[webkit-changes] [281618] trunk/Source/JavaScriptCore

Thu, 26 Aug 2021 03:14:15 -0700

Title: [281618] trunk/Source/_javascript_Core
Revision
281618
Author
[email protected]
Date
2021-08-26 03:13:27 -0700 (Thu, 26 Aug 2021)

Log Message

[JSC] DataIC should not embed StructureStubInfo pointer
https://bugs.webkit.org/show_bug.cgi?id=229541

Reviewed by Mark Lam.

We should not embed pointer to StructureStubInfo::countdown if DataIC is used.

* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::store8):
* bytecode/PolymorphicAccess.cpp:
(JSC::PolymorphicAccess::regenerate):
* bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::offsetOfCountdown):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (281617 => 281618)


--- trunk/Source/_javascript_Core/ChangeLog	2021-08-26 09:29:59 UTC (rev 281617)
+++ trunk/Source/_javascript_Core/ChangeLog	2021-08-26 10:13:27 UTC (rev 281618)
@@ -1,3 +1,19 @@
+2021-08-26  Yusuke Suzuki  <[email protected]>
+
+        [JSC] DataIC should not embed StructureStubInfo pointer
+        https://bugs.webkit.org/show_bug.cgi?id=229541
+
+        Reviewed by Mark Lam.
+
+        We should not embed pointer to StructureStubInfo::countdown if DataIC is used.
+
+        * assembler/MacroAssemblerMIPS.h:
+        (JSC::MacroAssemblerMIPS::store8):
+        * bytecode/PolymorphicAccess.cpp:
+        (JSC::PolymorphicAccess::regenerate):
+        * bytecode/StructureStubInfo.h:
+        (JSC::StructureStubInfo::offsetOfCountdown):
+
 2021-08-25  Yusuke Suzuki  <[email protected]>
 
         [JSC] Polymorphic PutByVal

Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerMIPS.h (281617 => 281618)


--- trunk/Source/_javascript_Core/assembler/MacroAssemblerMIPS.h	2021-08-26 09:29:59 UTC (rev 281617)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerMIPS.h	2021-08-26 10:13:27 UTC (rev 281618)
@@ -1327,6 +1327,23 @@
         return dataLabel;
     }
 
+    void store8(RegisterID src, ImplicitAddress address)
+    {
+        if (address.offset >= -32768 && address.offset <= 32767
+            && !m_fixedWidth)
+            m_assembler.sb(src, address.base, address.offset);
+        else {
+            /*
+                lui     addrTemp, (offset + 0x8000) >> 16
+                addu    addrTemp, addrTemp, base
+                sb      src, (offset & 0xffff)(addrTemp)
+              */
+            m_assembler.lui(addrTempRegister, (address.offset + 0x8000) >> 16);
+            m_assembler.addu(addrTempRegister, addrTempRegister, address.base);
+            m_assembler.sb(src, addrTempRegister, address.offset);
+        }
+    }
+
     void store8(RegisterID src, BaseIndex address)
     {
         if (!m_fixedWidth) {

Modified: trunk/Source/_javascript_Core/bytecode/PolymorphicAccess.cpp (281617 => 281618)


--- trunk/Source/_javascript_Core/bytecode/PolymorphicAccess.cpp	2021-08-26 09:29:59 UTC (rev 281617)
+++ trunk/Source/_javascript_Core/bytecode/PolymorphicAccess.cpp	2021-08-26 10:13:27 UTC (rev 281618)
@@ -735,14 +735,24 @@
         // of something that isn't patchable. The slow path will decrement "countdown" and will only
         // patch things if the countdown reaches zero. We increment the slow path count here to ensure
         // that the slow path does not try to patch.
+        if (codeBlock->useDataIC()) {
 #if CPU(X86) || CPU(X86_64)
-        jit.move(CCallHelpers::TrustedImmPtr(&stubInfo.countdown), state.scratchGPR);
-        jit.add8(CCallHelpers::TrustedImm32(1), CCallHelpers::Address(state.scratchGPR));
+            jit.add8(CCallHelpers::TrustedImm32(1), CCallHelpers::Address(stubInfo.m_stubInfoGPR, StructureStubInfo::offsetOfCountdown()));
 #else
-        jit.load8(&stubInfo.countdown, state.scratchGPR);
-        jit.add32(CCallHelpers::TrustedImm32(1), state.scratchGPR);
-        jit.store8(state.scratchGPR, &stubInfo.countdown);
+            jit.load8(CCallHelpers::Address(stubInfo.m_stubInfoGPR, StructureStubInfo::offsetOfCountdown()), state.scratchGPR);
+            jit.add32(CCallHelpers::TrustedImm32(1), state.scratchGPR);
+            jit.store8(state.scratchGPR, CCallHelpers::Address(stubInfo.m_stubInfoGPR, StructureStubInfo::offsetOfCountdown()));
 #endif
+        } else {
+#if CPU(X86) || CPU(X86_64)
+            jit.move(CCallHelpers::TrustedImmPtr(&stubInfo.countdown), state.scratchGPR);
+            jit.add8(CCallHelpers::TrustedImm32(1), CCallHelpers::Address(state.scratchGPR));
+#else
+            jit.load8(&stubInfo.countdown, state.scratchGPR);
+            jit.add32(CCallHelpers::TrustedImm32(1), state.scratchGPR);
+            jit.store8(state.scratchGPR, &stubInfo.countdown);
+#endif
+        }
     }
 
     CCallHelpers::JumpList failure;

Modified: trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h (281617 => 281618)


--- trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h	2021-08-26 09:29:59 UTC (rev 281617)
+++ trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h	2021-08-26 10:13:27 UTC (rev 281618)
@@ -354,6 +354,7 @@
     static ptrdiff_t offsetOfCodePtr() { return OBJECT_OFFSETOF(StructureStubInfo, m_codePtr); }
     static ptrdiff_t offsetOfSlowPathStartLocation() { return OBJECT_OFFSETOF(StructureStubInfo, slowPathStartLocation); }
     static ptrdiff_t offsetOfSlowOperation() { return OBJECT_OFFSETOF(StructureStubInfo, m_slowOperation); }
+    static ptrdiff_t offsetOfCountdown() { return OBJECT_OFFSETOF(StructureStubInfo, countdown); }
 
     RegisterSet usedRegisters;
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to