<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[200383] trunk/Source</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/200383">200383</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2016-05-03 11:36:34 -0700 (Tue, 03 May 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Speed up JSGlobalObject initialization by making some properties lazy
https://bugs.webkit.org/show_bug.cgi?id=157045
Reviewed by Keith Miller.
Source/JavaScriptCore:
This makes about half of JSGlobalObject's state lazy. There are three categories of
state in JSGlobalObject:
1) C++ fields in JSGlobalObject.
2) JS object properties in JSGlobalObject's JSObject superclass.
3) JS variables in JSGlobalObject's JSSegmentedVariableObject superclass.
State held in JS variables cannot yet be made lazy. That's why this patch only goes
half-way.
State in JS object properties can be made lazy if we move it to the static property
hashtable. JSGlobalObject already had one of those. This patch makes static property
hashtables a lot more powerful, by adding three new kinds of static properties. These
new kinds allow us to make almost all of JSGlobalObject's object properties lazy.
State in C++ fields can now be made lazy thanks in part to WTF's support for stateless
lambdas. You can of course make anything lazy by hand, but there are many C++ fields in
JSGlobalObject and we are adding more all the time. We don't want to require that each
of these has a getter with an initialization check and a corresponding out-of-line slow
path that does the initialization. We want this kind of boilerplate to be handled by
some abstractions.
The primary abstraction introduced in this patch is LazyProperty<Type>. Currently, this
only works where Type is a subclass of JSCell. Such a property holds a pointer to Type.
You can use it like you would a WriteBarrier<Type>. It even has set() and get() methods,
so it's almost a drop-in replacement.
The key to LazyProperty<Type>'s power is that you can do this:
class Bar {
...
LazyProperty<Foo> m_foo;
};
...
m_foo.initLater(
[] (const LazyProperty<Foo>::Initializer<Bar>& init) {
init.set(Foo::create(init.vm, init.owner));
});
This initLater() call requires that you pass a stateless lambda (see WTF changelog for
the definition). Miraculously, this initLater() call is guaranteed to compile to a store
of a pointer constant to m_foo, as in:
movabsq 0xBLAH, %rax
movq %rax, &m_foo
This magical pointer constant points to a callback that was generated by the template
instantiation of initLater(). That callback knows to call your stateless lambda, but
also does some other bookkeeping: it makes sure that you indeed initialized the property
inside the callback and it manages recursive initializations. It's totally legal to call
m_foo.get() inside the initLater() callback. If you do that before you call init.set(),
m_foo.get() will return null. This is an excellent escape hatch if we ever find
ourselves in a dependency cycle. I added this feature because I already had to create a
dependency cycle.
Note that using LazyProperties from DFG threads is super awkward. It's going to be hard
to get this right. The DFG thread cannot initialize those fields, so it has to make sure
that it does conservative things. But for some nodes this could mean adding a lot of new
logic, like NewTypedArray, which currently is written in such a way that it assumes that
we always have the typed array structure. Currently we take a two-fold approach: for
typed arrays we don't handle the NewTypedArray intrinsic if the structure isn't
initialized, and for everything else we don't make the properties lazy if the DFG needs
them. As we optimize this further we might need to teach the DFG to handle more lazy
properties. I tried to do this for RegExp but found it to be very confusing. With typed
arrays I got lucky.
There is also a somewhat more powerful construct called LazyClassStructure. We often
need to keep around the structure of some standard JS class, like Date. We also need to
make sure that the constructor ends up in the global object's property table. And we
often need to keep the original value of the constructor for ourselves. In this case, we
want to make sure that the creation of the structure-prototype-constructor constellation
is atomic. We don't want code to start looking at the structure if it points to a
prototype that doesn't have its "constructor" property set yet, for example.
LazyClassStructure solves this by abstracting that whole initialization. You provide the
callback that allocates everything, since we are super inconsistent about the way we
initialize things, but LazyClassStructure establishes the workflow and helps you not
mess up.
Finally, the new static hashtable attributes allow for all of this to work with the JS
property table:
PropertyCallback: if you use this attribute, the second column in the table should be
the name of a function to call to initialize this property. This is useful for things
like the Math property. The Math object turns out to be very expensive to allocate.
Delaying its allocation is super easy with the PropertyCallback attribute.
CellProperty: with this attribute the second column should be a C++ field name like
JSGlobalObject::m_evalErrorConstructor. The static hashtable will grab the offset of
this property, and when it needs to be initialized, Lookup will assume you have a
LazyProperty<JSCell> and call its get() method. It will initialize the property to
whatever get() returned. Note that it's legal to cast a LazyProperty<Anything> to
LazyProperty<JSCell> for the purpose of calling get() because the get() method will just
call whatever callback function pointer is encoded in the property and it does not need
to know anything about what type that callback will instantiate.
ClassStructure: with this attribute the second column should be a C++ field name. The
static hashtable will initialize the property by treating the field as a
LazyClassStructure and it will call get(). LazyClassStructure completely owns the whole
initialization workflow, so Lookup assumes that when LazyClassStructure::get() returns,
the property in question will already be set. By convention, we have LazyClassStructure
initialize the property with a pointer to the constructor, since that's how all of our
classes work: "globalObject.Date" points to the DateConstructor.
This is a 2x speed-up in JSGlobalObject initialization time in a microbenchmark that
calls our C API. This is a 1% speed-up on SunSpider and JSRegress.
* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::create):
* API/ObjCCallbackFunction.h:
(JSC::ObjCCallbackFunction::impl):
* API/ObjCCallbackFunction.mm:
(JSC::ObjCCallbackFunction::ObjCCallbackFunction):
(JSC::ObjCCallbackFunction::create):
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* create_hash_table:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::set):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::originalArrayStructure):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileNewTypedArray):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStructureRegistrationPhase.cpp:
(JSC::DFG::StructureRegistrationPhase::run):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
* runtime/ClonedArguments.cpp:
(JSC::ClonedArguments::getOwnPropertySlot):
(JSC::ClonedArguments::materializeSpecials):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/FunctionPrototype.cpp:
(JSC::functionProtoFuncToString):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::visitChildren):
(JSC::InternalFunction::name):
(JSC::InternalFunction::calculatedDisplayName):
(JSC::InternalFunction::createSubclassStructure):
* runtime/InternalFunction.h:
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::finishCreation):
(JSC::JSBoundFunction::visitChildren):
* runtime/JSFunction.cpp:
(JSC::JSFunction::getOwnPropertySlot):
(JSC::JSFunction::defineOwnProperty):
* runtime/JSGenericTypedArrayViewConstructorInlines.h:
(JSC::constructGenericTypedArrayView):
* runtime/JSGlobalObject.cpp:
(JSC::createProxyProperty):
(JSC::createJSONProperty):
(JSC::createMathProperty):
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::stringPrototypeChainIsSane):
(JSC::JSGlobalObject::resetPrototype):
(JSC::JSGlobalObject::visitChildren):
(JSC::JSGlobalObject::toThis):
(JSC::JSGlobalObject::getOwnPropertySlot):
(JSC::JSGlobalObject::createThrowTypeError): Deleted.
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::objectConstructor):
(JSC::JSGlobalObject::promiseConstructor):
(JSC::JSGlobalObject::internalPromiseConstructor):
(JSC::JSGlobalObject::evalErrorConstructor):
(JSC::JSGlobalObject::rangeErrorConstructor):
(JSC::JSGlobalObject::referenceErrorConstructor):
(JSC::JSGlobalObject::syntaxErrorConstructor):
(JSC::JSGlobalObject::typeErrorConstructor):
(JSC::JSGlobalObject::URIErrorConstructor):
(JSC::JSGlobalObject::nullGetterFunction):
(JSC::JSGlobalObject::nullSetterFunction):
(JSC::JSGlobalObject::callFunction):
(JSC::JSGlobalObject::applyFunction):
(JSC::JSGlobalObject::definePropertyFunction):
(JSC::JSGlobalObject::arrayProtoValuesFunction):
(JSC::JSGlobalObject::initializePromiseFunction):
(JSC::JSGlobalObject::newPromiseCapabilityFunction):
(JSC::JSGlobalObject::functionProtoHasInstanceSymbolFunction):
(JSC::JSGlobalObject::regExpProtoExecFunction):
(JSC::JSGlobalObject::regExpProtoSymbolReplaceFunction):
(JSC::JSGlobalObject::regExpProtoGlobalGetter):
(JSC::JSGlobalObject::regExpProtoUnicodeGetter):
(JSC::JSGlobalObject::throwTypeErrorGetterSetter):
(JSC::JSGlobalObject::moduleLoader):
(JSC::JSGlobalObject::objectPrototype):
(JSC::JSGlobalObject::functionPrototype):
(JSC::JSGlobalObject::arrayPrototype):
(JSC::JSGlobalObject::booleanPrototype):
(JSC::JSGlobalObject::stringPrototype):
(JSC::JSGlobalObject::symbolPrototype):
(JSC::JSGlobalObject::numberPrototype):
(JSC::JSGlobalObject::datePrototype):
(JSC::JSGlobalObject::regExpPrototype):
(JSC::JSGlobalObject::errorPrototype):
(JSC::JSGlobalObject::iteratorPrototype):
(JSC::JSGlobalObject::generatorFunctionPrototype):
(JSC::JSGlobalObject::generatorPrototype):
(JSC::JSGlobalObject::debuggerScopeStructure):
(JSC::JSGlobalObject::withScopeStructure):
(JSC::JSGlobalObject::strictEvalActivationStructure):
(JSC::JSGlobalObject::activationStructure):
(JSC::JSGlobalObject::moduleEnvironmentStructure):
(JSC::JSGlobalObject::directArgumentsStructure):
(JSC::JSGlobalObject::scopedArgumentsStructure):
(JSC::JSGlobalObject::clonedArgumentsStructure):
(JSC::JSGlobalObject::isOriginalArrayStructure):
(JSC::JSGlobalObject::booleanObjectStructure):
(JSC::JSGlobalObject::callbackConstructorStructure):
(JSC::JSGlobalObject::callbackFunctionStructure):
(JSC::JSGlobalObject::callbackObjectStructure):
(JSC::JSGlobalObject::propertyNameIteratorStructure):
(JSC::JSGlobalObject::objcCallbackFunctionStructure):
(JSC::JSGlobalObject::objcWrapperObjectStructure):
(JSC::JSGlobalObject::dateStructure):
(JSC::JSGlobalObject::nullPrototypeObjectStructure):
(JSC::JSGlobalObject::errorStructure):
(JSC::JSGlobalObject::calleeStructure):
(JSC::JSGlobalObject::functionStructure):
(JSC::JSGlobalObject::boundFunctionStructure):
(JSC::JSGlobalObject::boundSlotBaseFunctionStructure):
(JSC::JSGlobalObject::getterSetterStructure):
(JSC::JSGlobalObject::nativeStdFunctionStructure):
(JSC::JSGlobalObject::namedFunctionStructure):
(JSC::JSGlobalObject::functionNameOffset):
(JSC::JSGlobalObject::numberObjectStructure):
(JSC::JSGlobalObject::privateNameStructure):
(JSC::JSGlobalObject::mapStructure):
(JSC::JSGlobalObject::regExpStructure):
(JSC::JSGlobalObject::generatorFunctionStructure):
(JSC::JSGlobalObject::setStructure):
(JSC::JSGlobalObject::stringObjectStructure):
(JSC::JSGlobalObject::symbolObjectStructure):
(JSC::JSGlobalObject::iteratorResultObjectStructure):
(JSC::JSGlobalObject::lazyTypedArrayStructure):
(JSC::JSGlobalObject::typedArrayStructure):
(JSC::JSGlobalObject::typedArrayStructureConcurrently):
(JSC::JSGlobalObject::isOriginalTypedArrayStructure):
(JSC::JSGlobalObject::typedArrayConstructor):
(JSC::JSGlobalObject::actualPointerFor):
(JSC::JSGlobalObject::internalFunctionStructure): Deleted.
* runtime/JSNativeStdFunction.cpp:
(JSC::JSNativeStdFunction::create):
* runtime/JSWithScope.cpp:
(JSC::JSWithScope::create):
(JSC::JSWithScope::visitChildren):
(JSC::JSWithScope::createStructure):
(JSC::JSWithScope::JSWithScope):
* runtime/JSWithScope.h:
(JSC::JSWithScope::object):
(JSC::JSWithScope::create): Deleted.
(JSC::JSWithScope::createStructure): Deleted.
(JSC::JSWithScope::JSWithScope): Deleted.
* runtime/LazyClassStructure.cpp: Added.
(JSC::LazyClassStructure::Initializer::Initializer):
(JSC::LazyClassStructure::Initializer::setPrototype):
(JSC::LazyClassStructure::Initializer::setStructure):
(JSC::LazyClassStructure::Initializer::setConstructor):
(JSC::LazyClassStructure::visit):
(JSC::LazyClassStructure::dump):
* runtime/LazyClassStructure.h: Added.
(JSC::LazyClassStructure::LazyClassStructure):
(JSC::LazyClassStructure::get):
(JSC::LazyClassStructure::prototype):
(JSC::LazyClassStructure::constructor):
(JSC::LazyClassStructure::getConcurrently):
(JSC::LazyClassStructure::prototypeConcurrently):
(JSC::LazyClassStructure::constructorConcurrently):
* runtime/LazyClassStructureInlines.h: Added.
(JSC::LazyClassStructure::initLater):
* runtime/LazyProperty.h: Added.
(JSC::LazyProperty::Initializer::Initializer):
(JSC::LazyProperty::LazyProperty):
(JSC::LazyProperty::get):
(JSC::LazyProperty::getConcurrently):
* runtime/LazyPropertyInlines.h: Added.
(JSC::LazyProperty<ElementType>::Initializer<OwnerType>::set):
(JSC::LazyProperty<ElementType>::initLater):
(JSC::LazyProperty<ElementType>::setMayBeNull):
(JSC::LazyProperty<ElementType>::set):
(JSC::LazyProperty<ElementType>::visit):
(JSC::LazyProperty<ElementType>::dump):
(JSC::LazyProperty<ElementType>::callFunc):
* runtime/Lookup.cpp:
(JSC::setUpStaticFunctionSlot):
* runtime/Lookup.h:
(JSC::HashTableValue::function):
(JSC::HashTableValue::functionLength):
(JSC::HashTableValue::propertyGetter):
(JSC::HashTableValue::propertyPutter):
(JSC::HashTableValue::accessorGetter):
(JSC::HashTableValue::accessorSetter):
(JSC::HashTableValue::constantInteger):
(JSC::HashTableValue::lexerValue):
(JSC::HashTableValue::lazyCellPropertyOffset):
(JSC::HashTableValue::lazyClassStructureOffset):
(JSC::HashTableValue::lazyPropertyCallback):
(JSC::getStaticPropertySlot):
(JSC::getStaticValueSlot):
(JSC::reifyStaticProperty):
* runtime/PropertySlot.h:
* runtime/TypedArrayType.h:
Source/WebCore:
No new tests because no change in behavior.
This adapts JSHTMLElementCustom.cpp to the new JSWithScope API. Note that this revealed
that this was using a curious choice of global object, which may not be right. I decided
to do a very literal refactoring that exactly preserves what this code got before, but I
added a FIXME to reconsider this later.
* bindings/js/JSHTMLElementCustom.cpp:
(WebCore::JSHTMLElement::pushEventHandlerScope):
Source/WTF:
This WTF change is at the heart of a large JSC change. In JSC I found myself wanting to
do this a lot:
static void callback(Foo& foo) { ... }
foo.setCallback(callback);
But that's not very nice to write if many different setCallback() calls are inside of the
same very large function: you'll have to have a lot of static function definitions in
one part of the file, and then a bunch of setCallback() calls in another part. It's hard
to reason about what's going on with such code.
So what if you wrote this instead:
foo.setCallback([] (Foo& foo) { ... });
Much nicer! There is a standard way to do this: lambdas that are stateless are
convertible to function pointers. This change also offers another approach that is a bit
more general.
These additions to WTF help you do it:
isStatelessLambda<Func>(): tells you if Func is a stateless lambda. This uses is_empty to
test if the lambda is stateless. This turns out to be a stronger property than
convertibility to function pointers. For example, a function pointer is convertible to a
function pointer, but it is definitely stateful: you cannot successfully call it if you
only has its type. On the other hand, a stateless lambda is really stateless in the sense
that you only need its type to call it.
callStatelessLambda<ResultType, Func>(Arguments&&...): calls the given stateless lambda.
JSC uses these to build up some sophisticated lazy-initialization APIs. The use of
statelessness allows JSC to combine a lambda with other logic into a single function
pointer.
* wtf/StdLibExtras.h:
(WTF::isStatelessLambda):
(WTF::callStatelessLambda):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreAPIJSCallbackFunctioncpp">trunk/Source/JavaScriptCore/API/JSCallbackFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreAPIObjCCallbackFunctionh">trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreAPIObjCCallbackFunctionmm">trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.mm</a></li>
<li><a href="#trunkSourceJavaScriptCoreCMakeListstxt">trunk/Source/JavaScriptCore/CMakeLists.txt</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkSourceJavaScriptCorecreate_hash_table">trunk/Source/JavaScriptCore/create_hash_table</a></li>
<li><a href="#trunkSourceJavaScriptCoredebuggerDebuggerScopecpp">trunk/Source/JavaScriptCore/debugger/DebuggerScope.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredebuggerDebuggerScopeh">trunk/Source/JavaScriptCore/debugger/DebuggerScope.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGAbstractInterpreterInlinesh">trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGAbstractValuecpp">trunk/Source/JavaScriptCore/dfg/DFGAbstractValue.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGArrayModecpp">trunk/Source/JavaScriptCore/dfg/DFGArrayMode.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp">trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGStructureRegistrationPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGStructureRegistrationPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLLowerDFGToB3cpp">trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeClonedArgumentscpp">trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeCommonSlowPathscpp">trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeFunctionPrototypecpp">trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeInternalFunctioncpp">trunk/Source/JavaScriptCore/runtime/InternalFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeInternalFunctionh">trunk/Source/JavaScriptCore/runtime/InternalFunction.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSBoundFunctioncpp">trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSBoundSlotBaseFunctioncpp">trunk/Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSFunctioncpp">trunk/Source/JavaScriptCore/runtime/JSFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewConstructorInlinesh">trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGlobalObjectcpp">trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGlobalObjecth">trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSNativeStdFunctioncpp">trunk/Source/JavaScriptCore/runtime/JSNativeStdFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSWithScopecpp">trunk/Source/JavaScriptCore/runtime/JSWithScope.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSWithScopeh">trunk/Source/JavaScriptCore/runtime/JSWithScope.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeLookupcpp">trunk/Source/JavaScriptCore/runtime/Lookup.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeLookuph">trunk/Source/JavaScriptCore/runtime/Lookup.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimePropertySloth">trunk/Source/JavaScriptCore/runtime/PropertySlot.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeTypedArrayTypeh">trunk/Source/JavaScriptCore/runtime/TypedArrayType.h</a></li>
<li><a href="#trunkSourceWTFChangeLog">trunk/Source/WTF/ChangeLog</a></li>
<li><a href="#trunkSourceWTFwtfStdLibExtrash">trunk/Source/WTF/wtf/StdLibExtras.h</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSHTMLElementCustomcpp">trunk/Source/WebCore/bindings/js/JSHTMLElementCustom.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreruntimeLazyClassStructurecpp">trunk/Source/JavaScriptCore/runtime/LazyClassStructure.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeLazyClassStructureh">trunk/Source/JavaScriptCore/runtime/LazyClassStructure.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeLazyClassStructureInlinesh">trunk/Source/JavaScriptCore/runtime/LazyClassStructureInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeLazyPropertyh">trunk/Source/JavaScriptCore/runtime/LazyProperty.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeLazyPropertyInlinesh">trunk/Source/JavaScriptCore/runtime/LazyPropertyInlines.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreAPIJSCallbackFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/API/JSCallbackFunction.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/API/JSCallbackFunction.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/API/JSCallbackFunction.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2006, 2008 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2006, 2008, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -58,7 +58,8 @@
</span><span class="cx">
</span><span class="cx"> JSCallbackFunction* JSCallbackFunction::create(VM& vm, JSGlobalObject* globalObject, JSObjectCallAsFunctionCallback callback, const String& name)
</span><span class="cx"> {
</span><del>- JSCallbackFunction* function = new (NotNull, allocateCell<JSCallbackFunction>(vm.heap)) JSCallbackFunction(vm, globalObject->callbackFunctionStructure(), callback);
</del><ins>+ Structure* structure = globalObject->callbackFunctionStructure();
+ JSCallbackFunction* function = new (NotNull, allocateCell<JSCallbackFunction>(vm.heap)) JSCallbackFunction(vm, structure, callback);
</ins><span class="cx"> function->finishCreation(vm, name);
</span><span class="cx"> return function;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreAPIObjCCallbackFunctionh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.h (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.h 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.h 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -62,7 +62,7 @@
</span><span class="cx"> ObjCCallbackFunctionImpl* impl() const { return m_impl.get(); }
</span><span class="cx">
</span><span class="cx"> protected:
</span><del>- ObjCCallbackFunction(VM&, JSGlobalObject*, JSObjectCallAsFunctionCallback, JSObjectCallAsConstructorCallback, std::unique_ptr<ObjCCallbackFunctionImpl>);
</del><ins>+ ObjCCallbackFunction(VM&, Structure*, JSObjectCallAsFunctionCallback, JSObjectCallAsConstructorCallback, std::unique_ptr<ObjCCallbackFunctionImpl>);
</ins><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> static CallType getCallData(JSCell*, CallData&);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreAPIObjCCallbackFunctionmm"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.mm (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.mm 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.mm 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -498,8 +498,8 @@
</span><span class="cx">
</span><span class="cx"> const JSC::ClassInfo ObjCCallbackFunction::s_info = { "CallbackFunction", &Base::s_info, 0, CREATE_METHOD_TABLE(ObjCCallbackFunction) };
</span><span class="cx">
</span><del>-ObjCCallbackFunction::ObjCCallbackFunction(JSC::VM& vm, JSC::JSGlobalObject* globalObject, JSObjectCallAsFunctionCallback functionCallback, JSObjectCallAsConstructorCallback constructCallback, std::unique_ptr<ObjCCallbackFunctionImpl> impl)
- : Base(vm, globalObject->objcCallbackFunctionStructure())
</del><ins>+ObjCCallbackFunction::ObjCCallbackFunction(JSC::VM& vm, JSC::Structure* structure, JSObjectCallAsFunctionCallback functionCallback, JSObjectCallAsConstructorCallback constructCallback, std::unique_ptr<ObjCCallbackFunctionImpl> impl)
+ : Base(vm, structure)
</ins><span class="cx"> , m_functionCallback(functionCallback)
</span><span class="cx"> , m_constructCallback(constructCallback)
</span><span class="cx"> , m_impl(WTFMove(impl))
</span><span class="lines">@@ -508,7 +508,8 @@
</span><span class="cx">
</span><span class="cx"> ObjCCallbackFunction* ObjCCallbackFunction::create(JSC::VM& vm, JSC::JSGlobalObject* globalObject, const String& name, std::unique_ptr<ObjCCallbackFunctionImpl> impl)
</span><span class="cx"> {
</span><del>- ObjCCallbackFunction* function = new (NotNull, allocateCell<ObjCCallbackFunction>(vm.heap)) ObjCCallbackFunction(vm, globalObject, objCCallbackFunctionCallAsFunction, objCCallbackFunctionCallAsConstructor, WTFMove(impl));
</del><ins>+ Structure* structure = globalObject->objcCallbackFunctionStructure();
+ ObjCCallbackFunction* function = new (NotNull, allocateCell<ObjCCallbackFunction>(vm.heap)) ObjCCallbackFunction(vm, structure, objCCallbackFunctionCallAsFunction, objCCallbackFunctionCallAsConstructor, WTFMove(impl));
</ins><span class="cx"> function->finishCreation(vm, name);
</span><span class="cx"> return function;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreCMakeListstxt"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/CMakeLists.txt (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/CMakeLists.txt 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/CMakeLists.txt 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -740,6 +740,7 @@
</span><span class="cx"> runtime/JSWeakSet.cpp
</span><span class="cx"> runtime/JSWithScope.cpp
</span><span class="cx"> runtime/JSWrapperObject.cpp
</span><ins>+ runtime/LazyClassStructure.cpp
</ins><span class="cx"> runtime/LiteralParser.cpp
</span><span class="cx"> runtime/Lookup.cpp
</span><span class="cx"> runtime/MapConstructor.cpp
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/ChangeLog 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,3 +1,319 @@
</span><ins>+2016-05-01 Filip Pizlo <fpizlo@apple.com>
+
+ Speed up JSGlobalObject initialization by making some properties lazy
+ https://bugs.webkit.org/show_bug.cgi?id=157045
+
+ Reviewed by Keith Miller.
+
+ This makes about half of JSGlobalObject's state lazy. There are three categories of
+ state in JSGlobalObject:
+
+ 1) C++ fields in JSGlobalObject.
+ 2) JS object properties in JSGlobalObject's JSObject superclass.
+ 3) JS variables in JSGlobalObject's JSSegmentedVariableObject superclass.
+
+ State held in JS variables cannot yet be made lazy. That's why this patch only goes
+ half-way.
+
+ State in JS object properties can be made lazy if we move it to the static property
+ hashtable. JSGlobalObject already had one of those. This patch makes static property
+ hashtables a lot more powerful, by adding three new kinds of static properties. These
+ new kinds allow us to make almost all of JSGlobalObject's object properties lazy.
+
+ State in C++ fields can now be made lazy thanks in part to WTF's support for stateless
+ lambdas. You can of course make anything lazy by hand, but there are many C++ fields in
+ JSGlobalObject and we are adding more all the time. We don't want to require that each
+ of these has a getter with an initialization check and a corresponding out-of-line slow
+ path that does the initialization. We want this kind of boilerplate to be handled by
+ some abstractions.
+
+ The primary abstraction introduced in this patch is LazyProperty<Type>. Currently, this
+ only works where Type is a subclass of JSCell. Such a property holds a pointer to Type.
+ You can use it like you would a WriteBarrier<Type>. It even has set() and get() methods,
+ so it's almost a drop-in replacement.
+
+ The key to LazyProperty<Type>'s power is that you can do this:
+
+ class Bar {
+ ...
+ LazyProperty<Foo> m_foo;
+ };
+ ...
+ m_foo.initLater(
+ [] (const LazyProperty<Foo>::Initializer<Bar>& init) {
+ init.set(Foo::create(init.vm, init.owner));
+ });
+
+ This initLater() call requires that you pass a stateless lambda (see WTF changelog for
+ the definition). Miraculously, this initLater() call is guaranteed to compile to a store
+ of a pointer constant to m_foo, as in:
+
+ movabsq 0xBLAH, %rax
+ movq %rax, &m_foo
+
+ This magical pointer constant points to a callback that was generated by the template
+ instantiation of initLater(). That callback knows to call your stateless lambda, but
+ also does some other bookkeeping: it makes sure that you indeed initialized the property
+ inside the callback and it manages recursive initializations. It's totally legal to call
+ m_foo.get() inside the initLater() callback. If you do that before you call init.set(),
+ m_foo.get() will return null. This is an excellent escape hatch if we ever find
+ ourselves in a dependency cycle. I added this feature because I already had to create a
+ dependency cycle.
+
+ Note that using LazyProperties from DFG threads is super awkward. It's going to be hard
+ to get this right. The DFG thread cannot initialize those fields, so it has to make sure
+ that it does conservative things. But for some nodes this could mean adding a lot of new
+ logic, like NewTypedArray, which currently is written in such a way that it assumes that
+ we always have the typed array structure. Currently we take a two-fold approach: for
+ typed arrays we don't handle the NewTypedArray intrinsic if the structure isn't
+ initialized, and for everything else we don't make the properties lazy if the DFG needs
+ them. As we optimize this further we might need to teach the DFG to handle more lazy
+ properties. I tried to do this for RegExp but found it to be very confusing. With typed
+ arrays I got lucky.
+
+ There is also a somewhat more powerful construct called LazyClassStructure. We often
+ need to keep around the structure of some standard JS class, like Date. We also need to
+ make sure that the constructor ends up in the global object's property table. And we
+ often need to keep the original value of the constructor for ourselves. In this case, we
+ want to make sure that the creation of the structure-prototype-constructor constellation
+ is atomic. We don't want code to start looking at the structure if it points to a
+ prototype that doesn't have its "constructor" property set yet, for example.
+ LazyClassStructure solves this by abstracting that whole initialization. You provide the
+ callback that allocates everything, since we are super inconsistent about the way we
+ initialize things, but LazyClassStructure establishes the workflow and helps you not
+ mess up.
+
+ Finally, the new static hashtable attributes allow for all of this to work with the JS
+ property table:
+
+ PropertyCallback: if you use this attribute, the second column in the table should be
+ the name of a function to call to initialize this property. This is useful for things
+ like the Math property. The Math object turns out to be very expensive to allocate.
+ Delaying its allocation is super easy with the PropertyCallback attribute.
+
+ CellProperty: with this attribute the second column should be a C++ field name like
+ JSGlobalObject::m_evalErrorConstructor. The static hashtable will grab the offset of
+ this property, and when it needs to be initialized, Lookup will assume you have a
+ LazyProperty<JSCell> and call its get() method. It will initialize the property to
+ whatever get() returned. Note that it's legal to cast a LazyProperty<Anything> to
+ LazyProperty<JSCell> for the purpose of calling get() because the get() method will just
+ call whatever callback function pointer is encoded in the property and it does not need
+ to know anything about what type that callback will instantiate.
+
+ ClassStructure: with this attribute the second column should be a C++ field name. The
+ static hashtable will initialize the property by treating the field as a
+ LazyClassStructure and it will call get(). LazyClassStructure completely owns the whole
+ initialization workflow, so Lookup assumes that when LazyClassStructure::get() returns,
+ the property in question will already be set. By convention, we have LazyClassStructure
+ initialize the property with a pointer to the constructor, since that's how all of our
+ classes work: "globalObject.Date" points to the DateConstructor.
+
+ This is a 2x speed-up in JSGlobalObject initialization time in a microbenchmark that
+ calls our C API. This is a 1% speed-up on SunSpider and JSRegress.
+
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::create):
+ * API/ObjCCallbackFunction.h:
+ (JSC::ObjCCallbackFunction::impl):
+ * API/ObjCCallbackFunction.mm:
+ (JSC::ObjCCallbackFunction::ObjCCallbackFunction):
+ (JSC::ObjCCallbackFunction::create):
+ * CMakeLists.txt:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * create_hash_table:
+ * dfg/DFGAbstractInterpreterInlines.h:
+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+ * dfg/DFGAbstractValue.cpp:
+ (JSC::DFG::AbstractValue::set):
+ * dfg/DFGArrayMode.cpp:
+ (JSC::DFG::ArrayMode::originalArrayStructure):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGStructureRegistrationPhase.cpp:
+ (JSC::DFG::StructureRegistrationPhase::run):
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
+ * runtime/ClonedArguments.cpp:
+ (JSC::ClonedArguments::getOwnPropertySlot):
+ (JSC::ClonedArguments::materializeSpecials):
+ * runtime/CommonSlowPaths.cpp:
+ (JSC::SLOW_PATH_DECL):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::functionProtoFuncToString):
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::visitChildren):
+ (JSC::InternalFunction::name):
+ (JSC::InternalFunction::calculatedDisplayName):
+ (JSC::InternalFunction::createSubclassStructure):
+ * runtime/InternalFunction.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::finishCreation):
+ (JSC::JSBoundFunction::visitChildren):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertySlot):
+ (JSC::JSFunction::defineOwnProperty):
+ * runtime/JSGenericTypedArrayViewConstructorInlines.h:
+ (JSC::constructGenericTypedArrayView):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::createProxyProperty):
+ (JSC::createJSONProperty):
+ (JSC::createMathProperty):
+ (JSC::JSGlobalObject::init):
+ (JSC::JSGlobalObject::stringPrototypeChainIsSane):
+ (JSC::JSGlobalObject::resetPrototype):
+ (JSC::JSGlobalObject::visitChildren):
+ (JSC::JSGlobalObject::toThis):
+ (JSC::JSGlobalObject::getOwnPropertySlot):
+ (JSC::JSGlobalObject::createThrowTypeError): Deleted.
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::objectConstructor):
+ (JSC::JSGlobalObject::promiseConstructor):
+ (JSC::JSGlobalObject::internalPromiseConstructor):
+ (JSC::JSGlobalObject::evalErrorConstructor):
+ (JSC::JSGlobalObject::rangeErrorConstructor):
+ (JSC::JSGlobalObject::referenceErrorConstructor):
+ (JSC::JSGlobalObject::syntaxErrorConstructor):
+ (JSC::JSGlobalObject::typeErrorConstructor):
+ (JSC::JSGlobalObject::URIErrorConstructor):
+ (JSC::JSGlobalObject::nullGetterFunction):
+ (JSC::JSGlobalObject::nullSetterFunction):
+ (JSC::JSGlobalObject::callFunction):
+ (JSC::JSGlobalObject::applyFunction):
+ (JSC::JSGlobalObject::definePropertyFunction):
+ (JSC::JSGlobalObject::arrayProtoValuesFunction):
+ (JSC::JSGlobalObject::initializePromiseFunction):
+ (JSC::JSGlobalObject::newPromiseCapabilityFunction):
+ (JSC::JSGlobalObject::functionProtoHasInstanceSymbolFunction):
+ (JSC::JSGlobalObject::regExpProtoExecFunction):
+ (JSC::JSGlobalObject::regExpProtoSymbolReplaceFunction):
+ (JSC::JSGlobalObject::regExpProtoGlobalGetter):
+ (JSC::JSGlobalObject::regExpProtoUnicodeGetter):
+ (JSC::JSGlobalObject::throwTypeErrorGetterSetter):
+ (JSC::JSGlobalObject::moduleLoader):
+ (JSC::JSGlobalObject::objectPrototype):
+ (JSC::JSGlobalObject::functionPrototype):
+ (JSC::JSGlobalObject::arrayPrototype):
+ (JSC::JSGlobalObject::booleanPrototype):
+ (JSC::JSGlobalObject::stringPrototype):
+ (JSC::JSGlobalObject::symbolPrototype):
+ (JSC::JSGlobalObject::numberPrototype):
+ (JSC::JSGlobalObject::datePrototype):
+ (JSC::JSGlobalObject::regExpPrototype):
+ (JSC::JSGlobalObject::errorPrototype):
+ (JSC::JSGlobalObject::iteratorPrototype):
+ (JSC::JSGlobalObject::generatorFunctionPrototype):
+ (JSC::JSGlobalObject::generatorPrototype):
+ (JSC::JSGlobalObject::debuggerScopeStructure):
+ (JSC::JSGlobalObject::withScopeStructure):
+ (JSC::JSGlobalObject::strictEvalActivationStructure):
+ (JSC::JSGlobalObject::activationStructure):
+ (JSC::JSGlobalObject::moduleEnvironmentStructure):
+ (JSC::JSGlobalObject::directArgumentsStructure):
+ (JSC::JSGlobalObject::scopedArgumentsStructure):
+ (JSC::JSGlobalObject::clonedArgumentsStructure):
+ (JSC::JSGlobalObject::isOriginalArrayStructure):
+ (JSC::JSGlobalObject::booleanObjectStructure):
+ (JSC::JSGlobalObject::callbackConstructorStructure):
+ (JSC::JSGlobalObject::callbackFunctionStructure):
+ (JSC::JSGlobalObject::callbackObjectStructure):
+ (JSC::JSGlobalObject::propertyNameIteratorStructure):
+ (JSC::JSGlobalObject::objcCallbackFunctionStructure):
+ (JSC::JSGlobalObject::objcWrapperObjectStructure):
+ (JSC::JSGlobalObject::dateStructure):
+ (JSC::JSGlobalObject::nullPrototypeObjectStructure):
+ (JSC::JSGlobalObject::errorStructure):
+ (JSC::JSGlobalObject::calleeStructure):
+ (JSC::JSGlobalObject::functionStructure):
+ (JSC::JSGlobalObject::boundFunctionStructure):
+ (JSC::JSGlobalObject::boundSlotBaseFunctionStructure):
+ (JSC::JSGlobalObject::getterSetterStructure):
+ (JSC::JSGlobalObject::nativeStdFunctionStructure):
+ (JSC::JSGlobalObject::namedFunctionStructure):
+ (JSC::JSGlobalObject::functionNameOffset):
+ (JSC::JSGlobalObject::numberObjectStructure):
+ (JSC::JSGlobalObject::privateNameStructure):
+ (JSC::JSGlobalObject::mapStructure):
+ (JSC::JSGlobalObject::regExpStructure):
+ (JSC::JSGlobalObject::generatorFunctionStructure):
+ (JSC::JSGlobalObject::setStructure):
+ (JSC::JSGlobalObject::stringObjectStructure):
+ (JSC::JSGlobalObject::symbolObjectStructure):
+ (JSC::JSGlobalObject::iteratorResultObjectStructure):
+ (JSC::JSGlobalObject::lazyTypedArrayStructure):
+ (JSC::JSGlobalObject::typedArrayStructure):
+ (JSC::JSGlobalObject::typedArrayStructureConcurrently):
+ (JSC::JSGlobalObject::isOriginalTypedArrayStructure):
+ (JSC::JSGlobalObject::typedArrayConstructor):
+ (JSC::JSGlobalObject::actualPointerFor):
+ (JSC::JSGlobalObject::internalFunctionStructure): Deleted.
+ * runtime/JSNativeStdFunction.cpp:
+ (JSC::JSNativeStdFunction::create):
+ * runtime/JSWithScope.cpp:
+ (JSC::JSWithScope::create):
+ (JSC::JSWithScope::visitChildren):
+ (JSC::JSWithScope::createStructure):
+ (JSC::JSWithScope::JSWithScope):
+ * runtime/JSWithScope.h:
+ (JSC::JSWithScope::object):
+ (JSC::JSWithScope::create): Deleted.
+ (JSC::JSWithScope::createStructure): Deleted.
+ (JSC::JSWithScope::JSWithScope): Deleted.
+ * runtime/LazyClassStructure.cpp: Added.
+ (JSC::LazyClassStructure::Initializer::Initializer):
+ (JSC::LazyClassStructure::Initializer::setPrototype):
+ (JSC::LazyClassStructure::Initializer::setStructure):
+ (JSC::LazyClassStructure::Initializer::setConstructor):
+ (JSC::LazyClassStructure::visit):
+ (JSC::LazyClassStructure::dump):
+ * runtime/LazyClassStructure.h: Added.
+ (JSC::LazyClassStructure::LazyClassStructure):
+ (JSC::LazyClassStructure::get):
+ (JSC::LazyClassStructure::prototype):
+ (JSC::LazyClassStructure::constructor):
+ (JSC::LazyClassStructure::getConcurrently):
+ (JSC::LazyClassStructure::prototypeConcurrently):
+ (JSC::LazyClassStructure::constructorConcurrently):
+ * runtime/LazyClassStructureInlines.h: Added.
+ (JSC::LazyClassStructure::initLater):
+ * runtime/LazyProperty.h: Added.
+ (JSC::LazyProperty::Initializer::Initializer):
+ (JSC::LazyProperty::LazyProperty):
+ (JSC::LazyProperty::get):
+ (JSC::LazyProperty::getConcurrently):
+ * runtime/LazyPropertyInlines.h: Added.
+ (JSC::LazyProperty<ElementType>::Initializer<OwnerType>::set):
+ (JSC::LazyProperty<ElementType>::initLater):
+ (JSC::LazyProperty<ElementType>::setMayBeNull):
+ (JSC::LazyProperty<ElementType>::set):
+ (JSC::LazyProperty<ElementType>::visit):
+ (JSC::LazyProperty<ElementType>::dump):
+ (JSC::LazyProperty<ElementType>::callFunc):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/Lookup.h:
+ (JSC::HashTableValue::function):
+ (JSC::HashTableValue::functionLength):
+ (JSC::HashTableValue::propertyGetter):
+ (JSC::HashTableValue::propertyPutter):
+ (JSC::HashTableValue::accessorGetter):
+ (JSC::HashTableValue::accessorSetter):
+ (JSC::HashTableValue::constantInteger):
+ (JSC::HashTableValue::lexerValue):
+ (JSC::HashTableValue::lazyCellPropertyOffset):
+ (JSC::HashTableValue::lazyClassStructureOffset):
+ (JSC::HashTableValue::lazyPropertyCallback):
+ (JSC::getStaticPropertySlot):
+ (JSC::getStaticValueSlot):
+ (JSC::reifyStaticProperty):
+ * runtime/PropertySlot.h:
+ * runtime/TypedArrayType.h:
+
</ins><span class="cx"> 2016-05-03 Per Arne Vollan <peavo@outlook.com>
</span><span class="cx">
</span><span class="cx"> [Win] Remove Windows XP Compatibility Requirements
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1995,6 +1995,11 @@
</span><span class="cx"> DC17E81A1C9C91E9008A6AB3 /* CCallHelpers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC17E8161C9C802B008A6AB3 /* CCallHelpers.cpp */; };
</span><span class="cx"> DC2143071CA32E55000A8869 /* ICStats.h in Headers */ = {isa = PBXBuildFile; fileRef = DC2143061CA32E52000A8869 /* ICStats.h */; };
</span><span class="cx"> DC2143081CA32E58000A8869 /* ICStats.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC2143051CA32E52000A8869 /* ICStats.cpp */; };
</span><ins>+ DCF3D5691CD2946D003D5C65 /* LazyClassStructure.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF3D5641CD29468003D5C65 /* LazyClassStructure.cpp */; };
+ DCF3D56A1CD29470003D5C65 /* LazyClassStructure.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF3D5651CD29468003D5C65 /* LazyClassStructure.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ DCF3D56B1CD29472003D5C65 /* LazyClassStructureInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF3D5661CD29468003D5C65 /* LazyClassStructureInlines.h */; };
+ DCF3D56C1CD29475003D5C65 /* LazyProperty.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF3D5671CD29468003D5C65 /* LazyProperty.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ DCF3D56D1CD29476003D5C65 /* LazyPropertyInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF3D5681CD29468003D5C65 /* LazyPropertyInlines.h */; };
</ins><span class="cx"> DE26E9031CB5DD0500D2BE82 /* BuiltinExecutableCreator.h in Headers */ = {isa = PBXBuildFile; fileRef = DE26E9021CB5DD0500D2BE82 /* BuiltinExecutableCreator.h */; };
</span><span class="cx"> DE26E9071CB5DEFB00D2BE82 /* BuiltinExecutableCreator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DE26E9061CB5DD9600D2BE82 /* BuiltinExecutableCreator.cpp */; };
</span><span class="cx"> DE5A0A001BA3AC3E003D4424 /* IntrinsicEmitter.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DE5A09FF1BA3AC3E003D4424 /* IntrinsicEmitter.cpp */; };
</span><span class="lines">@@ -4204,6 +4209,11 @@
</span><span class="cx"> DC17E8161C9C802B008A6AB3 /* CCallHelpers.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CCallHelpers.cpp; sourceTree = "<group>"; };
</span><span class="cx"> DC2143051CA32E52000A8869 /* ICStats.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ICStats.cpp; sourceTree = "<group>"; };
</span><span class="cx"> DC2143061CA32E52000A8869 /* ICStats.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ICStats.h; sourceTree = "<group>"; };
</span><ins>+ DCF3D5641CD29468003D5C65 /* LazyClassStructure.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LazyClassStructure.cpp; sourceTree = "<group>"; };
+ DCF3D5651CD29468003D5C65 /* LazyClassStructure.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LazyClassStructure.h; sourceTree = "<group>"; };
+ DCF3D5661CD29468003D5C65 /* LazyClassStructureInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LazyClassStructureInlines.h; sourceTree = "<group>"; };
+ DCF3D5671CD29468003D5C65 /* LazyProperty.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LazyProperty.h; sourceTree = "<group>"; };
+ DCF3D5681CD29468003D5C65 /* LazyPropertyInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LazyPropertyInlines.h; sourceTree = "<group>"; };
</ins><span class="cx"> DE26E9021CB5DD0500D2BE82 /* BuiltinExecutableCreator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BuiltinExecutableCreator.h; sourceTree = "<group>"; };
</span><span class="cx"> DE26E9061CB5DD9600D2BE82 /* BuiltinExecutableCreator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BuiltinExecutableCreator.cpp; sourceTree = "<group>"; };
</span><span class="cx"> DE5A09FF1BA3AC3E003D4424 /* IntrinsicEmitter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = IntrinsicEmitter.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -5496,6 +5506,11 @@
</span><span class="cx"> 7EF6E0BB0EB7A1EC0079AFAF /* runtime */ = {
</span><span class="cx"> isa = PBXGroup;
</span><span class="cx"> children = (
</span><ins>+ DCF3D5641CD29468003D5C65 /* LazyClassStructure.cpp */,
+ DCF3D5651CD29468003D5C65 /* LazyClassStructure.h */,
+ DCF3D5661CD29468003D5C65 /* LazyClassStructureInlines.h */,
+ DCF3D5671CD29468003D5C65 /* LazyProperty.h */,
+ DCF3D5681CD29468003D5C65 /* LazyPropertyInlines.h */,
</ins><span class="cx"> BCF605110E203EF800B9A64D /* ArgList.cpp */,
</span><span class="cx"> BCF605120E203EF800B9A64D /* ArgList.h */,
</span><span class="cx"> 0FE0500C1AA9091100D33B33 /* ArgumentsMode.h */,
</span><span class="lines">@@ -7127,6 +7142,7 @@
</span><span class="cx"> A5FD0074189B038C00633231 /* ConsoleTypes.h in Headers */,
</span><span class="cx"> 0FFC99D1184EC8AD009C10AB /* ConstantMode.h in Headers */,
</span><span class="cx"> E354622B1B6065D100545386 /* ConstructAbility.h in Headers */,
</span><ins>+ DCF3D56D1CD29476003D5C65 /* LazyPropertyInlines.h in Headers */,
</ins><span class="cx"> BC18C3F60E16F5CD00B34460 /* ConstructData.h in Headers */,
</span><span class="cx"> A57D23F21891B5B40031C7FA /* ContentSearchUtilities.h in Headers */,
</span><span class="cx"> 52678F911A04177C006A306D /* ControlFlowProfiler.h in Headers */,
</span><span class="lines">@@ -7770,6 +7786,7 @@
</span><span class="cx"> BC18C4520E16F5CD00B34460 /* LegacyProfiler.h in Headers */,
</span><span class="cx"> BC18C4310E16F5CD00B34460 /* Lexer.h in Headers */,
</span><span class="cx"> BC18C52E0E16FCE100B34460 /* Lexer.lut.h in Headers */,
</span><ins>+ DCF3D56B1CD29472003D5C65 /* LazyClassStructureInlines.h in Headers */,
</ins><span class="cx"> FE187A021BFBE5610038BBCA /* JITMulGenerator.h in Headers */,
</span><span class="cx"> 86D3B3C310159D7F002865E7 /* LinkBuffer.h in Headers */,
</span><span class="cx"> 0F431738146BAC69007E3890 /* ListableHandler.h in Headers */,
</span><span class="lines">@@ -7847,6 +7864,7 @@
</span><span class="cx"> 86F3EEBD168CDE930077B92A /* ObjCCallbackFunction.h in Headers */,
</span><span class="cx"> 86F3EEBF168CDE930077B92A /* ObjcRuntimeExtras.h in Headers */,
</span><span class="cx"> 14CA958D16AB50FA00938A06 /* ObjectAllocationProfile.h in Headers */,
</span><ins>+ DCF3D56C1CD29475003D5C65 /* LazyProperty.h in Headers */,
</ins><span class="cx"> BC18C4450E16F5CD00B34460 /* ObjectConstructor.h in Headers */,
</span><span class="cx"> 996B73221BDA08EF00331B84 /* ObjectConstructor.lut.h in Headers */,
</span><span class="cx"> 0FD3E40A1B618B6600C80E1E /* ObjectPropertyCondition.h in Headers */,
</span><span class="lines">@@ -7862,6 +7880,7 @@
</span><span class="cx"> BC18C44B0E16F5CD00B34460 /* Parser.h in Headers */,
</span><span class="cx"> 93052C350FB792190048FDC3 /* ParserArena.h in Headers */,
</span><span class="cx"> 0FCCAE4516D0CF7400D0C65B /* ParserError.h in Headers */,
</span><ins>+ DCF3D56A1CD29470003D5C65 /* LazyClassStructure.h in Headers */,
</ins><span class="cx"> A77F1825164192C700640A47 /* ParserModes.h in Headers */,
</span><span class="cx"> 65303D641447B9E100D3F904 /* ParserTokens.h in Headers */,
</span><span class="cx"> 0FF9CE741B9CD6D0004EDCA6 /* PolymorphicAccess.h in Headers */,
</span><span class="lines">@@ -8927,6 +8946,7 @@
</span><span class="cx"> A54982031891D0B00081E5B8 /* EventLoop.cpp in Sources */,
</span><span class="cx"> FE1C0FFF1B194FD100B53FCA /* Exception.cpp in Sources */,
</span><span class="cx"> 0F12DE0F1979D5FD0006FF4E /* ExceptionFuzz.cpp in Sources */,
</span><ins>+ DCF3D5691CD2946D003D5C65 /* LazyClassStructure.cpp in Sources */,
</ins><span class="cx"> 1429D8780ED21ACD00B89619 /* ExceptionHelpers.cpp in Sources */,
</span><span class="cx"> 86CA032E1038E8440028A609 /* Executable.cpp in Sources */,
</span><span class="cx"> 0FF054F91AC35B4400E5BE57 /* ExecutableAllocationFuzz.cpp in Sources */,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorecreate_hash_table"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/create_hash_table (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/create_hash_table 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/create_hash_table 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -5,7 +5,7 @@
</span><span class="cx"> # (c) 2000-2002 by Harri Porten <porten@kde.org> and
</span><span class="cx"> # David Faure <faure@kde.org>
</span><span class="cx"> # Modified (c) 2004 by Nikolas Zimmermann <wildfox@kde.org>
</span><del>-# Copyright (C) 2007, 2008, 2009, 2015 Apple Inc. All rights reserved.
</del><ins>+# Copyright (C) 2007, 2008, 2009, 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> #
</span><span class="cx"> # This library is free software; you can redistribute it and/or
</span><span class="cx"> # modify it under the terms of the GNU Lesser General Public
</span><span class="lines">@@ -97,6 +97,15 @@
</span><span class="cx"> my $put = "nullptr";
</span><span class="cx"> $hasSetter = "true";
</span><span class="cx"> push(@values, { "type" => "Accessor", "get" => $get, "put" => $put });
</span><ins>+ } elsif ($att =~ m/CellProperty/) {
+ my $property = $val;
+ push(@values, { "type" => "CellProperty", "property" => $property });
+ } elsif ($att =~ m/ClassStructure/) {
+ my $property = $val;
+ push(@values, { "type" => "ClassStructure", "property" => $property });
+ } elsif ($att =~ m/PropertyCallback/) {
+ my $cback = $val;
+ push(@values, { "type" => "PropertyCallback", "cback" => $cback });
</ins><span class="cx"> } elsif (length($att)) {
</span><span class="cx"> my $get = $val;
</span><span class="cx"> my $put = "0";
</span><span class="lines">@@ -298,6 +307,14 @@
</span><span class="cx"> } elsif ($values[$i]{"type"} eq "Lexer") {
</span><span class="cx"> $firstValue = $values[$i]{"value"};
</span><span class="cx"> $secondValue = "0";
</span><ins>+ } elsif ($values[$i]{"type"} eq "CellProperty" || $values[$i]{"type"} eq "ClassStructure") {
+ $values[$i]{"property"} =~ /\A([a-zA-Z0-9_]+)::(.*)\Z/ or die;
+ $firstValue = "OBJECT_OFFSETOF($1, $2)";
+ $secondValue = "0";
+ } elsif ($values[$i]{"type"} eq "PropertyCallback") {
+ $firstCastStr = "static_cast<LazyPropertyCallback>";
+ $firstValue = $values[$i]{"cback"};
+ $secondValue = "0";
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> my $intrinsic = "NoIntrinsic";
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredebuggerDebuggerScopecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/debugger/DebuggerScope.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/debugger/DebuggerScope.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/debugger/DebuggerScope.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008-2009, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008-2009, 2014, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -36,9 +36,17 @@
</span><span class="cx">
</span><span class="cx"> const ClassInfo DebuggerScope::s_info = { "DebuggerScope", &Base::s_info, 0, CREATE_METHOD_TABLE(DebuggerScope) };
</span><span class="cx">
</span><del>-DebuggerScope::DebuggerScope(VM& vm, JSScope* scope)
- : JSNonFinalObject(vm, scope->globalObject()->debuggerScopeStructure())
</del><ins>+DebuggerScope* DebuggerScope::create(VM& vm, JSScope* scope)
</ins><span class="cx"> {
</span><ins>+ Structure* structure = scope->globalObject()->debuggerScopeStructure();
+ DebuggerScope* debuggerScope = new (NotNull, allocateCell<DebuggerScope>(vm.heap)) DebuggerScope(vm, structure, scope);
+ debuggerScope->finishCreation(vm);
+ return debuggerScope;
+}
+
+DebuggerScope::DebuggerScope(VM& vm, Structure* structure, JSScope* scope)
+ : JSNonFinalObject(vm, structure)
+{
</ins><span class="cx"> ASSERT(scope);
</span><span class="cx"> m_scope.set(vm, this, scope);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredebuggerDebuggerScopeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/debugger/DebuggerScope.h (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/debugger/DebuggerScope.h 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/debugger/DebuggerScope.h 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008-2009, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008-2009, 2014, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -38,12 +38,7 @@
</span><span class="cx"> typedef JSNonFinalObject Base;
</span><span class="cx"> static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames;
</span><span class="cx">
</span><del>- static DebuggerScope* create(VM& vm, JSScope* scope)
- {
- DebuggerScope* debuggerScope = new (NotNull, allocateCell<DebuggerScope>(vm.heap)) DebuggerScope(vm, scope);
- debuggerScope->finishCreation(vm);
- return debuggerScope;
- }
</del><ins>+ JS_EXPORT_PRIVATE static DebuggerScope* create(VM& vm, JSScope* scope);
</ins><span class="cx">
</span><span class="cx"> static void visitChildren(JSCell*, SlotVisitor&);
</span><span class="cx"> static String className(const JSObject*);
</span><span class="lines">@@ -96,8 +91,8 @@
</span><span class="cx"> JSValue caughtValue(ExecState*) const;
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- JS_EXPORT_PRIVATE DebuggerScope(VM&, JSScope*);
- JS_EXPORT_PRIVATE void finishCreation(VM&);
</del><ins>+ DebuggerScope(VM&, Structure*, JSScope*);
+ void finishCreation(VM&);
</ins><span class="cx">
</span><span class="cx"> JSScope* jsScope() const { return m_scope.get(); }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGAbstractInterpreterInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1866,7 +1866,7 @@
</span><span class="cx"> }
</span><span class="cx"> forNode(node).set(
</span><span class="cx"> m_graph,
</span><del>- m_graph.globalObjectFor(node->origin.semantic)->typedArrayStructure(
</del><ins>+ m_graph.globalObjectFor(node->origin.semantic)->typedArrayStructureConcurrently(
</ins><span class="cx"> node->typedArrayType()));
</span><span class="cx"> break;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGAbstractValuecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGAbstractValue.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGAbstractValue.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/dfg/DFGAbstractValue.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -77,6 +77,8 @@
</span><span class="cx">
</span><span class="cx"> void AbstractValue::set(Graph& graph, Structure* structure)
</span><span class="cx"> {
</span><ins>+ RELEASE_ASSERT(structure);
+
</ins><span class="cx"> m_structure = structure;
</span><span class="cx"> m_arrayModes = asArrayModes(structure->indexingType());
</span><span class="cx"> m_type = speculationFromStructure(structure);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGArrayModecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGArrayMode.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGArrayMode.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/dfg/DFGArrayMode.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -323,20 +323,20 @@
</span><span class="cx"> return globalObject->originalArrayStructureForIndexingType(ArrayWithArrayStorage);
</span><span class="cx"> default:
</span><span class="cx"> CRASH();
</span><del>- return 0;
</del><ins>+ return nullptr;
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> case Array::OriginalNonArray: {
</span><span class="cx"> TypedArrayType type = typedArrayType();
</span><span class="cx"> if (type == NotTypedArray)
</span><del>- return 0;
</del><ins>+ return nullptr;
</ins><span class="cx">
</span><del>- return globalObject->typedArrayStructure(type);
</del><ins>+ return globalObject->typedArrayStructureConcurrently(type);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> default:
</span><del>- return 0;
</del><ins>+ return nullptr;
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -2575,6 +2575,9 @@
</span><span class="cx">
</span><span class="cx"> if (argumentCountIncludingThis != 2)
</span><span class="cx"> return false;
</span><ins>+
+ if (!function->globalObject()->typedArrayStructureConcurrently(type))
+ return false;
</ins><span class="cx">
</span><span class="cx"> insertChecks();
</span><span class="cx"> set(VirtualRegister(resultOperand),
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -6763,7 +6763,8 @@
</span><span class="cx"> {
</span><span class="cx"> JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node->origin.semantic);
</span><span class="cx"> TypedArrayType type = node->typedArrayType();
</span><del>- Structure* structure = globalObject->typedArrayStructure(type);
</del><ins>+ Structure* structure = globalObject->typedArrayStructureConcurrently(type);
+ RELEASE_ASSERT(structure);
</ins><span class="cx">
</span><span class="cx"> SpeculateInt32Operand size(this, node->child1());
</span><span class="cx"> GPRReg sizeGPR = size.gpr();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -3804,7 +3804,7 @@
</span><span class="cx"> JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node->origin.semantic);
</span><span class="cx"> callOperation(
</span><span class="cx"> operationNewTypedArrayWithOneArgumentForType(node->typedArrayType()),
</span><del>- resultGPR, globalObject->typedArrayStructure(node->typedArrayType()),
</del><ins>+ resultGPR, globalObject->typedArrayStructureConcurrently(node->typedArrayType()),
</ins><span class="cx"> argumentTagGPR, argumentPayloadGPR);
</span><span class="cx"> m_jit.exceptionCheck();
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -3861,7 +3861,7 @@
</span><span class="cx"> JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node->origin.semantic);
</span><span class="cx"> callOperation(
</span><span class="cx"> operationNewTypedArrayWithOneArgumentForType(node->typedArrayType()),
</span><del>- resultGPR, globalObject->typedArrayStructure(node->typedArrayType()),
</del><ins>+ resultGPR, globalObject->typedArrayStructureConcurrently(node->typedArrayType()),
</ins><span class="cx"> argumentGPR);
</span><span class="cx"> m_jit.exceptionCheck();
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGStructureRegistrationPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGStructureRegistrationPhase.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGStructureRegistrationPhase.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/dfg/DFGStructureRegistrationPhase.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -120,7 +120,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> case NewTypedArray:
</span><del>- registerStructure(m_graph.globalObjectFor(node->origin.semantic)->typedArrayStructure(node->typedArrayType()));
</del><ins>+ registerStructure(m_graph.globalObjectFor(node->origin.semantic)->typedArrayStructureConcurrently(node->typedArrayType()));
</ins><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> case ToString:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLLowerDFGToB3cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -3908,7 +3908,7 @@
</span><span class="cx">
</span><span class="cx"> switch (m_node->child1().useKind()) {
</span><span class="cx"> case Int32Use: {
</span><del>- Structure* structure = globalObject->typedArrayStructure(type);
</del><ins>+ Structure* structure = globalObject->typedArrayStructureConcurrently(type);
</ins><span class="cx">
</span><span class="cx"> LValue size = lowInt32(m_node->child1());
</span><span class="cx">
</span><span class="lines">@@ -3969,7 +3969,7 @@
</span><span class="cx">
</span><span class="cx"> LValue result = vmCall(
</span><span class="cx"> m_out.intPtr, m_out.operation(operationNewTypedArrayWithOneArgumentForType(type)),
</span><del>- m_callFrame, weakPointer(globalObject->typedArrayStructure(type)), argument);
</del><ins>+ m_callFrame, weakPointer(globalObject->typedArrayStructureConcurrently(type)), argument);
</ins><span class="cx">
</span><span class="cx"> setJSValue(result);
</span><span class="cx"> return;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeClonedArgumentscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -158,11 +158,11 @@
</span><span class="cx">
</span><span class="cx"> if (isStrictMode) {
</span><span class="cx"> if (ident == vm.propertyNames->callee) {
</span><del>- slot.setGetterSlot(thisObject, DontDelete | DontEnum | Accessor, thisObject->globalObject()->throwTypeErrorGetterSetter(vm));
</del><ins>+ slot.setGetterSlot(thisObject, DontDelete | DontEnum | Accessor, thisObject->globalObject()->throwTypeErrorGetterSetter());
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx"> if (ident == vm.propertyNames->caller) {
</span><del>- slot.setGetterSlot(thisObject, DontDelete | DontEnum | Accessor, thisObject->globalObject()->throwTypeErrorGetterSetter(vm));
</del><ins>+ slot.setGetterSlot(thisObject, DontDelete | DontEnum | Accessor, thisObject->globalObject()->throwTypeErrorGetterSetter());
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -238,8 +238,8 @@
</span><span class="cx"> bool isStrictMode = executable->isStrictMode();
</span><span class="cx">
</span><span class="cx"> if (isStrictMode) {
</span><del>- putDirectAccessor(exec, vm.propertyNames->callee, globalObject()->throwTypeErrorGetterSetter(vm), DontDelete | DontEnum | Accessor);
- putDirectAccessor(exec, vm.propertyNames->caller, globalObject()->throwTypeErrorGetterSetter(vm), DontDelete | DontEnum | Accessor);
</del><ins>+ putDirectAccessor(exec, vm.propertyNames->callee, globalObject()->throwTypeErrorGetterSetter(), DontDelete | DontEnum | Accessor);
+ putDirectAccessor(exec, vm.propertyNames->caller, globalObject()->throwTypeErrorGetterSetter(), DontDelete | DontEnum | Accessor);
</ins><span class="cx"> } else
</span><span class="cx"> putDirect(vm, vm.propertyNames->callee, JSValue(m_callee.get()));
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeCommonSlowPathscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -762,7 +762,7 @@
</span><span class="cx">
</span><span class="cx"> int scopeReg = pc[3].u.operand;
</span><span class="cx"> JSScope* currentScope = exec->uncheckedR(scopeReg).Register::scope();
</span><del>- RETURN(JSWithScope::create(exec, newScope, currentScope));
</del><ins>+ RETURN(JSWithScope::create(vm, exec->lexicalGlobalObject(), newScope, currentScope));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> SLOW_PATH_DECL(slow_path_resolve_scope)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeFunctionPrototypecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -104,7 +104,7 @@
</span><span class="cx">
</span><span class="cx"> if (thisValue.inherits(InternalFunction::info())) {
</span><span class="cx"> InternalFunction* function = asInternalFunction(thisValue);
</span><del>- return JSValue::encode(jsMakeNontrivialString(exec, "function ", function->name(exec), "() {\n [native code]\n}"));
</del><ins>+ return JSValue::encode(jsMakeNontrivialString(exec, "function ", function->name(), "() {\n [native code]\n}"));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (thisValue.isObject()) {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeInternalFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/InternalFunction.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/InternalFunction.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/InternalFunction.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -58,7 +58,7 @@
</span><span class="cx"> visitor.append(&thisObject->m_originalName);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-const String& InternalFunction::name(ExecState*)
</del><ins>+const String& InternalFunction::name()
</ins><span class="cx"> {
</span><span class="cx"> const String& name = m_originalName->tryGetValue();
</span><span class="cx"> ASSERT(name); // m_originalName was built from a String, and hence, there is no rope to resolve.
</span><span class="lines">@@ -88,7 +88,7 @@
</span><span class="cx"> if (!explicitName.isEmpty())
</span><span class="cx"> return explicitName;
</span><span class="cx">
</span><del>- return name(exec);
</del><ins>+ return name();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> Structure* InternalFunction::createSubclassStructure(ExecState* exec, JSValue newTarget, Structure* baseClass)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeInternalFunctionh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/InternalFunction.h (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/InternalFunction.h 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/InternalFunction.h 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -40,7 +40,7 @@
</span><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE static void visitChildren(JSCell*, SlotVisitor&);
</span><span class="cx">
</span><del>- JS_EXPORT_PRIVATE const String& name(ExecState*);
</del><ins>+ JS_EXPORT_PRIVATE const String& name();
</ins><span class="cx"> const String displayName(ExecState*);
</span><span class="cx"> const String calculatedDisplayName(ExecState*);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSBoundFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -196,8 +196,8 @@
</span><span class="cx"> Base::finishCreation(vm, executable, length, name);
</span><span class="cx"> ASSERT(inherits(info()));
</span><span class="cx">
</span><del>- putDirectNonIndexAccessor(vm, vm.propertyNames->arguments, globalObject()->throwTypeErrorGetterSetter(vm), DontDelete | DontEnum | Accessor);
- putDirectNonIndexAccessor(vm, vm.propertyNames->caller, globalObject()->throwTypeErrorGetterSetter(vm), DontDelete | DontEnum | Accessor);
</del><ins>+ putDirectNonIndexAccessor(vm, vm.propertyNames->arguments, globalObject()->throwTypeErrorGetterSetter(), DontDelete | DontEnum | Accessor);
+ putDirectNonIndexAccessor(vm, vm.propertyNames->caller, globalObject()->throwTypeErrorGetterSetter(), DontDelete | DontEnum | Accessor);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JSBoundFunction::visitChildren(JSCell* cell, SlotVisitor& visitor)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSBoundSlotBaseFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -64,7 +64,8 @@
</span><span class="cx"> {
</span><span class="cx"> NativeExecutable* executable = vm.getHostFunction(boundSlotBaseFunctionCall, callHostFunctionAsConstructor, name);
</span><span class="cx">
</span><del>- JSBoundSlotBaseFunction* function = new (NotNull, allocateCell<JSBoundSlotBaseFunction>(vm.heap)) JSBoundSlotBaseFunction(vm, globalObject, globalObject->boundSlotBaseFunctionStructure(), type);
</del><ins>+ Structure* structure = globalObject->boundSlotBaseFunctionStructure();
+ JSBoundSlotBaseFunction* function = new (NotNull, allocateCell<JSBoundSlotBaseFunction>(vm.heap)) JSBoundSlotBaseFunction(vm, globalObject, structure, type);
</ins><span class="cx">
</span><span class="cx"> // Can't do this during initialization because getHostFunction might do a GC allocation.
</span><span class="cx"> const char* prefix = (type == Type::Getter) ? "get " : "set ";
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSFunction.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSFunction.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/JSFunction.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -319,11 +319,11 @@
</span><span class="cx"> return functor.result();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-static GetterSetter* getThrowTypeErrorGetterSetter(ExecState* exec, JSFunction* function)
</del><ins>+static GetterSetter* getThrowTypeErrorGetterSetter(JSFunction* function)
</ins><span class="cx"> {
</span><span class="cx"> return function->jsExecutable()->isClassConstructorFunction() || function->jsExecutable()->parseMode() == SourceParseMode::MethodMode
</span><del>- ? function->globalObject()->throwTypeErrorArgumentsAndCallerGetterSetter(exec->vm())
- : function->globalObject()->throwTypeErrorGetterSetter(exec->vm());
</del><ins>+ ? function->globalObject()->throwTypeErrorArgumentsAndCallerGetterSetter()
+ : function->globalObject()->throwTypeErrorGetterSetter();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> EncodedJSValue JSFunction::callerGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
</span><span class="lines">@@ -375,7 +375,7 @@
</span><span class="cx"> if (thisObject->jsExecutable()->isStrictMode() || thisObject->jsExecutable()->isClassConstructorFunction()) {
</span><span class="cx"> bool result = Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
</span><span class="cx"> if (!result) {
</span><del>- GetterSetter* errorGetterSetter = getThrowTypeErrorGetterSetter(exec, thisObject);
</del><ins>+ GetterSetter* errorGetterSetter = getThrowTypeErrorGetterSetter(thisObject);
</ins><span class="cx"> thisObject->putDirectAccessor(exec, propertyName, errorGetterSetter, DontDelete | DontEnum | Accessor);
</span><span class="cx"> result = Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
</span><span class="cx"> ASSERT(result);
</span><span class="lines">@@ -390,7 +390,7 @@
</span><span class="cx"> if (thisObject->jsExecutable()->isStrictMode() || thisObject->jsExecutable()->isClassConstructorFunction()) {
</span><span class="cx"> bool result = Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
</span><span class="cx"> if (!result) {
</span><del>- GetterSetter* errorGetterSetter = getThrowTypeErrorGetterSetter(exec, thisObject);
</del><ins>+ GetterSetter* errorGetterSetter = getThrowTypeErrorGetterSetter(thisObject);
</ins><span class="cx"> thisObject->putDirectAccessor(exec, propertyName, errorGetterSetter, DontDelete | DontEnum | Accessor);
</span><span class="cx"> result = Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
</span><span class="cx"> ASSERT(result);
</span><span class="lines">@@ -499,7 +499,7 @@
</span><span class="cx"> if (thisObject->jsExecutable()->isStrictMode()) {
</span><span class="cx"> PropertySlot slot(thisObject, PropertySlot::InternalMethodType::VMInquiry);
</span><span class="cx"> if (!Base::getOwnPropertySlot(thisObject, exec, propertyName, slot))
</span><del>- thisObject->putDirectAccessor(exec, propertyName, thisObject->globalObject()->throwTypeErrorGetterSetter(exec->vm()), DontDelete | DontEnum | Accessor);
</del><ins>+ thisObject->putDirectAccessor(exec, propertyName, thisObject->globalObject()->throwTypeErrorGetterSetter(), DontDelete | DontEnum | Accessor);
</ins><span class="cx"> return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException);
</span><span class="cx"> }
</span><span class="cx"> valueCheck = !descriptor.value() || sameValue(exec, descriptor.value(), retrieveArguments(exec, thisObject));
</span><span class="lines">@@ -507,7 +507,7 @@
</span><span class="cx"> if (thisObject->jsExecutable()->isStrictMode()) {
</span><span class="cx"> PropertySlot slot(thisObject, PropertySlot::InternalMethodType::VMInquiry);
</span><span class="cx"> if (!Base::getOwnPropertySlot(thisObject, exec, propertyName, slot))
</span><del>- thisObject->putDirectAccessor(exec, propertyName, thisObject->globalObject()->throwTypeErrorGetterSetter(exec->vm()), DontDelete | DontEnum | Accessor);
</del><ins>+ thisObject->putDirectAccessor(exec, propertyName, thisObject->globalObject()->throwTypeErrorGetterSetter(), DontDelete | DontEnum | Accessor);
</ins><span class="cx"> return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException);
</span><span class="cx"> }
</span><span class="cx"> valueCheck = !descriptor.value() || sameValue(exec, descriptor.value(), retrieveCallerFunction(exec, thisObject));
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewConstructorInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -221,7 +221,9 @@
</span><span class="cx"> template<typename ViewClass>
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL constructGenericTypedArrayView(ExecState* exec)
</span><span class="cx"> {
</span><del>- Structure* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), asInternalFunction(exec->callee())->globalObject()->typedArrayStructure(ViewClass::TypedArrayStorageType));
</del><ins>+ InternalFunction* function = asInternalFunction(exec->callee());
+ Structure* parentStructure = function->globalObject()->typedArrayStructure(ViewClass::TypedArrayStorageType);
+ Structure* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), parentStructure);
</ins><span class="cx"> if (exec->hadException())
</span><span class="cx"> return JSValue::encode(JSValue());
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGlobalObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -110,6 +110,8 @@
</span><span class="cx"> #include "JSWeakMap.h"
</span><span class="cx"> #include "JSWeakSet.h"
</span><span class="cx"> #include "JSWithScope.h"
</span><ins>+#include "LazyClassStructureInlines.h"
+#include "LazyPropertyInlines.h"
</ins><span class="cx"> #include "LegacyProfiler.h"
</span><span class="cx"> #include "Lookup.h"
</span><span class="cx"> #include "MapConstructor.h"
</span><span class="lines">@@ -172,6 +174,28 @@
</span><span class="cx"> #include "JSReplayInputs.h"
</span><span class="cx"> #endif
</span><span class="cx">
</span><ins>+namespace JSC {
+
+static JSValue createProxyProperty(VM& vm, JSObject* object)
+{
+ JSGlobalObject* global = jsCast<JSGlobalObject*>(object);
+ return ProxyConstructor::create(vm, ProxyConstructor::createStructure(vm, global, global->functionPrototype()));
+}
+
+static JSValue createJSONProperty(VM& vm, JSObject* object)
+{
+ JSGlobalObject* global = jsCast<JSGlobalObject*>(object);
+ return JSONObject::create(vm, JSONObject::createStructure(vm, global, global->objectPrototype()));
+}
+
+static JSValue createMathProperty(VM& vm, JSObject* object)
+{
+ JSGlobalObject* global = jsCast<JSGlobalObject*>(object);
+ return MathObject::create(vm, global, MathObject::createStructure(vm, global, global->objectPrototype()));
+}
+
+} // namespace JSC
+
</ins><span class="cx"> #include "JSGlobalObject.lut.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="lines">@@ -182,15 +206,39 @@
</span><span class="cx">
</span><span class="cx"> /* Source for JSGlobalObject.lut.h
</span><span class="cx"> @begin globalObjectTable
</span><del>- parseFloat globalFuncParseFloat DontEnum|Function 1
- isNaN globalFuncIsNaN DontEnum|Function 1
- isFinite globalFuncIsFinite DontEnum|Function 1
- escape globalFuncEscape DontEnum|Function 1
- unescape globalFuncUnescape DontEnum|Function 1
- decodeURI globalFuncDecodeURI DontEnum|Function 1
- decodeURIComponent globalFuncDecodeURIComponent DontEnum|Function 1
- encodeURI globalFuncEncodeURI DontEnum|Function 1
- encodeURIComponent globalFuncEncodeURIComponent DontEnum|Function 1
</del><ins>+ parseFloat globalFuncParseFloat DontEnum|Function 1
+ isNaN globalFuncIsNaN DontEnum|Function 1
+ isFinite globalFuncIsFinite DontEnum|Function 1
+ escape globalFuncEscape DontEnum|Function 1
+ unescape globalFuncUnescape DontEnum|Function 1
+ decodeURI globalFuncDecodeURI DontEnum|Function 1
+ decodeURIComponent globalFuncDecodeURIComponent DontEnum|Function 1
+ encodeURI globalFuncEncodeURI DontEnum|Function 1
+ encodeURIComponent globalFuncEncodeURIComponent DontEnum|Function 1
+ EvalError JSGlobalObject::m_evalErrorConstructor DontEnum|CellProperty
+ ReferenceError JSGlobalObject::m_referenceErrorConstructor DontEnum|CellProperty
+ SyntaxError JSGlobalObject::m_syntaxErrorConstructor DontEnum|CellProperty
+ URIError JSGlobalObject::m_URIErrorConstructor DontEnum|CellProperty
+ Proxy createProxyProperty DontEnum|PropertyCallback
+ JSON createJSONProperty DontEnum|PropertyCallback
+ Math createMathProperty DontEnum|PropertyCallback
+ Int8Array JSGlobalObject::m_typedArrayInt8 DontEnum|ClassStructure
+ Int16Array JSGlobalObject::m_typedArrayInt16 DontEnum|ClassStructure
+ Int32Array JSGlobalObject::m_typedArrayInt32 DontEnum|ClassStructure
+ Uint8Array JSGlobalObject::m_typedArrayUint8 DontEnum|ClassStructure
+ Uint8ClampedArray JSGlobalObject::m_typedArrayUint8Clamped DontEnum|ClassStructure
+ Uint16Array JSGlobalObject::m_typedArrayUint16 DontEnum|ClassStructure
+ Uint32Array JSGlobalObject::m_typedArrayUint32 DontEnum|ClassStructure
+ Float32Array JSGlobalObject::m_typedArrayFloat32 DontEnum|ClassStructure
+ Float64Array JSGlobalObject::m_typedArrayFloat64 DontEnum|ClassStructure
+ DataView JSGlobalObject::m_typedArrayDataView DontEnum|ClassStructure
+ Set JSGlobalObject::m_setStructure DontEnum|ClassStructure
+ Map JSGlobalObject::m_mapStructure DontEnum|ClassStructure
+ Date JSGlobalObject::m_dateStructure DontEnum|ClassStructure
+ Boolean JSGlobalObject::m_booleanObjectStructure DontEnum|ClassStructure
+ Number JSGlobalObject::m_numberObjectStructure DontEnum|ClassStructure
+ WeakMap JSGlobalObject::m_weakMapStructure DontEnum|ClassStructure
+ WeakSet JSGlobalObject::m_weakSetStructure DontEnum|ClassStructure
</ins><span class="cx"> @end
</span><span class="cx"> */
</span><span class="cx">
</span><span class="lines">@@ -291,22 +339,55 @@
</span><span class="cx"> exec->setCallee(m_globalCallee.get());
</span><span class="cx">
</span><span class="cx"> m_functionStructure.set(vm, this, JSFunction::createStructure(vm, this, m_functionPrototype.get()));
</span><del>- m_boundSlotBaseFunctionStructure.set(vm, this, JSBoundSlotBaseFunction::createStructure(vm, this, m_functionPrototype.get()));
- m_boundFunctionStructure.set(vm, this, JSBoundFunction::createStructure(vm, this, m_functionPrototype.get()));
</del><ins>+ m_boundSlotBaseFunctionStructure.initLater(
+ [] (const Initializer<Structure>& init) {
+ init.set(JSBoundSlotBaseFunction::createStructure(init.vm, init.owner, init.owner->m_functionPrototype.get()));
+ });
+ m_boundFunctionStructure.initLater(
+ [] (const Initializer<Structure>& init) {
+ init.set(JSBoundFunction::createStructure(init.vm, init.owner, init.owner->m_functionPrototype.get()));
+ });
</ins><span class="cx"> m_getterSetterStructure.set(vm, this, GetterSetter::createStructure(vm, this, jsNull()));
</span><del>- m_nativeStdFunctionStructure.set(vm, this, JSNativeStdFunction::createStructure(vm, this, m_functionPrototype.get()));
- m_namedFunctionStructure.set(vm, this, Structure::addPropertyTransition(vm, m_functionStructure.get(), vm.propertyNames->name, DontDelete | ReadOnly | DontEnum, m_functionNameOffset));
- m_internalFunctionStructure.set(vm, this, InternalFunction::createStructure(vm, this, m_functionPrototype.get()));
</del><ins>+ m_nativeStdFunctionStructure.initLater(
+ [] (const Initializer<Structure>& init) {
+ init.set(JSNativeStdFunction::createStructure(init.vm, init.owner, init.owner->m_functionPrototype.get()));
+ });
+ m_namedFunctionStructure.initLater(
+ [] (const Initializer<Structure>& init) {
+ init.set(Structure::addPropertyTransition(init.vm, init.owner->m_functionStructure.get(), init.vm.propertyNames->name, DontDelete | ReadOnly | DontEnum, init.owner->m_functionNameOffset));
+ });
</ins><span class="cx"> JSFunction* callFunction = 0;
</span><span class="cx"> JSFunction* applyFunction = 0;
</span><span class="cx"> JSFunction* hasInstanceSymbolFunction = 0;
</span><span class="cx"> m_functionPrototype->addFunctionProperties(exec, this, &callFunction, &applyFunction, &hasInstanceSymbolFunction);
</span><span class="cx"> m_callFunction.set(vm, this, callFunction);
</span><span class="cx"> m_applyFunction.set(vm, this, applyFunction);
</span><del>- m_arrayProtoValuesFunction.set(vm, this, JSFunction::create(vm, this, 0, vm.propertyNames->values.string(), arrayProtoFuncValues));
- m_initializePromiseFunction.set(vm, this, JSFunction::createBuiltinFunction(vm, promiseOperationsInitializePromiseCodeGenerator(vm), this));
</del><ins>+ m_arrayProtoValuesFunction.initLater(
+ [] (const Initializer<JSFunction>& init) {
+ init.set(JSFunction::create(init.vm, init.owner, 0, init.vm.propertyNames->values.string(), arrayProtoFuncValues));
+ });
+ m_initializePromiseFunction.initLater(
+ [] (const Initializer<JSFunction>& init) {
+ init.set(JSFunction::createBuiltinFunction(init.vm, promiseOperationsInitializePromiseCodeGenerator(init.vm), init.owner));
+ });
</ins><span class="cx"> m_newPromiseCapabilityFunction.set(vm, this, JSFunction::createBuiltinFunction(vm, promiseOperationsNewPromiseCapabilityCodeGenerator(vm), this));
</span><span class="cx"> m_functionProtoHasInstanceSymbolFunction.set(vm, this, hasInstanceSymbolFunction);
</span><ins>+ m_throwTypeErrorGetterSetter.initLater(
+ [] (const Initializer<GetterSetter>& init) {
+ JSFunction* thrower = JSFunction::create(init.vm, init.owner, 0, String(), globalFuncThrowTypeError);
+ GetterSetter* getterSetter = GetterSetter::create(init.vm, init.owner);
+ getterSetter->setGetter(init.vm, init.owner, thrower);
+ getterSetter->setSetter(init.vm, init.owner, thrower);
+ init.set(getterSetter);
+ });
+ m_throwTypeErrorArgumentsAndCallerGetterSetter.initLater(
+ [] (const Initializer<GetterSetter>& init) {
+ JSFunction* thrower = JSFunction::create(init.vm, init.owner, 0, String(), globalFuncThrowTypeErrorArgumentsAndCaller);
+ GetterSetter* getterSetter = GetterSetter::create(init.vm, init.owner);
+ getterSetter->setGetter(init.vm, init.owner, thrower);
+ getterSetter->setSetter(init.vm, init.owner, thrower);
+ init.set(getterSetter);
+ });
</ins><span class="cx"> m_nullGetterFunction.set(vm, this, NullGetterFunction::create(vm, NullGetterFunction::createStructure(vm, this, m_functionPrototype.get())));
</span><span class="cx"> m_nullSetterFunction.set(vm, this, NullSetterFunction::create(vm, NullSetterFunction::createStructure(vm, this, m_functionPrototype.get())));
</span><span class="cx"> m_objectPrototype.set(vm, this, ObjectPrototype::create(vm, this, ObjectPrototype::createStructure(vm, this, jsNull())));
</span><span class="lines">@@ -316,48 +397,87 @@
</span><span class="cx"> m_objectPrototype->putDirectNonIndexAccessor(vm, vm.propertyNames->underscoreProto, protoAccessor, Accessor | DontEnum);
</span><span class="cx"> m_functionPrototype->structure()->setPrototypeWithoutTransition(vm, m_objectPrototype.get());
</span><span class="cx">
</span><del>- JSTypedArrayViewPrototype* typedArrayProto = JSTypedArrayViewPrototype::create(vm, this, JSTypedArrayViewPrototype::createStructure(vm, this, m_objectPrototype.get()));
</del><ins>+ m_speciesGetterSetter.set(vm, this, GetterSetter::create(vm, this));
+ m_speciesGetterSetter->setGetter(vm, this, JSFunction::createBuiltinFunction(vm, globalObjectSpeciesGetterCodeGenerator(vm), this, "get [Symbol.species]"));
</ins><span class="cx">
</span><del>- m_typedArrays[toIndex(TypeInt8)].prototype.set(vm, this, JSInt8ArrayPrototype::create(vm, this, JSInt8ArrayPrototype::createStructure(vm, this, typedArrayProto)));
- m_typedArrays[toIndex(TypeInt16)].prototype.set(vm, this, JSInt16ArrayPrototype::create(vm, this, JSInt16ArrayPrototype::createStructure(vm, this, typedArrayProto)));
- m_typedArrays[toIndex(TypeInt32)].prototype.set(vm, this, JSInt32ArrayPrototype::create(vm, this, JSInt32ArrayPrototype::createStructure(vm, this, typedArrayProto)));
- m_typedArrays[toIndex(TypeUint8)].prototype.set(vm, this, JSUint8ArrayPrototype::create(vm, this, JSUint8ArrayPrototype::createStructure(vm, this, typedArrayProto)));
- m_typedArrays[toIndex(TypeUint8Clamped)].prototype.set(vm, this, JSUint8ClampedArrayPrototype::create(vm, this, JSUint8ClampedArrayPrototype::createStructure(vm, this, typedArrayProto)));
- m_typedArrays[toIndex(TypeUint16)].prototype.set(vm, this, JSUint16ArrayPrototype::create(vm, this, JSUint16ArrayPrototype::createStructure(vm, this, typedArrayProto)));
- m_typedArrays[toIndex(TypeUint32)].prototype.set(vm, this, JSUint32ArrayPrototype::create(vm, this, JSUint32ArrayPrototype::createStructure(vm, this, typedArrayProto)));
- m_typedArrays[toIndex(TypeFloat32)].prototype.set(vm, this, JSFloat32ArrayPrototype::create(vm, this, JSFloat32ArrayPrototype::createStructure(vm, this, typedArrayProto)));
- m_typedArrays[toIndex(TypeFloat64)].prototype.set(vm, this, JSFloat64ArrayPrototype::create(vm, this, JSFloat64ArrayPrototype::createStructure(vm, this, typedArrayProto)));
- m_typedArrays[toIndex(TypeDataView)].prototype.set(vm, this, JSDataViewPrototype::create(vm, JSDataViewPrototype::createStructure(vm, this, m_objectPrototype.get())));
</del><ins>+ m_typedArrayProto.initLater(
+ [] (const Initializer<JSTypedArrayViewPrototype>& init) {
+ init.set(JSTypedArrayViewPrototype::create(init.vm, init.owner, JSTypedArrayViewPrototype::createStructure(init.vm, init.owner, init.owner->m_objectPrototype.get())));
+
+ // Make sure that the constructor gets initialized, too.
+ init.owner->m_typedArraySuperConstructor.get(init.owner);
+ });
+ m_typedArraySuperConstructor.initLater(
+ [] (const Initializer<JSTypedArrayViewConstructor>& init) {
+ JSTypedArrayViewPrototype* prototype = init.owner->m_typedArrayProto.get(init.owner);
+ JSTypedArrayViewConstructor* constructor = JSTypedArrayViewConstructor::create(init.vm, init.owner, JSTypedArrayViewConstructor::createStructure(init.vm, init.owner, init.owner->m_functionPrototype.get()), prototype, init.owner->m_speciesGetterSetter.get());
+ prototype->putDirectWithoutTransition(init.vm, init.vm.propertyNames->constructor, constructor, DontEnum);
+ init.set(constructor);
+ });
</ins><span class="cx">
</span><del>- m_typedArrays[toIndex(TypeInt8)].structure.set(vm, this, JSInt8Array::createStructure(vm, this, m_typedArrays[toIndex(TypeInt8)].prototype.get()));
- m_typedArrays[toIndex(TypeInt16)].structure.set(vm, this, JSInt16Array::createStructure(vm, this, m_typedArrays[toIndex(TypeInt16)].prototype.get()));
- m_typedArrays[toIndex(TypeInt32)].structure.set(vm, this, JSInt32Array::createStructure(vm, this, m_typedArrays[toIndex(TypeInt32)].prototype.get()));
- m_typedArrays[toIndex(TypeUint8)].structure.set(vm, this, JSUint8Array::createStructure(vm, this, m_typedArrays[toIndex(TypeUint8)].prototype.get()));
- m_typedArrays[toIndex(TypeUint8Clamped)].structure.set(vm, this, JSUint8ClampedArray::createStructure(vm, this, m_typedArrays[toIndex(TypeUint8Clamped)].prototype.get()));
- m_typedArrays[toIndex(TypeUint16)].structure.set(vm, this, JSUint16Array::createStructure(vm, this, m_typedArrays[toIndex(TypeUint16)].prototype.get()));
- m_typedArrays[toIndex(TypeUint32)].structure.set(vm, this, JSUint32Array::createStructure(vm, this, m_typedArrays[toIndex(TypeUint32)].prototype.get()));
- m_typedArrays[toIndex(TypeFloat32)].structure.set(vm, this, JSFloat32Array::createStructure(vm, this, m_typedArrays[toIndex(TypeFloat32)].prototype.get()));
- m_typedArrays[toIndex(TypeFloat64)].structure.set(vm, this, JSFloat64Array::createStructure(vm, this, m_typedArrays[toIndex(TypeFloat64)].prototype.get()));
- m_typedArrays[toIndex(TypeDataView)].structure.set(vm, this, JSDataView::createStructure(vm, this, m_typedArrays[toIndex(TypeDataView)].prototype.get()));
</del><ins>+#define INIT_TYPED_ARRAY_LATER(type) \
+ m_typedArray ## type.initLater( \
+ [] (LazyClassStructure::Initializer& init) { \
+ init.setPrototype(JS ## type ## ArrayPrototype::create(init.vm, init.global, JS ## type ## ArrayPrototype::createStructure(init.vm, init.global, init.global->m_typedArrayProto.get(init.global)))); \
+ init.setStructure(JS ## type ## Array::createStructure(init.vm, init.global, init.prototype)); \
+ init.setConstructor(JS ## type ## ArrayConstructor::create(init.vm, init.global, JS ## type ## ArrayConstructor::createStructure(init.vm, init.global, init.global->m_typedArraySuperConstructor.get(init.global)), init.prototype, ASCIILiteral(#type "Array"), typedArrayConstructorAllocate ## type ## ArrayCodeGenerator(init.vm))); \
+ init.global->putDirectWithoutTransition(init.vm, init.vm.propertyNames->type ## ArrayPrivateName, init.constructor, DontEnum); \
+ });
+ FOR_EACH_TYPED_ARRAY_TYPE_EXCLUDING_DATA_VIEW(INIT_TYPED_ARRAY_LATER)
+#undef INIT_TYPED_ARRAY_LATER
</ins><span class="cx">
</span><ins>+ m_typedArrayDataView.initLater(
+ [] (LazyClassStructure::Initializer& init) {
+ init.setPrototype(JSDataViewPrototype::create(init.vm, JSDataViewPrototype::createStructure(init.vm, init.global, init.global->m_objectPrototype.get())));
+ init.setStructure(JSDataView::createStructure(init.vm, init.global, init.prototype));
+ init.setConstructor(JSDataViewConstructor::create(init.vm, init.global, JSDataViewConstructor::createStructure(init.vm, init.global, init.global->m_functionPrototype.get()), init.prototype, ASCIILiteral("DataView"), nullptr));
+ });
+
</ins><span class="cx"> m_lexicalEnvironmentStructure.set(vm, this, JSLexicalEnvironment::createStructure(vm, this));
</span><del>- m_moduleEnvironmentStructure.set(vm, this, JSModuleEnvironment::createStructure(vm, this));
</del><ins>+ m_moduleEnvironmentStructure.initLater(
+ [] (const Initializer<Structure>& init) {
+ init.set(JSModuleEnvironment::createStructure(init.vm, init.owner));
+ });
</ins><span class="cx"> m_strictEvalActivationStructure.set(vm, this, StrictEvalActivation::createStructure(vm, this, jsNull()));
</span><del>- m_debuggerScopeStructure.set(m_vm, this, DebuggerScope::createStructure(m_vm, this));
- m_withScopeStructure.set(vm, this, JSWithScope::createStructure(vm, this, jsNull()));
</del><ins>+ m_debuggerScopeStructure.initLater(
+ [] (const Initializer<Structure>& init) {
+ init.set(DebuggerScope::createStructure(init.vm, init.owner));
+ });
+ m_withScopeStructure.initLater(
+ [] (const Initializer<Structure>& init) {
+ init.set(JSWithScope::createStructure(init.vm, init.owner, jsNull()));
+ });
</ins><span class="cx">
</span><del>- m_nullPrototypeObjectStructure.set(vm, this, JSFinalObject::createStructure(vm, this, jsNull(), JSFinalObject::defaultInlineCapacity()));
</del><ins>+ m_nullPrototypeObjectStructure.initLater(
+ [] (const Initializer<Structure>& init) {
+ init.set(JSFinalObject::createStructure(init.vm, init.owner, jsNull(), JSFinalObject::defaultInlineCapacity()));
+ });
</ins><span class="cx">
</span><del>- m_callbackFunctionStructure.set(vm, this, JSCallbackFunction::createStructure(vm, this, m_functionPrototype.get()));
</del><ins>+ m_callbackFunctionStructure.initLater(
+ [] (const Initializer<Structure>& init) {
+ init.set(JSCallbackFunction::createStructure(init.vm, init.owner, init.owner->m_functionPrototype.get()));
+ });
</ins><span class="cx"> m_directArgumentsStructure.set(vm, this, DirectArguments::createStructure(vm, this, m_objectPrototype.get()));
</span><span class="cx"> m_scopedArgumentsStructure.set(vm, this, ScopedArguments::createStructure(vm, this, m_objectPrototype.get()));
</span><span class="cx"> m_clonedArgumentsStructure.set(vm, this, ClonedArguments::createStructure(vm, this, m_objectPrototype.get()));
</span><del>- m_callbackConstructorStructure.set(vm, this, JSCallbackConstructor::createStructure(vm, this, m_objectPrototype.get()));
- m_callbackObjectStructure.set(vm, this, JSCallbackObject<JSDestructibleObject>::createStructure(vm, this, m_objectPrototype.get()));
</del><ins>+ m_callbackConstructorStructure.initLater(
+ [] (const Initializer<Structure>& init) {
+ init.set(JSCallbackConstructor::createStructure(init.vm, init.owner, init.owner->m_objectPrototype.get()));
+ });
+ m_callbackObjectStructure.initLater(
+ [] (const Initializer<Structure>& init) {
+ init.set(JSCallbackObject<JSDestructibleObject>::createStructure(init.vm, init.owner, init.owner->m_objectPrototype.get()));
+ });
</ins><span class="cx">
</span><span class="cx"> #if JSC_OBJC_API_ENABLED
</span><del>- m_objcCallbackFunctionStructure.set(vm, this, ObjCCallbackFunction::createStructure(vm, this, m_functionPrototype.get()));
- m_objcWrapperObjectStructure.set(vm, this, JSCallbackObject<JSAPIWrapperObject>::createStructure(vm, this, m_objectPrototype.get()));
</del><ins>+ m_objcCallbackFunctionStructure.initLater(
+ [] (const Initializer<Structure>& init) {
+ init.set(ObjCCallbackFunction::createStructure(init.vm, init.owner, init.owner->m_functionPrototype.get()));
+ });
+ m_objcWrapperObjectStructure.initLater(
+ [] (const Initializer<Structure>& init) {
+ init.set(JSCallbackObject<JSAPIWrapperObject>::createStructure(init.vm, init.owner, init.owner->m_objectPrototype.get()));
+ });
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> m_arrayPrototype.set(vm, this, ArrayPrototype::create(vm, this, ArrayPrototype::createStructure(vm, this, m_objectPrototype.get())));
</span><span class="lines">@@ -401,23 +521,34 @@
</span><span class="cx">
</span><span class="cx"> #undef CREATE_PROTOTYPE_FOR_SIMPLE_TYPE
</span><span class="cx">
</span><ins>+#define CREATE_PROTOTYPE_FOR_LAZY_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
+ m_ ## properName ## Structure.initLater(\
+ [] (LazyClassStructure::Initializer& init) { \
+ init.setPrototype(capitalName##Prototype::create(init.vm, init.global, capitalName##Prototype::createStructure(init.vm, init.global, init.global->m_objectPrototype.get()))); \
+ init.setStructure(instanceType::createStructure(init.vm, init.global, init.prototype)); \
+ init.setConstructor(capitalName ## Constructor::create(init.vm, capitalName ## Constructor::createStructure(init.vm, init.global, init.global->m_functionPrototype.get()), jsCast<capitalName ## Prototype*>(init.prototype), init.global->m_speciesGetterSetter.get())); \
+ });
+
+ FOR_EACH_LAZY_BUILTIN_TYPE(CREATE_PROTOTYPE_FOR_LAZY_TYPE)
+
+#undef CREATE_PROTOTYPE_FOR_LAZY_TYPE
+
</ins><span class="cx"> m_iteratorPrototype.set(vm, this, IteratorPrototype::create(vm, this, IteratorPrototype::createStructure(vm, this, m_objectPrototype.get())));
</span><span class="cx">
</span><span class="cx"> #define CREATE_PROTOTYPE_FOR_DERIVED_ITERATOR_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
</span><del>-m_ ## lowerName ## Prototype.set(vm, this, capitalName##Prototype::create(vm, this, capitalName##Prototype::createStructure(vm, this, m_iteratorPrototype.get()))); \
-m_ ## properName ## Structure.set(vm, this, instanceType::createStructure(vm, this, m_ ## lowerName ## Prototype.get()));
-
</del><ins>+ m_ ## lowerName ## Structure.initLater( \
+ [] (const Initializer<Structure>& init) { \
+ JSObject* prototype = capitalName ## Prototype::create(init.vm, init.owner, capitalName ## Prototype::createStructure(init.vm, init.owner, init.owner->m_iteratorPrototype.get())); \
+ init.set(instanceType::createStructure(init.vm, init.owner, prototype)); \
+ });
</ins><span class="cx"> FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(CREATE_PROTOTYPE_FOR_DERIVED_ITERATOR_TYPE)
</span><ins>+#undef CREATE_PROTOTYPE_FOR_DERIVED_ITERATOR_TYPE
+
</ins><span class="cx"> m_propertyNameIteratorStructure.set(vm, this, JSPropertyNameIterator::createStructure(vm, this, m_iteratorPrototype.get()));
</span><span class="cx"> m_generatorPrototype.set(vm, this, GeneratorPrototype::create(vm, this, GeneratorPrototype::createStructure(vm, this, m_iteratorPrototype.get())));
</span><span class="cx">
</span><del>-#undef CREATE_PROTOTYPE_FOR_DERIVED_ITERATOR_TYPE
-
</del><span class="cx"> // Constructors
</span><span class="cx">
</span><del>- GetterSetter* speciesGetterSetter = GetterSetter::create(vm, this);
- speciesGetterSetter->setGetter(vm, this, JSFunction::createBuiltinFunction(vm, globalObjectSpeciesGetterCodeGenerator(vm), this, "get [Symbol.species]"));
-
</del><span class="cx"> ObjectConstructor* objectConstructor = ObjectConstructor::create(vm, this, ObjectConstructor::createStructure(vm, this, m_functionPrototype.get()), m_objectPrototype.get());
</span><span class="cx"> m_objectConstructor.set(vm, this, objectConstructor);
</span><span class="cx">
</span><span class="lines">@@ -425,30 +556,42 @@
</span><span class="cx"> m_definePropertyFunction.set(vm, this, definePropertyFunction);
</span><span class="cx">
</span><span class="cx"> JSCell* functionConstructor = FunctionConstructor::create(vm, FunctionConstructor::createStructure(vm, this, m_functionPrototype.get()), m_functionPrototype.get());
</span><del>- JSObject* arrayConstructor = ArrayConstructor::create(vm, this, ArrayConstructor::createStructure(vm, this, m_functionPrototype.get()), m_arrayPrototype.get(), speciesGetterSetter);
</del><ins>+ JSObject* arrayConstructor = ArrayConstructor::create(vm, this, ArrayConstructor::createStructure(vm, this, m_functionPrototype.get()), m_arrayPrototype.get(), m_speciesGetterSetter.get());
</ins><span class="cx">
</span><del>- m_regExpConstructor.set(vm, this, RegExpConstructor::create(vm, RegExpConstructor::createStructure(vm, this, m_functionPrototype.get()), m_regExpPrototype.get(), speciesGetterSetter));
</del><ins>+ m_regExpConstructor.set(vm, this, RegExpConstructor::create(vm, RegExpConstructor::createStructure(vm, this, m_functionPrototype.get()), m_regExpPrototype.get(), m_speciesGetterSetter.get()));
</ins><span class="cx">
</span><span class="cx"> #define CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
</span><del>-capitalName ## Constructor* lowerName ## Constructor = capitalName ## Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), speciesGetterSetter); \
</del><ins>+capitalName ## Constructor* lowerName ## Constructor = capitalName ## Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), m_speciesGetterSetter.get()); \
</ins><span class="cx"> m_ ## lowerName ## Prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, lowerName ## Constructor, DontEnum); \
</span><span class="cx">
</span><span class="cx"> FOR_EACH_SIMPLE_BUILTIN_TYPE(CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE)
</span><span class="cx">
</span><span class="cx"> #undef CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE
</span><del>-
</del><ins>+
</ins><span class="cx"> m_errorConstructor.set(vm, this, errorConstructor);
</span><span class="cx"> m_promiseConstructor.set(vm, this, promiseConstructor);
</span><span class="cx"> m_internalPromiseConstructor.set(vm, this, internalPromiseConstructor);
</span><span class="cx">
</span><del>- Structure* nativeErrorPrototypeStructure = NativeErrorPrototype::createStructure(vm, this, m_errorPrototype.get());
- Structure* nativeErrorStructure = NativeErrorConstructor::createStructure(vm, this, m_functionPrototype.get());
- m_evalErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, nativeErrorStructure, nativeErrorPrototypeStructure, ASCIILiteral("EvalError")));
- m_rangeErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, nativeErrorStructure, nativeErrorPrototypeStructure, ASCIILiteral("RangeError")));
- m_referenceErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, nativeErrorStructure, nativeErrorPrototypeStructure, ASCIILiteral("ReferenceError")));
- m_syntaxErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, nativeErrorStructure, nativeErrorPrototypeStructure, ASCIILiteral("SyntaxError")));
- m_typeErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, nativeErrorStructure, nativeErrorPrototypeStructure, ASCIILiteral("TypeError")));
- m_URIErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, nativeErrorStructure, nativeErrorPrototypeStructure, ASCIILiteral("URIError")));
</del><ins>+ m_nativeErrorPrototypeStructure.set(vm, this, NativeErrorPrototype::createStructure(vm, this, m_errorPrototype.get()));
+ m_nativeErrorStructure.set(vm, this, NativeErrorConstructor::createStructure(vm, this, m_functionPrototype.get()));
+ m_evalErrorConstructor.initLater(
+ [] (const Initializer<NativeErrorConstructor>& init) {
+ init.set(NativeErrorConstructor::create(init.vm, init.owner, init.owner->m_nativeErrorStructure.get(), init.owner->m_nativeErrorPrototypeStructure.get(), ASCIILiteral("EvalError")));
+ });
+ m_rangeErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, m_nativeErrorStructure.get(), m_nativeErrorPrototypeStructure.get(), ASCIILiteral("RangeError")));
+ m_referenceErrorConstructor.initLater(
+ [] (const Initializer<NativeErrorConstructor>& init) {
+ init.set(NativeErrorConstructor::create(init.vm, init.owner, init.owner->m_nativeErrorStructure.get(), init.owner->m_nativeErrorPrototypeStructure.get(), ASCIILiteral("ReferenceError")));
+ });
+ m_syntaxErrorConstructor.initLater(
+ [] (const Initializer<NativeErrorConstructor>& init) {
+ init.set(NativeErrorConstructor::create(init.vm, init.owner, init.owner->m_nativeErrorStructure.get(), init.owner->m_nativeErrorPrototypeStructure.get(), ASCIILiteral("SyntaxError")));
+ });
+ m_typeErrorConstructor.set(vm, this, NativeErrorConstructor::create(vm, this, m_nativeErrorStructure.get(), m_nativeErrorPrototypeStructure.get(), ASCIILiteral("TypeError")));
+ m_URIErrorConstructor.initLater(
+ [] (const Initializer<NativeErrorConstructor>& init) {
+ init.set(NativeErrorConstructor::create(init.vm, init.owner, init.owner->m_nativeErrorStructure.get(), init.owner->m_nativeErrorPrototypeStructure.get(), ASCIILiteral("URIError")));
+ });
</ins><span class="cx">
</span><span class="cx"> m_generatorFunctionPrototype.set(vm, this, GeneratorFunctionPrototype::create(vm, GeneratorFunctionPrototype::createStructure(vm, this, m_functionPrototype.get())));
</span><span class="cx"> GeneratorFunctionConstructor* generatorFunctionConstructor = GeneratorFunctionConstructor::create(vm, GeneratorFunctionConstructor::createStructure(vm, this, functionConstructor), m_generatorFunctionPrototype.get());
</span><span class="lines">@@ -467,16 +610,12 @@
</span><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames->Function, functionConstructor, DontEnum);
</span><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames->Array, arrayConstructor, DontEnum);
</span><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames->RegExp, m_regExpConstructor.get(), DontEnum);
</span><del>- putDirectWithoutTransition(vm, vm.propertyNames->EvalError, m_evalErrorConstructor.get(), DontEnum);
</del><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames->RangeError, m_rangeErrorConstructor.get(), DontEnum);
</span><del>- putDirectWithoutTransition(vm, vm.propertyNames->ReferenceError, m_referenceErrorConstructor.get(), DontEnum);
- putDirectWithoutTransition(vm, vm.propertyNames->SyntaxError, m_syntaxErrorConstructor.get(), DontEnum);
</del><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames->TypeError, m_typeErrorConstructor.get(), DontEnum);
</span><del>- putDirectWithoutTransition(vm, vm.propertyNames->URIError, m_URIErrorConstructor.get(), DontEnum);
</del><span class="cx">
</span><del>- putDirectWithoutTransition(vm, vm.propertyNames->Proxy, ProxyConstructor::create(vm, ProxyConstructor::createStructure(vm, this, m_functionPrototype.get())), DontEnum);
-
-
</del><ins>+ putDirectWithoutTransition(vm, vm.propertyNames->ObjectPrivateName, objectConstructor, DontEnum | DontDelete | ReadOnly);
+ putDirectWithoutTransition(vm, vm.propertyNames->ArrayPrivateName, arrayConstructor, DontEnum | DontDelete | ReadOnly);
+
</ins><span class="cx"> #define PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
</span><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Constructor, DontEnum); \
</span><span class="cx">
</span><span class="lines">@@ -492,42 +631,11 @@
</span><span class="cx"> IntlObject* intl = IntlObject::create(vm, this, IntlObject::createStructure(vm, this, m_objectPrototype.get()));
</span><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames->Intl, intl, DontEnum);
</span><span class="cx"> #endif // ENABLE(INTL)
</span><del>- putDirectWithoutTransition(vm, vm.propertyNames->JSON, JSONObject::create(vm, JSONObject::createStructure(vm, this, m_objectPrototype.get())), DontEnum);
- putDirectWithoutTransition(vm, vm.propertyNames->Math, MathObject::create(vm, this, MathObject::createStructure(vm, this, m_objectPrototype.get())), DontEnum);
</del><span class="cx"> ReflectObject* reflectObject = ReflectObject::create(vm, this, ReflectObject::createStructure(vm, this, m_objectPrototype.get()));
</span><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames->Reflect, reflectObject, DontEnum);
</span><span class="cx">
</span><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames->console, ConsoleObject::create(vm, this, ConsoleObject::createStructure(vm, this, m_objectPrototype.get())), DontEnum);
</span><span class="cx">
</span><del>- JSTypedArrayViewConstructor* typedArraySuperConstructor = JSTypedArrayViewConstructor::create(vm, this, JSTypedArrayViewConstructor::createStructure(vm, this, m_functionPrototype.get()), typedArrayProto, speciesGetterSetter);
- typedArrayProto->putDirectWithoutTransition(vm, vm.propertyNames->constructor, typedArraySuperConstructor, DontEnum);
-
- m_typedArrays[toIndex(TypeInt8)].constructor.set(vm , this, JSInt8ArrayConstructor::create(vm, this, JSInt8ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeInt8)].prototype.get(), ASCIILiteral("Int8Array"), typedArrayConstructorAllocateInt8ArrayCodeGenerator(vm)));
- m_typedArrays[toIndex(TypeInt16)].constructor.set(vm, this, JSInt16ArrayConstructor::create(vm, this, JSInt16ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeInt16)].prototype.get(), ASCIILiteral("Int16Array"), typedArrayConstructorAllocateInt16ArrayCodeGenerator(vm)));
- m_typedArrays[toIndex(TypeInt32)].constructor.set(vm, this, JSInt32ArrayConstructor::create(vm, this, JSInt32ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeInt32)].prototype.get(), ASCIILiteral("Int32Array"), typedArrayConstructorAllocateInt32ArrayCodeGenerator(vm)));
- m_typedArrays[toIndex(TypeUint8)].constructor.set(vm, this, JSUint8ArrayConstructor::create(vm, this, JSUint8ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeUint8)].prototype.get(), ASCIILiteral("Uint8Array"), typedArrayConstructorAllocateUint8ArrayCodeGenerator(vm)));
- m_typedArrays[toIndex(TypeUint8Clamped)].constructor.set(vm, this, JSUint8ClampedArrayConstructor::create(vm, this, JSUint8ClampedArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeUint8Clamped)].prototype.get(), ASCIILiteral("Uint8ClampedArray"), typedArrayConstructorAllocateUint8ClampedArrayCodeGenerator(vm)));
- m_typedArrays[toIndex(TypeUint16)].constructor.set(vm, this, JSUint16ArrayConstructor::create(vm, this, JSUint16ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeUint16)].prototype.get(), ASCIILiteral("Uint16Array"), typedArrayConstructorAllocateUint16ArrayCodeGenerator(vm)));
- m_typedArrays[toIndex(TypeUint32)].constructor.set(vm, this, JSUint32ArrayConstructor::create(vm, this, JSUint32ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeUint32)].prototype.get(), ASCIILiteral("Uint32Array"), typedArrayConstructorAllocateUint32ArrayCodeGenerator(vm)));
- m_typedArrays[toIndex(TypeFloat32)].constructor.set(vm, this, JSFloat32ArrayConstructor::create(vm, this, JSFloat32ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeFloat32)].prototype.get(), ASCIILiteral("Float32Array"), typedArrayConstructorAllocateFloat32ArrayCodeGenerator(vm)));
- m_typedArrays[toIndex(TypeFloat64)].constructor.set(vm, this, JSFloat64ArrayConstructor::create(vm, this, JSFloat64ArrayConstructor::createStructure(vm, this, typedArraySuperConstructor), m_typedArrays[toIndex(TypeFloat64)].prototype.get(), ASCIILiteral("Float64Array"), typedArrayConstructorAllocateFloat64ArrayCodeGenerator(vm)));
- m_typedArrays[toIndex(TypeDataView)].constructor.set(vm, this, JSDataViewConstructor::create(vm, this, JSDataViewConstructor::createStructure(vm, this, m_functionPrototype.get()), m_typedArrays[toIndex(TypeDataView)].prototype.get(), ASCIILiteral("DataView"), nullptr));
-
- for (unsigned typedArrayIndex = NUMBER_OF_TYPED_ARRAY_TYPES; typedArrayIndex--;) {
- m_typedArrays[typedArrayIndex].prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, m_typedArrays[typedArrayIndex].constructor.get(), DontEnum);
- putDirectWithoutTransition(vm, Identifier::fromString(exec, m_typedArrays[typedArrayIndex].constructor.get()->name(exec)), m_typedArrays[typedArrayIndex].constructor.get(), DontEnum);
- }
-
- putDirectWithoutTransition(vm, vm.propertyNames->Int8ArrayPrivateName, m_typedArrays[toIndex(TypeInt8)].constructor.get(), DontEnum);
- putDirectWithoutTransition(vm, vm.propertyNames->Int16ArrayPrivateName, m_typedArrays[toIndex(TypeInt16)].constructor.get(), DontEnum);
- putDirectWithoutTransition(vm, vm.propertyNames->Int32ArrayPrivateName, m_typedArrays[toIndex(TypeInt32)].constructor.get(), DontEnum);
- putDirectWithoutTransition(vm, vm.propertyNames->Uint8ArrayPrivateName, m_typedArrays[toIndex(TypeUint8)].constructor.get(), DontEnum);
- putDirectWithoutTransition(vm, vm.propertyNames->Uint8ClampedArrayPrivateName, m_typedArrays[toIndex(TypeUint8Clamped)].constructor.get(), DontEnum);
- putDirectWithoutTransition(vm, vm.propertyNames->Uint16ArrayPrivateName, m_typedArrays[toIndex(TypeUint16)].constructor.get(), DontEnum);
- putDirectWithoutTransition(vm, vm.propertyNames->Uint32ArrayPrivateName, m_typedArrays[toIndex(TypeUint32)].constructor.get(), DontEnum);
- putDirectWithoutTransition(vm, vm.propertyNames->Float32ArrayPrivateName, m_typedArrays[toIndex(TypeFloat32)].constructor.get(), DontEnum);
- putDirectWithoutTransition(vm, vm.propertyNames->Float64ArrayPrivateName, m_typedArrays[toIndex(TypeFloat64)].constructor.get(), DontEnum);
-
</del><span class="cx"> m_moduleLoader.set(vm, this, ModuleLoaderObject::create(vm, this, ModuleLoaderObject::createStructure(vm, this, m_objectPrototype.get())));
</span><span class="cx"> if (Options::exposeInternalModuleLoader())
</span><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames->Loader, m_moduleLoader.get(), DontEnum);
</span><span class="lines">@@ -880,24 +988,6 @@
</span><span class="cx"> && objectPrototypeIsSane();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JSGlobalObject::createThrowTypeError(VM& vm)
-{
- JSFunction* thrower = JSFunction::create(vm, this, 0, String(), globalFuncThrowTypeError);
- GetterSetter* getterSetter = GetterSetter::create(vm, this);
- getterSetter->setGetter(vm, this, thrower);
- getterSetter->setSetter(vm, this, thrower);
- m_throwTypeErrorGetterSetter.set(vm, this, getterSetter);
-}
-
-void JSGlobalObject::createThrowTypeErrorArgumentsAndCaller(VM& vm)
-{
- JSFunction* thrower = JSFunction::create(vm, this, 0, String(), globalFuncThrowTypeErrorArgumentsAndCaller);
- GetterSetter* getterSetter = GetterSetter::create(vm, this);
- getterSetter->setGetter(vm, this, thrower);
- getterSetter->setSetter(vm, this, thrower);
- m_throwTypeErrorArgumentsAndCallerGetterSetter.set(vm, this, getterSetter);
-}
-
</del><span class="cx"> // Set prototype, and also insert the object prototype at the end of the chain.
</span><span class="cx"> void JSGlobalObject::resetPrototype(VM& vm, JSValue prototype)
</span><span class="cx"> {
</span><span class="lines">@@ -924,15 +1014,16 @@
</span><span class="cx"> visitor.append(&thisObject->m_globalCallee);
</span><span class="cx"> visitor.append(&thisObject->m_regExpConstructor);
</span><span class="cx"> visitor.append(&thisObject->m_errorConstructor);
</span><del>- visitor.append(&thisObject->m_evalErrorConstructor);
</del><ins>+ visitor.append(&thisObject->m_nativeErrorPrototypeStructure);
+ visitor.append(&thisObject->m_nativeErrorStructure);
+ thisObject->m_evalErrorConstructor.visit(visitor);
</ins><span class="cx"> visitor.append(&thisObject->m_rangeErrorConstructor);
</span><del>- visitor.append(&thisObject->m_referenceErrorConstructor);
- visitor.append(&thisObject->m_syntaxErrorConstructor);
</del><ins>+ thisObject->m_referenceErrorConstructor.visit(visitor);
+ thisObject->m_syntaxErrorConstructor.visit(visitor);
</ins><span class="cx"> visitor.append(&thisObject->m_typeErrorConstructor);
</span><del>- visitor.append(&thisObject->m_URIErrorConstructor);
</del><ins>+ thisObject->m_URIErrorConstructor.visit(visitor);
</ins><span class="cx"> visitor.append(&thisObject->m_objectConstructor);
</span><span class="cx"> visitor.append(&thisObject->m_promiseConstructor);
</span><del>- visitor.append(&thisObject->m_internalPromiseConstructor);
</del><span class="cx">
</span><span class="cx"> visitor.append(&thisObject->m_nullGetterFunction);
</span><span class="cx"> visitor.append(&thisObject->m_nullSetterFunction);
</span><span class="lines">@@ -942,12 +1033,12 @@
</span><span class="cx"> visitor.append(&thisObject->m_callFunction);
</span><span class="cx"> visitor.append(&thisObject->m_applyFunction);
</span><span class="cx"> visitor.append(&thisObject->m_definePropertyFunction);
</span><del>- visitor.append(&thisObject->m_arrayProtoValuesFunction);
- visitor.append(&thisObject->m_initializePromiseFunction);
</del><ins>+ thisObject->m_arrayProtoValuesFunction.visit(visitor);
+ thisObject->m_initializePromiseFunction.visit(visitor);
</ins><span class="cx"> visitor.append(&thisObject->m_newPromiseCapabilityFunction);
</span><span class="cx"> visitor.append(&thisObject->m_functionProtoHasInstanceSymbolFunction);
</span><del>- visitor.append(&thisObject->m_throwTypeErrorGetterSetter);
- visitor.append(&thisObject->m_throwTypeErrorArgumentsAndCallerGetterSetter);
</del><ins>+ thisObject->m_throwTypeErrorGetterSetter.visit(visitor);
+ thisObject->m_throwTypeErrorArgumentsAndCallerGetterSetter.visit(visitor);
</ins><span class="cx"> visitor.append(&thisObject->m_moduleLoader);
</span><span class="cx">
</span><span class="cx"> visitor.append(&thisObject->m_objectPrototype);
</span><span class="lines">@@ -958,11 +1049,11 @@
</span><span class="cx"> visitor.append(&thisObject->m_generatorFunctionPrototype);
</span><span class="cx"> visitor.append(&thisObject->m_generatorPrototype);
</span><span class="cx">
</span><del>- visitor.append(&thisObject->m_debuggerScopeStructure);
- visitor.append(&thisObject->m_withScopeStructure);
</del><ins>+ thisObject->m_debuggerScopeStructure.visit(visitor);
+ thisObject->m_withScopeStructure.visit(visitor);
</ins><span class="cx"> visitor.append(&thisObject->m_strictEvalActivationStructure);
</span><span class="cx"> visitor.append(&thisObject->m_lexicalEnvironmentStructure);
</span><del>- visitor.append(&thisObject->m_moduleEnvironmentStructure);
</del><ins>+ thisObject->m_moduleEnvironmentStructure.visit(visitor);
</ins><span class="cx"> visitor.append(&thisObject->m_directArgumentsStructure);
</span><span class="cx"> visitor.append(&thisObject->m_scopedArgumentsStructure);
</span><span class="cx"> visitor.append(&thisObject->m_clonedArgumentsStructure);
</span><span class="lines">@@ -970,24 +1061,23 @@
</span><span class="cx"> visitor.append(&thisObject->m_originalArrayStructureForIndexingShape[i]);
</span><span class="cx"> for (unsigned i = 0; i < NumberOfIndexingShapes; ++i)
</span><span class="cx"> visitor.append(&thisObject->m_arrayStructureForIndexingShapeDuringAllocation[i]);
</span><del>- visitor.append(&thisObject->m_booleanObjectStructure);
- visitor.append(&thisObject->m_callbackConstructorStructure);
- visitor.append(&thisObject->m_callbackFunctionStructure);
- visitor.append(&thisObject->m_callbackObjectStructure);
</del><ins>+ thisObject->m_callbackConstructorStructure.visit(visitor);
+ thisObject->m_callbackFunctionStructure.visit(visitor);
+ thisObject->m_callbackObjectStructure.visit(visitor);
</ins><span class="cx"> visitor.append(&thisObject->m_propertyNameIteratorStructure);
</span><span class="cx"> #if JSC_OBJC_API_ENABLED
</span><del>- visitor.append(&thisObject->m_objcCallbackFunctionStructure);
- visitor.append(&thisObject->m_objcWrapperObjectStructure);
</del><ins>+ thisObject->m_objcCallbackFunctionStructure.visit(visitor);
+ thisObject->m_objcWrapperObjectStructure.visit(visitor);
</ins><span class="cx"> #endif
</span><del>- visitor.append(&thisObject->m_nullPrototypeObjectStructure);
</del><ins>+ thisObject->m_nullPrototypeObjectStructure.visit(visitor);
</ins><span class="cx"> visitor.append(&thisObject->m_errorStructure);
</span><span class="cx"> visitor.append(&thisObject->m_calleeStructure);
</span><span class="cx"> visitor.append(&thisObject->m_functionStructure);
</span><del>- visitor.append(&thisObject->m_boundSlotBaseFunctionStructure);
- visitor.append(&thisObject->m_boundFunctionStructure);
</del><ins>+ thisObject->m_boundSlotBaseFunctionStructure.visit(visitor);
+ thisObject->m_boundFunctionStructure.visit(visitor);
</ins><span class="cx"> visitor.append(&thisObject->m_getterSetterStructure);
</span><del>- visitor.append(&thisObject->m_nativeStdFunctionStructure);
- visitor.append(&thisObject->m_namedFunctionStructure);
</del><ins>+ thisObject->m_nativeStdFunctionStructure.visit(visitor);
+ thisObject->m_namedFunctionStructure.visit(visitor);
</ins><span class="cx"> visitor.append(&thisObject->m_symbolObjectStructure);
</span><span class="cx"> visitor.append(&thisObject->m_regExpStructure);
</span><span class="cx"> visitor.append(&thisObject->m_generatorFunctionStructure);
</span><span class="lines">@@ -997,7 +1087,6 @@
</span><span class="cx"> visitor.append(&thisObject->m_moduleRecordStructure);
</span><span class="cx"> visitor.append(&thisObject->m_moduleNamespaceObjectStructure);
</span><span class="cx"> visitor.append(&thisObject->m_dollarVMStructure);
</span><del>- visitor.append(&thisObject->m_internalFunctionStructure);
</del><span class="cx"> visitor.append(&thisObject->m_proxyObjectStructure);
</span><span class="cx"> visitor.append(&thisObject->m_callableProxyObjectStructure);
</span><span class="cx"> visitor.append(&thisObject->m_proxyRevokeStructure);
</span><span class="lines">@@ -1010,15 +1099,23 @@
</span><span class="cx"> visitor.append(&thisObject->m_ ## properName ## Structure); \
</span><span class="cx">
</span><span class="cx"> FOR_EACH_SIMPLE_BUILTIN_TYPE(VISIT_SIMPLE_TYPE)
</span><del>- FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(VISIT_SIMPLE_TYPE)
</del><span class="cx">
</span><span class="cx"> #undef VISIT_SIMPLE_TYPE
</span><span class="cx">
</span><del>- for (unsigned i = NUMBER_OF_TYPED_ARRAY_TYPES; i--;) {
- visitor.append(&thisObject->m_typedArrays[i].prototype);
- visitor.append(&thisObject->m_typedArrays[i].constructor);
- visitor.append(&thisObject->m_typedArrays[i].structure);
- }
</del><ins>+#define VISIT_LAZY_TYPE(CapitalName, lowerName, properName, instanceType, jsName) \
+ thisObject->m_ ## properName ## Structure.visit(visitor);
+
+ FOR_EACH_LAZY_BUILTIN_TYPE(VISIT_LAZY_TYPE)
+ FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(VISIT_LAZY_TYPE)
+
+#undef VISIT_LAZY_TYPE
+
+ for (unsigned i = NUMBER_OF_TYPED_ARRAY_TYPES; i--;)
+ thisObject->lazyTypedArrayStructure(indexToTypedArrayType(i)).visit(visitor);
+
+ visitor.append(&thisObject->m_speciesGetterSetter);
+ thisObject->m_typedArrayProto.visit(visitor);
+ thisObject->m_typedArraySuperConstructor.visit(visitor);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSValue JSGlobalObject::toThis(JSCell*, ExecState* exec, ECMAMode ecmaMode)
</span><span class="lines">@@ -1060,7 +1157,7 @@
</span><span class="cx"> bool JSGlobalObject::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
</span><span class="cx"> {
</span><span class="cx"> JSGlobalObject* thisObject = jsCast<JSGlobalObject*>(object);
</span><del>- if (getStaticFunctionSlot<Base>(exec, globalObjectTable, thisObject, propertyName, slot))
</del><ins>+ if (getStaticPropertySlot<JSGlobalObject, Base>(exec, globalObjectTable, thisObject, propertyName, slot))
</ins><span class="cx"> return true;
</span><span class="cx"> return symbolTableGet(thisObject, propertyName, slot);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGlobalObjecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -31,6 +31,8 @@
</span><span class="cx"> #include "JSProxy.h"
</span><span class="cx"> #include "JSSegmentedVariableObject.h"
</span><span class="cx"> #include "JSWeakObjectMapRefInternal.h"
</span><ins>+#include "LazyProperty.h"
+#include "LazyClassStructure.h"
</ins><span class="cx"> #include "NumberPrototype.h"
</span><span class="cx"> #include "RuntimeFlags.h"
</span><span class="cx"> #include "SpecialPointer.h"
</span><span class="lines">@@ -75,6 +77,8 @@
</span><span class="cx"> class JSPromiseConstructor;
</span><span class="cx"> class JSPromisePrototype;
</span><span class="cx"> class JSStack;
</span><ins>+class JSTypedArrayViewConstructor;
+class JSTypedArrayViewPrototype;
</ins><span class="cx"> class LLIntOffsetsExtractor;
</span><span class="cx"> class Microtask;
</span><span class="cx"> class ModuleLoaderObject;
</span><span class="lines">@@ -97,18 +101,13 @@
</span><span class="cx"> #define DEFINE_STANDARD_BUILTIN(macro, upperName, lowerName) macro(upperName, lowerName, lowerName, JS ## upperName, upperName)
</span><span class="cx">
</span><span class="cx"> #define FOR_EACH_SIMPLE_BUILTIN_TYPE_WITH_CONSTRUCTOR(macro) \
</span><del>- macro(Set, set, set, JSSet, Set) \
- macro(Map, map, map, JSMap, Map) \
- macro(Date, date, date, DateInstance, Date) \
</del><span class="cx"> macro(String, string, stringObject, StringObject, String) \
</span><span class="cx"> macro(Symbol, symbol, symbolObject, SymbolObject, Symbol) \
</span><del>- macro(Boolean, boolean, booleanObject, BooleanObject, Boolean) \
</del><span class="cx"> macro(Number, number, numberObject, NumberObject, Number) \
</span><span class="cx"> macro(Error, error, error, ErrorInstance, Error) \
</span><ins>+ macro(Map, map, map, JSMap, Map) \
</ins><span class="cx"> macro(JSPromise, promise, promise, JSPromise, Promise) \
</span><span class="cx"> macro(JSArrayBuffer, arrayBuffer, arrayBuffer, JSArrayBuffer, ArrayBuffer) \
</span><del>- DEFINE_STANDARD_BUILTIN(macro, WeakMap, weakMap) \
- DEFINE_STANDARD_BUILTIN(macro, WeakSet, weakSet) \
</del><span class="cx">
</span><span class="cx"> #define FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(macro) \
</span><span class="cx"> DEFINE_STANDARD_BUILTIN(macro, ArrayIterator, arrayIterator) \
</span><span class="lines">@@ -124,6 +123,13 @@
</span><span class="cx"> FOR_EACH_SIMPLE_BUILTIN_TYPE_WITH_CONSTRUCTOR(macro) \
</span><span class="cx"> macro(JSInternalPromise, internalPromise, internalPromise, JSInternalPromise, InternalPromise) \
</span><span class="cx">
</span><ins>+#define FOR_EACH_LAZY_BUILTIN_TYPE(macro) \
+ macro(Set, set, set, JSSet, Set) \
+ macro(Date, date, date, DateInstance, Date) \
+ macro(Boolean, boolean, booleanObject, BooleanObject, Boolean) \
+ DEFINE_STANDARD_BUILTIN(macro, WeakMap, weakMap) \
+ DEFINE_STANDARD_BUILTIN(macro, WeakSet, weakSet) \
+
</ins><span class="cx"> #define DECLARE_SIMPLE_BUILTIN_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
</span><span class="cx"> class JS ## capitalName; \
</span><span class="cx"> class capitalName ## Prototype; \
</span><span class="lines">@@ -131,10 +137,15 @@
</span><span class="cx">
</span><span class="cx"> class IteratorPrototype;
</span><span class="cx"> FOR_EACH_SIMPLE_BUILTIN_TYPE(DECLARE_SIMPLE_BUILTIN_TYPE)
</span><ins>+FOR_EACH_LAZY_BUILTIN_TYPE(DECLARE_SIMPLE_BUILTIN_TYPE)
</ins><span class="cx"> FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(DECLARE_SIMPLE_BUILTIN_TYPE)
</span><span class="cx">
</span><span class="cx"> #undef DECLARE_SIMPLE_BUILTIN_TYPE
</span><span class="cx">
</span><ins>+class JSInternalPromise;
+class InternalPromisePrototype;
+class InternalPromiseConstructor;
+
</ins><span class="cx"> typedef Vector<ExecState*, 16> ExecStateStack;
</span><span class="cx">
</span><span class="cx"> struct GlobalObjectMethodTable {
</span><span class="lines">@@ -197,7 +208,11 @@
</span><span class="cx"> OpaqueJSClassDataMap opaqueJSClassData;
</span><span class="cx"> };
</span><span class="cx">
</span><del>-protected:
</del><ins>+// Our hashtable code-generator tries to access these properties, so we make them public.
+// However, we'd like it better if they could be protected.
+public:
+ template<typename T> using Initializer = typename LazyProperty<JSGlobalObject, T>::Initializer;
+
</ins><span class="cx"> Register m_globalCallFrame[JSStack::CallFrameHeaderSize];
</span><span class="cx">
</span><span class="cx"> WriteBarrier<JSObject> m_globalThis;
</span><span class="lines">@@ -206,12 +221,14 @@
</span><span class="cx"> WriteBarrier<JSObject> m_globalCallee;
</span><span class="cx"> WriteBarrier<RegExpConstructor> m_regExpConstructor;
</span><span class="cx"> WriteBarrier<ErrorConstructor> m_errorConstructor;
</span><del>- WriteBarrier<NativeErrorConstructor> m_evalErrorConstructor;
</del><ins>+ WriteBarrier<Structure> m_nativeErrorPrototypeStructure;
+ WriteBarrier<Structure> m_nativeErrorStructure;
+ LazyProperty<JSGlobalObject, NativeErrorConstructor> m_evalErrorConstructor;
</ins><span class="cx"> WriteBarrier<NativeErrorConstructor> m_rangeErrorConstructor;
</span><del>- WriteBarrier<NativeErrorConstructor> m_referenceErrorConstructor;
- WriteBarrier<NativeErrorConstructor> m_syntaxErrorConstructor;
</del><ins>+ LazyProperty<JSGlobalObject, NativeErrorConstructor> m_referenceErrorConstructor;
+ LazyProperty<JSGlobalObject, NativeErrorConstructor> m_syntaxErrorConstructor;
</ins><span class="cx"> WriteBarrier<NativeErrorConstructor> m_typeErrorConstructor;
</span><del>- WriteBarrier<NativeErrorConstructor> m_URIErrorConstructor;
</del><ins>+ LazyProperty<JSGlobalObject, NativeErrorConstructor> m_URIErrorConstructor;
</ins><span class="cx"> WriteBarrier<ObjectConstructor> m_objectConstructor;
</span><span class="cx"> WriteBarrier<JSPromiseConstructor> m_promiseConstructor;
</span><span class="cx"> WriteBarrier<JSInternalPromiseConstructor> m_internalPromiseConstructor;
</span><span class="lines">@@ -225,16 +242,16 @@
</span><span class="cx"> WriteBarrier<JSFunction> m_callFunction;
</span><span class="cx"> WriteBarrier<JSFunction> m_applyFunction;
</span><span class="cx"> WriteBarrier<JSFunction> m_definePropertyFunction;
</span><del>- WriteBarrier<JSFunction> m_arrayProtoValuesFunction;
- WriteBarrier<JSFunction> m_initializePromiseFunction;
</del><ins>+ LazyProperty<JSGlobalObject, JSFunction> m_arrayProtoValuesFunction;
+ LazyProperty<JSGlobalObject, JSFunction> m_initializePromiseFunction;
</ins><span class="cx"> WriteBarrier<JSFunction> m_newPromiseCapabilityFunction;
</span><span class="cx"> WriteBarrier<JSFunction> m_functionProtoHasInstanceSymbolFunction;
</span><ins>+ LazyProperty<JSGlobalObject, GetterSetter> m_throwTypeErrorGetterSetter;
</ins><span class="cx"> WriteBarrier<JSObject> m_regExpProtoExec;
</span><span class="cx"> WriteBarrier<JSObject> m_regExpProtoSymbolReplace;
</span><span class="cx"> WriteBarrier<JSObject> m_regExpProtoGlobalGetter;
</span><span class="cx"> WriteBarrier<JSObject> m_regExpProtoUnicodeGetter;
</span><del>- WriteBarrier<GetterSetter> m_throwTypeErrorGetterSetter;
- WriteBarrier<GetterSetter> m_throwTypeErrorArgumentsAndCallerGetterSetter;
</del><ins>+ LazyProperty<JSGlobalObject, GetterSetter> m_throwTypeErrorArgumentsAndCallerGetterSetter;
</ins><span class="cx">
</span><span class="cx"> WriteBarrier<ModuleLoaderObject> m_moduleLoader;
</span><span class="cx">
</span><span class="lines">@@ -246,11 +263,11 @@
</span><span class="cx"> WriteBarrier<GeneratorFunctionPrototype> m_generatorFunctionPrototype;
</span><span class="cx"> WriteBarrier<GeneratorPrototype> m_generatorPrototype;
</span><span class="cx">
</span><del>- WriteBarrier<Structure> m_debuggerScopeStructure;
- WriteBarrier<Structure> m_withScopeStructure;
</del><ins>+ LazyProperty<JSGlobalObject, Structure> m_debuggerScopeStructure;
+ LazyProperty<JSGlobalObject, Structure> m_withScopeStructure;
</ins><span class="cx"> WriteBarrier<Structure> m_strictEvalActivationStructure;
</span><span class="cx"> WriteBarrier<Structure> m_lexicalEnvironmentStructure;
</span><del>- WriteBarrier<Structure> m_moduleEnvironmentStructure;
</del><ins>+ LazyProperty<JSGlobalObject, Structure> m_moduleEnvironmentStructure;
</ins><span class="cx"> WriteBarrier<Structure> m_directArgumentsStructure;
</span><span class="cx"> WriteBarrier<Structure> m_scopedArgumentsStructure;
</span><span class="cx"> WriteBarrier<Structure> m_clonedArgumentsStructure;
</span><span class="lines">@@ -261,28 +278,27 @@
</span><span class="cx"> // These structures will differ from the originals list above when we are having a bad time.
</span><span class="cx"> WriteBarrier<Structure> m_arrayStructureForIndexingShapeDuringAllocation[NumberOfIndexingShapes];
</span><span class="cx">
</span><del>- WriteBarrier<Structure> m_callbackConstructorStructure;
- WriteBarrier<Structure> m_callbackFunctionStructure;
- WriteBarrier<Structure> m_callbackObjectStructure;
</del><ins>+ LazyProperty<JSGlobalObject, Structure> m_callbackConstructorStructure;
+ LazyProperty<JSGlobalObject, Structure> m_callbackFunctionStructure;
+ LazyProperty<JSGlobalObject, Structure> m_callbackObjectStructure;
</ins><span class="cx"> WriteBarrier<Structure> m_propertyNameIteratorStructure;
</span><span class="cx"> #if JSC_OBJC_API_ENABLED
</span><del>- WriteBarrier<Structure> m_objcCallbackFunctionStructure;
- WriteBarrier<Structure> m_objcWrapperObjectStructure;
</del><ins>+ LazyProperty<JSGlobalObject, Structure> m_objcCallbackFunctionStructure;
+ LazyProperty<JSGlobalObject, Structure> m_objcWrapperObjectStructure;
</ins><span class="cx"> #endif
</span><del>- WriteBarrier<Structure> m_nullPrototypeObjectStructure;
</del><ins>+ LazyProperty<JSGlobalObject, Structure> m_nullPrototypeObjectStructure;
</ins><span class="cx"> WriteBarrier<Structure> m_calleeStructure;
</span><span class="cx"> WriteBarrier<Structure> m_functionStructure;
</span><del>- WriteBarrier<Structure> m_boundFunctionStructure;
- WriteBarrier<Structure> m_boundSlotBaseFunctionStructure;
</del><ins>+ LazyProperty<JSGlobalObject, Structure> m_boundFunctionStructure;
+ LazyProperty<JSGlobalObject, Structure> m_boundSlotBaseFunctionStructure;
</ins><span class="cx"> WriteBarrier<Structure> m_getterSetterStructure;
</span><del>- WriteBarrier<Structure> m_nativeStdFunctionStructure;
- WriteBarrier<Structure> m_namedFunctionStructure;
</del><ins>+ LazyProperty<JSGlobalObject, Structure> m_nativeStdFunctionStructure;
+ LazyProperty<JSGlobalObject, Structure> m_namedFunctionStructure;
</ins><span class="cx"> PropertyOffset m_functionNameOffset;
</span><span class="cx"> WriteBarrier<Structure> m_privateNameStructure;
</span><span class="cx"> WriteBarrier<Structure> m_regExpStructure;
</span><span class="cx"> WriteBarrier<Structure> m_generatorFunctionStructure;
</span><span class="cx"> WriteBarrier<Structure> m_dollarVMStructure;
</span><del>- WriteBarrier<Structure> m_internalFunctionStructure;
</del><span class="cx"> WriteBarrier<Structure> m_iteratorResultObjectStructure;
</span><span class="cx"> WriteBarrier<Structure> m_regExpMatchesArrayStructure;
</span><span class="cx"> WriteBarrier<Structure> m_regExpMatchesArraySlowPutStructure;
</span><span class="lines">@@ -300,18 +316,28 @@
</span><span class="cx"> WriteBarrier<Structure> m_ ## properName ## Structure;
</span><span class="cx">
</span><span class="cx"> FOR_EACH_SIMPLE_BUILTIN_TYPE(DEFINE_STORAGE_FOR_SIMPLE_TYPE)
</span><del>- FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(DEFINE_STORAGE_FOR_SIMPLE_TYPE)
</del><span class="cx">
</span><span class="cx"> #undef DEFINE_STORAGE_FOR_SIMPLE_TYPE
</span><span class="cx">
</span><del>- struct TypedArrayData {
- WriteBarrier<JSObject> prototype;
- WriteBarrier<InternalFunction> constructor;
- WriteBarrier<Structure> structure;
- };
</del><ins>+#define DEFINE_STORAGE_FOR_ITERATOR_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
+ LazyProperty<JSGlobalObject, Structure> m_ ## properName ## Structure;
+ FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(DEFINE_STORAGE_FOR_ITERATOR_TYPE)
+#undef DEFINE_STORAGE_FOR_ITERATOR_TYPE
</ins><span class="cx">
</span><del>- std::array<TypedArrayData, NUMBER_OF_TYPED_ARRAY_TYPES> m_typedArrays;
</del><ins>+#define DEFINE_STORAGE_FOR_LAZY_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
+ LazyClassStructure m_ ## properName ## Structure;
+ FOR_EACH_LAZY_BUILTIN_TYPE(DEFINE_STORAGE_FOR_LAZY_TYPE)
+#undef DEFINE_STORAGE_FOR_LAZY_TYPE
</ins><span class="cx">
</span><ins>+ WriteBarrier<GetterSetter> m_speciesGetterSetter;
+
+ LazyProperty<JSGlobalObject, JSTypedArrayViewPrototype> m_typedArrayProto;
+ LazyProperty<JSGlobalObject, JSTypedArrayViewConstructor> m_typedArraySuperConstructor;
+
+#define DECLARE_TYPED_ARRAY_TYPE_STRUCTURE(name) LazyClassStructure m_typedArray ## name;
+ FOR_EACH_TYPED_ARRAY_TYPE(DECLARE_TYPED_ARRAY_TYPE_STRUCTURE)
+#undef DECLARE_TYPED_ARRAY_TYPE_STRUCTURE
+
</ins><span class="cx"> JSCell* m_specialPointers[Special::TableSize]; // Special pointers used by the LLInt and JIT.
</span><span class="cx"> JSCell* m_linkTimeConstants[LinkTimeConstantCount];
</span><span class="cx">
</span><span class="lines">@@ -437,12 +463,12 @@
</span><span class="cx"> ObjectConstructor* objectConstructor() const { return m_objectConstructor.get(); }
</span><span class="cx"> JSPromiseConstructor* promiseConstructor() const { return m_promiseConstructor.get(); }
</span><span class="cx"> JSInternalPromiseConstructor* internalPromiseConstructor() const { return m_internalPromiseConstructor.get(); }
</span><del>- NativeErrorConstructor* evalErrorConstructor() const { return m_evalErrorConstructor.get(); }
</del><ins>+ NativeErrorConstructor* evalErrorConstructor() const { return m_evalErrorConstructor.get(this); }
</ins><span class="cx"> NativeErrorConstructor* rangeErrorConstructor() const { return m_rangeErrorConstructor.get(); }
</span><del>- NativeErrorConstructor* referenceErrorConstructor() const { return m_referenceErrorConstructor.get(); }
- NativeErrorConstructor* syntaxErrorConstructor() const { return m_syntaxErrorConstructor.get(); }
</del><ins>+ NativeErrorConstructor* referenceErrorConstructor() const { return m_referenceErrorConstructor.get(this); }
+ NativeErrorConstructor* syntaxErrorConstructor() const { return m_syntaxErrorConstructor.get(this); }
</ins><span class="cx"> NativeErrorConstructor* typeErrorConstructor() const { return m_typeErrorConstructor.get(); }
</span><del>- NativeErrorConstructor* URIErrorConstructor() const { return m_URIErrorConstructor.get(); }
</del><ins>+ NativeErrorConstructor* URIErrorConstructor() const { return m_URIErrorConstructor.get(this); }
</ins><span class="cx">
</span><span class="cx"> NullGetterFunction* nullGetterFunction() const { return m_nullGetterFunction.get(); }
</span><span class="cx"> NullSetterFunction* nullSetterFunction() const { return m_nullSetterFunction.get(); }
</span><span class="lines">@@ -453,26 +479,22 @@
</span><span class="cx"> JSFunction* callFunction() const { return m_callFunction.get(); }
</span><span class="cx"> JSFunction* applyFunction() const { return m_applyFunction.get(); }
</span><span class="cx"> JSFunction* definePropertyFunction() const { return m_definePropertyFunction.get(); }
</span><del>- JSFunction* arrayProtoValuesFunction() const { return m_arrayProtoValuesFunction.get(); }
- JSFunction* initializePromiseFunction() const { return m_initializePromiseFunction.get(); }
</del><ins>+ JSFunction* arrayProtoValuesFunction() const { return m_arrayProtoValuesFunction.get(this); }
+ JSFunction* initializePromiseFunction() const { return m_initializePromiseFunction.get(this); }
</ins><span class="cx"> JSFunction* newPromiseCapabilityFunction() const { return m_newPromiseCapabilityFunction.get(); }
</span><span class="cx"> JSFunction* functionProtoHasInstanceSymbolFunction() const { return m_functionProtoHasInstanceSymbolFunction.get(); }
</span><span class="cx"> JSObject* regExpProtoExecFunction() const { return m_regExpProtoExec.get(); }
</span><span class="cx"> JSObject* regExpProtoSymbolReplaceFunction() const { return m_regExpProtoSymbolReplace.get(); }
</span><span class="cx"> JSObject* regExpProtoGlobalGetter() const { return m_regExpProtoGlobalGetter.get(); }
</span><span class="cx"> JSObject* regExpProtoUnicodeGetter() const { return m_regExpProtoUnicodeGetter.get(); }
</span><del>- GetterSetter* throwTypeErrorGetterSetter(VM& vm)
</del><ins>+ GetterSetter* throwTypeErrorGetterSetter()
</ins><span class="cx"> {
</span><del>- if (!m_throwTypeErrorGetterSetter)
- createThrowTypeError(vm);
- return m_throwTypeErrorGetterSetter.get();
</del><ins>+ return m_throwTypeErrorGetterSetter.get(this);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- GetterSetter* throwTypeErrorArgumentsAndCallerGetterSetter(VM& vm)
</del><ins>+ GetterSetter* throwTypeErrorArgumentsAndCallerGetterSetter()
</ins><span class="cx"> {
</span><del>- if (!m_throwTypeErrorArgumentsAndCallerGetterSetter)
- createThrowTypeErrorArgumentsAndCaller(vm);
- return m_throwTypeErrorArgumentsAndCallerGetterSetter.get();
</del><ins>+ return m_throwTypeErrorArgumentsAndCallerGetterSetter.get(this);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> ModuleLoaderObject* moduleLoader() const { return m_moduleLoader.get(); }
</span><span class="lines">@@ -480,22 +502,22 @@
</span><span class="cx"> ObjectPrototype* objectPrototype() const { return m_objectPrototype.get(); }
</span><span class="cx"> FunctionPrototype* functionPrototype() const { return m_functionPrototype.get(); }
</span><span class="cx"> ArrayPrototype* arrayPrototype() const { return m_arrayPrototype.get(); }
</span><del>- BooleanPrototype* booleanPrototype() const { return m_booleanPrototype.get(); }
</del><ins>+ JSObject* booleanPrototype() const { return m_booleanObjectStructure.prototype(this); }
</ins><span class="cx"> StringPrototype* stringPrototype() const { return m_stringPrototype.get(); }
</span><span class="cx"> SymbolPrototype* symbolPrototype() const { return m_symbolPrototype.get(); }
</span><del>- NumberPrototype* numberPrototype() const { return m_numberPrototype.get(); }
- DatePrototype* datePrototype() const { return m_datePrototype.get(); }
</del><ins>+ JSObject* numberPrototype() const { return m_numberPrototype.get(); }
+ JSObject* datePrototype() const { return m_dateStructure.prototype(this); }
</ins><span class="cx"> RegExpPrototype* regExpPrototype() const { return m_regExpPrototype.get(); }
</span><span class="cx"> ErrorPrototype* errorPrototype() const { return m_errorPrototype.get(); }
</span><span class="cx"> IteratorPrototype* iteratorPrototype() const { return m_iteratorPrototype.get(); }
</span><span class="cx"> GeneratorFunctionPrototype* generatorFunctionPrototype() const { return m_generatorFunctionPrototype.get(); }
</span><span class="cx"> GeneratorPrototype* generatorPrototype() const { return m_generatorPrototype.get(); }
</span><span class="cx">
</span><del>- Structure* debuggerScopeStructure() const { return m_debuggerScopeStructure.get(); }
- Structure* withScopeStructure() const { return m_withScopeStructure.get(); }
</del><ins>+ Structure* debuggerScopeStructure() const { return m_debuggerScopeStructure.get(this); }
+ Structure* withScopeStructure() const { return m_withScopeStructure.get(this); }
</ins><span class="cx"> Structure* strictEvalActivationStructure() const { return m_strictEvalActivationStructure.get(); }
</span><span class="cx"> Structure* activationStructure() const { return m_lexicalEnvironmentStructure.get(); }
</span><del>- Structure* moduleEnvironmentStructure() const { return m_moduleEnvironmentStructure.get(); }
</del><ins>+ Structure* moduleEnvironmentStructure() const { return m_moduleEnvironmentStructure.get(this); }
</ins><span class="cx"> Structure* directArgumentsStructure() const { return m_directArgumentsStructure.get(); }
</span><span class="cx"> Structure* scopedArgumentsStructure() const { return m_scopedArgumentsStructure.get(); }
</span><span class="cx"> Structure* clonedArgumentsStructure() const { return m_clonedArgumentsStructure.get(); }
</span><span class="lines">@@ -523,33 +545,32 @@
</span><span class="cx"> return originalArrayStructureForIndexingType(structure->indexingType() | IsArray) == structure;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- Structure* booleanObjectStructure() const { return m_booleanObjectStructure.get(); }
- Structure* callbackConstructorStructure() const { return m_callbackConstructorStructure.get(); }
- Structure* callbackFunctionStructure() const { return m_callbackFunctionStructure.get(); }
- Structure* callbackObjectStructure() const { return m_callbackObjectStructure.get(); }
</del><ins>+ Structure* booleanObjectStructure() const { return m_booleanObjectStructure.get(this); }
+ Structure* callbackConstructorStructure() const { return m_callbackConstructorStructure.get(this); }
+ Structure* callbackFunctionStructure() const { return m_callbackFunctionStructure.get(this); }
+ Structure* callbackObjectStructure() const { return m_callbackObjectStructure.get(this); }
</ins><span class="cx"> Structure* propertyNameIteratorStructure() const { return m_propertyNameIteratorStructure.get(); }
</span><span class="cx"> #if JSC_OBJC_API_ENABLED
</span><del>- Structure* objcCallbackFunctionStructure() const { return m_objcCallbackFunctionStructure.get(); }
- Structure* objcWrapperObjectStructure() const { return m_objcWrapperObjectStructure.get(); }
</del><ins>+ Structure* objcCallbackFunctionStructure() const { return m_objcCallbackFunctionStructure.get(this); }
+ Structure* objcWrapperObjectStructure() const { return m_objcWrapperObjectStructure.get(this); }
</ins><span class="cx"> #endif
</span><del>- Structure* dateStructure() const { return m_dateStructure.get(); }
- Structure* nullPrototypeObjectStructure() const { return m_nullPrototypeObjectStructure.get(); }
</del><ins>+ Structure* dateStructure() const { return m_dateStructure.get(this); }
+ Structure* nullPrototypeObjectStructure() const { return m_nullPrototypeObjectStructure.get(this); }
</ins><span class="cx"> Structure* errorStructure() const { return m_errorStructure.get(); }
</span><span class="cx"> Structure* calleeStructure() const { return m_calleeStructure.get(); }
</span><span class="cx"> Structure* functionStructure() const { return m_functionStructure.get(); }
</span><del>- Structure* boundFunctionStructure() const { return m_boundFunctionStructure.get(); }
- Structure* boundSlotBaseFunctionStructure() const { return m_boundSlotBaseFunctionStructure.get(); }
</del><ins>+ Structure* boundFunctionStructure() const { return m_boundFunctionStructure.get(this); }
+ Structure* boundSlotBaseFunctionStructure() const { return m_boundSlotBaseFunctionStructure.get(this); }
</ins><span class="cx"> Structure* getterSetterStructure() const { return m_getterSetterStructure.get(); }
</span><del>- Structure* nativeStdFunctionStructure() const { return m_nativeStdFunctionStructure.get(); }
- Structure* namedFunctionStructure() const { return m_namedFunctionStructure.get(); }
</del><ins>+ Structure* nativeStdFunctionStructure() const { return m_nativeStdFunctionStructure.get(this); }
+ Structure* namedFunctionStructure() const { return m_namedFunctionStructure.get(this); }
</ins><span class="cx"> PropertyOffset functionNameOffset() const { return m_functionNameOffset; }
</span><span class="cx"> Structure* numberObjectStructure() const { return m_numberObjectStructure.get(); }
</span><span class="cx"> Structure* privateNameStructure() const { return m_privateNameStructure.get(); }
</span><del>- Structure* internalFunctionStructure() const { return m_internalFunctionStructure.get(); }
</del><span class="cx"> Structure* mapStructure() const { return m_mapStructure.get(); }
</span><span class="cx"> Structure* regExpStructure() const { return m_regExpStructure.get(); }
</span><span class="cx"> Structure* generatorFunctionStructure() const { return m_generatorFunctionStructure.get(); }
</span><del>- Structure* setStructure() const { return m_setStructure.get(); }
</del><ins>+ Structure* setStructure() const { return m_setStructure.get(this); }
</ins><span class="cx"> Structure* stringObjectStructure() const { return m_stringObjectStructure.get(); }
</span><span class="cx"> Structure* symbolObjectStructure() const { return m_symbolObjectStructure.get(); }
</span><span class="cx"> Structure* iteratorResultObjectStructure() const { return m_iteratorResultObjectStructure.get(); }
</span><span class="lines">@@ -594,25 +615,60 @@
</span><span class="cx"> Structure* properName ## Structure() { return m_ ## properName ## Structure.get(); }
</span><span class="cx">
</span><span class="cx"> FOR_EACH_SIMPLE_BUILTIN_TYPE(DEFINE_ACCESSORS_FOR_SIMPLE_TYPE)
</span><del>- FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(DEFINE_ACCESSORS_FOR_SIMPLE_TYPE)
</del><span class="cx">
</span><span class="cx"> #undef DEFINE_ACCESSORS_FOR_SIMPLE_TYPE
</span><span class="cx">
</span><ins>+#define DEFINE_ACCESSORS_FOR_ITERATOR_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
+ Structure* properName ## Structure() { return m_ ## properName ## Structure.get(this); }
+
+ FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(DEFINE_ACCESSORS_FOR_ITERATOR_TYPE)
+
+#undef DEFINE_ACCESSORS_FOR_ITERATOR_TYPE
+
+#define DEFINE_ACCESSORS_FOR_LAZY_TYPE(capitalName, lowerName, properName, instanceType, jsName) \
+ Structure* properName ## Structure() { return m_ ## properName ## Structure.get(this); }
+
+ FOR_EACH_LAZY_BUILTIN_TYPE(DEFINE_ACCESSORS_FOR_LAZY_TYPE)
+
+#undef DEFINE_ACCESSORS_FOR_LAZY_TYPE
+
+ LazyClassStructure& lazyTypedArrayStructure(TypedArrayType type)
+ {
+ switch (type) {
+ case NotTypedArray:
+ RELEASE_ASSERT_NOT_REACHED();
+ return m_typedArrayInt8;
+#define TYPED_ARRAY_TYPE_CASE(name) case Type ## name: return m_typedArray ## name;
+ FOR_EACH_TYPED_ARRAY_TYPE(TYPED_ARRAY_TYPE_CASE)
+#undef TYPED_ARRAY_TYPE_CASE
+ }
+ RELEASE_ASSERT_NOT_REACHED();
+ return m_typedArrayInt8;
+ }
+ const LazyClassStructure& lazyTypedArrayStructure(TypedArrayType type) const
+ {
+ return const_cast<const LazyClassStructure&>(const_cast<JSGlobalObject*>(this)->lazyTypedArrayStructure(type));
+ }
+
</ins><span class="cx"> Structure* typedArrayStructure(TypedArrayType type) const
</span><span class="cx"> {
</span><del>- return m_typedArrays[toIndex(type)].structure.get();
</del><ins>+ return lazyTypedArrayStructure(type).get(this);
</ins><span class="cx"> }
</span><ins>+ Structure* typedArrayStructureConcurrently(TypedArrayType type) const
+ {
+ return lazyTypedArrayStructure(type).getConcurrently();
+ }
</ins><span class="cx"> bool isOriginalTypedArrayStructure(Structure* structure)
</span><span class="cx"> {
</span><span class="cx"> TypedArrayType type = structure->classInfo()->typedArrayStorageType;
</span><span class="cx"> if (type == NotTypedArray)
</span><span class="cx"> return false;
</span><del>- return typedArrayStructure(type) == structure;
</del><ins>+ return typedArrayStructureConcurrently(type) == structure;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSObject* typedArrayConstructor(TypedArrayType type) const
</span><span class="cx"> {
</span><del>- return m_typedArrays[toIndex(type)].constructor.get();
</del><ins>+ return lazyTypedArrayStructure(type).constructor(this);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSCell* actualPointerFor(Special::Pointer pointer)
</span><span class="lines">@@ -739,9 +795,6 @@
</span><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE void init(VM&);
</span><span class="cx">
</span><del>- void createThrowTypeError(VM&);
- void createThrowTypeErrorArgumentsAndCaller(VM&);
-
</del><span class="cx"> JS_EXPORT_PRIVATE static void clearRareData(JSCell*);
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSNativeStdFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSNativeStdFunction.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSNativeStdFunction.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/JSNativeStdFunction.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -68,7 +68,8 @@
</span><span class="cx"> {
</span><span class="cx"> NativeExecutable* executable = lookUpOrCreateNativeExecutable(vm, runStdFunction, intrinsic, nativeConstructor, name);
</span><span class="cx"> NativeStdFunctionCell* functionCell = NativeStdFunctionCell::create(vm, WTFMove(nativeStdFunction));
</span><del>- JSNativeStdFunction* function = new (NotNull, allocateCell<JSNativeStdFunction>(vm.heap)) JSNativeStdFunction(vm, globalObject, globalObject->nativeStdFunctionStructure());
</del><ins>+ Structure* structure = globalObject->nativeStdFunctionStructure();
+ JSNativeStdFunction* function = new (NotNull, allocateCell<JSNativeStdFunction>(vm.heap)) JSNativeStdFunction(vm, globalObject, structure);
</ins><span class="cx"> function->finishCreation(vm, executable, length, name, functionCell);
</span><span class="cx"> return function;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSWithScopecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSWithScope.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSWithScope.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/JSWithScope.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All Rights Reserved.
</del><ins>+ * Copyright (C) 2012, 2016 Apple Inc. All Rights Reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -32,6 +32,15 @@
</span><span class="cx">
</span><span class="cx"> const ClassInfo JSWithScope::s_info = { "WithScope", &Base::s_info, 0, CREATE_METHOD_TABLE(JSWithScope) };
</span><span class="cx">
</span><ins>+JSWithScope* JSWithScope::create(
+ VM& vm, JSGlobalObject* globalObject, JSObject* object, JSScope* next)
+{
+ Structure* structure = globalObject->withScopeStructure();
+ JSWithScope* withScope = new (NotNull, allocateCell<JSWithScope>(vm.heap)) JSWithScope(vm, structure, object, next);
+ withScope->finishCreation(vm);
+ return withScope;
+}
+
</ins><span class="cx"> void JSWithScope::visitChildren(JSCell* cell, SlotVisitor& visitor)
</span><span class="cx"> {
</span><span class="cx"> JSWithScope* thisObject = jsCast<JSWithScope*>(cell);
</span><span class="lines">@@ -40,4 +49,15 @@
</span><span class="cx"> visitor.append(&thisObject->m_object);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+Structure* JSWithScope::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto)
+{
+ return Structure::create(vm, globalObject, proto, TypeInfo(WithScopeType, StructureFlags), info());
+}
+
+JSWithScope::JSWithScope(VM& vm, Structure* structure, JSObject* object, JSScope* next)
+ : Base(vm, structure, next)
+ , m_object(vm, this, object)
+{
+}
+
</ins><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSWithScopeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSWithScope.h (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSWithScope.h 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/JSWithScope.h 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All Rights Reserved.
</del><ins>+ * Copyright (C) 2012, 2016 Apple Inc. All Rights Reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -34,34 +34,18 @@
</span><span class="cx"> public:
</span><span class="cx"> typedef JSScope Base;
</span><span class="cx">
</span><del>- static JSWithScope* create(ExecState* exec, JSObject* object, JSScope* next)
- {
- JSWithScope* withScope = new (NotNull, allocateCell<JSWithScope>(*exec->heap())) JSWithScope(exec, object, next);
- withScope->finishCreation(exec->vm());
- return withScope;
- }
</del><ins>+ JS_EXPORT_PRIVATE static JSWithScope* create(VM&, JSGlobalObject*, JSObject*, JSScope* next);
</ins><span class="cx">
</span><span class="cx"> JSObject* object() { return m_object.get(); }
</span><span class="cx">
</span><span class="cx"> static void visitChildren(JSCell*, SlotVisitor&);
</span><span class="cx">
</span><del>- static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto)
- {
- return Structure::create(vm, globalObject, proto, TypeInfo(WithScopeType, StructureFlags), info());
- }
</del><ins>+ static Structure* createStructure(VM&, JSGlobalObject*, JSValue proto);
</ins><span class="cx">
</span><span class="cx"> DECLARE_EXPORT_INFO;
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- JSWithScope(ExecState* exec, JSObject* object, JSScope* next)
- : Base(
- exec->vm(),
- exec->lexicalGlobalObject()->withScopeStructure(),
- next
- )
- , m_object(exec->vm(), this, object)
- {
- }
</del><ins>+ JSWithScope(VM&, Structure*, JSObject*, JSScope* next);
</ins><span class="cx">
</span><span class="cx"> WriteBarrier<JSObject> m_object;
</span><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeLazyClassStructurecpp"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/LazyClassStructure.cpp (0 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/LazyClassStructure.cpp (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/LazyClassStructure.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -0,0 +1,102 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "LazyClassStructure.h"
+
+#include "JSCInlines.h"
+#include "LazyPropertyInlines.h"
+
+namespace JSC {
+
+LazyClassStructure::Initializer::Initializer(VM& vm, JSGlobalObject* global, LazyClassStructure& classStructure, const StructureInitializer& structureInit)
+ : vm(vm)
+ , global(global)
+ , classStructure(classStructure)
+ , structureInit(structureInit)
+{
+}
+
+void LazyClassStructure::Initializer::setPrototype(JSObject* prototype)
+{
+ RELEASE_ASSERT(!this->prototype);
+ RELEASE_ASSERT(!structure);
+ RELEASE_ASSERT(!constructor);
+
+ this->prototype = prototype;
+}
+
+void LazyClassStructure::Initializer::setStructure(Structure* structure)
+{
+ RELEASE_ASSERT(!this->structure);
+ RELEASE_ASSERT(!constructor);
+
+ this->structure = structure;
+ structureInit.set(structure);
+
+ if (!prototype)
+ prototype = structure->storedPrototypeObject();
+}
+
+void LazyClassStructure::Initializer::setConstructor(PropertyName propertyName, JSObject* constructor)
+{
+ RELEASE_ASSERT(structure);
+ RELEASE_ASSERT(prototype);
+ RELEASE_ASSERT(!this->constructor);
+
+ this->constructor = constructor;
+
+ prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, constructor, DontEnum);
+ if (!propertyName.isNull())
+ global->putDirect(vm, propertyName, constructor, DontEnum);
+ classStructure.m_constructor.set(vm, global, constructor);
+}
+
+void LazyClassStructure::Initializer::setConstructor(JSObject* constructor)
+{
+ String name;
+ if (InternalFunction* internalFunction = jsDynamicCast<InternalFunction*>(constructor))
+ name = internalFunction->name();
+ else if (JSFunction* function = jsDynamicCast<JSFunction*>(constructor))
+ name = function->name();
+ else
+ RELEASE_ASSERT_NOT_REACHED();
+
+ setConstructor(Identifier::fromString(&vm, name), constructor);
+}
+
+void LazyClassStructure::visit(SlotVisitor& visitor)
+{
+ m_structure.visit(visitor);
+ visitor.append(&m_constructor);
+}
+
+void LazyClassStructure::dump(PrintStream& out) const
+{
+ out.print("<structure = ", m_structure, ", constructor = ", RawPointer(m_constructor.get()), ">");
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeLazyClassStructureh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/LazyClassStructure.h (0 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/LazyClassStructure.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/LazyClassStructure.h 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -0,0 +1,129 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef LazyClassStructure_h
+#define LazyClassStructure_h
+
+#include "LazyProperty.h"
+#include "Structure.h"
+
+namespace JSC {
+
+class JSGlobalObject;
+class VM;
+
+class LazyClassStructure {
+ typedef LazyProperty<JSGlobalObject, Structure>::Initializer StructureInitializer;
+
+public:
+ struct Initializer {
+ Initializer(VM&, JSGlobalObject*, LazyClassStructure&, const StructureInitializer&);
+
+ // This should be called first or not at all.
+ void setPrototype(JSObject* prototype);
+
+ // If this is called after setPrototype() then it just sets the structure. If this is
+ // called first then it sets the prototype by extracting it from the structure.
+ void setStructure(Structure*);
+
+ // Call this last. It's expected that the constructor is initialized to point to the
+ // prototype already. This will automatically set prototype.constructor=constructor.
+ // This will also stuff the constructor into the global object at the given property.
+ // Note that the variant that does not take a property name attempts to deduce it by
+ // casting constructor to either JSFunction or InternalFunction. Also, you can pass
+ // nullptr for the property name, in which case we don't assign the property to the
+ // global object.
+ void setConstructor(PropertyName, JSObject* constructor);
+ void setConstructor(JSObject* constructor);
+
+ VM& vm;
+ JSGlobalObject* global;
+ LazyClassStructure& classStructure;
+ const StructureInitializer& structureInit;
+
+ // It's expected that you set these using the set methods above.
+ JSObject* prototype { nullptr };
+ Structure* structure { nullptr };
+ JSObject* constructor { nullptr };
+ };
+
+ LazyClassStructure()
+ {
+ }
+
+ template<typename Callback>
+ void initLater(const Callback&);
+
+ Structure* get(const JSGlobalObject* global) const
+ {
+ ASSERT(!isCompilationThread());
+ return m_structure.get(global);
+ }
+
+ JSObject* prototype(const JSGlobalObject* global) const
+ {
+ ASSERT(!isCompilationThread());
+ return get(global)->storedPrototypeObject();
+ }
+
+ // Almost as an afterthought, we also support getting the original constructor. This turns
+ // out to be important for ES6 support.
+ JSObject* constructor(const JSGlobalObject* global) const
+ {
+ ASSERT(!isCompilationThread());
+ m_structure.get(global);
+ return m_constructor.get();
+ }
+
+ Structure* getConcurrently() const
+ {
+ return m_structure.getConcurrently();
+ }
+
+ JSObject* prototypeConcurrently() const
+ {
+ if (Structure* structure = getConcurrently())
+ return structure->storedPrototypeObject();
+ return nullptr;
+ }
+
+ JSObject* constructorConcurrently() const
+ {
+ return m_constructor.get();
+ }
+
+ void visit(SlotVisitor&);
+
+ void dump(PrintStream&) const;
+
+private:
+ LazyProperty<JSGlobalObject, Structure> m_structure;
+ WriteBarrier<JSObject> m_constructor;
+};
+
+} // namespace JSC
+
+#endif // LazyClassStructure_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeLazyClassStructureInlinesh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/LazyClassStructureInlines.h (0 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/LazyClassStructureInlines.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/LazyClassStructureInlines.h 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -0,0 +1,50 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef LazyClassStructureInlines_h
+#define LazyClassStructureInlines_h
+
+#include "LazyClassStructure.h"
+#include "LazyPropertyInlines.h"
+
+namespace JSC {
+
+template<typename Callback>
+void LazyClassStructure::initLater(const Callback&)
+{
+ m_structure.initLater(
+ [] (const StructureInitializer& structureInit) {
+ ptrdiff_t offset = OBJECT_OFFSETOF(LazyClassStructure, m_structure);
+ LazyClassStructure* thisStructure = bitwise_cast<LazyClassStructure*>(
+ bitwise_cast<char*>(&structureInit.property) - offset);
+ Initializer init(structureInit.vm, structureInit.owner, *thisStructure, structureInit);
+ callStatelessLambda<void, Callback>(init);
+ });
+}
+
+} // namespace JSC
+
+#endif // LazyClassStructureInlines_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeLazyPropertyh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/LazyProperty.h (0 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/LazyProperty.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/LazyProperty.h 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -0,0 +1,118 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef LazyProperty_h
+#define LazyProperty_h
+
+#include "VM.h"
+
+namespace JSC {
+
+class JSCell;
+class SlotVisitor;
+class VM;
+
+// Note that if all you're doing is calling LazyProperty::get(), it's completely safe to bitcast
+// this LazyProperty<JSCell, JSCell>.
+template<typename OwnerType, typename ElementType>
+class LazyProperty {
+public:
+ struct Initializer {
+ Initializer(OwnerType* owner, LazyProperty& property)
+ : vm(*Heap::heap(owner)->vm())
+ , owner(owner)
+ , property(property)
+ {
+ }
+
+ void set(ElementType* value) const;
+
+ VM& vm;
+ OwnerType* owner;
+ LazyProperty& property;
+ };
+
+ LazyProperty()
+ {
+ }
+
+ // Tell the property to run the given callback next time someone tries to get the value
+ // using get(). The passed callback must be stateless. For example:
+ //
+ // property.initLater(
+ // [] (const LazyProperty<Foo, Bar>::Initializer& init) {
+ // init.set(...things...);
+ // });
+ //
+ // This method is always inlineable and should always compile to a store of a constant
+ // pointer no matter how complicated the callback is.
+ template<typename Func>
+ void initLater(const Func&);
+
+ // This lazily initializes the property. Note that this gracefully supports recursive calls.
+ // If this gets called while the property is being initialized, it will simply return null.
+ ElementType* get(const OwnerType* owner) const
+ {
+ ASSERT(!isCompilationThread());
+ if (UNLIKELY(m_pointer & lazyTag)) {
+ auto callFunc = bitwise_cast<ElementType* (*)(const Initializer&)>(m_pointer & ~lazyTag);
+ return callFunc(Initializer(const_cast<OwnerType*>(owner), *const_cast<LazyProperty*>(this)));
+ }
+ return bitwise_cast<ElementType*>(m_pointer);
+ }
+
+ ElementType* getConcurrently() const
+ {
+ uintptr_t pointer = m_pointer;
+ if (pointer & lazyTag)
+ return nullptr;
+ return bitwise_cast<ElementType*>(pointer);
+ }
+
+ void setMayBeNull(VM&, const OwnerType* owner, ElementType*);
+ void set(VM&, const OwnerType* owner, ElementType*);
+
+ void visit(SlotVisitor&);
+
+ void dump(PrintStream&) const;
+
+private:
+ template<typename Func>
+ static ElementType* callFunc(const Initializer&);
+
+ static const uintptr_t lazyTag = 1;
+ static const uintptr_t initializingTag = 2;
+
+ uintptr_t m_pointer { 0 };
+};
+
+// It's valid to bitcast any LazyProperty to LazyCellProperty if you're just going to call get()
+// or getConcurrently().
+typedef LazyProperty<JSCell, JSCell> LazyCellProperty;
+
+} // namespace JSC
+
+#endif // LazyProperty_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeLazyPropertyInlinesh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/LazyPropertyInlines.h (0 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/LazyPropertyInlines.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/LazyPropertyInlines.h 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -0,0 +1,102 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef LazyPropertyInlines_h
+#define LazyPropertyInlines_h
+
+#include "Heap.h"
+#include <wtf/StdLibExtras.h>
+
+namespace JSC {
+
+template<typename OwnerType, typename ElementType>
+void LazyProperty<OwnerType, ElementType>::Initializer::set(ElementType* value) const
+{
+ property.set(vm, owner, value);
+}
+
+template<typename OwnerType, typename ElementType>
+template<typename Func>
+void LazyProperty<OwnerType, ElementType>::initLater(const Func&)
+{
+ RELEASE_ASSERT(isStatelessLambda<Func>());
+ m_pointer = lazyTag | bitwise_cast<uintptr_t>(reinterpret_cast<void*>(callFunc<Func>));
+}
+
+template<typename OwnerType, typename ElementType>
+void LazyProperty<OwnerType, ElementType>::setMayBeNull(VM& vm, const OwnerType* owner, ElementType* value)
+{
+ vm.heap.writeBarrier(owner, value);
+ m_pointer = bitwise_cast<uintptr_t>(value);
+ RELEASE_ASSERT(!(m_pointer & lazyTag));
+}
+
+template<typename OwnerType, typename ElementType>
+void LazyProperty<OwnerType, ElementType>::set(VM& vm, const OwnerType* owner, ElementType* value)
+{
+ RELEASE_ASSERT(value);
+ setMayBeNull(vm, owner, value);
+}
+
+template<typename OwnerType, typename ElementType>
+void LazyProperty<OwnerType, ElementType>::visit(SlotVisitor& visitor)
+{
+ if (m_pointer && !(m_pointer & lazyTag))
+ visitor.appendUnbarrieredReadOnlyPointer(bitwise_cast<ElementType*>(m_pointer));
+}
+
+template<typename OwnerType, typename ElementType>
+void LazyProperty<OwnerType, ElementType>::dump(PrintStream& out) const
+{
+ if (!m_pointer) {
+ out.print("<null>");
+ return;
+ }
+ if (m_pointer & lazyTag) {
+ out.print("Lazy:", RawPointer(bitwise_cast<void*>(m_pointer & ~lazyTag)));
+ if (m_pointer & initializingTag)
+ out.print("(Initializing)");
+ return;
+ }
+ out.print(RawPointer(bitwise_cast<void*>(m_pointer)));
+}
+
+template<typename OwnerType, typename ElementType>
+template<typename Func>
+ElementType* LazyProperty<OwnerType, ElementType>::callFunc(const Initializer& initializer)
+{
+ if (initializer.property.m_pointer & initializingTag)
+ return nullptr;
+ initializer.property.m_pointer |= initializingTag;
+ callStatelessLambda<void, Func>(initializer);
+ RELEASE_ASSERT(!(initializer.property.m_pointer & lazyTag));
+ RELEASE_ASSERT(!(initializer.property.m_pointer & initializingTag));
+ return bitwise_cast<ElementType*>(initializer.property.m_pointer);
+}
+
+} // namespace JSC
+
+#endif // LazyPropertyInlines_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeLookupcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Lookup.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Lookup.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/Lookup.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008, 2012, 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008, 2012, 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * This library is free software; you can redistribute it and/or
</span><span class="cx"> * modify it under the terms of the GNU Lesser General Public
</span><span class="lines">@@ -45,7 +45,7 @@
</span><span class="cx"> bool setUpStaticFunctionSlot(ExecState* exec, const HashTableValue* entry, JSObject* thisObj, PropertyName propertyName, PropertySlot& slot)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(thisObj->globalObject());
</span><del>- ASSERT(entry->attributes() & BuiltinOrFunctionOrAccessor);
</del><ins>+ ASSERT(entry->attributes() & BuiltinOrFunctionOrAccessorOrLazyProperty);
</ins><span class="cx"> VM& vm = exec->vm();
</span><span class="cx"> unsigned attributes;
</span><span class="cx"> bool isAccessor = entry->attributes() & Accessor;
</span><span class="lines">@@ -63,13 +63,25 @@
</span><span class="cx"> thisObj->putDirectNativeFunction(
</span><span class="cx"> vm, thisObj->globalObject(), propertyName, entry->functionLength(),
</span><span class="cx"> entry->function(), entry->intrinsic(), attributesForStructure(entry->attributes()));
</span><del>- } else {
- ASSERT(isAccessor);
</del><ins>+ } else if (isAccessor)
</ins><span class="cx"> reifyStaticAccessor(vm, *entry, *thisObj, propertyName);
</span><del>- }
</del><ins>+ else if (entry->attributes() & CellProperty) {
+ LazyCellProperty* property = bitwise_cast<LazyCellProperty*>(
+ bitwise_cast<char*>(thisObj) + entry->lazyCellPropertyOffset());
+ JSCell* result = property->get(thisObj);
+ thisObj->putDirect(vm, propertyName, result, attributesForStructure(entry->attributes()));
+ } else if (entry->attributes() & ClassStructure) {
+ LazyClassStructure* structure = bitwise_cast<LazyClassStructure*>(
+ bitwise_cast<char*>(thisObj) + entry->lazyClassStructureOffset());
+ structure->get(jsCast<JSGlobalObject*>(thisObj));
+ } else if (entry->attributes() & PropertyCallback) {
+ JSValue result = entry->lazyPropertyCallback()(vm, thisObj);
+ thisObj->putDirect(vm, propertyName, result, attributesForStructure(entry->attributes()));
+ } else
+ RELEASE_ASSERT_NOT_REACHED();
</ins><span class="cx">
</span><span class="cx"> offset = thisObj->getDirectOffset(vm, propertyName, attributes);
</span><del>- ASSERT(isValidOffset(offset));
</del><ins>+ RELEASE_ASSERT(isValidOffset(offset));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (isAccessor)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeLookuph"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Lookup.h (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Lookup.h 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/Lookup.h 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,6 +1,6 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
</span><del>- * Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2003, 2006, 2007, 2008, 2009, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * This library is free software; you can redistribute it and/or
</span><span class="cx"> * modify it under the terms of the GNU Lesser General Public
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx"> #include "IdentifierInlines.h"
</span><span class="cx"> #include "Intrinsic.h"
</span><span class="cx"> #include "JSGlobalObject.h"
</span><ins>+#include "LazyProperty.h"
</ins><span class="cx"> #include "PropertySlot.h"
</span><span class="cx"> #include "PutPropertySlot.h"
</span><span class="cx"> #include "Reject.h"
</span><span class="lines">@@ -45,6 +46,7 @@
</span><span class="cx"> typedef PropertySlot::GetValueFunc GetFunction;
</span><span class="cx"> typedef PutPropertySlot::PutValueFunc PutFunction;
</span><span class="cx"> typedef FunctionExecutable* (*BuiltinGenerator)(VM&);
</span><ins>+typedef JSValue (*LazyPropertyCallback)(VM&, JSObject*);
</ins><span class="cx">
</span><span class="cx"> // Hash table generated by the create_hash_table script.
</span><span class="cx"> struct HashTableValue {
</span><span class="lines">@@ -74,8 +76,8 @@
</span><span class="cx"> NativeFunction function() const { ASSERT(m_attributes & Function); return reinterpret_cast<NativeFunction>(m_values.value1); }
</span><span class="cx"> unsigned char functionLength() const { ASSERT(m_attributes & Function); return static_cast<unsigned char>(m_values.value2); }
</span><span class="cx">
</span><del>- GetFunction propertyGetter() const { ASSERT(!(m_attributes & BuiltinOrFunctionOrAccessorOrConstant)); return reinterpret_cast<GetFunction>(m_values.value1); }
- PutFunction propertyPutter() const { ASSERT(!(m_attributes & BuiltinOrFunctionOrAccessorOrConstant)); return reinterpret_cast<PutFunction>(m_values.value2); }
</del><ins>+ GetFunction propertyGetter() const { ASSERT(!(m_attributes & BuiltinOrFunctionOrAccessorOrLazyPropertyOrConstant)); return reinterpret_cast<GetFunction>(m_values.value1); }
+ PutFunction propertyPutter() const { ASSERT(!(m_attributes & BuiltinOrFunctionOrAccessorOrLazyPropertyOrConstant)); return reinterpret_cast<PutFunction>(m_values.value2); }
</ins><span class="cx">
</span><span class="cx"> NativeFunction accessorGetter() const { ASSERT(m_attributes & Accessor); return reinterpret_cast<NativeFunction>(m_values.value1); }
</span><span class="cx"> NativeFunction accessorSetter() const { ASSERT(m_attributes & Accessor); return reinterpret_cast<NativeFunction>(m_values.value2); }
</span><span class="lines">@@ -85,6 +87,10 @@
</span><span class="cx"> long long constantInteger() const { ASSERT(m_attributes & ConstantInteger); return m_values.constant; }
</span><span class="cx">
</span><span class="cx"> intptr_t lexerValue() const { ASSERT(!m_attributes); return m_values.value1; }
</span><ins>+
+ ptrdiff_t lazyCellPropertyOffset() const { ASSERT(m_attributes & CellProperty); return m_values.value1; }
+ ptrdiff_t lazyClassStructureOffset() const { ASSERT(m_attributes & ClassStructure); return m_values.value1; }
+ LazyPropertyCallback lazyPropertyCallback() const { ASSERT(m_attributes & PropertyCallback); return reinterpret_cast<LazyPropertyCallback>(m_values.value1); }
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> struct HashTable {
</span><span class="lines">@@ -221,7 +227,7 @@
</span><span class="cx"> if (!entry)
</span><span class="cx"> return false;
</span><span class="cx">
</span><del>- if (entry->attributes() & BuiltinOrFunctionOrAccessor)
</del><ins>+ if (entry->attributes() & BuiltinOrFunctionOrAccessorOrLazyProperty)
</ins><span class="cx"> return setUpStaticFunctionSlot(exec, entry, thisObj, propertyName, slot);
</span><span class="cx">
</span><span class="cx"> if (entry->attributes() & ConstantInteger) {
</span><span class="lines">@@ -271,7 +277,7 @@
</span><span class="cx"> if (!entry)
</span><span class="cx"> return false;
</span><span class="cx">
</span><del>- ASSERT(!(entry->attributes() & BuiltinOrFunctionOrAccessor));
</del><ins>+ ASSERT(!(entry->attributes() & BuiltinOrFunctionOrAccessorOrLazyProperty));
</ins><span class="cx">
</span><span class="cx"> if (entry->attributes() & ConstantInteger) {
</span><span class="cx"> slot.setValue(thisObj, attributesForStructure(entry->attributes()), jsNumber(entry->constantInteger()));
</span><span class="lines">@@ -360,6 +366,27 @@
</span><span class="cx"> reifyStaticAccessor(vm, value, thisObj, propertyName);
</span><span class="cx"> return;
</span><span class="cx"> }
</span><ins>+
+ if (value.attributes() & CellProperty) {
+ LazyCellProperty* property = bitwise_cast<LazyCellProperty*>(
+ bitwise_cast<char*>(&thisObj) + value.lazyCellPropertyOffset());
+ JSCell* result = property->get(&thisObj);
+ thisObj.putDirect(vm, propertyName, result, attributesForStructure(value.attributes()));
+ return;
+ }
+
+ if (value.attributes() & ClassStructure) {
+ LazyClassStructure* structure = bitwise_cast<LazyClassStructure*>(
+ bitwise_cast<char*>(&thisObj) + value.lazyClassStructureOffset());
+ structure->get(jsCast<JSGlobalObject*>(&thisObj));
+ return;
+ }
+
+ if (value.attributes() & PropertyCallback) {
+ JSValue result = value.lazyPropertyCallback()(vm, &thisObj);
+ thisObj.putDirect(vm, propertyName, result, attributesForStructure(value.attributes()));
+ return;
+ }
</ins><span class="cx">
</span><span class="cx"> CustomGetterSetter* customGetterSetter = CustomGetterSetter::create(vm, value.propertyGetter(), value.propertyPutter());
</span><span class="cx"> thisObj.putDirectCustomAccessor(vm, propertyName, customGetterSetter, attributesForStructure(value.attributes()));
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimePropertySloth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/PropertySlot.h (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/PropertySlot.h 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/PropertySlot.h 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2005, 2007, 2008, 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2005, 2007, 2008, 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * This library is free software; you can redistribute it and/or
</span><span class="cx"> * modify it under the terms of the GNU Library General Public
</span><span class="lines">@@ -46,9 +46,12 @@
</span><span class="cx"> Function = 1 << 8, // property is a function - only used by static hashtables
</span><span class="cx"> Builtin = 1 << 9, // property is a builtin function - only used by static hashtables
</span><span class="cx"> ConstantInteger = 1 << 10, // property is a constant integer - only used by static hashtables
</span><ins>+ CellProperty = 1 << 11, // property is a lazy property - only used by static hashtables
+ ClassStructure = 1 << 12, // property is a lazy class structure - only used by static hashtables
+ PropertyCallback = 1 << 13, // property that is a lazy property callback - only used by static hashtables
</ins><span class="cx"> BuiltinOrFunction = Builtin | Function, // helper only used by static hashtables
</span><del>- BuiltinOrFunctionOrAccessor = Builtin | Function | Accessor, // helper only used by static hashtables
- BuiltinOrFunctionOrAccessorOrConstant = Builtin | Function | Accessor | ConstantInteger, // helper only used by static hashtables
</del><ins>+ BuiltinOrFunctionOrAccessorOrLazyProperty = Builtin | Function | Accessor | CellProperty | ClassStructure | PropertyCallback, // helper only used by static hashtables
+ BuiltinOrFunctionOrAccessorOrLazyPropertyOrConstant = Builtin | Function | Accessor | CellProperty | ClassStructure | PropertyCallback | ConstantInteger // helper only used by static hashtables
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> enum CacheabilityType : uint8_t {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeTypedArrayTypeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/TypedArrayType.h (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/TypedArrayType.h 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/JavaScriptCore/runtime/TypedArrayType.h 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -33,18 +33,34 @@
</span><span class="cx">
</span><span class="cx"> struct ClassInfo;
</span><span class="cx">
</span><ins>+#define FOR_EACH_TYPED_ARRAY_TYPE(macro) \
+ macro(Int8) \
+ macro(Uint8) \
+ macro(Uint8Clamped) \
+ macro(Int16) \
+ macro(Uint16) \
+ macro(Int32) \
+ macro(Uint32) \
+ macro(Float32) \
+ macro(Float64) \
+ macro(DataView)
+
+#define FOR_EACH_TYPED_ARRAY_TYPE_EXCLUDING_DATA_VIEW(macro) \
+ macro(Int8) \
+ macro(Uint8) \
+ macro(Uint8Clamped) \
+ macro(Int16) \
+ macro(Uint16) \
+ macro(Int32) \
+ macro(Uint32) \
+ macro(Float32) \
+ macro(Float64)
+
</ins><span class="cx"> enum TypedArrayType {
</span><span class="cx"> NotTypedArray,
</span><del>- TypeInt8,
- TypeUint8,
- TypeUint8Clamped,
- TypeInt16,
- TypeUint16,
- TypeInt32,
- TypeUint32,
- TypeFloat32,
- TypeFloat64,
- TypeDataView
</del><ins>+#define DECLARE_TYPED_ARRAY_TYPE(name) Type ## name,
+ FOR_EACH_TYPED_ARRAY_TYPE(DECLARE_TYPED_ARRAY_TYPE)
+#undef DECLARE_TYPED_ARRAY_TYPE
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> #define NUMBER_OF_TYPED_ARRAY_TYPES TypeDataView
</span></span></pre></div>
<a id="trunkSourceWTFChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/ChangeLog (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/ChangeLog 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/WTF/ChangeLog 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,3 +1,49 @@
</span><ins>+2016-05-03 Filip Pizlo <fpizlo@apple.com>
+
+ Speed up JSGlobalObject initialization by making some properties lazy
+ https://bugs.webkit.org/show_bug.cgi?id=157045
+
+ Reviewed by Keith Miller.
+
+ This WTF change is at the heart of a large JSC change. In JSC I found myself wanting to
+ do this a lot:
+
+ static void callback(Foo& foo) { ... }
+
+ foo.setCallback(callback);
+
+ But that's not very nice to write if many different setCallback() calls are inside of the
+ same very large function: you'll have to have a lot of static function definitions in
+ one part of the file, and then a bunch of setCallback() calls in another part. It's hard
+ to reason about what's going on with such code.
+
+ So what if you wrote this instead:
+
+ foo.setCallback([] (Foo& foo) { ... });
+
+ Much nicer! There is a standard way to do this: lambdas that are stateless are
+ convertible to function pointers. This change also offers another approach that is a bit
+ more general.
+
+ These additions to WTF help you do it:
+
+ isStatelessLambda<Func>(): tells you if Func is a stateless lambda. This uses is_empty to
+ test if the lambda is stateless. This turns out to be a stronger property than
+ convertibility to function pointers. For example, a function pointer is convertible to a
+ function pointer, but it is definitely stateful: you cannot successfully call it if you
+ only has its type. On the other hand, a stateless lambda is really stateless in the sense
+ that you only need its type to call it.
+
+ callStatelessLambda<ResultType, Func>(Arguments&&...): calls the given stateless lambda.
+
+ JSC uses these to build up some sophisticated lazy-initialization APIs. The use of
+ statelessness allows JSC to combine a lambda with other logic into a single function
+ pointer.
+
+ * wtf/StdLibExtras.h:
+ (WTF::isStatelessLambda):
+ (WTF::callStatelessLambda):
+
</ins><span class="cx"> 2016-05-03 Per Arne Vollan <peavo@outlook.com>
</span><span class="cx">
</span><span class="cx"> [Win] Remove Windows XP Compatibility Requirements
</span></span></pre></div>
<a id="trunkSourceWTFwtfStdLibExtrash"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/wtf/StdLibExtras.h (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/wtf/StdLibExtras.h 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/WTF/wtf/StdLibExtras.h 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008 Apple Inc. All Rights Reserved.
</del><ins>+ * Copyright (C) 2008, 2016 Apple Inc. All Rights Reserved.
</ins><span class="cx"> * Copyright (C) 2013 Patrick Gansterer <paroga@paroga.com>
</span><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx">
</span><span class="cx"> #include <chrono>
</span><span class="cx"> #include <memory>
</span><ins>+#include <string.h>
</ins><span class="cx"> #include <wtf/Assertions.h>
</span><span class="cx"> #include <wtf/CheckedArithmetic.h>
</span><span class="cx">
</span><span class="lines">@@ -284,6 +285,20 @@
</span><span class="cx"> // https://bugs.webkit.org/show_bug.cgi?id=131815
</span><span class="cx"> WTF_EXPORT_PRIVATE bool isCompilationThread();
</span><span class="cx">
</span><ins>+template<typename Func>
+bool isStatelessLambda()
+{
+ return std::is_empty<Func>::value;
+}
+
+template<typename ResultType, typename Func, typename... ArgumentTypes>
+ResultType callStatelessLambda(ArgumentTypes&&... arguments)
+{
+ uint64_t data[(sizeof(Func) + sizeof(uint64_t) - 1) / sizeof(uint64_t)];
+ memset(data, 0, sizeof(data));
+ return (*bitwise_cast<Func*>(data))(std::forward<ArgumentTypes>(arguments)...);
+}
+
</ins><span class="cx"> } // namespace WTF
</span><span class="cx">
</span><span class="cx"> // This version of placement new omits a 0 check.
</span><span class="lines">@@ -403,6 +418,8 @@
</span><span class="cx"> using WTF::approximateBinarySearch;
</span><span class="cx"> using WTF::bitwise_cast;
</span><span class="cx"> using WTF::safeCast;
</span><ins>+using WTF::isStatelessLambda;
+using WTF::callStatelessLambda;
</ins><span class="cx">
</span><span class="cx"> #if COMPILER_SUPPORTS(CXX_USER_LITERALS)
</span><span class="cx"> // We normally don't want to bring in entire std namespaces, but literals are an exception.
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/WebCore/ChangeLog 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,3 +1,20 @@
</span><ins>+2016-05-03 Filip Pizlo <fpizlo@apple.com>
+
+ Speed up JSGlobalObject initialization by making some properties lazy
+ https://bugs.webkit.org/show_bug.cgi?id=157045
+
+ Reviewed by Keith Miller.
+
+ No new tests because no change in behavior.
+
+ This adapts JSHTMLElementCustom.cpp to the new JSWithScope API. Note that this revealed
+ that this was using a curious choice of global object, which may not be right. I decided
+ to do a very literal refactoring that exactly preserves what this code got before, but I
+ added a FIXME to reconsider this later.
+
+ * bindings/js/JSHTMLElementCustom.cpp:
+ (WebCore::JSHTMLElement::pushEventHandlerScope):
+
</ins><span class="cx"> 2016-05-03 Per Arne Vollan <peavo@outlook.com>
</span><span class="cx">
</span><span class="cx"> [Win] Remove Windows XP Compatibility Requirements
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSHTMLElementCustomcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSHTMLElementCustom.cpp (200382 => 200383)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSHTMLElementCustom.cpp 2016-05-03 18:22:18 UTC (rev 200382)
+++ trunk/Source/WebCore/bindings/js/JSHTMLElementCustom.cpp 2016-05-03 18:36:34 UTC (rev 200383)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2007 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2007, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -101,14 +101,21 @@
</span><span class="cx"> HTMLElement& element = wrapped();
</span><span class="cx">
</span><span class="cx"> // The document is put on first, fall back to searching it only after the element and form.
</span><del>- scope = JSWithScope::create(exec, asObject(toJS(exec, globalObject(), &element.document())), scope);
</del><ins>+ // FIXME: This probably may use the wrong global object. If this is called from a native
+ // function, then it would be correct but not optimal since the native function would *know*
+ // the global object. But, it may be that globalObject() is more correct.
+ // https://bugs.webkit.org/show_bug.cgi?id=134932
+ VM& vm = exec->vm();
+ JSGlobalObject* lexicalGlobalObject = exec->lexicalGlobalObject();
+
+ scope = JSWithScope::create(vm, lexicalGlobalObject, asObject(toJS(exec, globalObject(), &element.document())), scope);
</ins><span class="cx">
</span><span class="cx"> // The form is next, searched before the document, but after the element itself.
</span><span class="cx"> if (HTMLFormElement* form = element.form())
</span><del>- scope = JSWithScope::create(exec, asObject(toJS(exec, globalObject(), form)), scope);
</del><ins>+ scope = JSWithScope::create(vm, lexicalGlobalObject, asObject(toJS(exec, globalObject(), form)), scope);
</ins><span class="cx">
</span><span class="cx"> // The element is on top, searched first.
</span><del>- return JSWithScope::create(exec, asObject(toJS(exec, globalObject(), &element)), scope);
</del><ins>+ return JSWithScope::create(vm, lexicalGlobalObject, asObject(toJS(exec, globalObject(), &element)), scope);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace WebCore
</span></span></pre>
</div>
</div>
</body>
</html>