Changeset 209112 in webkit


Ignore:
Timestamp:
Nov 29, 2016 7:09:10 PM (7 years ago)
Author:
sbarati@apple.com
Message:

We should support CreateThis in the FTL
https://bugs.webkit.org/show_bug.cgi?id=164904

Reviewed by Geoffrey Garen.

  • ftl/FTLAbstractHeapRepository.h:
  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateThis):
(JSC::FTL::DFG::LowerDFGToB3::storeStructure):
(JSC::FTL::DFG::LowerDFGToB3::allocateCell):
(JSC::FTL::DFG::LowerDFGToB3::allocateObject):
(JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject):
(JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedCell):

  • runtime/Structure.h:
Location:
trunk/Source/JavaScriptCore
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r209101 r209112  
     12016-11-29  Saam Barati  <sbarati@apple.com>
     2
     3        We should support CreateThis in the FTL
     4        https://bugs.webkit.org/show_bug.cgi?id=164904
     5
     6        Reviewed by Geoffrey Garen.
     7
     8        * ftl/FTLAbstractHeapRepository.h:
     9        * ftl/FTLCapabilities.cpp:
     10        (JSC::FTL::canCompile):
     11        * ftl/FTLLowerDFGToB3.cpp:
     12        (JSC::FTL::DFG::LowerDFGToB3::compileNode):
     13        (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
     14        (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
     15        (JSC::FTL::DFG::LowerDFGToB3::compileCreateThis):
     16        (JSC::FTL::DFG::LowerDFGToB3::storeStructure):
     17        (JSC::FTL::DFG::LowerDFGToB3::allocateCell):
     18        (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
     19        (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject):
     20        (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedCell):
     21        * runtime/Structure.h:
     22
    1232016-11-29  Mark Lam  <mark.lam@apple.com>
    224
  • trunk/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h

    r208720 r209112  
    6868    macro(JSFunction_scope, JSFunction::offsetOfScopeChain()) \
    6969    macro(JSFunction_rareData, JSFunction::offsetOfRareData()) \
     70    macro(FunctionRareData_allocator, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()) \
     71    macro(FunctionRareData_structure, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()) \
    7072    macro(JSObject_butterfly, JSObject::butterflyOffset()) \
    7173    macro(JSPropertyNameEnumerator_cachedInlineCapacity, JSPropertyNameEnumerator::cachedInlineCapacityOffset()) \
     
    108110    macro(Structure_prototype, Structure::prototypeOffset()) \
    109111    macro(Structure_structureID, Structure::structureIDOffset()) \
     112    macro(Structure_inlineCapacity, Structure::inlineCapacityOffset()) \
     113    macro(Structure_initializationBlob, Structure::indexingTypeIncludingHistoryOffset()) \
    110114    macro(JSMap_hashMapImpl, JSMap::offsetOfHashMapImpl()) \
    111115    macro(JSSet_hashMapImpl, JSSet::offsetOfHashMapImpl()) \
  • trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp

    r208704 r209112  
    280280    case CallDOM:
    281281    case CallDOMGetter:
     282    case CreateThis:
    282283        // These are OK.
    283284        break;
  • trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

    r208860 r209112  
    10741074            compileCallDOMGetter();
    10751075            break;
     1076        case CreateThis:
     1077            compileCreateThis();
     1078            break;
    10761079
    10771080        case PhantomLocal:
     
    48564859       
    48574860        LValue result = allocateCell(
    4858             m_out.constIntPtr(allocator), vm().stringStructure.get(), slowPath);
     4861            m_out.constIntPtr(allocator), m_out.constIntPtr(vm().stringStructure.get()), slowPath);
    48594862       
    48604863        m_out.storePtr(m_out.intPtrZero, result, m_heaps.JSString_value);
     
    81468149               
    81478150                LValue fastObjectValue = allocateObject(
    8148                     m_out.constIntPtr(cellAllocator), structure, fastButterflyValue, slowPath);
     8151                    m_out.constIntPtr(cellAllocator), m_out.constIntPtr(structure), fastButterflyValue, slowPath);
    81498152
    81508153                ValueFromBlock fastObject = m_out.anchor(fastObjectValue);
     
    94939496        setJSValue(patchpoint);
    94949497    }
     9498
     9499    void compileCreateThis()
     9500    {
     9501        LValue callee = lowCell(m_node->child1());
     9502
     9503        LBasicBlock isFunctionBlock = m_out.newBlock();
     9504        LBasicBlock hasRareData = m_out.newBlock();
     9505        LBasicBlock slowPath = m_out.newBlock();
     9506        LBasicBlock continuation = m_out.newBlock();
     9507
     9508        m_out.branch(isFunction(callee, provenType(m_node->child1())), usually(isFunctionBlock), rarely(slowPath));
     9509
     9510        LBasicBlock lastNext = m_out.appendTo(isFunctionBlock, hasRareData);
     9511        LValue rareData = m_out.loadPtr(callee, m_heaps.JSFunction_rareData);
     9512        m_out.branch(m_out.isZero64(rareData), rarely(slowPath), usually(hasRareData));
     9513
     9514        m_out.appendTo(hasRareData, slowPath);
     9515        LValue allocator = m_out.loadPtr(rareData, m_heaps.FunctionRareData_allocator);
     9516        LValue structure = m_out.loadPtr(rareData, m_heaps.FunctionRareData_structure);
     9517        LValue butterfly = m_out.constIntPtr(0);
     9518        ValueFromBlock fastResult = m_out.anchor(allocateObject(allocator, structure, butterfly, slowPath));
     9519        m_out.jump(continuation);
     9520
     9521        m_out.appendTo(slowPath, continuation);
     9522        ValueFromBlock slowResult = m_out.anchor(vmCall(
     9523            Int64, m_out.operation(operationCreateThis), m_callFrame, callee, m_out.constInt32(m_node->inlineCapacity())));
     9524        m_out.jump(continuation);
     9525
     9526        m_out.appendTo(continuation, lastNext);
     9527        LValue result = m_out.phi(Int64, fastResult, slowResult);
     9528
     9529        mutatorFence();
     9530        setJSValue(result);
     9531    }
    94959532   
    94969533    void compareEqObjectOrOtherToObject(Edge leftChild, Edge rightChild)
     
    99139950        return patchpoint;
    99149951    }
    9915    
    9916     void storeStructure(LValue object, Structure* structure)
    9917     {
    9918         m_out.store32(m_out.constInt32(structure->id()), object, m_heaps.JSCell_structureID);
    9919         m_out.store32(
    9920             m_out.constInt32(structure->objectInitializationBlob()),
    9921             object, m_heaps.JSCell_usefulBytes);
    9922     }
    9923 
    9924     LValue allocateCell(LValue allocator, Structure* structure, LBasicBlock slowPath)
     9952
     9953    void storeStructure(LValue object, LValue structure)
     9954    {
     9955        LValue id;
     9956        LValue blob;
     9957        if (structure->hasIntPtr()) {
     9958            Structure* actualStructure = bitwise_cast<Structure*>(structure->asIntPtr());
     9959            id = m_out.constInt32(actualStructure->id());
     9960            blob = m_out.constInt32(actualStructure->objectInitializationBlob());
     9961        } else {
     9962            id = m_out.load32(structure, m_heaps.Structure_structureID);
     9963            blob = m_out.load32(structure, m_heaps.Structure_initializationBlob);
     9964        }
     9965        m_out.store32(id, object, m_heaps.JSCell_structureID);
     9966        m_out.store32(blob, object, m_heaps.JSCell_usefulBytes);
     9967    }
     9968
     9969    LValue allocateCell(LValue allocator, LValue structure, LBasicBlock slowPath)
    99259970    {
    99269971        LValue result = allocateHeapCell(allocator, slowPath);
     
    99309975
    99319976    LValue allocateObject(
    9932         LValue allocator, Structure* structure, LValue butterfly, LBasicBlock slowPath)
     9977        LValue allocator, LValue structure, LValue butterfly, LBasicBlock slowPath)
    99339978    {
    99349979        LValue result = allocateCell(allocator, structure, slowPath);
    99359980        if (useGCFences()) {
     9981            LValue start = m_out.constInt32(JSFinalObject::offsetOfInlineStorage() / 8);
     9982            LValue end;
     9983            if (structure->hasIntPtr()) {
     9984                Structure* actualStructure = bitwise_cast<Structure*>(structure->asIntPtr());
     9985                end = m_out.constInt32(JSFinalObject::offsetOfInlineStorage() / 8 + actualStructure->inlineCapacity());
     9986            } else
     9987                end = m_out.add(start, m_out.load8ZeroExt32(structure, m_heaps.Structure_inlineCapacity));
     9988
    99369989            splatWords(
    99379990                result,
    9938                 m_out.constInt32(JSFinalObject::offsetOfInlineStorage() / 8),
    9939                 m_out.constInt32(JSFinalObject::offsetOfInlineStorage() / 8 + structure->inlineCapacity()),
     9991                start,
     9992                end,
    99409993                m_out.int64Zero,
    99419994                m_heaps.properties.atAnyNumber());
     
    995010003    {
    995110004        MarkedAllocator* allocator = vm().heap.allocatorForObjectOfType<ClassType>(size);
    9952         return allocateObject(m_out.constIntPtr(allocator), structure, butterfly, slowPath);
     10005        return allocateObject(m_out.constIntPtr(allocator), m_out.constIntPtr(structure), butterfly, slowPath);
    995310006    }
    995410007   
     
    1001410067        LValue allocator = allocatorForSize(
    1001510068            vm().heap.subspaceForObjectOfType<ClassType>(), size, slowPath);
    10016         return allocateObject(allocator, structure, butterfly, slowPath);
     10069        return allocateObject(allocator, m_out.constIntPtr(structure), butterfly, slowPath);
    1001710070    }
    1001810071
     
    1002310076        LValue allocator = allocatorForSize(
    1002410077            vm().heap.subspaceForObjectOfType<ClassType>(), size, slowPath);
    10025         return allocateCell(allocator, structure, slowPath);
     10078        return allocateCell(allocator, m_out.constIntPtr(structure), slowPath);
    1002610079    }
    1002710080   
     
    1004110094       
    1004210095        ValueFromBlock fastResult = m_out.anchor(allocateObject(
    10043             m_out.constIntPtr(allocator), structure, m_out.intPtrZero, slowPath));
     10096            m_out.constIntPtr(allocator), m_out.constIntPtr(structure), m_out.intPtrZero, slowPath));
    1004410097       
    1004510098        m_out.jump(continuation);
  • trunk/Source/JavaScriptCore/runtime/Structure.h

    r208897 r209112  
    406406    }
    407407
     408    static ptrdiff_t inlineCapacityOffset()
     409    {
     410        return OBJECT_OFFSETOF(Structure, m_inlineCapacity);
     411    }
     412
    408413    static ptrdiff_t prototypeOffset()
    409414    {
Note: See TracChangeset for help on using the changeset viewer.