Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-03-01 05:48:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bug 487204 - avoiding extra locks for js_Native(Get|Set). r=brendan

Browse Source
This commit is contained in:
Igor Bukanov 2009-04-15 21:13:27 +02:00
parent 3e11fd6eb0
commit 496bcfe77d
9 changed files with 234 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
js/src/jsarray.cpp
View File

@ -793,8 +793,9 @@ array_getProperty(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
sprop = (JSScopeProperty *) prop;
if (!js_NativeGet(cx, obj, obj2, sprop, vp))
return JS_FALSE;
} else {
OBJ_DROP_PROPERTY(cx, obj2, prop);
}
OBJ_DROP_PROPERTY(cx, obj2, prop);
}
return JS_TRUE;
}
@ -1291,7 +1292,7 @@ js_MakeArraySlow(JSContext *cx, JSObject *obj)
sprop = js_AddScopeProperty(cx, (JSScope *)map, id, NULL, NULL,
i + JS_INITIAL_NSLOTS, JSPROP_ENUMERATE,
0, 0);
0, 0, NULL);
if (!sprop)
goto out_bad;
}

3
js/src/jsbuiltins.cpp
View File

@ -274,7 +274,8 @@ js_AddProperty(JSContext* cx, JSObject* obj, JSScopeProperty* sprop)
sprop2 = js_AddScopeProperty(cx, scope, sprop->id,
sprop->getter, sprop->setter, SPROP_INVALID_SLOT,
sprop->attrs, sprop->flags, sprop->shortid);
sprop->attrs, sprop->flags, sprop->shortid,
NULL);
if (sprop2 == sprop) {
JS_UNLOCK_SCOPE(cx, scope);
return JS_TRUE;

163
js/src/jsinterp.cpp
View File

@ -111,23 +111,26 @@ js_GenerateShape(JSContext *cx, JSBool gcLocked, JSScopeProperty *sprop)
}
JS_REQUIRES_STACK void
js_FillPropertyCache(JSContext *cx, JSObject *obj, jsuword kshape,
js_FillPropertyCache(JSContext *cx, JSObject *obj,
uintN scopeIndex, uintN protoIndex,
JSObject *pobj, JSScopeProperty *sprop,
JSPropCacheEntry **entryp)
JSBool cacheByPrevShape, JSPropCacheEntry **entryp)
{
JSPropertyCache *cache;
jsbytecode *pc;
JSScope *scope;
jsuword kshape, khash;
JSOp op;
const JSCodeSpec *cs;
jsuword vword;
ptrdiff_t pcoff;
jsuword khash;
JSAtom *atom;
JSPropCacheEntry *entry;
JS_ASSERT(OBJ_SCOPE(pobj)->object == pobj);
JS_ASSERT(SCOPE_HAS_PROPERTY(OBJ_SCOPE(pobj), sprop));
JS_ASSERT(!cx->runtime->gcRunning);
cache = &JS_PROPERTY_CACHE(cx);
pc = cx->fp->regs->pc;
if (cache->disabled || (cx->fp->flags & JSFRAME_EVAL)) {
@ -137,24 +140,11 @@ js_FillPropertyCache(JSContext *cx, JSObject *obj, jsuword kshape,
}
/*
* Check for fill from js_SetPropertyHelper where the setter removed sprop
* from pobj's scope (via unwatch or delete, e.g.).
*/
scope = OBJ_SCOPE(pobj);
JS_ASSERT(scope->object == pobj);
if (!SCOPE_HAS_PROPERTY(scope, sprop)) {
PCMETER(cache->oddfills++);
*entryp = NULL;
return;
}
/*
* Check for overdeep scope and prototype chain. Because resolve, getter,
* and setter hooks can change the prototype chain using JS_SetPrototype
* after js_LookupPropertyWithFlags has returned the nominal protoIndex,
* we have to validate protoIndex if it is non-zero. If it is zero, then
* we know thanks to the SCOPE_HAS_PROPERTY test above, and from the fact
* that obj == pobj, that protoIndex is invariant.
* Check for overdeep scope and prototype chain. Because resolve hooks
* that js_LookupPropertyWithFlags runs can change the prototype chain
* using JS_SetPrototype, we have to validate protoIndex if it is
* non-zero. If it is zero, then we know from the fact that obj == pobj
* that protoIndex is invariant.
*
* The scopeIndex can't be wrong. We require JS_SetParent calls to happen
* before any running script might consult a parent-linked scope chain. If
@ -198,7 +188,8 @@ js_FillPropertyCache(JSContext *cx, JSObject *obj, jsuword kshape,
*/
op = js_GetOpcode(cx, cx->fp->script, pc);
cs = &js_CodeSpec[op];
scope = OBJ_SCOPE(pobj);
kshape = 0;
do {
/*
* Check for a prototype "plain old method" callee computation. What
@ -234,12 +225,18 @@ js_FillPropertyCache(JSContext *cx, JSObject *obj, jsuword kshape,
JSVAL_TO_OBJECT(v),
JS_GetFunctionName(GET_FUNCTION_PRIVATE(cx,
JSVAL_TO_OBJECT(v))),
kshape);
OBJ_SHAPE(obj));
#endif
SCOPE_MAKE_UNIQUE_SHAPE(cx, scope);
if (cache->disabled) {
/*
* js_GenerateShape could not recover from shape's
* overflow.
*/
*entryp = NULL;
return;
}
SCOPE_SET_BRANDED(scope);
if (OBJ_SCOPE(obj) == scope)
kshape = scope->shape;
}
vword = JSVAL_OBJECT_TO_PCVAL(v);
break;
@ -256,26 +253,48 @@ js_FillPropertyCache(JSContext *cx, JSObject *obj, jsuword kshape,
} else {
/* Best we can do is to cache sprop (still a nice speedup). */
vword = SPROP_TO_PCVAL(sprop);
if (cacheByPrevShape) {
/*
* Our caller just called js_AddScopeProperty and added a new
* property. We want to cache under the shape that was prior
* the call to bias for the case when the mutator always adds
* the same property. It allows to optimize periodic execution
* of object initializers or explicit initialization sequences
* like
*
* obj = {}; obj.x = 1; obj.y = 2;
*
* We assume that on average the win from this optimization is
* bigger that the cost of an extra mismatch per loop due to
* the bias for the following case:
*
* obj = {}; ... for (...) { ... obj.x = ... }
*
* Here on the first iteration JSOP_SETPROP fills the cache
* with the shape of newly created object, not the shape after
* obj.x is assigned. That mismatches obj's shape on the
* second iteration. Note that on third and the following
* iterations the cache will be hit since the shape no longer
* mutates.
*/
JS_ASSERT(scope->object == obj);
JS_ASSERT(sprop == scope->lastProp);
if (sprop->parent) {
kshape = sprop->parent->shape;
} else {
JSObject *proto = STOBJ_GET_PROTO(obj);
if (proto && OBJ_IS_NATIVE(proto))
kshape = OBJ_SHAPE(proto);
}
}
}
} while (0);
/*
* Our caller preserved the scope shape prior to the js_GetPropertyHelper
* or similar call out of the interpreter. We want to cache under that
* shape if op is overtly mutating, to bias for the case where the mutator
* udpates shape predictably.
*
* Note that an apparently non-mutating op such as JSOP_NAME may still
* mutate the base object via, e.g., lazy standard class initialization,
* but that is a one-time event and we'll have to miss the old shape and
* re-fill under the new one.
*/
if (!(cs->format & (JOF_SET | JOF_INCDEC)) && obj == pobj)
kshape = scope->shape;
if (kshape == 0)
kshape = OBJ_SHAPE(obj);
khash = PROPERTY_CACHE_HASH_PC(pc, kshape);
if (obj == pobj) {
JS_ASSERT(kshape != 0 || scope->shape != 0);
JS_ASSERT(kshape != 0);
JS_ASSERT(scopeIndex == 0 && protoIndex == 0);
JS_ASSERT(OBJ_SCOPE(obj)->object == obj);
} else {
@ -470,7 +489,6 @@ js_PurgePropertyCache(JSContext *cx, JSPropertyCache *cache)
P(nofills);
P(rofills);
P(disfills);
P(oddfills);
P(modfills);
P(brandfills);
P(noprotos);
@ -2620,6 +2638,16 @@ JS_STATIC_ASSERT(JSOP_INCNAME_LENGTH == JSOP_DECNAME_LENGTH);
JS_STATIC_ASSERT(JSOP_INCNAME_LENGTH == JSOP_NAMEINC_LENGTH);
JS_STATIC_ASSERT(JSOP_INCNAME_LENGTH == JSOP_NAMEDEC_LENGTH);
#ifdef JS_TRACER
# define ABORT_RECORDING(cx, reason) \
JS_BEGIN_MACRO \
if (TRACE_RECORDER(cx)) \
js_AbortRecording(cx, reason); \
JS_END_MACRO
#else
# define ABORT_RECORDING(cx, reason) ((void 0))
#endif
JS_REQUIRES_STACK JSBool
js_Interpret(JSContext *cx)
{
@ -3015,10 +3043,7 @@ js_Interpret(JSContext *cx)
bool moreInterrupts = false;
JSTrapHandler handler = cx->debugHooks->interruptHandler;
if (handler) {
#ifdef JS_TRACER
if (TRACE_RECORDER(cx))
js_AbortRecording(cx, "interrupt handler");
#endif
ABORT_RECORDING(cx, "interrupt handler");
switch (handler(cx, script, regs.pc, &rval,
cx->debugHooks->interruptHandlerData)) {
case JSTRAP_ERROR:
@ -3558,21 +3583,25 @@ js_Interpret(JSContext *cx)
*vp = ((sprop)->slot != SPROP_INVALID_SLOT) \
? LOCKED_OBJ_GET_SLOT(pobj, (sprop)->slot) \
: JSVAL_VOID; \
JS_UNLOCK_OBJ(cx, pobj); \
} else { \
if (!js_NativeGet(cx, obj, pobj, sprop, vp)) \
goto error; \
} \
JS_END_MACRO
#define NATIVE_SET(cx,obj,sprop,vp) \
#define NATIVE_SET(cx,obj,entry,sprop,vp) \
JS_BEGIN_MACRO \
if (SPROP_HAS_STUB_SETTER(sprop) && \
(sprop)->slot != SPROP_INVALID_SLOT) { \
/* Fast path for, e.g., Object instance properties. */ \
LOCKED_OBJ_WRITE_BARRIER(cx, obj, (sprop)->slot, *vp); \
JS_UNLOCK_OBJ(cx, obj); \
TRACE_2(SetPropHit, entry, sprop); \
} else { \
if (!js_NativeSet(cx, obj, sprop, vp)) \
goto error; \
ABORT_RECORDING(cx, "non-stub setter"); \
} \
JS_END_MACRO
@ -4432,6 +4461,7 @@ js_Interpret(JSContext *cx)
JS_ASSERT(PCVAL_IS_SPROP(entry->vword));
sprop = PCVAL_TO_SPROP(entry->vword);
NATIVE_GET(cx, obj, obj2, sprop, &rval);
break;
}
JS_UNLOCK_OBJ(cx, obj2);
break;
@ -4515,16 +4545,17 @@ js_Interpret(JSContext *cx)
ASSERT_VALID_PROPERTY_CACHE_HIT(0, aobj, obj2, entry);
if (PCVAL_IS_OBJECT(entry->vword)) {
rval = PCVAL_OBJECT_TO_JSVAL(entry->vword);
JS_UNLOCK_OBJ(cx, obj2);
} else if (PCVAL_IS_SLOT(entry->vword)) {
slot = PCVAL_TO_SLOT(entry->vword);
JS_ASSERT(slot < obj2->map->freeslot);
rval = LOCKED_OBJ_GET_SLOT(obj2, slot);
JS_UNLOCK_OBJ(cx, obj2);
} else {
JS_ASSERT(PCVAL_IS_SPROP(entry->vword));
sprop = PCVAL_TO_SPROP(entry->vword);
NATIVE_GET(cx, obj, obj2, sprop, &rval);
}
JS_UNLOCK_OBJ(cx, obj2);
STORE_OPND(-1, rval);
PUSH_OPND(lval);
goto end_callprop;
@ -4635,9 +4666,7 @@ js_Interpret(JSContext *cx)
SCOPE_HAS_PROPERTY(scope, sprop)) {
PCMETER(cache->pchits++);
PCMETER(cache->setpchits++);
NATIVE_SET(cx, obj, sprop, &rval);
JS_UNLOCK_SCOPE(cx, scope);
TRACE_2(SetPropHit, entry, sprop);
NATIVE_SET(cx, obj, entry, sprop, &rval);
break;
}
} else {
@ -4704,7 +4733,8 @@ js_Interpret(JSContext *cx)
slot,
sprop->attrs,
sprop->flags,
sprop->shortid);
sprop->shortid,
NULL);
if (!sprop2) {
js_FreeSlot(cx, obj, slot);
JS_UNLOCK_SCOPE(cx, scope);
@ -4762,13 +4792,10 @@ js_Interpret(JSContext *cx)
sprop = PCVAL_TO_SPROP(entry->vword);
JS_ASSERT(!(sprop->attrs & JSPROP_READONLY));
JS_ASSERT(!SCOPE_IS_SEALED(OBJ_SCOPE(obj2)));
NATIVE_SET(cx, obj, sprop, &rval);
}
JS_UNLOCK_OBJ(cx, obj2);
if (sprop) {
TRACE_2(SetPropHit, entry, sprop);
NATIVE_SET(cx, obj, entry, sprop, &rval);
break;
}
JS_UNLOCK_OBJ(cx, obj2);
}
}
@ -4786,10 +4813,7 @@ js_Interpret(JSContext *cx)
if (!OBJ_SET_PROPERTY(cx, obj, id, &rval))
goto error;
}
#ifdef JS_TRACER
if (!entry && TRACE_RECORDER(cx))
js_AbortRecording(cx, "SetPropUncached");
#endif
ABORT_RECORDING(cx, "SetPropUncached");
} while (0);
END_SET_CASE_STORE_RVAL(JSOP_SETPROP, 2);
@ -5309,7 +5333,6 @@ js_Interpret(JSContext *cx)
sprop = (JSScopeProperty *)prop;
do_native_get:
NATIVE_GET(cx, obj, obj2, sprop, &rval);
OBJ_DROP_PROPERTY(cx, obj2, (JSProperty *) sprop);
}
do_push_rval:
@ -5789,10 +5812,7 @@ js_Interpret(JSContext *cx)
* JSOP_SETGVAR has arity 1: [rval], not arity 2: [obj, rval]
* as JSOP_SETNAME does, where [obj] is due to JSOP_BINDNAME.
*/
#ifdef JS_TRACER
if (TRACE_RECORDER(cx))
js_AbortRecording(cx, "SETGVAR with NULL slot");
#endif
ABORT_RECORDING(cx, "SETGVAR with NULL slot");
LOAD_ATOM(0);
id = ATOM_TO_JSID(atom);
if (!OBJ_SET_PROPERTY(cx, obj, id, &rval))
@ -6097,10 +6117,7 @@ js_Interpret(JSContext *cx)
goto error;
if (OBJ_GET_PARENT(cx, obj) != parent) {
#ifdef JS_TRACER
if (TRACE_RECORDER(cx))
js_AbortRecording(cx, "DEFLOCALFUN for closure");
#endif
ABORT_RECORDING(cx, "DEFLOCALFUN for closure");
obj = js_CloneFunctionObject(cx, fun, parent);
if (!obj)
goto error;
@ -6394,7 +6411,8 @@ js_Interpret(JSContext *cx)
js_AddScopeProperty(cx, scope, sprop->id,
sprop->getter, sprop->setter,
slot, sprop->attrs,
sprop->flags, sprop->shortid);
sprop->flags, sprop->shortid,
NULL);
if (!sprop2) {
js_FreeSlot(cx, obj, slot);
JS_UNLOCK_SCOPE(cx, scope);
@ -7141,15 +7159,12 @@ js_Interpret(JSContext *cx)
JS_ASSERT((size_t)((fp->imacpc ? fp->imacpc : regs.pc) - script->code) < script->length);
#ifdef JS_TRACER
/*
* This abort could be weakened to permit tracing through exceptions that
* are thrown and caught within a loop, with the co-operation of the tracer.
* For now just bail on any sign of trouble.
*/
if (TRACE_RECORDER(cx))
js_AbortRecording(cx, "error or exception while recording");
#endif
ABORT_RECORDING(cx, "error or exception while recording");
if (!cx->throwing) {
/* This is an error, not a catchable exception, quit the frame ASAP. */

5
js/src/jsinterp.h
View File

@ -273,7 +273,6 @@ typedef struct JSPropertyCache {
uint32 nofills; /* couldn't fill (e.g. default get) */
uint32 rofills; /* set on read-only prop can't fill */
uint32 disfills; /* fill attempts on disabled cache */
uint32 oddfills; /* fill attempt after setter deleted */
uint32 modfills; /* fill that rehashed to a new entry */
uint32 brandfills; /* scope brandings to type structural
method fills */
@ -344,10 +343,10 @@ typedef struct JSPropertyCache {
* 4-bit scopeIndex, and 4-bit protoIndex.
*/
extern JS_REQUIRES_STACK void
js_FillPropertyCache(JSContext *cx, JSObject *obj, jsuword kshape,
js_FillPropertyCache(JSContext *cx, JSObject *obj,
uintN scopeIndex, uintN protoIndex,
JSObject *pobj, JSScopeProperty *sprop,
JSPropCacheEntry **entryp);
JSBool cacheByPrevShape, JSPropCacheEntry **entryp);
/*
* Property cache lookup macros. PROPERTY_CACHE_TEST is designed to inline the

201
js/src/jsobj.cpp
View File

@ -3646,7 +3646,7 @@ js_AddNativeProperty(JSContext *cx, JSObject *obj, jsid id,
/* Convert string indices to integers if appropriate. */
CHECK_FOR_STRING_INDEX(id);
sprop = js_AddScopeProperty(cx, scope, id, getter, setter, slot, attrs,
flags, shortid);
flags, shortid, NULL);
}
JS_UNLOCK_OBJ(cx, obj);
return sprop;
@ -3712,12 +3712,11 @@ js_DefineNativeProperty(JSContext *cx, JSObject *obj, jsid id, jsval value,
JSClass *clasp;
JSScope *scope;
JSScopeProperty *sprop;
JSBool cacheByPrevShape;
/* Convert string indices to integers if appropriate. */
CHECK_FOR_STRING_INDEX(id);
uint32 shape = OBJ_SHAPE(obj);
#if JS_HAS_GETTER_SETTER
/*
* If defining a getter or setter, we must check for its counterpart and
@ -3785,13 +3784,14 @@ js_DefineNativeProperty(JSContext *cx, JSObject *obj, jsid id, jsval value,
if (!scope)
goto bad;
cacheByPrevShape = false;
if (!sprop) {
/* Add a new property, or replace an existing one of the same id. */
if (clasp->flags & JSCLASS_SHARE_ALL_PROPERTIES)
attrs |= JSPROP_SHARED;
sprop = js_AddScopeProperty(cx, scope, id, getter, setter,
SPROP_INVALID_SLOT, attrs, flags,
shortid);
shortid, &cacheByPrevShape);
if (!sprop)
goto bad;
}
@ -3807,10 +3807,12 @@ js_DefineNativeProperty(JSContext *cx, JSObject *obj, jsid id, jsval value,
if (entryp) {
JS_ASSERT_NOT_ON_TRACE(cx);
if (!(attrs & JSPROP_SHARED))
js_FillPropertyCache(cx, obj, shape, 0, 0, obj, sprop, entryp);
else
if (!(attrs & JSPROP_SHARED)) {
js_FillPropertyCache(cx, obj, 0, 0, obj, sprop,
cacheByPrevShape, entryp);
} else {
PCMETER(JS_PROPERTY_CACHE(cx).nofills++);
}
}
if (propp)
*propp = (JSProperty *) sprop;
@ -4009,15 +4011,14 @@ js_FindPropertyHelper(JSContext *cx, jsid id, JSObject **objp,
JSObject **pobjp, JSProperty **propp,
JSPropCacheEntry **entryp)
{
JSObject *obj, *pobj, *lastobj;
uint32 shape;
JSObject *scopeChain, *obj, *pobj, *lastobj;
int scopeIndex, protoIndex;
JSProperty *prop;
JSScopeProperty *sprop;
JS_ASSERT_IF(entryp, !JS_ON_TRACE(cx));
obj = js_GetTopStackFrame(cx)->scopeChain;
shape = OBJ_SHAPE(obj);
scopeChain = js_GetTopStackFrame(cx)->scopeChain;
obj = scopeChain;
for (scopeIndex = 0; ; scopeIndex++) {
if (obj->map->ops->lookupProperty == js_LookupProperty) {
protoIndex =
@ -4035,8 +4036,8 @@ js_FindPropertyHelper(JSContext *cx, jsid id, JSObject **objp,
if (entryp) {
if (protoIndex >= 0 && OBJ_IS_NATIVE(pobj)) {
sprop = (JSScopeProperty *) prop;
js_FillPropertyCache(cx, cx->fp->scopeChain, shape,
scopeIndex, protoIndex, pobj, sprop,
js_FillPropertyCache(cx, scopeChain, scopeIndex,
protoIndex, pobj, sprop, false,
entryp);
} else {
PCMETER(JS_PROPERTY_CACHE(cx).nofills++);
@ -4118,9 +4119,8 @@ js_FindIdentifierBase(JSContext *cx, JSObject *scopeChain, jsid id,
if (prop) {
JS_ASSERT(OBJ_IS_NATIVE(pobj));
JS_ASSERT(OBJ_GET_CLASS(cx, pobj) == OBJ_GET_CLASS(cx, obj));
js_FillPropertyCache(cx, scopeChain, OBJ_SHAPE(scopeChain),
scopeIndex, protoIndex, pobj,
(JSScopeProperty *) prop, &entry);
js_FillPropertyCache(cx, scopeChain, scopeIndex, protoIndex, pobj,
(JSScopeProperty *) prop, false, &entry);
JS_UNLOCK_OBJ(cx, pobj);
return obj;
}
@ -4159,69 +4159,67 @@ JSBool
js_NativeGet(JSContext *cx, JSObject *obj, JSObject *pobj,
JSScopeProperty *sprop, jsval *vp)
{
js_LeaveTraceIfGlobalObject(cx, pobj);
JSScope *scope;
uint32 slot;
int32 sample;
JSTempValueRooter tvr;
JSBool ok;
JS_ASSERT(OBJ_IS_NATIVE(pobj));
JS_ASSERT(JS_IS_OBJ_LOCKED(cx, pobj));
scope = OBJ_SCOPE(pobj);
JS_ASSERT(scope->object == pobj);
JS_ASSERT(OBJ_SCOPE(pobj)->object == pobj);
slot = sprop->slot;
*vp = (slot != SPROP_INVALID_SLOT)
? LOCKED_OBJ_GET_SLOT(pobj, slot)
: JSVAL_VOID;
if (SPROP_HAS_STUB_GETTER(sprop))
return JS_TRUE;
js_LeaveTraceIfGlobalObject(cx, pobj);
sample = cx->runtime->propertyRemovals;
JS_UNLOCK_SCOPE(cx, scope);
JS_PUSH_TEMP_ROOT_SPROP(cx, sprop, &tvr);
ok = js_GetSprop(cx, sprop, obj, vp);
JS_POP_TEMP_ROOT(cx, &tvr);
if (!ok)
return JS_FALSE;
JS_LOCK_SCOPE(cx, scope);
JS_ASSERT(scope->object == pobj);
if (SLOT_IN_SCOPE(slot, scope) &&
(JS_LIKELY(cx->runtime->propertyRemovals == sample) ||
SCOPE_GET_PROPERTY(scope, sprop->id) == sprop)) {
LOCKED_OBJ_SET_SLOT(pobj, slot, *vp);
JSScope *scope = OBJ_SCOPE(pobj);
uint32 slot = sprop->slot;
if (slot == SPROP_INVALID_SLOT) {
JS_UNLOCK_SCOPE(cx, scope);
*vp = JSVAL_VOID;
return SPROP_HAS_STUB_GETTER(sprop) || js_GetSprop(cx, sprop, obj, vp);
}
*vp = LOCKED_OBJ_GET_SLOT(pobj, slot);
if (!SPROP_HAS_STUB_GETTER(sprop)) {
/*
* For API compatibility, we must set the slot with the getter's
* result, so we have to make sure that it is still valid after we run
* the getter. FIXME: we should reconsider this, bug 488458.
*/
int32 sample = cx->runtime->propertyRemovals;
JSTempValueRooter tvr, tvr2;
JSBool ok;
JS_UNLOCK_SCOPE(cx, scope);
JS_PUSH_TEMP_ROOT_SPROP(cx, sprop, &tvr);
JS_PUSH_TEMP_ROOT_OBJECT(cx, pobj, &tvr2);
ok = js_GetSprop(cx, sprop, obj, vp);
JS_POP_TEMP_ROOT(cx, &tvr2);
JS_POP_TEMP_ROOT(cx, &tvr);
if (!ok)
return JS_FALSE;
JS_LOCK_SCOPE(cx, scope);
JS_ASSERT(scope->object == pobj);
if (SLOT_IN_SCOPE(slot, scope) &&
(JS_LIKELY(cx->runtime->propertyRemovals == sample) ||
SCOPE_GET_PROPERTY(scope, sprop->id) == sprop)) {
LOCKED_OBJ_SET_SLOT(pobj, slot, *vp);
}
}
JS_UNLOCK_SCOPE(cx, scope);
return JS_TRUE;
}
JSBool
js_NativeSet(JSContext *cx, JSObject *obj, JSScopeProperty *sprop, jsval *vp)
{
js_LeaveTraceIfGlobalObject(cx, obj);
JSScope *scope;
uint32 slot;
int32 sample;
JSTempValueRooter tvr;
JSBool ok;
JS_ASSERT(OBJ_IS_NATIVE(obj));
JS_ASSERT(JS_IS_OBJ_LOCKED(cx, obj));
scope = OBJ_SCOPE(obj);
JS_ASSERT(scope->object == obj);
JS_ASSERT(OBJ_SCOPE(obj)->object == obj);
slot = sprop->slot;
if (slot != SPROP_INVALID_SLOT) {
OBJ_CHECK_SLOT(obj, slot);
js_LeaveTraceIfGlobalObject(cx, obj);
JSScope *scope = OBJ_SCOPE(obj);
uint32 slot = sprop->slot;
if (slot == SPROP_INVALID_SLOT) {
JS_UNLOCK_SCOPE(cx, scope);
/* If sprop has a stub setter, keep scope locked and just store *vp. */
if (SPROP_HAS_STUB_SETTER(sprop))
goto set_slot;
} else {
/*
* Allow API consumers to create shared properties with stub setters.
* Such properties lack value storage, so setting them is like writing
@ -4235,24 +4233,39 @@ js_NativeSet(JSContext *cx, JSObject *obj, JSScopeProperty *sprop, jsval *vp)
JS_ASSERT(!(sprop->attrs & JSPROP_SETTER));
return JS_TRUE;
}
return js_SetSprop(cx, sprop, obj, vp);
}
sample = cx->runtime->propertyRemovals;
JS_UNLOCK_SCOPE(cx, scope);
JS_PUSH_TEMP_ROOT_SPROP(cx, sprop, &tvr);
ok = js_SetSprop(cx, sprop, obj, vp);
JS_POP_TEMP_ROOT(cx, &tvr);
if (!ok)
return JS_FALSE;
OBJ_CHECK_SLOT(obj, slot);
JS_LOCK_SCOPE(cx, scope);
JS_ASSERT(scope->object == obj);
if (SLOT_IN_SCOPE(slot, scope) &&
(JS_LIKELY(cx->runtime->propertyRemovals == sample) ||
SCOPE_GET_PROPERTY(scope, sprop->id) == sprop)) {
set_slot:
if (SPROP_HAS_STUB_SETTER(sprop)) {
LOCKED_OBJ_WRITE_BARRIER(cx, obj, slot, *vp);
} else {
/*
* For API compatibility we must set the slot with setter's result so
* we must make sure that it is still valid after we run the setter.
* FIXME: we should reconsider this, bug 488458.
*/
int32 sample = cx->runtime->propertyRemovals;
JSTempValueRooter tvr;
JSBool ok;
JS_UNLOCK_SCOPE(cx, scope);
JS_PUSH_TEMP_ROOT_SPROP(cx, sprop, &tvr);
ok = js_SetSprop(cx, sprop, obj, vp);
JS_POP_TEMP_ROOT(cx, &tvr);
if (!ok)
return JS_FALSE;
JS_LOCK_SCOPE(cx, scope);
JS_ASSERT(scope->object == obj);
if (SLOT_IN_SCOPE(slot, scope) &&
(JS_LIKELY(cx->runtime->propertyRemovals == sample) ||
SCOPE_GET_PROPERTY(scope, sprop->id) == sprop)) {
LOCKED_OBJ_WRITE_BARRIER(cx, obj, slot, *vp);
}
}
JS_UNLOCK_SCOPE(cx, scope);
return JS_TRUE;
}
@ -4262,7 +4275,6 @@ js_GetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
JSPropCacheEntry **entryp)
{
JSObject *aobj, *obj2;
uint32 shape;
int protoIndex;
JSProperty *prop;
JSScopeProperty *sprop;
@ -4272,7 +4284,6 @@ js_GetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
CHECK_FOR_STRING_INDEX(id);
aobj = js_GetProtoIfDenseArray(cx, obj);
shape = OBJ_SHAPE(aobj);
protoIndex = js_LookupPropertyWithFlags(cx, aobj, id, cx->resolveFlags,
&obj2, &prop);
if (protoIndex < 0)
@ -4346,15 +4357,14 @@ js_GetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
}
sprop = (JSScopeProperty *) prop;
if (!js_NativeGet(cx, obj, obj2, sprop, vp))
return JS_FALSE;
if (entryp) {
JS_ASSERT_NOT_ON_TRACE(cx);
js_FillPropertyCache(cx, aobj, shape, 0, protoIndex, obj2, sprop, entryp);
js_FillPropertyCache(cx, aobj, 0, protoIndex, obj2, sprop, false,
entryp);
}
JS_UNLOCK_OBJ(cx, obj2);
return JS_TRUE;
/* The following unlocks the object. */
return js_NativeGet(cx, obj, obj2, sprop, vp);
}
JSBool
@ -4404,7 +4414,6 @@ JSBool
js_SetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
JSPropCacheEntry **entryp)
{
uint32 shape;
int protoIndex;
JSObject *pobj;
JSProperty *prop;
@ -4414,6 +4423,7 @@ js_SetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
intN shortid;
JSClass *clasp;
JSPropertyOp getter, setter;
JSBool cacheByPrevShape;
/* Convert string indices to integers if appropriate. */
CHECK_FOR_STRING_INDEX(id);
@ -4427,7 +4437,6 @@ js_SetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
goto read_only_error;
}
shape = OBJ_SHAPE(obj);
protoIndex = js_LookupPropertyWithFlags(cx, obj, id, cx->resolveFlags,
&pobj, &prop);
if (protoIndex < 0)
@ -4557,6 +4566,7 @@ js_SetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
#endif
}
cacheByPrevShape = false;
if (!sprop) {
/*
* Purge the property cache of now-shadowed id in obj's scope chain.
@ -4574,7 +4584,8 @@ js_SetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
if (clasp->flags & JSCLASS_SHARE_ALL_PROPERTIES)
attrs |= JSPROP_SHARED;
sprop = js_AddScopeProperty(cx, scope, id, getter, setter,
SPROP_INVALID_SLOT, attrs, flags, shortid);
SPROP_INVALID_SLOT, attrs, flags, shortid,
&cacheByPrevShape);
if (!sprop) {
JS_UNLOCK_SCOPE(cx, scope);
return JS_FALSE;
@ -4595,18 +4606,18 @@ js_SetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
return JS_FALSE);
}
if (!js_NativeSet(cx, obj, sprop, vp))
return JS_FALSE;
if (entryp) {
JS_ASSERT_NOT_ON_TRACE(cx);
if (!(attrs & JSPROP_SHARED))
js_FillPropertyCache(cx, obj, shape, 0, 0, obj, sprop, entryp);
else
if (!(attrs & JSPROP_SHARED)) {
js_FillPropertyCache(cx, obj, 0, 0, obj, sprop, cacheByPrevShape,
entryp);
} else {
PCMETER(JS_PROPERTY_CACHE(cx).nofills++);
}
}
JS_UNLOCK_SCOPE(cx, scope);
return JS_TRUE;
/* The following unlocks the object. */
return js_NativeSet(cx, obj, sprop, vp);
read_only_error:
return js_ReportValueErrorFlags(cx, flags, JSMSG_READ_ONLY,

12
js/src/jsobj.h
View File

@ -688,15 +688,19 @@ extern JSObject *
js_FindVariableScope(JSContext *cx, JSFunction **funp);
/*
* NB: js_NativeGet and js_NativeSet are called with the scope containing sprop
* (pobj's scope for Get, obj's for Set) locked, and on successful return, that
* scope is again locked. But on failure, both functions return false with the
* scope containing sprop unlocked.
* This function must be called with pobj's scope locked. On return that scope
* is always unlocked. After this function returns, the caller must not access
* pobj or sprop unless it knows that sprop's getter is a stub.
*/
extern JSBool
js_NativeGet(JSContext *cx, JSObject *obj, JSObject *pobj,
JSScopeProperty *sprop, jsval *vp);
/*
* This function must be called with obj's scope locked. On return that scope
* is always unlocked. After this function returns, the caller must not access
* sprop unless it knows that sprop's setter is a stub.
*/
extern JSBool
js_NativeSet(JSContext *cx, JSObject *obj, JSScopeProperty *sprop, jsval *vp);

18
js/src/jsscope.cpp
View File

@ -991,7 +991,8 @@ ReportReadOnlyScope(JSContext *cx, JSScope *scope)
JSScopeProperty *
js_AddScopeProperty(JSContext *cx, JSScope *scope, jsid id,
JSPropertyOp getter, JSPropertyOp setter, uint32 slot,
uintN attrs, uintN flags, intN shortid)
uintN attrs, uintN flags, intN shortid,
JSBool *cacheByPrevShape)
{
JSScopeProperty **spp, *sprop, *overwriting, **spvec, **spp2, child;
uint32 size, splen, i;
@ -999,6 +1000,7 @@ js_AddScopeProperty(JSContext *cx, JSScope *scope, jsid id,
JSTempValueRooter tvr;
JS_ASSERT(JS_IS_SCOPE_LOCKED(cx, scope));
JS_ASSERT_IF(cacheByPrevShape, !*cacheByPrevShape);
CHECK_ANCESTOR_LINE(scope, JS_TRUE);
/*
@ -1272,8 +1274,17 @@ js_AddScopeProperty(JSContext *cx, JSScope *scope, jsid id,
* The scope's shape defaults to its last property's shape, but may
* be regenerated later as the scope diverges (from the property cache
* point of view) from the structural type associated with sprop.
*
* The following is an open-coded version of SCOPE_EXTEND_SHAPE to
* set *cacheByPrevShape.
*/
SCOPE_EXTEND_SHAPE(cx, scope, sprop);
if (!scope->lastProp || scope->shape == scope->lastProp->shape) {
scope->shape = sprop->shape;
if (cacheByPrevShape)
*cacheByPrevShape = true;
} else {
scope->shape = js_GenerateShape(cx, false, sprop);
}
/* Store the tree node pointer in the table entry for id. */
if (scope->table)
@ -1409,7 +1420,8 @@ js_ChangeScopePropertyAttrs(JSContext *cx, JSScope *scope,
*/
newsprop = js_AddScopeProperty(cx, scope, child.id,
child.getter, child.setter, child.slot,
child.attrs, child.flags, child.shortid);
child.attrs, child.flags, child.shortid,
NULL);
}
if (newsprop) {

8
js/src/jsscope.h
View File

@ -406,10 +406,16 @@ js_SearchScope(JSScope *scope, jsid id, JSBool adding);
#define SCOPE_HAS_PROPERTY(scope, sprop) \
(SCOPE_GET_PROPERTY(scope, (sprop)->id) == (sprop))
/*
* If cacheByPrevShape is not null, *cacheByPrevShape must be false on
* entrance. On exit it will point to true if this call added the property
* predictably and js_FillPropertyCache can optimize for that.
*/
extern JSScopeProperty *
js_AddScopeProperty(JSContext *cx, JSScope *scope, jsid id,
JSPropertyOp getter, JSPropertyOp setter, uint32 slot,
uintN attrs, uintN flags, intN shortid);
uintN attrs, uintN flags, intN shortid,
JSBool *cacheByPrevShape);
extern JSScopeProperty *
js_ChangeScopePropertyAttrs(JSContext *cx, JSScope *scope,

4
js/src/jstracer.cpp
View File

@ -5966,8 +5966,8 @@ TraceRecorder::test_property_cache(JSObject* obj, LIns* obj_ins, JSObject*& obj2
ABORT_TRACE("property found on non-native object");
}
js_FillPropertyCache(cx, aobj, OBJ_SHAPE(aobj), 0, protoIndex, obj2,
(JSScopeProperty*) prop, &entry);
js_FillPropertyCache(cx, aobj, 0, protoIndex, obj2,
(JSScopeProperty*) prop, false, &entry);
}
}