Changeset 188201 in webkit
- Timestamp:
- Aug 9, 2015 3:55:54 PM (9 years ago)
- Location:
- trunk
- Files:
-
- 51 deleted
- 38 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/js/regress/get-by-val-with-string-bimorphic-check-structure-elimination-expected.txt (deleted)
-
LayoutTests/js/regress/get-by-val-with-string-bimorphic-check-structure-elimination-simple-expected.txt (deleted)
-
LayoutTests/js/regress/get-by-val-with-string-bimorphic-check-structure-elimination-simple.html (deleted)
-
LayoutTests/js/regress/get-by-val-with-string-bimorphic-check-structure-elimination.html (deleted)
-
LayoutTests/js/regress/get-by-val-with-string-chain-from-try-block-expected.txt (deleted)
-
LayoutTests/js/regress/get-by-val-with-string-chain-from-try-block.html (deleted)
-
LayoutTests/js/regress/get-by-val-with-string-check-structure-elimination-expected.txt (deleted)
-
LayoutTests/js/regress/get-by-val-with-string-check-structure-elimination.html (deleted)
-
LayoutTests/js/regress/get-by-val-with-string-proto-or-self-expected.txt (deleted)
-
LayoutTests/js/regress/get-by-val-with-string-proto-or-self.html (deleted)
-
LayoutTests/js/regress/get-by-val-with-string-quadmorphic-check-structure-elimination-simple-expected.txt (deleted)
-
LayoutTests/js/regress/get-by-val-with-string-quadmorphic-check-structure-elimination-simple.html (deleted)
-
LayoutTests/js/regress/get-by-val-with-string-self-or-proto-expected.txt (deleted)
-
LayoutTests/js/regress/get-by-val-with-string-self-or-proto.html (deleted)
-
LayoutTests/js/regress/get-by-val-with-symbol-bimorphic-check-structure-elimination-expected.txt (deleted)
-
LayoutTests/js/regress/get-by-val-with-symbol-bimorphic-check-structure-elimination-simple-expected.txt (deleted)
-
LayoutTests/js/regress/get-by-val-with-symbol-bimorphic-check-structure-elimination-simple.html (deleted)
-
LayoutTests/js/regress/get-by-val-with-symbol-bimorphic-check-structure-elimination.html (deleted)
-
LayoutTests/js/regress/get-by-val-with-symbol-chain-from-try-block-expected.txt (deleted)
-
LayoutTests/js/regress/get-by-val-with-symbol-chain-from-try-block.html (deleted)
-
LayoutTests/js/regress/get-by-val-with-symbol-check-structure-elimination-expected.txt (deleted)
-
LayoutTests/js/regress/get-by-val-with-symbol-check-structure-elimination.html (deleted)
-
LayoutTests/js/regress/get-by-val-with-symbol-proto-or-self-expected.txt (deleted)
-
LayoutTests/js/regress/get-by-val-with-symbol-proto-or-self.html (deleted)
-
LayoutTests/js/regress/get-by-val-with-symbol-quadmorphic-check-structure-elimination-simple-expected.txt (deleted)
-
LayoutTests/js/regress/get-by-val-with-symbol-quadmorphic-check-structure-elimination-simple.html (deleted)
-
LayoutTests/js/regress/get-by-val-with-symbol-self-or-proto-expected.txt (deleted)
-
LayoutTests/js/regress/get-by-val-with-symbol-self-or-proto.html (deleted)
-
LayoutTests/js/regress/script-tests/get-by-val-with-string-bimorphic-check-structure-elimination-simple.js (deleted)
-
LayoutTests/js/regress/script-tests/get-by-val-with-string-bimorphic-check-structure-elimination.js (deleted)
-
LayoutTests/js/regress/script-tests/get-by-val-with-string-chain-from-try-block.js (deleted)
-
LayoutTests/js/regress/script-tests/get-by-val-with-string-check-structure-elimination.js (deleted)
-
LayoutTests/js/regress/script-tests/get-by-val-with-string-proto-or-self.js (deleted)
-
LayoutTests/js/regress/script-tests/get-by-val-with-string-quadmorphic-check-structure-elimination-simple.js (deleted)
-
LayoutTests/js/regress/script-tests/get-by-val-with-string-self-or-proto.js (deleted)
-
LayoutTests/js/regress/script-tests/get-by-val-with-symbol-bimorphic-check-structure-elimination-simple.js (deleted)
-
LayoutTests/js/regress/script-tests/get-by-val-with-symbol-bimorphic-check-structure-elimination.js (deleted)
-
LayoutTests/js/regress/script-tests/get-by-val-with-symbol-chain-from-try-block.js (deleted)
-
LayoutTests/js/regress/script-tests/get-by-val-with-symbol-check-structure-elimination.js (deleted)
-
LayoutTests/js/regress/script-tests/get-by-val-with-symbol-proto-or-self.js (deleted)
-
LayoutTests/js/regress/script-tests/get-by-val-with-symbol-quadmorphic-check-structure-elimination-simple.js (deleted)
-
LayoutTests/js/regress/script-tests/get-by-val-with-symbol-self-or-proto.js (deleted)
-
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
-
Source/JavaScriptCore/bytecode/ByValInfo.h (modified) (3 diffs)
-
Source/JavaScriptCore/bytecode/CodeBlock.cpp (modified) (2 diffs)
-
Source/JavaScriptCore/bytecode/CodeBlock.h (modified) (4 diffs)
-
Source/JavaScriptCore/bytecode/ExitKind.cpp (modified) (1 diff)
-
Source/JavaScriptCore/bytecode/ExitKind.h (modified) (1 diff)
-
Source/JavaScriptCore/bytecode/GetByIdStatus.cpp (modified) (3 diffs)
-
Source/JavaScriptCore/bytecode/GetByIdStatus.h (modified) (2 diffs)
-
Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h (modified) (1 diff)
-
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (modified) (3 diffs)
-
Source/JavaScriptCore/dfg/DFGClobberize.h (modified) (1 diff)
-
Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp (modified) (1 diff)
-
Source/JavaScriptCore/dfg/DFGDoesGC.cpp (modified) (1 diff)
-
Source/JavaScriptCore/dfg/DFGFixupPhase.cpp (modified) (2 diffs)
-
Source/JavaScriptCore/dfg/DFGNode.h (modified) (1 diff)
-
Source/JavaScriptCore/dfg/DFGNodeType.h (modified) (1 diff)
-
Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp (modified) (1 diff)
-
Source/JavaScriptCore/dfg/DFGSafeToExecute.h (modified) (2 diffs)
-
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (modified) (3 diffs)
-
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (modified) (2 diffs)
-
Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (modified) (1 diff)
-
Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (modified) (1 diff)
-
Source/JavaScriptCore/dfg/DFGUseKind.cpp (modified) (1 diff)
-
Source/JavaScriptCore/dfg/DFGUseKind.h (modified) (3 diffs)
-
Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h (modified) (1 diff)
-
Source/JavaScriptCore/ftl/FTLCapabilities.cpp (modified) (2 diffs)
-
Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp (modified) (6 diffs)
-
Source/JavaScriptCore/jit/JIT.cpp (modified) (1 diff)
-
Source/JavaScriptCore/jit/JIT.h (modified) (8 diffs)
-
Source/JavaScriptCore/jit/JITInlines.h (modified) (4 diffs)
-
Source/JavaScriptCore/jit/JITOpcodes.cpp (modified) (4 diffs)
-
Source/JavaScriptCore/jit/JITOpcodes32_64.cpp (modified) (4 diffs)
-
Source/JavaScriptCore/jit/JITOperations.cpp (modified) (32 diffs)
-
Source/JavaScriptCore/jit/JITOperations.h (modified) (5 diffs)
-
Source/JavaScriptCore/jit/JITPropertyAccess.cpp (modified) (11 diffs)
-
Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp (modified) (10 diffs)
-
Source/JavaScriptCore/runtime/Symbol.h (modified) (1 diff)
-
Source/JavaScriptCore/tests/stress/get-by-val-with-string-constructor.js (deleted)
-
Source/JavaScriptCore/tests/stress/get-by-val-with-string-exit.js (deleted)
-
Source/JavaScriptCore/tests/stress/get-by-val-with-string-generated.js (deleted)
-
Source/JavaScriptCore/tests/stress/get-by-val-with-string-getter.js (deleted)
-
Source/JavaScriptCore/tests/stress/get-by-val-with-string.js (deleted)
-
Source/JavaScriptCore/tests/stress/get-by-val-with-symbol-constructor.js (deleted)
-
Source/JavaScriptCore/tests/stress/get-by-val-with-symbol-exit.js (deleted)
-
Source/JavaScriptCore/tests/stress/get-by-val-with-symbol-getter.js (deleted)
-
Source/JavaScriptCore/tests/stress/get-by-val-with-symbol.js (deleted)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r188195 r188201 1 2015-08-09 Chris Dumez <cdumez@apple.com> 2 3 Regression(r188105): Seems to have caused crashes during PLT on some iPads 4 https://bugs.webkit.org/show_bug.cgi?id=147818 5 6 Unreviewed, roll out r188105. 7 8 * js/regress/get-by-val-with-string-bimorphic-check-structure-elimination-expected.txt: Removed. 9 * js/regress/get-by-val-with-string-bimorphic-check-structure-elimination-simple-expected.txt: Removed. 10 * js/regress/get-by-val-with-string-bimorphic-check-structure-elimination-simple.html: Removed. 11 * js/regress/get-by-val-with-string-bimorphic-check-structure-elimination.html: Removed. 12 * js/regress/get-by-val-with-string-chain-from-try-block-expected.txt: Removed. 13 * js/regress/get-by-val-with-string-chain-from-try-block.html: Removed. 14 * js/regress/get-by-val-with-string-check-structure-elimination-expected.txt: Removed. 15 * js/regress/get-by-val-with-string-check-structure-elimination.html: Removed. 16 * js/regress/get-by-val-with-string-proto-or-self-expected.txt: Removed. 17 * js/regress/get-by-val-with-string-proto-or-self.html: Removed. 18 * js/regress/get-by-val-with-string-quadmorphic-check-structure-elimination-simple-expected.txt: Removed. 19 * js/regress/get-by-val-with-string-quadmorphic-check-structure-elimination-simple.html: Removed. 20 * js/regress/get-by-val-with-string-self-or-proto-expected.txt: Removed. 21 * js/regress/get-by-val-with-string-self-or-proto.html: Removed. 22 * js/regress/get-by-val-with-symbol-bimorphic-check-structure-elimination-expected.txt: Removed. 23 * js/regress/get-by-val-with-symbol-bimorphic-check-structure-elimination-simple-expected.txt: Removed. 24 * js/regress/get-by-val-with-symbol-bimorphic-check-structure-elimination-simple.html: Removed. 25 * js/regress/get-by-val-with-symbol-bimorphic-check-structure-elimination.html: Removed. 26 * js/regress/get-by-val-with-symbol-chain-from-try-block-expected.txt: Removed. 27 * js/regress/get-by-val-with-symbol-chain-from-try-block.html: Removed. 28 * js/regress/get-by-val-with-symbol-check-structure-elimination-expected.txt: Removed. 29 * js/regress/get-by-val-with-symbol-check-structure-elimination.html: Removed. 30 * js/regress/get-by-val-with-symbol-proto-or-self-expected.txt: Removed. 31 * js/regress/get-by-val-with-symbol-proto-or-self.html: Removed. 32 * js/regress/get-by-val-with-symbol-quadmorphic-check-structure-elimination-simple-expected.txt: Removed. 33 * js/regress/get-by-val-with-symbol-quadmorphic-check-structure-elimination-simple.html: Removed. 34 * js/regress/get-by-val-with-symbol-self-or-proto-expected.txt: Removed. 35 * js/regress/get-by-val-with-symbol-self-or-proto.html: Removed. 36 * js/regress/script-tests/get-by-val-with-string-bimorphic-check-structure-elimination-simple.js: Removed. 37 * js/regress/script-tests/get-by-val-with-string-bimorphic-check-structure-elimination.js: Removed. 38 * js/regress/script-tests/get-by-val-with-string-chain-from-try-block.js: Removed. 39 * js/regress/script-tests/get-by-val-with-string-check-structure-elimination.js: Removed. 40 * js/regress/script-tests/get-by-val-with-string-proto-or-self.js: Removed. 41 * js/regress/script-tests/get-by-val-with-string-quadmorphic-check-structure-elimination-simple.js: Removed. 42 * js/regress/script-tests/get-by-val-with-string-self-or-proto.js: Removed. 43 * js/regress/script-tests/get-by-val-with-symbol-bimorphic-check-structure-elimination-simple.js: Removed. 44 * js/regress/script-tests/get-by-val-with-symbol-bimorphic-check-structure-elimination.js: Removed. 45 * js/regress/script-tests/get-by-val-with-symbol-chain-from-try-block.js: Removed. 46 * js/regress/script-tests/get-by-val-with-symbol-check-structure-elimination.js: Removed. 47 * js/regress/script-tests/get-by-val-with-symbol-proto-or-self.js: Removed. 48 * js/regress/script-tests/get-by-val-with-symbol-quadmorphic-check-structure-elimination-simple.js: Removed. 49 * js/regress/script-tests/get-by-val-with-symbol-self-or-proto.js: Removed. 50 1 51 2015-08-09 Myles C. Maxfield <mmaxfield@apple.com> 2 52 -
trunk/Source/JavaScriptCore/ChangeLog
r188187 r188201 1 2015-08-09 Chris Dumez <cdumez@apple.com> 2 3 Regression(r188105): Seems to have caused crashes during PLT on some iPads 4 https://bugs.webkit.org/show_bug.cgi?id=147818 5 6 Unreviewed, roll out r188105. 7 8 * bytecode/ByValInfo.h: 9 (JSC::ByValInfo::ByValInfo): 10 * bytecode/CodeBlock.cpp: 11 (JSC::CodeBlock::getByValInfoMap): Deleted. 12 (JSC::CodeBlock::addByValInfo): Deleted. 13 * bytecode/CodeBlock.h: 14 (JSC::CodeBlock::getByValInfo): 15 (JSC::CodeBlock::setNumberOfByValInfos): 16 (JSC::CodeBlock::numberOfByValInfos): 17 (JSC::CodeBlock::byValInfo): 18 * bytecode/ExitKind.cpp: 19 (JSC::exitKindToString): Deleted. 20 * bytecode/ExitKind.h: 21 * bytecode/GetByIdStatus.cpp: 22 (JSC::GetByIdStatus::computeFor): 23 (JSC::GetByIdStatus::computeForStubInfo): 24 (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted. 25 * bytecode/GetByIdStatus.h: 26 * dfg/DFGAbstractInterpreterInlines.h: 27 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted. 28 * dfg/DFGByteCodeParser.cpp: 29 (JSC::DFG::ByteCodeParser::parseBlock): 30 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted. 31 * dfg/DFGClobberize.h: 32 (JSC::DFG::clobberize): Deleted. 33 * dfg/DFGConstantFoldingPhase.cpp: 34 (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted. 35 * dfg/DFGDoesGC.cpp: 36 (JSC::DFG::doesGC): Deleted. 37 * dfg/DFGFixupPhase.cpp: 38 (JSC::DFG::FixupPhase::fixupNode): Deleted. 39 (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted. 40 * dfg/DFGNode.h: 41 (JSC::DFG::Node::hasUidOperand): Deleted. 42 (JSC::DFG::Node::uidOperand): Deleted. 43 * dfg/DFGNodeType.h: 44 * dfg/DFGPredictionPropagationPhase.cpp: 45 (JSC::DFG::PredictionPropagationPhase::propagate): Deleted. 46 * dfg/DFGSafeToExecute.h: 47 (JSC::DFG::SafeToExecuteEdge::operator()): Deleted. 48 (JSC::DFG::safeToExecute): Deleted. 49 * dfg/DFGSpeculativeJIT.cpp: 50 (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted. 51 (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted. 52 (JSC::DFG::SpeculativeJIT::speculate): Deleted. 53 * dfg/DFGSpeculativeJIT.h: 54 * dfg/DFGSpeculativeJIT32_64.cpp: 55 (JSC::DFG::SpeculativeJIT::compile): Deleted. 56 * dfg/DFGSpeculativeJIT64.cpp: 57 (JSC::DFG::SpeculativeJIT::compile): Deleted. 58 * dfg/DFGUseKind.cpp: 59 (WTF::printInternal): Deleted. 60 * dfg/DFGUseKind.h: 61 (JSC::DFG::typeFilterFor): Deleted. 62 (JSC::DFG::isCell): Deleted. 63 * ftl/FTLAbstractHeapRepository.h: 64 * ftl/FTLCapabilities.cpp: 65 (JSC::FTL::canCompile): Deleted. 66 * ftl/FTLLowerDFGToLLVM.cpp: 67 (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted. 68 (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted. 69 (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted. 70 (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted. 71 (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted. 72 (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted. 73 * jit/JIT.cpp: 74 (JSC::JIT::privateCompile): 75 * jit/JIT.h: 76 (JSC::ByValCompilationInfo::ByValCompilationInfo): 77 (JSC::JIT::compileGetByValWithCachedId): Deleted. 78 * jit/JITInlines.h: 79 (JSC::JIT::callOperation): Deleted. 80 * jit/JITOpcodes.cpp: 81 (JSC::JIT::emit_op_has_indexed_property): 82 (JSC::JIT::emitSlow_op_has_indexed_property): 83 * jit/JITOpcodes32_64.cpp: 84 (JSC::JIT::emit_op_has_indexed_property): 85 (JSC::JIT::emitSlow_op_has_indexed_property): 86 * jit/JITOperations.cpp: 87 (JSC::getByVal): 88 * jit/JITOperations.h: 89 * jit/JITPropertyAccess.cpp: 90 (JSC::JIT::emit_op_get_by_val): 91 (JSC::JIT::emitSlow_op_get_by_val): 92 (JSC::JIT::emit_op_put_by_val): 93 (JSC::JIT::emitSlow_op_put_by_val): 94 (JSC::JIT::emitGetByValWithCachedId): Deleted. 95 (JSC::JIT::privateCompileGetByVal): Deleted. 96 (JSC::JIT::privateCompileGetByValWithCachedId): Deleted. 97 * jit/JITPropertyAccess32_64.cpp: 98 (JSC::JIT::emit_op_get_by_val): 99 (JSC::JIT::emitSlow_op_get_by_val): 100 (JSC::JIT::emit_op_put_by_val): 101 (JSC::JIT::emitSlow_op_put_by_val): 102 (JSC::JIT::emitGetByValWithCachedId): Deleted. 103 * runtime/Symbol.h: 104 * tests/stress/get-by-val-with-string-constructor.js: Removed. 105 * tests/stress/get-by-val-with-string-exit.js: Removed. 106 * tests/stress/get-by-val-with-string-generated.js: Removed. 107 * tests/stress/get-by-val-with-string-getter.js: Removed. 108 * tests/stress/get-by-val-with-string.js: Removed. 109 * tests/stress/get-by-val-with-symbol-constructor.js: Removed. 110 * tests/stress/get-by-val-with-symbol-exit.js: Removed. 111 * tests/stress/get-by-val-with-symbol-getter.js: Removed. 112 * tests/stress/get-by-val-with-symbol.js: Removed. 113 1 114 2015-08-07 Gyuyoung Kim <gyuyoung.kim@webkit.org> 2 115 -
trunk/Source/JavaScriptCore/bytecode/ByValInfo.h
r188105 r188201 27 27 #define ByValInfo_h 28 28 29 #if ENABLE(JIT) 30 29 31 #include "ClassInfo.h" 30 32 #include "CodeLocation.h" 31 #include "CodeOrigin.h"32 33 #include "IndexingType.h" 33 34 #include "JITStubRoutine.h" 34 35 #include "Structure.h" 35 #include "StructureStubInfo.h"36 36 37 37 namespace JSC { 38 39 #if ENABLE(JIT)40 38 41 39 enum JITArrayMode { … … 204 202 struct ByValInfo { 205 203 ByValInfo() { } 206 207 ByValInfo(unsigned bytecodeIndex, CodeLocationJump notIndexJump, CodeLocationJump badTypeJump, JITArrayMode arrayMode, ArrayProfile* arrayProfile, int16_t badTypeJumpToDone, int16_t returnAddressToSlowPath)204 205 ByValInfo(unsigned bytecodeIndex, CodeLocationJump badTypeJump, JITArrayMode arrayMode, int16_t badTypeJumpToDone, int16_t returnAddressToSlowPath) 208 206 : bytecodeIndex(bytecodeIndex) 209 , notIndexJump(notIndexJump)210 207 , badTypeJump(badTypeJump) 211 208 , arrayMode(arrayMode) 212 , arrayProfile(arrayProfile)213 209 , badTypeJumpToDone(badTypeJumpToDone) 214 210 , returnAddressToSlowPath(returnAddressToSlowPath) 215 211 , slowPathCount(0) 216 , stubInfo(nullptr)217 , tookSlowPath(false)218 212 { 219 213 } 220 214 221 215 unsigned bytecodeIndex; 222 CodeLocationJump notIndexJump;223 216 CodeLocationJump badTypeJump; 224 217 JITArrayMode arrayMode; // The array mode that was baked into the inline JIT code. 225 ArrayProfile* arrayProfile;226 218 int16_t badTypeJumpToDone; 227 219 int16_t returnAddressToSlowPath; 228 220 unsigned slowPathCount; 229 221 RefPtr<JITStubRoutine> stubRoutine; 230 Identifier cachedId;231 StructureStubInfo* stubInfo;232 bool tookSlowPath;233 222 }; 234 223 … … 238 227 } 239 228 240 typedef HashMap<CodeOrigin, ByValInfo*, CodeOriginApproximateHash> ByValInfoMap; 241 242 #else // ENABLE(JIT) 243 244 typedef HashMap<int, void*> ByValInfoMap; 229 } // namespace JSC 245 230 246 231 #endif // ENABLE(JIT) 247 232 248 } // namespace JSC249 250 233 #endif // ByValInfo_h 251 234 -
trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp
r188136 r188201 2673 2673 } 2674 2674 2675 void CodeBlock::getByValInfoMap(const ConcurrentJITLocker&, ByValInfoMap& result)2676 {2677 #if ENABLE(JIT)2678 for (auto* byValInfo : m_byValInfos)2679 result.add(CodeOrigin(byValInfo->bytecodeIndex), byValInfo);2680 #else2681 UNUSED_PARAM(result);2682 #endif2683 }2684 2685 void CodeBlock::getByValInfoMap(ByValInfoMap& result)2686 {2687 ConcurrentJITLocker locker(m_lock);2688 getByValInfoMap(locker, result);2689 }2690 2691 2675 #if ENABLE(JIT) 2692 2676 StructureStubInfo* CodeBlock::addStubInfo() … … 2703 2687 } 2704 2688 return nullptr; 2705 }2706 2707 ByValInfo* CodeBlock::addByValInfo()2708 {2709 ConcurrentJITLocker locker(m_lock);2710 return m_byValInfos.add();2711 2689 } 2712 2690 -
trunk/Source/JavaScriptCore/bytecode/CodeBlock.h
r188105 r188201 201 201 void getCallLinkInfoMap(const ConcurrentJITLocker&, CallLinkInfoMap& result); 202 202 void getCallLinkInfoMap(CallLinkInfoMap& result); 203 204 void getByValInfoMap(const ConcurrentJITLocker&, ByValInfoMap& result);205 void getByValInfoMap(ByValInfoMap& result);206 203 207 204 #if ENABLE(JIT) … … 215 212 216 213 void resetStub(StructureStubInfo&); 217 218 ByValInfo* addByValInfo(); 214 215 ByValInfo& getByValInfo(unsigned bytecodeIndex) 216 { 217 return *(binarySearch<ByValInfo, unsigned>(m_byValInfos, m_byValInfos.size(), bytecodeIndex, getByValInfoBytecodeIndex)); 218 } 219 219 220 220 CallLinkInfo* addCallLinkInfo(); … … 367 367 368 368 String nameForRegister(VirtualRegister); 369 370 #if ENABLE(JIT) 371 void setNumberOfByValInfos(size_t size) { m_byValInfos.resizeToFit(size); } 372 size_t numberOfByValInfos() const { return m_byValInfos.size(); } 373 ByValInfo& byValInfo(size_t index) { return m_byValInfos[index]; } 374 #endif 369 375 370 376 unsigned numberOfArgumentValueProfiles() … … 1011 1017 #if ENABLE(JIT) 1012 1018 Bag<StructureStubInfo> m_stubInfos; 1013 Bag<ByValInfo> m_byValInfos;1019 Vector<ByValInfo> m_byValInfos; 1014 1020 Bag<CallLinkInfo> m_callLinkInfos; 1015 1021 SentinelLinkedList<CallLinkInfo, BasicRawSentinelNode<CallLinkInfo>> m_incomingCalls; -
trunk/Source/JavaScriptCore/bytecode/ExitKind.cpp
r188105 r188201 41 41 case BadCell: 42 42 return "BadCell"; 43 case BadIdent:44 return "BadIdent";45 43 case BadExecutable: 46 44 return "BadExecutable"; -
trunk/Source/JavaScriptCore/bytecode/ExitKind.h
r188105 r188201 33 33 BadType, // We exited because a type prediction was wrong. 34 34 BadCell, // We exited because we made an incorrect assumption about what cell we would see. Usually used for function checks. 35 BadIdent, // We exited because we made an incorrect assumption about what identifier we would see. Usually used for cached Id check in get_by_val.36 35 BadExecutable, // We exited because we made an incorrect assumption about what executable we would see. 37 36 BadCache, // We exited because an inline cache was wrong. -
trunk/Source/JavaScriptCore/bytecode/GetByIdStatus.cpp
r188105 r188201 99 99 100 100 #if ENABLE(DFG_JIT) 101 result = computeForStubInfo WithoutExitSiteFeedback(101 result = computeForStubInfo( 102 102 locker, profiledBlock, map.get(CodeOrigin(bytecodeIndex)), uid, 103 103 CallLinkStatus::computeExitSiteData(locker, profiledBlock, bytecodeIndex)); … … 117 117 118 118 #if ENABLE(JIT) 119 GetByIdStatus GetByIdStatus::computeForStubInfo(const ConcurrentJITLocker& locker, CodeBlock* profiledBlock, StructureStubInfo* stubInfo, CodeOrigin codeOrigin, UniquedStringImpl* uid) 120 { 121 GetByIdStatus result = GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback( 122 locker, profiledBlock, stubInfo, uid, 123 CallLinkStatus::computeExitSiteData(locker, profiledBlock, codeOrigin.bytecodeIndex)); 124 125 if (!result.takesSlowPath() && GetByIdStatus::hasExitSite(locker, profiledBlock, codeOrigin.bytecodeIndex)) 126 return GetByIdStatus(result.makesCalls() ? GetByIdStatus::MakesCalls : GetByIdStatus::TakesSlowPath, true); 127 return result; 128 } 129 #endif // ENABLE(JIT) 130 131 #if ENABLE(JIT) 132 GetByIdStatus GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback( 119 GetByIdStatus GetByIdStatus::computeForStubInfo( 133 120 const ConcurrentJITLocker& locker, CodeBlock* profiledBlock, StructureStubInfo* stubInfo, UniquedStringImpl* uid, 134 121 CallLinkStatus::ExitSiteData callExitSiteData) … … 256 243 { 257 244 ConcurrentJITLocker locker(dfgBlock->m_lock); 258 result = computeForStubInfo WithoutExitSiteFeedback(245 result = computeForStubInfo( 259 246 locker, dfgBlock, dfgMap.get(codeOrigin), uid, exitSiteData); 260 247 } -
trunk/Source/JavaScriptCore/bytecode/GetByIdStatus.h
r188105 r188201 72 72 73 73 static GetByIdStatus computeFor(CodeBlock* baselineBlock, CodeBlock* dfgBlock, StubInfoMap& baselineMap, StubInfoMap& dfgMap, CodeOrigin, UniquedStringImpl* uid); 74 75 #if ENABLE(JIT) 76 static GetByIdStatus computeForStubInfo(const ConcurrentJITLocker&, CodeBlock* baselineBlock, StructureStubInfo*, CodeOrigin, UniquedStringImpl* uid); 77 #endif 78 74 79 75 State state() const { return m_state; } 80 76 … … 100 96 #endif 101 97 #if ENABLE(JIT) 102 static GetByIdStatus computeForStubInfo WithoutExitSiteFeedback(98 static GetByIdStatus computeForStubInfo( 103 99 const ConcurrentJITLocker&, CodeBlock* profiledBlock, StructureStubInfo*, 104 100 UniquedStringImpl* uid, CallLinkStatus::ExitSiteData); -
trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
r188105 r188201 2164 2164 } 2165 2165 2166 case CheckIdent: {2167 AbstractValue& value = forNode(node->child1());2168 UniquedStringImpl* uid = node->uidOperand();2169 ASSERT(uid->isSymbol() ? !(value.m_type & ~SpecSymbol) : !(value.m_type & ~SpecStringIdent)); // Edge filtering should have already ensured this.2170 2171 JSValue childConstant = value.value();2172 if (childConstant) {2173 if (uid->isSymbol()) {2174 ASSERT(childConstant.isSymbol());2175 if (asSymbol(childConstant)->privateName().uid() == uid) {2176 m_state.setFoundConstants(true);2177 break;2178 }2179 } else {2180 ASSERT(childConstant.isString());2181 if (asString(childConstant)->tryGetValueImpl() == uid) {2182 m_state.setFoundConstants(true);2183 break;2184 }2185 }2186 }2187 2188 filter(value, uid->isSymbol() ? SpecSymbol : SpecStringIdent);2189 break;2190 }2191 2192 2166 case CheckInBounds: { 2193 2167 JSValue left = forNode(node->child1()).value(); -
trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
r188105 r188201 970 970 CallLinkInfoMap m_callLinkInfos; 971 971 StubInfoMap m_stubInfos; 972 ByValInfoMap m_byValInfos;973 972 974 973 // Did we see any returns? We need to handle the (uncommon but necessary) … … 3399 3398 case op_get_by_val: { 3400 3399 SpeculatedType prediction = getPredictionWithoutOSRExit(); 3401 3400 3402 3401 Node* base = get(VirtualRegister(currentInstruction[2].u.operand)); 3402 ArrayMode arrayMode = getArrayMode(currentInstruction[4].u.arrayProfile, Array::Read); 3403 3403 Node* property = get(VirtualRegister(currentInstruction[3].u.operand)); 3404 bool compiledAsGetById = false; 3405 { 3406 ConcurrentJITLocker locker(m_inlineStackTop->m_profiledBlock->m_lock); 3407 ByValInfo* byValInfo = m_inlineStackTop->m_byValInfos.get(CodeOrigin(currentCodeOrigin().bytecodeIndex)); 3408 // FIXME: When the bytecode is not compiled in the baseline JIT, byValInfo becomes null. 3409 // At that time, there is no information. 3410 if (byValInfo && byValInfo->stubInfo && !byValInfo->tookSlowPath && !m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadIdent)) { 3411 compiledAsGetById = true; 3412 unsigned identifierNumber = m_graph.identifiers().ensure(byValInfo->cachedId.impl()); 3413 UniquedStringImpl* uid = m_graph.identifiers()[identifierNumber]; 3414 3415 addToGraph(CheckIdent, OpInfo(uid), property); 3416 3417 GetByIdStatus getByIdStatus = GetByIdStatus::computeForStubInfo( 3418 locker, m_inlineStackTop->m_profiledBlock, 3419 byValInfo->stubInfo, currentCodeOrigin(), uid); 3420 3421 handleGetById(currentInstruction[1].u.operand, prediction, base, identifierNumber, getByIdStatus); 3422 } 3423 } 3424 3425 if (!compiledAsGetById) { 3426 ArrayMode arrayMode = getArrayMode(currentInstruction[4].u.arrayProfile, Array::Read); 3427 Node* getByVal = addToGraph(GetByVal, OpInfo(arrayMode.asWord()), OpInfo(prediction), base, property); 3428 set(VirtualRegister(currentInstruction[1].u.operand), getByVal); 3429 } 3404 Node* getByVal = addToGraph(GetByVal, OpInfo(arrayMode.asWord()), OpInfo(prediction), base, property); 3405 set(VirtualRegister(currentInstruction[1].u.operand), getByVal); 3430 3406 3431 3407 NEXT_OPCODE(op_get_by_val); … … 4330 4306 m_profiledBlock->getStubInfoMap(locker, m_stubInfos); 4331 4307 m_profiledBlock->getCallLinkInfoMap(locker, m_callLinkInfos); 4332 m_profiledBlock->getByValInfoMap(locker, m_byValInfos);4333 4308 } 4334 4309 } -
trunk/Source/JavaScriptCore/dfg/DFGClobberize.h
r188105 r188201 269 269 return; 270 270 271 case CheckIdent:272 def(PureValue(CheckIdent, AdjacencyList(AdjacencyList::Fixed, node->child1()), node->uidOperand()));273 return;274 275 271 case ConstantStoragePointer: 276 272 def(PureValue(node, node->storagePointer())); -
trunk/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
r188105 r188201 209 209 } 210 210 211 case CheckIdent: {212 UniquedStringImpl* uid = node->uidOperand();213 JSValue childConstant = m_state.forNode(node->child1()).value();214 const UniquedStringImpl* constantUid = nullptr;215 if (childConstant) {216 if (uid->isSymbol()) {217 if (childConstant.isSymbol())218 constantUid = asSymbol(childConstant)->privateName().uid();219 } else {220 if (childConstant.isString()) {221 // Since we already filtered the value with StringIdentUse,222 // the held impl is always atomic.223 if (const auto* impl = asString(childConstant)->tryGetValueImpl()) {224 ASSERT(impl->isAtomic());225 constantUid = static_cast<const UniquedStringImpl*>(impl);226 }227 }228 }229 }230 231 if (constantUid == uid) {232 node->remove();233 eliminated = true;234 }235 break;236 }237 238 211 case CheckInBounds: { 239 212 JSValue left = m_state.forNode(node->child1()).value(); -
trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp
r188105 r188201 108 108 case CheckCell: 109 109 case CheckNotEmpty: 110 case CheckIdent:111 110 case RegExpExec: 112 111 case RegExpTest: -
trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
r188105 r188201 1013 1013 break; 1014 1014 } 1015 1016 case CheckIdent: {1017 UniquedStringImpl* uid = node->uidOperand();1018 if (uid->isSymbol())1019 fixEdge<SymbolUse>(node->child1());1020 else1021 fixEdge<StringIdentUse>(node->child1());1022 break;1023 }1024 1015 1025 1016 case Arrayify: … … 1770 1761 case StringUse: 1771 1762 case KnownStringUse: 1772 case SymbolUse:1773 1763 case StringObjectUse: 1774 1764 case StringOrStringObjectUse: -
trunk/Source/JavaScriptCore/dfg/DFGNode.h
r188105 r188201 1329 1329 } 1330 1330 1331 bool hasUidOperand()1332 {1333 return op() == CheckIdent;1334 }1335 1336 UniquedStringImpl* uidOperand()1337 {1338 ASSERT(hasUidOperand());1339 return reinterpret_cast<UniquedStringImpl*>(m_opInfo);1340 }1341 1342 1331 bool hasTransition() 1343 1332 { -
trunk/Source/JavaScriptCore/dfg/DFGNodeType.h
r188105 r188201 210 210 macro(CheckBadCell, NodeMustGenerate) \ 211 211 macro(CheckInBounds, NodeMustGenerate) \ 212 macro(CheckIdent, NodeMustGenerate) \213 212 \ 214 213 /* Optimizations for array mutation. */\ -
trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
r188105 r188201 650 650 case CheckCell: 651 651 case CheckNotEmpty: 652 case CheckIdent:653 652 case CheckBadCell: 654 653 case PutStructure: -
trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h
r188105 r188201 60 60 case StringIdentUse: 61 61 case StringUse: 62 case SymbolUse:63 62 case StringObjectUse: 64 63 case StringOrStringObjectUse: … … 190 189 case CheckBadCell: 191 190 case CheckNotEmpty: 192 case CheckIdent:193 191 case RegExpExec: 194 192 case RegExpTest: -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
r188105 r188201 4577 4577 } 4578 4578 4579 void SpeculativeJIT::compileCheckIdent(Node* node)4580 {4581 SpeculateCellOperand operand(this, node->child1());4582 UniquedStringImpl* uid = node->uidOperand();4583 if (uid->isSymbol()) {4584 speculateSymbol(node->child1(), operand.gpr());4585 speculationCheck(4586 BadIdent, JSValueSource(), nullptr,4587 m_jit.branchPtr(4588 JITCompiler::NotEqual,4589 JITCompiler::Address(operand.gpr(), Symbol::offsetOfPrivateName()),4590 TrustedImmPtr(uid)));4591 } else {4592 speculateString(node->child1(), operand.gpr());4593 speculateStringIdent(node->child1(), operand.gpr());4594 speculationCheck(4595 BadIdent, JSValueSource(), nullptr,4596 m_jit.branchPtr(4597 JITCompiler::NotEqual,4598 JITCompiler::Address(operand.gpr(), JSString::offsetOfValue()),4599 TrustedImmPtr(uid)));4600 }4601 noResult(node);4602 }4603 4604 4579 void SpeculativeJIT::compileNewFunction(Node* node) 4605 4580 { … … 5757 5732 } 5758 5733 5759 void SpeculativeJIT::speculateSymbol(Edge edge, GPRReg cell)5760 {5761 DFG_TYPE_CHECK(JSValueSource::unboxedCell(cell), edge, SpecSymbol, m_jit.branchIfNotSymbol(cell));5762 }5763 5764 void SpeculativeJIT::speculateSymbol(Edge edge)5765 {5766 if (!needsTypeCheck(edge, SpecSymbol))5767 return;5768 5769 SpeculateCellOperand operand(this, edge);5770 speculateSymbol(edge, operand.gpr());5771 }5772 5773 5734 void SpeculativeJIT::speculateNotCell(Edge edge) 5774 5735 { … … 5881 5842 case StringUse: 5882 5843 speculateString(edge); 5883 break;5884 case SymbolUse:5885 speculateSymbol(edge);5886 5844 break; 5887 5845 case StringObjectUse: -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
r188105 r188201 2192 2192 2193 2193 void compileGetArrayLength(Node*); 2194 2195 void compileCheckIdent(Node*);2196 2194 2197 2195 void compileValueRep(Node*); … … 2409 2407 void speculateStringObject(Edge); 2410 2408 void speculateStringOrStringObject(Edge); 2411 void speculateSymbol(Edge, GPRReg cell);2412 void speculateSymbol(Edge);2413 2409 void speculateNotCell(Edge); 2414 2410 void speculateOther(Edge); -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
r188105 r188201 3821 3821 } 3822 3822 3823 case CheckIdent:3824 compileCheckIdent(node);3825 break;3826 3827 3823 case GetExecutable: { 3828 3824 SpeculateCellOperand function(this, node->child1()); -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
r188105 r188201 3851 3851 } 3852 3852 3853 case CheckIdent:3854 compileCheckIdent(node);3855 break;3856 3857 3853 case GetExecutable: { 3858 3854 SpeculateCellOperand function(this, node->child1()); -
trunk/Source/JavaScriptCore/dfg/DFGUseKind.cpp
r188105 r188201 98 98 out.print("KnownString"); 99 99 return; 100 case SymbolUse:101 out.print("Symbol");102 return;103 100 case StringObjectUse: 104 101 out.print("StringObject"); -
trunk/Source/JavaScriptCore/dfg/DFGUseKind.h
r188105 r188201 58 58 StringUse, 59 59 KnownStringUse, 60 SymbolUse,61 60 StringObjectUse, 62 61 StringOrStringObjectUse, … … 119 118 case KnownStringUse: 120 119 return SpecString; 121 case SymbolUse:122 return SpecSymbol;123 120 case StringObjectUse: 124 121 return SpecStringObject; … … 200 197 case StringUse: 201 198 case KnownStringUse: 202 case SymbolUse:203 199 case StringObjectUse: 204 200 case StringOrStringObjectUse: -
trunk/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h
r188105 r188201 88 88 macro(Structure_globalObject, Structure::globalObjectOffset()) \ 89 89 macro(Structure_prototype, Structure::prototypeOffset()) \ 90 macro(Structure_structureID, Structure::structureIDOffset()) \ 91 macro(Symbol_privateName, Symbol::offsetOfPrivateName()) 90 macro(Structure_structureID, Structure::structureIDOffset()) 92 91 93 92 #define FOR_EACH_INDEXED_ABSTRACT_HEAP(macro) \ -
trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp
r188105 r188201 119 119 case CheckBadCell: 120 120 case CheckNotEmpty: 121 case CheckIdent:122 121 case StringCharCodeAt: 123 122 case AllocatePropertyStorage: … … 417 416 case StringObjectUse: 418 417 case StringOrStringObjectUse: 419 case SymbolUse:420 418 case FinalObjectUse: 421 419 case NotCellUse: -
trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp
r188105 r188201 533 533 compileCheckBadCell(); 534 534 break; 535 case CheckIdent:536 compileCheckIdent();537 break;538 535 case GetExecutable: 539 536 compileGetExecutable(); … … 2031 2028 { 2032 2029 speculate(TDZFailure, noValue(), nullptr, m_out.isZero64(lowJSValue(m_node->child1()))); 2033 }2034 2035 void compileCheckIdent()2036 {2037 UniquedStringImpl* uid = m_node->uidOperand();2038 if (uid->isSymbol()) {2039 LValue symbol = lowSymbol(m_node->child1());2040 LValue stringImpl = m_out.loadPtr(symbol, m_heaps.Symbol_privateName);2041 speculate(BadIdent, noValue(), nullptr, m_out.notEqual(stringImpl, m_out.constIntPtr(uid)));2042 } else {2043 LValue string = lowStringIdent(m_node->child1());2044 LValue stringImpl = m_out.loadPtr(string, m_heaps.JSString_value);2045 speculate(BadIdent, noValue(), nullptr, m_out.notEqual(stringImpl, m_out.constIntPtr(uid)));2046 }2047 2030 } 2048 2031 … … 7038 7021 return stringImpl; 7039 7022 } 7040 7041 LValue lowSymbol(Edge edge, OperandSpeculationMode mode = AutomaticOperandSpeculation) 7042 { 7043 ASSERT_UNUSED(mode, mode == ManualOperandSpeculation || edge.useKind() == SymbolUse); 7044 7045 LValue result = lowCell(edge, mode); 7046 speculateSymbol(edge, result); 7047 return result; 7048 } 7049 7023 7050 7024 LValue lowNonNullObject(Edge edge, OperandSpeculationMode mode = AutomaticOperandSpeculation) 7051 7025 { … … 7444 7418 speculateStringIdent(edge); 7445 7419 break; 7446 case SymbolUse:7447 speculateSymbol(edge);7448 break;7449 7420 case StringObjectUse: 7450 7421 speculateStringObject(edge); … … 7543 7514 m_out.constInt32(vm().stringStructure->id())); 7544 7515 } 7545 7546 LValue isNotSymbol(LValue cell, SpeculatedType type = SpecFullTop) 7547 { 7548 if (LValue proven = isProvenValue(type & SpecCell, ~SpecSymbol)) 7549 return proven; 7550 return m_out.notEqual( 7551 m_out.load32(cell, m_heaps.JSCell_structureID), 7552 m_out.constInt32(vm().symbolStructure->id())); 7553 } 7554 7516 7555 7517 LValue isArrayType(LValue cell, ArrayMode arrayMode) 7556 7518 { … … 7775 7737 m_out.notEqual(structureID, weakStructureID(stringObjectStructure))); 7776 7738 } 7777 7778 void speculateSymbol(Edge edge, LValue cell) 7779 { 7780 FTL_TYPE_CHECK(jsValueValue(cell), edge, SpecSymbol | ~SpecCell, isNotSymbol(cell)); 7781 } 7782 7783 void speculateSymbol(Edge edge) 7784 { 7785 speculateSymbol(edge, lowCell(edge)); 7786 } 7787 7739 7788 7740 void speculateNonNullObject(Edge edge, LValue cell) 7789 7741 { -
trunk/Source/JavaScriptCore/jit/JIT.cpp
r188105 r188201 658 658 m_putByIds[i].finalize(patchBuffer); 659 659 660 for (const auto& byValCompilationInfo : m_byValCompilationInfo) { 661 PatchableJump patchableNotIndexJump = byValCompilationInfo.notIndexJump; 662 CodeLocationJump notIndexJump = CodeLocationJump(); 663 if (Jump(patchableNotIndexJump).isSet()) 664 notIndexJump = CodeLocationJump(patchBuffer.locationOf(patchableNotIndexJump)); 665 CodeLocationJump badTypeJump = CodeLocationJump(patchBuffer.locationOf(byValCompilationInfo.badTypeJump)); 666 CodeLocationLabel doneTarget = patchBuffer.locationOf(byValCompilationInfo.doneTarget); 667 CodeLocationLabel slowPathTarget = patchBuffer.locationOf(byValCompilationInfo.slowPathTarget); 668 CodeLocationCall returnAddress = patchBuffer.locationOf(byValCompilationInfo.returnAddress); 669 670 *byValCompilationInfo.byValInfo = ByValInfo( 671 byValCompilationInfo.bytecodeIndex, 672 notIndexJump, 660 m_codeBlock->setNumberOfByValInfos(m_byValCompilationInfo.size()); 661 for (unsigned i = 0; i < m_byValCompilationInfo.size(); ++i) { 662 CodeLocationJump badTypeJump = CodeLocationJump(patchBuffer.locationOf(m_byValCompilationInfo[i].badTypeJump)); 663 CodeLocationLabel doneTarget = patchBuffer.locationOf(m_byValCompilationInfo[i].doneTarget); 664 CodeLocationLabel slowPathTarget = patchBuffer.locationOf(m_byValCompilationInfo[i].slowPathTarget); 665 CodeLocationCall returnAddress = patchBuffer.locationOf(m_byValCompilationInfo[i].returnAddress); 666 667 m_codeBlock->byValInfo(i) = ByValInfo( 668 m_byValCompilationInfo[i].bytecodeIndex, 673 669 badTypeJump, 674 byValCompilationInfo.arrayMode, 675 byValCompilationInfo.arrayProfile, 670 m_byValCompilationInfo[i].arrayMode, 676 671 differenceBetweenCodePtr(badTypeJump, doneTarget), 677 672 differenceBetweenCodePtr(returnAddress, slowPathTarget)); -
trunk/Source/JavaScriptCore/jit/JIT.h
r188135 r188201 150 150 ByValCompilationInfo() { } 151 151 152 ByValCompilationInfo(ByValInfo* byValInfo, unsigned bytecodeIndex, MacroAssembler::PatchableJump notIndexJump, MacroAssembler::PatchableJump badTypeJump, JITArrayMode arrayMode, ArrayProfile* arrayProfile, MacroAssembler::Label doneTarget) 153 : byValInfo(byValInfo) 154 , bytecodeIndex(bytecodeIndex) 155 , notIndexJump(notIndexJump) 152 ByValCompilationInfo(unsigned bytecodeIndex, MacroAssembler::PatchableJump badTypeJump, JITArrayMode arrayMode, MacroAssembler::Label doneTarget) 153 : bytecodeIndex(bytecodeIndex) 156 154 , badTypeJump(badTypeJump) 157 155 , arrayMode(arrayMode) 158 , arrayProfile(arrayProfile)159 156 , doneTarget(doneTarget) 160 157 { 161 158 } 162 163 ByValInfo* byValInfo; 159 164 160 unsigned bytecodeIndex; 165 MacroAssembler::PatchableJump notIndexJump;166 161 MacroAssembler::PatchableJump badTypeJump; 167 162 JITArrayMode arrayMode; 168 ArrayProfile* arrayProfile;169 163 MacroAssembler::Label doneTarget; 170 164 MacroAssembler::Label slowPathTarget; … … 211 205 } 212 206 213 static void compileGetByValWithCachedId(VM* vm, CodeBlock* codeBlock, ByValInfo* byValInfo, ReturnAddressPtr returnAddress, const Identifier& propertyName)214 {215 JIT jit(vm, codeBlock);216 jit.m_bytecodeOffset = byValInfo->bytecodeIndex;217 jit.privateCompileGetByValWithCachedId(byValInfo, returnAddress, propertyName);218 }219 220 207 static void compilePutByVal(VM* vm, CodeBlock* codeBlock, ByValInfo* byValInfo, ReturnAddressPtr returnAddress, JITArrayMode arrayMode) 221 208 { … … 260 247 261 248 void privateCompileGetByVal(ByValInfo*, ReturnAddressPtr, JITArrayMode); 262 void privateCompileGetByValWithCachedId(ByValInfo*, ReturnAddressPtr, const Identifier&);263 249 void privateCompilePutByVal(ByValInfo*, ReturnAddressPtr, JITArrayMode); 264 250 … … 386 372 JumpList emitIntTypedArrayPutByVal(Instruction*, PatchableJump& badType, TypedArrayType); 387 373 JumpList emitFloatTypedArrayPutByVal(Instruction*, PatchableJump& badType, TypedArrayType); 388 389 JITGetByIdGenerator emitGetByValWithCachedId(Instruction*, const Identifier&, JumpList& doneCases, JumpList& slowCases); 390 374 391 375 enum FinalObjectMode { MayBeFinal, KnownNotFinal }; 392 376 … … 719 703 MacroAssembler::Call callOperation(J_JITOperation_EJJ, int, GPRReg, GPRReg); 720 704 MacroAssembler::Call callOperation(J_JITOperation_EJJAp, int, GPRReg, GPRReg, ArrayProfile*); 721 MacroAssembler::Call callOperation(J_JITOperation_EJJBy, int, GPRReg, GPRReg, ByValInfo*);722 705 MacroAssembler::Call callOperation(C_JITOperation_EJsc, GPRReg); 723 706 MacroAssembler::Call callOperation(J_JITOperation_EJscC, int, GPRReg, JSCell*); … … 764 747 MacroAssembler::Call callOperation(V_JITOperation_EJJJ, RegisterID, RegisterID, RegisterID); 765 748 MacroAssembler::Call callOperation(V_JITOperation_EJJJAp, RegisterID, RegisterID, RegisterID, ArrayProfile*); 766 MacroAssembler::Call callOperation(V_JITOperation_EJJJBy, RegisterID, RegisterID, RegisterID, ByValInfo*);767 749 MacroAssembler::Call callOperation(V_JITOperation_EJZJ, RegisterID, int32_t, RegisterID); 768 750 MacroAssembler::Call callOperation(V_JITOperation_EJZ, RegisterID, int32_t); … … 781 763 MacroAssembler::Call callOperation(J_JITOperation_EJJ, int, GPRReg, GPRReg, GPRReg, GPRReg); 782 764 MacroAssembler::Call callOperation(J_JITOperation_EJJAp, int, GPRReg, GPRReg, GPRReg, GPRReg, ArrayProfile*); 783 MacroAssembler::Call callOperation(J_JITOperation_EJJBy, int, GPRReg, GPRReg, GPRReg, GPRReg, ByValInfo*);784 765 MacroAssembler::Call callOperation(P_JITOperation_EJS, GPRReg, GPRReg, size_t); 785 766 MacroAssembler::Call callOperation(S_JITOperation_EJ, RegisterID, RegisterID); … … 789 770 MacroAssembler::Call callOperation(V_JITOperation_EJJJ, RegisterID, RegisterID, RegisterID, RegisterID, RegisterID, RegisterID); 790 771 MacroAssembler::Call callOperation(V_JITOperation_EJJJAp, RegisterID, RegisterID, RegisterID, RegisterID, RegisterID, RegisterID, ArrayProfile*); 791 MacroAssembler::Call callOperation(V_JITOperation_EJJJBy, RegisterID, RegisterID, RegisterID, RegisterID, RegisterID, RegisterID, ByValInfo*);792 772 MacroAssembler::Call callOperation(V_JITOperation_EJZ, RegisterID, RegisterID, int32_t); 793 773 MacroAssembler::Call callOperation(V_JITOperation_EJZJ, RegisterID, RegisterID, int32_t, RegisterID, RegisterID); -
trunk/Source/JavaScriptCore/jit/JITInlines.h
r188135 r188201 412 412 } 413 413 414 ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(V_JITOperation_EJJJBy operation, RegisterID regOp1, RegisterID regOp2, RegisterID regOp3, ByValInfo* byValInfo)415 {416 setupArgumentsWithExecState(regOp1, regOp2, regOp3, TrustedImmPtr(byValInfo));417 return appendCallWithExceptionCheck(operation);418 }419 420 414 ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(V_JITOperation_EZJ operation, int dst, GPRReg arg) 421 415 { … … 463 457 { 464 458 setupArgumentsWithExecState(arg1, arg2, TrustedImmPtr(arrayProfile)); 465 return appendCallWithExceptionCheckSetJSValueResult(operation, dst);466 }467 468 ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EJJBy operation, int dst, GPRReg arg1, GPRReg arg2, ByValInfo* byValInfo)469 {470 setupArgumentsWithExecState(arg1, arg2, TrustedImmPtr(byValInfo));471 459 return appendCallWithExceptionCheckSetJSValueResult(operation, dst); 472 460 } … … 613 601 } 614 602 615 ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EJJBy operation, int dst, GPRReg arg1Tag, GPRReg arg1Payload, GPRReg arg2Tag, GPRReg arg2Payload, ByValInfo* byValInfo)616 {617 setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag, SH4_32BIT_DUMMY_ARG arg2Payload, arg2Tag, TrustedImmPtr(byValInfo));618 return appendCallWithExceptionCheckSetJSValueResult(operation, dst);619 }620 621 603 ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(JIT::WithProfileTag, J_JITOperation_EJJ operation, int dst, GPRReg arg1Tag, GPRReg arg1Payload, GPRReg arg2Tag, GPRReg arg2Payload) 622 604 { … … 682 664 { 683 665 setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG regOp1Payload, regOp1Tag, SH4_32BIT_DUMMY_ARG regOp2Payload, regOp2Tag, regOp3Payload, regOp3Tag, TrustedImmPtr(arrayProfile)); 684 return appendCallWithExceptionCheck(operation);685 }686 687 ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(V_JITOperation_EJJJBy operation, RegisterID regOp1Tag, RegisterID regOp1Payload, RegisterID regOp2Tag, RegisterID regOp2Payload, RegisterID regOp3Tag, RegisterID regOp3Payload, ByValInfo* byValInfo)688 {689 setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG regOp1Payload, regOp1Tag, SH4_32BIT_DUMMY_ARG regOp2Payload, regOp2Tag, regOp3Payload, regOp3Tag, TrustedImmPtr(byValInfo));690 666 return appendCallWithExceptionCheck(operation); 691 667 } -
trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp
r188136 r188201 1068 1068 int property = currentInstruction[3].u.operand; 1069 1069 ArrayProfile* profile = currentInstruction[4].u.arrayProfile; 1070 ByValInfo* byValInfo = m_codeBlock->addByValInfo();1071 1070 1072 1071 emitGetVirtualRegisters(base, regT0, property, regT1); … … 1100 1099 emitPutVirtualRegister(dst); 1101 1100 1102 m_byValCompilationInfo.append(ByValCompilationInfo( byValInfo, m_bytecodeOffset, PatchableJump(), badType, mode, profile, done));1101 m_byValCompilationInfo.append(ByValCompilationInfo(m_bytecodeOffset, badType, mode, done)); 1103 1102 } 1104 1103 … … 1108 1107 int base = currentInstruction[2].u.operand; 1109 1108 int property = currentInstruction[3].u.operand; 1110 ByValInfo* byValInfo = m_byValCompilationInfo[m_byValInstructionIndex].byValInfo;1109 ArrayProfile* profile = currentInstruction[4].u.arrayProfile; 1111 1110 1112 1111 linkSlowCaseIfNotJSCell(iter, base); // base cell check … … 1119 1118 emitGetVirtualRegister(base, regT0); 1120 1119 emitGetVirtualRegister(property, regT1); 1121 Call call = callOperation(operationHasIndexedPropertyDefault, dst, regT0, regT1, byValInfo);1120 Call call = callOperation(operationHasIndexedPropertyDefault, dst, regT0, regT1, profile); 1122 1121 1123 1122 m_byValCompilationInfo[m_byValInstructionIndex].slowPathTarget = slowPath; -
trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp
r188136 r188201 1068 1068 int property = currentInstruction[3].u.operand; 1069 1069 ArrayProfile* profile = currentInstruction[4].u.arrayProfile; 1070 ByValInfo* byValInfo = m_codeBlock->addByValInfo();1071 1070 1072 1071 emitLoadPayload(base, regT0); … … 1101 1100 emitStoreBool(dst, regT0); 1102 1101 1103 m_byValCompilationInfo.append(ByValCompilationInfo( byValInfo, m_bytecodeOffset, PatchableJump(), badType, mode, profile, done));1102 m_byValCompilationInfo.append(ByValCompilationInfo(m_bytecodeOffset, badType, mode, done)); 1104 1103 } 1105 1104 … … 1109 1108 int base = currentInstruction[2].u.operand; 1110 1109 int property = currentInstruction[3].u.operand; 1111 ByValInfo* byValInfo = m_byValCompilationInfo[m_byValInstructionIndex].byValInfo;1110 ArrayProfile* profile = currentInstruction[4].u.arrayProfile; 1112 1111 1113 1112 linkSlowCaseIfNotJSCell(iter, base); // base cell check … … 1120 1119 emitLoad(base, regT1, regT0); 1121 1120 emitLoad(property, regT3, regT2); 1122 Call call = callOperation(operationHasIndexedPropertyDefault, dst, regT1, regT0, regT3, regT2, byValInfo);1121 Call call = callOperation(operationHasIndexedPropertyDefault, dst, regT1, regT0, regT3, regT2, profile); 1123 1122 1124 1123 m_byValCompilationInfo[m_byValInstructionIndex].slowPathTarget = slowPath; -
trunk/Source/JavaScriptCore/jit/JITOperations.cpp
r188136 r188201 479 479 } 480 480 481 static void putByVal(CallFrame* callFrame, JSValue baseValue, JSValue subscript, JSValue value, ByValInfo* byValInfo)481 static void putByVal(CallFrame* callFrame, JSValue baseValue, JSValue subscript, JSValue value, ArrayProfile* arrayProfile) 482 482 { 483 483 VM& vm = callFrame->vm(); … … 489 489 object->setIndexQuickly(callFrame->vm(), i, value); 490 490 else { 491 byValInfo->arrayProfile->setOutOfBounds();491 arrayProfile->setOutOfBounds(); 492 492 object->methodTable(vm)->putByIndex(object, callFrame, i, value, callFrame->codeBlock()->isStrictMode()); 493 493 } … … 503 503 } 504 504 505 static void directPutByVal(CallFrame* callFrame, JSObject* baseObject, JSValue subscript, JSValue value, ByValInfo* byValInfo)505 static void directPutByVal(CallFrame* callFrame, JSObject* baseObject, JSValue subscript, JSValue value, ArrayProfile* arrayProfile) 506 506 { 507 507 bool isStrictMode = callFrame->codeBlock()->isStrictMode(); … … 515 515 } 516 516 517 byValInfo->arrayProfile->setOutOfBounds();517 arrayProfile->setOutOfBounds(); 518 518 baseObject->putDirectIndex(callFrame, index, value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow); 519 519 return; … … 541 541 } 542 542 } 543 void JIT_OPERATION operationPutByVal(ExecState* exec, EncodedJSValue encodedBaseValue, EncodedJSValue encodedSubscript, EncodedJSValue encodedValue, ByValInfo* byValInfo)543 void JIT_OPERATION operationPutByVal(ExecState* exec, EncodedJSValue encodedBaseValue, EncodedJSValue encodedSubscript, EncodedJSValue encodedValue, ArrayProfile* arrayProfile) 544 544 { 545 545 VM& vm = exec->vm(); … … 555 555 bool didOptimize = false; 556 556 557 ASSERT(exec->locationAsBytecodeOffset()); 558 ASSERT(!byValInfo->stubRoutine); 557 unsigned bytecodeOffset = exec->locationAsBytecodeOffset(); 558 ASSERT(bytecodeOffset); 559 ByValInfo& byValInfo = exec->codeBlock()->getByValInfo(bytecodeOffset - 1); 560 ASSERT(!byValInfo.stubRoutine); 559 561 560 562 Structure* structure = object->structure(vm); … … 562 564 // Attempt to optimize. 563 565 JITArrayMode arrayMode = jitArrayModeForStructure(structure); 564 if (jitArrayModePermitsPut(arrayMode) && arrayMode != byValInfo ->arrayMode) {566 if (jitArrayModePermitsPut(arrayMode) && arrayMode != byValInfo.arrayMode) { 565 567 CodeBlock* codeBlock = exec->codeBlock(); 566 568 ConcurrentJITLocker locker(codeBlock->m_lock); 567 byValInfo->arrayProfile->computeUpdatedPrediction(locker, codeBlock, structure);568 569 JIT::compilePutByVal(&vm, exec->codeBlock(), byValInfo, ReturnAddressPtr(OUR_RETURN_ADDRESS), arrayMode);569 arrayProfile->computeUpdatedPrediction(locker, codeBlock, structure); 570 571 JIT::compilePutByVal(&vm, exec->codeBlock(), &byValInfo, ReturnAddressPtr(OUR_RETURN_ADDRESS), arrayMode); 570 572 didOptimize = true; 571 573 } … … 578 580 // where we see non-index-intercepting objects, this gives 10 iterations worth of 579 581 // opportunity for us to observe that the get_by_val may be polymorphic. 580 if (++byValInfo ->slowPathCount >= 10582 if (++byValInfo.slowPathCount >= 10 581 583 || object->structure(vm)->typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero()) { 582 584 // Don't ever try to optimize. … … 586 588 } 587 589 588 putByVal(exec, baseValue, subscript, value, byValInfo);589 } 590 591 void JIT_OPERATION operationDirectPutByVal(ExecState* callFrame, EncodedJSValue encodedBaseValue, EncodedJSValue encodedSubscript, EncodedJSValue encodedValue, ByValInfo* byValInfo)590 putByVal(exec, baseValue, subscript, value, arrayProfile); 591 } 592 593 void JIT_OPERATION operationDirectPutByVal(ExecState* callFrame, EncodedJSValue encodedBaseValue, EncodedJSValue encodedSubscript, EncodedJSValue encodedValue, ArrayProfile* arrayProfile) 592 594 { 593 595 VM& vm = callFrame->vm(); … … 602 604 // See if it's worth optimizing at all. 603 605 bool didOptimize = false; 604 605 ASSERT(callFrame->locationAsBytecodeOffset()); 606 ASSERT(!byValInfo->stubRoutine); 606 607 unsigned bytecodeOffset = callFrame->locationAsBytecodeOffset(); 608 ASSERT(bytecodeOffset); 609 ByValInfo& byValInfo = callFrame->codeBlock()->getByValInfo(bytecodeOffset - 1); 610 ASSERT(!byValInfo.stubRoutine); 607 611 608 612 Structure* structure = object->structure(vm); … … 610 614 // Attempt to optimize. 611 615 JITArrayMode arrayMode = jitArrayModeForStructure(structure); 612 if (jitArrayModePermitsPut(arrayMode) && arrayMode != byValInfo ->arrayMode) {616 if (jitArrayModePermitsPut(arrayMode) && arrayMode != byValInfo.arrayMode) { 613 617 CodeBlock* codeBlock = callFrame->codeBlock(); 614 618 ConcurrentJITLocker locker(codeBlock->m_lock); 615 byValInfo->arrayProfile->computeUpdatedPrediction(locker, codeBlock, structure);616 617 JIT::compileDirectPutByVal(&vm, callFrame->codeBlock(), byValInfo, ReturnAddressPtr(OUR_RETURN_ADDRESS), arrayMode);619 arrayProfile->computeUpdatedPrediction(locker, codeBlock, structure); 620 621 JIT::compileDirectPutByVal(&vm, callFrame->codeBlock(), &byValInfo, ReturnAddressPtr(OUR_RETURN_ADDRESS), arrayMode); 618 622 didOptimize = true; 619 623 } … … 626 630 // where we see non-index-intercepting objects, this gives 10 iterations worth of 627 631 // opportunity for us to observe that the get_by_val may be polymorphic. 628 if (++byValInfo ->slowPathCount >= 10632 if (++byValInfo.slowPathCount >= 10 629 633 || object->structure(vm)->typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero()) { 630 634 // Don't ever try to optimize. … … 633 637 } 634 638 } 635 directPutByVal(callFrame, object, subscript, value, byValInfo);636 } 637 638 void JIT_OPERATION operationPutByValGeneric(ExecState* exec, EncodedJSValue encodedBaseValue, EncodedJSValue encodedSubscript, EncodedJSValue encodedValue, ByValInfo* byValInfo)639 directPutByVal(callFrame, object, subscript, value, arrayProfile); 640 } 641 642 void JIT_OPERATION operationPutByValGeneric(ExecState* exec, EncodedJSValue encodedBaseValue, EncodedJSValue encodedSubscript, EncodedJSValue encodedValue, ArrayProfile* arrayProfile) 639 643 { 640 644 VM& vm = exec->vm(); … … 645 649 JSValue value = JSValue::decode(encodedValue); 646 650 647 putByVal(exec, baseValue, subscript, value, byValInfo);648 } 649 650 651 void JIT_OPERATION operationDirectPutByValGeneric(ExecState* exec, EncodedJSValue encodedBaseValue, EncodedJSValue encodedSubscript, EncodedJSValue encodedValue, ByValInfo* byValInfo)651 putByVal(exec, baseValue, subscript, value, arrayProfile); 652 } 653 654 655 void JIT_OPERATION operationDirectPutByValGeneric(ExecState* exec, EncodedJSValue encodedBaseValue, EncodedJSValue encodedSubscript, EncodedJSValue encodedValue, ArrayProfile* arrayProfile) 652 656 { 653 657 VM& vm = exec->vm(); … … 658 662 JSValue value = JSValue::decode(encodedValue); 659 663 RELEASE_ASSERT(baseValue.isObject()); 660 directPutByVal(exec, asObject(baseValue), subscript, value, byValInfo);664 directPutByVal(exec, asObject(baseValue), subscript, value, arrayProfile); 661 665 } 662 666 … … 1411 1415 } 1412 1416 1413 static JSValue getByVal(ExecState* exec, JSValue baseValue, JSValue subscript, ByValInfo* byValInfo, ReturnAddressPtr returnAddress)1417 static JSValue getByVal(ExecState* exec, JSValue baseValue, JSValue subscript, ArrayProfile* arrayProfile, ReturnAddressPtr returnAddress) 1414 1418 { 1415 1419 if (LIKELY(baseValue.isCell() && subscript.isString())) { … … 1418 1422 if (JSCell::canUseFastGetOwnProperty(structure)) { 1419 1423 if (RefPtr<AtomicStringImpl> existingAtomicString = asString(subscript)->toExistingAtomicString(exec)) { 1420 if (JSValue result = baseValue.asCell()->fastGetOwnProperty(vm, structure, existingAtomicString.get())) { 1421 ASSERT(exec->locationAsBytecodeOffset()); 1422 if (byValInfo->stubInfo && byValInfo->cachedId.impl() != existingAtomicString) 1423 byValInfo->tookSlowPath = true; 1424 if (JSValue result = baseValue.asCell()->fastGetOwnProperty(vm, structure, existingAtomicString.get())) 1424 1425 return result; 1425 }1426 1426 } 1427 1427 } … … 1429 1429 1430 1430 if (subscript.isUInt32()) { 1431 ASSERT(exec->locationAsBytecodeOffset());1432 byValInfo->tookSlowPath = true;1433 1434 1431 uint32_t i = subscript.asUInt32(); 1435 1432 if (isJSString(baseValue)) { … … 1438 1435 return asString(baseValue)->getIndex(exec, i); 1439 1436 } 1440 byValInfo->arrayProfile->setOutOfBounds();1437 arrayProfile->setOutOfBounds(); 1441 1438 } else if (baseValue.isObject()) { 1442 1439 JSObject* object = asObject(baseValue); … … 1445 1442 1446 1443 if (!canAccessArgumentIndexQuickly(*object, i)) 1447 byValInfo->arrayProfile->setOutOfBounds();1444 arrayProfile->setOutOfBounds(); 1448 1445 } 1449 1446 … … 1457 1454 if (exec->hadException()) 1458 1455 return jsUndefined(); 1459 1460 ASSERT(exec->locationAsBytecodeOffset());1461 if (byValInfo->stubInfo && byValInfo->cachedId != property)1462 byValInfo->tookSlowPath = true;1463 1464 1456 return baseValue.get(exec, property); 1465 1457 } … … 1467 1459 extern "C" { 1468 1460 1469 EncodedJSValue JIT_OPERATION operationGetByValGeneric(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ByValInfo* byValInfo)1461 EncodedJSValue JIT_OPERATION operationGetByValGeneric(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ArrayProfile* arrayProfile) 1470 1462 { 1471 1463 VM& vm = exec->vm(); … … 1474 1466 JSValue subscript = JSValue::decode(encodedSubscript); 1475 1467 1476 JSValue result = getByVal(exec, baseValue, subscript, byValInfo, ReturnAddressPtr(OUR_RETURN_ADDRESS));1468 JSValue result = getByVal(exec, baseValue, subscript, arrayProfile, ReturnAddressPtr(OUR_RETURN_ADDRESS)); 1477 1469 return JSValue::encode(result); 1478 1470 } 1479 1471 1480 EncodedJSValue JIT_OPERATION operationGetByValOptimize(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ByValInfo* byValInfo)1472 EncodedJSValue JIT_OPERATION operationGetByValOptimize(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ArrayProfile* arrayProfile) 1481 1473 { 1482 1474 VM& vm = exec->vm(); … … 1484 1476 JSValue baseValue = JSValue::decode(encodedBase); 1485 1477 JSValue subscript = JSValue::decode(encodedSubscript); 1486 1478 1487 1479 if (baseValue.isObject() && subscript.isInt32()) { 1488 1480 // See if it's worth optimizing this at all. … … 1490 1482 bool didOptimize = false; 1491 1483 1492 ASSERT(exec->locationAsBytecodeOffset()); 1493 ASSERT(!byValInfo->stubRoutine); 1494 1484 unsigned bytecodeOffset = exec->locationAsBytecodeOffset(); 1485 ASSERT(bytecodeOffset); 1486 ByValInfo& byValInfo = exec->codeBlock()->getByValInfo(bytecodeOffset - 1); 1487 ASSERT(!byValInfo.stubRoutine); 1488 1495 1489 if (hasOptimizableIndexing(object->structure(vm))) { 1496 1490 // Attempt to optimize. 1497 1491 Structure* structure = object->structure(vm); 1498 1492 JITArrayMode arrayMode = jitArrayModeForStructure(structure); 1499 if (arrayMode != byValInfo ->arrayMode) {1493 if (arrayMode != byValInfo.arrayMode) { 1500 1494 // If we reached this case, we got an interesting array mode we did not expect when we compiled. 1501 1495 // Let's update the profile to do better next time. 1502 1496 CodeBlock* codeBlock = exec->codeBlock(); 1503 1497 ConcurrentJITLocker locker(codeBlock->m_lock); 1504 byValInfo->arrayProfile->computeUpdatedPrediction(locker, codeBlock, structure);1505 1506 JIT::compileGetByVal(&vm, exec->codeBlock(), byValInfo, ReturnAddressPtr(OUR_RETURN_ADDRESS), arrayMode);1498 arrayProfile->computeUpdatedPrediction(locker, codeBlock, structure); 1499 1500 JIT::compileGetByVal(&vm, exec->codeBlock(), &byValInfo, ReturnAddressPtr(OUR_RETURN_ADDRESS), arrayMode); 1507 1501 didOptimize = true; 1508 1502 } 1509 1503 } 1510 1504 1511 1505 if (!didOptimize) { 1512 1506 // If we take slow path more than 10 times without patching then make sure we … … 1515 1509 // where we see non-index-intercepting objects, this gives 10 iterations worth of 1516 1510 // opportunity for us to observe that the get_by_val may be polymorphic. 1517 if (++byValInfo ->slowPathCount >= 101511 if (++byValInfo.slowPathCount >= 10 1518 1512 || object->structure(vm)->typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero()) { 1519 1513 // Don't ever try to optimize. … … 1522 1516 } 1523 1517 } 1524 1525 if (baseValue.isObject() && (subscript.isSymbol() || subscript.isString())) { 1526 const Identifier propertyName = subscript.toPropertyKey(exec); 1527 1528 if (!subscript.isString() || !parseIndex(propertyName)) { 1529 ASSERT(exec->locationAsBytecodeOffset()); 1530 ASSERT(!byValInfo->stubRoutine); 1531 JIT::compileGetByValWithCachedId(&vm, exec->codeBlock(), byValInfo, ReturnAddressPtr(OUR_RETURN_ADDRESS), propertyName); 1532 } 1533 1534 PropertySlot slot(baseValue); 1535 bool hasResult = baseValue.getPropertySlot(exec, propertyName, slot); 1536 return JSValue::encode(hasResult ? slot.getValue(exec, propertyName) : jsUndefined()); 1537 } 1538 1539 JSValue result = getByVal(exec, baseValue, subscript, byValInfo, ReturnAddressPtr(OUR_RETURN_ADDRESS)); 1518 1519 JSValue result = getByVal(exec, baseValue, subscript, arrayProfile, ReturnAddressPtr(OUR_RETURN_ADDRESS)); 1540 1520 return JSValue::encode(result); 1541 1521 } 1542 1543 EncodedJSValue JIT_OPERATION operationHasIndexedPropertyDefault(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ByValInfo* byValInfo)1522 1523 EncodedJSValue JIT_OPERATION operationHasIndexedPropertyDefault(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ArrayProfile* arrayProfile) 1544 1524 { 1545 1525 VM& vm = exec->vm(); … … 1554 1534 bool didOptimize = false; 1555 1535 1556 ASSERT(exec->locationAsBytecodeOffset()); 1557 ASSERT(!byValInfo->stubRoutine); 1536 unsigned bytecodeOffset = exec->locationAsBytecodeOffset(); 1537 ASSERT(bytecodeOffset); 1538 ByValInfo& byValInfo = exec->codeBlock()->getByValInfo(bytecodeOffset - 1); 1539 ASSERT(!byValInfo.stubRoutine); 1558 1540 1559 1541 if (hasOptimizableIndexing(object->structure(vm))) { 1560 1542 // Attempt to optimize. 1561 1543 JITArrayMode arrayMode = jitArrayModeForStructure(object->structure(vm)); 1562 if (arrayMode != byValInfo ->arrayMode) {1563 JIT::compileHasIndexedProperty(&vm, exec->codeBlock(), byValInfo, ReturnAddressPtr(OUR_RETURN_ADDRESS), arrayMode);1544 if (arrayMode != byValInfo.arrayMode) { 1545 JIT::compileHasIndexedProperty(&vm, exec->codeBlock(), &byValInfo, ReturnAddressPtr(OUR_RETURN_ADDRESS), arrayMode); 1564 1546 didOptimize = true; 1565 1547 } … … 1572 1554 // where we see non-index-intercepting objects, this gives 10 iterations worth of 1573 1555 // opportunity for us to observe that the get_by_val may be polymorphic. 1574 if (++byValInfo ->slowPathCount >= 101556 if (++byValInfo.slowPathCount >= 10 1575 1557 || object->structure(vm)->typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero()) { 1576 1558 // Don't ever try to optimize. 1577 ctiPatchCallByReturnAddress(exec->codeBlock(), ReturnAddressPtr(OUR_RETURN_ADDRESS), FunctionPtr(operationHasIndexedPropertyGeneric)); 1559 ctiPatchCallByReturnAddress(exec->codeBlock(), ReturnAddressPtr(OUR_RETURN_ADDRESS), FunctionPtr(operationHasIndexedPropertyGeneric)); 1578 1560 } 1579 1561 } … … 1584 1566 1585 1567 if (!canAccessArgumentIndexQuickly(*object, index)) 1586 byValInfo->arrayProfile->setOutOfBounds();1568 arrayProfile->setOutOfBounds(); 1587 1569 return JSValue::encode(jsBoolean(object->hasProperty(exec, index))); 1588 1570 } 1589 1571 1590 EncodedJSValue JIT_OPERATION operationHasIndexedPropertyGeneric(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ByValInfo* byValInfo)1572 EncodedJSValue JIT_OPERATION operationHasIndexedPropertyGeneric(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ArrayProfile* arrayProfile) 1591 1573 { 1592 1574 VM& vm = exec->vm(); … … 1604 1586 1605 1587 if (!canAccessArgumentIndexQuickly(*object, index)) 1606 byValInfo->arrayProfile->setOutOfBounds();1588 arrayProfile->setOutOfBounds(); 1607 1589 return JSValue::encode(jsBoolean(object->hasProperty(exec, subscript.asUInt32()))); 1608 1590 } 1609 1591 1610 EncodedJSValue JIT_OPERATION operationGetByValString(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript , ByValInfo* byValInfo)1592 EncodedJSValue JIT_OPERATION operationGetByValString(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript) 1611 1593 { 1612 1594 VM& vm = exec->vm(); … … 1623 1605 result = baseValue.get(exec, i); 1624 1606 if (!isJSString(baseValue)) { 1625 ASSERT(exec->locationAsBytecodeOffset()); 1626 ctiPatchCallByReturnAddress(exec->codeBlock(), ReturnAddressPtr(OUR_RETURN_ADDRESS), FunctionPtr(byValInfo->stubRoutine ? operationGetByValGeneric : operationGetByValOptimize)); 1607 unsigned bytecodeOffset = exec->locationAsBytecodeOffset(); 1608 ASSERT(bytecodeOffset); 1609 ByValInfo& byValInfo = exec->codeBlock()->getByValInfo(bytecodeOffset - 1); 1610 ctiPatchCallByReturnAddress(exec->codeBlock(), ReturnAddressPtr(OUR_RETURN_ADDRESS), FunctionPtr(byValInfo.stubRoutine ? operationGetByValGeneric : operationGetByValOptimize)); 1627 1611 } 1628 1612 } -
trunk/Source/JavaScriptCore/jit/JITOperations.h
r188136 r188201 59 59 Aap: ArrayAllocationProfile* 60 60 Ap: ArrayProfile* 61 By: ByValInfo*62 61 C: JSCell* 63 62 Cb: CodeBlock* … … 115 114 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EJJ)(ExecState*, EncodedJSValue, EncodedJSValue); 116 115 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EJJAp)(ExecState*, EncodedJSValue, EncodedJSValue, ArrayProfile*); 117 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EJJBy)(ExecState*, EncodedJSValue, EncodedJSValue, ByValInfo*);118 116 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EJssZ)(ExecState*, JSString*, int32_t); 119 117 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EJP)(ExecState*, EncodedJSValue, void*); … … 198 196 typedef void JIT_OPERATION (*V_JITOperation_EJJJ)(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue); 199 197 typedef void JIT_OPERATION (*V_JITOperation_EJJJAp)(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ArrayProfile*); 200 typedef void JIT_OPERATION (*V_JITOperation_EJJJBy)(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ByValInfo*);201 198 typedef void JIT_OPERATION (*V_JITOperation_EJPP)(ExecState*, EncodedJSValue, void*, void*); 202 199 typedef void JIT_OPERATION (*V_JITOperation_EJZJ)(ExecState*, EncodedJSValue, int32_t, EncodedJSValue); … … 263 260 void JIT_OPERATION operationPutByIdDirectNonStrictBuildList(ExecState*, StructureStubInfo*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, UniquedStringImpl*) WTF_INTERNAL; 264 261 void JIT_OPERATION operationReallocateStorageAndFinishPut(ExecState*, JSObject*, Structure*, PropertyOffset, EncodedJSValue) WTF_INTERNAL; 265 void JIT_OPERATION operationPutByVal(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ByValInfo*) WTF_INTERNAL;266 void JIT_OPERATION operationDirectPutByVal(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ByValInfo*) WTF_INTERNAL;267 void JIT_OPERATION operationPutByValGeneric(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ByValInfo*) WTF_INTERNAL;268 void JIT_OPERATION operationDirectPutByValGeneric(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ByValInfo*) WTF_INTERNAL;262 void JIT_OPERATION operationPutByVal(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ArrayProfile*) WTF_INTERNAL; 263 void JIT_OPERATION operationDirectPutByVal(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ArrayProfile*) WTF_INTERNAL; 264 void JIT_OPERATION operationPutByValGeneric(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ArrayProfile*) WTF_INTERNAL; 265 void JIT_OPERATION operationDirectPutByValGeneric(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ArrayProfile*) WTF_INTERNAL; 269 266 EncodedJSValue JIT_OPERATION operationCallEval(ExecState*, ExecState*) WTF_INTERNAL; 270 267 char* JIT_OPERATION operationLinkCall(ExecState*, CallLinkInfo*) WTF_INTERNAL; … … 313 310 void JIT_OPERATION operationProfileWillCall(ExecState*, EncodedJSValue) WTF_INTERNAL; 314 311 EncodedJSValue JIT_OPERATION operationCheckHasInstance(ExecState*, EncodedJSValue, EncodedJSValue baseVal) WTF_INTERNAL; 315 EncodedJSValue JIT_OPERATION operationGetByValOptimize(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ByValInfo*) WTF_INTERNAL;316 EncodedJSValue JIT_OPERATION operationGetByValGeneric(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ByValInfo*) WTF_INTERNAL;317 EncodedJSValue JIT_OPERATION operationGetByValString(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript , ByValInfo*) WTF_INTERNAL;318 EncodedJSValue JIT_OPERATION operationHasIndexedPropertyDefault(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ByValInfo*) WTF_INTERNAL;319 EncodedJSValue JIT_OPERATION operationHasIndexedPropertyGeneric(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ByValInfo*) WTF_INTERNAL;312 EncodedJSValue JIT_OPERATION operationGetByValOptimize(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ArrayProfile*) WTF_INTERNAL; 313 EncodedJSValue JIT_OPERATION operationGetByValGeneric(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ArrayProfile*) WTF_INTERNAL; 314 EncodedJSValue JIT_OPERATION operationGetByValString(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript) WTF_INTERNAL; 315 EncodedJSValue JIT_OPERATION operationHasIndexedPropertyDefault(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ArrayProfile*) WTF_INTERNAL; 316 EncodedJSValue JIT_OPERATION operationHasIndexedPropertyGeneric(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ArrayProfile*) WTF_INTERNAL; 320 317 EncodedJSValue JIT_OPERATION operationDeleteById(ExecState*, EncodedJSValue base, const Identifier*) WTF_INTERNAL; 321 318 JSCell* JIT_OPERATION operationGetPNames(ExecState*, JSObject*) WTF_INTERNAL; -
trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
r188135 r188201 99 99 int property = currentInstruction[3].u.operand; 100 100 ArrayProfile* profile = currentInstruction[4].u.arrayProfile; 101 ByValInfo* byValInfo = m_codeBlock->addByValInfo(); 102 101 103 102 emitGetVirtualRegisters(base, regT0, property, regT1); 104 105 emitJumpSlowCaseIfNotJSCell(regT0, base); 106 107 PatchableJump notIndex = emitPatchableJumpIfNotImmediateInteger(regT1); 108 addSlowCase(notIndex); 103 emitJumpSlowCaseIfNotImmediateInteger(regT1); 109 104 110 105 // This is technically incorrect - we're zero-extending an int32. On the hot path this doesn't matter. … … 116 111 zeroExtend32ToPtr(regT1, regT1); 117 112 113 emitJumpSlowCaseIfNotJSCell(regT0, base); 118 114 emitArrayProfilingSiteWithCell(regT0, regT2, profile); 119 115 and32(TrustedImm32(IndexingShapeMask), regT2); … … 154 150 emitValueProfilingSite(); 155 151 emitPutVirtualRegister(dst); 156 157 m_byValCompilationInfo.append(ByValCompilationInfo( byValInfo, m_bytecodeOffset, notIndex, badType, mode, profile, done));152 153 m_byValCompilationInfo.append(ByValCompilationInfo(m_bytecodeOffset, badType, mode, done)); 158 154 } 159 155 … … 200 196 } 201 197 202 JITGetByIdGenerator JIT::emitGetByValWithCachedId(Instruction* currentInstruction, const Identifier& propertyName, JumpList& doneCases, JumpList& slowCases)203 {204 // base: regT0205 // property: regT1206 // scratch: regT3207 208 int dst = currentInstruction[1].u.operand;209 210 slowCases.append(emitJumpIfNotJSCell(regT1));211 if (propertyName.isSymbol()) {212 slowCases.append(branchStructure(NotEqual, Address(regT1, JSCell::structureIDOffset()), m_vm->symbolStructure.get()));213 loadPtr(Address(regT1, Symbol::offsetOfPrivateName()), regT3);214 } else {215 slowCases.append(branchStructure(NotEqual, Address(regT1, JSCell::structureIDOffset()), m_vm->stringStructure.get()));216 loadPtr(Address(regT1, JSString::offsetOfValue()), regT3);217 slowCases.append(branchTestPtr(Zero, regT3));218 slowCases.append(branchTest32(Zero, Address(regT3, StringImpl::flagsOffset()), TrustedImm32(StringImpl::flagIsAtomic())));219 }220 slowCases.append(branchPtr(NotEqual, regT3, TrustedImmPtr(propertyName.impl())));221 222 JITGetByIdGenerator gen(223 m_codeBlock, CodeOrigin(m_bytecodeOffset), RegisterSet::specialRegisters(),224 JSValueRegs(regT0), JSValueRegs(regT0), DontSpill);225 gen.generateFastPath(*this);226 227 doneCases.append(jump());228 229 Label coldPathBegin = label();230 gen.slowPathJump().link(this);231 232 Call call = callOperation(WithProfile, operationGetByIdOptimize, dst, gen.stubInfo(), regT0, propertyName.impl());233 gen.reportSlowPathCall(coldPathBegin, call);234 doneCases.append(jump());235 236 return gen;237 }238 239 198 void JIT::emitSlow_op_get_by_val(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter) 240 199 { … … 242 201 int base = currentInstruction[2].u.operand; 243 202 int property = currentInstruction[3].u.operand; 244 ByValInfo* byValInfo = m_byValCompilationInfo[m_byValInstructionIndex].byValInfo; 245 203 ArrayProfile* profile = currentInstruction[4].u.arrayProfile; 204 205 linkSlowCase(iter); // property int32 check 246 206 linkSlowCaseIfNotJSCell(iter, base); // base cell check 247 linkSlowCase(iter); // property int32 check248 207 Jump nonCell = jump(); 249 208 linkSlowCase(iter); // base array check … … 266 225 emitGetVirtualRegister(base, regT0); 267 226 emitGetVirtualRegister(property, regT1); 268 Call call = callOperation(operationGetByValOptimize, dst, regT0, regT1, byValInfo);227 Call call = callOperation(operationGetByValOptimize, dst, regT0, regT1, profile); 269 228 270 229 m_byValCompilationInfo[m_byValInstructionIndex].slowPathTarget = slowPath; … … 305 264 int property = currentInstruction[2].u.operand; 306 265 ArrayProfile* profile = currentInstruction[4].u.arrayProfile; 307 ByValInfo* byValInfo = m_codeBlock->addByValInfo();308 266 309 267 emitGetVirtualRegisters(base, regT0, property, regT1); … … 342 300 Label done = label(); 343 301 344 m_byValCompilationInfo.append(ByValCompilationInfo(byValInfo, m_bytecodeOffset, PatchableJump(), badType, mode, profile, done)); 302 m_byValCompilationInfo.append(ByValCompilationInfo(m_bytecodeOffset, badType, mode, done)); 303 345 304 } 346 305 … … 441 400 int value = currentInstruction[3].u.operand; 442 401 ArrayProfile* profile = currentInstruction[4].u.arrayProfile; 443 ByValInfo* byValInfo = m_byValCompilationInfo[m_byValInstructionIndex].byValInfo;444 402 445 403 linkSlowCase(iter); // property int32 check … … 467 425 emitGetVirtualRegister(value, regT2); 468 426 bool isDirect = m_interpreter->getOpcodeID(currentInstruction->u.opcode) == op_put_by_val_direct; 469 Call call = callOperation(isDirect ? operationDirectPutByVal : operationPutByVal, regT0, regT1, regT2, byValInfo);427 Call call = callOperation(isDirect ? operationDirectPutByVal : operationPutByVal, regT0, regT1, regT2, profile); 470 428 471 429 m_byValCompilationInfo[m_byValInstructionIndex].slowPathTarget = slowPath; … … 1039 997 RepatchBuffer repatchBuffer(m_codeBlock); 1040 998 repatchBuffer.relink(byValInfo->badTypeJump, CodeLocationLabel(byValInfo->stubRoutine->code().code())); 1041 repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(operationGetByValGeneric));1042 }1043 1044 void JIT::privateCompileGetByValWithCachedId(ByValInfo* byValInfo, ReturnAddressPtr returnAddress, const Identifier& propertyName)1045 {1046 Instruction* currentInstruction = m_codeBlock->instructions().begin() + byValInfo->bytecodeIndex;1047 1048 JumpList doneCases;1049 JumpList slowCases;1050 1051 JITGetByIdGenerator gen = emitGetByValWithCachedId(currentInstruction, propertyName, doneCases, slowCases);1052 1053 ConcurrentJITLocker locker(m_codeBlock->m_lock);1054 LinkBuffer patchBuffer(*m_vm, *this, m_codeBlock);1055 patchBuffer.link(slowCases, CodeLocationLabel(MacroAssemblerCodePtr::createFromExecutableAddress(returnAddress.value())).labelAtOffset(byValInfo->returnAddressToSlowPath));1056 patchBuffer.link(doneCases, byValInfo->badTypeJump.labelAtOffset(byValInfo->badTypeJumpToDone));1057 for (const auto& callSite : m_calls) {1058 if (callSite.to)1059 patchBuffer.link(callSite.from, FunctionPtr(callSite.to));1060 }1061 gen.finalize(patchBuffer);1062 1063 byValInfo->stubRoutine = FINALIZE_CODE_FOR_STUB(1064 m_codeBlock, patchBuffer,1065 ("Baseline get_by_val with cached property name '%s' stub for %s, return point %p", propertyName.impl()->utf8().data(), toCString(*m_codeBlock).data(), returnAddress.value()));1066 byValInfo->cachedId = propertyName;1067 byValInfo->stubInfo = gen.stubInfo();1068 1069 RepatchBuffer repatchBuffer(m_codeBlock);1070 repatchBuffer.relink(byValInfo->notIndexJump, CodeLocationLabel(byValInfo->stubRoutine->code().code()));1071 999 repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(operationGetByValGeneric)); 1072 1000 } -
trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
r188105 r188201 150 150 int property = currentInstruction[3].u.operand; 151 151 ArrayProfile* profile = currentInstruction[4].u.arrayProfile; 152 ByValInfo* byValInfo = m_codeBlock->addByValInfo();153 152 154 153 emitLoad2(base, regT1, regT0, property, regT3, regT2); 155 154 155 addSlowCase(branch32(NotEqual, regT3, TrustedImm32(JSValue::Int32Tag))); 156 156 emitJumpSlowCaseIfNotJSCell(base, regT1); 157 PatchableJump notIndex = patchableBranch32(NotEqual, regT3, TrustedImm32(JSValue::Int32Tag));158 addSlowCase(notIndex);159 157 emitArrayProfilingSiteWithCell(regT0, regT1, profile); 160 158 and32(TrustedImm32(IndexingShapeMask), regT1); … … 195 193 emitStore(dst, regT1, regT0); 196 194 197 m_byValCompilationInfo.append(ByValCompilationInfo( byValInfo, m_bytecodeOffset, notIndex, badType, mode, profile, done));195 m_byValCompilationInfo.append(ByValCompilationInfo(m_bytecodeOffset, badType, mode, done)); 198 196 } 199 197 … … 239 237 return slowCases; 240 238 } 241 242 JITGetByIdGenerator JIT::emitGetByValWithCachedId(Instruction* currentInstruction, const Identifier& propertyName, JumpList& doneCases, JumpList& slowCases) 243 { 244 int dst = currentInstruction[1].u.operand; 245 246 // base: tag(regT1), payload(regT0) 247 // property: tag(regT3), payload(regT2) 248 // scratch: regT4 249 250 slowCases.append(emitJumpIfNotJSCell(regT3)); 251 if (propertyName.isSymbol()) { 252 slowCases.append(branchStructure(NotEqual, Address(regT2, JSCell::structureIDOffset()), m_vm->symbolStructure.get())); 253 loadPtr(Address(regT2, Symbol::offsetOfPrivateName()), regT4); 254 } else { 255 slowCases.append(branchStructure(NotEqual, Address(regT2, JSCell::structureIDOffset()), m_vm->stringStructure.get())); 256 loadPtr(Address(regT2, JSString::offsetOfValue()), regT4); 257 slowCases.append(branchTestPtr(Zero, regT4)); 258 slowCases.append(branchTest32(Zero, Address(regT4, StringImpl::flagsOffset()), TrustedImm32(StringImpl::flagIsAtomic()))); 259 } 260 slowCases.append(branchPtr(NotEqual, regT4, TrustedImmPtr(propertyName.impl()))); 261 262 JITGetByIdGenerator gen( 263 m_codeBlock, CodeOrigin(m_bytecodeOffset), RegisterSet::specialRegisters(), 264 JSValueRegs::payloadOnly(regT0), JSValueRegs(regT1, regT0), DontSpill); 265 gen.generateFastPath(*this); 266 267 doneCases.append(jump()); 268 269 Label coldPathBegin = label(); 270 gen.slowPathJump().link(this); 271 272 Call call = callOperation(WithProfile, operationGetByIdOptimize, dst, gen.stubInfo(), regT1, regT0, propertyName.impl()); 273 gen.reportSlowPathCall(coldPathBegin, call); 274 doneCases.append(jump()); 275 276 return gen; 277 } 278 239 279 240 void JIT::emitSlow_op_get_by_val(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter) 280 241 { … … 282 243 int base = currentInstruction[2].u.operand; 283 244 int property = currentInstruction[3].u.operand; 284 ByValInfo* byValInfo = m_byValCompilationInfo[m_byValInstructionIndex].byValInfo; 285 245 ArrayProfile* profile = currentInstruction[4].u.arrayProfile; 246 247 linkSlowCase(iter); // property int32 check 286 248 linkSlowCaseIfNotJSCell(iter, base); // base cell check 287 linkSlowCase(iter); // property int32 check288 249 289 250 Jump nonCell = jump(); … … 305 266 emitLoad(base, regT1, regT0); 306 267 emitLoad(property, regT3, regT2); 307 Call call = callOperation(operationGetByValOptimize, dst, regT1, regT0, regT3, regT2, byValInfo);268 Call call = callOperation(operationGetByValOptimize, dst, regT1, regT0, regT3, regT2, profile); 308 269 309 270 m_byValCompilationInfo[m_byValInstructionIndex].slowPathTarget = slowPath; … … 319 280 int property = currentInstruction[2].u.operand; 320 281 ArrayProfile* profile = currentInstruction[4].u.arrayProfile; 321 ByValInfo* byValInfo = m_codeBlock->addByValInfo();322 282 323 283 emitLoad2(base, regT1, regT0, property, regT3, regT2); … … 355 315 Label done = label(); 356 316 357 m_byValCompilationInfo.append(ByValCompilationInfo( byValInfo, m_bytecodeOffset, PatchableJump(), badType, mode, profile, done));317 m_byValCompilationInfo.append(ByValCompilationInfo(m_bytecodeOffset, badType, mode, done)); 358 318 } 359 319 … … 460 420 int value = currentInstruction[3].u.operand; 461 421 ArrayProfile* profile = currentInstruction[4].u.arrayProfile; 462 ByValInfo* byValInfo = m_byValCompilationInfo[m_byValInstructionIndex].byValInfo;463 422 464 423 linkSlowCase(iter); // property int32 check … … 500 459 addCallArgument(regT1); 501 460 addCallArgument(regT0); 502 addCallArgument(TrustedImmPtr( byValInfo));461 addCallArgument(TrustedImmPtr(profile)); 503 462 Call call = appendCallWithExceptionCheck(isDirect ? operationDirectPutByVal : operationPutByVal); 504 463 #else … … 508 467 emitLoad(property, regT3, regT0); 509 468 emitLoad(value, regT5, regT4); 510 Call call = callOperation(isDirect ? operationDirectPutByVal : operationPutByVal, regT2, regT1, regT3, regT0, regT5, regT4, byValInfo);469 Call call = callOperation(isDirect ? operationDirectPutByVal : operationPutByVal, regT2, regT1, regT3, regT0, regT5, regT4, profile); 511 470 #endif 512 471 -
trunk/Source/JavaScriptCore/runtime/Symbol.h
r188105 r188201 80 80 double toNumber(ExecState*) const; 81 81 82 static size_t offsetOfPrivateName() { return OBJECT_OFFSETOF(Symbol, m_privateName); }83 84 82 protected: 85 83 static void destroy(JSCell*);
Note: See TracChangeset
for help on using the changeset viewer.
