Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (281221 => 281222)
--- trunk/Source/_javascript_Core/ChangeLog 2021-08-19 03:40:37 UTC (rev 281221)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-08-19 03:42:16 UTC (rev 281222)
@@ -1,3 +1,28 @@
+2021-08-18 Yusuke Suzuki <[email protected]>
+
+ [JSC] Remove op_has_indexed_property related code
+ https://bugs.webkit.org/show_bug.cgi?id=229271
+
+ Reviewed by Saam Barati.
+
+ After our new for-in protocol, op_has_indexed_property is removed.
+ As a result, we can remove many ByValInfo code that is used only
+ for op_has_indexed_property.
+
+ * jit/JIT.h:
+ * jit/JITInlines.h:
+ (JSC::JIT::emitLoadForArrayMode): Deleted.
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileHasIndexedProperty): Deleted.
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileHasIndexedProperty): Deleted.
+ * jit/JITOperations.cpp:
+ * jit/JITOperations.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitDoubleLoad): Deleted.
+ (JSC::JIT::emitContiguousLoad): Deleted.
+ (JSC::JIT::emitArrayStorageLoad): Deleted.
+
2021-08-18 Michael Catanzaro <[email protected]>
REGRESSION(r280382): [GTK] 2.33.3 does not build with gtk-doc enabled, installs broken pkg-config files
Modified: trunk/Source/_javascript_Core/jit/JIT.h (281221 => 281222)
--- trunk/Source/_javascript_Core/jit/JIT.h 2021-08-19 03:40:37 UTC (rev 281221)
+++ trunk/Source/_javascript_Core/jit/JIT.h 2021-08-19 03:42:16 UTC (rev 281222)
@@ -254,13 +254,6 @@
jit.privateCompilePutPrivateNameWithCachedId(byValInfo, returnAddress, propertyName);
}
- static void compileHasIndexedProperty(VM& vm, CodeBlock* codeBlock, ByValInfo* byValInfo, ReturnAddressPtr returnAddress, JITArrayMode arrayMode)
- {
- JIT jit(vm, codeBlock);
- jit.m_bytecodeIndex = byValInfo->bytecodeIndex;
- jit.privateCompileHasIndexedProperty(byValInfo, returnAddress, arrayMode);
- }
-
static unsigned frameRegisterCountFor(CodeBlock*);
static int stackPointerOffsetFor(CodeBlock*);
@@ -282,8 +275,6 @@
void privateCompilePutPrivateNameWithCachedId(ByValInfo*, ReturnAddressPtr, CacheableIdentifier);
- void privateCompileHasIndexedProperty(ByValInfo*, ReturnAddressPtr, JITArrayMode);
-
void privateCompilePatchGetArrayLength(ReturnAddressPtr returnAddress);
// Add a call out from JIT code, without an exception check.
@@ -396,16 +387,6 @@
JITArrayMode chooseArrayMode(ArrayProfile*);
- // Property is in regT1, base is in regT0. regT2 contains indexing type.
- // Property is int-checked and zero extended. Base is cell checked.
- // Structure is already profiled. Returns the slow cases. Fall-through
- // case contains result in regT0, and it is not yet profiled.
- JumpList emitInt32Load(const Instruction* instruction, PatchableJump& badType, ByValInfo* byValInfo) { return emitContiguousLoad(instruction, badType, byValInfo, Int32Shape); }
- JumpList emitDoubleLoad(const Instruction*, PatchableJump& badType, ByValInfo*);
- JumpList emitContiguousLoad(const Instruction*, PatchableJump& badType, ByValInfo*, IndexingType expectedShape = ContiguousShape);
- JumpList emitArrayStorageLoad(const Instruction*, PatchableJump& badType, ByValInfo*);
- JumpList emitLoadForArrayMode(const Instruction*, JITArrayMode, PatchableJump& badType, ByValInfo*);
-
// Property is in regT1, base is in regT0. regT2 contains indecing type.
// The value to store is not yet loaded. Property is int-checked and
// zero-extended. Base is cell checked. Structure is already profiled.
Modified: trunk/Source/_javascript_Core/jit/JITInlines.h (281221 => 281222)
--- trunk/Source/_javascript_Core/jit/JITInlines.h 2021-08-19 03:40:37 UTC (rev 281221)
+++ trunk/Source/_javascript_Core/jit/JITInlines.h 2021-08-19 03:42:16 UTC (rev 281222)
@@ -33,24 +33,6 @@
namespace JSC {
-ALWAYS_INLINE MacroAssembler::JumpList JIT::emitLoadForArrayMode(const Instruction* currentInstruction, JITArrayMode arrayMode, PatchableJump& badType, ByValInfo* byValInfo)
-{
- switch (arrayMode) {
- case JITInt32:
- return emitInt32Load(currentInstruction, badType, byValInfo);
- case JITDouble:
- return emitDoubleLoad(currentInstruction, badType, byValInfo);
- case JITContiguous:
- return emitContiguousLoad(currentInstruction, badType, byValInfo);
- case JITArrayStorage:
- return emitArrayStorageLoad(currentInstruction, badType, byValInfo);
- default:
- break;
- }
- RELEASE_ASSERT_NOT_REACHED();
- return MacroAssembler::JumpList();
-}
-
ALWAYS_INLINE bool JIT::isOperandConstantDouble(VirtualRegister src)
{
return src.isConstant() && getConstantOperand(src).isDouble();
Modified: trunk/Source/_javascript_Core/jit/JITOpcodes.cpp (281221 => 281222)
--- trunk/Source/_javascript_Core/jit/JITOpcodes.cpp 2021-08-19 03:40:37 UTC (rev 281221)
+++ trunk/Source/_javascript_Core/jit/JITOpcodes.cpp 2021-08-19 03:42:16 UTC (rev 281222)
@@ -1692,38 +1692,6 @@
#if USE(JSVALUE64)
-void JIT::privateCompileHasIndexedProperty(ByValInfo* byValInfo, ReturnAddressPtr returnAddress, JITArrayMode arrayMode)
-{
- const Instruction* currentInstruction = m_codeBlock->instructions().at(byValInfo->bytecodeIndex).ptr();
-
- PatchableJump badType;
-
- // FIXME: Add support for other types like TypedArrays and Arguments.
- // See https://bugs.webkit.org/show_bug.cgi?id=135033 and https://bugs.webkit.org/show_bug.cgi?id=135034.
- JumpList slowCases = emitLoadForArrayMode(currentInstruction, arrayMode, badType, nullptr);
- move(TrustedImm64(JSValue::encode(jsBoolean(true))), regT0);
- Jump done = jump();
-
- LinkBuffer patchBuffer(*this, m_codeBlock, LinkBuffer::Profile::InlineCache);
-
- patchBuffer.link(badType, byValInfo->slowPathTarget);
- patchBuffer.link(slowCases, byValInfo->slowPathTarget);
-
- patchBuffer.link(done, byValInfo->doneTarget);
-
- byValInfo->stubRoutine = FINALIZE_CODE_FOR_STUB(
- m_codeBlock, patchBuffer, JITStubRoutinePtrTag,
- "Baseline has_indexed_property stub for %s, return point %p", toCString(*m_codeBlock).data(), returnAddress.untaggedValue());
-
- if (JITCode::useDataIC(JITType::BaselineJIT)) {
- byValInfo->m_badTypeJumpTarget = CodeLocationLabel<JITStubRoutinePtrTag>(byValInfo->stubRoutine->code().code());
- byValInfo->m_slowOperation = operationHasIndexedPropertyGeneric;
- } else {
- MacroAssembler::repatchJump(byValInfo->m_badTypeJump, CodeLocationLabel<JITStubRoutinePtrTag>(byValInfo->stubRoutine->code().code()));
- MacroAssembler::repatchCall(CodeLocationCall<ReturnAddressPtrTag>(MacroAssemblerCodePtr<ReturnAddressPtrTag>(returnAddress)), FunctionPtr<OperationPtrTag>(operationHasIndexedPropertyGeneric));
- }
-}
-
void JIT::emit_op_profile_type(const Instruction* currentInstruction)
{
auto bytecode = currentInstruction->as<OpProfileType>();
Modified: trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp (281221 => 281222)
--- trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp 2021-08-19 03:40:37 UTC (rev 281221)
+++ trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp 2021-08-19 03:42:16 UTC (rev 281222)
@@ -1142,33 +1142,6 @@
addSlowCase(branchIfEmpty(regT0));
}
-void JIT::privateCompileHasIndexedProperty(ByValInfo* byValInfo, ReturnAddressPtr returnAddress, JITArrayMode arrayMode)
-{
- const Instruction* currentInstruction = m_codeBlock->instructions().at(byValInfo->bytecodeIndex).ptr();
-
- PatchableJump badType;
-
- // FIXME: Add support for other types like TypedArrays and Arguments.
- // See https://bugs.webkit.org/show_bug.cgi?id=135033 and https://bugs.webkit.org/show_bug.cgi?id=135034.
- JumpList slowCases = emitLoadForArrayMode(currentInstruction, arrayMode, badType, nullptr);
- move(TrustedImm32(1), regT0);
- Jump done = jump();
-
- LinkBuffer patchBuffer(*this, m_codeBlock, LinkBuffer::Profile::InlineCache);
-
- patchBuffer.link(badType, byValInfo->slowPathTarget);
- patchBuffer.link(slowCases, byValInfo->slowPathTarget);
-
- patchBuffer.link(done, byValInfo->doneTarget);
-
- byValInfo->stubRoutine = FINALIZE_CODE_FOR_STUB(
- m_codeBlock, patchBuffer, JITStubRoutinePtrTag,
- "Baseline has_indexed_property stub for %s, return point %p", toCString(*m_codeBlock).data(), returnAddress.untaggedValue());
-
- MacroAssembler::repatchJump(byValInfo->m_badTypeJump, CodeLocationLabel<JITStubRoutinePtrTag>(byValInfo->stubRoutine->code().code()));
- MacroAssembler::repatchCall(CodeLocationCall<ReturnAddressPtrTag>(MacroAssemblerCodePtr<ReturnAddressPtrTag>(returnAddress)), FunctionPtr<OperationPtrTag>(operationHasIndexedPropertyGeneric));
-}
-
void JIT::emit_op_profile_type(const Instruction* currentInstruction)
{
auto bytecode = currentInstruction->as<OpProfileType>();
Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (281221 => 281222)
--- trunk/Source/_javascript_Core/jit/JITOperations.cpp 2021-08-19 03:40:37 UTC (rev 281221)
+++ trunk/Source/_javascript_Core/jit/JITOperations.cpp 2021-08-19 03:42:16 UTC (rev 281222)
@@ -2653,79 +2653,6 @@
return JSValue::encode(result);
}
-JSC_DEFINE_JIT_OPERATION(operationHasIndexedPropertyDefault, EncodedJSValue, (JSGlobalObject* globalObject, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ByValInfo* byValInfo))
-{
- VM& vm = globalObject->vm();
- CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
- JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
- JSValue baseValue = JSValue::decode(encodedBase);
- JSValue subscript = JSValue::decode(encodedSubscript);
-
- ASSERT(baseValue.isObject());
- ASSERT(subscript.isUInt32AsAnyInt());
-
- JSObject* object = asObject(baseValue);
- bool didOptimize = false;
-
- ASSERT(callFrame->bytecodeIndex() != BytecodeIndex(0));
- ASSERT(!byValInfo->stubRoutine);
-
- if (hasOptimizableIndexing(object->structure(vm))) {
- // Attempt to optimize.
- JITArrayMode arrayMode = jitArrayModeForStructure(object->structure(vm));
- if (arrayMode != byValInfo->arrayMode) {
- JIT::compileHasIndexedProperty(vm, callFrame->codeBlock(), byValInfo, ReturnAddressPtr(OUR_RETURN_ADDRESS), arrayMode);
- didOptimize = true;
- }
- }
-
- if (!didOptimize) {
- // If we take slow path more than 10 times without patching then make sure we
- // never make that mistake again. Or, if we failed to patch and we have some object
- // that intercepts indexed get, then don't even wait until 10 times. For cases
- // where we see non-index-intercepting objects, this gives 10 iterations worth of
- // opportunity for us to observe that the get_by_val may be polymorphic.
- if (++byValInfo->slowPathCount >= 10
- || object->structure(vm)->typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero()) {
- // Don't ever try to optimize.
- CodeBlock* codeBlock = callFrame->codeBlock();
- if (codeBlock->useDataIC())
- byValInfo->m_slowOperation = operationHasIndexedPropertyGeneric;
- else
- ctiPatchCallByReturnAddress(ReturnAddressPtr(OUR_RETURN_ADDRESS), operationHasIndexedPropertyGeneric);
- }
- }
-
- uint32_t index = subscript.asUInt32AsAnyInt();
- if (object->canGetIndexQuickly(index))
- return JSValue::encode(JSValue(JSValue::JSTrue));
-
- if (!CommonSlowPaths::canAccessArgumentIndexQuickly(*object, index))
- byValInfo->arrayProfile->setOutOfBounds();
- return JSValue::encode(jsBoolean(object->hasEnumerableProperty(globalObject, index)));
-}
-
-JSC_DEFINE_JIT_OPERATION(operationHasIndexedPropertyGeneric, EncodedJSValue, (JSGlobalObject* globalObject, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ByValInfo* byValInfo))
-{
- VM& vm = globalObject->vm();
- CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
- JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
- JSValue baseValue = JSValue::decode(encodedBase);
- JSValue subscript = JSValue::decode(encodedSubscript);
-
- ASSERT(baseValue.isObject());
- ASSERT(subscript.isUInt32AsAnyInt());
-
- JSObject* object = asObject(baseValue);
- uint32_t index = subscript.asUInt32AsAnyInt();
- if (object->canGetIndexQuickly(index))
- return JSValue::encode(JSValue(JSValue::JSTrue));
-
- if (!CommonSlowPaths::canAccessArgumentIndexQuickly(*object, index))
- byValInfo->arrayProfile->setOutOfBounds();
- return JSValue::encode(jsBoolean(object->hasEnumerableProperty(globalObject, index)));
-}
-
static bool deleteById(JSGlobalObject* globalObject, VM& vm, DeletePropertySlot& slot, JSValue base, const Identifier& ident, ECMAMode ecmaMode)
{
auto scope = DECLARE_THROW_SCOPE(vm);
Modified: trunk/Source/_javascript_Core/jit/JITOperations.h (281221 => 281222)
--- trunk/Source/_javascript_Core/jit/JITOperations.h 2021-08-19 03:40:37 UTC (rev 281221)
+++ trunk/Source/_javascript_Core/jit/JITOperations.h 2021-08-19 03:42:16 UTC (rev 281222)
@@ -263,8 +263,6 @@
JSC_DECLARE_JIT_OPERATION(operationGetByValOptimize, EncodedJSValue, (JSGlobalObject*, StructureStubInfo*, ArrayProfile*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript));
JSC_DECLARE_JIT_OPERATION(operationGetByValGeneric, EncodedJSValue, (JSGlobalObject*, StructureStubInfo*, ArrayProfile*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript));
JSC_DECLARE_JIT_OPERATION(operationGetByVal, EncodedJSValue, (JSGlobalObject*, EncodedJSValue encodedBase, EncodedJSValue encodedProperty));
-JSC_DECLARE_JIT_OPERATION(operationHasIndexedPropertyDefault, EncodedJSValue, (JSGlobalObject*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ByValInfo*));
-JSC_DECLARE_JIT_OPERATION(operationHasIndexedPropertyGeneric, EncodedJSValue, (JSGlobalObject*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript, ByValInfo*));
JSC_DECLARE_JIT_OPERATION(operationDeleteByIdOptimize, size_t, (JSGlobalObject*, StructureStubInfo*, EncodedJSValue base, uintptr_t, ECMAMode));
JSC_DECLARE_JIT_OPERATION(operationDeleteByIdGeneric, size_t, (JSGlobalObject*, StructureStubInfo*, EncodedJSValue base, uintptr_t, ECMAMode));
JSC_DECLARE_JIT_OPERATION(operationDeleteByValOptimize, size_t, (JSGlobalObject*, StructureStubInfo*, EncodedJSValue base, EncodedJSValue target, ECMAMode));
Modified: trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp (281221 => 281222)
--- trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2021-08-19 03:40:37 UTC (rev 281221)
+++ trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2021-08-19 03:42:16 UTC (rev 281222)
@@ -3454,115 +3454,6 @@
template void JIT::privateCompilePutByValWithCachedId<OpPutByVal>(ByValInfo*, ReturnAddressPtr, PutKind, CacheableIdentifier);
template void JIT::privateCompilePutByValWithCachedId<OpPutByValDirect>(ByValInfo*, ReturnAddressPtr, PutKind, CacheableIdentifier);
-JIT::JumpList JIT::emitDoubleLoad(const Instruction*, PatchableJump& badType, ByValInfo* byValInfo)
-{
-#if USE(JSVALUE64)
- RegisterID base = regT0;
- RegisterID property = regT1;
- RegisterID indexing = regT2;
- RegisterID scratch = regT3;
-#else
- RegisterID base = regT0;
- RegisterID property = regT2;
- RegisterID indexing = regT1;
- RegisterID scratch = regT3;
-#endif
-
- JumpList slowCases;
-
- if (JITCode::useDataIC(JITType::BaselineJIT)) {
- if (byValInfo) {
- auto isCorrectType = branch32(Equal, indexing, TrustedImm32(DoubleShape));
- farJump(AbsoluteAddress(&byValInfo->m_badTypeJumpTarget), JITStubRoutinePtrTag);
- isCorrectType.link(this);
- } else
- badType = patchableBranch32(NotEqual, indexing, TrustedImm32(DoubleShape));
- } else
- badType = patchableBranch32(NotEqual, indexing, TrustedImm32(DoubleShape));
-
- loadPtr(Address(base, JSObject::butterflyOffset()), scratch);
- slowCases.append(branch32(AboveOrEqual, property, Address(scratch, Butterfly::offsetOfPublicLength())));
- loadDouble(BaseIndex(scratch, property, TimesEight), fpRegT0);
- slowCases.append(branchIfNaN(fpRegT0));
-
- return slowCases;
-}
-
-JIT::JumpList JIT::emitContiguousLoad(const Instruction*, PatchableJump& badType, ByValInfo* byValInfo, IndexingType expectedShape)
-{
-#if USE(JSVALUE64)
- RegisterID base = regT0;
- RegisterID property = regT1;
- RegisterID indexing = regT2;
- JSValueRegs result = JSValueRegs(regT0);
- RegisterID scratch = regT3;
-#else
- RegisterID base = regT0;
- RegisterID property = regT2;
- RegisterID indexing = regT1;
- JSValueRegs result = JSValueRegs(regT1, regT0);
- RegisterID scratch = regT3;
-#endif
-
- JumpList slowCases;
-
- if (JITCode::useDataIC(JITType::BaselineJIT)) {
- if (byValInfo) {
- auto isCorrectType = branch32(Equal, indexing, TrustedImm32(expectedShape));
- farJump(AbsoluteAddress(&byValInfo->m_badTypeJumpTarget), JITStubRoutinePtrTag);
- isCorrectType.link(this);
- } else
- badType = patchableBranch32(NotEqual, indexing, TrustedImm32(expectedShape));
- } else
- badType = patchableBranch32(NotEqual, indexing, TrustedImm32(expectedShape));
-
- loadPtr(Address(base, JSObject::butterflyOffset()), scratch);
- slowCases.append(branch32(AboveOrEqual, property, Address(scratch, Butterfly::offsetOfPublicLength())));
- loadValue(BaseIndex(scratch, property, TimesEight), result);
- slowCases.append(branchIfEmpty(result));
-
- return slowCases;
-}
-
-JIT::JumpList JIT::emitArrayStorageLoad(const Instruction*, PatchableJump& badType, ByValInfo* byValInfo)
-{
-#if USE(JSVALUE64)
- RegisterID base = regT0;
- RegisterID property = regT1;
- RegisterID indexing = regT2;
- JSValueRegs result = JSValueRegs(regT0);
- RegisterID scratch = regT3;
-#else
- RegisterID base = regT0;
- RegisterID property = regT2;
- RegisterID indexing = regT1;
- JSValueRegs result = JSValueRegs(regT1, regT0);
- RegisterID scratch = regT3;
-#endif
-
- JumpList slowCases;
-
- add32(TrustedImm32(-ArrayStorageShape), indexing, scratch);
-
- if (JITCode::useDataIC(JITType::BaselineJIT)) {
- if (byValInfo) {
- auto isCorrectType = branch32(BelowOrEqual, scratch, TrustedImm32(SlowPutArrayStorageShape - ArrayStorageShape));
- farJump(AbsoluteAddress(&byValInfo->m_badTypeJumpTarget), JITStubRoutinePtrTag);
- isCorrectType.link(this);
- } else
- badType = patchableBranch32(Above, scratch, TrustedImm32(SlowPutArrayStorageShape - ArrayStorageShape));
- } else
- badType = patchableBranch32(Above, scratch, TrustedImm32(SlowPutArrayStorageShape - ArrayStorageShape));
-
- loadPtr(Address(base, JSObject::butterflyOffset()), scratch);
- slowCases.append(branch32(AboveOrEqual, property, Address(scratch, ArrayStorage::vectorLengthOffset())));
-
- loadValue(BaseIndex(scratch, property, TimesEight, ArrayStorage::vectorOffset()), result);
- slowCases.append(branchIfEmpty(result));
-
- return slowCases;
-}
-
template<typename Op>
JIT::JumpList JIT::emitIntTypedArrayPutByVal(Op bytecode, PatchableJump& badType, ByValInfo* byValInfo, TypedArrayType type)
{
