-
oliver@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=114708 Reviewed by Oliver Hunt. This is work towards allowing the DFG, and FTL, to run on a separate thread. The idea is that the most evil thing that the DFG does that has thread-safety issues is fiddling with Structures by calling Structure::get(). This can lead to rematerialization of property tables, which is definitely not thread-safe due to how StringImpl works. So, this patch completely side-steps the problem by creating a new version of Structure::get, called Structure::getWithoutMaterializing, which may choose to do an O(n) search if necessary to avoid materialization. I believe this should be fine - the DFG does't call into these code path often enough for this to matter, and most of the time, the Structure that we call this on will already have a property table because some inline cache would have already called ::get() on that Structure. Also cleaned up the materialization logic: we can stop the search as soon as we find any Structure with a property table rather than searching all the way for a pinned one. * bytecode/GetByIdStatus.cpp: (JSC::GetByIdStatus::computeFor): * bytecode/PutByIdStatus.cpp: (JSC::PutByIdStatus::computeFromLLInt): (JSC::PutByIdStatus::computeFor): * runtime/Structure.cpp: (JSC::Structure::findStructuresAndMapForMaterialization): (JSC::Structure::materializePropertyMap): (JSC::Structure::getWithoutMaterializing): (JSC): * runtime/Structure.h: (Structure): * runtime/StructureInlines.h: (JSC::Structure::getWithoutMaterializing): (JSC): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153120 268f45cc-cd09-0410-ab3c-d52691b4dbfc
b3956443