#include "config.h"
#include "Structure.h"
#include "BuiltinNames.h"
#include "CodeBlock.h"
#include "DumpContext.h"
#include "JSCInlines.h"
#include "JSObject.h"
#include "JSPropertyNameEnumerator.h"
#include "Lookup.h"
#include "PropertyMapHashTable.h"
#include "PropertyNameArray.h"
#include "StructureChain.h"
#include "StructureRareDataInlines.h"
#include "WeakGCMapInlines.h"
#include <wtf/CommaPrinter.h>
#include <wtf/NeverDestroyed.h>
#include <wtf/ProcessID.h>
#include <wtf/RefPtr.h>
#include <wtf/Threading.h>
#define DUMP_STRUCTURE_ID_STATISTICS 0
using namespace std;
using namespace WTF;
namespace JSC {
#if DUMP_STRUCTURE_ID_STATISTICS
static HashSet<Structure*>& liveStructureSet = *(new HashSet<Structure*>);
#endif
class SingleSlotTransitionWeakOwner final : public WeakHandleOwner {
void finalize(Handle<Unknown>, void* context) override
{
StructureTransitionTable* table = reinterpret_cast<StructureTransitionTable*>(context);
ASSERT(table->isUsingSingleSlot());
WeakSet::deallocate(table->weakImpl());
table->m_data = StructureTransitionTable::UsingSingleSlotFlag;
}
};
static SingleSlotTransitionWeakOwner& singleSlotTransitionWeakOwner()
{
static NeverDestroyed<SingleSlotTransitionWeakOwner> owner;
return owner;
}
inline Structure* StructureTransitionTable::singleTransition() const
{
ASSERT(isUsingSingleSlot());
if (WeakImpl* impl = this->weakImpl()) {
if (impl->state() == WeakImpl::Live)
return jsCast<Structure*>(impl->jsValue().asCell());
}
return nullptr;
}
inline void StructureTransitionTable::setSingleTransition(Structure* structure)
{
ASSERT(isUsingSingleSlot());
if (WeakImpl* impl = this->weakImpl())
WeakSet::deallocate(impl);
WeakImpl* impl = WeakSet::allocate(structure, &singleSlotTransitionWeakOwner(), this);
m_data = PoisonedWeakImplPtr(impl).bits() | UsingSingleSlotFlag;
}
bool StructureTransitionTable::contains(UniquedStringImpl* rep, unsigned attributes) const
{
if (isUsingSingleSlot()) {
Structure* transition = singleTransition();
return transition && transition->m_nameInPrevious == rep && transition->attributesInPrevious() == attributes;
}
return map()->get(std::make_pair(rep, attributes));
}
inline Structure* StructureTransitionTable::get(UniquedStringImpl* rep, unsigned attributes) const
{
if (isUsingSingleSlot()) {
Structure* transition = singleTransition();
return (transition && transition->m_nameInPrevious == rep && transition->attributesInPrevious() == attributes) ? transition : 0;
}
return map()->get(std::make_pair(rep, attributes));
}
void StructureTransitionTable::add(VM& vm, Structure* structure)
{
if (isUsingSingleSlot()) {
Structure* existingTransition = singleTransition();
if (!existingTransition) {
setSingleTransition(structure);
return;
}
setMap(new TransitionMap(vm));
add(vm, existingTransition);
}
map()->set(std::make_pair(structure->m_nameInPrevious.get(), +structure->attributesInPrevious()), structure);
}
void Structure::dumpStatistics()
{
#if DUMP_STRUCTURE_ID_STATISTICS
unsigned numberLeaf = 0;
unsigned numberUsingSingleSlot = 0;
unsigned numberSingletons = 0;
unsigned numberWithPropertyMaps = 0;
unsigned totalPropertyMapsSize = 0;
HashSet<Structure*>::const_iterator end = liveStructureSet.end();
for (HashSet<Structure*>::const_iterator it = liveStructureSet.begin(); it != end; ++it) {
Structure* structure = *it;
switch (structure->m_transitionTable.size()) {
case 0:
++numberLeaf;
if (!structure->previousID())
++numberSingletons;
break;
case 1:
++numberUsingSingleSlot;
break;
}
if (PropertyTable* table = structure->propertyTableOrNull()) {
++numberWithPropertyMaps;
totalPropertyMapsSize += table->sizeInMemory();
}
}
dataLogF("Number of live Structures: %d\n", liveStructureSet.size());
dataLogF("Number of Structures using the single item optimization for transition map: %d\n", numberUsingSingleSlot);
dataLogF("Number of Structures that are leaf nodes: %d\n", numberLeaf);
dataLogF("Number of Structures that singletons: %d\n", numberSingletons);
dataLogF("Number of Structures with PropertyMaps: %d\n", numberWithPropertyMaps);
dataLogF("Size of a single Structures: %d\n", static_cast<unsigned>(sizeof(Structure)));
dataLogF("Size of sum of all property maps: %d\n", totalPropertyMapsSize);
dataLogF("Size of average of all property maps: %f\n", static_cast<double>(totalPropertyMapsSize) / static_cast<double>(liveStructureSet.size()));
#else
dataLogF("Dumping Structure statistics is not enabled.\n");
#endif
}
Structure::Structure(VM& vm, JSGlobalObject* globalObject, JSValue prototype, const TypeInfo& typeInfo, const ClassInfo* classInfo, IndexingType indexingType, unsigned inlineCapacity)
: JSCell(vm, vm.structureStructure.get())
, m_blob(vm.heap.structureIDTable().allocateID(this), indexingType, typeInfo)
, m_outOfLineTypeFlags(typeInfo.outOfLineTypeFlags())
, m_inlineCapacity(inlineCapacity)
, m_bitField(0)
, m_globalObject(vm, this, globalObject, WriteBarrier<JSGlobalObject>::MayBeNull)
, m_prototype(vm, this, prototype)
, m_classInfo(classInfo)
, m_transitionWatchpointSet(IsWatched)
, m_offset(invalidOffset)
, m_propertyHash(0)
{
setDictionaryKind(NoneDictionaryKind);
setIsPinnedPropertyTable(false);
setHasGetterSetterProperties(classInfo->hasStaticSetterOrReadonlyProperties());
setHasCustomGetterSetterProperties(false);
setHasReadOnlyOrGetterSetterPropertiesExcludingProto(classInfo->hasStaticSetterOrReadonlyProperties());
setIsQuickPropertyAccessAllowedForEnumeration(true);
setAttributesInPrevious(0);
setDidPreventExtensions(false);
setDidTransition(false);
setStaticPropertiesReified(false);
setTransitionWatchpointIsLikelyToBeFired(false);
setHasBeenDictionary(false);
setIsAddingPropertyForTransition(false);
ASSERT(inlineCapacity <= JSFinalObject::maxInlineCapacity());
ASSERT(static_cast<PropertyOffset>(inlineCapacity) < firstOutOfLineOffset);
ASSERT(!hasRareData());
ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
ASSERT(hasGetterSetterProperties() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
}
const ClassInfo Structure::s_info = { "Structure", nullptr, nullptr, nullptr, CREATE_METHOD_TABLE(Structure) };
Structure::Structure(VM& vm)
: JSCell(CreatingEarlyCell)
, m_inlineCapacity(0)
, m_bitField(0)
, m_prototype(vm, this, jsNull())
, m_classInfo(info())
, m_transitionWatchpointSet(IsWatched)
, m_offset(invalidOffset)
, m_propertyHash(0)
{
setDictionaryKind(NoneDictionaryKind);
setIsPinnedPropertyTable(false);
setHasGetterSetterProperties(m_classInfo->hasStaticSetterOrReadonlyProperties());
setHasCustomGetterSetterProperties(false);
setHasReadOnlyOrGetterSetterPropertiesExcludingProto(m_classInfo->hasStaticSetterOrReadonlyProperties());
setIsQuickPropertyAccessAllowedForEnumeration(true);
setAttributesInPrevious(0);
setDidPreventExtensions(false);
setDidTransition(false);
setStaticPropertiesReified(false);
setTransitionWatchpointIsLikelyToBeFired(false);
setHasBeenDictionary(false);
setIsAddingPropertyForTransition(false);
TypeInfo typeInfo = TypeInfo(CellType, StructureFlags);
m_blob = StructureIDBlob(vm.heap.structureIDTable().allocateID(this), 0, typeInfo);
m_outOfLineTypeFlags = typeInfo.outOfLineTypeFlags();
ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
ASSERT(hasGetterSetterProperties() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
}
Structure::Structure(VM& vm, Structure* previous, DeferredStructureTransitionWatchpointFire* deferred)
: JSCell(vm, vm.structureStructure.get())
, m_inlineCapacity(previous->m_inlineCapacity)
, m_bitField(0)
, m_prototype(vm, this, previous->m_prototype.get())
, m_classInfo(previous->m_classInfo)
, m_transitionWatchpointSet(IsWatched)
, m_offset(invalidOffset)
, m_propertyHash(previous->m_propertyHash)
{
setDictionaryKind(previous->dictionaryKind());
setIsPinnedPropertyTable(false);
setHasBeenFlattenedBefore(previous->hasBeenFlattenedBefore());
setHasGetterSetterProperties(previous->hasGetterSetterProperties());
setHasCustomGetterSetterProperties(previous->hasCustomGetterSetterProperties());
setHasReadOnlyOrGetterSetterPropertiesExcludingProto(previous->hasReadOnlyOrGetterSetterPropertiesExcludingProto());
setIsQuickPropertyAccessAllowedForEnumeration(previous->isQuickPropertyAccessAllowedForEnumeration());
setAttributesInPrevious(0);
setDidPreventExtensions(previous->didPreventExtensions());
setDidTransition(true);
setStaticPropertiesReified(previous->staticPropertiesReified());
setHasBeenDictionary(previous->hasBeenDictionary());
setIsAddingPropertyForTransition(false);
TypeInfo typeInfo = previous->typeInfo();
m_blob = StructureIDBlob(vm.heap.structureIDTable().allocateID(this), previous->indexingTypeIncludingHistory(), typeInfo);
m_outOfLineTypeFlags = typeInfo.outOfLineTypeFlags();
ASSERT(!previous->typeInfo().structureIsImmortal());
setPreviousID(vm, previous);
previous->didTransitionFromThisStructure(deferred);
setTransitionWatchpointIsLikelyToBeFired(previous->transitionWatchpointIsLikelyToBeFired());
if (previous->m_globalObject)
m_globalObject.set(vm, this, previous->m_globalObject.get());
ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
ASSERT(hasGetterSetterProperties() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
}
Structure::~Structure()
{
if (typeInfo().structureIsImmortal())
return;
Heap::heap(this)->structureIDTable().deallocateID(this, m_blob.structureID());
}
void Structure::destroy(JSCell* cell)
{
static_cast<Structure*>(cell)->Structure::~Structure();
}
Structure* Structure::create(PolyProtoTag, VM& vm, JSGlobalObject* globalObject, JSObject* prototype, const TypeInfo& typeInfo, const ClassInfo* classInfo, IndexingType indexingType, unsigned inlineCapacity)
{
Structure* result = create(vm, globalObject, prototype, typeInfo, classInfo, indexingType, inlineCapacity);
unsigned oldOutOfLineCapacity = result->outOfLineCapacity();
result->addPropertyWithoutTransition(
vm, vm.propertyNames->builtinNames().underscoreProtoPrivateName(), static_cast<unsigned>(PropertyAttribute::DontEnum),
[&] (const GCSafeConcurrentJSLocker&, PropertyOffset offset, PropertyOffset newLastOffset) {
RELEASE_ASSERT(Structure::outOfLineCapacity(newLastOffset) == oldOutOfLineCapacity);
RELEASE_ASSERT(offset == knownPolyProtoOffset);
RELEASE_ASSERT(isInlineOffset(knownPolyProtoOffset));
result->m_prototype.setWithoutWriteBarrier(JSValue());
result->setLastOffset(newLastOffset);
});
return result;
}
void Structure::findStructuresAndMapForMaterialization(Vector<Structure*, 8>& structures, Structure*& structure, PropertyTable*& table)
{
ASSERT(structures.isEmpty());
table = 0;
for (structure = this; structure; structure = structure->previousID()) {
structure->m_lock.lock();
table = structure->propertyTableOrNull();
if (table) {
return;
}
structures.append(structure);
structure->m_lock.unlock();
}
ASSERT(!structure);
ASSERT(!table);
}
PropertyTable* Structure::materializePropertyTable(VM& vm, bool setPropertyTable)
{
ASSERT(structure()->classInfo() == info());
ASSERT(!isAddingPropertyForTransition());
DeferGC deferGC(vm.heap);
Vector<Structure*, 8> structures;
Structure* structure;
PropertyTable* table;
findStructuresAndMapForMaterialization(structures, structure, table);
unsigned capacity = numberOfSlotsForLastOffset(m_offset, m_inlineCapacity);
if (table) {
table = table->copy(vm, capacity);
structure->m_lock.unlock();
} else
table = PropertyTable::create(vm, capacity);
GCSafeConcurrentJSLocker locker(m_lock, vm.heap);
if (setPropertyTable)
this->setPropertyTable(vm, table);
InferredTypeTable* typeTable = m_inferredTypeTable.get();
for (size_t i = structures.size(); i--;) {
structure = structures[i];
if (!structure->m_nameInPrevious)
continue;
PropertyMapEntry entry(structure->m_nameInPrevious.get(), structure->m_offset, structure->attributesInPrevious());
if (typeTable && typeTable->get(structure->m_nameInPrevious.get()))
entry.hasInferredType = true;
table->add(entry, m_offset, PropertyTable::PropertyOffsetMustNotChange);
}
checkOffsetConsistency(
table,
[&] () {
dataLog("Detected in materializePropertyTable.\n");
dataLog("Found structure = ", RawPointer(structure), "\n");
dataLog("structures = ");
CommaPrinter comma;
for (Structure* structure : structures)
dataLog(comma, RawPointer(structure));
dataLog("\n");
});
return table;
}
Structure* Structure::addPropertyTransitionToExistingStructureImpl(Structure* structure, UniquedStringImpl* uid, unsigned attributes, PropertyOffset& offset)
{
ASSERT(!structure->isDictionary());
ASSERT(structure->isObject());
if (Structure* existingTransition = structure->m_transitionTable.get(uid, attributes)) {
validateOffset(existingTransition->m_offset, existingTransition->inlineCapacity());
offset = existingTransition->m_offset;
return existingTransition;
}
return 0;
}
Structure* Structure::addPropertyTransitionToExistingStructure(Structure* structure, PropertyName propertyName, unsigned attributes, PropertyOffset& offset)
{
ASSERT(!isCompilationThread());
return addPropertyTransitionToExistingStructureImpl(structure, propertyName.uid(), attributes, offset);
}
Structure* Structure::addPropertyTransitionToExistingStructureConcurrently(Structure* structure, UniquedStringImpl* uid, unsigned attributes, PropertyOffset& offset)
{
ConcurrentJSLocker locker(structure->m_lock);
return addPropertyTransitionToExistingStructureImpl(structure, uid, attributes, offset);
}
bool Structure::holesMustForwardToPrototype(VM& vm, JSObject* base) const
{
ASSERT(base->structure(vm) == this);
if (this->mayInterceptIndexedAccesses())
return true;
JSValue prototype = this->storedPrototype(base);
if (!prototype.isObject())
return false;
JSObject* object = asObject(prototype);
while (true) {
Structure& structure = *object->structure(vm);
if (hasIndexedProperties(object->indexingType()) || structure.mayInterceptIndexedAccesses())
return true;
prototype = structure.storedPrototype(object);
if (!prototype.isObject())
return false;
object = asObject(prototype);
}
RELEASE_ASSERT_NOT_REACHED();
return false;
}
Structure* Structure::addPropertyTransition(VM& vm, Structure* structure, PropertyName propertyName, unsigned attributes, PropertyOffset& offset)
{
Structure* newStructure = addPropertyTransitionToExistingStructure(
structure, propertyName, attributes, offset);
if (newStructure)
return newStructure;
return addNewPropertyTransition(
vm, structure, propertyName, attributes, offset, PutPropertySlot::UnknownContext);
}
Structure* Structure::addNewPropertyTransition(VM& vm, Structure* structure, PropertyName propertyName, unsigned attributes, PropertyOffset& offset, PutPropertySlot::Context context, DeferredStructureTransitionWatchpointFire* deferred)
{
ASSERT(!structure->isDictionary());
ASSERT(structure->isObject());
ASSERT(!Structure::addPropertyTransitionToExistingStructure(structure, propertyName, attributes, offset));
int maxTransitionLength;
if (context == PutPropertySlot::PutById)
maxTransitionLength = s_maxTransitionLengthForNonEvalPutById;
else
maxTransitionLength = s_maxTransitionLength;
if (structure->transitionCount() > maxTransitionLength) {
Structure* transition = toCacheableDictionaryTransition(vm, structure, deferred);
ASSERT(structure != transition);
offset = transition->add(vm, propertyName, attributes);
return transition;
}
Structure* transition = create(vm, structure, deferred);
transition->m_cachedPrototypeChain.setMayBeNull(vm, transition, structure->m_cachedPrototypeChain.get());
{
ConcurrentJSLocker locker(transition->m_lock);
transition->setIsAddingPropertyForTransition(true);
}
transition->m_nameInPrevious = propertyName.uid();
transition->setAttributesInPrevious(attributes);
transition->setPropertyTable(vm, structure->takePropertyTableOrCloneIfPinned(vm));
transition->m_offset = structure->m_offset;
transition->m_inferredTypeTable.setMayBeNull(vm, transition, structure->m_inferredTypeTable.get());
offset = transition->add(vm, propertyName, attributes);
WTF::storeStoreFence();
transition->setIsAddingPropertyForTransition(false);
checkOffset(transition->m_offset, transition->inlineCapacity());
{
ConcurrentJSLocker locker(structure->m_lock);
structure->m_transitionTable.add(vm, transition);
}
transition->checkOffsetConsistency();
structure->checkOffsetConsistency();
return transition;
}
Structure* Structure::removePropertyTransition(VM& vm, Structure* structure, PropertyName propertyName, PropertyOffset& offset)
{
ASSERT(!structure->isUncacheableDictionary());
Structure* transition = toUncacheableDictionaryTransition(vm, structure);
offset = transition->remove(propertyName);
transition->checkOffsetConsistency();
return transition;
}
Structure* Structure::changePrototypeTransition(VM& vm, Structure* structure, JSValue prototype, DeferredStructureTransitionWatchpointFire& deferred)
{
ASSERT(prototype.isObject() || prototype.isNull());
DeferGC deferGC(vm.heap);
Structure* transition = create(vm, structure, &deferred);
transition->m_prototype.set(vm, transition, prototype);
PropertyTable* table = structure->copyPropertyTableForPinning(vm);
transition->pin(holdLock(transition->m_lock), vm, table);
transition->m_offset = structure->m_offset;
transition->checkOffsetConsistency();
return transition;
}
Structure* Structure::attributeChangeTransition(VM& vm, Structure* structure, PropertyName propertyName, unsigned attributes)
{
if (!structure->isUncacheableDictionary()) {
Structure* transition = create(vm, structure);
PropertyTable* table = structure->copyPropertyTableForPinning(vm);
transition->pin(holdLock(transition->m_lock), vm, table);
transition->m_offset = structure->m_offset;
structure = transition;
}
PropertyMapEntry* entry = structure->ensurePropertyTable(vm)->get(propertyName.uid());
ASSERT(entry);
entry->attributes = attributes;
structure->checkOffsetConsistency();
return structure;
}
Structure* Structure::toDictionaryTransition(VM& vm, Structure* structure, DictionaryKind kind, DeferredStructureTransitionWatchpointFire* deferred)
{
ASSERT(!structure->isUncacheableDictionary());
DeferGC deferGC(vm.heap);
Structure* transition = create(vm, structure, deferred);
PropertyTable* table = structure->copyPropertyTableForPinning(vm);
transition->pin(holdLock(transition->m_lock), vm, table);
transition->m_offset = structure->m_offset;
transition->setDictionaryKind(kind);
transition->setHasBeenDictionary(true);
transition->checkOffsetConsistency();
return transition;
}
Structure* Structure::toCacheableDictionaryTransition(VM& vm, Structure* structure, DeferredStructureTransitionWatchpointFire* deferred)
{
return toDictionaryTransition(vm, structure, CachedDictionaryKind, deferred);
}
Structure* Structure::toUncacheableDictionaryTransition(VM& vm, Structure* structure)
{
return toDictionaryTransition(vm, structure, UncachedDictionaryKind);
}
Structure* Structure::sealTransition(VM& vm, Structure* structure)
{
return nonPropertyTransition(vm, structure, NonPropertyTransition::Seal);
}
Structure* Structure::freezeTransition(VM& vm, Structure* structure)
{
return nonPropertyTransition(vm, structure, NonPropertyTransition::Freeze);
}
Structure* Structure::preventExtensionsTransition(VM& vm, Structure* structure)
{
return nonPropertyTransition(vm, structure, NonPropertyTransition::PreventExtensions);
}
PropertyTable* Structure::takePropertyTableOrCloneIfPinned(VM& vm)
{
PropertyTable* result = propertyTableOrNull();
if (result) {
if (isPinnedPropertyTable())
return result->copy(vm, result->size() + 1);
ConcurrentJSLocker locker(m_lock);
setPropertyTable(vm, nullptr);
return result;
}
bool setPropertyTable = false;
return materializePropertyTable(vm, setPropertyTable);
}
Structure* Structure::nonPropertyTransition(VM& vm, Structure* structure, NonPropertyTransition transitionKind)
{
unsigned attributes = toAttributes(transitionKind);
IndexingType indexingTypeIncludingHistory = newIndexingType(structure->indexingTypeIncludingHistory(), transitionKind);
if (changesIndexingType(transitionKind)) {
if (JSGlobalObject* globalObject = structure->m_globalObject.get()) {
if (globalObject->isOriginalArrayStructure(structure)) {
Structure* result = globalObject->originalArrayStructureForIndexingType(indexingTypeIncludingHistory);
if (result->indexingTypeIncludingHistory() == indexingTypeIncludingHistory) {
structure->didTransitionFromThisStructure();
return result;
}
}
}
}
Structure* existingTransition;
if (!structure->isDictionary() && (existingTransition = structure->m_transitionTable.get(0, attributes))) {
ASSERT(existingTransition->attributesInPrevious() == attributes);
ASSERT(existingTransition->indexingTypeIncludingHistory() == indexingTypeIncludingHistory);
return existingTransition;
}
DeferGC deferGC(vm.heap);
Structure* transition = create(vm, structure);
transition->setAttributesInPrevious(attributes);
transition->m_blob.setIndexingTypeIncludingHistory(indexingTypeIncludingHistory);
if (preventsExtensions(transitionKind))
transition->setDidPreventExtensions(true);
if (setsDontDeleteOnAllProperties(transitionKind)
|| setsReadOnlyOnNonAccessorProperties(transitionKind)) {
PropertyTable* table = structure->copyPropertyTableForPinning(vm);
transition->pinForCaching(holdLock(transition->m_lock), vm, table);
transition->m_offset = structure->m_offset;
table = transition->propertyTableOrNull();
RELEASE_ASSERT(table);
for (auto& entry : *table) {
if (setsDontDeleteOnAllProperties(transitionKind))
entry.attributes |= static_cast<unsigned>(PropertyAttribute::DontDelete);
if (setsReadOnlyOnNonAccessorProperties(transitionKind) && !(entry.attributes & PropertyAttribute::Accessor))
entry.attributes |= static_cast<unsigned>(PropertyAttribute::ReadOnly);
}
} else {
transition->setPropertyTable(vm, structure->takePropertyTableOrCloneIfPinned(vm));
transition->m_offset = structure->m_offset;
checkOffset(transition->m_offset, transition->inlineCapacity());
}
if (setsReadOnlyOnNonAccessorProperties(transitionKind)
&& !transition->propertyTableOrNull()->isEmpty())
transition->setHasReadOnlyOrGetterSetterPropertiesExcludingProto(true);
if (structure->isDictionary()) {
PropertyTable* table = transition->ensurePropertyTable(vm);
transition->pin(holdLock(transition->m_lock), vm, table);
} else {
auto locker = holdLock(structure->m_lock);
structure->m_transitionTable.add(vm, transition);
}
transition->checkOffsetConsistency();
return transition;
}
bool Structure::isSealed(VM& vm)
{
if (isStructureExtensible())
return false;
PropertyTable* table = ensurePropertyTableIfNotEmpty(vm);
if (!table)
return true;
PropertyTable::iterator end = table->end();
for (PropertyTable::iterator iter = table->begin(); iter != end; ++iter) {
if ((iter->attributes & PropertyAttribute::DontDelete) != static_cast<unsigned>(PropertyAttribute::DontDelete))
return false;
}
return true;
}
bool Structure::isFrozen(VM& vm)
{
if (isStructureExtensible())
return false;
PropertyTable* table = ensurePropertyTableIfNotEmpty(vm);
if (!table)
return true;
PropertyTable::iterator end = table->end();
for (PropertyTable::iterator iter = table->begin(); iter != end; ++iter) {
if (!(iter->attributes & PropertyAttribute::DontDelete))
return false;
if (!(iter->attributes & (PropertyAttribute::ReadOnly | PropertyAttribute::Accessor)))
return false;
}
return true;
}
Structure* Structure::flattenDictionaryStructure(VM& vm, JSObject* object)
{
checkOffsetConsistency();
ASSERT(isDictionary());
GCSafeConcurrentJSLocker locker(m_lock, vm.heap);
object->setStructureIDDirectly(nuke(id()));
WTF::storeStoreFence();
size_t beforeOutOfLineCapacity = this->outOfLineCapacity();
if (isUncacheableDictionary()) {
PropertyTable* table = propertyTableOrNull();
ASSERT(table);
size_t propertyCount = table->size();
Vector<JSValue> values(propertyCount);
unsigned i = 0;
PropertyTable::iterator end = table->end();
m_offset = invalidOffset;
for (PropertyTable::iterator iter = table->begin(); iter != end; ++iter, ++i) {
values[i] = object->getDirect(iter->offset);
m_offset = iter->offset = offsetForPropertyNumber(i, m_inlineCapacity);
}
for (unsigned i = 0; i < propertyCount; i++)
object->putDirect(vm, offsetForPropertyNumber(i, m_inlineCapacity), values[i]);
table->clearDeletedOffsets();
checkOffsetConsistency();
}
setDictionaryKind(NoneDictionaryKind);
setHasBeenFlattenedBefore(true);
size_t afterOutOfLineCapacity = this->outOfLineCapacity();
if (object->butterfly() && beforeOutOfLineCapacity != afterOutOfLineCapacity) {
ASSERT(beforeOutOfLineCapacity > afterOutOfLineCapacity);
if (!afterOutOfLineCapacity && !this->hasIndexingHeader(object))
object->setButterflyWithIndexingMask(vm, nullptr, 0);
else
object->shiftButterflyAfterFlattening(locker, vm, this, afterOutOfLineCapacity);
}
WTF::storeStoreFence();
object->setStructureIDDirectly(id());
vm.heap.writeBarrier(object);
return this;
}
void Structure::pin(const AbstractLocker&, VM& vm, PropertyTable* table)
{
setIsPinnedPropertyTable(true);
setPropertyTable(vm, table);
clearPreviousID();
m_nameInPrevious = nullptr;
}
void Structure::pinForCaching(const AbstractLocker&, VM& vm, PropertyTable* table)
{
setIsPinnedPropertyTable(true);
setPropertyTable(vm, table);
m_nameInPrevious = nullptr;
}
void Structure::allocateRareData(VM& vm)
{
ASSERT(!hasRareData());
StructureRareData* rareData = StructureRareData::create(vm, previousID());
WTF::storeStoreFence();
m_previousOrRareData.set(vm, this, rareData);
ASSERT(hasRareData());
}
WatchpointSet* Structure::ensurePropertyReplacementWatchpointSet(VM& vm, PropertyOffset offset)
{
ASSERT(!isUncacheableDictionary());
if (!isValidOffset(offset))
return nullptr;
if (!hasRareData())
allocateRareData(vm);
ConcurrentJSLocker locker(m_lock);
StructureRareData* rareData = this->rareData();
if (!rareData->m_replacementWatchpointSets) {
rareData->m_replacementWatchpointSets =
std::make_unique<StructureRareData::PropertyWatchpointMap>();
WTF::storeStoreFence();
}
auto result = rareData->m_replacementWatchpointSets->add(offset, nullptr);
if (result.isNewEntry)
result.iterator->value = adoptRef(new WatchpointSet(IsWatched));
return result.iterator->value.get();
}
void Structure::startWatchingPropertyForReplacements(VM& vm, PropertyName propertyName)
{
ASSERT(!isUncacheableDictionary());
startWatchingPropertyForReplacements(vm, get(vm, propertyName));
}
void Structure::didCachePropertyReplacement(VM& vm, PropertyOffset offset)
{
RELEASE_ASSERT(isValidOffset(offset));
ensurePropertyReplacementWatchpointSet(vm, offset)->fireAll(vm, "Did cache property replacement");
}
void Structure::startWatchingInternalProperties(VM& vm)
{
if (!isUncacheableDictionary()) {
startWatchingPropertyForReplacements(vm, vm.propertyNames->toString);
startWatchingPropertyForReplacements(vm, vm.propertyNames->valueOf);
}
setDidWatchInternalProperties(true);
}
void Structure::willStoreValueSlow(
VM& vm, PropertyName propertyName, JSValue value, bool shouldOptimize,
InferredTypeTable::StoredPropertyAge age)
{
ASSERT(!isCompilationThread());
ASSERT(structure()->classInfo() == info());
ASSERT(!hasBeenDictionary());
InferredTypeTable* table = m_inferredTypeTable.get();
if (!table) {
table = InferredTypeTable::create(vm);
WTF::storeStoreFence();
m_inferredTypeTable.set(vm, this, table);
}
PropertyTable* propertyTable = ensurePropertyTable(vm);
PropertyMapEntry* entry = propertyTable->get(propertyName.uid());
ASSERT(entry);
if (shouldOptimize)
entry->hasInferredType = table->willStoreValue(vm, propertyName, value, age);
else {
table->makeTop(vm, propertyName, age);
entry->hasInferredType = false;
}
propertyTable->use(); }
#if DUMP_PROPERTYMAP_STATS
PropertyMapHashTableStats* propertyMapHashTableStats = 0;
struct PropertyMapStatisticsExitLogger {
PropertyMapStatisticsExitLogger();
~PropertyMapStatisticsExitLogger();
};
DEFINE_GLOBAL_FOR_LOGGING(PropertyMapStatisticsExitLogger, logger, );
PropertyMapStatisticsExitLogger::PropertyMapStatisticsExitLogger()
{
propertyMapHashTableStats = adoptPtr(new PropertyMapHashTableStats()).leakPtr();
}
PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger()
{
unsigned finds = propertyMapHashTableStats->numFinds;
unsigned collisions = propertyMapHashTableStats->numCollisions;
dataLogF("\nJSC::PropertyMap statistics for process %d\n\n", getCurrentProcessID());
dataLogF("%d finds\n", finds);
dataLogF("%d collisions (%.1f%%)\n", collisions, 100.0 * collisions / finds);
dataLogF("%d lookups\n", propertyMapHashTableStats->numLookups.load());
dataLogF("%d lookup probings\n", propertyMapHashTableStats->numLookupProbing.load());
dataLogF("%d adds\n", propertyMapHashTableStats->numAdds.load());
dataLogF("%d removes\n", propertyMapHashTableStats->numRemoves.load());
dataLogF("%d rehashes\n", propertyMapHashTableStats->numRehashes.load());
dataLogF("%d reinserts\n", propertyMapHashTableStats->numReinserts.load());
}
#endif
PropertyTable* Structure::copyPropertyTableForPinning(VM& vm)
{
if (PropertyTable* table = propertyTableOrNull())
return PropertyTable::clone(vm, *table);
bool setPropertyTable = false;
return materializePropertyTable(vm, setPropertyTable);
}
PropertyOffset Structure::getConcurrently(UniquedStringImpl* uid, unsigned& attributes)
{
PropertyOffset result = invalidOffset;
forEachPropertyConcurrently(
[&] (const PropertyMapEntry& candidate) -> bool {
if (candidate.key != uid)
return true;
result = candidate.offset;
attributes = candidate.attributes;
return false;
});
return result;
}
Vector<PropertyMapEntry> Structure::getPropertiesConcurrently()
{
Vector<PropertyMapEntry> result;
forEachPropertyConcurrently(
[&] (const PropertyMapEntry& entry) -> bool {
result.append(entry);
return true;
});
return result;
}
PropertyOffset Structure::add(VM& vm, PropertyName propertyName, unsigned attributes)
{
return add<ShouldPin::No>(
vm, propertyName, attributes,
[this] (const GCSafeConcurrentJSLocker&, PropertyOffset, PropertyOffset newLastOffset) {
setLastOffset(newLastOffset);
});
}
PropertyOffset Structure::remove(PropertyName propertyName)
{
return remove(propertyName, [] (const ConcurrentJSLocker&, PropertyOffset) { });
}
void Structure::getPropertyNamesFromStructure(VM& vm, PropertyNameArray& propertyNames, EnumerationMode mode)
{
PropertyTable* table = ensurePropertyTableIfNotEmpty(vm);
if (!table)
return;
bool knownUnique = propertyNames.canAddKnownUniqueForStructure();
PropertyTable::iterator end = table->end();
for (PropertyTable::iterator iter = table->begin(); iter != end; ++iter) {
ASSERT(!isQuickPropertyAccessAllowedForEnumeration() || !(iter->attributes & PropertyAttribute::DontEnum));
ASSERT(!isQuickPropertyAccessAllowedForEnumeration() || !iter->key->isSymbol());
if (!(iter->attributes & PropertyAttribute::DontEnum) || mode.includeDontEnumProperties()) {
if (iter->key->isSymbol() && !propertyNames.includeSymbolProperties())
continue;
if (knownUnique)
propertyNames.addUnchecked(iter->key);
else
propertyNames.add(iter->key);
}
}
}
void StructureFireDetail::dump(PrintStream& out) const
{
out.print("Structure transition from ", *m_structure);
}
DeferredStructureTransitionWatchpointFire::DeferredStructureTransitionWatchpointFire()
: m_structure(nullptr)
{
}
DeferredStructureTransitionWatchpointFire::~DeferredStructureTransitionWatchpointFire()
{
if (m_structure)
m_structure->transitionWatchpointSet().fireAll(*m_structure->vm(), StructureFireDetail(m_structure));
}
void DeferredStructureTransitionWatchpointFire::add(const Structure* structure)
{
RELEASE_ASSERT(!m_structure);
RELEASE_ASSERT(structure);
m_structure = structure;
}
void Structure::didTransitionFromThisStructure(DeferredStructureTransitionWatchpointFire* deferred) const
{
if (m_transitionWatchpointSet.isBeingWatched())
const_cast<Structure*>(this)->setTransitionWatchpointIsLikelyToBeFired(true);
if (deferred)
deferred->add(this);
else
m_transitionWatchpointSet.fireAll(*vm(), StructureFireDetail(this));
}
void Structure::visitChildren(JSCell* cell, SlotVisitor& visitor)
{
Structure* thisObject = jsCast<Structure*>(cell);
ASSERT_GC_OBJECT_INHERITS(thisObject, info());
JSCell::visitChildren(thisObject, visitor);
ConcurrentJSLocker locker(thisObject->m_lock);
visitor.append(thisObject->m_globalObject);
if (!thisObject->isObject())
thisObject->m_cachedPrototypeChain.clear();
else {
visitor.append(thisObject->m_prototype);
visitor.append(thisObject->m_cachedPrototypeChain);
}
visitor.append(thisObject->m_previousOrRareData);
if (thisObject->isPinnedPropertyTable() || thisObject->isAddingPropertyForTransition()) {
visitor.append(thisObject->m_propertyTableUnsafe);
} else if (visitor.isBuildingHeapSnapshot())
visitor.append(thisObject->m_propertyTableUnsafe);
else if (thisObject->m_propertyTableUnsafe)
thisObject->m_propertyTableUnsafe.clear();
visitor.append(thisObject->m_inferredTypeTable);
}
bool Structure::isCheapDuringGC()
{
return (!m_globalObject || Heap::isMarked(m_globalObject.get()))
&& (hasPolyProto() || !storedPrototypeObject() || Heap::isMarked(storedPrototypeObject()));
}
bool Structure::markIfCheap(SlotVisitor& visitor)
{
if (!isCheapDuringGC())
return Heap::isMarked(this);
visitor.appendUnbarriered(this);
return true;
}
Ref<StructureShape> Structure::toStructureShape(JSValue value, bool& sawPolyProtoStructure)
{
Ref<StructureShape> baseShape = StructureShape::create();
RefPtr<StructureShape> curShape = baseShape.ptr();
Structure* curStructure = this;
JSValue curValue = value;
sawPolyProtoStructure = false;
while (curStructure) {
sawPolyProtoStructure |= curStructure->hasPolyProto();
curStructure->forEachPropertyConcurrently(
[&] (const PropertyMapEntry& entry) -> bool {
if (!PropertyName(entry.key).isPrivateName())
curShape->addProperty(*entry.key);
return true;
});
if (JSObject* curObject = curValue.getObject())
curShape->setConstructorName(JSObject::calculatedClassName(curObject));
else
curShape->setConstructorName(curStructure->classInfo()->className);
if (curStructure->isDictionary())
curShape->enterDictionaryMode();
curShape->markAsFinal();
if (!curValue.isObject())
break;
JSObject* object = asObject(curValue);
JSObject* prototypeObject = object->structure()->storedPrototypeObject(object);
if (!prototypeObject)
break;
auto newShape = StructureShape::create();
curShape->setProto(newShape.copyRef());
curShape = WTFMove(newShape);
curValue = prototypeObject;
curStructure = prototypeObject->structure();
}
return baseShape;
}
void Structure::dump(PrintStream& out) const
{
out.print(RawPointer(this), ":[", classInfo()->className, ", {");
CommaPrinter comma;
const_cast<Structure*>(this)->forEachPropertyConcurrently(
[&] (const PropertyMapEntry& entry) -> bool {
out.print(comma, entry.key, ":", static_cast<int>(entry.offset));
return true;
});
out.print("}, ", IndexingTypeDump(indexingType()));
if (hasPolyProto())
out.print(", PolyProto offset:", knownPolyProtoOffset);
else if (m_prototype.get().isCell())
out.print(", Proto:", RawPointer(m_prototype.get().asCell()));
switch (dictionaryKind()) {
case NoneDictionaryKind:
if (hasBeenDictionary())
out.print(", Has been dictionary");
break;
case CachedDictionaryKind:
out.print(", Dictionary");
break;
case UncachedDictionaryKind:
out.print(", UncacheableDictionary");
break;
}
if (transitionWatchpointSetIsStillValid())
out.print(", Leaf");
else if (transitionWatchpointIsLikelyToBeFired())
out.print(", Shady leaf");
out.print("]");
}
void Structure::dumpInContext(PrintStream& out, DumpContext* context) const
{
if (context)
context->structures.dumpBrief(this, out);
else
dump(out);
}
void Structure::dumpBrief(PrintStream& out, const CString& string) const
{
out.print("%", string, ":", classInfo()->className);
}
void Structure::dumpContextHeader(PrintStream& out)
{
out.print("Structures:");
}
bool ClassInfo::hasStaticSetterOrReadonlyProperties() const
{
for (const ClassInfo* ci = this; ci; ci = ci->parentClass) {
if (const HashTable* table = ci->staticPropHashTable) {
if (table->hasSetterOrReadonlyProperties)
return true;
}
}
return false;
}
void Structure::setCachedPropertyNameEnumerator(VM& vm, JSPropertyNameEnumerator* enumerator)
{
ASSERT(!isDictionary());
if (!hasRareData())
allocateRareData(vm);
rareData()->setCachedPropertyNameEnumerator(vm, enumerator);
}
JSPropertyNameEnumerator* Structure::cachedPropertyNameEnumerator() const
{
if (!hasRareData())
return nullptr;
return rareData()->cachedPropertyNameEnumerator();
}
bool Structure::canCachePropertyNameEnumerator() const
{
auto canCache = [] (const Structure* structure) {
if (structure->isDictionary())
return false;
if (hasIndexedProperties(structure->indexingType()))
return false;
if (structure->typeInfo().overridesGetPropertyNames())
return false;
return true;
};
if (!canCache(this))
return false;
StructureChain* structureChain = m_cachedPrototypeChain.get();
ASSERT(structureChain);
WriteBarrier<Structure>* structure = structureChain->head();
while (true) {
if (!structure->get())
return true;
if (!canCache(structure->get()))
return false;
structure++;
}
ASSERT_NOT_REACHED();
return true;
}
bool Structure::canAccessPropertiesQuicklyForEnumeration() const
{
if (!isQuickPropertyAccessAllowedForEnumeration())
return false;
if (hasGetterSetterProperties())
return false;
if (isUncacheableDictionary())
return false;
return true;
}
}