Diff
Modified: trunk/JSTests/ChangeLog (232028 => 232029)
--- trunk/JSTests/ChangeLog 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/JSTests/ChangeLog 2018-05-21 21:52:26 UTC (rev 232029)
@@ -1,3 +1,21 @@
+2018-05-21 Commit Queue <[email protected]>
+
+ Unreviewed, rolling out r231998 and r232017.
+ https://bugs.webkit.org/show_bug.cgi?id=185842
+
+ causes crashes on 32 JSC bot (Requested by realdawei on
+ #webkit).
+
+ Reverted changesets:
+
+ "[JSC] JSC should have consistent InById IC"
+ https://bugs.webkit.org/show_bug.cgi?id=185682
+ https://trac.webkit.org/changeset/231998
+
+ "Unreviewed, fix 32bit and scope release"
+ https://bugs.webkit.org/show_bug.cgi?id=185682
+ https://trac.webkit.org/changeset/232017
+
2018-05-19 Yusuke Suzuki <[email protected]>
[JSC] JSC should have consistent InById IC
Deleted: trunk/JSTests/stress/in-by-id-accessors.js (232028 => 232029)
--- trunk/JSTests/stress/in-by-id-accessors.js 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/JSTests/stress/in-by-id-accessors.js 2018-05-21 21:52:26 UTC (rev 232029)
@@ -1,41 +0,0 @@
-function shouldBe(actual, expected) {
- if (actual !== expected)
- throw new Error('bad value: ' + actual);
-}
-
-function test(object)
-{
- var name = "hello";
- return name in object;
-}
-noInline(test);
-
-var protoGetter = {
- __proto__: {
- get hello() {
- throw new Error("out");
- }
- }
-};
-var protoSetter = {
- __proto__: {
- set hello(value) {
- throw new Error("out");
- }
- }
-};
-for (var i = 0; i < 1e5; ++i) {
- shouldBe(test({
- get hello() {
- throw new Error("out");
- }
- }), true);
- shouldBe(test({}), false);
- shouldBe(test(protoGetter), true);
- shouldBe(test({
- set hello(value) {
- throw new Error("out");
- }
- }), true);
- shouldBe(test(protoSetter), true);
-}
Deleted: trunk/JSTests/stress/in-by-id-ai.js (232028 => 232029)
--- trunk/JSTests/stress/in-by-id-ai.js 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/JSTests/stress/in-by-id-ai.js 2018-05-21 21:52:26 UTC (rev 232029)
@@ -1,26 +0,0 @@
-function shouldBe(actual, expected) {
- if (actual !== expected)
- throw new Error('bad value: ' + actual);
-}
-
-function test(object)
-{
- var name = "hello";
- return name in object;
-}
-noInline(test);
-
-var proto = {
- __proto__: { hello: 2 }
-};
-for (var i = 0; i < 1e5; ++i) {
- shouldBe(test({
- hello: 42
- }), true);
- shouldBe(test({}), false);
- shouldBe(test({
- helloworld: 43,
- ok: 44
- }), false);
- shouldBe(test(proto), true);
-}
Deleted: trunk/JSTests/stress/in-by-id-custom-accessors.js (232028 => 232029)
--- trunk/JSTests/stress/in-by-id-custom-accessors.js 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/JSTests/stress/in-by-id-custom-accessors.js 2018-05-21 21:52:26 UTC (rev 232029)
@@ -1,25 +0,0 @@
-function shouldBe(actual, expected) {
- if (actual !== expected)
- throw new Error('bad value: ' + actual);
-}
-
-function test1(object)
-{
- return "customValue" in object;
-}
-noInline(test1);
-
-function test2(object)
-{
- return "customAccessor" in object;
-}
-noInline(test2);
-
-var target1 = $vm.createCustomTestGetterSetter();
-var target2 = { __proto__: target1 };
-for (var i = 0; i < 1e5; ++i) {
- shouldBe(test1(target1), true);
- shouldBe(test1(target2), true);
- shouldBe(test2(target1), true);
- shouldBe(test2(target2), true);
-}
Deleted: trunk/JSTests/stress/in-by-id-custom-values.js (232028 => 232029)
--- trunk/JSTests/stress/in-by-id-custom-values.js 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/JSTests/stress/in-by-id-custom-values.js 2018-05-21 21:52:26 UTC (rev 232029)
@@ -1,17 +0,0 @@
-function shouldBe(actual, expected) {
- if (actual !== expected)
- throw new Error('bad value: ' + actual);
-}
-
-function test(object)
-{
- return "$1" in object;
-}
-noInline(test);
-
-var target1 = RegExp;
-var target2 = { __proto__: RegExp };
-for (var i = 0; i < 1e5; ++i) {
- shouldBe(test(target1), true);
- shouldBe(test(target2), true);
-}
Deleted: trunk/JSTests/stress/in-by-id-operation.js (232028 => 232029)
--- trunk/JSTests/stress/in-by-id-operation.js 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/JSTests/stress/in-by-id-operation.js 2018-05-21 21:52:26 UTC (rev 232029)
@@ -1,42 +0,0 @@
-function shouldBe(actual, expected) {
- if (actual !== expected)
- throw new Error('bad value: ' + actual);
-}
-
-function test(object)
-{
- return "hello" in object;
-}
-noInline(test);
-
-for (var i = 0; i < 1e6; ++i) {
- shouldBe(test({
- hello: 42
- }), true);
- shouldBe(test({
- hello: undefined,
- world: 44
- }), true);
- shouldBe(test({
- helloworld: 43,
- ok: 44
- }), false);
-}
-
-function selfCache(object)
-{
- return "hello" in object;
-}
-noInline(selfCache);
-
-var object = {};
-object.hello = 42;
-for (var i = 0; i < 1e6; ++i)
- shouldBe(selfCache(object), true);
-object.world = 43;
-shouldBe(selfCache(object), true);
-object.world = 43;
-shouldBe(selfCache({ __proto__: object }), true);
-delete object.hello;
-shouldBe(selfCache(object), false);
-shouldBe(selfCache({ __proto__: object }), false);
Deleted: trunk/JSTests/stress/in-by-id-proxy.js (232028 => 232029)
--- trunk/JSTests/stress/in-by-id-proxy.js 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/JSTests/stress/in-by-id-proxy.js 2018-05-21 21:52:26 UTC (rev 232029)
@@ -1,44 +0,0 @@
-function shouldBe(actual, expected) {
- if (actual !== expected)
- throw new Error('bad value: ' + actual);
-}
-
-function test(object)
-{
- return "hello" in object;
-}
-noInline(test);
-
-var count = 0;
-var target = null;
-var key = null;
-var handler = {
- has(targetArg, keyArg) {
- ++count;
- target = targetArg;
- key = keyArg;
- return keyArg in targetArg;
- }
-};
-var targetObject = {};
-var proxy = new Proxy(targetObject, handler);
-for (var i = 0; i < 1e4; ++i) {
- shouldBe(count, i);
- shouldBe(test(proxy), false);
- shouldBe(target, targetObject);
- shouldBe(key, "hello");
-}
-targetObject.hello = 42;
-for (var i = 0; i < 1e4; ++i) {
- shouldBe(count, i + 1e4);
- shouldBe(test(proxy), true);
- shouldBe(target, targetObject);
- shouldBe(key, "hello");
-}
-delete targetObject.hello;
-for (var i = 0; i < 1e4; ++i) {
- shouldBe(count, i + 2e4);
- shouldBe(test(proxy), false);
- shouldBe(target, targetObject);
- shouldBe(key, "hello");
-}
Modified: trunk/Source/_javascript_Core/ChangeLog (232028 => 232029)
--- trunk/Source/_javascript_Core/ChangeLog 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-05-21 21:52:26 UTC (rev 232029)
@@ -1,3 +1,21 @@
+2018-05-21 Commit Queue <[email protected]>
+
+ Unreviewed, rolling out r231998 and r232017.
+ https://bugs.webkit.org/show_bug.cgi?id=185842
+
+ causes crashes on 32 JSC bot (Requested by realdawei on
+ #webkit).
+
+ Reverted changesets:
+
+ "[JSC] JSC should have consistent InById IC"
+ https://bugs.webkit.org/show_bug.cgi?id=185682
+ https://trac.webkit.org/changeset/231998
+
+ "Unreviewed, fix 32bit and scope release"
+ https://bugs.webkit.org/show_bug.cgi?id=185682
+ https://trac.webkit.org/changeset/232017
+
2018-05-21 Jer Noble <[email protected]>
Complete fix for enabling modern EME by default
Modified: trunk/Source/_javascript_Core/bytecode/AccessCase.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/bytecode/AccessCase.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/bytecode/AccessCase.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -118,9 +118,6 @@
case CacheType::PutByIdReplace:
return AccessCase::create(vm, owner, Replace, stubInfo.u.byIdSelf.offset, stubInfo.u.byIdSelf.baseObjectStructure.get());
- case CacheType::InByIdSelf:
- return AccessCase::create(vm, owner, InHit, stubInfo.u.byIdSelf.offset, stubInfo.u.byIdSelf.baseObjectStructure.get());
-
default:
return nullptr;
}
@@ -558,7 +555,10 @@
jit.move(baseGPR, valueGPR);
CCallHelpers::Label loop(&jit);
- failAndIgnore = jit.branchIfType(valueGPR, ProxyObjectType);
+ failAndIgnore = jit.branch8(
+ CCallHelpers::Equal,
+ CCallHelpers::Address(valueGPR, JSCell::typeInfoTypeOffset()),
+ CCallHelpers::TrustedImm32(ProxyObjectType));
jit.emitLoadStructure(vm, valueGPR, scratch2GPR, scratchGPR);
#if USE(JSVALUE64)
Modified: trunk/Source/_javascript_Core/bytecode/BytecodeDumper.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/bytecode/BytecodeDumper.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/bytecode/BytecodeDumper.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -551,60 +551,7 @@
#endif
}
-template<class Block>
-void BytecodeDumper<Block>::printInByIdCacheStatus(PrintStream& out, int location, const StubInfoMap& map)
-{
- const auto* instruction = instructionsBegin() + location;
-
- const Identifier& ident = identifier(instruction[3].u.operand);
-
- UNUSED_PARAM(ident); // tell the compiler to shut up in certain platform configurations.
-
#if ENABLE(JIT)
- if (StructureStubInfo* stubPtr = map.get(CodeOrigin(location))) {
- StructureStubInfo& stubInfo = *stubPtr;
- if (stubInfo.resetByGC)
- out.print(" (Reset By GC)");
-
- out.printf(" jit(");
-
- Structure* baseStructure = nullptr;
- PolymorphicAccess* stub = nullptr;
-
- switch (stubInfo.cacheType) {
- case CacheType::InByIdSelf:
- out.printf("self");
- baseStructure = stubInfo.u.byIdSelf.baseObjectStructure.get();
- break;
- case CacheType::Stub:
- out.printf("stub");
- stub = stubInfo.u.stub;
- break;
- case CacheType::Unset:
- out.printf("unset");
- break;
- default:
- RELEASE_ASSERT_NOT_REACHED();
- break;
- }
-
- if (baseStructure) {
- out.printf(", ");
- dumpStructure(out, "struct", baseStructure, ident);
- }
-
- if (stub)
- out.print(", ", *stub);
-
- out.printf(")");
- }
-#else
- UNUSED_PARAM(out);
- UNUSED_PARAM(map);
-#endif
-}
-
-#if ENABLE(JIT)
template<typename Block>
void BytecodeDumper<Block>::dumpCallLinkStatus(PrintStream&, unsigned, const CallLinkInfoMap&)
{
@@ -1065,17 +1012,8 @@
printUnaryOp(out, location, it, "is_function");
break;
}
- case op_in_by_id: {
- int r0 = (++it)->u.operand;
- int r1 = (++it)->u.operand;
- int id0 = (++it)->u.operand;
- printLocationAndOp(out, location, it, "in_by_id");
- out.printf("%s, %s, %s", registerName(r0).data(), registerName(r1).data(), idName(id0, identifier(id0)).data());
- printInByIdCacheStatus(out, location, stubInfos);
- break;
- }
- case op_in_by_val: {
- printBinaryOp(out, location, it, "in_by_val");
+ case op_in: {
+ printBinaryOp(out, location, it, "in");
dumpArrayProfiling(out, it, hasPrintedProfiling);
break;
}
Modified: trunk/Source/_javascript_Core/bytecode/BytecodeDumper.h (232028 => 232029)
--- trunk/Source/_javascript_Core/bytecode/BytecodeDumper.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/bytecode/BytecodeDumper.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -71,7 +71,6 @@
void printGetByIdOp(PrintStream& out, int location, const Instruction*& it);
void printGetByIdCacheStatus(PrintStream& out, int location, const StubInfoMap&);
void printPutByIdCacheStatus(PrintStream& out, int location, const StubInfoMap&);
- void printInByIdCacheStatus(PrintStream& out, int location, const StubInfoMap&);
enum CacheDumpMode { DumpCaches, DontDumpCaches };
void printCallOp(PrintStream& out, int location, const Instruction*& it, const char* op, CacheDumpMode, bool& hasPrintedProfiling, const CallLinkInfoMap&);
void printPutByIdOp(PrintStream& out, int location, const Instruction*& it, const char* op);
Modified: trunk/Source/_javascript_Core/bytecode/BytecodeList.json (232028 => 232029)
--- trunk/Source/_javascript_Core/bytecode/BytecodeList.json 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/bytecode/BytecodeList.json 2018-05-21 21:52:26 UTC (rev 232029)
@@ -80,8 +80,7 @@
{ "name" : "op_is_object_or_null", "length" : 3 },
{ "name" : "op_is_function", "length" : 3 },
{ "name" : "op_is_cell_with_type", "length" : 4 },
- { "name" : "op_in_by_val", "length" : 5 },
- { "name" : "op_in_by_id", "length" : 4 },
+ { "name" : "op_in", "length" : 5 },
{ "name" : "op_get_array_length", "length" : 9 },
{ "name" : "op_get_by_id", "length" : 9 },
{ "name" : "op_get_by_id_proto_load", "length" : 9 },
Modified: trunk/Source/_javascript_Core/bytecode/BytecodeUseDef.h (232028 => 232029)
--- trunk/Source/_javascript_Core/bytecode/BytecodeUseDef.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/bytecode/BytecodeUseDef.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -186,7 +186,6 @@
case op_get_by_id_unset:
case op_get_by_id_direct:
case op_get_array_length:
- case op_in_by_id:
case op_typeof:
case op_is_empty:
case op_is_undefined:
@@ -227,7 +226,7 @@
case op_enumerator_structure_pname:
case op_enumerator_generic_pname:
case op_get_by_val:
- case op_in_by_val:
+ case op_in:
case op_overrides_has_instance:
case op_instanceof:
case op_add:
@@ -455,8 +454,7 @@
case op_is_object_or_null:
case op_is_cell_with_type:
case op_is_function:
- case op_in_by_id:
- case op_in_by_val:
+ case op_in:
case op_to_number:
case op_to_string:
case op_to_object:
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -589,7 +589,7 @@
break;
}
- case op_in_by_val:
+ case op_in:
case op_put_by_val:
case op_put_by_val_direct: {
int arrayProfileIndex = pc[opLength - 1].u.operand;
Modified: trunk/Source/_javascript_Core/bytecode/InlineAccess.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/bytecode/InlineAccess.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/bytecode/InlineAccess.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -276,25 +276,6 @@
return linkedCodeInline;
}
-bool InlineAccess::generateSelfInAccess(StructureStubInfo& stubInfo, Structure* structure)
-{
- CCallHelpers jit;
-
- GPRReg base = static_cast<GPRReg>(stubInfo.patch.baseGPR);
- JSValueRegs value = stubInfo.valueRegs();
-
- auto branchToSlowPath = jit.patchableBranch32(
- MacroAssembler::NotEqual,
- MacroAssembler::Address(base, JSCell::structureIDOffset()),
- MacroAssembler::TrustedImm32(bitwise_cast<uint32_t>(structure->id())));
- jit.boxBooleanPayload(true, value.payloadGPR());
-
- bool linkedCodeInline = linkCodeInline("in access", jit, stubInfo, [&] (LinkBuffer& linkBuffer) {
- linkBuffer.link(branchToSlowPath, stubInfo.slowPathStartLocation());
- });
- return linkedCodeInline;
-}
-
void InlineAccess::rewireStubAsJump(StructureStubInfo& stubInfo, CodeLocationLabel<JITStubRoutinePtrTag> target)
{
CCallHelpers jit;
Modified: trunk/Source/_javascript_Core/bytecode/InlineAccess.h (232028 => 232029)
--- trunk/Source/_javascript_Core/bytecode/InlineAccess.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/bytecode/InlineAccess.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -116,7 +116,6 @@
static bool isCacheableArrayLength(StructureStubInfo&, JSArray*);
static bool generateArrayLength(StructureStubInfo&, JSArray*);
static void rewireStubAsJump(StructureStubInfo&, CodeLocationLabel<JITStubRoutinePtrTag>);
- static bool generateSelfInAccess(StructureStubInfo&, Structure*);
// This is helpful when determining the size of an IC on
// various platforms. When adding a new type of IC, implement
Modified: trunk/Source/_javascript_Core/bytecode/StructureStubInfo.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/bytecode/StructureStubInfo.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/bytecode/StructureStubInfo.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -82,15 +82,6 @@
u.byIdSelf.offset = offset;
}
-void StructureStubInfo::initInByIdSelf(CodeBlock* codeBlock, Structure* baseObjectStructure, PropertyOffset offset)
-{
- cacheType = CacheType::InByIdSelf;
-
- u.byIdSelf.baseObjectStructure.set(
- *codeBlock->vm(), codeBlock, baseObjectStructure);
- u.byIdSelf.offset = offset;
-}
-
void StructureStubInfo::deref()
{
switch (cacheType) {
@@ -100,7 +91,6 @@
case CacheType::Unset:
case CacheType::GetByIdSelf:
case CacheType::PutByIdReplace:
- case CacheType::InByIdSelf:
case CacheType::ArrayLength:
return;
}
@@ -117,7 +107,6 @@
case CacheType::Unset:
case CacheType::GetByIdSelf:
case CacheType::PutByIdReplace:
- case CacheType::InByIdSelf:
case CacheType::ArrayLength:
return;
}
@@ -248,7 +237,7 @@
resetPutByID(codeBlock, *this);
break;
case AccessType::In:
- resetInByID(codeBlock, *this);
+ resetIn(*this);
break;
case AccessType::InstanceOf:
resetInstanceOf(*this);
@@ -271,7 +260,6 @@
switch (cacheType) {
case CacheType::GetByIdSelf:
case CacheType::PutByIdReplace:
- case CacheType::InByIdSelf:
if (Heap::isMarked(u.byIdSelf.baseObjectStructure.get()))
return;
break;
@@ -295,7 +283,6 @@
return true;
case CacheType::GetByIdSelf:
case CacheType::PutByIdReplace:
- case CacheType::InByIdSelf:
return u.byIdSelf.baseObjectStructure->markIfCheap(visitor);
case CacheType::Stub:
return u.stub->propagateTransitions(visitor);
Modified: trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h (232028 => 232029)
--- trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -58,7 +58,6 @@
Unset,
GetByIdSelf,
PutByIdReplace,
- InByIdSelf,
Stub,
ArrayLength
};
@@ -73,7 +72,6 @@
void initGetByIdSelf(CodeBlock*, Structure* baseObjectStructure, PropertyOffset);
void initArrayLength();
void initPutByIdReplace(CodeBlock*, Structure* baseObjectStructure, PropertyOffset);
- void initInByIdSelf(CodeBlock*, Structure* baseObjectStructure, PropertyOffset);
AccessGenerationResult addAccessCase(const GCSafeConcurrentJSLocker&, CodeBlock*, const Identifier&, std::unique_ptr<AccessCase>);
@@ -178,7 +176,7 @@
StructureSet bufferedStructures;
struct {
- CodeLocationLabel<JITStubRoutinePtrTag> start; // This is either the start of the inline IC for *byId caches. or the location of patchable jump for 'instanceof' caches.
+ CodeLocationLabel<JITStubRoutinePtrTag> start; // This is either the start of the inline IC for *byId caches, or the location of patchable jump for 'in' and 'instanceof' caches.
RegisterSet usedRegisters;
uint32_t inlineSize;
int32_t deltaFromStartToSlowPathCallLocation;
@@ -199,7 +197,7 @@
CodeLocationLabel<JITStubRoutinePtrTag> slowPathStartLocation() { return patch.start.labelAtOffset(patch.deltaFromStartToSlowPathStart); }
CodeLocationJump<JSInternalPtrTag> patchableJump()
{
- ASSERT(accessType == AccessType::InstanceOf);
+ ASSERT(accessType == AccessType::In || accessType == AccessType::InstanceOf);
return patch.start.jumpAtOffset<JSInternalPtrTag>(0);
}
Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -2667,10 +2667,10 @@
return dst;
}
-RegisterID* BytecodeGenerator::emitInByVal(RegisterID* dst, RegisterID* property, RegisterID* base)
+RegisterID* BytecodeGenerator::emitIn(RegisterID* dst, RegisterID* property, RegisterID* base)
{
UnlinkedArrayProfile arrayProfile = newArrayProfile();
- emitOpcode(op_in_by_val);
+ emitOpcode(op_in);
instructions().append(dst->index());
instructions().append(base->index());
instructions().append(property->index());
@@ -2678,15 +2678,6 @@
return dst;
}
-RegisterID* BytecodeGenerator::emitInById(RegisterID* dst, RegisterID* base, const Identifier& property)
-{
- emitOpcode(op_in_by_id);
- instructions().append(dst->index());
- instructions().append(base->index());
- instructions().append(addConstant(property));
- return dst;
-}
-
RegisterID* BytecodeGenerator::emitTryGetById(RegisterID* dst, RegisterID* base, const Identifier& property)
{
ASSERT_WITH_MESSAGE(!parseIndex(property), "Indexed properties are not supported with tryGetById.");
Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h (232028 => 232029)
--- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -694,8 +694,7 @@
RegisterID* emitInstanceOf(RegisterID* dst, RegisterID* value, RegisterID* basePrototype);
RegisterID* emitInstanceOfCustom(RegisterID* dst, RegisterID* value, RegisterID* constructor, RegisterID* hasInstanceValue);
RegisterID* emitTypeOf(RegisterID* dst, RegisterID* src) { return emitUnaryOp(op_typeof, dst, src); }
- RegisterID* emitInByVal(RegisterID* dst, RegisterID* property, RegisterID* base);
- RegisterID* emitInById(RegisterID* dst, RegisterID* base, const Identifier& property);
+ RegisterID* emitIn(RegisterID* dst, RegisterID* property, RegisterID* base);
RegisterID* emitTryGetById(RegisterID* dst, RegisterID* base, const Identifier& property);
RegisterID* emitGetById(RegisterID* dst, RegisterID* base, const Identifier& property);
Modified: trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -2280,16 +2280,10 @@
RegisterID* InNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
{
- if (isNonIndexStringElement(*m_expr1)) {
- RefPtr<RegisterID> base = generator.emitNode(m_expr2);
- generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
- return generator.emitInById(generator.finalDestination(dst, base.get()), base.get(), static_cast<StringNode*>(m_expr1)->value());
- }
-
RefPtr<RegisterID> key = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator));
RefPtr<RegisterID> base = generator.emitNode(m_expr2);
generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
- return generator.emitInByVal(generator.finalDestination(dst, key.get()), key.get(), base.get());
+ return generator.emitIn(generator.finalDestination(dst, key.get()), key.get(), base.get());
}
Modified: trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -3259,34 +3259,14 @@
clobberWorld();
break;
- case InById: {
+ case In: {
// FIXME: We can determine when the property definitely exists based on abstract
// value information.
clobberWorld();
- filter(node->child1(), SpecObject);
setNonCellTypeForNode(node, SpecBoolean);
break;
}
- case InByVal: {
- AbstractValue& property = forNode(node->child2());
- if (JSValue constant = property.value()) {
- if (constant.isString()) {
- JSString* string = asString(constant);
- const StringImpl* impl = string->tryGetValueImpl();
- if (impl && impl->isAtomic())
- m_state.setFoundConstants(true);
- }
- }
-
- // FIXME: We can determine when the property definitely exists based on abstract
- // value information.
- clobberWorld();
- filter(node->child1(), SpecObject);
- setNonCellTypeForNode(node, SpecBoolean);
- break;
- }
-
case HasOwnProperty: {
clobberWorld();
setNonCellTypeForNode(node, SpecBoolean);
Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -6392,22 +6392,13 @@
NEXT_OPCODE(op_to_object);
}
- case op_in_by_val: {
- ArrayMode arrayMode = getArrayMode(currentInstruction[OPCODE_LENGTH(op_in_by_val) - 1].u.arrayProfile);
+ case op_in: {
+ ArrayMode arrayMode = getArrayMode(currentInstruction[OPCODE_LENGTH(op_in) - 1].u.arrayProfile);
set(VirtualRegister(currentInstruction[1].u.operand),
- addToGraph(InByVal, OpInfo(arrayMode.asWord()), get(VirtualRegister(currentInstruction[2].u.operand)), get(VirtualRegister(currentInstruction[3].u.operand))));
- NEXT_OPCODE(op_in_by_val);
+ addToGraph(In, OpInfo(arrayMode.asWord()), get(VirtualRegister(currentInstruction[2].u.operand)), get(VirtualRegister(currentInstruction[3].u.operand))));
+ NEXT_OPCODE(op_in);
}
- case op_in_by_id: {
- Node* base = get(VirtualRegister(currentInstruction[2].u.operand));
- unsigned identifierNumber = m_inlineStackTop->m_identifierRemap[currentInstruction[3].u.operand];
- set(VirtualRegister(currentInstruction[1].u.operand),
- addToGraph(InById, OpInfo(identifierNumber), base));
- NEXT_OPCODE(op_in_by_id);
- break;
- }
-
case op_get_enumerable_length: {
set(VirtualRegister(currentInstruction[1].u.operand), addToGraph(GetEnumerableLength,
get(VirtualRegister(currentInstruction[2].u.operand))));
Modified: trunk/Source/_javascript_Core/dfg/DFGCapabilities.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGCapabilities.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGCapabilities.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -236,8 +236,7 @@
case op_to_object:
case op_switch_imm:
case op_switch_char:
- case op_in_by_val:
- case op_in_by_id:
+ case op_in:
case op_get_scope:
case op_get_from_scope:
case op_get_enumerable_length:
Modified: trunk/Source/_javascript_Core/dfg/DFGClobberize.h (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGClobberize.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGClobberize.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -623,8 +623,7 @@
case ConstructVarargs:
case ConstructForwardVarargs:
case ToPrimitive:
- case InByVal:
- case InById:
+ case In:
case HasOwnProperty:
case ValueAdd:
case SetFunctionName:
Modified: trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -651,23 +651,6 @@
break;
}
- case InByVal: {
- AbstractValue& property = m_state.forNode(node->child2());
- if (JSValue constant = property.value()) {
- if (constant.isString()) {
- JSString* string = asString(constant);
- const StringImpl* impl = string->tryGetValueImpl();
- if (impl && impl->isAtomic()) {
- unsigned identifierNumber = m_graph.identifiers().ensure(const_cast<UniquedStringImpl*>(static_cast<const UniquedStringImpl*>(impl)));
- node->convertToInById(identifierNumber);
- changed = true;
- break;
- }
- }
- }
- break;
- }
-
case ToPrimitive: {
if (m_state.forNode(node->child1()).m_type & ~(SpecFullNumber | SpecBoolean | SpecString | SpecSymbol | SpecBigInt))
break;
Modified: trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -193,8 +193,7 @@
case CallStringConstructor:
case NumberToStringWithRadix:
case NumberToStringWithValidRadixConstant:
- case InByVal:
- case InById:
+ case In:
case HasOwnProperty:
case Jump:
case Branch:
Modified: trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -1476,12 +1476,7 @@
fixEdge<CellUse>(node->child2());
break;
- case InById: {
- fixEdge<CellUse>(node->child1());
- break;
- }
-
- case InByVal: {
+ case In: {
if (node->child2()->shouldSpeculateInt32()) {
convertToHasIndexedProperty(node);
break;
Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -265,9 +265,26 @@
finalizeInlineCaches(m_getByIds, linkBuffer);
finalizeInlineCaches(m_getByIdsWithThis, linkBuffer);
finalizeInlineCaches(m_putByIds, linkBuffer);
- finalizeInlineCaches(m_inByIds, linkBuffer);
finalizeInlineCaches(m_instanceOfs, linkBuffer);
+ for (unsigned i = 0; i < m_ins.size(); ++i) {
+ StructureStubInfo& info = *m_ins[i].m_stubInfo;
+
+ CodeLocationLabel<JITStubRoutinePtrTag> start = linkBuffer.locationOf<JITStubRoutinePtrTag>(m_ins[i].m_jump);
+ info.patch.start = start;
+
+ ptrdiff_t inlineSize = MacroAssembler::differenceBetweenCodePtr(
+ start, linkBuffer.locationOf<JSInternalPtrTag>(m_ins[i].m_done));
+ RELEASE_ASSERT(inlineSize >= 0);
+ info.patch.inlineSize = inlineSize;
+
+ info.patch.deltaFromStartToSlowPathCallLocation = MacroAssembler::differenceBetweenCodePtr(
+ start, linkBuffer.locationOf<JSInternalPtrTag>(m_ins[i].m_slowPathGenerator->call()));
+
+ info.patch.deltaFromStartToSlowPathStart = MacroAssembler::differenceBetweenCodePtr(
+ start, linkBuffer.locationOf<JSInternalPtrTag>(m_ins[i].m_slowPathGenerator->label()));
+ }
+
auto linkCallThunk = FunctionPtr<NoPtrTag>(vm()->getCTIStub(linkCallThunkGenerator).retaggedCode<NoPtrTag>());
for (auto& record : m_jsCalls) {
CallLinkInfo& info = *record.info;
Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler.h (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGJITCompiler.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCompiler.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -76,6 +76,23 @@
FunctionPtr<OperationPtrTag> m_function;
};
+struct InRecord {
+ InRecord(
+ MacroAssembler::PatchableJump jump, MacroAssembler::Label done,
+ SlowPathGenerator* slowPathGenerator, StructureStubInfo* stubInfo)
+ : m_jump(jump)
+ , m_done(done)
+ , m_slowPathGenerator(slowPathGenerator)
+ , m_stubInfo(stubInfo)
+ {
+ }
+
+ MacroAssembler::PatchableJump m_jump;
+ MacroAssembler::Label m_done;
+ SlowPathGenerator* m_slowPathGenerator;
+ StructureStubInfo* m_stubInfo;
+};
+
// === JITCompiler ===
//
// DFG::JITCompiler is responsible for generating JIT code from the dataflow graph.
@@ -192,11 +209,11 @@
m_instanceOfs.append(InlineCacheWrapper<JITInstanceOfGenerator>(gen, slowPath));
}
- void addInById(const JITInByIdGenerator& gen, SlowPathGenerator* slowPath)
+ void addIn(const InRecord& record)
{
- m_inByIds.append(InlineCacheWrapper<JITInByIdGenerator>(gen, slowPath));
+ m_ins.append(record);
}
-
+
void addJSCall(Call fastCall, Call slowCall, DataLabelPtr targetToCheck, CallLinkInfo* info)
{
m_jsCalls.append(JSCallRecord(fastCall, slowCall, targetToCheck, info));
@@ -342,8 +359,8 @@
Vector<InlineCacheWrapper<JITGetByIdGenerator>, 4> m_getByIds;
Vector<InlineCacheWrapper<JITGetByIdWithThisGenerator>, 4> m_getByIdsWithThis;
Vector<InlineCacheWrapper<JITPutByIdGenerator>, 4> m_putByIds;
- Vector<InlineCacheWrapper<JITInByIdGenerator>, 4> m_inByIds;
Vector<InlineCacheWrapper<JITInstanceOfGenerator>, 4> m_instanceOfs;
+ Vector<InRecord, 4> m_ins;
Vector<JSCallRecord, 4> m_jsCalls;
Vector<JSDirectCallRecord, 4> m_jsDirectCalls;
Vector<JSDirectTailCallRecord, 4> m_jsDirectTailCalls;
Modified: trunk/Source/_javascript_Core/dfg/DFGNode.h (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGNode.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGNode.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -752,15 +752,6 @@
setOp(SetRegExpObjectLastIndex);
m_opInfo = false;
}
-
- void convertToInById(unsigned identifierNumber)
- {
- ASSERT(m_op == InByVal);
- setOpAndDefaultFlags(InById);
- children.setChild2(Edge());
- m_opInfo = identifierNumber;
- m_opInfo2 = OpInfoWrapper();
- }
JSValue asJSValue()
{
@@ -1028,7 +1019,6 @@
case PutSetterById:
case PutGetterSetterById:
case DeleteById:
- case InById:
case GetDynamicVar:
case PutDynamicVar:
case ResolveScopeForHoistingFuncDeclInEval:
@@ -1997,7 +1987,7 @@
case GetIndexedPropertyStorage:
case GetArrayLength:
case GetVectorLength:
- case InByVal:
+ case In:
case PutByValDirect:
case PutByVal:
case PutByValAlias:
Modified: trunk/Source/_javascript_Core/dfg/DFGNodeType.h (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGNodeType.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGNodeType.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -370,8 +370,7 @@
macro(NumberToStringWithValidRadixConstant, NodeResultJS) \
macro(NewStringObject, NodeResultJS) \
macro(MakeRope, NodeResultJS) \
- macro(InByVal, NodeResultBoolean | NodeMustGenerate) \
- macro(InById, NodeResultBoolean | NodeMustGenerate) \
+ macro(In, NodeResultBoolean | NodeMustGenerate) \
macro(ProfileType, NodeMustGenerate) \
macro(ProfileControlFlow, NodeMustGenerate) \
macro(SetFunctionName, NodeMustGenerate) \
Modified: trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -981,8 +981,7 @@
setPrediction(SpecObjectOther);
break;
- case InByVal:
- case InById:
+ case In:
setPrediction(SpecBoolean);
break;
Modified: trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -332,8 +332,7 @@
case CallStringConstructor:
case NewStringObject:
case MakeRope:
- case InByVal:
- case InById:
+ case In:
case HasOwnProperty:
case PushWithScope:
case CreateActivation:
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -1056,52 +1056,67 @@
}
}
-void SpeculativeJIT::compileInById(Node* node)
+void SpeculativeJIT::compileIn(Node* node)
{
SpeculateCellOperand base(this, node->child1());
- JSValueRegsTemporary result(this, Reuse, base, PayloadWord);
-
GPRReg baseGPR = base.gpr();
- JSValueRegs resultRegs = result.regs();
+
+ if (JSString* string = node->child2()->dynamicCastConstant<JSString*>(*m_jit.vm())) {
+ if (string->tryGetValueImpl() && string->tryGetValueImpl()->isAtomic()) {
+ StructureStubInfo* stubInfo = m_jit.codeBlock()->addStubInfo(AccessType::In);
+
+ GPRTemporary result(this);
+ GPRReg resultGPR = result.gpr();
- base.use();
+ use(node->child2());
+
+ MacroAssembler::PatchableJump jump = m_jit.patchableJump();
+ MacroAssembler::Label done = m_jit.label();
+
+ // Since this block is executed only when the result of string->tryGetValueImpl() is atomic,
+ // we can cast it to const AtomicStringImpl* safely.
+ auto slowPath = slowPathCall(
+ jump.m_jump, this, operationInOptimize,
+ JSValueRegs::payloadOnly(resultGPR), stubInfo, baseGPR,
+ static_cast<const AtomicStringImpl*>(string->tryGetValueImpl()));
+
+ stubInfo->callSiteIndex = m_jit.addCallSite(node->origin.semantic);
+ stubInfo->codeOrigin = node->origin.semantic;
+ stubInfo->patch.baseGPR = static_cast<int8_t>(baseGPR);
+ stubInfo->patch.valueGPR = static_cast<int8_t>(resultGPR);
+ stubInfo->patch.thisGPR = static_cast<int8_t>(InvalidGPRReg);
+#if USE(JSVALUE32_64)
+ stubInfo->patch.valueTagGPR = static_cast<int8_t>(InvalidGPRReg);
+ stubInfo->patch.baseTagGPR = static_cast<int8_t>(InvalidGPRReg);
+ stubInfo->patch.thisTagGPR = static_cast<int8_t>(InvalidGPRReg);
+#endif
+ stubInfo->patch.usedRegisters = usedRegisters();
- CodeOrigin codeOrigin = node->origin.semantic;
- CallSiteIndex callSite = m_jit.recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded(codeOrigin, m_stream->size());
- RegisterSet usedRegisters = this->usedRegisters();
- JITInByIdGenerator gen(
- m_jit.codeBlock(), codeOrigin, callSite, usedRegisters, identifierUID(node->identifierNumber()),
- JSValueRegs::payloadOnly(baseGPR), resultRegs);
- gen.generateFastPath(m_jit);
+ m_jit.addIn(InRecord(jump, done, slowPath.get(), stubInfo));
+ addSlowPathGenerator(WTFMove(slowPath));
- auto slowPath = slowPathCall(
- gen.slowPathJump(), this, operationInByIdOptimize,
- NeedToSpill, ExceptionCheckRequirement::CheckNeeded,
- resultRegs, gen.stubInfo(), CCallHelpers::CellValue(baseGPR), identifierUID(node->identifierNumber()));
+ base.use();
- m_jit.addInById(gen, slowPath.get());
- addSlowPathGenerator(WTFMove(slowPath));
+ blessedBooleanResult(resultGPR, node, UseChildrenCalledExplicitly);
+ return;
+ }
+ }
- blessedBooleanResult(resultRegs.payloadGPR(), node, UseChildrenCalledExplicitly);
-}
-
-void SpeculativeJIT::compileInByVal(Node* node)
-{
- SpeculateCellOperand base(this, node->child1());
JSValueOperand key(this, node->child2());
-
- GPRReg baseGPR = base.gpr();
JSValueRegs regs = key.jsValueRegs();
-
+
+ GPRFlushedCallResult result(this);
+ GPRReg resultGPR = result.gpr();
+
base.use();
key.use();
-
+
flushRegisters();
- JSValueRegsFlushedCallResult result(this);
- JSValueRegs resultRegs = result.regs();
- callOperation(operationInByVal, resultRegs, baseGPR, regs);
+ callOperation(
+ operationGenericIn, extractResult(JSValueRegs::payloadOnly(resultGPR)),
+ baseGPR, regs);
m_jit.exceptionCheck();
- blessedBooleanResult(resultRegs.payloadGPR(), node, UseChildrenCalledExplicitly);
+ blessedBooleanResult(resultGPR, node, UseChildrenCalledExplicitly);
}
void SpeculativeJIT::compileDeleteById(Node* node)
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -735,8 +735,7 @@
void compilePushWithScope(Node*);
void compileGetById(Node*, AccessType);
void compileGetByIdFlush(Node*, AccessType);
- void compileInById(Node*);
- void compileInByVal(Node*);
+ void compileIn(Node*);
void nonSpeculativeNonPeepholeCompareNullOrUndefined(Edge operand);
void nonSpeculativePeepholeBranchNullOrUndefined(Edge operand, Node* branchNode);
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -3756,14 +3756,10 @@
compileSetFunctionName(node);
break;
- case InById:
- compileInById(node);
+ case In:
+ compileIn(node);
break;
- case InByVal:
- compileInByVal(node);
- break;
-
case HasOwnProperty: {
#if CPU(X86)
ASSERT(node->child2().useKind() == UntypedUse);
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -4306,14 +4306,10 @@
compileSetFunctionName(node);
break;
- case InById:
- compileInById(node);
+ case In:
+ compileIn(node);
break;
- case InByVal:
- compileInByVal(node);
- break;
-
case HasOwnProperty: {
SpeculateCellOperand object(this, node->child1());
GPRTemporary uniquedStringImpl(this);
Modified: trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -205,8 +205,7 @@
case Throw:
case ThrowStaticError:
case Unreachable:
- case InByVal:
- case InById:
+ case In:
case HasOwnProperty:
case IsCellWithType:
case MapHash:
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -708,12 +708,9 @@
case GetByIdDirectFlush:
compileGetById(AccessType::GetDirect);
break;
- case InById:
- compileInById();
+ case In:
+ compileIn();
break;
- case InByVal:
- compileInByVal();
- break;
case HasOwnProperty:
compileHasOwnProperty();
break;
@@ -9716,70 +9713,87 @@
setJSValue(m_out.phi(Int64, results));
}
- void compileInByVal()
+ void compileIn()
{
- setJSValue(vmCall(Int64, m_out.operation(operationInByVal), m_callFrame, lowCell(m_node->child1()), lowJSValue(m_node->child2())));
- }
+ DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == CellUse, m_node->child1().useKind());
- void compileInById()
- {
Node* node = m_node;
- UniquedStringImpl* uid = m_graph.identifiers()[node->identifierNumber()];
- LValue base = lowCell(m_node->child1());
+ Edge base = node->child1();
+ LValue cell = lowCell(base);
+ if (JSString* string = node->child2()->dynamicCastConstant<JSString*>(vm())) {
+ if (string->tryGetValueImpl() && string->tryGetValueImpl()->isAtomic()) {
+ UniquedStringImpl* str = bitwise_cast<UniquedStringImpl*>(string->tryGetValueImpl());
+ PatchpointValue* patchpoint = m_out.patchpoint(Int64);
+ patchpoint->appendSomeRegister(cell);
+ patchpoint->append(m_tagMask, ValueRep::lateReg(GPRInfo::tagMaskRegister));
+ patchpoint->append(m_tagTypeNumber, ValueRep::lateReg(GPRInfo::tagTypeNumberRegister));
+ patchpoint->clobber(RegisterSet::macroScratchRegisters());
- PatchpointValue* patchpoint = m_out.patchpoint(Int64);
- patchpoint->appendSomeRegister(base);
- patchpoint->append(m_tagMask, ValueRep::lateReg(GPRInfo::tagMaskRegister));
- patchpoint->append(m_tagTypeNumber, ValueRep::lateReg(GPRInfo::tagTypeNumberRegister));
+ RefPtr<PatchpointExceptionHandle> exceptionHandle = preparePatchpointForExceptions(patchpoint);
- patchpoint->clobber(RegisterSet::macroScratchRegisters());
+ State* state = &m_ftlState;
+ patchpoint->setGenerator(
+ [=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
+ AllowMacroScratchRegisterUsage allowScratch(jit);
- RefPtr<PatchpointExceptionHandle> exceptionHandle =
- preparePatchpointForExceptions(patchpoint);
+ // This is the direct exit target for operation calls. We don't need a JS exceptionHandle because we don't
+ // cache Proxy objects.
+ Box<CCallHelpers::JumpList> exceptions = exceptionHandle->scheduleExitCreation(params)->jumps(jit);
- State* state = &m_ftlState;
- patchpoint->setGenerator(
- [=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
- AllowMacroScratchRegisterUsage allowScratch(jit);
+ GPRReg baseGPR = params[1].gpr();
+ GPRReg resultGPR = params[0].gpr();
- CallSiteIndex callSiteIndex =
- state->jitCode->common.addUniqueCallSiteIndex(node->origin.semantic);
+ StructureStubInfo* stubInfo =
+ jit.codeBlock()->addStubInfo(AccessType::In);
+ stubInfo->callSiteIndex =
+ state->jitCode->common.addCodeOrigin(node->origin.semantic);
+ stubInfo->codeOrigin = node->origin.semantic;
+ stubInfo->patch.baseGPR = static_cast<int8_t>(baseGPR);
+ stubInfo->patch.valueGPR = static_cast<int8_t>(resultGPR);
+ stubInfo->patch.thisGPR = static_cast<int8_t>(InvalidGPRReg);
+ stubInfo->patch.usedRegisters = params.unavailableRegisters();
- // This is the direct exit target for operation calls.
- Box<CCallHelpers::JumpList> exceptions =
- exceptionHandle->scheduleExitCreation(params)->jumps(jit);
+ CCallHelpers::PatchableJump jump = jit.patchableJump();
+ CCallHelpers::Label done = jit.label();
- auto generator = Box<JITInByIdGenerator>::create(
- jit.codeBlock(), node->origin.semantic, callSiteIndex,
- params.unavailableRegisters(), uid, JSValueRegs(params[1].gpr()),
- JSValueRegs(params[0].gpr()));
+ params.addLatePath(
+ [=] (CCallHelpers& jit) {
+ AllowMacroScratchRegisterUsage allowScratch(jit);
- generator->generateFastPath(jit);
- CCallHelpers::Label done = jit.label();
+ jump.m_jump.link(&jit);
+ CCallHelpers::Label slowPathBegin = jit.label();
+ CCallHelpers::Call slowPathCall = callOperation(
+ *state, params.unavailableRegisters(), jit,
+ node->origin.semantic, exceptions.get(), operationInOptimize,
+ resultGPR, CCallHelpers::TrustedImmPtr(stubInfo), baseGPR,
+ CCallHelpers::TrustedImmPtr(str)).call();
+ jit.jump().linkTo(done, &jit);
- params.addLatePath(
- [=] (CCallHelpers& jit) {
- AllowMacroScratchRegisterUsage allowScratch(jit);
+ jit.addLinkTask(
+ [=] (LinkBuffer& linkBuffer) {
+ CodeLocationLabel<JITStubRoutinePtrTag> start = linkBuffer.locationOf<JITStubRoutinePtrTag>(jump);
+ stubInfo->patch.start = start;
+ ptrdiff_t inlineSize = MacroAssembler::differenceBetweenCodePtr(
+ start, linkBuffer.locationOf<NoPtrTag>(done));
+ RELEASE_ASSERT(inlineSize >= 0);
+ stubInfo->patch.inlineSize = inlineSize;
- generator->slowPathJump().link(&jit);
- CCallHelpers::Label slowPathBegin = jit.label();
- CCallHelpers::Call slowPathCall = callOperation(
- *state, params.unavailableRegisters(), jit, node->origin.semantic,
- exceptions.get(), operationInByIdOptimize, params[0].gpr(),
- CCallHelpers::TrustedImmPtr(generator->stubInfo()), params[1].gpr(),
- CCallHelpers::TrustedImmPtr(uid)).call();
- jit.jump().linkTo(done, &jit);
+ stubInfo->patch.deltaFromStartToSlowPathCallLocation = MacroAssembler::differenceBetweenCodePtr(
+ start, linkBuffer.locationOf<NoPtrTag>(slowPathCall));
- generator->reportSlowPathCall(slowPathBegin, slowPathCall);
+ stubInfo->patch.deltaFromStartToSlowPathStart = MacroAssembler::differenceBetweenCodePtr(
+ start, linkBuffer.locationOf<NoPtrTag>(slowPathBegin));
- jit.addLinkTask(
- [=] (LinkBuffer& linkBuffer) {
- generator->finalize(linkBuffer, linkBuffer);
+ });
});
});
- });
- setJSValue(patchpoint);
+ setJSValue(patchpoint);
+ return;
+ }
+ }
+
+ setJSValue(vmCall(Int64, m_out.operation(operationGenericIn), m_callFrame, cell, lowJSValue(m_node->child2())));
}
void compileHasOwnProperty()
Modified: trunk/Source/_javascript_Core/jit/ICStats.h (232028 => 232029)
--- trunk/Source/_javascript_Core/jit/ICStats.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/jit/ICStats.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -50,10 +50,9 @@
macro(OperationGetByIdBuildList) \
macro(OperationGetByIdOptimize) \
macro(OperationGetByIdWithThisOptimize) \
+ macro(OperationInOptimize) \
+ macro(OperationIn) \
macro(OperationGenericIn) \
- macro(OperationInById) \
- macro(OperationInByIdGeneric) \
- macro(OperationInByIdOptimize) \
macro(OperationPutByIdStrict) \
macro(OperationPutByIdNonStrict) \
macro(OperationPutByIdDirectStrict) \
@@ -68,8 +67,7 @@
macro(OperationPutByIdDirectNonStrictBuildList) \
macro(PutByIdAddAccessCase) \
macro(PutByIdReplaceWithJump) \
- macro(PutByIdSelfPatch) \
- macro(InByIdSelfPatch)
+ macro(PutByIdSelfPatch)
class ICEvent {
public:
Modified: trunk/Source/_javascript_Core/jit/JIT.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/jit/JIT.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/jit/JIT.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -78,6 +78,11 @@
, m_interpreter(vm->interpreter)
, m_labels(codeBlock ? codeBlock->numberOfInstructions() : 0)
, m_bytecodeOffset(std::numeric_limits<unsigned>::max())
+ , m_getByIdIndex(UINT_MAX)
+ , m_getByIdWithThisIndex(UINT_MAX)
+ , m_putByIdIndex(UINT_MAX)
+ , m_byValInstructionIndex(UINT_MAX)
+ , m_callLinkInfoIndex(UINT_MAX)
, m_pcToCodeOriginMapBuilder(*vm)
, m_canBeOptimized(false)
, m_shouldEmitProfiling(false)
@@ -272,7 +277,7 @@
unsigned bytecodeOffset = m_bytecodeOffset;
switch (opcodeID) {
- DEFINE_SLOW_OP(in_by_val)
+ DEFINE_SLOW_OP(in)
DEFINE_SLOW_OP(less)
DEFINE_SLOW_OP(lesseq)
DEFINE_SLOW_OP(greater)
@@ -336,7 +341,6 @@
DEFINE_OP(op_below)
DEFINE_OP(op_beloweq)
DEFINE_OP(op_try_get_by_id)
- DEFINE_OP(op_in_by_id)
case op_get_array_length:
case op_get_by_id_proto_load:
case op_get_by_id_unset:
@@ -474,7 +478,6 @@
m_getByIdIndex = 0;
m_getByIdWithThisIndex = 0;
m_putByIdIndex = 0;
- m_inByIdIndex = 0;
m_instanceOfIndex = 0;
m_byValInstructionIndex = 0;
m_callLinkInfoIndex = 0;
@@ -518,7 +521,6 @@
DEFINE_SLOWCASE_OP(op_construct)
DEFINE_SLOWCASE_OP(op_eq)
DEFINE_SLOWCASE_OP(op_try_get_by_id)
- DEFINE_SLOWCASE_OP(op_in_by_id)
case op_get_array_length:
case op_get_by_id_proto_load:
case op_get_by_id_unset:
@@ -598,7 +600,6 @@
RELEASE_ASSERT(m_getByIdIndex == m_getByIds.size());
RELEASE_ASSERT(m_getByIdWithThisIndex == m_getByIdsWithThis.size());
RELEASE_ASSERT(m_putByIdIndex == m_putByIds.size());
- RELEASE_ASSERT(m_inByIdIndex == m_inByIds.size());
RELEASE_ASSERT(m_instanceOfIndex == m_instanceOfs.size());
RELEASE_ASSERT(m_callLinkInfoIndex == m_callCompilationInfo.size());
RELEASE_ASSERT(numberOfValueProfiles == m_codeBlock->numberOfValueProfiles());
@@ -841,7 +842,6 @@
finalizeInlineCaches(m_getByIds, patchBuffer);
finalizeInlineCaches(m_getByIdsWithThis, patchBuffer);
finalizeInlineCaches(m_putByIds, patchBuffer);
- finalizeInlineCaches(m_inByIds, patchBuffer);
finalizeInlineCaches(m_instanceOfs, patchBuffer);
if (m_byValCompilationInfo.size()) {
Modified: trunk/Source/_javascript_Core/jit/JIT.h (232028 => 232029)
--- trunk/Source/_javascript_Core/jit/JIT.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/jit/JIT.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -500,7 +500,6 @@
void emit_op_get_arguments_length(Instruction*);
void emit_op_get_by_val(Instruction*);
void emit_op_get_argument_by_val(Instruction*);
- void emit_op_in_by_id(Instruction*);
void emit_op_init_lazy_reg(Instruction*);
void emit_op_overrides_has_instance(Instruction*);
void emit_op_instanceof(Instruction*);
@@ -612,7 +611,6 @@
void emitSlow_op_get_arguments_length(Instruction*, Vector<SlowCaseEntry>::iterator&);
void emitSlow_op_get_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&);
void emitSlow_op_get_argument_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&);
- void emitSlow_op_in_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&);
void emitSlow_op_instanceof(Instruction*, Vector<SlowCaseEntry>::iterator&);
void emitSlow_op_instanceof_custom(Instruction*, Vector<SlowCaseEntry>::iterator&);
void emitSlow_op_jless(Instruction*, Vector<SlowCaseEntry>::iterator&);
@@ -867,7 +865,6 @@
Vector<JITGetByIdGenerator> m_getByIds;
Vector<JITGetByIdWithThisGenerator> m_getByIdsWithThis;
Vector<JITPutByIdGenerator> m_putByIds;
- Vector<JITInByIdGenerator> m_inByIds;
Vector<JITInstanceOfGenerator> m_instanceOfs;
Vector<ByValCompilationInfo> m_byValCompilationInfo;
Vector<CallCompilationInfo> m_callCompilationInfo;
@@ -881,13 +878,12 @@
JumpList m_exceptionChecksWithCallFrameRollback;
Label m_exceptionHandler;
- unsigned m_getByIdIndex { UINT_MAX };
- unsigned m_getByIdWithThisIndex { UINT_MAX };
- unsigned m_putByIdIndex { UINT_MAX };
- unsigned m_inByIdIndex { UINT_MAX };
- unsigned m_instanceOfIndex { UINT_MAX };
- unsigned m_byValInstructionIndex { UINT_MAX };
- unsigned m_callLinkInfoIndex { UINT_MAX };
+ unsigned m_getByIdIndex;
+ unsigned m_getByIdWithThisIndex;
+ unsigned m_putByIdIndex;
+ unsigned m_instanceOfIndex;
+ unsigned m_byValInstructionIndex;
+ unsigned m_callLinkInfoIndex;
Label m_arityCheck;
std::unique_ptr<LinkBuffer> m_linkBuffer;
Modified: trunk/Source/_javascript_Core/jit/JITInlineCacheGenerator.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/jit/JITInlineCacheGenerator.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/jit/JITInlineCacheGenerator.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -166,21 +166,6 @@
return operationPutByIdNonStrictOptimize;
}
-JITInByIdGenerator::JITInByIdGenerator(
- CodeBlock* codeBlock, CodeOrigin codeOrigin, CallSiteIndex callSite, const RegisterSet& usedRegisters,
- UniquedStringImpl* propertyName, JSValueRegs base, JSValueRegs value)
- : JITByIdGenerator(codeBlock, codeOrigin, callSite, AccessType::In, usedRegisters, base, value)
-{
- // FIXME: We are not supporting fast path for "length" property.
- UNUSED_PARAM(propertyName);
- RELEASE_ASSERT(base.payloadGPR() != value.tagGPR());
-}
-
-void JITInByIdGenerator::generateFastPath(MacroAssembler& jit)
-{
- generateFastCommon(jit, InlineAccess::sizeForPropertyAccess());
-}
-
JITInstanceOfGenerator::JITInstanceOfGenerator(
CodeBlock* codeBlock, CodeOrigin codeOrigin, CallSiteIndex callSiteIndex,
const RegisterSet& usedRegisters, GPRReg result, GPRReg value, GPRReg prototype,
Modified: trunk/Source/_javascript_Core/jit/JITInlineCacheGenerator.h (232028 => 232029)
--- trunk/Source/_javascript_Core/jit/JITInlineCacheGenerator.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/jit/JITInlineCacheGenerator.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -143,17 +143,6 @@
PutKind m_putKind;
};
-class JITInByIdGenerator : public JITByIdGenerator {
-public:
- JITInByIdGenerator() { }
-
- JITInByIdGenerator(
- CodeBlock*, CodeOrigin, CallSiteIndex, const RegisterSet& usedRegisters, UniquedStringImpl* propertyName,
- JSValueRegs base, JSValueRegs value);
-
- void generateFastPath(MacroAssembler&);
-};
-
class JITInstanceOfGenerator : public JITInlineCacheGenerator {
public:
JITInstanceOfGenerator() { }
Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/jit/JITOperations.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/jit/JITOperations.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -377,91 +377,64 @@
}));
}
-EncodedJSValue JIT_OPERATION operationInById(ExecState* exec, StructureStubInfo* stubInfo, EncodedJSValue base, UniquedStringImpl* uid)
+EncodedJSValue JIT_OPERATION operationInOptimize(ExecState* exec, StructureStubInfo* stubInfo, JSCell* base, UniquedStringImpl* key)
{
SuperSamplerScope superSamplerScope(false);
+
+ VM* vm = &exec->vm();
+ NativeCallFrameTracer tracer(vm, exec);
+ auto scope = DECLARE_THROW_SCOPE(*vm);
- VM& vm = exec->vm();
- NativeCallFrameTracer tracer(&vm, exec);
- auto scope = DECLARE_THROW_SCOPE(vm);
-
- stubInfo->tookSlowPath = true;
-
- Identifier ident = Identifier::fromUid(&vm, uid);
-
- JSValue baseValue = JSValue::decode(base);
- if (!baseValue.isObject()) {
- throwException(exec, scope, createInvalidInParameterError(exec, baseValue));
+ if (!base->isObject()) {
+ throwException(exec, scope, createInvalidInParameterError(exec, base));
return JSValue::encode(jsUndefined());
}
- JSObject* baseObject = asObject(baseValue);
+
+ AccessType accessType = static_cast<AccessType>(stubInfo->accessType);
- LOG_IC((ICEvent::OperationInById, baseObject->classInfo(vm), ident));
-
- scope.release();
- PropertySlot slot(baseObject, PropertySlot::InternalMethodType::HasProperty);
- return JSValue::encode(jsBoolean(baseObject->getPropertySlot(exec, ident, slot)));
+ Identifier ident = Identifier::fromUid(vm, key);
+ LOG_IC((ICEvent::OperationInOptimize, base->classInfo(*vm), ident));
+ PropertySlot slot(base, PropertySlot::InternalMethodType::HasProperty);
+ bool result = asObject(base)->getPropertySlot(exec, ident, slot);
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
+
+ RELEASE_ASSERT(accessType == stubInfo->accessType);
+
+ if (stubInfo->considerCaching(exec->codeBlock(), asObject(base)->structure()))
+ repatchIn(exec, base, ident, result, slot, *stubInfo);
+
+ return JSValue::encode(jsBoolean(result));
}
-EncodedJSValue JIT_OPERATION operationInByIdGeneric(ExecState* exec, EncodedJSValue base, UniquedStringImpl* uid)
+EncodedJSValue JIT_OPERATION operationIn(ExecState* exec, StructureStubInfo* stubInfo, JSCell* base, UniquedStringImpl* key)
{
SuperSamplerScope superSamplerScope(false);
+
+ VM* vm = &exec->vm();
+ NativeCallFrameTracer tracer(vm, exec);
+ auto scope = DECLARE_THROW_SCOPE(*vm);
- VM& vm = exec->vm();
- NativeCallFrameTracer tracer(&vm, exec);
- auto scope = DECLARE_THROW_SCOPE(vm);
+ stubInfo->tookSlowPath = true;
- Identifier ident = Identifier::fromUid(&vm, uid);
-
- JSValue baseValue = JSValue::decode(base);
- if (!baseValue.isObject()) {
- throwException(exec, scope, createInvalidInParameterError(exec, baseValue));
+ if (!base->isObject()) {
+ throwException(exec, scope, createInvalidInParameterError(exec, base));
return JSValue::encode(jsUndefined());
}
- JSObject* baseObject = asObject(baseValue);
- LOG_IC((ICEvent::OperationInByIdGeneric, baseObject->classInfo(vm), ident));
-
+ Identifier ident = Identifier::fromUid(vm, key);
+ LOG_IC((ICEvent::OperationIn, base->classInfo(*vm), ident));
scope.release();
- PropertySlot slot(baseObject, PropertySlot::InternalMethodType::HasProperty);
- return JSValue::encode(jsBoolean(baseObject->getPropertySlot(exec, ident, slot)));
+ return JSValue::encode(jsBoolean(asObject(base)->hasProperty(exec, ident)));
}
-EncodedJSValue JIT_OPERATION operationInByIdOptimize(ExecState* exec, StructureStubInfo* stubInfo, EncodedJSValue base, UniquedStringImpl* uid)
+EncodedJSValue JIT_OPERATION operationGenericIn(ExecState* exec, JSCell* base, EncodedJSValue key)
{
SuperSamplerScope superSamplerScope(false);
-
- VM& vm = exec->vm();
- NativeCallFrameTracer tracer(&vm, exec);
- auto scope = DECLARE_THROW_SCOPE(vm);
-
- Identifier ident = Identifier::fromUid(&vm, uid);
-
- JSValue baseValue = JSValue::decode(base);
- if (!baseValue.isObject()) {
- throwException(exec, scope, createInvalidInParameterError(exec, baseValue));
- return JSValue::encode(jsUndefined());
- }
- JSObject* baseObject = asObject(baseValue);
-
- LOG_IC((ICEvent::OperationInByIdOptimize, baseObject->classInfo(vm), ident));
-
- scope.release();
- PropertySlot slot(baseObject, PropertySlot::InternalMethodType::HasProperty);
- bool found = baseObject->getPropertySlot(exec, ident, slot);
- if (stubInfo->considerCaching(exec->codeBlock(), baseObject->structure(vm)))
- repatchInByID(exec, baseObject, ident, found, slot, *stubInfo);
- return JSValue::encode(jsBoolean(found));
-}
-
-EncodedJSValue JIT_OPERATION operationInByVal(ExecState* exec, JSCell* base, EncodedJSValue key)
-{
- SuperSamplerScope superSamplerScope(false);
VM* vm = &exec->vm();
NativeCallFrameTracer tracer(vm, exec);
- return JSValue::encode(jsBoolean(CommonSlowPaths::opInByVal(exec, base, JSValue::decode(key))));
+ return JSValue::encode(jsBoolean(CommonSlowPaths::opIn(exec, base, JSValue::decode(key))));
}
void JIT_OPERATION operationPutByIdStrict(ExecState* exec, StructureStubInfo* stubInfo, EncodedJSValue encodedValue, EncodedJSValue encodedBase, UniquedStringImpl* uid)
Modified: trunk/Source/_javascript_Core/jit/JITOperations.h (232028 => 232029)
--- trunk/Source/_javascript_Core/jit/JITOperations.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/jit/JITOperations.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -371,12 +371,9 @@
EncodedJSValue JIT_OPERATION operationGetByIdDirect(ExecState*, StructureStubInfo*, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL;
EncodedJSValue JIT_OPERATION operationGetByIdDirectGeneric(ExecState*, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL;
EncodedJSValue JIT_OPERATION operationGetByIdDirectOptimize(ExecState*, StructureStubInfo*, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL;
-EncodedJSValue JIT_OPERATION operationInById(ExecState*, StructureStubInfo*, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL;
-EncodedJSValue JIT_OPERATION operationInByIdGeneric(ExecState*, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL;
-EncodedJSValue JIT_OPERATION operationInByIdOptimize(ExecState*, StructureStubInfo*, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL;
EncodedJSValue JIT_OPERATION operationInOptimize(ExecState*, StructureStubInfo*, JSCell*, UniquedStringImpl*) WTF_INTERNAL;
EncodedJSValue JIT_OPERATION operationIn(ExecState*, StructureStubInfo*, JSCell*, UniquedStringImpl*) WTF_INTERNAL;
-EncodedJSValue JIT_OPERATION operationInByVal(ExecState*, JSCell*, EncodedJSValue) WTF_INTERNAL;
+EncodedJSValue JIT_OPERATION operationGenericIn(ExecState*, JSCell*, EncodedJSValue) WTF_INTERNAL;
void JIT_OPERATION operationPutByIdStrict(ExecState*, StructureStubInfo*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, UniquedStringImpl*) WTF_INTERNAL;
void JIT_OPERATION operationPutByIdNonStrict(ExecState*, StructureStubInfo*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, UniquedStringImpl*) WTF_INTERNAL;
void JIT_OPERATION operationPutByIdDirectStrict(ExecState*, StructureStubInfo*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, UniquedStringImpl*) WTF_INTERNAL;
Modified: trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -751,42 +751,6 @@
gen.reportSlowPathCall(coldPathBegin, call);
}
-void JIT::emit_op_in_by_id(Instruction* currentInstruction)
-{
- int resultVReg = currentInstruction[1].u.operand;
- int baseVReg = currentInstruction[2].u.operand;
- const Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));
-
- emitGetVirtualRegister(baseVReg, regT0);
-
- emitJumpSlowCaseIfNotJSCell(regT0, baseVReg);
-
- JITInByIdGenerator gen(
- m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(m_bytecodeOffset), RegisterSet::stubUnavailableRegisters(),
- ident->impl(), JSValueRegs(regT0), JSValueRegs(regT0));
- gen.generateFastPath(*this);
- addSlowCase(gen.slowPathJump());
- m_inByIds.append(gen);
-
- emitPutVirtualRegister(resultVReg);
-}
-
-void JIT::emitSlow_op_in_by_id(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
- linkAllSlowCases(iter);
-
- int resultVReg = currentInstruction[1].u.operand;
- const Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));
-
- JITInByIdGenerator& gen = m_inByIds[m_inByIdIndex++];
-
- Label coldPathBegin = label();
-
- Call call = callOperation(operationInByIdOptimize, resultVReg, gen.stubInfo(), regT0, ident->impl());
-
- gen.reportSlowPathCall(coldPathBegin, call);
-}
-
void JIT::emitVarInjectionCheck(bool needsVarInjectionChecks)
{
if (!needsVarInjectionChecks)
Modified: trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -771,41 +771,6 @@
gen.reportSlowPathCall(coldPathBegin, call);
}
-void JIT::emit_op_in_by_id(Instruction* currentInstruction)
-{
- int dst = currentInstruction[1].u.operand;
- int base = currentInstruction[2].u.operand;
- const Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));
-
- emitLoad(base, regT1, regT0);
- emitJumpSlowCaseIfNotJSCell(base, regT1);
-
- JITInByIdGenerator gen(
- m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(currentInstruction), RegisterSet::stubUnavailableRegisters(),
- ident->impl(), JSValueRegs::payloadOnly(regT0), JSValueRegs(regT1, regT0));
- gen.generateFastPath(*this);
- addSlowCase(gen.slowPathJump());
- m_inByIds.append(gen);
-
- emitStore(dst, regT1, regT0);
-}
-
-void JIT::emitSlow_op_in_by_id(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
- linkAllSlowCases(iter);
-
- int resultVReg = currentInstruction[1].u.operand;
- const Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));
-
- JITInByIdGenerator& gen = m_inByIds[m_getByIdIndex++];
-
- Label coldPathBegin = label();
-
- Call call = callOperation(operationInByIdOptimize, resultVReg, gen.stubInfo(), JSValueRegs(regT1, regT0), ident->impl());
-
- gen.reportSlowPathCall(coldPathBegin, call);
-}
-
void JIT::emitVarInjectionCheck(bool needsVarInjectionChecks)
{
if (!needsVarInjectionChecks)
Modified: trunk/Source/_javascript_Core/jit/Repatch.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/jit/Repatch.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/jit/Repatch.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -605,8 +605,8 @@
}
}
-static InlineCacheAction tryCacheInByID(
- ExecState* exec, JSObject* base, const Identifier& ident,
+static InlineCacheAction tryCacheIn(
+ ExecState* exec, JSCell* base, const Identifier& ident,
bool wasFound, const PropertySlot& slot, StructureStubInfo& stubInfo)
{
VM& vm = exec->vm();
@@ -631,26 +631,6 @@
std::unique_ptr<PolyProtoAccessChain> prototypeAccessChain;
ObjectPropertyConditionSet conditionSet;
if (wasFound) {
- InlineCacheAction action = "" base);
- if (action != AttemptToCache)
- return action;
-
- // Optimize self access.
- if (stubInfo.cacheType == CacheType::Unset
- && slot.isCacheableValue()
- && slot.slotBase() == base
- && !slot.watchpointSet()
- && !structure->needImpurePropertyWatchpoint()) {
- bool generatedCodeInline = InlineAccess::generateSelfInAccess(stubInfo, structure);
- if (generatedCodeInline) {
- LOG_IC((ICEvent::InByIdSelfPatch, structure->classInfo(), ident));
- structure->startWatchingPropertyForReplacements(vm, slot.cachedOffset());
- ftlThunkAwareRepatchCall(codeBlock, stubInfo.slowPathCallLocation(), operationInByIdOptimize);
- stubInfo.initInByIdSelf(codeBlock, structure, slot.cachedOffset());
- return RetryCacheLater;
- }
- }
-
if (slot.slotBase() != base) {
bool usesPolyProto;
prototypeAccessChain = PolyProtoAccessChain::create(exec->lexicalGlobalObject(), base, slot, usesPolyProto);
@@ -684,7 +664,7 @@
LOG_IC((ICEvent::InAddAccessCase, structure->classInfo(), ident));
std::unique_ptr<AccessCase> newCase = AccessCase::create(
- vm, codeBlock, wasFound ? AccessCase::InHit : AccessCase::InMiss, wasFound ? slot.cachedOffset() : invalidOffset, structure, conditionSet, WTFMove(prototypeAccessChain));
+ vm, codeBlock, wasFound ? AccessCase::InHit : AccessCase::InMiss, invalidOffset, structure, conditionSet, WTFMove(prototypeAccessChain));
result = stubInfo.addAccessCase(locker, codeBlock, ident, WTFMove(newCase));
@@ -692,7 +672,10 @@
LOG_IC((ICEvent::InReplaceWithJump, structure->classInfo(), ident));
RELEASE_ASSERT(result.code());
- InlineAccess::rewireStubAsJump(stubInfo, CodeLocationLabel<JITStubRoutinePtrTag>(result.code()));
+
+ MacroAssembler::repatchJump(
+ stubInfo.patchableJump(),
+ CodeLocationLabel<JITStubRoutinePtrTag>(result.code()));
}
}
@@ -701,14 +684,13 @@
return result.shouldGiveUpNow() ? GiveUpOnCache : RetryCacheLater;
}
-void repatchInByID(ExecState* exec, JSObject* baseObject, const Identifier& propertyName, bool wasFound, const PropertySlot& slot, StructureStubInfo& stubInfo)
+void repatchIn(
+ ExecState* exec, JSCell* base, const Identifier& ident, bool wasFound,
+ const PropertySlot& slot, StructureStubInfo& stubInfo)
{
SuperSamplerScope superSamplerScope(false);
-
- if (tryCacheInByID(exec, baseObject, propertyName, wasFound, slot, stubInfo) == GiveUpOnCache) {
- CodeBlock* codeBlock = exec->codeBlock();
- ftlThunkAwareRepatchCall(codeBlock, stubInfo.slowPathCallLocation(), operationInById);
- }
+ if (tryCacheIn(exec, base, ident, wasFound, slot, stubInfo) == GiveUpOnCache)
+ ftlThunkAwareRepatchCall(exec->codeBlock(), stubInfo.slowPathCallLocation(), operationIn);
}
static InlineCacheAction tryCacheInstanceOf(
@@ -1254,10 +1236,9 @@
MacroAssembler::repatchJump(stubInfo.patchableJump(), stubInfo.slowPathStartLocation());
}
-void resetInByID(CodeBlock* codeBlock, StructureStubInfo& stubInfo)
+void resetIn(StructureStubInfo& stubInfo)
{
- ftlThunkAwareRepatchCall(codeBlock, stubInfo.slowPathCallLocation(), operationInByIdOptimize);
- InlineAccess::rewireStubAsJump(stubInfo, stubInfo.slowPathStartLocation());
+ resetPatchableJump(stubInfo);
}
void resetInstanceOf(StructureStubInfo& stubInfo)
Modified: trunk/Source/_javascript_Core/jit/Repatch.h (232028 => 232029)
--- trunk/Source/_javascript_Core/jit/Repatch.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/jit/Repatch.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -44,7 +44,7 @@
void buildGetByIDProtoList(ExecState*, JSValue, const Identifier&, const PropertySlot&, StructureStubInfo&);
void repatchPutByID(ExecState*, JSValue, Structure*, const Identifier&, const PutPropertySlot&, StructureStubInfo&, PutKind);
void buildPutByIdList(ExecState*, JSValue, Structure*, const Identifier&, const PutPropertySlot&, StructureStubInfo&, PutKind);
-void repatchInByID(ExecState*, JSObject*, const Identifier&, bool wasFound, const PropertySlot&, StructureStubInfo&);
+void repatchIn(ExecState*, JSCell*, const Identifier&, bool wasFound, const PropertySlot&, StructureStubInfo&);
void repatchInstanceOf(ExecState*, JSValue value, JSValue prototype, StructureStubInfo&, bool wasFound);
void linkFor(ExecState*, CallLinkInfo&, CodeBlock*, JSObject* callee, MacroAssemblerCodePtr<JSEntryPtrTag>);
void linkDirectFor(ExecState*, CallLinkInfo&, CodeBlock*, MacroAssemblerCodePtr<JSEntryPtrTag>);
@@ -54,7 +54,7 @@
void linkPolymorphicCall(ExecState*, CallLinkInfo&, CallVariant);
void resetGetByID(CodeBlock*, StructureStubInfo&, GetByIDKind);
void resetPutByID(CodeBlock*, StructureStubInfo&);
-void resetInByID(CodeBlock*, StructureStubInfo&);
+void resetIn(StructureStubInfo&);
void resetInstanceOf(StructureStubInfo&);
void ftlThunkAwareRepatchCall(CodeBlock*, CodeLocationCall<JSInternalPtrTag>, FunctionPtr<CFunctionPtrTag> newCalleeFunction);
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm (232028 => 232029)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2018-05-21 21:52:26 UTC (rev 232029)
@@ -1507,18 +1507,12 @@
dispatch(constexpr op_is_function_length)
-_llint_op_in_by_id:
+_llint_op_in:
traceExecution()
- callSlowPath(_slow_path_in_by_id)
- dispatch(constexpr op_in_by_id_length)
+ callSlowPath(_slow_path_in)
+ dispatch(constexpr op_in_length)
-_llint_op_in_by_val:
- traceExecution()
- callSlowPath(_slow_path_in_by_val)
- dispatch(constexpr op_in_by_val_length)
-
-
_llint_op_try_get_by_id:
traceExecution()
callSlowPath(_llint_slow_path_try_get_by_id)
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (232028 => 232029)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2018-05-21 21:52:26 UTC (rev 232029)
@@ -1552,7 +1552,6 @@
callSlowPath(_llint_slow_path_put_by_id)
dispatch(constexpr op_put_by_id_length)
-
macro finishGetByVal(result, scratch)
loadisFromInstruction(1, scratch)
storeq result, [cfr, scratch, 8]
Modified: trunk/Source/_javascript_Core/parser/NodeConstructors.h (232028 => 232029)
--- trunk/Source/_javascript_Core/parser/NodeConstructors.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/parser/NodeConstructors.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -623,7 +623,7 @@
}
inline InNode::InNode(const JSTokenLocation& location, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
- : ThrowableBinaryOpNode(location, expr1, expr2, op_in_by_val, rightHasAssignments)
+ : ThrowableBinaryOpNode(location, expr1, expr2, op_in, rightHasAssignments)
{
}
Modified: trunk/Source/_javascript_Core/runtime/CommonSlowPaths.cpp (232028 => 232029)
--- trunk/Source/_javascript_Core/runtime/CommonSlowPaths.cpp 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/runtime/CommonSlowPaths.cpp 2018-05-21 21:52:26 UTC (rev 232029)
@@ -648,23 +648,12 @@
RETURN(jsBoolean(jsIsFunctionType(OP_C(2).jsValue())));
}
-SLOW_PATH_DECL(slow_path_in_by_val)
+SLOW_PATH_DECL(slow_path_in)
{
BEGIN();
- RETURN(jsBoolean(CommonSlowPaths::opInByVal(exec, OP_C(2).jsValue(), OP_C(3).jsValue(), pc[4].u.arrayProfile)));
+ RETURN(jsBoolean(CommonSlowPaths::opIn(exec, OP_C(2).jsValue(), OP_C(3).jsValue(), pc[4].u.arrayProfile)));
}
-SLOW_PATH_DECL(slow_path_in_by_id)
-{
- BEGIN();
-
- JSValue baseValue = OP_C(2).jsValue();
- if (!baseValue.isObject())
- THROW(createInvalidInParameterError(exec, baseValue));
-
- RETURN(jsBoolean(asObject(baseValue)->hasProperty(exec, exec->codeBlock()->identifier(pc[3].u.operand))));
-}
-
SLOW_PATH_DECL(slow_path_del_by_val)
{
BEGIN();
Modified: trunk/Source/_javascript_Core/runtime/CommonSlowPaths.h (232028 => 232029)
--- trunk/Source/_javascript_Core/runtime/CommonSlowPaths.h 2018-05-21 21:47:59 UTC (rev 232028)
+++ trunk/Source/_javascript_Core/runtime/CommonSlowPaths.h 2018-05-21 21:52:26 UTC (rev 232029)
@@ -85,7 +85,7 @@
return padding;
}
-inline bool opInByVal(ExecState* exec, JSValue baseVal, JSValue propName, ArrayProfile* arrayProfile = nullptr)
+inline bool opIn(ExecState* exec, JSValue baseVal, JSValue propName, ArrayProfile* arrayProfile = nullptr)
{
VM& vm = exec->vm();
auto scope = DECLARE_THROW_SCOPE(vm);
@@ -308,8 +308,7 @@
SLOW_PATH_HIDDEN_DECL(slow_path_is_object);
SLOW_PATH_HIDDEN_DECL(slow_path_is_object_or_null);
SLOW_PATH_HIDDEN_DECL(slow_path_is_function);
-SLOW_PATH_HIDDEN_DECL(slow_path_in_by_id);
-SLOW_PATH_HIDDEN_DECL(slow_path_in_by_val);
+SLOW_PATH_HIDDEN_DECL(slow_path_in);
SLOW_PATH_HIDDEN_DECL(slow_path_del_by_val);
SLOW_PATH_HIDDEN_DECL(slow_path_strcat);
SLOW_PATH_HIDDEN_DECL(slow_path_to_primitive);
