RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 15:47:45 +00:00
Code Issues Activity Actions

LibJS/Bytecode: Invalidate inline caches on unique shape mutation

Browse source 
Since we can't rely on shape identity (i.e its pointer address) for
unique shapes, give them a serial number that increments whenever a
mutation occurs.

Inline caches can then compare this serial number against what they
have seen before.
This commit is contained in:
Andreas Kling 2023-07-10 20:45:31 +02:00 committed by Linus Groh
parent 17d23e76e5
commit cf6792ec40
6 changed files with 38 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Userland/Libraries/LibJS/Runtime/Object.h
View file

@ -48,6 +48,7 @@ struct CacheablePropertyMetadata {
};
Type type { Type::NotCacheable };
Optional<u32> property_offset;
u64 unique_shape_serial_number { 0 };
};
class Object : public Cell {

6
Userland/Libraries/LibJS/Runtime/Shape.cpp
View file

@ -197,6 +197,8 @@ void Shape::add_property_to_unique_shape(StringOrSymbol const& property_key, Pro
VERIFY(m_property_count < NumericLimits<u32>::max());
++m_property_count;
++m_unique_shape_serial_number;
}
void Shape::reconfigure_property_in_unique_shape(StringOrSymbol const& property_key, PropertyAttributes attributes)
@ -207,6 +209,8 @@ void Shape::reconfigure_property_in_unique_shape(StringOrSymbol const& property_
VERIFY(it != m_property_table->end());
it->value.attributes = attributes;
m_property_table->set(property_key, it->value);
++m_unique_shape_serial_number;
}
void Shape::remove_property_from_unique_shape(StringOrSymbol const& property_key, size_t offset)
@ -220,6 +224,8 @@ void Shape::remove_property_from_unique_shape(StringOrSymbol const& property_key
if (it.value.offset > offset)
--it.value.offset;
}
++m_unique_shape_serial_number;
}
void Shape::add_property_without_transition(StringOrSymbol const& property_key, PropertyAttributes attributes)

6
Userland/Libraries/LibJS/Runtime/Shape.h
View file

@ -81,6 +81,8 @@ public:
void add_property_to_unique_shape(StringOrSymbol const&, PropertyAttributes attributes);
void reconfigure_property_in_unique_shape(StringOrSymbol const& property_key, PropertyAttributes attributes);
[[nodiscard]] u64 unique_shape_serial_number() const { return m_unique_shape_serial_number; }
private:
explicit Shape(Realm&);
Shape(Shape& previous_shape, StringOrSymbol const& property_key, PropertyAttributes attributes, TransitionType);
@ -107,6 +109,10 @@ private:
PropertyAttributes m_attributes { 0 };
TransitionType m_transition_type : 6 { TransitionType::Invalid };
bool m_unique : 1 { false };
// Since unique shapes never change identity, inline caches use this incrementing serial number
// to know whether its property table has been modified since last time we checked.
u64 m_unique_shape_serial_number { 0 };
};
}