Changeset 172808 in webkit
- Timestamp:
- Aug 20, 2014 1:47:45 PM (10 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 19 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r172807 r172808 1 2014-08-20 Oliver Hunt <oliver@apple.com> 2 3 Stop implicitly skipping a function's own activation when walking the scope chain 4 https://bugs.webkit.org/show_bug.cgi?id=136118 5 6 Reviewed by Geoffrey Garen. 7 8 Remove the current logic that implicitly skips a function's 9 own activation when walking the scope chain. This is ground 10 work for ensuring that all closed variable access is made 11 through the function's activation. This leads to a further 12 10% regression on earley, but we're already tracking the 13 overall performance regression. 14 15 * bytecode/CodeBlock.cpp: 16 (JSC::CodeBlock::CodeBlock): 17 * dfg/DFGAbstractInterpreterInlines.h: 18 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): 19 * dfg/DFGByteCodeParser.cpp: 20 (JSC::DFG::ByteCodeParser::getScope): 21 (JSC::DFG::ByteCodeParser::parseBlock): 22 * dfg/DFGClobberize.h: 23 (JSC::DFG::clobberize): 24 * dfg/DFGDoesGC.cpp: 25 (JSC::DFG::doesGC): 26 * dfg/DFGFixupPhase.cpp: 27 (JSC::DFG::FixupPhase::fixupNode): 28 * dfg/DFGHeapLocation.cpp: 29 (WTF::printInternal): 30 * dfg/DFGHeapLocation.h: 31 * dfg/DFGNodeType.h: 32 * dfg/DFGPredictionPropagationPhase.cpp: 33 (JSC::DFG::PredictionPropagationPhase::propagate): 34 * dfg/DFGSafeToExecute.h: 35 (JSC::DFG::safeToExecute): 36 * dfg/DFGSpeculativeJIT32_64.cpp: 37 (JSC::DFG::SpeculativeJIT::compile): 38 * dfg/DFGSpeculativeJIT64.cpp: 39 (JSC::DFG::SpeculativeJIT::compile): 40 * jit/JITPropertyAccess.cpp: 41 (JSC::JIT::emitResolveClosure): 42 * llint/LowLevelInterpreter32_64.asm: 43 * llint/LowLevelInterpreter64.asm: 44 * runtime/JSScope.cpp: 45 (JSC::JSScope::abstractResolve): 46 * runtime/JSScope.h: 47 1 48 2014-08-20 Michael Saboff <msaboff@apple.com> 2 49 -
trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp
r172665 r172808 1945 1945 ResolveType type = static_cast<ResolveType>(pc[3].u.operand); 1946 1946 1947 ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), scope, ident, Get, type);1947 ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), needsActivation(), scope, ident, Get, type); 1948 1948 instructions[i + 3].u.operand = op.type; 1949 1949 instructions[i + 4].u.operand = op.depth; … … 1962 1962 const Identifier& ident = identifier(pc[3].u.operand); 1963 1963 ResolveModeAndType modeAndType = ResolveModeAndType(pc[4].u.operand); 1964 ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), scope, ident, Get, modeAndType.type());1964 ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), needsActivation(), scope, ident, Get, modeAndType.type()); 1965 1965 1966 1966 instructions[i + 4].u.operand = ResolveModeAndType(modeAndType.mode(), op.type).operand(); … … 1978 1978 const Identifier& ident = identifier(pc[2].u.operand); 1979 1979 ResolveModeAndType modeAndType = ResolveModeAndType(pc[4].u.operand); 1980 ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), scope, ident, Put, modeAndType.type());1980 ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), needsActivation(), scope, ident, Put, modeAndType.type()); 1981 1981 1982 1982 instructions[i + 4].u.operand = ResolveModeAndType(modeAndType.mode(), op.type).operand(); … … 2009 2009 const Identifier& ident = identifier(pc[4].u.operand); 2010 2010 ResolveType type = static_cast<ResolveType>(pc[5].u.operand); 2011 ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), scope, ident, (flag == ProfileTypesBytecodeGetFromScope ? Get : Put), type);2011 ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), needsActivation(), scope, ident, (flag == ProfileTypesBytecodeGetFromScope ? Get : Put), type); 2012 2012 2013 2013 // FIXME: handle other values for op.type here, and also consider what to do when we can't statically determine the globalID -
trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
r172737 r172808 1387 1387 case GetScope: // FIXME: We could get rid of these if we know that the JSFunction is a constant. https://bugs.webkit.org/show_bug.cgi?id=106202 1388 1388 case GetMyScope: 1389 case SkipTopScope:1390 1389 forNode(node).setType(SpecObjectOther); 1391 1390 break; -
trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
r172176 r172808 199 199 void emitChecks(const ConstantStructureCheckVector&); 200 200 201 Node* getScope( bool skipTop,unsigned skipCount);201 Node* getScope(unsigned skipCount); 202 202 203 203 // Prepare to parse a block. … … 2024 2024 } 2025 2025 2026 Node* ByteCodeParser::getScope( bool skipTop,unsigned skipCount)2026 Node* ByteCodeParser::getScope(unsigned skipCount) 2027 2027 { 2028 2028 Node* localBase = get(VirtualRegister(JSStack::ScopeChain)); 2029 if (skipTop) {2030 ASSERT(!inlineCallFrame());2031 localBase = addToGraph(SkipTopScope, localBase);2032 }2033 2029 for (unsigned n = skipCount; n--;) 2034 2030 localBase = addToGraph(SkipScope, localBase); … … 2930 2926 break; 2931 2927 } 2932 set(VirtualRegister(dst), 2933 getScope(m_inlineStackTop->m_codeBlock->needsActivation(), depth)); 2928 set(VirtualRegister(dst), getScope(depth)); 2934 2929 break; 2935 2930 } -
trunk/Source/JavaScriptCore/dfg/DFGClobberize.h
r172176 r172808 749 749 return; 750 750 751 case SkipTopScope:752 read(AbstractHeap(Variables, graph.activationRegister()));753 def(HeapLocation(SkipTopScopeLoc, AbstractHeap(Variables, graph.activationRegister()), node->child1()), node);754 return;755 756 751 case GetClosureRegisters: 757 752 read(JSVariableObject_registers); -
trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp
r172176 r172808 97 97 case GetScope: 98 98 case GetMyScope: 99 case SkipTopScope:100 99 case SkipScope: 101 100 case GetClosureRegisters: -
trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
r172737 r172808 854 854 855 855 case GetClosureRegisters: 856 case SkipTopScope:857 856 case SkipScope: 858 857 case GetScope: -
trunk/Source/JavaScriptCore/dfg/DFGHeapLocation.cpp
r172176 r172808 137 137 return; 138 138 139 case SkipTopScopeLoc:140 out.print("SkipTopScopeLoc");141 return;142 143 139 case TypedArrayByteOffsetLoc: 144 140 out.print("TypedArrayByteOffsetLoc"); -
trunk/Source/JavaScriptCore/dfg/DFGHeapLocation.h
r172176 r172808 56 56 NamedPropertyLoc, 57 57 SetterLoc, 58 SkipTopScopeLoc,59 58 TypeOfLoc, 60 59 TypedArrayByteOffsetLoc, -
trunk/Source/JavaScriptCore/dfg/DFGNodeType.h
r172176 r172808 176 176 macro(GetScope, NodeResultJS) \ 177 177 macro(GetMyScope, NodeResultJS) \ 178 macro(SkipTopScope, NodeResultJS) \179 178 macro(SkipScope, NodeResultJS) \ 180 179 macro(GetClosureRegisters, NodeResultStorage) \ -
trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
r172176 r172808 461 461 462 462 case GetMyScope: 463 case SkipTopScope:464 463 case SkipScope: { 465 464 changed |= setPrediction(SpecObjectOther); -
trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h
r172176 r172808 167 167 case GetScope: 168 168 case GetMyScope: 169 case SkipTopScope:170 169 case SkipScope: 171 170 case GetClosureRegisters: -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
r172598 r172808 3513 3513 } 3514 3514 3515 case SkipTopScope: {3516 SpeculateCellOperand scope(this, node->child1());3517 GPRTemporary result(this, Reuse, scope);3518 GPRReg resultGPR = result.gpr();3519 m_jit.move(scope.gpr(), resultGPR);3520 m_jit.loadPtr(JITCompiler::Address(resultGPR, JSScope::offsetOfNext()), resultGPR);3521 cellResult(resultGPR, node);3522 break;3523 }3524 3525 3515 case SkipScope: { 3526 3516 SpeculateCellOperand scope(this, node->child1()); -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
r172598 r172808 3623 3623 } 3624 3624 3625 case SkipTopScope: {3626 SpeculateCellOperand scope(this, node->child1());3627 GPRTemporary result(this, Reuse, scope);3628 GPRReg resultGPR = result.gpr();3629 m_jit.move(scope.gpr(), resultGPR);3630 m_jit.loadPtr(JITCompiler::Address(resultGPR, JSScope::offsetOfNext()), resultGPR);3631 cellResult(resultGPR, node);3632 break;3633 }3634 3635 3625 case SkipScope: { 3636 3626 SpeculateCellOperand scope(this, node->child1()); -
trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
r172598 r172808 595 595 emitVarInjectionCheck(needsVarInjectionChecks); 596 596 emitGetVirtualRegister(JSStack::ScopeChain, regT0); 597 if (m_codeBlock->needsActivation()) {598 emitGetVirtualRegister(m_codeBlock->activationRegister(), regT1);599 loadPtr(Address(regT0, JSScope::offsetOfNext()), regT0);600 }601 597 for (unsigned i = 0; i < depth; ++i) 602 598 loadPtr(Address(regT0, JSScope::offsetOfNext()), regT0); -
trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
r172746 r172808 2202 2202 loadp CodeBlock[cfr], t0 2203 2203 loadisFromInstruction(4, t2) 2204 btbz CodeBlock::m_needsActivation[t0], .resolveScopeAfterActivationCheck 2205 loadis CodeBlock::m_activationRegister[t0], t1 2206 addi 1, t2 2207 2208 .resolveScopeAfterActivationCheck: 2204 2209 2205 loadp ScopeChain[cfr], t0 2210 2206 btiz t2, .resolveScopeLoopEnd -
trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
r172665 r172808 2035 2035 loadp CodeBlock[cfr], t0 2036 2036 loadisFromInstruction(4, t2) 2037 btbz CodeBlock::m_needsActivation[t0], .resolveScopeAfterActivationCheck2038 loadis CodeBlock::m_activationRegister[t0], t12039 addi 1, t22040 2041 .resolveScopeAfterActivationCheck:2042 2037 loadp ScopeChain[cfr], t0 2043 2038 btiz t2, .resolveScopeLoopEnd -
trunk/Source/JavaScriptCore/runtime/JSScope.cpp
r172129 r172808 149 149 } 150 150 151 ResolveOp JSScope::abstractResolve(ExecState* exec, JSScope* scope, const Identifier& ident, GetOrPut getOrPut, ResolveType unlinkedType)151 ResolveOp JSScope::abstractResolve(ExecState* exec, bool hasTopActivation, JSScope* scope, const Identifier& ident, GetOrPut getOrPut, ResolveType unlinkedType) 152 152 { 153 153 ResolveOp op(Dynamic, 0, 0, 0, 0, 0); … … 155 155 return op; 156 156 157 size_t depth = 0;157 size_t depth = hasTopActivation ? 1 : 0; 158 158 bool needsVarInjectionChecks = JSC::needsVarInjectionChecks(unlinkedType); 159 159 for (; scope; scope = scope->next()) { -
trunk/Source/JavaScriptCore/runtime/JSScope.h
r172372 r172808 154 154 155 155 static JSValue resolve(ExecState*, JSScope*, const Identifier&); 156 static ResolveOp abstractResolve(ExecState*, JSScope*, const Identifier&, GetOrPut, ResolveType);156 static ResolveOp abstractResolve(ExecState*, bool hasTopActivation, JSScope*, const Identifier&, GetOrPut, ResolveType); 157 157 158 158 static void visitChildren(JSCell*, SlotVisitor&);
Note: See TracChangeset
for help on using the changeset viewer.