WebKit Bugzilla
Attachment 341446 Details for
Bug 164904
: We should support CreateThis in the FTL
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
attempting a fix
blah.patch (text/plain), 28.89 KB, created by
Filip Pizlo
on 2018-05-27 22:15:36 PDT
(
hide
)
Description:
attempting a fix
Filename:
MIME Type:
Creator:
Filip Pizlo
Created:
2018-05-27 22:15:36 PDT
Size:
28.89 KB
patch
obsolete
>Index: Source/JavaScriptCore/bytecode/CallLinkStatus.cpp >=================================================================== >--- Source/JavaScriptCore/bytecode/CallLinkStatus.cpp (revision 232227) >+++ Source/JavaScriptCore/bytecode/CallLinkStatus.cpp (working copy) >@@ -327,6 +327,15 @@ void CallLinkStatus::makeClosureCall() > m_variants = despecifiedVariantList(m_variants); > } > >+bool CallLinkStatus::finalize() >+{ >+ for (CallVariant& variant : m_variants) { >+ if (!variant.finalize()) >+ return false; >+ } >+ return true; >+} >+ > void CallLinkStatus::dump(PrintStream& out) const > { > if (!isSet()) { >Index: Source/JavaScriptCore/bytecode/CallLinkStatus.h >=================================================================== >--- Source/JavaScriptCore/bytecode/CallLinkStatus.h (revision 232227) >+++ Source/JavaScriptCore/bytecode/CallLinkStatus.h (working copy) >@@ -110,6 +110,8 @@ public: > > unsigned maxNumArguments() const { return m_maxNumArguments; } > >+ bool finalize(); >+ > void dump(PrintStream&) const; > > private: >Index: Source/JavaScriptCore/bytecode/CallVariant.cpp >=================================================================== >--- Source/JavaScriptCore/bytecode/CallVariant.cpp (revision 232227) >+++ Source/JavaScriptCore/bytecode/CallVariant.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2014, 2015 Apple Inc. All rights reserved. >+ * Copyright (C) 2014-2018 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -31,6 +31,13 @@ > > namespace JSC { > >+bool CallVariant::finalize() >+{ >+ if (m_callee && !Heap::isMarked(m_callee)) >+ return false; >+ return true; >+} >+ > void CallVariant::dump(PrintStream& out) const > { > if (!*this) { >Index: Source/JavaScriptCore/bytecode/CallVariant.h >=================================================================== >--- Source/JavaScriptCore/bytecode/CallVariant.h (revision 232227) >+++ Source/JavaScriptCore/bytecode/CallVariant.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2014, 2015 Apple Inc. All rights reserved. >+ * Copyright (C) 2014-2018 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -136,6 +136,8 @@ public: > return nullptr; > } > >+ bool finalize(); >+ > void dump(PrintStream& out) const; > > bool isHashTableDeletedValue() const >Index: Source/JavaScriptCore/bytecode/CodeBlock.cpp >=================================================================== >--- Source/JavaScriptCore/bytecode/CodeBlock.cpp (revision 232227) >+++ Source/JavaScriptCore/bytecode/CodeBlock.cpp (working copy) >@@ -1166,6 +1166,9 @@ void CodeBlock::propagateTransitions(con > #if ENABLE(DFG_JIT) > if (JITCode::isOptimizingJIT(jitType())) { > DFG::CommonData* dfgCommon = m_jitCode->dfgCommon(); >+ >+ dfgCommon->recordedStatuses.markIfCheap(visitor); >+ > for (auto& weakReference : dfgCommon->weakStructureReferences) > weakReference->markIfCheap(visitor); > >@@ -1397,6 +1400,11 @@ void CodeBlock::finalizeUnconditionally( > finalizeBaselineJITInlineCaches(); > #endif > >+ if (JITCode::isOptimizingJIT(jitType())) { >+ DFG::CommonData* dfgCommon = m_jitCode->dfgCommon(); >+ dfgCommon->recordedStatuses.finalize(); >+ } >+ > VM::SpaceAndFinalizerSet::finalizerSetFor(*subspace()).remove(this); > } > >Index: Source/JavaScriptCore/bytecode/GetByIdStatus.cpp >=================================================================== >--- Source/JavaScriptCore/bytecode/GetByIdStatus.cpp (revision 232227) >+++ Source/JavaScriptCore/bytecode/GetByIdStatus.cpp (working copy) >@@ -116,9 +116,13 @@ GetByIdStatus GetByIdStatus::computeFor( > locker, profiledBlock, map.get(CodeOrigin(bytecodeIndex)), uid, > CallLinkStatus::computeExitSiteData(profiledBlock, bytecodeIndex)); > >+ if (bytecodeIndex == 20) >+ dataLog("Result: ", result, "\n"); >+ > if (!result.takesSlowPath() >+ && bytecodeIndex != 20 > && hasExitSite(profiledBlock, bytecodeIndex)) >- return GetByIdStatus(result.makesCalls() ? MakesCalls : TakesSlowPath, true); >+ return result.slowVersion(); > #else > UNUSED_PARAM(map); > #endif >@@ -137,7 +141,7 @@ GetByIdStatus GetByIdStatus::computeForS > CallLinkStatus::computeExitSiteData(profiledBlock, codeOrigin.bytecodeIndex)); > > if (!result.takesSlowPath() && GetByIdStatus::hasExitSite(profiledBlock, codeOrigin.bytecodeIndex)) >- return GetByIdStatus(result.makesCalls() ? GetByIdStatus::MakesCalls : GetByIdStatus::TakesSlowPath, true); >+ return result.slowVersion(); > return result; > } > #endif // ENABLE(DFG_JIT) >@@ -170,8 +174,11 @@ GetByIdStatus GetByIdStatus::computeForS > } > } > >- if (stubInfo->tookSlowPath) >+ if (stubInfo->tookSlowPath) { >+ if (stubInfo->codeOrigin.bytecodeIndex == 20) >+ dataLog("Stub info took slow path.\n"); > return GetByIdStatus(slowPathState); >+ } > > // Finally figure out if we can derive an access strategy. > GetByIdStatus result; >@@ -332,12 +339,15 @@ GetByIdStatus GetByIdStatus::computeFor( > result = computeForStubInfoWithoutExitSiteFeedback( > locker, dfgBlock, dfgMap.get(codeOrigin), uid, exitSiteData); > } >+ >+ if (false && codeOrigin.bytecodeIndex == 20) >+ dataLog("In ", pointerDump(profiledBlock), " ", codeOrigin, ": DFG saw: ", result, "\n"); > > if (result.takesSlowPath()) > return result; > >- if (hasExitSite(profiledBlock, codeOrigin.bytecodeIndex)) >- return GetByIdStatus(TakesSlowPath, true); >+ if (codeOrigin.bytecodeIndex != 20 && hasExitSite(profiledBlock, codeOrigin.bytecodeIndex)) >+ return result.slowVersion(); > > if (result.isSet()) > return result; >@@ -346,7 +356,10 @@ GetByIdStatus GetByIdStatus::computeFor( > UNUSED_PARAM(dfgBlock); > UNUSED_PARAM(dfgMap); > #endif >- >+ >+ if (dfgBlock && codeOrigin.bytecodeIndex == 20) >+ dataLog("In ", pointerDump(profiledBlock), " ", codeOrigin, ": Going with what baseline saw.\n"); >+ > return computeFor(profiledBlock, baselineMap, codeOrigin.bytecodeIndex, uid); > } > >@@ -414,6 +427,11 @@ bool GetByIdStatus::makesCalls() const > return false; > } > >+GetByIdStatus GetByIdStatus::slowVersion() const >+{ >+ return GetByIdStatus(makesCalls() ? MakesCalls : TakesSlowPath, wasSeenInJIT()); >+} >+ > void GetByIdStatus::filter(const StructureSet& set) > { > if (m_state != Simple) >@@ -423,6 +441,25 @@ void GetByIdStatus::filter(const Structu > m_state = NoInformation; > } > >+void GetByIdStatus::markIfCheap(SlotVisitor& visitor) >+{ >+ for (GetByIdVariant& variant : m_variants) >+ variat.markIfCheap(visitor); >+} >+ >+bool GetByIdStatus::finalize() >+{ >+ for (GetByIdVariant& variant : m_variants) { >+ if (!variant.finalize()) >+ return false; >+ } >+ if (m_moduleNamespaceObject && !Heap::isMarked(m_moduleNamespaceObject)) >+ return false; >+ if (m_moduleEnvironment && !Heap::isMarked(m_moduleEnvironment)) >+ return false; >+ return true; >+} >+ > void GetByIdStatus::dump(PrintStream& out) const > { > out.print("("); >Index: Source/JavaScriptCore/bytecode/GetByIdStatus.h >=================================================================== >--- Source/JavaScriptCore/bytecode/GetByIdStatus.h (revision 232227) >+++ Source/JavaScriptCore/bytecode/GetByIdStatus.h (working copy) >@@ -106,6 +106,8 @@ public: > bool takesSlowPath() const { return m_state == TakesSlowPath || m_state == MakesCalls || m_state == Custom || m_state == ModuleNamespace; } > bool makesCalls() const; > >+ GetByIdStatus slowVersion() const; >+ > bool wasSeenInJIT() const { return m_wasSeenInJIT; } > > // Attempts to reduce the set of variants to fit the given structure set. This may be approximate. >@@ -115,6 +117,9 @@ public: > JSModuleEnvironment* moduleEnvironment() const { return m_moduleEnvironment; } > ScopeOffset scopeOffset() const { return m_scopeOffset; } > >+ void markIfCheap(SlotVisitor&); >+ bool finalize(); // Return true if this gets to live. >+ > void dump(PrintStream&) const; > > private: >Index: Source/JavaScriptCore/bytecode/GetByIdVariant.cpp >=================================================================== >--- Source/JavaScriptCore/bytecode/GetByIdVariant.cpp (revision 232227) >+++ Source/JavaScriptCore/bytecode/GetByIdVariant.cpp (working copy) >@@ -135,6 +135,24 @@ bool GetByIdVariant::attemptToMerge(cons > return true; > } > >+void GetByIdVariant::markIfCheap(SlotVisitor& visitor) >+{ >+ m_structureSet.markIfCheap(visitor); >+} >+ >+bool GetByIdVariant::finalize() >+{ >+ if (!m_structureSet.isStillAlive()) >+ return false; >+ if (!m_conditionSet.areStillLive()) >+ return false; >+ if (m_callLinkStatus && !m_callLinkStatus->finalize()) >+ return false; >+ if (m_intrinsicFunction && !Heap::isMarked(m_intrinsicFunction)) >+ return false; >+ return true; >+} >+ > void GetByIdVariant::dump(PrintStream& out) const > { > dumpInContext(out, 0); >Index: Source/JavaScriptCore/bytecode/GetByIdVariant.h >=================================================================== >--- Source/JavaScriptCore/bytecode/GetByIdVariant.h (revision 232227) >+++ Source/JavaScriptCore/bytecode/GetByIdVariant.h (working copy) >@@ -73,6 +73,9 @@ public: > > bool attemptToMerge(const GetByIdVariant& other); > >+ void markIfCheap(SlotVisitor&); >+ bool finalize(); >+ > void dump(PrintStream&) const; > void dumpInContext(PrintStream&, DumpContext*) const; > >Index: Source/JavaScriptCore/bytecode/PutByIdStatus.cpp >=================================================================== >--- Source/JavaScriptCore/bytecode/PutByIdStatus.cpp (revision 232227) >+++ Source/JavaScriptCore/bytecode/PutByIdStatus.cpp (working copy) >@@ -398,6 +398,21 @@ bool PutByIdStatus::makesCalls() const > return false; > } > >+void PutByIdStatus::markIfCheap(SlotVisitor& visitor) >+{ >+ for (PutByIdVariant& variant : m_variants) >+ variant.markIfCheap(visitor); >+} >+ >+bool PutByIdStatus::finalize() >+{ >+ for (PutByIdVariant& variant : m_variants) { >+ if (!variant.finalize()) >+ return false; >+ } >+ return true; >+} >+ > void PutByIdStatus::dump(PrintStream& out) const > { > switch (m_state) { >Index: Source/JavaScriptCore/bytecode/PutByIdStatus.h >=================================================================== >--- Source/JavaScriptCore/bytecode/PutByIdStatus.h (revision 232227) >+++ Source/JavaScriptCore/bytecode/PutByIdStatus.h (working copy) >@@ -91,6 +91,9 @@ public: > const PutByIdVariant& at(size_t index) const { return m_variants[index]; } > const PutByIdVariant& operator[](size_t index) const { return at(index); } > >+ void markIfCheap(SlotVisitor&); >+ bool finalize(); >+ > void dump(PrintStream&) const; > > private: >Index: Source/JavaScriptCore/bytecode/PutByIdVariant.cpp >=================================================================== >--- Source/JavaScriptCore/bytecode/PutByIdVariant.cpp (revision 232227) >+++ Source/JavaScriptCore/bytecode/PutByIdVariant.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2014, 2015 Apple Inc. All rights reserved. >+ * Copyright (C) 2014-2018 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -206,6 +206,26 @@ bool PutByIdVariant::attemptToMergeTrans > return true; > } > >+void PutByIdVariant::markIfCheap(SlotVisitor& visitor) >+{ >+ m_oldStructure.markIfCheap(visitor); >+ if (m_newStructure) >+ m_newStructure->markIfCheap(visitor); >+} >+ >+bool PutByIdVariant::finalize() >+{ >+ if (!m_oldStructure.isStillAlive(visitor)) >+ return false; >+ if (m_newStructure && !Heap::isMarked(m_newStructure)) >+ return false; >+ if (!m_conditionSet.areStillLive()) >+ return false; >+ if (m_callLinkStatus && !m_callLinkStatus->finalize()) >+ return false; >+ return true; >+} >+ > void PutByIdVariant::dump(PrintStream& out) const > { > dumpInContext(out, 0); >Index: Source/JavaScriptCore/bytecode/PutByIdVariant.h >=================================================================== >--- Source/JavaScriptCore/bytecode/PutByIdVariant.h (revision 232227) >+++ Source/JavaScriptCore/bytecode/PutByIdVariant.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2014, 2015 Apple Inc. All rights reserved. >+ * Copyright (C) 2014-2018 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -129,6 +129,9 @@ public: > > bool attemptToMerge(const PutByIdVariant& other); > >+ void markIfCheap(SlotVisitor&); >+ bool finalize(); >+ > void dump(PrintStream&) const; > void dumpInContext(PrintStream&, DumpContext*) const; > >@@ -137,7 +140,7 @@ private: > > Kind m_kind; > StructureSet m_oldStructure; >- Structure* m_newStructure; >+ Structure* m_newStructure { nullptr }; > ObjectPropertyConditionSet m_conditionSet; > PropertyOffset m_offset; > InferredType::Descriptor m_requiredType; >Index: Source/JavaScriptCore/bytecode/RecordedStatuses.h >=================================================================== >--- Source/JavaScriptCore/bytecode/RecordedStatuses.h (nonexistent) >+++ Source/JavaScriptCore/bytecode/RecordedStatuses.h (working copy) >@@ -0,0 +1,71 @@ >+/* >+ * Copyright (C) 2018 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#pragma once >+ >+#include "GetByIdStatus.h" >+#include "PutByIdStatus.h" >+ >+namespace JSC { >+ >+struct RecordedStatuses { >+ void addGetByIdStatus(const CodeOrigin& codeOrigin, const GetByIdStatus& status) >+ { >+ gets.append(std::make_pair(codeOrigin, status)); >+ } >+ >+ void addPutByIdStatus(const CodeOrigin& codeOrigin, const PutByIdStatus& status) >+ { >+ puts.append(std::make_pair(codeOrigin, status)); >+ } >+ >+ void markIfCheap(SlotVisitor& slotVisitor) >+ { >+ for (auto& pair : gets) >+ pair.second.markIfCheap(slotVisitor); >+ for (auto& pair : puts) >+ pair.second.markIfCheap(slotVisitor); >+ } >+ >+ void finalize() >+ { >+ gets.removeAllMatching( >+ [&] (auto& pair) -> bool { >+ return !pair.second.finalize(); >+ }); >+ gets.shrinkToFit(); >+ puts.removeAllMatching( >+ [&] (auto& pair) -> bool { >+ return !pair.second.finalize(); >+ }); >+ puts.shrinkToFit(); >+ } >+ >+ Vector<std::pair<CodeOrigin, GetByIdStatus>> gets; >+ Vector<std::pair<CodeOrigin, PutByIdStatus>> puts; >+}; >+ >+} // namespace JSC >+ >Index: Source/JavaScriptCore/bytecode/StructureSet.cpp >=================================================================== >--- Source/JavaScriptCore/bytecode/StructureSet.cpp (revision 232227) >+++ Source/JavaScriptCore/bytecode/StructureSet.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2014, 2015 Apple Inc. All rights reserved. >+ * Copyright (C) 2014-2018 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -31,6 +31,21 @@ > > namespace JSC { > >+void StructureSet::markIfCheap(SlotVisitor& visitor) const >+{ >+ for (Structure* structure : *this) >+ structure->markIfCheap(visitor); >+} >+ >+bool StructureSet::isStillAlive() const >+{ >+ for (Structure* structure : *this) { >+ if (!Heap::isMarked(structure)) >+ return false; >+ } >+ return true; >+} >+ > void StructureSet::dumpInContext(PrintStream& out, DumpContext* context) const > { > CommaPrinter comma; >Index: Source/JavaScriptCore/bytecode/StructureSet.h >=================================================================== >--- Source/JavaScriptCore/bytecode/StructureSet.h (revision 232227) >+++ Source/JavaScriptCore/bytecode/StructureSet.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2011, 2013-2015 Apple Inc. All rights reserved. >+ * Copyright (C) 2011-2018 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -58,6 +58,9 @@ public: > { > return onlyEntry(); > } >+ >+ void markIfCheap(SlotVisitor&) const; >+ bool isStillAlive() const; > > void dumpInContext(PrintStream&, DumpContext*) const; > void dump(PrintStream&) const; >Index: Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp >=================================================================== >--- Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (revision 232227) >+++ Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (working copy) >@@ -4009,7 +4009,12 @@ void ByteCodeParser::handleGetById( > > if (getByIdStatus.numVariants() > 1) { > if (getByIdStatus.makesCalls() || !isFTL(m_graph.m_plan.mode) >- || !Options::usePolymorphicAccessInlining()) { >+ || !Options::usePolymorphicAccessInlining() >+ || getByIdStatus.numVariants() > Options::maxPolymorphicAccessInliningListSize()) { >+ if (false && getByIdStatus.numVariants() > Options::maxPolymorphicAccessInliningListSize()) { >+ dataLog("At ", currentCodeOrigin(), "\n"); >+ dataLog("Giving up on: ", getByIdStatus, "\n"); >+ } > set(VirtualRegister(destinationOperand), > addToGraph(getById, OpInfo(identifierNumber), OpInfo(prediction), base)); > return; >@@ -4150,7 +4155,10 @@ void ByteCodeParser::handlePutById( > > if (putByIdStatus.numVariants() > 1) { > if (!isFTL(m_graph.m_plan.mode) || putByIdStatus.makesCalls() >- || !Options::usePolymorphicAccessInlining()) { >+ || !Options::usePolymorphicAccessInlining() >+ || putByIdStatus.numVariants() > Options::maxPolymorphicAccessInliningListSize()) { >+ if (false && putByIdStatus.numVariants() > Options::maxPolymorphicAccessInliningListSize()) >+ dataLog("Giving up on: ", putByIdStatus, "\n"); > emitPutById(base, identifierNumber, value, putByIdStatus, isDirect); > return; > } >Index: Source/JavaScriptCore/dfg/DFGCommonData.h >=================================================================== >--- Source/JavaScriptCore/dfg/DFGCommonData.h (revision 232227) >+++ Source/JavaScriptCore/dfg/DFGCommonData.h (working copy) >@@ -125,6 +125,7 @@ public: > Bag<CodeBlockJettisoningWatchpoint> watchpoints; > Bag<AdaptiveStructureWatchpoint> adaptiveStructureWatchpoints; > Bag<AdaptiveInferredPropertyValueWatchpoint> adaptiveInferredPropertyValueWatchpoints; >+ RecordedStatuses recordedStatuses; > Vector<JumpReplacement> jumpReplacements; > > ScratchBuffer* catchOSREntryBuffer; >Index: Source/JavaScriptCore/dfg/DFGJITCompiler.cpp >=================================================================== >--- Source/JavaScriptCore/dfg/DFGJITCompiler.cpp (revision 232227) >+++ Source/JavaScriptCore/dfg/DFGJITCompiler.cpp (working copy) >@@ -188,6 +188,8 @@ void JITCompiler::compileExceptionHandle > > void JITCompiler::link(LinkBuffer& linkBuffer) > { >+ m_jitCode->common.recordedStatuses = WTFMove(m_graph.m_plan.recordedStatuses); >+ > // Link the code, populate data in CodeBlock data structures. > m_jitCode->common.frameRegisterCount = m_graph.frameRegisterCount(); > m_jitCode->common.requiredRegisterCountForExit = m_graph.requiredRegisterCountForExit(); >Index: Source/JavaScriptCore/dfg/DFGPlan.cpp >=================================================================== >--- Source/JavaScriptCore/dfg/DFGPlan.cpp (revision 232227) >+++ Source/JavaScriptCore/dfg/DFGPlan.cpp (working copy) >@@ -633,6 +633,8 @@ void Plan::checkLivenessAndVisitChildren > cleanMustHandleValuesIfNecessary(); > for (unsigned i = mustHandleValues.size(); i--;) > visitor.appendUnbarriered(mustHandleValues[i]); >+ >+ recordedStatuses.markIfCheap(visitor); > > visitor.appendUnbarriered(codeBlock); > visitor.appendUnbarriered(codeBlock->alternative()); >@@ -649,6 +651,11 @@ void Plan::checkLivenessAndVisitChildren > transitions.visitChildren(visitor); > } > >+void Plan::finalizeInGC() >+{ >+ recordedStatuses.finalize(); >+} >+ > bool Plan::isKnownToBeLiveDuringGC() > { > if (stage == Cancelled) >Index: Source/JavaScriptCore/dfg/DFGPlan.h >=================================================================== >--- Source/JavaScriptCore/dfg/DFGPlan.h (revision 232227) >+++ Source/JavaScriptCore/dfg/DFGPlan.h (working copy) >@@ -72,6 +72,7 @@ struct Plan : public ThreadSafeRefCounte > void iterateCodeBlocksForGC(const Func&); > void checkLivenessAndVisitChildren(SlotVisitor&); > bool isKnownToBeLiveDuringGC(); >+ void finalizeInGC(); > void cancel(); > > bool canTierUpAndOSREnter() const { return !tierUpAndOSREnterBytecodes.isEmpty(); } >@@ -104,6 +105,7 @@ struct Plan : public ThreadSafeRefCounte > DesiredIdentifiers identifiers; > DesiredWeakReferences weakReferences; > DesiredTransitions transitions; >+ RecoredStatuses recordedStatuses; > > bool willTryToTierUp { false }; > >Index: Source/JavaScriptCore/dfg/DFGWorklist.cpp >=================================================================== >--- Source/JavaScriptCore/dfg/DFGWorklist.cpp (revision 232227) >+++ Source/JavaScriptCore/dfg/DFGWorklist.cpp (working copy) >@@ -393,8 +393,10 @@ void Worklist::removeDeadPlans(VM& vm) > Plan* plan = iter->value.get(); > if (plan->vm != &vm) > continue; >- if (plan->isKnownToBeLiveDuringGC()) >+ if (plan->isKnownToBeLiveDuringGC()) { >+ plan->finalizeInGC(); > continue; >+ } > RELEASE_ASSERT(plan->stage != Plan::Cancelled); // Should not be cancelled, yet. > ASSERT(!deadPlanKeys.contains(plan->key())); > deadPlanKeys.add(plan->key()); >Index: Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h >=================================================================== >--- Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h (revision 232227) >+++ Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h (working copy) >@@ -56,6 +56,8 @@ namespace JSC { namespace FTL { > macro(DirectArguments_minCapacity, DirectArguments::offsetOfMinCapacity()) \ > macro(DirectArguments_mappedArguments, DirectArguments::offsetOfMappedArguments()) \ > macro(DirectArguments_modifiedArgumentsDescriptor, DirectArguments::offsetOfModifiedArgumentsDescriptor()) \ >+ macro(FunctionRareData_allocator, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()) \ >+ macro(FunctionRareData_structure, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()) \ > macro(GetterSetter_getter, GetterSetter::offsetOfGetter()) \ > macro(GetterSetter_setter, GetterSetter::offsetOfSetter()) \ > macro(JSArrayBufferView_length, JSArrayBufferView::offsetOfLength()) \ >@@ -112,10 +114,10 @@ namespace JSC { namespace FTL { > macro(StringImpl_length, StringImpl::lengthMemoryOffset()) \ > macro(Structure_classInfo, Structure::classInfoOffset()) \ > macro(Structure_globalObject, Structure::globalObjectOffset()) \ >+ macro(Structure_indexingModeIncludingHistory, Structure::indexingModeIncludingHistoryOffset()) \ >+ macro(Structure_inlineCapacity, Structure::inlineCapacityOffset()) \ > macro(Structure_prototype, Structure::prototypeOffset()) \ > macro(Structure_structureID, Structure::structureIDOffset()) \ >- macro(Structure_inlineCapacity, Structure::inlineCapacityOffset()) \ >- macro(Structure_indexingModeIncludingHistory, Structure::indexingModeIncludingHistoryOffset()) \ > macro(HashMapImpl_capacity, HashMapImpl<HashMapBucket<HashMapBucketDataKey>>::offsetOfCapacity()) \ > macro(HashMapImpl_buffer, HashMapImpl<HashMapBucket<HashMapBucketDataKey>>::offsetOfBuffer()) \ > macro(HashMapImpl_head, HashMapImpl<HashMapBucket<HashMapBucketDataKey>>::offsetOfHead()) \ >Index: Source/JavaScriptCore/ftl/FTLCapabilities.cpp >=================================================================== >--- Source/JavaScriptCore/ftl/FTLCapabilities.cpp (revision 232227) >+++ Source/JavaScriptCore/ftl/FTLCapabilities.cpp (working copy) >@@ -351,6 +351,7 @@ inline CapabilityLevel canCompile(Node* > case PutByValDirect: > case PutByValWithThis: > case MatchStructure: >+ case CreateThis: > // These are OK. > break; > >@@ -362,7 +363,6 @@ inline CapabilityLevel canCompile(Node* > break; > > case IdentityWithProfile: >- case CreateThis: > case CheckTierUpInLoop: > case CheckTierUpAndOSREnter: > case CheckTierUpAtReturn: >Index: Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >=================================================================== >--- Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (revision 232227) >+++ Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (working copy) >@@ -847,6 +847,9 @@ private: > case NewArrayWithSpread: > compileNewArrayWithSpread(); > break; >+ case CreateThis: >+ compileCreateThis(); >+ break; > case Spread: > compileSpread(); > break; >@@ -5662,6 +5665,40 @@ private: > > setJSValue(result); > } >+ >+ void compileCreateThis() >+ { >+ LValue callee = lowCell(m_node->child1()); >+ >+ LBasicBlock isFunctionBlock = m_out.newBlock(); >+ LBasicBlock hasRareData = m_out.newBlock(); >+ LBasicBlock slowPath = m_out.newBlock(); >+ LBasicBlock continuation = m_out.newBlock(); >+ >+ m_out.branch(isFunction(callee, provenType(m_node->child1())), usually(isFunctionBlock), rarely(slowPath)); >+ >+ LBasicBlock lastNext = m_out.appendTo(isFunctionBlock, hasRareData); >+ LValue rareData = m_out.loadPtr(callee, m_heaps.JSFunction_rareData); >+ m_out.branch(m_out.isZero64(rareData), rarely(slowPath), usually(hasRareData)); >+ >+ m_out.appendTo(hasRareData, slowPath); >+ LValue allocator = m_out.loadPtr(rareData, m_heaps.FunctionRareData_allocator); >+ LValue structure = m_out.loadPtr(rareData, m_heaps.FunctionRareData_structure); >+ LValue butterfly = m_out.constIntPtr(0); >+ ValueFromBlock fastResult = m_out.anchor(allocateObject(allocator, structure, butterfly, slowPath)); >+ m_out.jump(continuation); >+ >+ m_out.appendTo(slowPath, continuation); >+ ValueFromBlock slowResult = m_out.anchor(vmCall( >+ Int64, m_out.operation(operationCreateThis), m_callFrame, callee, m_out.constInt32(m_node->inlineCapacity()))); >+ m_out.jump(continuation); >+ >+ m_out.appendTo(continuation, lastNext); >+ LValue result = m_out.phi(Int64, fastResult, slowResult); >+ >+ mutatorFence(); >+ setJSValue(result); >+ } > > void compileSpread() > { >Index: Source/JavaScriptCore/runtime/Options.h >=================================================================== >--- Source/JavaScriptCore/runtime/Options.h (revision 232227) >+++ Source/JavaScriptCore/runtime/Options.h (working copy) >@@ -275,6 +275,7 @@ constexpr bool enableWebAssemblyStreamin > v(unsigned, maxAccessVariantListSize, 8, Normal, nullptr) \ > v(bool, usePolyvariantDevirtualization, true, Normal, nullptr) \ > v(bool, usePolymorphicAccessInlining, true, Normal, nullptr) \ >+ v(unsigned, maxPolymorphicAccessInliningListSize, 3, Normal, nullptr) \ > v(bool, usePolymorphicCallInlining, true, Normal, nullptr) \ > v(bool, usePolymorphicCallInliningForNonStubStatus, false, Normal, nullptr) \ > v(unsigned, maxPolymorphicCallVariantListSize, 15, Normal, nullptr) \
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=341446">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 164904
:
295471
|
295518
|
295582
|
341446
|
341462
|
341542
|
341545
|
341604
|
341611
|
341614
|
341693
|
341703
|
341728
|
341779
|
341807
|
341811
|
341817
|
341825
|
341848
|
341849
|
341850
|
341851
|
341861
|
341924
|
342117
|
342182
|
342188
|
342200
|
343463