From 32761a6cee1d0dee366b885b7b9c777e67885688 Mon Sep 17 00:00:00 2001 From: Lorry Tar Creator Date: Sun, 10 Apr 2016 09:28:39 +0000 Subject: webkitgtk-2.4.11 --- Source/JavaScriptCore/runtime/JSFunction.cpp | 232 +++++++++------------------ 1 file changed, 78 insertions(+), 154 deletions(-) (limited to 'Source/JavaScriptCore/runtime/JSFunction.cpp') diff --git a/Source/JavaScriptCore/runtime/JSFunction.cpp b/Source/JavaScriptCore/runtime/JSFunction.cpp index 70ec4fad2..241964610 100644 --- a/Source/JavaScriptCore/runtime/JSFunction.cpp +++ b/Source/JavaScriptCore/runtime/JSFunction.cpp @@ -1,10 +1,9 @@ /* * Copyright (C) 1999-2002 Harri Porten (porten@kde.org) * Copyright (C) 2001 Peter Kelly (pmk@post.com) - * Copyright (C) 2003-2009, 2015-2016 Apple Inc. All rights reserved. + * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. * Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca) * Copyright (C) 2007 Maks Orlovich - * Copyright (C) 2015 Canon Inc. All rights reserved. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Library General Public @@ -26,23 +25,22 @@ #include "config.h" #include "JSFunction.h" -#include "ClonedArguments.h" +#include "Arguments.h" #include "CodeBlock.h" #include "CommonIdentifiers.h" #include "CallFrame.h" +#include "CallFrameInlines.h" #include "ExceptionHelpers.h" #include "FunctionPrototype.h" -#include "GeneratorPrototype.h" #include "GetterSetter.h" #include "JSArray.h" -#include "JSBoundFunction.h" -#include "JSCInlines.h" -#include "JSFunctionInlines.h" +#include "JSBoundFunction.h" #include "JSGlobalObject.h" #include "JSNotAnObject.h" #include "Interpreter.h" #include "ObjectConstructor.h" #include "ObjectPrototype.h" +#include "Operations.h" #include "Parser.h" #include "PropertyNameArray.h" #include "StackVisitor.h" @@ -54,60 +52,51 @@ EncodedJSValue JSC_HOST_CALL callHostFunctionAsConstructor(ExecState* exec) return throwVMError(exec, createNotAConstructorError(exec, exec->callee())); } -const ClassInfo JSFunction::s_info = { "Function", &Base::s_info, 0, CREATE_METHOD_TABLE(JSFunction) }; +const ClassInfo JSFunction::s_info = { "Function", &Base::s_info, 0, 0, CREATE_METHOD_TABLE(JSFunction) }; bool JSFunction::isHostFunctionNonInline() const { return isHostFunction(); } -JSFunction* JSFunction::create(VM& vm, FunctionExecutable* executable, JSScope* scope) -{ - return create(vm, executable, scope, scope->globalObject()->functionStructure()); -} - -JSFunction* JSFunction::create(VM& vm, FunctionExecutable* executable, JSScope* scope, Structure* structure) -{ - JSFunction* result = createImpl(vm, executable, scope, structure); - executable->singletonFunction()->notifyWrite(vm, result, "Allocating a function"); - return result; -} - -#if ENABLE(WEBASSEMBLY) -JSFunction* JSFunction::create(VM& vm, WebAssemblyExecutable* executable, JSScope* scope) -{ - JSFunction* function = new (NotNull, allocateCell(vm.heap)) JSFunction(vm, executable, scope); - ASSERT(function->structure()->globalObject()); - function->finishCreation(vm); - return function; -} -#endif - -NativeExecutable* JSFunction::lookUpOrCreateNativeExecutable(VM& vm, NativeFunction nativeFunction, Intrinsic intrinsic, NativeFunction nativeConstructor, const String& name) +JSFunction* JSFunction::create(VM& vm, JSGlobalObject* globalObject, int length, const String& name, NativeFunction nativeFunction, Intrinsic intrinsic, NativeFunction nativeConstructor) { + NativeExecutable* executable; #if !ENABLE(JIT) UNUSED_PARAM(intrinsic); #else if (intrinsic != NoIntrinsic && vm.canUseJIT()) { ASSERT(nativeConstructor == callHostFunctionAsConstructor); - return vm.getHostFunction(nativeFunction, intrinsic, name); - } + executable = vm.getHostFunction(nativeFunction, intrinsic); + } else #endif - return vm.getHostFunction(nativeFunction, nativeConstructor, name); -} + executable = vm.getHostFunction(nativeFunction, nativeConstructor); -JSFunction* JSFunction::create(VM& vm, JSGlobalObject* globalObject, int length, const String& name, NativeFunction nativeFunction, Intrinsic intrinsic, NativeFunction nativeConstructor) -{ - NativeExecutable* executable = lookUpOrCreateNativeExecutable(vm, nativeFunction, intrinsic, nativeConstructor, name); JSFunction* function = new (NotNull, allocateCell(vm.heap)) JSFunction(vm, globalObject, globalObject->functionStructure()); // Can't do this during initialization because getHostFunction might do a GC allocation. function->finishCreation(vm, executable, length, name); return function; } +void JSFunction::destroy(JSCell* cell) +{ + static_cast(cell)->JSFunction::~JSFunction(); +} + JSFunction::JSFunction(VM& vm, JSGlobalObject* globalObject, Structure* structure) - : Base(vm, globalObject, structure) + : Base(vm, structure) , m_executable() + , m_scope(vm, this, globalObject) + // We initialize blind so that changes to the prototype after function creation but before + // the optimizer kicks in don't disable optimizations. Once the optimizer kicks in, the + // watchpoint will start watching and any changes will both force deoptimization and disable + // future attempts to optimize. This is necessary because we are guaranteed that the + // allocation profile is changed exactly once prior to optimizations kicking in. We could be + // smarter and count the number of times the prototype is clobbered and only optimize if it + // was clobbered exactly once, but that seems like overkill. In almost all cases it will be + // clobbered once, and if it's clobbered more than once, that will probably only occur + // before we started optimizing, anyway. + , m_allocationProfileWatchpoint(ClearWatchpoint) { } @@ -120,62 +109,14 @@ void JSFunction::finishCreation(VM& vm, NativeExecutable* executable, int length putDirect(vm, vm.propertyNames->length, jsNumber(length), DontDelete | ReadOnly | DontEnum); } -JSFunction* JSFunction::createBuiltinFunction(VM& vm, FunctionExecutable* executable, JSGlobalObject* globalObject) -{ - JSFunction* function = create(vm, executable, globalObject); - function->putDirect(vm, vm.propertyNames->name, jsString(&vm, executable->name().string()), DontDelete | ReadOnly | DontEnum); - function->putDirect(vm, vm.propertyNames->length, jsNumber(executable->parameterCount()), DontDelete | ReadOnly | DontEnum); - return function; -} - -JSFunction* JSFunction::createBuiltinFunction(VM& vm, FunctionExecutable* executable, JSGlobalObject* globalObject, const String& name) -{ - JSFunction* function = create(vm, executable, globalObject); - function->putDirect(vm, vm.propertyNames->name, jsString(&vm, name), DontDelete | ReadOnly | DontEnum); - function->putDirect(vm, vm.propertyNames->length, jsNumber(executable->parameterCount()), DontDelete | ReadOnly | DontEnum); - return function; -} - -FunctionRareData* JSFunction::allocateRareData(VM& vm) +ObjectAllocationProfile* JSFunction::createAllocationProfile(ExecState* exec, size_t inlineCapacity) { - ASSERT(!m_rareData); - FunctionRareData* rareData = FunctionRareData::create(vm); - - // A DFG compilation thread may be trying to read the rare data - // We want to ensure that it sees it properly allocated - WTF::storeStoreFence(); - - m_rareData.set(vm, this, rareData); - return m_rareData.get(); -} - -FunctionRareData* JSFunction::allocateAndInitializeRareData(ExecState* exec, size_t inlineCapacity) -{ - ASSERT(!m_rareData); - VM& vm = exec->vm(); - JSObject* prototype = jsDynamicCast(get(exec, vm.propertyNames->prototype)); - if (!prototype) - prototype = globalObject()->objectPrototype(); - FunctionRareData* rareData = FunctionRareData::create(vm); - rareData->initializeObjectAllocationProfile(globalObject()->vm(), prototype, inlineCapacity); - - // A DFG compilation thread may be trying to read the rare data - // We want to ensure that it sees it properly allocated - WTF::storeStoreFence(); - - m_rareData.set(vm, this, rareData); - return m_rareData.get(); -} - -FunctionRareData* JSFunction::initializeRareData(ExecState* exec, size_t inlineCapacity) -{ - ASSERT(!!m_rareData); VM& vm = exec->vm(); JSObject* prototype = jsDynamicCast(get(exec, vm.propertyNames->prototype)); if (!prototype) prototype = globalObject()->objectPrototype(); - m_rareData->initializeObjectAllocationProfile(globalObject()->vm(), prototype, inlineCapacity); - return m_rareData.get(); + m_allocationProfile.initialize(globalObject()->vm(), this, prototype, inlineCapacity); + return &m_allocationProfile; } String JSFunction::name(ExecState* exec) @@ -201,7 +142,7 @@ const String JSFunction::calculatedDisplayName(ExecState* exec) return explicitName; const String actualName = name(exec); - if (!actualName.isEmpty() || isHostOrBuiltinFunction()) + if (!actualName.isEmpty() || isHostFunction()) return actualName; return jsExecutable()->inferredName().string(); @@ -209,20 +150,22 @@ const String JSFunction::calculatedDisplayName(ExecState* exec) const SourceCode* JSFunction::sourceCode() const { - if (isHostOrBuiltinFunction()) + if (isHostFunction()) return 0; return &jsExecutable()->source(); } - + void JSFunction::visitChildren(JSCell* cell, SlotVisitor& visitor) { JSFunction* thisObject = jsCast(cell); ASSERT_GC_OBJECT_INHERITS(thisObject, info()); + COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag); + ASSERT(thisObject->structure()->typeInfo().overridesVisitChildren()); Base::visitChildren(thisObject, visitor); + visitor.append(&thisObject->m_scope); visitor.append(&thisObject->m_executable); - if (thisObject->m_rareData) - visitor.append(&thisObject->m_rareData); + thisObject->m_allocationProfile.visitAggregate(visitor); } CallType JSFunction::getCallData(JSCell* cell, CallData& callData) @@ -269,9 +212,9 @@ static JSValue retrieveArguments(ExecState* exec, JSFunction* functionObj) return functor.result(); } -EncodedJSValue JSFunction::argumentsGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName) +EncodedJSValue JSFunction::argumentsGetter(ExecState* exec, EncodedJSValue slotBase, EncodedJSValue, PropertyName) { - JSFunction* thisObj = jsCast(JSValue::decode(thisValue)); + JSFunction* thisObj = jsCast(JSValue::decode(slotBase)); ASSERT(!thisObj->isHostFunction()); return JSValue::encode(retrieveArguments(exec, thisObj)); @@ -324,35 +267,31 @@ static JSValue retrieveCallerFunction(ExecState* exec, JSFunction* functionObj) return functor.result(); } -EncodedJSValue JSFunction::callerGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName) +EncodedJSValue JSFunction::callerGetter(ExecState* exec, EncodedJSValue slotBase, EncodedJSValue, PropertyName) { - JSFunction* thisObj = jsCast(JSValue::decode(thisValue)); + JSFunction* thisObj = jsCast(JSValue::decode(slotBase)); ASSERT(!thisObj->isHostFunction()); JSValue caller = retrieveCallerFunction(exec, thisObj); // See ES5.1 15.3.5.4 - Function.caller may not be used to retrieve a strict caller. - if (!caller.isObject() || !asObject(caller)->inherits(JSFunction::info())) { - // It isn't a JSFunction, but if it is a JSCallee from a program or call eval, return null. - if (jsDynamicCast(caller)) - return JSValue::encode(jsNull()); + if (!caller.isObject() || !asObject(caller)->inherits(JSFunction::info())) return JSValue::encode(caller); - } JSFunction* function = jsCast(caller); - if (function->isHostOrBuiltinFunction() || !function->jsExecutable()->isStrictMode()) + if (function->isHostFunction() || !function->jsExecutable()->isStrictMode()) return JSValue::encode(caller); return JSValue::encode(throwTypeError(exec, ASCIILiteral("Function.caller used to retrieve strict caller"))); } -EncodedJSValue JSFunction::lengthGetter(ExecState*, EncodedJSValue thisValue, PropertyName) +EncodedJSValue JSFunction::lengthGetter(ExecState*, EncodedJSValue slotBase, EncodedJSValue, PropertyName) { - JSFunction* thisObj = jsCast(JSValue::decode(thisValue)); + JSFunction* thisObj = jsCast(JSValue::decode(slotBase)); ASSERT(!thisObj->isHostFunction()); return JSValue::encode(jsNumber(thisObj->jsExecutable()->parameterCount())); } -EncodedJSValue JSFunction::nameGetter(ExecState*, EncodedJSValue thisValue, PropertyName) +EncodedJSValue JSFunction::nameGetter(ExecState*, EncodedJSValue slotBase, EncodedJSValue, PropertyName) { - JSFunction* thisObj = jsCast(JSValue::decode(thisValue)); + JSFunction* thisObj = jsCast(JSValue::decode(slotBase)); ASSERT(!thisObj->isHostFunction()); return JSValue::encode(thisObj->jsExecutable()->nameValue()); } @@ -360,20 +299,15 @@ EncodedJSValue JSFunction::nameGetter(ExecState*, EncodedJSValue thisValue, Prop bool JSFunction::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot) { JSFunction* thisObject = jsCast(object); - if (thisObject->isHostOrBuiltinFunction()) + if (thisObject->isHostFunction()) return Base::getOwnPropertySlot(thisObject, exec, propertyName, slot); - if (propertyName == exec->propertyNames().prototype && !thisObject->jsExecutable()->isArrowFunction()) { + if (propertyName == exec->propertyNames().prototype) { VM& vm = exec->vm(); unsigned attributes; PropertyOffset offset = thisObject->getDirectOffset(vm, propertyName, attributes); if (!isValidOffset(offset)) { - JSObject* prototype = nullptr; - if (thisObject->jsExecutable()->parseMode() == SourceParseMode::GeneratorWrapperFunctionMode) - prototype = constructEmptyObject(exec, thisObject->globalObject()->generatorPrototype()); - else - prototype = constructEmptyObject(exec); - + JSObject* prototype = constructEmptyObject(exec); prototype->putDirect(vm, exec->propertyNames().constructor, thisObject, DontEnum); thisObject->putDirect(vm, exec->propertyNames().prototype, prototype, DontDelete | DontEnum); offset = thisObject->getDirectOffset(vm, exec->propertyNames().prototype, attributes); @@ -427,16 +361,15 @@ bool JSFunction::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyN void JSFunction::getOwnNonIndexPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode) { JSFunction* thisObject = jsCast(object); - if (!thisObject->isHostOrBuiltinFunction() && mode.includeDontEnumProperties()) { - VM& vm = exec->vm(); + if (!thisObject->isHostFunction() && (mode == IncludeDontEnumProperties)) { // Make sure prototype has been reified. - PropertySlot slot(thisObject, PropertySlot::InternalMethodType::VMInquiry); - thisObject->methodTable(vm)->getOwnPropertySlot(thisObject, exec, vm.propertyNames->prototype, slot); + PropertySlot slot(thisObject); + thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, exec->propertyNames().prototype, slot); - propertyNames.add(vm.propertyNames->arguments); - propertyNames.add(vm.propertyNames->caller); - propertyNames.add(vm.propertyNames->length); - propertyNames.add(vm.propertyNames->name); + propertyNames.add(exec->propertyNames().arguments); + propertyNames.add(exec->propertyNames().caller); + propertyNames.add(exec->propertyNames().length); + propertyNames.add(exec->propertyNames().name); } Base::getOwnNonIndexPropertyNames(thisObject, exec, propertyNames, mode); } @@ -444,18 +377,18 @@ void JSFunction::getOwnNonIndexPropertyNames(JSObject* object, ExecState* exec, void JSFunction::put(JSCell* cell, ExecState* exec, PropertyName propertyName, JSValue value, PutPropertySlot& slot) { JSFunction* thisObject = jsCast(cell); - if (thisObject->isHostOrBuiltinFunction()) { + if (thisObject->isHostFunction()) { Base::put(thisObject, exec, propertyName, value, slot); return; } if (propertyName == exec->propertyNames().prototype) { // Make sure prototype has been reified, such that it can only be overwritten // following the rules set out in ECMA-262 8.12.9. - PropertySlot slot(thisObject, PropertySlot::InternalMethodType::VMInquiry); - thisObject->methodTable(exec->vm())->getOwnPropertySlot(thisObject, exec, propertyName, slot); - if (thisObject->m_rareData) - thisObject->m_rareData->clear("Store to prototype property of a function"); - // Don't allow this to be cached, since a [[Put]] must clear m_rareData. + PropertySlot slot(thisObject); + thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot); + thisObject->m_allocationProfile.clear(); + thisObject->m_allocationProfileWatchpoint.fireAll(); + // Don't allow this to be cached, since a [[Put]] must clear m_allocationProfile. PutPropertySlot dontCache(thisObject); Base::put(thisObject, exec, propertyName, value, dontCache); return; @@ -479,39 +412,36 @@ bool JSFunction::deleteProperty(JSCell* cell, ExecState* exec, PropertyName prop { JSFunction* thisObject = jsCast(cell); // For non-host functions, don't let these properties by deleted - except by DefineOwnProperty. - if (!thisObject->isHostOrBuiltinFunction() && !exec->vm().isInDefineOwnProperty()) { - FunctionExecutable* executable = thisObject->jsExecutable(); - if (propertyName == exec->propertyNames().arguments + if (!thisObject->isHostFunction() && !exec->vm().isInDefineOwnProperty() + && (propertyName == exec->propertyNames().arguments || propertyName == exec->propertyNames().length || propertyName == exec->propertyNames().name - || (propertyName == exec->propertyNames().prototype && !executable->isArrowFunction()) - || propertyName == exec->propertyNames().caller) + || propertyName == exec->propertyNames().prototype + || propertyName == exec->propertyNames().caller)) return false; - } - return Base::deleteProperty(thisObject, exec, propertyName); } bool JSFunction::defineOwnProperty(JSObject* object, ExecState* exec, PropertyName propertyName, const PropertyDescriptor& descriptor, bool throwException) { JSFunction* thisObject = jsCast(object); - if (thisObject->isHostOrBuiltinFunction()) + if (thisObject->isHostFunction()) return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException); if (propertyName == exec->propertyNames().prototype) { // Make sure prototype has been reified, such that it can only be overwritten // following the rules set out in ECMA-262 8.12.9. - PropertySlot slot(thisObject, PropertySlot::InternalMethodType::VMInquiry); - thisObject->methodTable(exec->vm())->getOwnPropertySlot(thisObject, exec, propertyName, slot); - if (thisObject->m_rareData) - thisObject->m_rareData->clear("Store to prototype property of a function"); + PropertySlot slot(thisObject); + thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot); + thisObject->m_allocationProfile.clear(); + thisObject->m_allocationProfileWatchpoint.fireAll(); return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException); } bool valueCheck; if (propertyName == exec->propertyNames().arguments) { if (thisObject->jsExecutable()->isStrictMode()) { - PropertySlot slot(thisObject, PropertySlot::InternalMethodType::VMInquiry); + PropertySlot slot(thisObject); if (!Base::getOwnPropertySlot(thisObject, exec, propertyName, slot)) thisObject->putDirectAccessor(exec, propertyName, thisObject->globalObject()->throwTypeErrorGetterSetter(exec->vm()), DontDelete | DontEnum | Accessor); return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException); @@ -519,7 +449,7 @@ bool JSFunction::defineOwnProperty(JSObject* object, ExecState* exec, PropertyNa valueCheck = !descriptor.value() || sameValue(exec, descriptor.value(), retrieveArguments(exec, thisObject)); } else if (propertyName == exec->propertyNames().caller) { if (thisObject->jsExecutable()->isStrictMode()) { - PropertySlot slot(thisObject, PropertySlot::InternalMethodType::VMInquiry); + PropertySlot slot(thisObject); if (!Base::getOwnPropertySlot(thisObject, exec, propertyName, slot)) thisObject->putDirectAccessor(exec, propertyName, thisObject->globalObject()->throwTypeErrorGetterSetter(exec->vm()), DontDelete | DontEnum | Accessor); return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException); @@ -534,7 +464,7 @@ bool JSFunction::defineOwnProperty(JSObject* object, ExecState* exec, PropertyNa if (descriptor.configurablePresent() && descriptor.configurable()) { if (throwException) - exec->vm().throwException(exec, createTypeError(exec, ASCIILiteral("Attempting to change configurable attribute of unconfigurable property."))); + exec->vm().throwException(exec, createTypeError(exec, ASCIILiteral("Attempting to configurable attribute of unconfigurable property."))); return false; } if (descriptor.enumerablePresent() && descriptor.enumerable()) { @@ -564,17 +494,11 @@ bool JSFunction::defineOwnProperty(JSObject* object, ExecState* exec, PropertyNa ConstructType JSFunction::getConstructData(JSCell* cell, ConstructData& constructData) { JSFunction* thisObject = jsCast(cell); - if (thisObject->isHostFunction()) { constructData.native.function = thisObject->nativeConstructor(); return ConstructTypeHost; } - - FunctionExecutable* functionExecutable = thisObject->jsExecutable(); - if (functionExecutable->constructAbility() == ConstructAbility::CannotConstruct) - return ConstructTypeNone; - - constructData.js.functionExecutable = functionExecutable; + constructData.js.functionExecutable = thisObject->jsExecutable(); constructData.js.scope = thisObject->scope(); return ConstructTypeJS; } @@ -585,7 +509,7 @@ String getCalculatedDisplayName(CallFrame* callFrame, JSObject* object) return function->calculatedDisplayName(callFrame); if (InternalFunction* function = jsDynamicCast(object)) return function->calculatedDisplayName(callFrame); - return emptyString(); + return ""; } } // namespace JSC -- cgit v1.2.1