Changeset 80969 in webkit for trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

Timestamp:

Mar 13, 2011, 2:16:29 PM (14 years ago)

Author:

[email protected]

Message:

Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this.

Reviewed by Sam Weinig.

The JIT need to 'friend' other classes in order to be able to calculate offsets
of various properties, or the absolute addresses of members within specific objects,
in order to JIT generate code that will access members within the class when run.

Instead of using friends in these cases, switch to providing specific accessor
methods to provide this information. In the case of offsets, these can be static
functions, and in the case of pointers to members within a specific object these can
be const methods returning pointers to const values, to prevent clients from
modifying values otherwise encapsulated within classes.

• bytecode/SamplingTool.h:
• interpreter/Register.h:
• interpreter/RegisterFile.h:
• runtime/JSArray.h:
• runtime/JSCell.h:
• runtime/JSTypeInfo.h:
• runtime/JSVariableObject.h:
• runtime/Structure.h:
• wtf/RefCounted.h:
  • Change these classes to no longer friend the JIT, add accessors for member offsets.
• jit/JIT.cpp:
• jit/JITCall32_64.cpp:
• jit/JITInlineMethods.h:
• jit/JITOpcodes.cpp:
• jit/JITOpcodes32_64.cpp:
• jit/JITPropertyAccess.cpp:
• jit/JITPropertyAccess32_64.cpp:
  • Change the JIT to use class accessors, rather than taking object ofsets directly.
• assembler/AbstractMacroAssembler.h:
• assembler/MacroAssemblerX86_64.h:
• assembler/X86Assembler.h:
  • Since the accessors for objects members return const pointers to retain encapsulation, methods generating code with absolute addresses must be able to handle const pointers (the JIT doesn't write to these values, do dies treat the pointer to value as const from within the C++ code of the JIT, if not at runtime!).

File:

• trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp (modified) (12 diffs)

trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -102 +102 @@
     addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsArrayVPtr)));
 
-    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSArray, m_storage)), regT2);
-    addSlowCase(branch32(AboveOrEqual, regT1, Address(regT0, OBJECT_OFFSETOF(JSArray, m_vectorLength))));
+    loadPtr(Address(regT0, JSArray::storageOffset()), regT2);
+    addSlowCase(branch32(AboveOrEqual, regT1, Address(regT0, JSArray::vectorLengthOffset())));
 
     loadPtr(BaseIndex(regT2, regT1, ScalePtr, OBJECT_OFFSETOF(ArrayStorage, m_vector[0])), regT0);
@@ -160 +160 @@
 
     // Test base's structure
-    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    loadPtr(Address(regT0, JSCell::structureOffset()), regT2);
     addSlowCase(branchPtr(NotEqual, regT2, Address(regT1, OBJECT_OFFSETOF(JSPropertyNameIterator, m_cachedStructure))));
     load32(addressFor(i), regT3);
@@ -199 +199 @@
     emitJumpSlowCaseIfNotJSCell(regT0, base);
     addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsArrayVPtr)));
-    addSlowCase(branch32(AboveOrEqual, regT1, Address(regT0, OBJECT_OFFSETOF(JSArray, m_vectorLength))));
-
-    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSArray, m_storage)), regT2);
+    addSlowCase(branch32(AboveOrEqual, regT1, Address(regT0, JSArray::vectorLengthOffset())));
+
+    loadPtr(Address(regT0, JSArray::storageOffset()), regT2);
     Jump empty = branchTestPtr(Zero, BaseIndex(regT2, regT1, ScalePtr, OBJECT_OFFSETOF(ArrayStorage, m_vector[0])));
 
@@ -337 +337 @@
     BEGIN_UNINTERRUPTED_SEQUENCE(sequenceMethodCheck);
 
-    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), info.structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(regT0, JSCell::structureOffset()), info.structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
     DataLabelPtr protoStructureToCompare, protoObj = moveWithPatch(ImmPtr(0), regT1);
-    Jump protoStructureCheck = branchPtrWithPatch(NotEqual, Address(regT1, OBJECT_OFFSETOF(JSCell, m_structure)), protoStructureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+    Jump protoStructureCheck = branchPtrWithPatch(NotEqual, Address(regT1, JSCell::structureOffset()), protoStructureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
 
     // This will be relinked to load the function without doing a load.
@@ -415 +415 @@
 
     DataLabelPtr structureToCompare;
-    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(regT0, JSCell::structureOffset()), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
     addSlowCase(structureCheck);
     ASSERT_JIT_OFFSET(differenceBetween(hotPathBegin, structureToCompare), patchOffsetGetByIdStructure);
@@ -493 +493 @@
     // It is important that the following instruction plants a 32bit immediate, in order that it can be patched over.
     DataLabelPtr structureToCompare;
-    addSlowCase(branchPtrWithPatch(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure))));
+    addSlowCase(branchPtrWithPatch(NotEqual, Address(regT0, JSCell::structureOffset()), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure))));
     ASSERT_JIT_OFFSET(differenceBetween(hotPathBegin, structureToCompare), patchOffsetPutByIdStructure);
 
@@ -566 +566 @@
 #if CPU(X86_64)
     move(ImmPtr(prototype.asCell()->structure()), regT3);
-    failureCases.append(branchPtr(NotEqual, AbsoluteAddress(&prototype.asCell()->m_structure), regT3));
+    failureCases.append(branchPtr(NotEqual, AbsoluteAddress(prototype.asCell()->addressOfStructure()), regT3));
 #else
-    failureCases.append(branchPtr(NotEqual, AbsoluteAddress(&prototype.asCell()->m_structure), ImmPtr(prototype.asCell()->structure())));
+    failureCases.append(branchPtr(NotEqual, AbsoluteAddress(prototype.asCell()->addressOfStructure()), ImmPtr(prototype.asCell()->structure())));
 #endif
 }
@@ -577 +577 @@
     // Check eax is an object of the right Structure.
     failureCases.append(emitJumpIfNotJSCell(regT0));
-    failureCases.append(branchPtr(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), ImmPtr(oldStructure)));
+    failureCases.append(branchPtr(NotEqual, Address(regT0, JSCell::structureOffset()), ImmPtr(oldStructure)));
     testPrototype(oldStructure->storedPrototype(), failureCases);
 
@@ -611 +611 @@
     sub32(Imm32(1), AbsoluteAddress(oldStructure->addressOfCount()));
     add32(Imm32(1), AbsoluteAddress(newStructure->addressOfCount()));
-    storePtr(ImmPtr(newStructure), Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)));
+    storePtr(ImmPtr(newStructure), Address(regT0, JSCell::structureOffset()));
 
     // write the value
@@ -696 +696 @@
 
     // Checks out okay! - get the length from the storage
-    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSArray, m_storage)), regT3);
+    loadPtr(Address(regT0, JSArray::storageOffset()), regT3);
     load32(Address(regT3, OBJECT_OFFSETOF(ArrayStorage, m_length)), regT2);
     Jump failureCases2 = branch32(Above, regT2, Imm32(JSImmediate::maxImmediateInt));
@@ -736 +736 @@
 
     // Check the prototype object's Structure had not changed.
-    Structure** prototypeStructureAddress = &(protoObject->m_structure);
+    Structure* const * prototypeStructureAddress = protoObject->addressOfStructure();
 #if CPU(X86_64)
     move(ImmPtr(prototypeStructure), regT3);
@@ -859 +859 @@
 
     // Check the prototype object's Structure had not changed.
-    Structure** prototypeStructureAddress = &(protoObject->m_structure);
+    Structure* const * prototypeStructureAddress = protoObject->addressOfStructure();
 #if CPU(X86_64)
     move(ImmPtr(prototypeStructure), regT3);