk();

trunk/JavaScriptCore/runtime/JSString.h

@@ -60 +60 @@
     JSString* jsOwnedString(ExecState*, const UString&); 
 
-    class JSString : public JSCell {
+    class JS_EXPORTCLASS JSString : public JSCell {
     public:
         friend class JIT;
-        friend struct VPtrSet;
+        friend class JSGlobalData;
 
         // A Rope is a string composed of a set of substrings.
@@ -248 +248 @@
         ~JSString()
         {
+            ASSERT(vptr() == JSGlobalData::jsStringVPtr);
             for (unsigned i = 0; i < m_ropeLength; ++i)
                 m_fibers[i].deref();
@@ -351 +352 @@
     JSString* asString(JSValue);
 
+    // When an object is created from a different DLL, MSVC changes vptr to a "local" one right after invoking a constructor,
+    // see <http://groups.google.com/group/microsoft.public.vc.language/msg/55cdcefeaf770212>.
+    // This breaks isJSString(), and we don't need that hack anyway, so we change vptr back to primary one.
+    // The below function must be called by any inline function that invokes a JSString constructor.
+#if COMPILER(MSVC) && !defined(BUILDING_JavaScriptCore)
+    inline JSString* fixupVPtr(JSGlobalData* globalData, JSString* string) { string->setVPtr(globalData->jsStringVPtr); return string; }
+#else
+    inline JSString* fixupVPtr(JSGlobalData*, JSString* string) { return string; }
+#endif
+
     inline JSString* asString(JSValue value)
     {
@@ -366 +377 @@
         if (c <= 0xFF)
             return globalData->smallStrings.singleCharacterString(globalData, c);
-        return new (globalData) JSString(globalData, UString(&c, 1));
+        return fixupVPtr(globalData, new (globalData) JSString(globalData, UString(&c, 1)));
     }
 
@@ -375 +386 @@
         if (c <= 0xFF)
             return globalData->smallStrings.singleCharacterString(globalData, c);
-        return new (globalData) JSString(globalData, UString(UString::Rep::create(s.rep(), offset, 1)));
+        return fixupVPtr(globalData, new (globalData) JSString(globalData, UString(UString::Rep::create(s.rep(), offset, 1))));
     }
 
@@ -383 +394 @@
         ASSERT(s[0]);
         ASSERT(s[1]);
-        return new (globalData) JSString(globalData, s);
+        return fixupVPtr(globalData, new (globalData) JSString(globalData, s));
     }
 
@@ -389 +400 @@
     {
         ASSERT(s.size() > 1);
-        return new (globalData) JSString(globalData, s);
+        return fixupVPtr(globalData, new (globalData) JSString(globalData, s));
     }
 
@@ -408 +419 @@
                 return globalData->smallStrings.singleCharacterString(globalData, c);
         }
-        return new (globalData) JSString(globalData, s);
+        return fixupVPtr(globalData, new (globalData) JSString(globalData, s));
     }
 
@@ -423 +434 @@
                 return globalData->smallStrings.singleCharacterString(globalData, c);
         }
-        return new (globalData) JSString(globalData, UString(UString::Rep::create(s.rep(), offset, length)), JSString::HasOtherOwner);
+        return fixupVPtr(globalData, new (globalData) JSString(globalData, UString(UString::Rep::create(s.rep(), offset, length)), JSString::HasOtherOwner));
     }
 
@@ -436 +447 @@
                 return globalData->smallStrings.singleCharacterString(globalData, c);
         }
-        return new (globalData) JSString(globalData, s, JSString::HasOtherOwner);
+        return fixupVPtr(globalData, new (globalData) JSString(globalData, s, JSString::HasOtherOwner));
     }