Changeset 78732 in webkit for trunk/Source/JavaScriptCore/runtime/JSObject.h

Timestamp:

Feb 16, 2011, 1:35:19 PM (14 years ago)

Author:

[email protected]

Message:

Bug 54524 - Allow JSObject to fully utilize cell's capacity for inline storage.

Reviewed by Geoff Garen.

Currently JSObject is both directly instantiated for regular JS objects, and
derived to implement subtypes. A consequence of this is that we need to ensure
that sufficient space from the cell is left unused and available for any data
members that will be introduced by subclasses of JSObject. By restructuring
the internal storage array out of JSObject we can increase the size in the
internal storage for regular objects.

Add classes JSFinalObject and JSNonFinalObject. JSNonFinalObject retains as
much additional capacity as is currently available to allow for data members
in subclasses. JSFinalObject utilizes all available space for internal storage,
and only allows construction through JSFinalObject::create().

Source/JavaScriptCore:

The additional storage made available in the JSObject means that we need no
longer rely on a union of the internal storage with a pointer to storage that
is only valid for external storage. This means we can go back to always having
a valid pointer to property storage, regardless of whether this is internal or
external. This simplifies some cases of access to the array from C code, and
significantly simplifies JIT access, since repatching no longer needs to be
able to change between a load of the storage pointer / a LEA of the internal
storage.

• API/JSObjectRef.cpp:

(JSObjectMake):

• assembler/ARMAssembler.h:
• assembler/ARMv7Assembler.h:
• assembler/AbstractMacroAssembler.h:

(JSC::AbstractMacroAssembler::repatchPointer):

• assembler/MIPSAssembler.h:
• assembler/MacroAssemblerARM.h:
• assembler/MacroAssemblerARMv7.h:
• assembler/MacroAssemblerMIPS.h:
• assembler/MacroAssemblerX86.h:
• assembler/MacroAssemblerX86_64.h:
• assembler/RepatchBuffer.h:
• assembler/X86Assembler.h:
• debugger/DebuggerActivation.cpp:

(JSC::DebuggerActivation::DebuggerActivation):

• debugger/DebuggerActivation.h:
• interpreter/Interpreter.cpp:

(JSC::Interpreter::privateExecute):

• jit/JIT.h:
• jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_resolve_global):

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_resolve_global):

• jit/JITPropertyAccess.cpp:

(JSC::JIT::compileGetDirectOffset):
(JSC::JIT::emit_op_get_by_pname):
(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::compilePutDirectOffset):
(JSC::JIT::patchGetByIdSelf):
(JSC::JIT::patchPutByIdReplace):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):

• jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::compilePutDirectOffset):
(JSC::JIT::compileGetDirectOffset):
(JSC::JIT::patchGetByIdSelf):
(JSC::JIT::patchPutByIdReplace):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):
(JSC::JIT::emit_op_get_by_pname):

• jit/JITStubs.cpp:

(JSC::DEFINE_STUB_FUNCTION):

• runtime/Arguments.h:

(JSC::Arguments::Arguments):

• runtime/ErrorInstance.cpp:

(JSC::ErrorInstance::ErrorInstance):

• runtime/ErrorInstance.h:
• runtime/ExceptionHelpers.cpp:

(JSC::InterruptedExecutionError::InterruptedExecutionError):
(JSC::TerminatedExecutionError::TerminatedExecutionError):

• runtime/JSArray.cpp:

(JSC::JSArray::JSArray):

• runtime/JSArray.h:
• runtime/JSByteArray.cpp:

(JSC::JSByteArray::JSByteArray):

• runtime/JSByteArray.h:

(JSC::JSByteArray::JSByteArray):

• runtime/JSFunction.cpp:

(JSC::JSFunction::getOwnPropertySlot):

• runtime/JSGlobalData.cpp:

(JSC::JSGlobalData::JSGlobalData):

• runtime/JSGlobalObject.h:

(JSC::constructEmptyObject):

• runtime/JSNotAnObject.h:

(JSC::JSNotAnObject::JSNotAnObject):

• runtime/JSObject.cpp:

(JSC::JSObject::createInheritorID):
(JSC::JSObject::allocatePropertyStorage):

• runtime/JSObject.h:

(JSC::JSObject::propertyStorage):
(JSC::JSNonFinalObject::JSNonFinalObject):
(JSC::JSNonFinalObject::createStructure):
(JSC::JSFinalObject::create):
(JSC::JSFinalObject::createStructure):
(JSC::JSFinalObject::JSFinalObject):
(JSC::JSObject::offsetOfInlineStorage):
(JSC::constructEmptyObject):
(JSC::createEmptyObjectStructure):
(JSC::JSObject::JSObject):
(JSC::JSObject::~JSObject):
(JSC::Structure::isUsingInlineStorage):

• runtime/JSObjectWithGlobalObject.cpp:

(JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):

• runtime/JSObjectWithGlobalObject.h:

(JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):

• runtime/JSTypeInfo.h:

(JSC::TypeInfo::TypeInfo):
(JSC::TypeInfo::isVanilla):

• runtime/JSVariableObject.h:

(JSC::JSVariableObject::JSVariableObject):

• runtime/JSWrapperObject.h:

(JSC::JSWrapperObject::JSWrapperObject):

• runtime/ObjectConstructor.cpp:

(JSC::constructObject):

• runtime/ObjectPrototype.cpp:

(JSC::ObjectPrototype::ObjectPrototype):

• runtime/ObjectPrototype.h:
• runtime/StrictEvalActivation.cpp:

(JSC::StrictEvalActivation::StrictEvalActivation):

• runtime/StrictEvalActivation.h:
• runtime/Structure.cpp:

(JSC::Structure::Structure):
(JSC::Structure::growPropertyStorageCapacity):

Source/JavaScriptGlue:

• UserObjectImp.cpp:
• UserObjectImp.h:

Update JSObject -> JSNonFinalObject.

Source/WebCore:

• bindings/js/JSDOMWindowShell.h:

Update JSObject -> JSNonFinalObject.

File:

• trunk/Source/JavaScriptCore/runtime/JSObject.h (modified) (9 diffs)

trunk/Source/JavaScriptCore/runtime/JSObject.h

@@ -81 +81 @@
 
     public:
-        explicit JSObject(NonNullPassRefPtr<Structure>);
-
         virtual void markChildren(MarkStack&);
         ALWAYS_INLINE void markChildrenDirect(MarkStack& markStack);
@@ -216 +214 @@
 
         void allocatePropertyStorage(size_t oldSize, size_t newSize);
-        void allocatePropertyStorageInline(size_t oldSize, size_t newSize);
         bool isUsingInlineStorage() const { return m_structure->isUsingInlineStorage(); }
 
-        static const unsigned inlineStorageCapacity = sizeof(EncodedJSValue) == 2 * sizeof(void*) ? 4 : 3;
-        static const unsigned nonInlineBaseStorageCapacity = 16;
-
-        static PassRefPtr<Structure> createStructure(JSValue prototype)
-        {
-            return Structure::create(prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount);
-        }
+        static const unsigned baseExternalStorageCapacity = 16;
 
         void flattenDictionaryObject(JSGlobalData& globalData)
@@ -247 +238 @@
             return locationForOffset(index)->get();
         }
+
+        static size_t offsetOfInlineStorage();
         
     protected:
         static const unsigned StructureFlags = 0;
-        
+
         void putThisToAnonymousValue(unsigned index)
         {
             locationForOffset(index)->setWithoutWriteBarrier(this);
         }
-        
+
+        // To instantiate objects you likely want JSFinalObject, below.
+        // To create derived types you likely want JSNonFinalObject, below.
+        JSObject(NonNullPassRefPtr<Structure>, PropertyStorage inlineStorage);
+
     private:
         // Nobody should ever ask any of these questions on something already known to be a JSObject.
@@ -266 +263 @@
         void isString();
         
-        ConstPropertyStorage propertyStorage() const { return (isUsingInlineStorage() ? m_inlineStorage : m_externalStorage); }
-        PropertyStorage propertyStorage() { return (isUsingInlineStorage() ? m_inlineStorage : m_externalStorage); }
+        ConstPropertyStorage propertyStorage() const { return m_propertyStorage; }
+        PropertyStorage propertyStorage() { return m_propertyStorage; }
 
         const WriteBarrierBase<Unknown>* locationForOffset(size_t offset) const
@@ -288 +285 @@
         Structure* createInheritorID();
 
-        union {
-            PropertyStorage m_externalStorage;
-            WriteBarrierBase<Unknown> m_inlineStorage[inlineStorageCapacity];
-        };
-
+        PropertyStorage m_propertyStorage;
         RefPtr<Structure> m_inheritorID;
     };
-    
+
+
+#if USE(JSVALUE32_64)
+#define JSNonFinalObject_inlineStorageCapacity 4
+#define JSFinalObject_inlineStorageCapacity 6
+#else
+#define JSNonFinalObject_inlineStorageCapacity 2
+#define JSFinalObject_inlineStorageCapacity 4
+#endif
+
+COMPILE_ASSERT((JSFinalObject_inlineStorageCapacity >= JSNonFinalObject_inlineStorageCapacity), final_storage_is_at_least_as_large_as_non_final);
+
+    // JSNonFinalObject is a type of JSObject that has some internal storage,
+    // but also preserves some space in the collector cell for additional
+    // data members in derived types.
+    class JSNonFinalObject : public JSObject {
+        friend class JSObject;
+
+    public:
+        explicit JSNonFinalObject(NonNullPassRefPtr<Structure> structure)
+            : JSObject(structure, m_inlineStorage)
+        {
+            ASSERT(OBJECT_OFFSETOF(JSNonFinalObject, m_inlineStorage) % sizeof(double) == 0);
+        }
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount);
+        }
+
+    private:
+        WriteBarrierBase<Unknown> m_inlineStorage[JSNonFinalObject_inlineStorageCapacity];
+    };
+
+    // JSFinalObject is a type of JSObject that contains sufficent internal
+    // storage to fully make use of the colloctor cell containing it.
+    class JSFinalObject : public JSObject {
+        friend class JSObject;
+
+    public:
+        static JSFinalObject* create(ExecState* exec, NonNullPassRefPtr<Structure> structure)
+        {
+            return new (exec) JSFinalObject(structure);
+        }
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType, StructureFlags), AnonymousSlotCount);
+        }
+
+    private:
+        explicit JSFinalObject(NonNullPassRefPtr<Structure> structure)
+            : JSObject(structure, m_inlineStorage)
+        {
+            ASSERT(OBJECT_OFFSETOF(JSFinalObject, m_inlineStorage) % sizeof(double) == 0);
+        }
+
+        static const unsigned StructureFlags = JSObject::StructureFlags | IsJSFinalObject;
+
+        WriteBarrierBase<Unknown> m_inlineStorage[JSFinalObject_inlineStorageCapacity];
+    };
+
+inline size_t JSObject::offsetOfInlineStorage()
+{
+    ASSERT(OBJECT_OFFSETOF(JSFinalObject, m_inlineStorage) == OBJECT_OFFSETOF(JSNonFinalObject, m_inlineStorage));
+    return OBJECT_OFFSETOF(JSFinalObject, m_inlineStorage);
+}
+
+inline JSObject* constructEmptyObject(ExecState* exec, NonNullPassRefPtr<Structure> structure)
+{
+    return JSFinalObject::create(exec, structure);
+}
+
+inline PassRefPtr<Structure> createEmptyObjectStructure(JSValue prototype)
+{
+    return JSFinalObject::createStructure(prototype);
+}
+
 inline JSObject* asObject(JSCell* cell)
 {
@@ -307 +377 @@
 }
 
-inline JSObject::JSObject(NonNullPassRefPtr<Structure> structure)
+inline JSObject::JSObject(NonNullPassRefPtr<Structure> structure, PropertyStorage inlineStorage)
     : JSCell(structure.releaseRef()) // ~JSObject balances this ref()
-{
-    ASSERT(m_structure->propertyStorageCapacity() == inlineStorageCapacity);
+    , m_propertyStorage(inlineStorage)
+{
+    ASSERT(m_structure->propertyStorageCapacity() < baseExternalStorageCapacity);
     ASSERT(m_structure->isEmpty());
     ASSERT(prototype().isNull() || Heap::heap(this) == Heap::heap(prototype()));
-    ASSERT(OBJECT_OFFSETOF(JSObject, m_inlineStorage) % sizeof(double) == 0);
 }
 
@@ -320 +390 @@
     ASSERT(m_structure);
     if (!isUsingInlineStorage())
-        delete [] m_externalStorage;
+        delete [] m_propertyStorage;
     m_structure->deref();
 }
@@ -364 +434 @@
 inline bool Structure::isUsingInlineStorage() const
 {
-    return (propertyStorageCapacity() == JSObject::inlineStorageCapacity);
+    return propertyStorageCapacity() < JSObject::baseExternalStorageCapacity;
 }
 
@@ -728 +798 @@
 }
 
-ALWAYS_INLINE void JSObject::allocatePropertyStorageInline(size_t oldSize, size_t newSize)
-{
-    ASSERT(newSize > oldSize);
-
-    // It's important that this function not rely on m_structure, since
-    // we might be in the middle of a transition.
-    bool wasInline = (oldSize == JSObject::inlineStorageCapacity);
-
-    PropertyStorage oldPropertyStorage = (wasInline ? m_inlineStorage : m_externalStorage);
-    PropertyStorage newPropertyStorage = new WriteBarrierBase<Unknown>[newSize];
-
-    for (unsigned i = 0; i < oldSize; ++i)
-       newPropertyStorage[i] = oldPropertyStorage[i];
-
-    if (!wasInline)
-        delete [] oldPropertyStorage;
-
-    m_externalStorage = newPropertyStorage;
-}
-
 ALWAYS_INLINE void JSObject::markChildrenDirect(MarkStack& markStack)
 {