Diff
Modified: branches/ftlopt/Source/_javascript_Core/ChangeLog (169863 => 169864)
--- branches/ftlopt/Source/_javascript_Core/ChangeLog 2014-06-12 00:14:27 UTC (rev 169863)
+++ branches/ftlopt/Source/_javascript_Core/ChangeLog 2014-06-12 00:25:01 UTC (rev 169864)
@@ -1,5 +1,53 @@
2014-06-11 Matthew Mirman <[email protected]>
+ Readded native calling to the FTL and Split the DFG nodes
+ Call and Construct into NativeCall and NativeConstruct
+ to better represent their semantics.
+ https://bugs.webkit.org/show_bug.cgi?id=133660
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGAbstractInterpreterInlines.h:
+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+ Added NativeCall and NativeConstruct case
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addCall): added NativeCall case.
+ (JSC::DFG::ByteCodeParser::handleCall):
+ set to return NativeCall or NativeConstruct instead of Call or Construct
+ in the presence of a native function.
+ * dfg/DFGClobberize.h:
+ (JSC::DFG::clobberize): added NativeCall and NativeConstruct case.
+ * dfg/DFGDoesGC.cpp:
+ (JSC::DFG::doesGC): added NativeCall and NativeConstruct case.
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode): added NativeCall and NativeConstruct case.
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasHeapPrediction): added NativeCall and NativeConstruct case.
+ (JSC::DFG::Node::canBeKnownFunction): changed to NativeCall and NativeConstruct.
+ (JSC::DFG::Node::hasKnownFunction): changed to NativeCall and NativeConstruct.
+ * dfg/DFGNodeType.h: added NativeCall and NativeConstruct.
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate): added NativeCall and NativeConstruct case.
+ * dfg/DFGSafeToExecute.h:
+ (JSC::DFG::safeToExecute): added NativeCall and NativeConstruct case.
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall): ditto
+ (JSC::DFG::SpeculativeJIT::compile): ditto
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall): ditto
+ (JSC::DFG::SpeculativeJIT::compile): ditto
+ * ftl/FTLCapabilities.cpp:
+ (JSC::FTL::canCompile): ditto
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::lower): ditto
+ (JSC::FTL::LowerDFGToLLVM::compileNode): ditto.
+ (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct): Added.
+ (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct): removed NativeCall and NativeConstruct functionality.
+ (JSC::FTL::LowerDFGToLLVM::didOverflowStack): added NativeCall and NativeConstruct case.
+ * runtime/JSCJSValue.h: added JS_EXPORT_PRIVATE to toInteger as it is apparently needed.
+
+2014-06-11 Matthew Mirman <[email protected]>
+
Ensured Native Calls and Construct and associated checks
are only emitted during ftl mode.
https://bugs.webkit.org/show_bug.cgi?id=133718
Modified: branches/ftlopt/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h (169863 => 169864)
--- branches/ftlopt/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2014-06-12 00:14:27 UTC (rev 169863)
+++ branches/ftlopt/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2014-06-12 00:25:01 UTC (rev 169864)
@@ -1871,6 +1871,8 @@
case Call:
case Construct:
+ case NativeCall:
+ case NativeConstruct:
node->setCanExit(true);
clobberWorld(node->origin.semantic, clobberLimit);
forNode(node).makeHeapTop();
Modified: branches/ftlopt/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (169863 => 169864)
--- branches/ftlopt/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2014-06-12 00:14:27 UTC (rev 169863)
+++ branches/ftlopt/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2014-06-12 00:25:01 UTC (rev 169864)
@@ -649,7 +649,7 @@
if (parameterSlots > m_parameterSlots)
m_parameterSlots = parameterSlots;
- int dummyThisArgument = op == Call ? 0 : 1;
+ int dummyThisArgument = op == Call || op == NativeCall ? 0 : 1;
for (int i = 0 + dummyThisArgument; i < argCount; ++i)
addVarArgChild(get(virtualRegisterForArgument(i, registerOffset)));
@@ -1068,10 +1068,19 @@
if (function && function->isHostFunction()) {
emitFunctionChecks(callLinkStatus, callTarget, registerOffset, specializationKind);
knownFunction = function;
+
+ if (op == Call)
+ op = NativeCall;
+ else {
+ ASSERT(op == Construct);
+ op = NativeConstruct;
+ }
}
}
-
- addCall(result, op, callTarget, argumentCountIncludingThis, registerOffset)->giveKnownFunction(knownFunction);
+ Node* call = addCall(result, op, callTarget, argumentCountIncludingThis, registerOffset);
+
+ if (knownFunction)
+ call->giveKnownFunction(knownFunction);
}
void ByteCodeParser::emitFunctionChecks(const CallLinkStatus& callLinkStatus, Node* callTarget, int registerOffset, CodeSpecializationKind kind)
Modified: branches/ftlopt/Source/_javascript_Core/dfg/DFGClobberize.h (169863 => 169864)
--- branches/ftlopt/Source/_javascript_Core/dfg/DFGClobberize.h 2014-06-12 00:14:27 UTC (rev 169863)
+++ branches/ftlopt/Source/_javascript_Core/dfg/DFGClobberize.h 2014-06-12 00:25:01 UTC (rev 169864)
@@ -199,6 +199,8 @@
case ArrayPop:
case Call:
case Construct:
+ case NativeCall:
+ case NativeConstruct:
case ToPrimitive:
case In:
case GetMyArgumentsLengthSafe:
Modified: branches/ftlopt/Source/_javascript_Core/dfg/DFGDoesGC.cpp (169863 => 169864)
--- branches/ftlopt/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2014-06-12 00:14:27 UTC (rev 169863)
+++ branches/ftlopt/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2014-06-12 00:25:01 UTC (rev 169864)
@@ -116,6 +116,8 @@
case CompareStrictEq:
case Call:
case Construct:
+ case NativeCall:
+ case NativeConstruct:
case Breakpoint:
case ProfileWillCall:
case ProfileDidCall:
Modified: branches/ftlopt/Source/_javascript_Core/dfg/DFGFixupPhase.cpp (169863 => 169864)
--- branches/ftlopt/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2014-06-12 00:14:27 UTC (rev 169863)
+++ branches/ftlopt/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2014-06-12 00:25:01 UTC (rev 169864)
@@ -1082,6 +1082,8 @@
case AllocationProfileWatchpoint:
case Call:
case Construct:
+ case NativeCall:
+ case NativeConstruct:
case NewObject:
case NewArrayBuffer:
case NewRegexp:
Modified: branches/ftlopt/Source/_javascript_Core/dfg/DFGNode.h (169863 => 169864)
--- branches/ftlopt/Source/_javascript_Core/dfg/DFGNode.h 2014-06-12 00:14:27 UTC (rev 169863)
+++ branches/ftlopt/Source/_javascript_Core/dfg/DFGNode.h 2014-06-12 00:25:01 UTC (rev 169864)
@@ -992,6 +992,8 @@
case GetMyArgumentByValSafe:
case Call:
case Construct:
+ case NativeCall:
+ case NativeConstruct:
case GetByOffset:
case MultiGetByOffset:
case GetClosureVar:
@@ -1022,8 +1024,8 @@
bool canBeKnownFunction()
{
switch (op()) {
- case Construct:
- case Call:
+ case NativeConstruct:
+ case NativeCall:
return true;
default:
return false;
@@ -1033,8 +1035,8 @@
bool hasKnownFunction()
{
switch (op()) {
- case Construct:
- case Call:
+ case NativeConstruct:
+ case NativeCall:
return (bool)m_opInfo;
default:
return false;
Modified: branches/ftlopt/Source/_javascript_Core/dfg/DFGNodeType.h (169863 => 169864)
--- branches/ftlopt/Source/_javascript_Core/dfg/DFGNodeType.h 2014-06-12 00:14:27 UTC (rev 169863)
+++ branches/ftlopt/Source/_javascript_Core/dfg/DFGNodeType.h 2014-06-12 00:25:01 UTC (rev 169864)
@@ -211,6 +211,8 @@
/* Calls. */\
macro(Call, NodeResultJS | NodeMustGenerate | NodeHasVarArgs | NodeClobbersWorld) \
macro(Construct, NodeResultJS | NodeMustGenerate | NodeHasVarArgs | NodeClobbersWorld) \
+ macro(NativeCall, NodeResultJS | NodeMustGenerate | NodeHasVarArgs | NodeClobbersWorld) \
+ macro(NativeConstruct, NodeResultJS | NodeMustGenerate | NodeHasVarArgs | NodeClobbersWorld) \
\
/* Allocations. */\
macro(NewObject, NodeResultJS) \
Modified: branches/ftlopt/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp (169863 => 169864)
--- branches/ftlopt/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp 2014-06-12 00:14:27 UTC (rev 169863)
+++ branches/ftlopt/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp 2014-06-12 00:25:01 UTC (rev 169864)
@@ -182,6 +182,8 @@
case MultiGetByOffset:
case Call:
case Construct:
+ case NativeCall:
+ case NativeConstruct:
case GetGlobalVar:
case GetClosureVar: {
changed |= setPrediction(node->getHeapPrediction());
Modified: branches/ftlopt/Source/_javascript_Core/dfg/DFGSafeToExecute.h (169863 => 169864)
--- branches/ftlopt/Source/_javascript_Core/dfg/DFGSafeToExecute.h 2014-06-12 00:14:27 UTC (rev 169863)
+++ branches/ftlopt/Source/_javascript_Core/dfg/DFGSafeToExecute.h 2014-06-12 00:25:01 UTC (rev 169864)
@@ -255,7 +255,11 @@
case GetGetter:
case GetSetter:
return true;
-
+
+ case NativeCall:
+ case NativeConstruct:
+ return false; // TODO: add a check for already checked. https://bugs.webkit.org/show_bug.cgi?id=133769
+
case GetByVal:
case GetIndexedPropertyStorage:
case GetArrayLength:
Modified: branches/ftlopt/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (169863 => 169864)
--- branches/ftlopt/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2014-06-12 00:14:27 UTC (rev 169863)
+++ branches/ftlopt/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2014-06-12 00:25:01 UTC (rev 169864)
@@ -639,14 +639,15 @@
void SpeculativeJIT::emitCall(Node* node)
{
- if (node->op() != Call)
+ bool isCall = node->op() == Call;
+ if (!isCall)
ASSERT(node->op() == Construct);
// For constructors, the this argument is not passed but we have to make space
// for it.
- int dummyThisArgument = node->op() == Call ? 0 : 1;
+ int dummyThisArgument = isCall ? 0 : 1;
- CallLinkInfo::CallType callType = node->op() == Call ? CallLinkInfo::Call : CallLinkInfo::Construct;
+ CallLinkInfo::CallType callType = isCall ? CallLinkInfo::Call : CallLinkInfo::Construct;
Edge calleeEdge = m_jit.graph().m_varArgChildren[node->firstChild()];
JSValueOperand callee(this, calleeEdge);
@@ -4591,7 +4592,8 @@
// This is a no-op.
noResult(node);
break;
-
+
+
case Unreachable:
RELEASE_ASSERT_NOT_REACHED();
break;
@@ -4610,6 +4612,8 @@
case ArithIMul:
case MultiGetByOffset:
case MultiPutByOffset:
+ case NativeCall:
+ case NativeConstruct:
RELEASE_ASSERT_NOT_REACHED();
break;
}
Modified: branches/ftlopt/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (169863 => 169864)
--- branches/ftlopt/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2014-06-12 00:14:27 UTC (rev 169863)
+++ branches/ftlopt/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2014-06-12 00:25:01 UTC (rev 169864)
@@ -625,14 +625,16 @@
void SpeculativeJIT::emitCall(Node* node)
{
- if (node->op() != Call)
+
+ bool isCall = node->op() == Call;
+ if (!isCall)
RELEASE_ASSERT(node->op() == Construct);
// For constructors, the this argument is not passed but we have to make space
// for it.
- int dummyThisArgument = node->op() == Call ? 0 : 1;
+ int dummyThisArgument = isCall ? 0 : 1;
- CallLinkInfo::CallType callType = node->op() == Call ? CallLinkInfo::Call : CallLinkInfo::Construct;
+ CallLinkInfo::CallType callType = isCall ? CallLinkInfo::Call : CallLinkInfo::Construct;
Edge calleeEdge = m_jit.graph().m_varArgChildren[node->firstChild()];
JSValueOperand callee(this, calleeEdge);
@@ -4654,7 +4656,9 @@
RELEASE_ASSERT_NOT_REACHED();
break;
#endif // ENABLE(FTL_JIT)
-
+
+ case NativeCall:
+ case NativeConstruct:
case LastNodeType:
case Phi:
case Upsilon:
Modified: branches/ftlopt/Source/_javascript_Core/ftl/FTLCapabilities.cpp (169863 => 169864)
--- branches/ftlopt/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2014-06-12 00:14:27 UTC (rev 169863)
+++ branches/ftlopt/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2014-06-12 00:25:01 UTC (rev 169864)
@@ -118,6 +118,8 @@
case StoreBarrierWithNullCheck:
case Call:
case Construct:
+ case NativeCall:
+ case NativeConstruct:
case ValueToInt32:
case Branch:
case LogicalNot:
Modified: branches/ftlopt/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp (169863 => 169864)
--- branches/ftlopt/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2014-06-12 00:14:27 UTC (rev 169863)
+++ branches/ftlopt/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2014-06-12 00:25:01 UTC (rev 169864)
@@ -154,13 +154,8 @@
Node* m_node = block->at(nodeIndex);
if (m_node->hasKnownFunction()) {
int numArgs = m_node->numChildren();
- NativeFunction func = m_node->knownFunction()->nativeFunction();
- Dl_info info;
- if (dladdr((void*)func, &info)) {
- LValue callee = getFunctionBySymbol(info.dli_sname);
- if (callee && numArgs > maxNumberOfArguments)
- maxNumberOfArguments = numArgs;
- }
+ if (numArgs > maxNumberOfArguments)
+ maxNumberOfArguments = numArgs;
}
}
}
@@ -634,6 +629,10 @@
case Construct:
compileCallOrConstruct();
break;
+ case NativeCall:
+ case NativeConstruct:
+ compileNativeCallOrConstruct();
+ break;
case Jump:
compileJump();
break;
@@ -3577,16 +3576,66 @@
setBoolean(m_out.bitNot(boolify(m_node->child1())));
}
+ void compileNativeCallOrConstruct()
+ {
+ int dummyThisArgument = m_node->op() == NativeCall ? 0 : 1;
+ int numPassedArgs = m_node->numChildren() - 1;
+ int numArgs = numPassedArgs + dummyThisArgument;
+
+ ASSERT(m_node->hasKnownFunction());
+
+ JSFunction* knownFunction = m_node->knownFunction();
+ NativeFunction function = knownFunction->nativeFunction();
+
+ Dl_info info;
+ if (!dladdr((void*)function, &info))
+ ASSERT(false); // if we couldn't find the native function this doesn't bode well.
+
+ LValue callee = getFunctionBySymbol(info.dli_sname);
+
+ bool notInlinable;
+ if ((notInlinable = !callee))
+ callee = m_out.operation(function);
+
+ JSScope* scope = knownFunction->scopeUnchecked();
+ m_out.storePtr(m_callFrame, m_execStorage, m_heaps.CallFrame_callerFrame);
+ m_out.storePtr(constNull(m_out.intPtr), addressFor(m_execStorage, JSStack::CodeBlock));
+ m_out.storePtr(weakPointer(scope), addressFor(m_execStorage, JSStack::ScopeChain));
+ m_out.storePtr(weakPointer(knownFunction), addressFor(m_execStorage, JSStack::Callee));
+
+ m_out.store64(m_out.constInt64(numArgs), addressFor(m_execStorage, JSStack::ArgumentCount));
+
+ if (dummyThisArgument)
+ m_out.storePtr(getUndef(m_out.int64), addressFor(m_execStorage, JSStack::ThisArgument));
+
+ for (int i = 0; i < numPassedArgs; ++i) {
+ m_out.storePtr(lowJSValue(m_graph.varArgChild(m_node, 1 + i)),
+ addressFor(m_execStorage, dummyThisArgument ? JSStack::FirstArgument : JSStack::ThisArgument, i * sizeof(Register)));
+ }
+
+ LValue calleeCallFrame = m_out.address(m_execState, m_heaps.CallFrame_callerFrame).value();
+ m_out.storePtr(m_out.ptrToInt(calleeCallFrame, m_out.intPtr), m_out.absolute(&vm().topCallFrame));
+
+ LType typeCalleeArg;
+ getParamTypes(getElementType(typeOf(callee)), &typeCalleeArg);
+
+ LValue argument = notInlinable
+ ? m_out.ptrToInt(calleeCallFrame, typeCalleeArg)
+ : m_out.bitCast(calleeCallFrame, typeCalleeArg);
+ LValue call = vmCall(callee, argument);
+
+ if (Options::verboseCompilation())
+ dataLog("Native calling: ", info.dli_sname, "\n");
+
+ setJSValue(call);
+ }
+
void compileCallOrConstruct()
{
int dummyThisArgument = m_node->op() == Call ? 0 : 1;
int numPassedArgs = m_node->numChildren() - 1;
int numArgs = numPassedArgs + dummyThisArgument;
- if (m_node->hasKnownFunction()
- && possiblyCompileInlineableNativeCall(dummyThisArgument, numPassedArgs, numArgs))
- return;
-
LValue jsCallee = lowJSValue(m_graph.varArgChild(m_node, 0));
unsigned stackmapID = m_stackmapIDs++;
@@ -3967,50 +4016,6 @@
#endif
}
- bool possiblyCompileInlineableNativeCall(int dummyThisArgument, int numPassedArgs, int numArgs)
- {
- JSFunction* knownFunction = m_node->knownFunction();
- NativeFunction function = knownFunction->nativeFunction();
- Dl_info info;
- if (dladdr((void*)function, &info)) {
- LValue callee = getFunctionBySymbol(info.dli_sname);
- LType typeCallee;
- if (callee && (typeCallee = typeOf(callee)) && (typeCallee = getElementType(typeCallee))) {
-
- JSScope* scope = knownFunction->scopeUnchecked();
- m_out.storePtr(m_callFrame, m_execStorage, m_heaps.CallFrame_callerFrame);
- m_out.storePtr(constNull(m_out.intPtr), addressFor(m_execStorage, JSStack::CodeBlock));
- m_out.storePtr(weakPointer(scope), addressFor(m_execStorage, JSStack::ScopeChain));
- m_out.storePtr(weakPointer(knownFunction), addressFor(m_execStorage, JSStack::Callee));
-
- m_out.store64(m_out.constInt64(numArgs), addressFor(m_execStorage, JSStack::ArgumentCount));
-
- if (dummyThisArgument)
- m_out.storePtr(getUndef(m_out.int64), addressFor(m_execStorage, JSStack::ThisArgument));
-
- for (int i = 0; i < numPassedArgs; ++i) {
- m_out.storePtr(lowJSValue(m_graph.varArgChild(m_node, 1 + i)),
- addressFor(m_execStorage, dummyThisArgument ? JSStack::FirstArgument : JSStack::ThisArgument, i * sizeof(Register)));
- }
-
- LType typeCalleeArg;
- getParamTypes(typeCallee, &typeCalleeArg);
- LValue calleeCallFrame = m_out.address(m_execState, m_heaps.CallFrame_callerFrame).value();
- m_out.storePtr(m_out.ptrToInt(calleeCallFrame, m_out.intPtr), m_out.absolute(&vm().topCallFrame));
-
- LValue call = vmCall(callee,
- m_out.bitCast(calleeCallFrame, typeCalleeArg));
-
- if (Options::verboseCompilation())
- dataLog("Inlining: ", info.dli_sname, "\n");
-
- setJSValue(call);
- return true;
- }
- }
- return false;
- }
-
LValue getFunctionBySymbol(const CString symbol)
{
if (!m_ftlState.symbolTable.contains(symbol))
@@ -4142,6 +4147,8 @@
case PutById:
case Call:
case Construct:
+ case NativeCall:
+ case NativeConstruct:
return m_out.below(
m_callFrame,
m_out.loadPtr(
Modified: branches/ftlopt/Source/_javascript_Core/runtime/JSCJSValue.h (169863 => 169864)
--- branches/ftlopt/Source/_javascript_Core/runtime/JSCJSValue.h 2014-06-12 00:14:27 UTC (rev 169863)
+++ branches/ftlopt/Source/_javascript_Core/runtime/JSCJSValue.h 2014-06-12 00:25:01 UTC (rev 169864)
@@ -241,7 +241,7 @@
JSObject* toObject(ExecState*, JSGlobalObject*) const;
// Integer conversions.
- double toInteger(ExecState*) const;
+ JS_EXPORT_PRIVATE double toInteger(ExecState*) const;
JS_EXPORT_PRIVATE double toIntegerPreserveNaN(ExecState*) const;
int32_t toInt32(ExecState*) const;
uint32_t toUInt32(ExecState*) const;
