1/*
2 * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#pragma once
27
28#include "InternalFunctionAllocationProfile.h"
29#include "JSCast.h"
30#include "ObjectAllocationProfile.h"
31#include "PackedCellPtr.h"
32#include "Watchpoint.h"
33
34namespace JSC {
35
36class JSGlobalObject;
37class LLIntOffsetsExtractor;
38namespace DFG {
39class SpeculativeJIT;
40class JITCompiler;
41}
42
43class FunctionRareData final : public JSCell {
44 friend class JIT;
45 friend class DFG::SpeculativeJIT;
46 friend class DFG::JITCompiler;
47 friend class VM;
48
49public:
50 typedef JSCell Base;
51 static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal;
52
53 static FunctionRareData* create(VM&);
54
55 static const bool needsDestruction = true;
56 static void destroy(JSCell*);
57
58 static Structure* createStructure(VM&, JSGlobalObject*, JSValue prototype);
59
60 static void visitChildren(JSCell*, SlotVisitor&);
61
62 DECLARE_INFO;
63
64 static inline ptrdiff_t offsetOfObjectAllocationProfile() { return OBJECT_OFFSETOF(FunctionRareData, m_objectAllocationProfile); }
65 static inline ptrdiff_t offsetOfObjectAllocationProfileWatchpoint() { return OBJECT_OFFSETOF(FunctionRareData, m_objectAllocationProfileWatchpoint); }
66 static inline ptrdiff_t offsetOfInternalFunctionAllocationProfile() { return OBJECT_OFFSETOF(FunctionRareData, m_internalFunctionAllocationProfile); }
67 static inline ptrdiff_t offsetOfBoundFunctionStructure() { return OBJECT_OFFSETOF(FunctionRareData, m_boundFunctionStructure); }
68 static inline ptrdiff_t offsetOfAllocationProfileClearingWatchpoint() { return OBJECT_OFFSETOF(FunctionRareData, m_allocationProfileClearingWatchpoint); }
69 static inline ptrdiff_t offsetOfHasReifiedLength() { return OBJECT_OFFSETOF(FunctionRareData, m_hasReifiedLength); }
70 static inline ptrdiff_t offsetOfHasReifiedName() { return OBJECT_OFFSETOF(FunctionRareData, m_hasReifiedName); }
71
72 ObjectAllocationProfileWithPrototype* objectAllocationProfile()
73 {
74 return &m_objectAllocationProfile;
75 }
76
77 Structure* objectAllocationStructure() { return m_objectAllocationProfile.structure(); }
78 JSObject* objectAllocationPrototype() { return m_objectAllocationProfile.prototype(); }
79
80 InlineWatchpointSet& allocationProfileWatchpointSet()
81 {
82 return m_objectAllocationProfileWatchpoint;
83 }
84
85 void clear(const char* reason);
86
87 void initializeObjectAllocationProfile(VM&, JSGlobalObject*, JSObject* prototype, size_t inlineCapacity, JSFunction* constructor);
88
89 bool isObjectAllocationProfileInitialized() { return !m_objectAllocationProfile.isNull(); }
90
91 Structure* internalFunctionAllocationStructure() { return m_internalFunctionAllocationProfile.structure(); }
92 Structure* createInternalFunctionAllocationStructureFromBase(VM& vm, JSGlobalObject* globalObject, JSObject* prototype, Structure* baseStructure)
93 {
94 return m_internalFunctionAllocationProfile.createAllocationStructureFromBase(vm, globalObject, this, prototype, baseStructure);
95 }
96 void clearInternalFunctionAllocationProfile()
97 {
98 m_internalFunctionAllocationProfile.clear();
99 }
100
101 Structure* getBoundFunctionStructure() { return m_boundFunctionStructure.get(); }
102 void setBoundFunctionStructure(VM& vm, Structure* structure) { m_boundFunctionStructure.set(vm, this, structure); }
103
104 bool hasReifiedLength() const { return m_hasReifiedLength; }
105 void setHasReifiedLength() { m_hasReifiedLength = true; }
106 bool hasReifiedName() const { return m_hasReifiedName; }
107 void setHasReifiedName() { m_hasReifiedName = true; }
108
109 bool hasAllocationProfileClearingWatchpoint() const { return !!m_allocationProfileClearingWatchpoint; }
110 Watchpoint* createAllocationProfileClearingWatchpoint()
111 {
112 RELEASE_ASSERT(!hasAllocationProfileClearingWatchpoint());
113 m_allocationProfileClearingWatchpoint = std::make_unique<AllocationProfileClearingWatchpoint>(this);
114 return m_allocationProfileClearingWatchpoint.get();
115 }
116
117 class AllocationProfileClearingWatchpoint final : public Watchpoint {
118 public:
119 AllocationProfileClearingWatchpoint(FunctionRareData* rareData)
120 : Watchpoint(Watchpoint::Type::FunctionRareDataAllocationProfileClearing)
121 , m_rareData(rareData)
122 { }
123
124 void fireInternal(VM&, const FireDetail&);
125
126 private:
127 // Own destructor may not be called. Keep members trivially destructible.
128 JSC_WATCHPOINT_FIELD(PackedCellPtr<FunctionRareData>, m_rareData);
129 };
130
131protected:
132 FunctionRareData(VM&);
133 ~FunctionRareData();
134
135private:
136 friend class LLIntOffsetsExtractor;
137
138 // Ideally, there would only be one allocation profile for subclassing but due to Reflect.construct we
139 // have two. There are some pros and cons in comparison to our current system to using the same profile
140 // for both JS constructors and subclasses of builtin constructors:
141 //
142 // 1) + Uses less memory.
143 // 2) + Conceptually simplier as there is only one profile.
144 // 3) - We would need a check in all JSFunction object creations (both with classes and without) that the
145 // new.target's profiled structure has a JSFinalObject ClassInfo. This is needed, for example, if we have
146 // `Reflect.construct(Array, args, myConstructor)` since myConstructor will be the new.target of Array
147 // the Array constructor will set the allocation profile of myConstructor to hold an Array structure
148 //
149 // We don't really care about 1) since this memory is rare and small in total. 2) is unfortunate but is
150 // probably outweighed by the cost of 3).
151 ObjectAllocationProfileWithPrototype m_objectAllocationProfile;
152 InlineWatchpointSet m_objectAllocationProfileWatchpoint;
153 InternalFunctionAllocationProfile m_internalFunctionAllocationProfile;
154 WriteBarrier<Structure> m_boundFunctionStructure;
155 std::unique_ptr<AllocationProfileClearingWatchpoint> m_allocationProfileClearingWatchpoint;
156 bool m_hasReifiedLength { false };
157 bool m_hasReifiedName { false };
158};
159
160} // namespace JSC
161