Changeset 159462 in webkit

Timestamp:

Nov 18, 2013 3:19:53 PM (10 years ago)

Author:

fpizlo@apple.com

Message:

put_to_scope[5] should not point to the structure if it's a variable access, but it should point to the WatchpointSet
​https://bugs.webkit.org/show_bug.cgi?id=124539

Reviewed by Mark Hahnenberg.

This is in preparation for getting put_to_scope to directly invalidate the watchpoint set
on stores, which will allow us to run constant inference on all globals.

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finalizeUnconditionally):

• bytecode/Instruction.h:
• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

• runtime/JSScope.cpp:

(JSC::abstractAccess):
(JSC::JSScope::abstractResolve):

• runtime/JSScope.h:

(JSC::ResolveOp::ResolveOp):

• runtime/SymbolTable.h:

(JSC::SymbolTableEntry::watchpointSet):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• bytecode/CodeBlock.cpp (modified) (2 diffs)
• bytecode/Instruction.h (modified) (1 diff)
• dfg/DFGByteCodeParser.cpp (modified) (1 diff)
• runtime/JSScope.cpp (modified) (6 diffs)
• runtime/JSScope.h (modified) (3 diffs)
• runtime/SymbolTable.h (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2013-11-18  Filip Pizlo  <fpizlo@apple.com>
+
+        put_to_scope[5] should not point to the structure if it's a variable access, but it should point to the WatchpointSet
+        https://bugs.webkit.org/show_bug.cgi?id=124539
+
+        Reviewed by Mark Hahnenberg.
+        
+        This is in preparation for getting put_to_scope to directly invalidate the watchpoint set
+        on stores, which will allow us to run constant inference on all globals.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::CodeBlock):
+        (JSC::CodeBlock::finalizeUnconditionally):
+        * bytecode/Instruction.h:
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::parseBlock):
+        * runtime/JSScope.cpp:
+        (JSC::abstractAccess):
+        (JSC::JSScope::abstractResolve):
+        * runtime/JSScope.h:
+        (JSC::ResolveOp::ResolveOp):
+        * runtime/SymbolTable.h:
+        (JSC::SymbolTableEntry::watchpointSet):
+
 2013-11-18  Mark Hahnenberg  <mhahnenberg@apple.com>
 

trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -1883 +1883 @@
 
             instructions[i + 4].u.operand = ResolveModeAndType(modeAndType.mode(), op.type).operand();
-            if (op.structure)
+            if (op.type == GlobalVar || op.type == GlobalVarWithVarInjectionChecks) {
+                ASSERT(!op.structure);
+                instructions[i + 5].u.watchpointSet = op.watchpointSet;
+            } else if (op.structure)
                 instructions[i + 5].u.structure.set(*vm(), ownerExecutable, op.structure);
             instructions[i + 6].u.pointer = reinterpret_cast<void*>(op.operand);
@@ -2275 +2278 @@
             case op_get_from_scope:
             case op_put_to_scope: {
+                ResolveModeAndType modeAndType =
+                    ResolveModeAndType(curInstruction[4].u.operand);
+                if (modeAndType.type() == GlobalVar || modeAndType.type() == GlobalVarWithVarInjectionChecks)
+                    continue;
                 WriteBarrierBase<Structure>& structure = curInstruction[5].u.structure;
                 if (!structure || Heap::isMarked(structure.get()))

trunk/Source/JavaScriptCore/bytecode/Instruction.h

@@ -116 +116 @@
         ArrayAllocationProfile* arrayAllocationProfile;
         ObjectAllocationProfile* objectAllocationProfile;
+        WatchpointSet* watchpointSet;
         void* pointer;
         bool* predicatePointer;

trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

@@ -3128 +3128 @@
             {
                 ConcurrentJITLocker locker(m_inlineStackTop->m_profiledBlock->m_lock);
-                structure = currentInstruction[5].u.structure.get();
+                if (resolveType == GlobalVar || resolveType == GlobalVarWithVarInjectionChecks)
+                    structure = 0;
+                else
+                    structure = currentInstruction[5].u.structure.get();
                 operand = reinterpret_cast<uintptr_t>(currentInstruction[6].u.pointer);
             }

trunk/Source/JavaScriptCore/runtime/JSScope.cpp

@@ -54 +54 @@
         if (ident == exec->propertyNames().arguments) {
             // We know the property will be at this activation scope, but we don't know how to cache it.
-            op = ResolveOp(Dynamic, 0, 0, 0);
+            op = ResolveOp(Dynamic, 0, 0, 0, 0);
             return true;
         }
@@ -61 +61 @@
         if (entry.isReadOnly() && getOrPut == Put) {
             // We know the property will be at this activation scope, but we don't know how to cache it.
-            op = ResolveOp(Dynamic, 0, 0, 0);
+            op = ResolveOp(Dynamic, 0, 0, 0, 0);
             return true;
         }
 
         if (!entry.isNull()) {
-            op = ResolveOp(makeType(ClosureVar, needsVarInjectionChecks), depth, activation->structure(), entry.getIndex());
+            op = ResolveOp(makeType(ClosureVar, needsVarInjectionChecks), depth, activation->structure(), 0, entry.getIndex());
             return true;
         }
@@ -81 +81 @@
                 if (entry.isReadOnly()) {
                     // We know the property will be at global scope, but we don't know how to cache it.
-                    op = ResolveOp(Dynamic, 0, 0, 0);
+                    op = ResolveOp(Dynamic, 0, 0, 0, 0);
                     return true;
                 }
@@ -89 +89 @@
             }
 
-            op = ResolveOp(makeType(GlobalVar, needsVarInjectionChecks), depth, globalObject->structure(), 
+            op = ResolveOp(
+                makeType(GlobalVar, needsVarInjectionChecks), depth, 0, entry.watchpointSet(),
                 reinterpret_cast<uintptr_t>(globalObject->registerAt(entry.getIndex()).slot()));
             return true;
@@ -101 +102 @@
             // We know the property will be at global scope, but we don't know how to cache it.
             ASSERT(!scope->next());
-            op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, 0, 0);
+            op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, 0, 0, 0);
             return true;
         }
 
-        op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, globalObject->structure(), slot.cachedOffset());
+        op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, globalObject->structure(), 0, slot.cachedOffset());
         return true;
     }
 
-    op = ResolveOp(Dynamic, 0, 0, 0);
+    op = ResolveOp(Dynamic, 0, 0, 0, 0);
     return true;
 }
@@ -147 +148 @@
 ResolveOp JSScope::abstractResolve(ExecState* exec, JSScope* scope, const Identifier& ident, GetOrPut getOrPut, ResolveType unlinkedType)
 {
-    ResolveOp op(Dynamic, 0, 0, 0);
+    ResolveOp op(Dynamic, 0, 0, 0, 0);
     if (unlinkedType == Dynamic)
         return op;

trunk/Source/JavaScriptCore/runtime/JSScope.h

@@ -32 +32 @@
 
 class ScopeChainIterator;
+class WatchpointSet;
 
 enum ResolveMode {
@@ -96 +97 @@
 
 struct ResolveOp {
-    ResolveOp(ResolveType type, size_t depth, Structure* structure, uintptr_t operand)
+    ResolveOp(ResolveType type, size_t depth, Structure* structure, WatchpointSet* watchpointSet, uintptr_t operand)
         : type(type)
         , depth(depth)
         , structure(structure)
+        , watchpointSet(watchpointSet)
         , operand(operand)
     {
@@ -107 +109 @@
     size_t depth;
     Structure* structure;
+    WatchpointSet* watchpointSet;
     uintptr_t operand;
 };

trunk/Source/JavaScriptCore/runtime/SymbolTable.h

@@ -235 +235 @@
     WatchpointSet* watchpointSet()
     {
+        if (!isFat())
+            return 0;
         return fatEntry()->m_watchpoints.get();
     }