Context Navigation

-              r283095
+              r283096
+-09-26  Commit Queue  <commit-queue@webkit.org>
+        Unreviewed, reverting r283095.
+        https://bugs.webkit.org/show_bug.cgi?id=230815
+        We should land the original patch since this does not work
+        with bytecode cache
+        Reverted changeset:
+        "[JSC] Optimize PutByVal with for-in"
+        https://bugs.webkit.org/show_bug.cgi?id=230801
+        https://commits.webkit.org/r283095
 -09-26  Yusuke Suzuki  <ysuzuki@apple.com>

trunk/Source/JavaScriptCore/ChangeLog

-              r283095
+              r283096
+-09-26  Commit Queue  <commit-queue@webkit.org>
+        Unreviewed, reverting r283095.
+        https://bugs.webkit.org/show_bug.cgi?id=230815
+        We should land the original patch since this does not work
+        with bytecode cache
+        Reverted changeset:
+        "[JSC] Optimize PutByVal with for-in"
+        https://bugs.webkit.org/show_bug.cgi?id=230801
+        https://commits.webkit.org/r283095
 -09-26  Yusuke Suzuki  <ysuzuki@apple.com>

trunk/Source/JavaScriptCore/builtins/BuiltinNames.h

r283095	r283096
183	183	macro(entries) \
184	184	macro(outOfLineReactionCounts) \
185		macro(emptyPropertyNameEnumerator) \
	185	macro(emptyPropertyNameEnumerator)
186	186
187	187

trunk/Source/JavaScriptCore/bytecode/BytecodeList.rb

-              r283095
+              r283096
     args: {
         value: VirtualRegister,
-        targetLabel: BoundLabel,
+    }
-op :jeq_ptr,
-    args: {
-        value: VirtualRegister,
-        specialPointer: VirtualRegister,
         targetLabel: BoundLabel,
+    }

trunk/Source/JavaScriptCore/bytecode/BytecodeUseDef.cpp

-              r283095
+              r283096
     case op_new_regexp:
     case op_debug:
+    case op_jneq_ptr:
     case op_loop_hint:
     case op_jmp:
 …
     USES(OpJbelow, lhs, rhs)
     USES(OpJbeloweq, lhs, rhs)
-    USES(OpJeqPtr, value, specialPointer)
-    USES(OpJneqPtr, value, specialPointer)
     USES(OpSetFunctionName, function, name)
     USES(OpLogShadowChickenTail, thisValue, scope)
 …
     case op_jundefined_or_null:
     case op_jnundefined_or_null:
-    case op_jeq_ptr:
     case op_jneq_ptr:
     case op_jless:

trunk/Source/JavaScriptCore/bytecode/Opcode.h

r283095	r283096
200	200	case op_jundefined_or_null:
201	201	case op_jnundefined_or_null:
202		~~case op_jeq_ptr:~~
203	202	case op_jneq_ptr:
204	203	case op_jless:

trunk/Source/JavaScriptCore/bytecode/PreciseJumpTargetsInlines.h

r283095	r283096
44	44	CASE_OP(OpJundefinedOrNull) \
45	45	CASE_OP(OpJnundefinedOrNull) \
46		~~CASE_OP(OpJeqPtr) \~~
47	46	CASE_OP(OpJneqPtr) \
48	47	\

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

-              r283095
+              r283096
         CASE(OpJstricteq)
         CASE(OpJneq)
-        CASE(OpJeqPtr)
         CASE(OpJneqPtr)
         CASE(OpJnstricteq)
 …
+{
     OpJneqPtr::emit(this, cond, moveLinkTimeConstant(nullptr, LinkTimeConstant::applyFunction), target.bind(this));
+}
-void BytecodeGenerator::emitJumpIfSentinelString(RegisterID* cond, Label& target)
+{
-    OpJeqPtr::emit(this, cond, emitLoad(nullptr, JSValue(vm().smallStrings.sentinelString())), target.bind(this));
+}

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h

r283095	r283096
859	859	void emitJumpIfNotFunctionCall(RegisterID* cond, Label& target);
860	860	void emitJumpIfNotFunctionApply(RegisterID* cond, Label& target);
861		~~void emitJumpIfSentinelString(RegisterID* cond, Label& target);~~
862	861	unsigned emitWideJumpIfNotFunctionHasOwnProperty(RegisterID* cond, Label& target);
863	862	void recordHasOwnPropertyInForInLoop(ForInContext&, unsigned branchOffset, Label& genericPath);

trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

-              r283095
+              r283096
         // FIXME: We should have a way to see if anyone is actually using the propertyName for something other than a get_by_val. If not, we could eliminate the toString in this opcode.
         generator.emitEnumeratorNext(propertyName.get(), mode.get(), index.get(), base.get(), enumerator.get());
+        generator.emitJumpIfSentinelString(propertyName.get(), scope->breakTarget());
+        // Note, choosing undefined or null helps please DFG's Abstract Interpreter as it doesn't distinguish null and undefined as types (via SpecOther).
+        generator.emitJumpIfTrue(generator.emitIsUndefinedOrNull(generator.newTemporary(), propertyName.get()), scope->breakTarget());
         this->emitLoopHeader(generator, propertyName.get());

trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h

r283095	r283096
4324	4324
4325	4325	case EnumeratorNextUpdatePropertyName: {
4326		setTypeForNode(node, SpecString~~Ident~~);
	4326	setTypeForNode(node, SpecString \| SpecOther);
4327	4327	break;
4328	4328	}

trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

-              r283095
+              r283096
             NEXT_OPCODE(op_iterator_next);
+        }
-        case op_jeq_ptr: {
-            auto bytecode = currentInstruction->as<OpJeqPtr>();
-            FrozenValue* frozenPointer = m_graph.freezeStrong(m_inlineStackTop->m_codeBlock->getConstant(bytecode.m_specialPointer));
-            unsigned relativeOffset = jumpTarget(bytecode.m_targetLabel);
-            Node* child = get(bytecode.m_value);
-            Node* condition = addToGraph(CompareEqPtr, OpInfo(frozenPointer), child);
-            addToGraph(Branch, OpInfo(branchData(m_currentIndex.offset() + relativeOffset, m_currentIndex.offset() + currentInstruction->size())), condition);
-            LAST_OPCODE(op_jeq_ptr);
+        }

trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp

r283095	r283096
241	241	case op_put_to_arguments:
242	242	case op_get_argument:
243		~~case op_jeq_ptr:~~
244	243	case op_jneq_ptr:
245	244	case op_typeof:

trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

-              r283095
+              r283096
 template<bool strict, bool direct>
 static ALWAYS_INLINE void putByVal(JSGlobalObject* globalObject, VM& vm, JSValue baseValue, uint32_t index, JSValue value)
+static inline void putByVal(JSGlobalObject* globalObject, VM& vm, JSValue baseValue, uint32_t index, JSValue value)
+{
     ASSERT(isIndex(index));
     if constexpr (direct) {
+    if (direct) {
         RELEASE_ASSERT(baseValue.isObject());
         asObject(baseValue)->putDirectIndex(globalObject, index, value, 0, strict ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow);
 …
     PutPropertySlot slot(baseValue, strict);
     if constexpr (direct) {
+    if (direct) {
         RELEASE_ASSERT(baseValue.isObject());
         JSObject* baseObject = asObject(baseValue);
 …
+{
     PutPropertySlot slot(base, strict);
     if constexpr (direct) {
+    if (direct) {
         RELEASE_ASSERT(base->isObject());
         JSObject* baseObject = asObject(base);
 …
+}
 JSC_DEFINE_JIT_OPERATION(operationEnumeratorNextUpdatePropertyName, JSString*, (JSGlobalObject* globalObject, uint32_t index, int32_t modeNumber, JSPropertyNameEnumerator* enumerator))
+JSC_DEFINE_JIT_OPERATION(operationEnumeratorNextUpdatePropertyName, EncodedJSValue, (JSGlobalObject* globalObject, uint32_t index, int32_t modeNumber, JSPropertyNameEnumerator* enumerator))
+{
     VM& vm = globalObject->vm();
 …
     if (modeNumber == JSPropertyNameEnumerator::IndexedMode) {
         if (index < enumerator->indexedLength())
             return jsString(vm, Identifier::from(vm, index).string());
         return vm.smallStrings.sentinelString();
+            return JSValue::encode(jsString(vm, Identifier::from(vm, index).string()));
+        return JSValue::encode(jsNull());
+    }
     JSString* result = enumerator->propertyNameAtIndex(index);
     if (!result)
         return vm.smallStrings.sentinelString();
     return result;
+        return JSValue::encode(jsNull());
+    return JSValue::encode(result);
+}

trunk/Source/JavaScriptCore/dfg/DFGOperations.h

r283095	r283096
109	109	JSC_DECLARE_JIT_OPERATION(operationGetPropertyEnumeratorCell, JSCell, (JSGlobalObject, JSCell*));
110	110	JSC_DECLARE_JIT_OPERATION(operationEnumeratorNextUpdateIndexAndMode, EncodedJSValue, (JSGlobalObject, EncodedJSValue, uint32_t, int32_t, JSPropertyNameEnumerator));
111		JSC_DECLARE_JIT_OPERATION(operationEnumeratorNextUpdatePropertyName, JSString, (JSGlobalObject, uint32_t, int32_t, JSPropertyNameEnumerator*));
	111	JSC_DECLARE_JIT_OPERATION(operationEnumeratorNextUpdatePropertyName, EncodedJSValue, (JSGlobalObject, uint32_t, int32_t, JSPropertyNameEnumerator));
112	112	JSC_DECLARE_JIT_OPERATION(operationEnumeratorInByVal, EncodedJSValue, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, uint32_t, int32_t));
113	113	JSC_DECLARE_JIT_OPERATION(operationEnumeratorHasOwnProperty, EncodedJSValue, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, uint32_t, int32_t));

trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp

r283095	r283096
1234	1234
1235	1235	case EnumeratorNextUpdatePropertyName: {
1236		setPrediction(SpecString~~Ident~~);
	1236	setPrediction(SpecString \| SpecOther);
1237	1237	break;
1238	1238	}

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

-              r283095
+              r283096
     SpeculateStrictInt32Operand modeOperand(this, node->child2());
     SpeculateCellOperand enumeratorOperand(this, node->child3());
     GPRTemporary result(this);
+    JSValueRegsTemporary resultTemp(this);
     GPRReg index = indexOperand.gpr();
     GPRReg mode = modeOperand.gpr();
     GPRReg enumerator = enumeratorOperand.gpr();
     GPRReg resultGPR = result.gpr();
+    JSValueRegs resultRegs = resultTemp.regs();
     OptionSet seenModes = node->enumeratorMetadata();
 …
         auto outOfBounds = m_jit.branch32(MacroAssembler::AboveOrEqual, index, MacroAssembler::Address(enumerator, JSPropertyNameEnumerator::endGenericPropertyIndexOffset()));
+        m_jit.loadPtr(MacroAssembler::Address(enumerator, JSPropertyNameEnumerator::cachedPropertyNamesVectorOffset()), resultGPR);
+        m_jit.loadPtr(MacroAssembler::BaseIndex(resultGPR, index, MacroAssembler::ScalePtr), resultGPR);
+        m_jit.loadPtr(MacroAssembler::Address(enumerator, JSPropertyNameEnumerator::cachedPropertyNamesVectorOffset()), resultRegs.payloadGPR());
+        m_jit.loadPtr(MacroAssembler::BaseIndex(resultRegs.payloadGPR(), index, MacroAssembler::ScalePtr), resultRegs.payloadGPR());
+#if USE(JSVALUE32_64)
+        m_jit.move(TrustedImm32(JSValue::CellTag), resultRegs.tagGPR());
+#endif
         doneCases.append(m_jit.jump());
         outOfBounds.link(&m_jit);
         m_jit.move(TrustedImmPtr::weakPointer(m_graph, vm().smallStrings.sentinelString()), resultGPR);
+        m_jit.moveTrustedValue(jsNull(), resultRegs);
         doneCases.append(m_jit.jump());
         operationCall.link(&m_jit);
+    }
     callOperation(operationEnumeratorNextUpdatePropertyName, resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), index, mode, enumerator);
+    callOperation(operationEnumeratorNextUpdatePropertyName, resultRegs, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), index, mode, enumerator);
     m_jit.exceptionCheck();
     doneCases.link(&m_jit);
     cellResult(resultGPR, node);
+    jsValueResult(resultRegs, node);
+}

trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

-              r283095
+              r283096
+            {
                 m_out.appendTo(outOfBoundsBlock);
                 results.append(m_out.anchor(weakPointer(vm().smallStrings.sentinelString())));
+                results.append(m_out.anchor(m_out.constInt64(JSValue::encode(jsNull()))));
                 m_out.jump(continuation);
+            }
 …
                 m_out.appendTo(loadPropertyNameBlock);
                 LValue namesVector = m_out.loadPtr(enumerator, m_heaps.JSPropertyNameEnumerator_cachedPropertyNamesVector);
                 results.append(m_out.anchor(m_out.loadPtr(m_out.baseIndex(m_heaps.WriteBarrierBuffer_bufferContents.atAnyIndex(), namesVector, m_out.zeroExt(index, Int64), ScalePtr))));
+                results.append(m_out.anchor(m_out.zeroExtPtr(m_out.loadPtr(m_out.baseIndex(m_heaps.WriteBarrierBuffer_bufferContents.atAnyIndex(), namesVector, m_out.zeroExt(index, Int64), ScalePtr)))));
                 m_out.jump(continuation);
+            }
 …
             m_out.appendTo(operationBlock);
         // Note: We can't omit the operation because we have no guarantee that the mode will match what we profiled.
         results.append(m_out.anchor(vmCall(pointerType(), operationEnumeratorNextUpdatePropertyName, weakPointer(globalObject), index, mode, enumerator)));
+        results.append(m_out.anchor(vmCall(Int64, operationEnumeratorNextUpdatePropertyName, weakPointer(globalObject), index, mode, enumerator)));
         if (continuation) {
             m_out.jump(continuation);
 …
         ASSERT(results.size());
         LValue result = m_out.phi(pointerType(), results);
+        LValue result = m_out.phi(Int64, results);
         setJSValue(result);
+    }

trunk/Source/JavaScriptCore/jit/JIT.cpp

r283095	r283096
388	388	DEFINE_OP(op_jundefined_or_null)
389	389	DEFINE_OP(op_jnundefined_or_null)
390		~~DEFINE_OP(op_jeq_ptr)~~
391	390	DEFINE_OP(op_jneq_ptr)
392	391	DEFINE_OP(op_jless)

trunk/Source/JavaScriptCore/jit/JIT.h

r283095	r283096
462	462	void emit_op_jundefined_or_null(const Instruction*);
463	463	void emit_op_jnundefined_or_null(const Instruction*);
464		~~void emit_op_jeq_ptr(const Instruction*);~~
465	464	void emit_op_jneq_ptr(const Instruction*);
466	465	void emit_op_jless(const Instruction*);

trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp

-              r283095
+              r283096
+}
-void JIT::emit_op_jeq_ptr(const Instruction* currentInstruction)
+{
-    auto bytecode = currentInstruction->as<OpJeqPtr>();
-    VirtualRegister src = bytecode.m_value;
-    JSValue specialPointer = getConstantOperand(bytecode.m_specialPointer);
-    ASSERT(specialPointer.isCell());
-    unsigned target = jumpTarget(currentInstruction, bytecode.m_targetLabel);
-    emitGetVirtualRegister(src, regT0);
-    addJump(branchPtr(Equal, regT0, TrustedImmPtr(specialPointer.asCell())), target);
+}
 void JIT::emit_op_jneq_ptr(const Instruction* currentInstruction)
+{

trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp

-              r283095
+              r283096
+}
-void JIT::emit_op_jeq_ptr(const Instruction* currentInstruction)
+{
-    auto bytecode = currentInstruction->as<OpJeqPtr>();
-    auto& metadata = bytecode.metadata(m_profiledCodeBlock);
-    VirtualRegister src = bytecode.m_value;
-    JSValue specialPointer = getConstantOperand(bytecode.m_specialPointer);
-    ASSERT(specialPointer.isCell());
-    unsigned target = jumpTarget(currentInstruction, bytecode.m_targetLabel);
-    emitLoad(src, regT1, regT0);
-    Jump notCell = branchIfNotCell(regT1);
-    addJump(branchPtr(Equal, regT0, TrustedImmPtr(specialPointer.asCell())), target);
-    notCell.link(this);
+}
 void JIT::emit_op_jneq_ptr(const Instruction* currentInstruction)
+{

trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

r283095	r283096
2867	2867
2868	2868	outOfBounds.link(this);
2869		storeTrustedValue(~~vm().smallStrings.sentinelString~~(), addressFor(propertyName));
	2869	storeTrustedValue(jsNull(), addressFor(propertyName));
2870	2870	done.append(jump());
2871	2871	}

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

-              r283095
+              r283096
     macro (value, target) bineq value, NullTag, target end)
-llintOpWithReturn(op_jeq_ptr, OpJeqPtr, macro (size, get, dispatch, return)
-    get(m_value, t0)
-    get(m_specialPointer, t1)
-    loadConstant(size, t1, t3, t2)
-    bineq TagOffset[cfr, t0, 8], CellTag, .opJeqPtrFallThrough
-    bpneq PayloadOffset[cfr, t0, 8], t2, .opJeqPtrFallThrough
-.opJeqPtrBranch:
-    get(m_targetLabel, t0)
-    jumpImpl(dispatchIndirect, t0)
-.opJeqPtrFallThrough:
-    dispatch()
-end)
 llintOpWithMetadata(op_jneq_ptr, OpJneqPtr, macro (size, get, dispatch, metadata, return)
     get(m_value, t0)

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

-              r283095
+              r283096
 undefinedOrNullJumpOp(jnundefined_or_null, OpJnundefinedOrNull,
     macro (value, target) bqneq value, ValueNull, target end)
-llintOpWithReturn(op_jeq_ptr, OpJeqPtr, macro (size, get, dispatch, return)
-    get(m_value, t0)
-    get(m_specialPointer, t1)
-    loadConstant(size, t1, t2)
-    bpeq t2, [cfr, t0, 8], .opJeqPtrTarget
-    dispatch()
-.opJeqPtrTarget:
-    get(m_targetLabel, t0)
-    jumpImpl(dispatchIndirect, t0)
-end)
 llintOpWithMetadata(op_jneq_ptr, OpJneqPtr, macro (size, get, dispatch, metadata, return)

trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp

r283095	r283096
1002	1002	modeRegister = jsNumber(static_cast<uint8_t>(mode));
1003	1003	indexRegister = jsNumber(index);
1004		nameRegister = name ? name : ~~vm.smallStrings.sentinelString~~();
	1004	nameRegister = name ? name : jsNull();
1005	1005	END();
1006	1006	}

trunk/Source/JavaScriptCore/runtime/SmallStrings.cpp

-              r283095
+              r283096
     initialize(&vm, m_timedOutString, "timed-out");
     initialize(&vm, m_okString, "ok");
-    initialize(&vm, m_sentinelString, "$");
     setIsInitialized(true);
 …
     visitor.appendUnbarriered(m_timedOutString);
     visitor.appendUnbarriered(m_okString);
-    visitor.appendUnbarriered(m_sentinelString);
+}

trunk/Source/JavaScriptCore/runtime/SmallStrings.h

-              r283095
+              r283096
     JSString* timedOutString() const { return m_timedOutString; }
     JSString* okString() const { return m_okString; }
-    JSString* sentinelString() const { return m_sentinelString; }
     bool needsToBeVisited(CollectionScope scope) const
 …
     JSString* m_timedOutString { nullptr };
     JSString* m_okString { nullptr };
-    JSString* m_sentinelString { nullptr };
     JSString* m_singleCharacterStrings[singleCharacterStringCount] { nullptr };
     bool m_needsToBeVisited { true };

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 283096 in webkit

Legend:

Download in other formats: