Imported WebKit commit e89504fa9195b2063b2530961d4b73dd08de3242 (http://svn.webkit.org/repository/webkit/trunk@135485)

Change-Id: I03774e5ac79721c13ffa30d152537a74d0b12e66 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
author: Simon Hausmann <simon.hausmann@digia.com> 2012-11-22 09:09:45 +0100
committer: Simon Hausmann <simon.hausmann@digia.com> 2012-11-22 09:10:13 +0100
commit: 470286ecfe79d59df14944e5b5d34630fc739391 (patch)
tree: 43983212872e06cebefd2ae474418fa2908ca54c /Source/JavaScriptCore/runtime/JSGlobalObject.cpp
parent: 23037105e948c2065da5a937d3a2396b0ff45c1e (diff)
download: qtwebkit-470286ecfe79d59df14944e5b5d34630fc739391.tar.gz
1 files changed, 27 insertions, 12 deletions
diff --git a/Source/JavaScriptCore/runtime/JSGlobalObject.cpp b/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
index c466a2b04..6f20f0e93 100644
--- a/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
+++ b/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
@@ -230,9 +230,16 @@ void JSGlobalObject::reset(JSValue prototype)
     m_callbackObjectStructure.set(exec->globalData(), this, JSCallbackObject<JSDestructibleObject>::createStructure(exec->globalData(), this, m_objectPrototype.get()));
 
     m_arrayPrototype.set(exec->globalData(), this, ArrayPrototype::create(exec, this, ArrayPrototype::createStructure(exec->globalData(), this, m_objectPrototype.get())));
-    m_arrayStructure.set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithContiguous));
-    m_arrayStructureWithArrayStorage.set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithArrayStorage));
-    m_arrayStructureForSlowPut.set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithSlowPutArrayStorage));
+    
+    m_originalArrayStructureForIndexingShape[UndecidedShape >> IndexingShapeShift].set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithUndecided));
+    m_originalArrayStructureForIndexingShape[Int32Shape >> IndexingShapeShift].set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithInt32));
+    m_originalArrayStructureForIndexingShape[DoubleShape >> IndexingShapeShift].set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithDouble));
+    m_originalArrayStructureForIndexingShape[ContiguousShape >> IndexingShapeShift].set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithContiguous));
+    m_originalArrayStructureForIndexingShape[ArrayStorageShape >> IndexingShapeShift].set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithArrayStorage));
+    m_originalArrayStructureForIndexingShape[SlowPutArrayStorageShape >> IndexingShapeShift].set(exec->globalData(), this, JSArray::createStructure(exec->globalData(), this, m_arrayPrototype.get(), ArrayWithSlowPutArrayStorage));
+    for (unsigned i = 0; i < NumberOfIndexingShapes; ++i)
+        m_arrayStructureForIndexingShapeDuringAllocation[i] = m_originalArrayStructureForIndexingShape[i];
+    
     m_regExpMatchesArrayStructure.set(exec->globalData(), this, RegExpMatchesArray::createStructure(exec->globalData(), this, m_arrayPrototype.get()));
 
     m_stringPrototype.set(exec->globalData(), this, StringPrototype::create(exec, this, StringPrototype::createStructure(exec->globalData(), this, m_objectPrototype.get())));
@@ -252,8 +259,6 @@ void JSGlobalObject::reset(JSValue prototype)
     m_regExpPrototype.set(exec->globalData(), this, RegExpPrototype::create(exec, this, RegExpPrototype::createStructure(exec->globalData(), this, m_objectPrototype.get()), emptyRegex));
     m_regExpStructure.set(exec->globalData(), this, RegExpObject::createStructure(exec->globalData(), this, m_regExpPrototype.get()));
 
-    m_methodCallDummy.set(exec->globalData(), this, constructEmptyObject(exec));
-
     m_errorPrototype.set(exec->globalData(), this, ErrorPrototype::create(exec, this, ErrorPrototype::createStructure(exec->globalData(), this, m_objectPrototype.get())));
     m_errorStructure.set(exec->globalData(), this, ErrorInstance::createStructure(exec->globalData(), this, m_errorPrototype.get()));
 
@@ -360,7 +365,9 @@ inline bool hasBrokenIndexing(JSObject* object)
 {
     // This will change if we have more indexing types.
     IndexingType type = object->structure()->indexingType();
-    return hasContiguous(type) || hasFastArrayStorage(type);
+    // This could be made obviously more efficient, but isn't made so right now, because
+    // we expect this to be an unlikely slow path anyway.
+    return hasUndecided(type) || hasInt32(type) || hasDouble(type) || hasContiguous(type) || hasFastArrayStorage(type);
 }
 
 void ObjectsWithBrokenIndexingFinder::operator()(JSCell* cell)
@@ -412,8 +419,8 @@ void JSGlobalObject::haveABadTime(JSGlobalData& globalData)
     
     // Make sure that all JSArray allocations that load the appropriate structure from
     // this object now load a structure that uses SlowPut.
-    m_arrayStructure.set(globalData, this, m_arrayStructureForSlowPut.get());
-    m_arrayStructureWithArrayStorage.set(globalData, this, m_arrayStructureForSlowPut.get());
+    for (unsigned i = 0; i < NumberOfIndexingShapes; ++i)
+        m_arrayStructureForIndexingShapeDuringAllocation[i].set(globalData, this, originalArrayStructureForIndexingType(ArrayWithSlowPutArrayStorage));
     
     // Make sure that all objects that have indexed storage switch to the slow kind of
     // indexed storage.
@@ -428,6 +435,14 @@ void JSGlobalObject::haveABadTime(JSGlobalData& globalData)
     }
 }
 
+bool JSGlobalObject::arrayPrototypeChainIsSane()
+{
+    return !hasIndexedProperties(m_arrayPrototype->structure()->indexingType())
+        && m_arrayPrototype->prototype() == m_objectPrototype.get()
+        && !hasIndexedProperties(m_objectPrototype->structure()->indexingType())
+        && m_objectPrototype->prototype().isNull();
+}
+
 void JSGlobalObject::createThrowTypeError(ExecState* exec)
 {
     JSFunction* thrower = JSFunction::create(exec, this, 0, String(), globalFuncThrowTypeError);
@@ -457,7 +472,6 @@ void JSGlobalObject::visitChildren(JSCell* cell, SlotVisitor& visitor)
     Base::visitChildren(thisObject, visitor);
 
     visitor.append(&thisObject->m_globalThis);
-    visitor.append(&thisObject->m_methodCallDummy);
 
     visitor.append(&thisObject->m_regExpConstructor);
     visitor.append(&thisObject->m_errorConstructor);
@@ -488,9 +502,10 @@ void JSGlobalObject::visitChildren(JSCell* cell, SlotVisitor& visitor)
     visitor.append(&thisObject->m_activationStructure);
     visitor.append(&thisObject->m_nameScopeStructure);
     visitor.append(&thisObject->m_argumentsStructure);
-    visitor.append(&thisObject->m_arrayStructure);
-    visitor.append(&thisObject->m_arrayStructureWithArrayStorage);
-    visitor.append(&thisObject->m_arrayStructureForSlowPut);
+    for (unsigned i = 0; i < NumberOfIndexingShapes; ++i)
+        visitor.append(&thisObject->m_originalArrayStructureForIndexingShape[i]);
+    for (unsigned i = 0; i < NumberOfIndexingShapes; ++i)
+        visitor.append(&thisObject->m_arrayStructureForIndexingShapeDuringAllocation[i]);
     visitor.append(&thisObject->m_booleanObjectStructure);
     visitor.append(&thisObject->m_callbackConstructorStructure);
     visitor.append(&thisObject->m_callbackFunctionStructure);
author	Simon Hausmann <simon.hausmann@digia.com>	2012-11-22 09:09:45 +0100
committer	Simon Hausmann <simon.hausmann@digia.com>	2012-11-22 09:10:13 +0100
commit	470286ecfe79d59df14944e5b5d34630fc739391 (patch)
tree	43983212872e06cebefd2ae474418fa2908ca54c /Source/JavaScriptCore/runtime/JSGlobalObject.cpp
parent	23037105e948c2065da5a937d3a2396b0ff45c1e (diff)
download	qtwebkit-470286ecfe79d59df14944e5b5d34630fc739391.tar.gz