1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
|
/*
* Copyright (C) 2015-2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef PropertyCondition_h
#define PropertyCondition_h
#include "JSObject.h"
#include <wtf/HashMap.h>
namespace JSC {
class TrackedReferences;
class PropertyCondition {
public:
enum Kind {
Presence,
Absence,
AbsenceOfSetter,
Equivalence // An adaptive watchpoint on this will be a pair of watchpoints, and when the structure transitions, we will set the replacement watchpoint on the new structure.
};
PropertyCondition()
: m_uid(nullptr)
, m_kind(Presence)
{
memset(&u, 0, sizeof(u));
}
PropertyCondition(WTF::HashTableDeletedValueType)
: m_uid(nullptr)
, m_kind(Absence)
{
memset(&u, 0, sizeof(u));
}
static PropertyCondition presenceWithoutBarrier(UniquedStringImpl* uid, PropertyOffset offset, unsigned attributes)
{
PropertyCondition result;
result.m_uid = uid;
result.m_kind = Presence;
result.u.presence.offset = offset;
result.u.presence.attributes = attributes;
return result;
}
static PropertyCondition presence(
VM&, JSCell*, UniquedStringImpl* uid, PropertyOffset offset, unsigned attributes)
{
return presenceWithoutBarrier(uid, offset, attributes);
}
// NOTE: The prototype is the storedPrototype not the prototypeForLookup.
static PropertyCondition absenceWithoutBarrier(UniquedStringImpl* uid, JSObject* prototype)
{
PropertyCondition result;
result.m_uid = uid;
result.m_kind = Absence;
result.u.absence.prototype = prototype;
return result;
}
static PropertyCondition absence(
VM& vm, JSCell* owner, UniquedStringImpl* uid, JSObject* prototype)
{
if (owner)
vm.heap.writeBarrier(owner);
return absenceWithoutBarrier(uid, prototype);
}
static PropertyCondition absenceOfSetterWithoutBarrier(
UniquedStringImpl* uid, JSObject* prototype)
{
PropertyCondition result;
result.m_uid = uid;
result.m_kind = AbsenceOfSetter;
result.u.absence.prototype = prototype;
return result;
}
static PropertyCondition absenceOfSetter(
VM& vm, JSCell* owner, UniquedStringImpl* uid, JSObject* prototype)
{
if (owner)
vm.heap.writeBarrier(owner);
return absenceOfSetterWithoutBarrier(uid, prototype);
}
static PropertyCondition equivalenceWithoutBarrier(
UniquedStringImpl* uid, JSValue value)
{
PropertyCondition result;
result.m_uid = uid;
result.m_kind = Equivalence;
result.u.equivalence.value = JSValue::encode(value);
return result;
}
static PropertyCondition equivalence(
VM& vm, JSCell* owner, UniquedStringImpl* uid, JSValue value)
{
if (value.isCell() && owner)
vm.heap.writeBarrier(owner);
return equivalenceWithoutBarrier(uid, value);
}
explicit operator bool() const { return m_uid || m_kind != Presence; }
Kind kind() const { return m_kind; }
UniquedStringImpl* uid() const { return m_uid; }
bool hasOffset() const { return !!*this && m_kind == Presence; };
PropertyOffset offset() const
{
ASSERT(hasOffset());
return u.presence.offset;
}
bool hasAttributes() const { return !!*this && m_kind == Presence; };
unsigned attributes() const
{
ASSERT(hasAttributes());
return u.presence.attributes;
}
bool hasPrototype() const { return !!*this && (m_kind == Absence || m_kind == AbsenceOfSetter); }
JSObject* prototype() const
{
ASSERT(hasPrototype());
return u.absence.prototype;
}
bool hasRequiredValue() const { return !!*this && m_kind == Equivalence; }
JSValue requiredValue() const
{
ASSERT(hasRequiredValue());
return JSValue::decode(u.equivalence.value);
}
void dumpInContext(PrintStream&, DumpContext*) const;
void dump(PrintStream&) const;
unsigned hash() const
{
unsigned result = WTF::PtrHash<UniquedStringImpl*>::hash(m_uid) + static_cast<unsigned>(m_kind);
switch (m_kind) {
case Presence:
result ^= u.presence.offset;
result ^= u.presence.attributes;
break;
case Absence:
case AbsenceOfSetter:
result ^= WTF::PtrHash<JSObject*>::hash(u.absence.prototype);
break;
case Equivalence:
result ^= EncodedJSValueHash::hash(u.equivalence.value);
break;
}
return result;
}
bool operator==(const PropertyCondition& other) const
{
if (m_uid != other.m_uid)
return false;
if (m_kind != other.m_kind)
return false;
switch (m_kind) {
case Presence:
return u.presence.offset == other.u.presence.offset
&& u.presence.attributes == other.u.presence.attributes;
case Absence:
case AbsenceOfSetter:
return u.absence.prototype == other.u.absence.prototype;
case Equivalence:
return u.equivalence.value == other.u.equivalence.value;
}
RELEASE_ASSERT_NOT_REACHED();
return false;
}
bool isHashTableDeletedValue() const
{
return !m_uid && m_kind == Absence;
}
// Two conditions are compatible if they are identical or if they speak of different uids. If
// false is returned, you have to decide how to resolve the conflict - for example if there is
// a Presence and an Equivalence then in some cases you'll want the more general of the two
// while in other cases you'll want the more specific of the two. This will also return false
// for contradictions, like Presence and Absence on the same uid. By convention, invalid
// conditions aren't compatible with anything.
bool isCompatibleWith(const PropertyCondition& other) const
{
if (!*this || !other)
return false;
return *this == other || uid() != other.uid();
}
// Checks if the object's structure claims that the property won't be intercepted.
bool isStillValidAssumingImpurePropertyWatchpoint(Structure*, JSObject* base = nullptr) const;
// Returns true if we need an impure property watchpoint to ensure validity even if
// isStillValidAccordingToStructure() returned true.
bool validityRequiresImpurePropertyWatchpoint(Structure*) const;
// Checks if the condition is still valid right now for the given object and structure.
// May conservatively return false, if the object and structure alone don't guarantee the
// condition. This happens for an Absence condition on an object that may have impure
// properties. If the object is not supplied, then a "true" return indicates that checking if
// an object has the given structure guarantees the condition still holds. If an object is
// supplied, then you may need to use some other watchpoints on the object to guarantee the
// condition in addition to the structure check.
bool isStillValid(Structure*, JSObject* base = nullptr) const;
// In some cases, the condition is not watchable, but could be made watchable by enabling the
// appropriate watchpoint. For example, replacement watchpoints are enabled only when some
// access is cached on the property in some structure. This is mainly to save space for
// dictionary properties or properties that never get very hot. But, it's always safe to
// enable watching, provided that this is called from the main thread.
enum WatchabilityEffort {
// This is the default. It means that we don't change the state of any Structure or
// object, and implies that if the property happens not to be watchable then we don't make
// it watchable. This is mandatory if calling from a JIT thread. This is also somewhat
// preferable when first deciding whether to watch a condition for the first time (i.e.
// not from a watchpoint fire that causes us to see if we should adapt), since a
// watchpoint not being initialized for watching implies that maybe we don't know enough
// yet to make it profitable to watch -- as in, the thing being watched may not have
// stabilized yet. We prefer to only assume that a condition will hold if it has been
// known to hold for a while already.
MakeNoChanges,
// Do what it takes to ensure that the property can be watched, if doing so has no
// user-observable effect. For now this just means that we will ensure that a property
// replacement watchpoint is enabled if it hadn't been enabled already. Do not use this
// from JIT threads, since the act of enabling watchpoints is not thread-safe.
EnsureWatchability
};
// This means that it's still valid and we could enforce validity by setting a transition
// watchpoint on the structure and possibly an impure property watchpoint.
bool isWatchableAssumingImpurePropertyWatchpoint(
Structure*, JSObject* base = nullptr, WatchabilityEffort = MakeNoChanges) const;
// This means that it's still valid and we could enforce validity by setting a transition
// watchpoint on the structure.
bool isWatchable(
Structure*, JSObject* base = nullptr, WatchabilityEffort = MakeNoChanges) const;
bool watchingRequiresStructureTransitionWatchpoint() const
{
// Currently, this is required for all of our conditions.
return !!*this;
}
bool watchingRequiresReplacementWatchpoint() const
{
return !!*this && m_kind == Equivalence;
}
// This means that the objects involved in this are still live.
bool isStillLive() const;
void validateReferences(const TrackedReferences&) const;
static bool isValidValueForAttributes(JSValue value, unsigned attributes);
bool isValidValueForPresence(JSValue) const;
PropertyCondition attemptToMakeEquivalenceWithoutBarrier(JSObject* base) const;
private:
bool isWatchableWhenValid(Structure*, WatchabilityEffort) const;
UniquedStringImpl* m_uid;
Kind m_kind;
union {
struct {
PropertyOffset offset;
unsigned attributes;
} presence;
struct {
JSObject* prototype;
} absence;
struct {
EncodedJSValue value;
} equivalence;
} u;
};
struct PropertyConditionHash {
static unsigned hash(const PropertyCondition& key) { return key.hash(); }
static bool equal(
const PropertyCondition& a, const PropertyCondition& b)
{
return a == b;
}
static const bool safeToCompareToEmptyOrDeleted = true;
};
} // namespace JSC
namespace WTF {
void printInternal(PrintStream&, JSC::PropertyCondition::Kind);
template<typename T> struct DefaultHash;
template<> struct DefaultHash<JSC::PropertyCondition> {
typedef JSC::PropertyConditionHash Hash;
};
template<typename T> struct HashTraits;
template<> struct HashTraits<JSC::PropertyCondition> : SimpleClassHashTraits<JSC::PropertyCondition> { };
} // namespace WTF
#endif // PropertyCondition_h
|
