Changeset 232029 in webkit
- Timestamp:
- May 21, 2018 2:52:26 PM (6 years ago)
- Location:
- trunk
- Files:
-
- 6 deleted
- 50 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r231998 r232029 1 2018-05-21 Commit Queue <commit-queue@webkit.org> 2 3 Unreviewed, rolling out r231998 and r232017. 4 https://bugs.webkit.org/show_bug.cgi?id=185842 5 6 causes crashes on 32 JSC bot (Requested by realdawei on 7 #webkit). 8 9 Reverted changesets: 10 11 "[JSC] JSC should have consistent InById IC" 12 https://bugs.webkit.org/show_bug.cgi?id=185682 13 https://trac.webkit.org/changeset/231998 14 15 "Unreviewed, fix 32bit and scope release" 16 https://bugs.webkit.org/show_bug.cgi?id=185682 17 https://trac.webkit.org/changeset/232017 18 1 19 2018-05-19 Yusuke Suzuki <utatane.tea@gmail.com> 2 20 -
trunk/Source/JavaScriptCore/ChangeLog
r232024 r232029 1 2018-05-21 Commit Queue <commit-queue@webkit.org> 2 3 Unreviewed, rolling out r231998 and r232017. 4 https://bugs.webkit.org/show_bug.cgi?id=185842 5 6 causes crashes on 32 JSC bot (Requested by realdawei on 7 #webkit). 8 9 Reverted changesets: 10 11 "[JSC] JSC should have consistent InById IC" 12 https://bugs.webkit.org/show_bug.cgi?id=185682 13 https://trac.webkit.org/changeset/231998 14 15 "Unreviewed, fix 32bit and scope release" 16 https://bugs.webkit.org/show_bug.cgi?id=185682 17 https://trac.webkit.org/changeset/232017 18 1 19 2018-05-21 Jer Noble <jer.noble@apple.com> 2 20 -
trunk/Source/JavaScriptCore/bytecode/AccessCase.cpp
r231998 r232029 118 118 case CacheType::PutByIdReplace: 119 119 return AccessCase::create(vm, owner, Replace, stubInfo.u.byIdSelf.offset, stubInfo.u.byIdSelf.baseObjectStructure.get()); 120 121 case CacheType::InByIdSelf:122 return AccessCase::create(vm, owner, InHit, stubInfo.u.byIdSelf.offset, stubInfo.u.byIdSelf.baseObjectStructure.get());123 120 124 121 default: … … 559 556 560 557 CCallHelpers::Label loop(&jit); 561 failAndIgnore = jit.branchIfType(valueGPR, ProxyObjectType); 558 failAndIgnore = jit.branch8( 559 CCallHelpers::Equal, 560 CCallHelpers::Address(valueGPR, JSCell::typeInfoTypeOffset()), 561 CCallHelpers::TrustedImm32(ProxyObjectType)); 562 562 563 563 jit.emitLoadStructure(vm, valueGPR, scratch2GPR, scratchGPR); -
trunk/Source/JavaScriptCore/bytecode/BytecodeDumper.cpp
r231998 r232029 548 548 } 549 549 #else 550 UNUSED_PARAM(map);551 #endif552 }553 554 template<class Block>555 void BytecodeDumper<Block>::printInByIdCacheStatus(PrintStream& out, int location, const StubInfoMap& map)556 {557 const auto* instruction = instructionsBegin() + location;558 559 const Identifier& ident = identifier(instruction[3].u.operand);560 561 UNUSED_PARAM(ident); // tell the compiler to shut up in certain platform configurations.562 563 #if ENABLE(JIT)564 if (StructureStubInfo* stubPtr = map.get(CodeOrigin(location))) {565 StructureStubInfo& stubInfo = *stubPtr;566 if (stubInfo.resetByGC)567 out.print(" (Reset By GC)");568 569 out.printf(" jit(");570 571 Structure* baseStructure = nullptr;572 PolymorphicAccess* stub = nullptr;573 574 switch (stubInfo.cacheType) {575 case CacheType::InByIdSelf:576 out.printf("self");577 baseStructure = stubInfo.u.byIdSelf.baseObjectStructure.get();578 break;579 case CacheType::Stub:580 out.printf("stub");581 stub = stubInfo.u.stub;582 break;583 case CacheType::Unset:584 out.printf("unset");585 break;586 default:587 RELEASE_ASSERT_NOT_REACHED();588 break;589 }590 591 if (baseStructure) {592 out.printf(", ");593 dumpStructure(out, "struct", baseStructure, ident);594 }595 596 if (stub)597 out.print(", ", *stub);598 599 out.printf(")");600 }601 #else602 UNUSED_PARAM(out);603 550 UNUSED_PARAM(map); 604 551 #endif … … 1066 1013 break; 1067 1014 } 1068 case op_in_by_id: { 1069 int r0 = (++it)->u.operand; 1070 int r1 = (++it)->u.operand; 1071 int id0 = (++it)->u.operand; 1072 printLocationAndOp(out, location, it, "in_by_id"); 1073 out.printf("%s, %s, %s", registerName(r0).data(), registerName(r1).data(), idName(id0, identifier(id0)).data()); 1074 printInByIdCacheStatus(out, location, stubInfos); 1075 break; 1076 } 1077 case op_in_by_val: { 1078 printBinaryOp(out, location, it, "in_by_val"); 1015 case op_in: { 1016 printBinaryOp(out, location, it, "in"); 1079 1017 dumpArrayProfiling(out, it, hasPrintedProfiling); 1080 1018 break; -
trunk/Source/JavaScriptCore/bytecode/BytecodeDumper.h
r231998 r232029 72 72 void printGetByIdCacheStatus(PrintStream& out, int location, const StubInfoMap&); 73 73 void printPutByIdCacheStatus(PrintStream& out, int location, const StubInfoMap&); 74 void printInByIdCacheStatus(PrintStream& out, int location, const StubInfoMap&);75 74 enum CacheDumpMode { DumpCaches, DontDumpCaches }; 76 75 void printCallOp(PrintStream& out, int location, const Instruction*& it, const char* op, CacheDumpMode, bool& hasPrintedProfiling, const CallLinkInfoMap&); -
trunk/Source/JavaScriptCore/bytecode/BytecodeList.json
r231998 r232029 81 81 { "name" : "op_is_function", "length" : 3 }, 82 82 { "name" : "op_is_cell_with_type", "length" : 4 }, 83 { "name" : "op_in_by_val", "length" : 5 }, 84 { "name" : "op_in_by_id", "length" : 4 }, 83 { "name" : "op_in", "length" : 5 }, 85 84 { "name" : "op_get_array_length", "length" : 9 }, 86 85 { "name" : "op_get_by_id", "length" : 9 }, -
trunk/Source/JavaScriptCore/bytecode/BytecodeUseDef.h
r231998 r232029 187 187 case op_get_by_id_direct: 188 188 case op_get_array_length: 189 case op_in_by_id:190 189 case op_typeof: 191 190 case op_is_empty: … … 228 227 case op_enumerator_generic_pname: 229 228 case op_get_by_val: 230 case op_in _by_val:229 case op_in: 231 230 case op_overrides_has_instance: 232 231 case op_instanceof: … … 456 455 case op_is_cell_with_type: 457 456 case op_is_function: 458 case op_in_by_id: 459 case op_in_by_val: 457 case op_in: 460 458 case op_to_number: 461 459 case op_to_string: -
trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp
r231998 r232029 590 590 } 591 591 592 case op_in _by_val:592 case op_in: 593 593 case op_put_by_val: 594 594 case op_put_by_val_direct: { -
trunk/Source/JavaScriptCore/bytecode/InlineAccess.cpp
r231998 r232029 277 277 } 278 278 279 bool InlineAccess::generateSelfInAccess(StructureStubInfo& stubInfo, Structure* structure)280 {281 CCallHelpers jit;282 283 GPRReg base = static_cast<GPRReg>(stubInfo.patch.baseGPR);284 JSValueRegs value = stubInfo.valueRegs();285 286 auto branchToSlowPath = jit.patchableBranch32(287 MacroAssembler::NotEqual,288 MacroAssembler::Address(base, JSCell::structureIDOffset()),289 MacroAssembler::TrustedImm32(bitwise_cast<uint32_t>(structure->id())));290 jit.boxBooleanPayload(true, value.payloadGPR());291 292 bool linkedCodeInline = linkCodeInline("in access", jit, stubInfo, [&] (LinkBuffer& linkBuffer) {293 linkBuffer.link(branchToSlowPath, stubInfo.slowPathStartLocation());294 });295 return linkedCodeInline;296 }297 298 279 void InlineAccess::rewireStubAsJump(StructureStubInfo& stubInfo, CodeLocationLabel<JITStubRoutinePtrTag> target) 299 280 { -
trunk/Source/JavaScriptCore/bytecode/InlineAccess.h
r231998 r232029 117 117 static bool generateArrayLength(StructureStubInfo&, JSArray*); 118 118 static void rewireStubAsJump(StructureStubInfo&, CodeLocationLabel<JITStubRoutinePtrTag>); 119 static bool generateSelfInAccess(StructureStubInfo&, Structure*);120 119 121 120 // This is helpful when determining the size of an IC on -
trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp
r232000 r232029 83 83 } 84 84 85 void StructureStubInfo::initInByIdSelf(CodeBlock* codeBlock, Structure* baseObjectStructure, PropertyOffset offset)86 {87 cacheType = CacheType::InByIdSelf;88 89 u.byIdSelf.baseObjectStructure.set(90 *codeBlock->vm(), codeBlock, baseObjectStructure);91 u.byIdSelf.offset = offset;92 }93 94 85 void StructureStubInfo::deref() 95 86 { … … 101 92 case CacheType::GetByIdSelf: 102 93 case CacheType::PutByIdReplace: 103 case CacheType::InByIdSelf:104 94 case CacheType::ArrayLength: 105 95 return; … … 118 108 case CacheType::GetByIdSelf: 119 109 case CacheType::PutByIdReplace: 120 case CacheType::InByIdSelf:121 110 case CacheType::ArrayLength: 122 111 return; … … 249 238 break; 250 239 case AccessType::In: 251 resetIn ByID(codeBlock,*this);240 resetIn(*this); 252 241 break; 253 242 case AccessType::InstanceOf: … … 272 261 case CacheType::GetByIdSelf: 273 262 case CacheType::PutByIdReplace: 274 case CacheType::InByIdSelf:275 263 if (Heap::isMarked(u.byIdSelf.baseObjectStructure.get())) 276 264 return; … … 296 284 case CacheType::GetByIdSelf: 297 285 case CacheType::PutByIdReplace: 298 case CacheType::InByIdSelf:299 286 return u.byIdSelf.baseObjectStructure->markIfCheap(visitor); 300 287 case CacheType::Stub: -
trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h
r232000 r232029 59 59 GetByIdSelf, 60 60 PutByIdReplace, 61 InByIdSelf,62 61 Stub, 63 62 ArrayLength … … 74 73 void initArrayLength(); 75 74 void initPutByIdReplace(CodeBlock*, Structure* baseObjectStructure, PropertyOffset); 76 void initInByIdSelf(CodeBlock*, Structure* baseObjectStructure, PropertyOffset);77 75 78 76 AccessGenerationResult addAccessCase(const GCSafeConcurrentJSLocker&, CodeBlock*, const Identifier&, std::unique_ptr<AccessCase>); … … 179 177 180 178 struct { 181 CodeLocationLabel<JITStubRoutinePtrTag> start; // This is either the start of the inline IC for *byId caches . or the location of patchable jump for'instanceof' caches.179 CodeLocationLabel<JITStubRoutinePtrTag> start; // This is either the start of the inline IC for *byId caches, or the location of patchable jump for 'in' and 'instanceof' caches. 182 180 RegisterSet usedRegisters; 183 181 uint32_t inlineSize; … … 200 198 CodeLocationJump<JSInternalPtrTag> patchableJump() 201 199 { 202 ASSERT(accessType == AccessType::In stanceOf);200 ASSERT(accessType == AccessType::In || accessType == AccessType::InstanceOf); 203 201 return patch.start.jumpAtOffset<JSInternalPtrTag>(0); 204 202 } -
trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
r231998 r232029 2668 2668 } 2669 2669 2670 RegisterID* BytecodeGenerator::emitIn ByVal(RegisterID* dst, RegisterID* property, RegisterID* base)2670 RegisterID* BytecodeGenerator::emitIn(RegisterID* dst, RegisterID* property, RegisterID* base) 2671 2671 { 2672 2672 UnlinkedArrayProfile arrayProfile = newArrayProfile(); 2673 emitOpcode(op_in _by_val);2673 emitOpcode(op_in); 2674 2674 instructions().append(dst->index()); 2675 2675 instructions().append(base->index()); 2676 2676 instructions().append(property->index()); 2677 2677 instructions().append(arrayProfile); 2678 return dst;2679 }2680 2681 RegisterID* BytecodeGenerator::emitInById(RegisterID* dst, RegisterID* base, const Identifier& property)2682 {2683 emitOpcode(op_in_by_id);2684 instructions().append(dst->index());2685 instructions().append(base->index());2686 instructions().append(addConstant(property));2687 2678 return dst; 2688 2679 } -
trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
r231998 r232029 695 695 RegisterID* emitInstanceOfCustom(RegisterID* dst, RegisterID* value, RegisterID* constructor, RegisterID* hasInstanceValue); 696 696 RegisterID* emitTypeOf(RegisterID* dst, RegisterID* src) { return emitUnaryOp(op_typeof, dst, src); } 697 RegisterID* emitInByVal(RegisterID* dst, RegisterID* property, RegisterID* base); 698 RegisterID* emitInById(RegisterID* dst, RegisterID* base, const Identifier& property); 697 RegisterID* emitIn(RegisterID* dst, RegisterID* property, RegisterID* base); 699 698 700 699 RegisterID* emitTryGetById(RegisterID* dst, RegisterID* base, const Identifier& property); -
trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
r231998 r232029 2281 2281 RegisterID* InNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) 2282 2282 { 2283 if (isNonIndexStringElement(*m_expr1)) {2284 RefPtr<RegisterID> base = generator.emitNode(m_expr2);2285 generator.emitExpressionInfo(divot(), divotStart(), divotEnd());2286 return generator.emitInById(generator.finalDestination(dst, base.get()), base.get(), static_cast<StringNode*>(m_expr1)->value());2287 }2288 2289 2283 RefPtr<RegisterID> key = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator)); 2290 2284 RefPtr<RegisterID> base = generator.emitNode(m_expr2); 2291 2285 generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); 2292 return generator.emitIn ByVal(generator.finalDestination(dst, key.get()), key.get(), base.get());2286 return generator.emitIn(generator.finalDestination(dst, key.get()), key.get(), base.get()); 2293 2287 } 2294 2288 -
trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
r232000 r232029 3260 3260 break; 3261 3261 3262 case In ById: {3262 case In: { 3263 3263 // FIXME: We can determine when the property definitely exists based on abstract 3264 3264 // value information. 3265 3265 clobberWorld(); 3266 filter(node->child1(), SpecObject);3267 setNonCellTypeForNode(node, SpecBoolean);3268 break;3269 }3270 3271 case InByVal: {3272 AbstractValue& property = forNode(node->child2());3273 if (JSValue constant = property.value()) {3274 if (constant.isString()) {3275 JSString* string = asString(constant);3276 const StringImpl* impl = string->tryGetValueImpl();3277 if (impl && impl->isAtomic())3278 m_state.setFoundConstants(true);3279 }3280 }3281 3282 // FIXME: We can determine when the property definitely exists based on abstract3283 // value information.3284 clobberWorld();3285 filter(node->child1(), SpecObject);3286 3266 setNonCellTypeForNode(node, SpecBoolean); 3287 3267 break; -
trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
r232000 r232029 6393 6393 } 6394 6394 6395 case op_in _by_val: {6396 ArrayMode arrayMode = getArrayMode(currentInstruction[OPCODE_LENGTH(op_in _by_val) - 1].u.arrayProfile);6395 case op_in: { 6396 ArrayMode arrayMode = getArrayMode(currentInstruction[OPCODE_LENGTH(op_in) - 1].u.arrayProfile); 6397 6397 set(VirtualRegister(currentInstruction[1].u.operand), 6398 addToGraph(InByVal, OpInfo(arrayMode.asWord()), get(VirtualRegister(currentInstruction[2].u.operand)), get(VirtualRegister(currentInstruction[3].u.operand)))); 6399 NEXT_OPCODE(op_in_by_val); 6400 } 6401 6402 case op_in_by_id: { 6403 Node* base = get(VirtualRegister(currentInstruction[2].u.operand)); 6404 unsigned identifierNumber = m_inlineStackTop->m_identifierRemap[currentInstruction[3].u.operand]; 6405 set(VirtualRegister(currentInstruction[1].u.operand), 6406 addToGraph(InById, OpInfo(identifierNumber), base)); 6407 NEXT_OPCODE(op_in_by_id); 6408 break; 6398 addToGraph(In, OpInfo(arrayMode.asWord()), get(VirtualRegister(currentInstruction[2].u.operand)), get(VirtualRegister(currentInstruction[3].u.operand)))); 6399 NEXT_OPCODE(op_in); 6409 6400 } 6410 6401 -
trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp
r231998 r232029 237 237 case op_switch_imm: 238 238 case op_switch_char: 239 case op_in_by_val: 240 case op_in_by_id: 239 case op_in: 241 240 case op_get_scope: 242 241 case op_get_from_scope: -
trunk/Source/JavaScriptCore/dfg/DFGClobberize.h
r232000 r232029 624 624 case ConstructForwardVarargs: 625 625 case ToPrimitive: 626 case InByVal: 627 case InById: 626 case In: 628 627 case HasOwnProperty: 629 628 case ValueAdd: -
trunk/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
r232002 r232029 652 652 } 653 653 654 case InByVal: {655 AbstractValue& property = m_state.forNode(node->child2());656 if (JSValue constant = property.value()) {657 if (constant.isString()) {658 JSString* string = asString(constant);659 const StringImpl* impl = string->tryGetValueImpl();660 if (impl && impl->isAtomic()) {661 unsigned identifierNumber = m_graph.identifiers().ensure(const_cast<UniquedStringImpl*>(static_cast<const UniquedStringImpl*>(impl)));662 node->convertToInById(identifierNumber);663 changed = true;664 break;665 }666 }667 }668 break;669 }670 671 654 case ToPrimitive: { 672 655 if (m_state.forNode(node->child1()).m_type & ~(SpecFullNumber | SpecBoolean | SpecString | SpecSymbol | SpecBigInt)) -
trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp
r232000 r232029 194 194 case NumberToStringWithRadix: 195 195 case NumberToStringWithValidRadixConstant: 196 case InByVal: 197 case InById: 196 case In: 198 197 case HasOwnProperty: 199 198 case Jump: -
trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
r232000 r232029 1477 1477 break; 1478 1478 1479 case InById: { 1480 fixEdge<CellUse>(node->child1()); 1481 break; 1482 } 1483 1484 case InByVal: { 1479 case In: { 1485 1480 if (node->child2()->shouldSpeculateInt32()) { 1486 1481 convertToHasIndexedProperty(node); -
trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
r231998 r232029 266 266 finalizeInlineCaches(m_getByIdsWithThis, linkBuffer); 267 267 finalizeInlineCaches(m_putByIds, linkBuffer); 268 finalizeInlineCaches(m_inByIds, linkBuffer);269 268 finalizeInlineCaches(m_instanceOfs, linkBuffer); 270 269 270 for (unsigned i = 0; i < m_ins.size(); ++i) { 271 StructureStubInfo& info = *m_ins[i].m_stubInfo; 272 273 CodeLocationLabel<JITStubRoutinePtrTag> start = linkBuffer.locationOf<JITStubRoutinePtrTag>(m_ins[i].m_jump); 274 info.patch.start = start; 275 276 ptrdiff_t inlineSize = MacroAssembler::differenceBetweenCodePtr( 277 start, linkBuffer.locationOf<JSInternalPtrTag>(m_ins[i].m_done)); 278 RELEASE_ASSERT(inlineSize >= 0); 279 info.patch.inlineSize = inlineSize; 280 281 info.patch.deltaFromStartToSlowPathCallLocation = MacroAssembler::differenceBetweenCodePtr( 282 start, linkBuffer.locationOf<JSInternalPtrTag>(m_ins[i].m_slowPathGenerator->call())); 283 284 info.patch.deltaFromStartToSlowPathStart = MacroAssembler::differenceBetweenCodePtr( 285 start, linkBuffer.locationOf<JSInternalPtrTag>(m_ins[i].m_slowPathGenerator->label())); 286 } 287 271 288 auto linkCallThunk = FunctionPtr<NoPtrTag>(vm()->getCTIStub(linkCallThunkGenerator).retaggedCode<NoPtrTag>()); 272 289 for (auto& record : m_jsCalls) { -
trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.h
r231998 r232029 77 77 }; 78 78 79 struct InRecord { 80 InRecord( 81 MacroAssembler::PatchableJump jump, MacroAssembler::Label done, 82 SlowPathGenerator* slowPathGenerator, StructureStubInfo* stubInfo) 83 : m_jump(jump) 84 , m_done(done) 85 , m_slowPathGenerator(slowPathGenerator) 86 , m_stubInfo(stubInfo) 87 { 88 } 89 90 MacroAssembler::PatchableJump m_jump; 91 MacroAssembler::Label m_done; 92 SlowPathGenerator* m_slowPathGenerator; 93 StructureStubInfo* m_stubInfo; 94 }; 95 79 96 // === JITCompiler === 80 97 // … … 193 210 } 194 211 195 void addIn ById(const JITInByIdGenerator& gen, SlowPathGenerator* slowPath)196 { 197 m_in ByIds.append(InlineCacheWrapper<JITInByIdGenerator>(gen, slowPath));198 } 199 212 void addIn(const InRecord& record) 213 { 214 m_ins.append(record); 215 } 216 200 217 void addJSCall(Call fastCall, Call slowCall, DataLabelPtr targetToCheck, CallLinkInfo* info) 201 218 { … … 343 360 Vector<InlineCacheWrapper<JITGetByIdWithThisGenerator>, 4> m_getByIdsWithThis; 344 361 Vector<InlineCacheWrapper<JITPutByIdGenerator>, 4> m_putByIds; 345 Vector<InlineCacheWrapper<JITInByIdGenerator>, 4> m_inByIds;346 362 Vector<InlineCacheWrapper<JITInstanceOfGenerator>, 4> m_instanceOfs; 363 Vector<InRecord, 4> m_ins; 347 364 Vector<JSCallRecord, 4> m_jsCalls; 348 365 Vector<JSDirectCallRecord, 4> m_jsDirectCalls; -
trunk/Source/JavaScriptCore/dfg/DFGNode.h
r232000 r232029 753 753 m_opInfo = false; 754 754 } 755 756 void convertToInById(unsigned identifierNumber)757 {758 ASSERT(m_op == InByVal);759 setOpAndDefaultFlags(InById);760 children.setChild2(Edge());761 m_opInfo = identifierNumber;762 m_opInfo2 = OpInfoWrapper();763 }764 755 765 756 JSValue asJSValue() … … 1029 1020 case PutGetterSetterById: 1030 1021 case DeleteById: 1031 case InById:1032 1022 case GetDynamicVar: 1033 1023 case PutDynamicVar: … … 1998 1988 case GetArrayLength: 1999 1989 case GetVectorLength: 2000 case In ByVal:1990 case In: 2001 1991 case PutByValDirect: 2002 1992 case PutByVal: -
trunk/Source/JavaScriptCore/dfg/DFGNodeType.h
r232000 r232029 371 371 macro(NewStringObject, NodeResultJS) \ 372 372 macro(MakeRope, NodeResultJS) \ 373 macro(InByVal, NodeResultBoolean | NodeMustGenerate) \ 374 macro(InById, NodeResultBoolean | NodeMustGenerate) \ 373 macro(In, NodeResultBoolean | NodeMustGenerate) \ 375 374 macro(ProfileType, NodeMustGenerate) \ 376 375 macro(ProfileControlFlow, NodeMustGenerate) \ -
trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
r232000 r232029 982 982 break; 983 983 984 case InByVal: 985 case InById: 984 case In: 986 985 setPrediction(SpecBoolean); 987 986 break; -
trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h
r232000 r232029 333 333 case NewStringObject: 334 334 case MakeRope: 335 case InByVal: 336 case InById: 335 case In: 337 336 case HasOwnProperty: 338 337 case PushWithScope: -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
r232000 r232029 1057 1057 } 1058 1058 1059 void SpeculativeJIT::compileIn ById(Node* node)1059 void SpeculativeJIT::compileIn(Node* node) 1060 1060 { 1061 1061 SpeculateCellOperand base(this, node->child1()); 1062 JSValueRegsTemporary result(this, Reuse, base, PayloadWord);1063 1064 1062 GPRReg baseGPR = base.gpr(); 1065 JSValueRegs resultRegs = result.regs(); 1066 1067 base.use(); 1068 1069 CodeOrigin codeOrigin = node->origin.semantic; 1070 CallSiteIndex callSite = m_jit.recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded(codeOrigin, m_stream->size()); 1071 RegisterSet usedRegisters = this->usedRegisters(); 1072 JITInByIdGenerator gen( 1073 m_jit.codeBlock(), codeOrigin, callSite, usedRegisters, identifierUID(node->identifierNumber()), 1074 JSValueRegs::payloadOnly(baseGPR), resultRegs); 1075 gen.generateFastPath(m_jit); 1076 1077 auto slowPath = slowPathCall( 1078 gen.slowPathJump(), this, operationInByIdOptimize, 1079 NeedToSpill, ExceptionCheckRequirement::CheckNeeded, 1080 resultRegs, gen.stubInfo(), CCallHelpers::CellValue(baseGPR), identifierUID(node->identifierNumber())); 1081 1082 m_jit.addInById(gen, slowPath.get()); 1083 addSlowPathGenerator(WTFMove(slowPath)); 1084 1085 blessedBooleanResult(resultRegs.payloadGPR(), node, UseChildrenCalledExplicitly); 1086 } 1087 1088 void SpeculativeJIT::compileInByVal(Node* node) 1089 { 1090 SpeculateCellOperand base(this, node->child1()); 1063 1064 if (JSString* string = node->child2()->dynamicCastConstant<JSString*>(*m_jit.vm())) { 1065 if (string->tryGetValueImpl() && string->tryGetValueImpl()->isAtomic()) { 1066 StructureStubInfo* stubInfo = m_jit.codeBlock()->addStubInfo(AccessType::In); 1067 1068 GPRTemporary result(this); 1069 GPRReg resultGPR = result.gpr(); 1070 1071 use(node->child2()); 1072 1073 MacroAssembler::PatchableJump jump = m_jit.patchableJump(); 1074 MacroAssembler::Label done = m_jit.label(); 1075 1076 // Since this block is executed only when the result of string->tryGetValueImpl() is atomic, 1077 // we can cast it to const AtomicStringImpl* safely. 1078 auto slowPath = slowPathCall( 1079 jump.m_jump, this, operationInOptimize, 1080 JSValueRegs::payloadOnly(resultGPR), stubInfo, baseGPR, 1081 static_cast<const AtomicStringImpl*>(string->tryGetValueImpl())); 1082 1083 stubInfo->callSiteIndex = m_jit.addCallSite(node->origin.semantic); 1084 stubInfo->codeOrigin = node->origin.semantic; 1085 stubInfo->patch.baseGPR = static_cast<int8_t>(baseGPR); 1086 stubInfo->patch.valueGPR = static_cast<int8_t>(resultGPR); 1087 stubInfo->patch.thisGPR = static_cast<int8_t>(InvalidGPRReg); 1088 #if USE(JSVALUE32_64) 1089 stubInfo->patch.valueTagGPR = static_cast<int8_t>(InvalidGPRReg); 1090 stubInfo->patch.baseTagGPR = static_cast<int8_t>(InvalidGPRReg); 1091 stubInfo->patch.thisTagGPR = static_cast<int8_t>(InvalidGPRReg); 1092 #endif 1093 stubInfo->patch.usedRegisters = usedRegisters(); 1094 1095 m_jit.addIn(InRecord(jump, done, slowPath.get(), stubInfo)); 1096 addSlowPathGenerator(WTFMove(slowPath)); 1097 1098 base.use(); 1099 1100 blessedBooleanResult(resultGPR, node, UseChildrenCalledExplicitly); 1101 return; 1102 } 1103 } 1104 1091 1105 JSValueOperand key(this, node->child2()); 1092 1093 GPRReg baseGPR = base.gpr();1094 1106 JSValueRegs regs = key.jsValueRegs(); 1095 1107 1108 GPRFlushedCallResult result(this); 1109 GPRReg resultGPR = result.gpr(); 1110 1096 1111 base.use(); 1097 1112 key.use(); 1098 1113 1099 1114 flushRegisters(); 1100 JSValueRegsFlushedCallResult result(this);1101 JSValueRegs resultRegs = result.regs();1102 callOperation(operationInByVal, resultRegs,baseGPR, regs);1115 callOperation( 1116 operationGenericIn, extractResult(JSValueRegs::payloadOnly(resultGPR)), 1117 baseGPR, regs); 1103 1118 m_jit.exceptionCheck(); 1104 blessedBooleanResult(result Regs.payloadGPR(), node, UseChildrenCalledExplicitly);1119 blessedBooleanResult(resultGPR, node, UseChildrenCalledExplicitly); 1105 1120 } 1106 1121 -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
r232000 r232029 736 736 void compileGetById(Node*, AccessType); 737 737 void compileGetByIdFlush(Node*, AccessType); 738 void compileInById(Node*); 739 void compileInByVal(Node*); 738 void compileIn(Node*); 740 739 741 740 void nonSpeculativeNonPeepholeCompareNullOrUndefined(Edge operand); -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
r232000 r232029 3757 3757 break; 3758 3758 3759 case InById: 3760 compileInById(node); 3761 break; 3762 3763 case InByVal: 3764 compileInByVal(node); 3759 case In: 3760 compileIn(node); 3765 3761 break; 3766 3762 -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
r232000 r232029 4307 4307 break; 4308 4308 4309 case InById: 4310 compileInById(node); 4311 break; 4312 4313 case InByVal: 4314 compileInByVal(node); 4309 case In: 4310 compileIn(node); 4315 4311 break; 4316 4312 -
trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp
r232000 r232029 206 206 case ThrowStaticError: 207 207 case Unreachable: 208 case InByVal: 209 case InById: 208 case In: 210 209 case HasOwnProperty: 211 210 case IsCellWithType: -
trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
r232000 r232029 709 709 compileGetById(AccessType::GetDirect); 710 710 break; 711 case InById: 712 compileInById(); 713 break; 714 case InByVal: 715 compileInByVal(); 711 case In: 712 compileIn(); 716 713 break; 717 714 case HasOwnProperty: … … 9717 9714 } 9718 9715 9719 void compileInByVal() 9720 { 9721 setJSValue(vmCall(Int64, m_out.operation(operationInByVal), m_callFrame, lowCell(m_node->child1()), lowJSValue(m_node->child2()))); 9722 } 9723 9724 void compileInById() 9725 { 9716 void compileIn() 9717 { 9718 DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == CellUse, m_node->child1().useKind()); 9719 9726 9720 Node* node = m_node; 9727 UniquedStringImpl* uid = m_graph.identifiers()[node->identifierNumber()]; 9728 LValue base = lowCell(m_node->child1()); 9729 9730 PatchpointValue* patchpoint = m_out.patchpoint(Int64); 9731 patchpoint->appendSomeRegister(base); 9732 patchpoint->append(m_tagMask, ValueRep::lateReg(GPRInfo::tagMaskRegister)); 9733 patchpoint->append(m_tagTypeNumber, ValueRep::lateReg(GPRInfo::tagTypeNumberRegister)); 9734 9735 patchpoint->clobber(RegisterSet::macroScratchRegisters()); 9736 9737 RefPtr<PatchpointExceptionHandle> exceptionHandle = 9738 preparePatchpointForExceptions(patchpoint); 9739 9740 State* state = &m_ftlState; 9741 patchpoint->setGenerator( 9742 [=] (CCallHelpers& jit, const StackmapGenerationParams& params) { 9743 AllowMacroScratchRegisterUsage allowScratch(jit); 9744 9745 CallSiteIndex callSiteIndex = 9746 state->jitCode->common.addUniqueCallSiteIndex(node->origin.semantic); 9747 9748 // This is the direct exit target for operation calls. 9749 Box<CCallHelpers::JumpList> exceptions = 9750 exceptionHandle->scheduleExitCreation(params)->jumps(jit); 9751 9752 auto generator = Box<JITInByIdGenerator>::create( 9753 jit.codeBlock(), node->origin.semantic, callSiteIndex, 9754 params.unavailableRegisters(), uid, JSValueRegs(params[1].gpr()), 9755 JSValueRegs(params[0].gpr())); 9756 9757 generator->generateFastPath(jit); 9758 CCallHelpers::Label done = jit.label(); 9759 9760 params.addLatePath( 9761 [=] (CCallHelpers& jit) { 9721 Edge base = node->child1(); 9722 LValue cell = lowCell(base); 9723 if (JSString* string = node->child2()->dynamicCastConstant<JSString*>(vm())) { 9724 if (string->tryGetValueImpl() && string->tryGetValueImpl()->isAtomic()) { 9725 UniquedStringImpl* str = bitwise_cast<UniquedStringImpl*>(string->tryGetValueImpl()); 9726 PatchpointValue* patchpoint = m_out.patchpoint(Int64); 9727 patchpoint->appendSomeRegister(cell); 9728 patchpoint->append(m_tagMask, ValueRep::lateReg(GPRInfo::tagMaskRegister)); 9729 patchpoint->append(m_tagTypeNumber, ValueRep::lateReg(GPRInfo::tagTypeNumberRegister)); 9730 patchpoint->clobber(RegisterSet::macroScratchRegisters()); 9731 9732 RefPtr<PatchpointExceptionHandle> exceptionHandle = preparePatchpointForExceptions(patchpoint); 9733 9734 State* state = &m_ftlState; 9735 patchpoint->setGenerator( 9736 [=] (CCallHelpers& jit, const StackmapGenerationParams& params) { 9762 9737 AllowMacroScratchRegisterUsage allowScratch(jit); 9763 9738 9764 generator->slowPathJump().link(&jit); 9765 CCallHelpers::Label slowPathBegin = jit.label(); 9766 CCallHelpers::Call slowPathCall = callOperation( 9767 *state, params.unavailableRegisters(), jit, node->origin.semantic, 9768 exceptions.get(), operationInByIdOptimize, params[0].gpr(), 9769 CCallHelpers::TrustedImmPtr(generator->stubInfo()), params[1].gpr(), 9770 CCallHelpers::TrustedImmPtr(uid)).call(); 9771 jit.jump().linkTo(done, &jit); 9772 9773 generator->reportSlowPathCall(slowPathBegin, slowPathCall); 9774 9775 jit.addLinkTask( 9776 [=] (LinkBuffer& linkBuffer) { 9777 generator->finalize(linkBuffer, linkBuffer); 9739 // This is the direct exit target for operation calls. We don't need a JS exceptionHandle because we don't 9740 // cache Proxy objects. 9741 Box<CCallHelpers::JumpList> exceptions = exceptionHandle->scheduleExitCreation(params)->jumps(jit); 9742 9743 GPRReg baseGPR = params[1].gpr(); 9744 GPRReg resultGPR = params[0].gpr(); 9745 9746 StructureStubInfo* stubInfo = 9747 jit.codeBlock()->addStubInfo(AccessType::In); 9748 stubInfo->callSiteIndex = 9749 state->jitCode->common.addCodeOrigin(node->origin.semantic); 9750 stubInfo->codeOrigin = node->origin.semantic; 9751 stubInfo->patch.baseGPR = static_cast<int8_t>(baseGPR); 9752 stubInfo->patch.valueGPR = static_cast<int8_t>(resultGPR); 9753 stubInfo->patch.thisGPR = static_cast<int8_t>(InvalidGPRReg); 9754 stubInfo->patch.usedRegisters = params.unavailableRegisters(); 9755 9756 CCallHelpers::PatchableJump jump = jit.patchableJump(); 9757 CCallHelpers::Label done = jit.label(); 9758 9759 params.addLatePath( 9760 [=] (CCallHelpers& jit) { 9761 AllowMacroScratchRegisterUsage allowScratch(jit); 9762 9763 jump.m_jump.link(&jit); 9764 CCallHelpers::Label slowPathBegin = jit.label(); 9765 CCallHelpers::Call slowPathCall = callOperation( 9766 *state, params.unavailableRegisters(), jit, 9767 node->origin.semantic, exceptions.get(), operationInOptimize, 9768 resultGPR, CCallHelpers::TrustedImmPtr(stubInfo), baseGPR, 9769 CCallHelpers::TrustedImmPtr(str)).call(); 9770 jit.jump().linkTo(done, &jit); 9771 9772 jit.addLinkTask( 9773 [=] (LinkBuffer& linkBuffer) { 9774 CodeLocationLabel<JITStubRoutinePtrTag> start = linkBuffer.locationOf<JITStubRoutinePtrTag>(jump); 9775 stubInfo->patch.start = start; 9776 ptrdiff_t inlineSize = MacroAssembler::differenceBetweenCodePtr( 9777 start, linkBuffer.locationOf<NoPtrTag>(done)); 9778 RELEASE_ASSERT(inlineSize >= 0); 9779 stubInfo->patch.inlineSize = inlineSize; 9780 9781 stubInfo->patch.deltaFromStartToSlowPathCallLocation = MacroAssembler::differenceBetweenCodePtr( 9782 start, linkBuffer.locationOf<NoPtrTag>(slowPathCall)); 9783 9784 stubInfo->patch.deltaFromStartToSlowPathStart = MacroAssembler::differenceBetweenCodePtr( 9785 start, linkBuffer.locationOf<NoPtrTag>(slowPathBegin)); 9786 9787 }); 9778 9788 }); 9779 9789 }); 9780 }); 9781 9782 setJSValue(patchpoint); 9790 9791 setJSValue(patchpoint); 9792 return; 9793 } 9794 } 9795 9796 setJSValue(vmCall(Int64, m_out.operation(operationGenericIn), m_callFrame, cell, lowJSValue(m_node->child2()))); 9783 9797 } 9784 9798 -
trunk/Source/JavaScriptCore/jit/ICStats.h
r231998 r232029 51 51 macro(OperationGetByIdOptimize) \ 52 52 macro(OperationGetByIdWithThisOptimize) \ 53 macro(OperationInOptimize) \ 54 macro(OperationIn) \ 53 55 macro(OperationGenericIn) \ 54 macro(OperationInById) \55 macro(OperationInByIdGeneric) \56 macro(OperationInByIdOptimize) \57 56 macro(OperationPutByIdStrict) \ 58 57 macro(OperationPutByIdNonStrict) \ … … 69 68 macro(PutByIdAddAccessCase) \ 70 69 macro(PutByIdReplaceWithJump) \ 71 macro(PutByIdSelfPatch) \ 72 macro(InByIdSelfPatch) 70 macro(PutByIdSelfPatch) 73 71 74 72 class ICEvent { -
trunk/Source/JavaScriptCore/jit/JIT.cpp
r231998 r232029 79 79 , m_labels(codeBlock ? codeBlock->numberOfInstructions() : 0) 80 80 , m_bytecodeOffset(std::numeric_limits<unsigned>::max()) 81 , m_getByIdIndex(UINT_MAX) 82 , m_getByIdWithThisIndex(UINT_MAX) 83 , m_putByIdIndex(UINT_MAX) 84 , m_byValInstructionIndex(UINT_MAX) 85 , m_callLinkInfoIndex(UINT_MAX) 81 86 , m_pcToCodeOriginMapBuilder(*vm) 82 87 , m_canBeOptimized(false) … … 273 278 274 279 switch (opcodeID) { 275 DEFINE_SLOW_OP(in _by_val)280 DEFINE_SLOW_OP(in) 276 281 DEFINE_SLOW_OP(less) 277 282 DEFINE_SLOW_OP(lesseq) … … 337 342 DEFINE_OP(op_beloweq) 338 343 DEFINE_OP(op_try_get_by_id) 339 DEFINE_OP(op_in_by_id)340 344 case op_get_array_length: 341 345 case op_get_by_id_proto_load: … … 475 479 m_getByIdWithThisIndex = 0; 476 480 m_putByIdIndex = 0; 477 m_inByIdIndex = 0;478 481 m_instanceOfIndex = 0; 479 482 m_byValInstructionIndex = 0; … … 519 522 DEFINE_SLOWCASE_OP(op_eq) 520 523 DEFINE_SLOWCASE_OP(op_try_get_by_id) 521 DEFINE_SLOWCASE_OP(op_in_by_id)522 524 case op_get_array_length: 523 525 case op_get_by_id_proto_load: … … 599 601 RELEASE_ASSERT(m_getByIdWithThisIndex == m_getByIdsWithThis.size()); 600 602 RELEASE_ASSERT(m_putByIdIndex == m_putByIds.size()); 601 RELEASE_ASSERT(m_inByIdIndex == m_inByIds.size());602 603 RELEASE_ASSERT(m_instanceOfIndex == m_instanceOfs.size()); 603 604 RELEASE_ASSERT(m_callLinkInfoIndex == m_callCompilationInfo.size()); … … 842 843 finalizeInlineCaches(m_getByIdsWithThis, patchBuffer); 843 844 finalizeInlineCaches(m_putByIds, patchBuffer); 844 finalizeInlineCaches(m_inByIds, patchBuffer);845 845 finalizeInlineCaches(m_instanceOfs, patchBuffer); 846 846 -
trunk/Source/JavaScriptCore/jit/JIT.h
r231998 r232029 501 501 void emit_op_get_by_val(Instruction*); 502 502 void emit_op_get_argument_by_val(Instruction*); 503 void emit_op_in_by_id(Instruction*);504 503 void emit_op_init_lazy_reg(Instruction*); 505 504 void emit_op_overrides_has_instance(Instruction*); … … 613 612 void emitSlow_op_get_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&); 614 613 void emitSlow_op_get_argument_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&); 615 void emitSlow_op_in_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&);616 614 void emitSlow_op_instanceof(Instruction*, Vector<SlowCaseEntry>::iterator&); 617 615 void emitSlow_op_instanceof_custom(Instruction*, Vector<SlowCaseEntry>::iterator&); … … 868 866 Vector<JITGetByIdWithThisGenerator> m_getByIdsWithThis; 869 867 Vector<JITPutByIdGenerator> m_putByIds; 870 Vector<JITInByIdGenerator> m_inByIds;871 868 Vector<JITInstanceOfGenerator> m_instanceOfs; 872 869 Vector<ByValCompilationInfo> m_byValCompilationInfo; … … 882 879 Label m_exceptionHandler; 883 880 884 unsigned m_getByIdIndex { UINT_MAX }; 885 unsigned m_getByIdWithThisIndex { UINT_MAX }; 886 unsigned m_putByIdIndex { UINT_MAX }; 887 unsigned m_inByIdIndex { UINT_MAX }; 888 unsigned m_instanceOfIndex { UINT_MAX }; 889 unsigned m_byValInstructionIndex { UINT_MAX }; 890 unsigned m_callLinkInfoIndex { UINT_MAX }; 881 unsigned m_getByIdIndex; 882 unsigned m_getByIdWithThisIndex; 883 unsigned m_putByIdIndex; 884 unsigned m_instanceOfIndex; 885 unsigned m_byValInstructionIndex; 886 unsigned m_callLinkInfoIndex; 891 887 892 888 Label m_arityCheck; -
trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp
r231998 r232029 167 167 } 168 168 169 JITInByIdGenerator::JITInByIdGenerator(170 CodeBlock* codeBlock, CodeOrigin codeOrigin, CallSiteIndex callSite, const RegisterSet& usedRegisters,171 UniquedStringImpl* propertyName, JSValueRegs base, JSValueRegs value)172 : JITByIdGenerator(codeBlock, codeOrigin, callSite, AccessType::In, usedRegisters, base, value)173 {174 // FIXME: We are not supporting fast path for "length" property.175 UNUSED_PARAM(propertyName);176 RELEASE_ASSERT(base.payloadGPR() != value.tagGPR());177 }178 179 void JITInByIdGenerator::generateFastPath(MacroAssembler& jit)180 {181 generateFastCommon(jit, InlineAccess::sizeForPropertyAccess());182 }183 184 169 JITInstanceOfGenerator::JITInstanceOfGenerator( 185 170 CodeBlock* codeBlock, CodeOrigin codeOrigin, CallSiteIndex callSiteIndex, -
trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.h
r231998 r232029 144 144 }; 145 145 146 class JITInByIdGenerator : public JITByIdGenerator {147 public:148 JITInByIdGenerator() { }149 150 JITInByIdGenerator(151 CodeBlock*, CodeOrigin, CallSiteIndex, const RegisterSet& usedRegisters, UniquedStringImpl* propertyName,152 JSValueRegs base, JSValueRegs value);153 154 void generateFastPath(MacroAssembler&);155 };156 157 146 class JITInstanceOfGenerator : public JITInlineCacheGenerator { 158 147 public: -
trunk/Source/JavaScriptCore/jit/JITOperations.cpp
r232017 r232029 378 378 } 379 379 380 EncodedJSValue JIT_OPERATION operationIn ById(ExecState* exec, StructureStubInfo* stubInfo, EncodedJSValue base, UniquedStringImpl* uid)380 EncodedJSValue JIT_OPERATION operationInOptimize(ExecState* exec, StructureStubInfo* stubInfo, JSCell* base, UniquedStringImpl* key) 381 381 { 382 382 SuperSamplerScope superSamplerScope(false); 383 384 VM& vm = exec->vm(); 385 NativeCallFrameTracer tracer(&vm, exec); 386 auto scope = DECLARE_THROW_SCOPE(vm); 383 384 VM* vm = &exec->vm(); 385 NativeCallFrameTracer tracer(vm, exec); 386 auto scope = DECLARE_THROW_SCOPE(*vm); 387 388 if (!base->isObject()) { 389 throwException(exec, scope, createInvalidInParameterError(exec, base)); 390 return JSValue::encode(jsUndefined()); 391 } 392 393 AccessType accessType = static_cast<AccessType>(stubInfo->accessType); 394 395 Identifier ident = Identifier::fromUid(vm, key); 396 LOG_IC((ICEvent::OperationInOptimize, base->classInfo(*vm), ident)); 397 PropertySlot slot(base, PropertySlot::InternalMethodType::HasProperty); 398 bool result = asObject(base)->getPropertySlot(exec, ident, slot); 399 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 400 401 RELEASE_ASSERT(accessType == stubInfo->accessType); 402 403 if (stubInfo->considerCaching(exec->codeBlock(), asObject(base)->structure())) 404 repatchIn(exec, base, ident, result, slot, *stubInfo); 405 406 return JSValue::encode(jsBoolean(result)); 407 } 408 409 EncodedJSValue JIT_OPERATION operationIn(ExecState* exec, StructureStubInfo* stubInfo, JSCell* base, UniquedStringImpl* key) 410 { 411 SuperSamplerScope superSamplerScope(false); 412 413 VM* vm = &exec->vm(); 414 NativeCallFrameTracer tracer(vm, exec); 415 auto scope = DECLARE_THROW_SCOPE(*vm); 387 416 388 417 stubInfo->tookSlowPath = true; 389 418 390 Identifier ident = Identifier::fromUid(&vm, uid); 391 392 JSValue baseValue = JSValue::decode(base); 393 if (!baseValue.isObject()) { 394 throwException(exec, scope, createInvalidInParameterError(exec, baseValue)); 419 if (!base->isObject()) { 420 throwException(exec, scope, createInvalidInParameterError(exec, base)); 395 421 return JSValue::encode(jsUndefined()); 396 422 } 397 JSObject* baseObject = asObject(baseValue); 398 399 LOG_IC((ICEvent::OperationInById, baseObject->classInfo(vm), ident)); 400 423 424 Identifier ident = Identifier::fromUid(vm, key); 425 LOG_IC((ICEvent::OperationIn, base->classInfo(*vm), ident)); 401 426 scope.release(); 402 PropertySlot slot(baseObject, PropertySlot::InternalMethodType::HasProperty); 403 return JSValue::encode(jsBoolean(baseObject->getPropertySlot(exec, ident, slot))); 404 } 405 406 EncodedJSValue JIT_OPERATION operationInByIdGeneric(ExecState* exec, EncodedJSValue base, UniquedStringImpl* uid) 427 return JSValue::encode(jsBoolean(asObject(base)->hasProperty(exec, ident))); 428 } 429 430 EncodedJSValue JIT_OPERATION operationGenericIn(ExecState* exec, JSCell* base, EncodedJSValue key) 407 431 { 408 432 SuperSamplerScope superSamplerScope(false); 409 410 VM& vm = exec->vm(); 411 NativeCallFrameTracer tracer(&vm, exec); 412 auto scope = DECLARE_THROW_SCOPE(vm); 413 414 Identifier ident = Identifier::fromUid(&vm, uid); 415 416 JSValue baseValue = JSValue::decode(base); 417 if (!baseValue.isObject()) { 418 throwException(exec, scope, createInvalidInParameterError(exec, baseValue)); 419 return JSValue::encode(jsUndefined()); 420 } 421 JSObject* baseObject = asObject(baseValue); 422 423 LOG_IC((ICEvent::OperationInByIdGeneric, baseObject->classInfo(vm), ident)); 424 425 scope.release(); 426 PropertySlot slot(baseObject, PropertySlot::InternalMethodType::HasProperty); 427 return JSValue::encode(jsBoolean(baseObject->getPropertySlot(exec, ident, slot))); 428 } 429 430 EncodedJSValue JIT_OPERATION operationInByIdOptimize(ExecState* exec, StructureStubInfo* stubInfo, EncodedJSValue base, UniquedStringImpl* uid) 431 { 432 SuperSamplerScope superSamplerScope(false); 433 434 VM& vm = exec->vm(); 435 NativeCallFrameTracer tracer(&vm, exec); 436 auto scope = DECLARE_THROW_SCOPE(vm); 437 438 Identifier ident = Identifier::fromUid(&vm, uid); 439 440 JSValue baseValue = JSValue::decode(base); 441 if (!baseValue.isObject()) { 442 throwException(exec, scope, createInvalidInParameterError(exec, baseValue)); 443 return JSValue::encode(jsUndefined()); 444 } 445 JSObject* baseObject = asObject(baseValue); 446 447 LOG_IC((ICEvent::OperationInByIdOptimize, baseObject->classInfo(vm), ident)); 448 449 scope.release(); 450 PropertySlot slot(baseObject, PropertySlot::InternalMethodType::HasProperty); 451 bool found = baseObject->getPropertySlot(exec, ident, slot); 452 if (stubInfo->considerCaching(exec->codeBlock(), baseObject->structure(vm))) 453 repatchInByID(exec, baseObject, ident, found, slot, *stubInfo); 454 return JSValue::encode(jsBoolean(found)); 455 } 456 457 EncodedJSValue JIT_OPERATION operationInByVal(ExecState* exec, JSCell* base, EncodedJSValue key) 458 { 459 SuperSamplerScope superSamplerScope(false); 460 461 VM* vm = &exec->vm(); 462 NativeCallFrameTracer tracer(vm, exec); 463 464 return JSValue::encode(jsBoolean(CommonSlowPaths::opInByVal(exec, base, JSValue::decode(key)))); 433 434 VM* vm = &exec->vm(); 435 NativeCallFrameTracer tracer(vm, exec); 436 437 return JSValue::encode(jsBoolean(CommonSlowPaths::opIn(exec, base, JSValue::decode(key)))); 465 438 } 466 439 -
trunk/Source/JavaScriptCore/jit/JITOperations.h
r231998 r232029 372 372 EncodedJSValue JIT_OPERATION operationGetByIdDirectGeneric(ExecState*, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL; 373 373 EncodedJSValue JIT_OPERATION operationGetByIdDirectOptimize(ExecState*, StructureStubInfo*, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL; 374 EncodedJSValue JIT_OPERATION operationInById(ExecState*, StructureStubInfo*, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL;375 EncodedJSValue JIT_OPERATION operationInByIdGeneric(ExecState*, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL;376 EncodedJSValue JIT_OPERATION operationInByIdOptimize(ExecState*, StructureStubInfo*, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL;377 374 EncodedJSValue JIT_OPERATION operationInOptimize(ExecState*, StructureStubInfo*, JSCell*, UniquedStringImpl*) WTF_INTERNAL; 378 375 EncodedJSValue JIT_OPERATION operationIn(ExecState*, StructureStubInfo*, JSCell*, UniquedStringImpl*) WTF_INTERNAL; 379 EncodedJSValue JIT_OPERATION operation InByVal(ExecState*, JSCell*, EncodedJSValue) WTF_INTERNAL;376 EncodedJSValue JIT_OPERATION operationGenericIn(ExecState*, JSCell*, EncodedJSValue) WTF_INTERNAL; 380 377 void JIT_OPERATION operationPutByIdStrict(ExecState*, StructureStubInfo*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, UniquedStringImpl*) WTF_INTERNAL; 381 378 void JIT_OPERATION operationPutByIdNonStrict(ExecState*, StructureStubInfo*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, UniquedStringImpl*) WTF_INTERNAL; -
trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
r231998 r232029 748 748 749 749 Call call = callOperation(gen.slowPathFunction(), gen.stubInfo(), regT1, regT0, ident->impl()); 750 751 gen.reportSlowPathCall(coldPathBegin, call);752 }753 754 void JIT::emit_op_in_by_id(Instruction* currentInstruction)755 {756 int resultVReg = currentInstruction[1].u.operand;757 int baseVReg = currentInstruction[2].u.operand;758 const Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));759 760 emitGetVirtualRegister(baseVReg, regT0);761 762 emitJumpSlowCaseIfNotJSCell(regT0, baseVReg);763 764 JITInByIdGenerator gen(765 m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(m_bytecodeOffset), RegisterSet::stubUnavailableRegisters(),766 ident->impl(), JSValueRegs(regT0), JSValueRegs(regT0));767 gen.generateFastPath(*this);768 addSlowCase(gen.slowPathJump());769 m_inByIds.append(gen);770 771 emitPutVirtualRegister(resultVReg);772 }773 774 void JIT::emitSlow_op_in_by_id(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)775 {776 linkAllSlowCases(iter);777 778 int resultVReg = currentInstruction[1].u.operand;779 const Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));780 781 JITInByIdGenerator& gen = m_inByIds[m_inByIdIndex++];782 783 Label coldPathBegin = label();784 785 Call call = callOperation(operationInByIdOptimize, resultVReg, gen.stubInfo(), regT0, ident->impl());786 750 787 751 gen.reportSlowPathCall(coldPathBegin, call); -
trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
r232017 r232029 769 769 gen.slowPathFunction(), gen.stubInfo(), JSValueRegs(regT3, regT2), JSValueRegs(regT1, regT0), ident->impl()); 770 770 771 gen.reportSlowPathCall(coldPathBegin, call);772 }773 774 void JIT::emit_op_in_by_id(Instruction* currentInstruction)775 {776 int dst = currentInstruction[1].u.operand;777 int base = currentInstruction[2].u.operand;778 const Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));779 780 emitLoad(base, regT1, regT0);781 emitJumpSlowCaseIfNotJSCell(base, regT1);782 783 JITInByIdGenerator gen(784 m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(currentInstruction), RegisterSet::stubUnavailableRegisters(),785 ident->impl(), JSValueRegs::payloadOnly(regT0), JSValueRegs(regT1, regT0));786 gen.generateFastPath(*this);787 addSlowCase(gen.slowPathJump());788 m_inByIds.append(gen);789 790 emitStore(dst, regT1, regT0);791 }792 793 void JIT::emitSlow_op_in_by_id(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)794 {795 linkAllSlowCases(iter);796 797 int resultVReg = currentInstruction[1].u.operand;798 const Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));799 800 JITInByIdGenerator& gen = m_inByIds[m_getByIdIndex++];801 802 Label coldPathBegin = label();803 804 Call call = callOperation(operationInByIdOptimize, resultVReg, gen.stubInfo(), JSValueRegs(regT1, regT0), ident->impl());805 806 771 gen.reportSlowPathCall(coldPathBegin, call); 807 772 } -
trunk/Source/JavaScriptCore/jit/Repatch.cpp
r231998 r232029 606 606 } 607 607 608 static InlineCacheAction tryCacheIn ByID(609 ExecState* exec, JS Object* base, const Identifier& ident,608 static InlineCacheAction tryCacheIn( 609 ExecState* exec, JSCell* base, const Identifier& ident, 610 610 bool wasFound, const PropertySlot& slot, StructureStubInfo& stubInfo) 611 611 { … … 632 632 ObjectPropertyConditionSet conditionSet; 633 633 if (wasFound) { 634 InlineCacheAction action = actionForCell(vm, base);635 if (action != AttemptToCache)636 return action;637 638 // Optimize self access.639 if (stubInfo.cacheType == CacheType::Unset640 && slot.isCacheableValue()641 && slot.slotBase() == base642 && !slot.watchpointSet()643 && !structure->needImpurePropertyWatchpoint()) {644 bool generatedCodeInline = InlineAccess::generateSelfInAccess(stubInfo, structure);645 if (generatedCodeInline) {646 LOG_IC((ICEvent::InByIdSelfPatch, structure->classInfo(), ident));647 structure->startWatchingPropertyForReplacements(vm, slot.cachedOffset());648 ftlThunkAwareRepatchCall(codeBlock, stubInfo.slowPathCallLocation(), operationInByIdOptimize);649 stubInfo.initInByIdSelf(codeBlock, structure, slot.cachedOffset());650 return RetryCacheLater;651 }652 }653 654 634 if (slot.slotBase() != base) { 655 635 bool usesPolyProto; … … 685 665 686 666 std::unique_ptr<AccessCase> newCase = AccessCase::create( 687 vm, codeBlock, wasFound ? AccessCase::InHit : AccessCase::InMiss, wasFound ? slot.cachedOffset() :invalidOffset, structure, conditionSet, WTFMove(prototypeAccessChain));667 vm, codeBlock, wasFound ? AccessCase::InHit : AccessCase::InMiss, invalidOffset, structure, conditionSet, WTFMove(prototypeAccessChain)); 688 668 689 669 result = stubInfo.addAccessCase(locker, codeBlock, ident, WTFMove(newCase)); … … 693 673 694 674 RELEASE_ASSERT(result.code()); 695 InlineAccess::rewireStubAsJump(stubInfo, CodeLocationLabel<JITStubRoutinePtrTag>(result.code())); 675 676 MacroAssembler::repatchJump( 677 stubInfo.patchableJump(), 678 CodeLocationLabel<JITStubRoutinePtrTag>(result.code())); 696 679 } 697 680 } … … 702 685 } 703 686 704 void repatchInByID(ExecState* exec, JSObject* baseObject, const Identifier& propertyName, bool wasFound, const PropertySlot& slot, StructureStubInfo& stubInfo) 687 void repatchIn( 688 ExecState* exec, JSCell* base, const Identifier& ident, bool wasFound, 689 const PropertySlot& slot, StructureStubInfo& stubInfo) 705 690 { 706 691 SuperSamplerScope superSamplerScope(false); 707 708 if (tryCacheInByID(exec, baseObject, propertyName, wasFound, slot, stubInfo) == GiveUpOnCache) { 709 CodeBlock* codeBlock = exec->codeBlock(); 710 ftlThunkAwareRepatchCall(codeBlock, stubInfo.slowPathCallLocation(), operationInById); 711 } 692 if (tryCacheIn(exec, base, ident, wasFound, slot, stubInfo) == GiveUpOnCache) 693 ftlThunkAwareRepatchCall(exec->codeBlock(), stubInfo.slowPathCallLocation(), operationIn); 712 694 } 713 695 … … 1255 1237 } 1256 1238 1257 void resetInByID(CodeBlock* codeBlock, StructureStubInfo& stubInfo) 1258 { 1259 ftlThunkAwareRepatchCall(codeBlock, stubInfo.slowPathCallLocation(), operationInByIdOptimize); 1260 InlineAccess::rewireStubAsJump(stubInfo, stubInfo.slowPathStartLocation()); 1239 void resetIn(StructureStubInfo& stubInfo) 1240 { 1241 resetPatchableJump(stubInfo); 1261 1242 } 1262 1243 -
trunk/Source/JavaScriptCore/jit/Repatch.h
r231998 r232029 45 45 void repatchPutByID(ExecState*, JSValue, Structure*, const Identifier&, const PutPropertySlot&, StructureStubInfo&, PutKind); 46 46 void buildPutByIdList(ExecState*, JSValue, Structure*, const Identifier&, const PutPropertySlot&, StructureStubInfo&, PutKind); 47 void repatchIn ByID(ExecState*, JSObject*, const Identifier&, bool wasFound, const PropertySlot&, StructureStubInfo&);47 void repatchIn(ExecState*, JSCell*, const Identifier&, bool wasFound, const PropertySlot&, StructureStubInfo&); 48 48 void repatchInstanceOf(ExecState*, JSValue value, JSValue prototype, StructureStubInfo&, bool wasFound); 49 49 void linkFor(ExecState*, CallLinkInfo&, CodeBlock*, JSObject* callee, MacroAssemblerCodePtr<JSEntryPtrTag>); … … 55 55 void resetGetByID(CodeBlock*, StructureStubInfo&, GetByIDKind); 56 56 void resetPutByID(CodeBlock*, StructureStubInfo&); 57 void resetIn ByID(CodeBlock*,StructureStubInfo&);57 void resetIn(StructureStubInfo&); 58 58 void resetInstanceOf(StructureStubInfo&); 59 59 void ftlThunkAwareRepatchCall(CodeBlock*, CodeLocationCall<JSInternalPtrTag>, FunctionPtr<CFunctionPtrTag> newCalleeFunction); -
trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
r231998 r232029 1508 1508 1509 1509 1510 _llint_op_in_by_id: 1511 traceExecution() 1512 callSlowPath(_slow_path_in_by_id) 1513 dispatch(constexpr op_in_by_id_length) 1514 1515 1516 _llint_op_in_by_val: 1517 traceExecution() 1518 callSlowPath(_slow_path_in_by_val) 1519 dispatch(constexpr op_in_by_val_length) 1510 _llint_op_in: 1511 traceExecution() 1512 callSlowPath(_slow_path_in) 1513 dispatch(constexpr op_in_length) 1520 1514 1521 1515 -
trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
r231998 r232029 1552 1552 callSlowPath(_llint_slow_path_put_by_id) 1553 1553 dispatch(constexpr op_put_by_id_length) 1554 1555 1554 1556 1555 macro finishGetByVal(result, scratch) -
trunk/Source/JavaScriptCore/parser/NodeConstructors.h
r231998 r232029 624 624 625 625 inline InNode::InNode(const JSTokenLocation& location, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments) 626 : ThrowableBinaryOpNode(location, expr1, expr2, op_in _by_val, rightHasAssignments)626 : ThrowableBinaryOpNode(location, expr1, expr2, op_in, rightHasAssignments) 627 627 { 628 628 } -
trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
r231998 r232029 649 649 } 650 650 651 SLOW_PATH_DECL(slow_path_in_by_val) 652 { 653 BEGIN(); 654 RETURN(jsBoolean(CommonSlowPaths::opInByVal(exec, OP_C(2).jsValue(), OP_C(3).jsValue(), pc[4].u.arrayProfile))); 655 } 656 657 SLOW_PATH_DECL(slow_path_in_by_id) 658 { 659 BEGIN(); 660 661 JSValue baseValue = OP_C(2).jsValue(); 662 if (!baseValue.isObject()) 663 THROW(createInvalidInParameterError(exec, baseValue)); 664 665 RETURN(jsBoolean(asObject(baseValue)->hasProperty(exec, exec->codeBlock()->identifier(pc[3].u.operand)))); 651 SLOW_PATH_DECL(slow_path_in) 652 { 653 BEGIN(); 654 RETURN(jsBoolean(CommonSlowPaths::opIn(exec, OP_C(2).jsValue(), OP_C(3).jsValue(), pc[4].u.arrayProfile))); 666 655 } 667 656 -
trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.h
r231998 r232029 86 86 } 87 87 88 inline bool opIn ByVal(ExecState* exec, JSValue baseVal, JSValue propName, ArrayProfile* arrayProfile = nullptr)88 inline bool opIn(ExecState* exec, JSValue baseVal, JSValue propName, ArrayProfile* arrayProfile = nullptr) 89 89 { 90 90 VM& vm = exec->vm(); … … 309 309 SLOW_PATH_HIDDEN_DECL(slow_path_is_object_or_null); 310 310 SLOW_PATH_HIDDEN_DECL(slow_path_is_function); 311 SLOW_PATH_HIDDEN_DECL(slow_path_in_by_id); 312 SLOW_PATH_HIDDEN_DECL(slow_path_in_by_val); 311 SLOW_PATH_HIDDEN_DECL(slow_path_in); 313 312 SLOW_PATH_HIDDEN_DECL(slow_path_del_by_val); 314 313 SLOW_PATH_HIDDEN_DECL(slow_path_strcat);
Note: See TracChangeset
for help on using the changeset viewer.