Diff
Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog (238992 => 238993)
--- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog 2018-12-08 00:25:55 UTC (rev 238992)
+++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog 2018-12-08 00:25:59 UTC (rev 238993)
@@ -1,5 +1,29 @@
2018-09-27 Mark Lam <[email protected]>
+ ByValInfo should not use integer offsets.
+ https://bugs.webkit.org/show_bug.cgi?id=190070
+ <rdar://problem/44803430>
+
+ Reviewed by Saam Barati.
+
+ Also moved some fields around to allow the ByValInfo struct to be more densely packed.
+
+ * bytecode/ByValInfo.h:
+ (JSC::ByValInfo::ByValInfo):
+ * jit/JIT.cpp:
+ (JSC::JIT::link):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileHasIndexedProperty):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileHasIndexedProperty):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompileGetByVal):
+ (JSC::JIT::privateCompileGetByValWithCachedId):
+ (JSC::JIT::privateCompilePutByVal):
+ (JSC::JIT::privateCompilePutByValWithCachedId):
+
+2018-09-27 Mark Lam <[email protected]>
+
DFG::OSREntry::m_machineCodeOffset should be a CodeLocation.
https://bugs.webkit.org/show_bug.cgi?id=190054
<rdar://problem/44803543>
Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/bytecode/ByValInfo.h (238992 => 238993)
--- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/bytecode/ByValInfo.h 2018-12-08 00:25:55 UTC (rev 238992)
+++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/bytecode/ByValInfo.h 2018-12-08 00:25:59 UTC (rev 238993)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012, 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -226,37 +226,37 @@
struct ByValInfo {
ByValInfo() { }
- ByValInfo(unsigned bytecodeIndex, CodeLocationJump<JSInternalPtrTag> notIndexJump, CodeLocationJump<JSInternalPtrTag> badTypeJump, CodeLocationLabel<ExceptionHandlerPtrTag> exceptionHandler, JITArrayMode arrayMode, ArrayProfile* arrayProfile, int16_t badTypeJumpToDone, int16_t badTypeJumpToNextHotPath, int16_t returnAddressToSlowPath)
- : bytecodeIndex(bytecodeIndex)
- , notIndexJump(notIndexJump)
+ ByValInfo(unsigned bytecodeIndex, CodeLocationJump<JSInternalPtrTag> notIndexJump, CodeLocationJump<JSInternalPtrTag> badTypeJump, CodeLocationLabel<ExceptionHandlerPtrTag> exceptionHandler, JITArrayMode arrayMode, ArrayProfile* arrayProfile, CodeLocationLabel<JSInternalPtrTag> badTypeDoneTarget, CodeLocationLabel<JSInternalPtrTag> badTypeNextHotPathTarget, CodeLocationLabel<JSInternalPtrTag> slowPathTarget)
+ : notIndexJump(notIndexJump)
, badTypeJump(badTypeJump)
, exceptionHandler(exceptionHandler)
- , arrayMode(arrayMode)
+ , badTypeDoneTarget(badTypeDoneTarget)
+ , badTypeNextHotPathTarget(badTypeNextHotPathTarget)
+ , slowPathTarget(slowPathTarget)
, arrayProfile(arrayProfile)
- , badTypeJumpToDone(badTypeJumpToDone)
- , badTypeJumpToNextHotPath(badTypeJumpToNextHotPath)
- , returnAddressToSlowPath(returnAddressToSlowPath)
+ , bytecodeIndex(bytecodeIndex)
, slowPathCount(0)
, stubInfo(nullptr)
+ , arrayMode(arrayMode)
, tookSlowPath(false)
, seen(false)
{
}
- unsigned bytecodeIndex;
CodeLocationJump<JSInternalPtrTag> notIndexJump;
CodeLocationJump<JSInternalPtrTag> badTypeJump;
CodeLocationLabel<ExceptionHandlerPtrTag> exceptionHandler;
- JITArrayMode arrayMode; // The array mode that was baked into the inline JIT code.
+ CodeLocationLabel<JSInternalPtrTag> badTypeDoneTarget;
+ CodeLocationLabel<JSInternalPtrTag> badTypeNextHotPathTarget;
+ CodeLocationLabel<JSInternalPtrTag> slowPathTarget;
ArrayProfile* arrayProfile;
- int16_t badTypeJumpToDone;
- int16_t badTypeJumpToNextHotPath;
- int16_t returnAddressToSlowPath;
+ unsigned bytecodeIndex;
unsigned slowPathCount;
RefPtr<JITStubRoutine> stubRoutine;
Identifier cachedId;
WriteBarrier<Symbol> cachedSymbol;
StructureStubInfo* stubInfo;
+ JITArrayMode arrayMode; // The array mode that was baked into the inline JIT code.
bool tookSlowPath : 1;
bool seen : 1;
};
Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/jit/JIT.cpp (238992 => 238993)
--- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/jit/JIT.cpp 2018-12-08 00:25:55 UTC (rev 238992)
+++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/jit/JIT.cpp 2018-12-08 00:25:59 UTC (rev 238993)
@@ -853,10 +853,9 @@
if (Jump(patchableNotIndexJump).isSet())
notIndexJump = CodeLocationJump<JSInternalPtrTag>(patchBuffer.locationOf<JSInternalPtrTag>(patchableNotIndexJump));
auto badTypeJump = CodeLocationJump<JSInternalPtrTag>(patchBuffer.locationOf<JSInternalPtrTag>(byValCompilationInfo.badTypeJump));
- CodeLocationLabel<NoPtrTag> doneTarget = patchBuffer.locationOf<NoPtrTag>(byValCompilationInfo.doneTarget);
- CodeLocationLabel<NoPtrTag> nextHotPathTarget = patchBuffer.locationOf<NoPtrTag>(byValCompilationInfo.nextHotPathTarget);
- CodeLocationLabel<NoPtrTag> slowPathTarget = patchBuffer.locationOf<NoPtrTag>(byValCompilationInfo.slowPathTarget);
- CodeLocationCall<NoPtrTag> returnAddress = patchBuffer.locationOf<NoPtrTag>(byValCompilationInfo.returnAddress);
+ auto doneTarget = CodeLocationLabel<JSInternalPtrTag>(patchBuffer.locationOf<JSInternalPtrTag>(byValCompilationInfo.doneTarget));
+ auto nextHotPathTarget = CodeLocationLabel<JSInternalPtrTag>(patchBuffer.locationOf<JSInternalPtrTag>(byValCompilationInfo.nextHotPathTarget));
+ auto slowPathTarget = CodeLocationLabel<JSInternalPtrTag>(patchBuffer.locationOf<JSInternalPtrTag>(byValCompilationInfo.slowPathTarget));
*byValCompilationInfo.byValInfo = ByValInfo(
byValCompilationInfo.bytecodeIndex,
@@ -865,9 +864,9 @@
exceptionHandler,
byValCompilationInfo.arrayMode,
byValCompilationInfo.arrayProfile,
- differenceBetweenCodePtr(badTypeJump, doneTarget),
- differenceBetweenCodePtr(badTypeJump, nextHotPathTarget),
- differenceBetweenCodePtr(returnAddress, slowPathTarget));
+ doneTarget,
+ nextHotPathTarget,
+ slowPathTarget);
}
}
Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/jit/JITOpcodes.cpp (238992 => 238993)
--- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/jit/JITOpcodes.cpp 2018-12-08 00:25:55 UTC (rev 238992)
+++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/jit/JITOpcodes.cpp 2018-12-08 00:25:59 UTC (rev 238993)
@@ -1142,11 +1142,11 @@
LinkBuffer patchBuffer(*this, m_codeBlock);
- patchBuffer.link(badType, CodeLocationLabel<NoPtrTag>(MacroAssemblerCodePtr<NoPtrTag>::createFromExecutableAddress(returnAddress.value())).labelAtOffset(byValInfo->returnAddressToSlowPath));
- patchBuffer.link(slowCases, CodeLocationLabel<NoPtrTag>(MacroAssemblerCodePtr<NoPtrTag>::createFromExecutableAddress(returnAddress.value())).labelAtOffset(byValInfo->returnAddressToSlowPath));
-
- patchBuffer.link(done, byValInfo->badTypeJump.labelAtOffset(byValInfo->badTypeJumpToDone));
-
+ patchBuffer.link(badType, byValInfo->slowPathTarget);
+ patchBuffer.link(slowCases, byValInfo->slowPathTarget);
+
+ patchBuffer.link(done, byValInfo->badTypeDoneTarget);
+
byValInfo->stubRoutine = FINALIZE_CODE_FOR_STUB(
m_codeBlock, patchBuffer, JITStubRoutinePtrTag,
"Baseline has_indexed_property stub for %s, return point %p", toCString(*m_codeBlock).data(), returnAddress.value());
Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/jit/JITOpcodes32_64.cpp (238992 => 238993)
--- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/jit/JITOpcodes32_64.cpp 2018-12-08 00:25:55 UTC (rev 238992)
+++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/jit/JITOpcodes32_64.cpp 2018-12-08 00:25:59 UTC (rev 238993)
@@ -1022,11 +1022,11 @@
LinkBuffer patchBuffer(*this, m_codeBlock);
- patchBuffer.link(badType, CodeLocationLabel<NoPtrTag>(MacroAssemblerCodePtr<NoPtrTag>::createFromExecutableAddress(returnAddress.value())).labelAtOffset(byValInfo->returnAddressToSlowPath));
- patchBuffer.link(slowCases, CodeLocationLabel<NoPtrTag>(MacroAssemblerCodePtr<NoPtrTag>::createFromExecutableAddress(returnAddress.value())).labelAtOffset(byValInfo->returnAddressToSlowPath));
-
- patchBuffer.link(done, byValInfo->badTypeJump.labelAtOffset(byValInfo->badTypeJumpToDone));
+ patchBuffer.link(badType, byValInfo->slowPathTarget);
+ patchBuffer.link(slowCases, byValInfo->slowPathTarget);
+ patchBuffer.link(done, byValInfo->badTypeDoneTarget);
+
byValInfo->stubRoutine = FINALIZE_CODE_FOR_STUB(
m_codeBlock, patchBuffer, JITStubRoutinePtrTag,
"Baseline has_indexed_property stub for %s, return point %p", toCString(*m_codeBlock).data(), returnAddress.value());
Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/jit/JITPropertyAccess.cpp (238992 => 238993)
--- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2018-12-08 00:25:55 UTC (rev 238992)
+++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2018-12-08 00:25:59 UTC (rev 238993)
@@ -1211,12 +1211,12 @@
Jump done = jump();
LinkBuffer patchBuffer(*this, m_codeBlock);
-
- patchBuffer.link(badType, CodeLocationLabel<NoPtrTag>(MacroAssemblerCodePtr<NoPtrTag>::createFromExecutableAddress(returnAddress.value())).labelAtOffset(byValInfo->returnAddressToSlowPath));
- patchBuffer.link(slowCases, CodeLocationLabel<NoPtrTag>(MacroAssemblerCodePtr<NoPtrTag>::createFromExecutableAddress(returnAddress.value())).labelAtOffset(byValInfo->returnAddressToSlowPath));
-
- patchBuffer.link(done, byValInfo->badTypeJump.labelAtOffset(byValInfo->badTypeJumpToDone));
-
+
+ patchBuffer.link(badType, byValInfo->slowPathTarget);
+ patchBuffer.link(slowCases, byValInfo->slowPathTarget);
+
+ patchBuffer.link(done, byValInfo->badTypeDoneTarget);
+
byValInfo->stubRoutine = FINALIZE_CODE_FOR_STUB(
m_codeBlock, patchBuffer, JITStubRoutinePtrTag,
"Baseline get_by_val stub for %s, return point %p", toCString(*m_codeBlock).data(), returnAddress.value());
@@ -1237,9 +1237,9 @@
ConcurrentJSLocker locker(m_codeBlock->m_lock);
LinkBuffer patchBuffer(*this, m_codeBlock);
- patchBuffer.link(slowCases, CodeLocationLabel<NoPtrTag>(MacroAssemblerCodePtr<NoPtrTag>::createFromExecutableAddress(returnAddress.value())).labelAtOffset(byValInfo->returnAddressToSlowPath));
- patchBuffer.link(fastDoneCase, byValInfo->badTypeJump.labelAtOffset(byValInfo->badTypeJumpToDone));
- patchBuffer.link(slowDoneCase, byValInfo->badTypeJump.labelAtOffset(byValInfo->badTypeJumpToNextHotPath));
+ patchBuffer.link(slowCases, byValInfo->slowPathTarget);
+ patchBuffer.link(fastDoneCase, byValInfo->badTypeDoneTarget);
+ patchBuffer.link(slowDoneCase, byValInfo->badTypeNextHotPathTarget);
if (!m_exceptionChecks.empty())
patchBuffer.link(m_exceptionChecks, byValInfo->exceptionHandler);
@@ -1294,9 +1294,9 @@
Jump done = jump();
LinkBuffer patchBuffer(*this, m_codeBlock);
- patchBuffer.link(badType, CodeLocationLabel<NoPtrTag>(MacroAssemblerCodePtr<NoPtrTag>::createFromExecutableAddress(returnAddress.value())).labelAtOffset(byValInfo->returnAddressToSlowPath));
- patchBuffer.link(slowCases, CodeLocationLabel<NoPtrTag>(MacroAssemblerCodePtr<NoPtrTag>::createFromExecutableAddress(returnAddress.value())).labelAtOffset(byValInfo->returnAddressToSlowPath));
- patchBuffer.link(done, byValInfo->badTypeJump.labelAtOffset(byValInfo->badTypeJumpToDone));
+ patchBuffer.link(badType, byValInfo->slowPathTarget);
+ patchBuffer.link(slowCases, byValInfo->slowPathTarget);
+ patchBuffer.link(done, byValInfo->badTypeDoneTarget);
if (needsLinkForWriteBarrier) {
ASSERT(removeCodePtrTag(m_calls.last().callee.executableAddress()) == removeCodePtrTag(operationWriteBarrierSlowPath));
patchBuffer.link(m_calls.last().from, m_calls.last().callee);
@@ -1328,8 +1328,8 @@
ConcurrentJSLocker locker(m_codeBlock->m_lock);
LinkBuffer patchBuffer(*this, m_codeBlock);
- patchBuffer.link(slowCases, CodeLocationLabel<NoPtrTag>(MacroAssemblerCodePtr<NoPtrTag>::createFromExecutableAddress(returnAddress.value())).labelAtOffset(byValInfo->returnAddressToSlowPath));
- patchBuffer.link(doneCases, byValInfo->badTypeJump.labelAtOffset(byValInfo->badTypeJumpToDone));
+ patchBuffer.link(slowCases, byValInfo->slowPathTarget);
+ patchBuffer.link(doneCases, byValInfo->badTypeDoneTarget);
if (!m_exceptionChecks.empty())
patchBuffer.link(m_exceptionChecks, byValInfo->exceptionHandler);
