diff options
Diffstat (limited to 'Source/JavaScriptCore/dfg/DFGOperations.cpp')
| -rw-r--r-- | Source/JavaScriptCore/dfg/DFGOperations.cpp | 960 |
1 files changed, 654 insertions, 306 deletions
diff --git a/Source/JavaScriptCore/dfg/DFGOperations.cpp b/Source/JavaScriptCore/dfg/DFGOperations.cpp index efe19a4f6..77137275f 100644 --- a/Source/JavaScriptCore/dfg/DFGOperations.cpp +++ b/Source/JavaScriptCore/dfg/DFGOperations.cpp @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011, 2013 Apple Inc. All rights reserved. + * Copyright (C) 2011, 2013-2016 Apple Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -26,17 +26,19 @@ #include "config.h" #include "DFGOperations.h" -#include "Arguments.h" #include "ButterflyInlines.h" +#include "ClonedArguments.h" #include "CodeBlock.h" #include "CommonSlowPaths.h" #include "CopiedSpaceInlines.h" #include "DFGDriver.h" +#include "DFGJITCode.h" #include "DFGOSRExit.h" #include "DFGThunks.h" #include "DFGToFTLDeferredCompilationCallback.h" #include "DFGToFTLForOSREntryDeferredCompilationCallback.h" #include "DFGWorklist.h" +#include "DirectArguments.h" #include "FTLForOSREntryJITCode.h" #include "FTLOSREntry.h" #include "HostCallReturnValue.h" @@ -44,16 +46,16 @@ #include "Interpreter.h" #include "JIT.h" #include "JITExceptions.h" -#include "JITOperationWrappers.h" -#include "JSActivation.h" -#include "VM.h" -#include "JSNameScope.h" -#include "NameInstance.h" +#include "JSCInlines.h" +#include "JSLexicalEnvironment.h" #include "ObjectConstructor.h" -#include "Operations.h" #include "Repatch.h" +#include "ScopedArguments.h" #include "StringConstructor.h" +#include "Symbol.h" +#include "TypeProfilerLog.h" #include "TypedArrayInlines.h" +#include "VM.h" #include <wtf/InlineASM.h> #if ENABLE(JIT) @@ -66,6 +68,7 @@ static inline void putByVal(ExecState* exec, JSValue baseValue, uint32_t index, { VM& vm = exec->vm(); NativeCallFrameTracer tracer(&vm, exec); + ASSERT(isIndex(index)); if (direct) { RELEASE_ASSERT(baseValue.isObject()); asObject(baseValue)->putDirectIndex(exec, index, value, 0, strict ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow); @@ -78,7 +81,7 @@ static inline void putByVal(ExecState* exec, JSValue baseValue, uint32_t index, return; } - object->methodTable()->putByIndex(object, exec, index, value, strict); + object->methodTable(vm)->putByIndex(object, exec, index, value, strict); return; } @@ -96,6 +99,8 @@ ALWAYS_INLINE static void JIT_OPERATION operationPutByValInternal(ExecState* exe JSValue value = JSValue::decode(encodedValue); if (LIKELY(property.isUInt32())) { + // Despite its name, JSValue::isUInt32 will return true only for positive boxed int32_t; all those values are valid array indices. + ASSERT(isIndex(property.asUInt32())); putByVal<strict, direct>(exec, baseValue, property.asUInt32(), value); return; } @@ -103,32 +108,26 @@ ALWAYS_INLINE static void JIT_OPERATION operationPutByValInternal(ExecState* exe if (property.isDouble()) { double propertyAsDouble = property.asDouble(); uint32_t propertyAsUInt32 = static_cast<uint32_t>(propertyAsDouble); - if (propertyAsDouble == propertyAsUInt32) { + if (propertyAsDouble == propertyAsUInt32 && isIndex(propertyAsUInt32)) { putByVal<strict, direct>(exec, baseValue, propertyAsUInt32, value); return; } } - if (isName(property)) { - PutPropertySlot slot(baseValue, strict); - if (direct) { - RELEASE_ASSERT(baseValue.isObject()); - asObject(baseValue)->putDirect(*vm, jsCast<NameInstance*>(property.asCell())->privateName(), value, slot); - } else - baseValue.put(exec, jsCast<NameInstance*>(property.asCell())->privateName(), value, slot); + // Don't put to an object if toString throws an exception. + auto propertyName = property.toPropertyKey(exec); + if (vm->exception()) return; - } - // Don't put to an object if toString throws an exception. - Identifier ident(exec, property.toString(exec)->value(exec)); - if (!vm->exception()) { - PutPropertySlot slot(baseValue, strict); - if (direct) { - RELEASE_ASSERT(baseValue.isObject()); - asObject(baseValue)->putDirect(*vm, jsCast<NameInstance*>(property.asCell())->privateName(), value, slot); - } else - baseValue.put(exec, ident, value, slot); - } + PutPropertySlot slot(baseValue, strict); + if (direct) { + RELEASE_ASSERT(baseValue.isObject()); + if (Optional<uint32_t> index = parseIndex(propertyName)) + asObject(baseValue)->putDirectIndex(exec, index.value(), value, 0, strict ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow); + else + asObject(baseValue)->putDirect(*vm, propertyName, value, slot); + } else + baseValue.put(exec, propertyName, value, slot); } template<typename ViewClass> @@ -137,70 +136,12 @@ char* newTypedArrayWithSize(ExecState* exec, Structure* structure, int32_t size) VM& vm = exec->vm(); NativeCallFrameTracer tracer(&vm, exec); if (size < 0) { - vm.throwException(exec, createRangeError(exec, "Requested length is negative")); + vm.throwException(exec, createRangeError(exec, ASCIILiteral("Requested length is negative"))); return 0; } return bitwise_cast<char*>(ViewClass::create(exec, structure, size)); } -template<typename ViewClass> -char* newTypedArrayWithOneArgument( - ExecState* exec, Structure* structure, EncodedJSValue encodedValue) -{ - VM& vm = exec->vm(); - NativeCallFrameTracer tracer(&vm, exec); - - JSValue value = JSValue::decode(encodedValue); - - if (JSArrayBuffer* jsBuffer = jsDynamicCast<JSArrayBuffer*>(value)) { - RefPtr<ArrayBuffer> buffer = jsBuffer->impl(); - - if (buffer->byteLength() % ViewClass::elementSize) { - vm.throwException(exec, createRangeError(exec, "ArrayBuffer length minus the byteOffset is not a multiple of the element size")); - return 0; - } - return bitwise_cast<char*>( - ViewClass::create( - exec, structure, buffer, 0, buffer->byteLength() / ViewClass::elementSize)); - } - - if (JSObject* object = jsDynamicCast<JSObject*>(value)) { - unsigned length = object->get(exec, vm.propertyNames->length).toUInt32(exec); - if (exec->hadException()) - return 0; - - ViewClass* result = ViewClass::createUninitialized(exec, structure, length); - if (!result) - return 0; - - if (!result->set(exec, object, 0, length)) - return 0; - - return bitwise_cast<char*>(result); - } - - int length; - if (value.isInt32()) - length = value.asInt32(); - else if (!value.isNumber()) { - vm.throwException(exec, createTypeError(exec, "Invalid array length argument")); - return 0; - } else { - length = static_cast<int>(value.asNumber()); - if (length != value.asNumber()) { - vm.throwException(exec, createTypeError(exec, "Invalid array length argument (fractional lengths not allowed)")); - return 0; - } - } - - if (length < 0) { - vm.throwException(exec, createRangeError(exec, "Requested length is negative")); - return 0; - } - - return bitwise_cast<char*>(ViewClass::create(exec, structure, length)); -} - extern "C" { EncodedJSValue JIT_OPERATION operationToThis(ExecState* exec, EncodedJSValue encodedOp) @@ -221,15 +162,88 @@ EncodedJSValue JIT_OPERATION operationToThisStrict(ExecState* exec, EncodedJSVal JSCell* JIT_OPERATION operationCreateThis(ExecState* exec, JSObject* constructor, int32_t inlineCapacity) { + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); + + return constructEmptyObject(exec, jsCast<JSFunction*>(constructor)->rareData(exec, inlineCapacity)->objectAllocationProfile()->structure()); +} + +EncodedJSValue JIT_OPERATION operationValueBitAnd(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) +{ VM* vm = &exec->vm(); NativeCallFrameTracer tracer(vm, exec); -#if !ASSERT_DISABLED - ConstructData constructData; - ASSERT(jsCast<JSFunction*>(constructor)->methodTable()->getConstructData(jsCast<JSFunction*>(constructor), constructData) == ConstructTypeJS); -#endif - - return constructEmptyObject(exec, jsCast<JSFunction*>(constructor)->allocationProfile(exec, inlineCapacity)->structure()); + JSValue op1 = JSValue::decode(encodedOp1); + JSValue op2 = JSValue::decode(encodedOp2); + + int32_t a = op1.toInt32(exec); + int32_t b = op2.toInt32(exec); + return JSValue::encode(jsNumber(a & b)); +} + +EncodedJSValue JIT_OPERATION operationValueBitOr(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) +{ + VM* vm = &exec->vm(); + NativeCallFrameTracer tracer(vm, exec); + + JSValue op1 = JSValue::decode(encodedOp1); + JSValue op2 = JSValue::decode(encodedOp2); + + int32_t a = op1.toInt32(exec); + int32_t b = op2.toInt32(exec); + return JSValue::encode(jsNumber(a | b)); +} + +EncodedJSValue JIT_OPERATION operationValueBitXor(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) +{ + VM* vm = &exec->vm(); + NativeCallFrameTracer tracer(vm, exec); + + JSValue op1 = JSValue::decode(encodedOp1); + JSValue op2 = JSValue::decode(encodedOp2); + + int32_t a = op1.toInt32(exec); + int32_t b = op2.toInt32(exec); + return JSValue::encode(jsNumber(a ^ b)); +} + +EncodedJSValue JIT_OPERATION operationValueBitLShift(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) +{ + VM* vm = &exec->vm(); + NativeCallFrameTracer tracer(vm, exec); + + JSValue op1 = JSValue::decode(encodedOp1); + JSValue op2 = JSValue::decode(encodedOp2); + + int32_t a = op1.toInt32(exec); + uint32_t b = op2.toUInt32(exec); + return JSValue::encode(jsNumber(a << (b & 0x1f))); +} + +EncodedJSValue JIT_OPERATION operationValueBitRShift(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) +{ + VM* vm = &exec->vm(); + NativeCallFrameTracer tracer(vm, exec); + + JSValue op1 = JSValue::decode(encodedOp1); + JSValue op2 = JSValue::decode(encodedOp2); + + int32_t a = op1.toInt32(exec); + uint32_t b = op2.toUInt32(exec); + return JSValue::encode(jsNumber(a >> (b & 0x1f))); +} + +EncodedJSValue JIT_OPERATION operationValueBitURShift(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) +{ + VM* vm = &exec->vm(); + NativeCallFrameTracer tracer(vm, exec); + + JSValue op1 = JSValue::decode(encodedOp1); + JSValue op2 = JSValue::decode(encodedOp2); + + uint32_t a = op1.toUInt32(exec); + uint32_t b = op2.toUInt32(exec); + return JSValue::encode(jsNumber(static_cast<int32_t>(a >> (b & 0x1f)))); } EncodedJSValue JIT_OPERATION operationValueAdd(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) @@ -259,7 +273,46 @@ EncodedJSValue JIT_OPERATION operationValueAddNotNumber(ExecState* exec, Encoded return JSValue::encode(jsAddSlowCase(exec, op1, op2)); } -static inline EncodedJSValue getByVal(ExecState* exec, JSCell* base, uint32_t index) +EncodedJSValue JIT_OPERATION operationValueDiv(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) +{ + VM* vm = &exec->vm(); + NativeCallFrameTracer tracer(vm, exec); + + JSValue op1 = JSValue::decode(encodedOp1); + JSValue op2 = JSValue::decode(encodedOp2); + + double a = op1.toNumber(exec); + double b = op2.toNumber(exec); + return JSValue::encode(jsNumber(a / b)); +} + +EncodedJSValue JIT_OPERATION operationValueMul(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) +{ + VM* vm = &exec->vm(); + NativeCallFrameTracer tracer(vm, exec); + + JSValue op1 = JSValue::decode(encodedOp1); + JSValue op2 = JSValue::decode(encodedOp2); + + double a = op1.toNumber(exec); + double b = op2.toNumber(exec); + return JSValue::encode(jsNumber(a * b)); +} + +EncodedJSValue JIT_OPERATION operationValueSub(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) +{ + VM* vm = &exec->vm(); + NativeCallFrameTracer tracer(vm, exec); + + JSValue op1 = JSValue::decode(encodedOp1); + JSValue op2 = JSValue::decode(encodedOp2); + + double a = op1.toNumber(exec); + double b = op2.toNumber(exec); + return JSValue::encode(jsNumber(a - b)); +} + +static ALWAYS_INLINE EncodedJSValue getByVal(ExecState* exec, JSCell* base, uint32_t index) { VM& vm = exec->vm(); NativeCallFrameTracer tracer(&vm, exec); @@ -278,8 +331,8 @@ static inline EncodedJSValue getByVal(ExecState* exec, JSCell* base, uint32_t in EncodedJSValue JIT_OPERATION operationGetByVal(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedProperty) { - VM* vm = &exec->vm(); - NativeCallFrameTracer tracer(vm, exec); + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); JSValue baseValue = JSValue::decode(encodedBase); JSValue property = JSValue::decode(encodedProperty); @@ -292,25 +345,32 @@ EncodedJSValue JIT_OPERATION operationGetByVal(ExecState* exec, EncodedJSValue e } else if (property.isDouble()) { double propertyAsDouble = property.asDouble(); uint32_t propertyAsUInt32 = static_cast<uint32_t>(propertyAsDouble); - if (propertyAsUInt32 == propertyAsDouble) + if (propertyAsUInt32 == propertyAsDouble && isIndex(propertyAsUInt32)) return getByVal(exec, base, propertyAsUInt32); } else if (property.isString()) { - if (JSValue result = base->fastGetOwnProperty(exec, asString(property)->value(exec))) - return JSValue::encode(result); + Structure& structure = *base->structure(vm); + if (JSCell::canUseFastGetOwnProperty(structure)) { + if (RefPtr<AtomicStringImpl> existingAtomicString = asString(property)->toExistingAtomicString(exec)) { + if (JSValue result = base->fastGetOwnProperty(vm, structure, existingAtomicString.get())) + return JSValue::encode(result); + } + } } } - if (isName(property)) - return JSValue::encode(baseValue.get(exec, jsCast<NameInstance*>(property.asCell())->privateName())); - - Identifier ident(exec, property.toString(exec)->value(exec)); - return JSValue::encode(baseValue.get(exec, ident)); + baseValue.requireObjectCoercible(exec); + if (vm.exception()) + return JSValue::encode(jsUndefined()); + auto propertyName = property.toPropertyKey(exec); + if (vm.exception()) + return JSValue::encode(jsUndefined()); + return JSValue::encode(baseValue.get(exec, propertyName)); } EncodedJSValue JIT_OPERATION operationGetByValCell(ExecState* exec, JSCell* base, EncodedJSValue encodedProperty) { - VM* vm = &exec->vm(); - NativeCallFrameTracer tracer(vm, exec); + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); JSValue property = JSValue::decode(encodedProperty); @@ -322,15 +382,19 @@ EncodedJSValue JIT_OPERATION operationGetByValCell(ExecState* exec, JSCell* base if (propertyAsUInt32 == propertyAsDouble) return getByVal(exec, base, propertyAsUInt32); } else if (property.isString()) { - if (JSValue result = base->fastGetOwnProperty(exec, asString(property)->value(exec))) - return JSValue::encode(result); + Structure& structure = *base->structure(vm); + if (JSCell::canUseFastGetOwnProperty(structure)) { + if (RefPtr<AtomicStringImpl> existingAtomicString = asString(property)->toExistingAtomicString(exec)) { + if (JSValue result = base->fastGetOwnProperty(vm, structure, existingAtomicString.get())) + return JSValue::encode(result); + } + } } - if (isName(property)) - return JSValue::encode(JSValue(base).get(exec, jsCast<NameInstance*>(property.asCell())->privateName())); - - Identifier ident(exec, property.toString(exec)->value(exec)); - return JSValue::encode(JSValue(base).get(exec, ident)); + auto propertyName = property.toPropertyKey(exec); + if (vm.exception()) + return JSValue::encode(jsUndefined()); + return JSValue::encode(JSValue(base).get(exec, propertyName)); } ALWAYS_INLINE EncodedJSValue getByValCellInt(ExecState* exec, JSCell* base, int32_t index) @@ -391,8 +455,8 @@ void JIT_OPERATION operationPutByValCellNonStrict(ExecState* exec, JSCell* cell, void JIT_OPERATION operationPutByValBeyondArrayBoundsStrict(ExecState* exec, JSObject* array, int32_t index, EncodedJSValue encodedValue) { - VM* vm = &exec->vm(); - NativeCallFrameTracer tracer(vm, exec); + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); if (index >= 0) { array->putByIndexInline(exec, index, JSValue::decode(encodedValue), true); @@ -556,8 +620,31 @@ EncodedJSValue JIT_OPERATION operationRegExpExec(ExecState* exec, JSCell* base, if (!base->inherits(RegExpObject::info())) return throwVMTypeError(exec); - ASSERT(argument->isString() || argument->isObject()); - JSString* input = argument->isString() ? asString(argument) : asObject(argument)->toString(exec); + JSString* input; + if (argument->isString()) + input = asString(argument); + else { + input = JSValue(argument).toStringOrNull(exec); + if (!input) + return JSValue::encode(jsUndefined()); + } + return JSValue::encode(asRegExpObject(base)->exec(exec, input)); +} + +EncodedJSValue JIT_OPERATION operationRegExpExecGeneric(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedArgument) +{ + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); + + JSValue base = JSValue::decode(encodedBase); + JSValue argument = JSValue::decode(encodedArgument); + + if (!base.inherits(RegExpObject::info())) + return throwVMTypeError(exec); + + JSString* input = argument.toStringOrNull(exec); + if (!input) + return JSValue::encode(jsUndefined()); return JSValue::encode(asRegExpObject(base)->exec(exec, input)); } @@ -571,8 +658,33 @@ size_t JIT_OPERATION operationRegExpTest(ExecState* exec, JSCell* base, JSCell* return false; } - ASSERT(argument->isString() || argument->isObject()); - JSString* input = argument->isString() ? asString(argument) : asObject(argument)->toString(exec); + JSString* input; + if (argument->isString()) + input = asString(argument); + else { + input = JSValue(argument).toStringOrNull(exec); + if (!input) + return false; + } + return asRegExpObject(base)->test(exec, input); +} + +size_t JIT_OPERATION operationRegExpTestGeneric(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedArgument) +{ + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); + + JSValue base = JSValue::decode(encodedBase); + JSValue argument = JSValue::decode(encodedArgument); + + if (!base.inherits(RegExpObject::info())) { + throwTypeError(exec); + return false; + } + + JSString* input = argument.toStringOrNull(exec); + if (!input) + return false; return asRegExpObject(base)->test(exec, input); } @@ -633,7 +745,9 @@ char* JIT_OPERATION operationNewArrayWithSize(ExecState* exec, Structure* arrayS if (UNLIKELY(size < 0)) return bitwise_cast<char*>(exec->vm().throwException(exec, createRangeError(exec, ASCIILiteral("Array size is not a small enough positive integer.")))); - return bitwise_cast<char*>(JSArray::create(*vm, arrayStructure, size)); + JSArray* result = JSArray::create(*vm, arrayStructure, size); + result->butterfly(); // Ensure that the backing store is in to-space. + return bitwise_cast<char*>(result); } char* JIT_OPERATION operationNewArrayBuffer(ExecState* exec, Structure* arrayStructure, size_t start, size_t size) @@ -652,7 +766,7 @@ char* JIT_OPERATION operationNewInt8ArrayWithSize( char* JIT_OPERATION operationNewInt8ArrayWithOneArgument( ExecState* exec, Structure* structure, EncodedJSValue encodedValue) { - return newTypedArrayWithOneArgument<JSInt8Array>(exec, structure, encodedValue); + return reinterpret_cast<char*>(constructGenericTypedArrayViewWithArguments<JSInt8Array>(exec, structure, encodedValue, 0, Nullopt)); } char* JIT_OPERATION operationNewInt16ArrayWithSize( @@ -664,7 +778,7 @@ char* JIT_OPERATION operationNewInt16ArrayWithSize( char* JIT_OPERATION operationNewInt16ArrayWithOneArgument( ExecState* exec, Structure* structure, EncodedJSValue encodedValue) { - return newTypedArrayWithOneArgument<JSInt16Array>(exec, structure, encodedValue); + return reinterpret_cast<char*>(constructGenericTypedArrayViewWithArguments<JSInt16Array>(exec, structure, encodedValue, 0, Nullopt)); } char* JIT_OPERATION operationNewInt32ArrayWithSize( @@ -676,7 +790,7 @@ char* JIT_OPERATION operationNewInt32ArrayWithSize( char* JIT_OPERATION operationNewInt32ArrayWithOneArgument( ExecState* exec, Structure* structure, EncodedJSValue encodedValue) { - return newTypedArrayWithOneArgument<JSInt32Array>(exec, structure, encodedValue); + return reinterpret_cast<char*>(constructGenericTypedArrayViewWithArguments<JSInt32Array>(exec, structure, encodedValue, 0, Nullopt)); } char* JIT_OPERATION operationNewUint8ArrayWithSize( @@ -688,7 +802,7 @@ char* JIT_OPERATION operationNewUint8ArrayWithSize( char* JIT_OPERATION operationNewUint8ArrayWithOneArgument( ExecState* exec, Structure* structure, EncodedJSValue encodedValue) { - return newTypedArrayWithOneArgument<JSUint8Array>(exec, structure, encodedValue); + return reinterpret_cast<char*>(constructGenericTypedArrayViewWithArguments<JSUint8Array>(exec, structure, encodedValue, 0, Nullopt)); } char* JIT_OPERATION operationNewUint8ClampedArrayWithSize( @@ -700,7 +814,7 @@ char* JIT_OPERATION operationNewUint8ClampedArrayWithSize( char* JIT_OPERATION operationNewUint8ClampedArrayWithOneArgument( ExecState* exec, Structure* structure, EncodedJSValue encodedValue) { - return newTypedArrayWithOneArgument<JSUint8ClampedArray>(exec, structure, encodedValue); + return reinterpret_cast<char*>(constructGenericTypedArrayViewWithArguments<JSUint8ClampedArray>(exec, structure, encodedValue, 0, Nullopt)); } char* JIT_OPERATION operationNewUint16ArrayWithSize( @@ -712,7 +826,7 @@ char* JIT_OPERATION operationNewUint16ArrayWithSize( char* JIT_OPERATION operationNewUint16ArrayWithOneArgument( ExecState* exec, Structure* structure, EncodedJSValue encodedValue) { - return newTypedArrayWithOneArgument<JSUint16Array>(exec, structure, encodedValue); + return reinterpret_cast<char*>(constructGenericTypedArrayViewWithArguments<JSUint16Array>(exec, structure, encodedValue, 0, Nullopt)); } char* JIT_OPERATION operationNewUint32ArrayWithSize( @@ -724,7 +838,7 @@ char* JIT_OPERATION operationNewUint32ArrayWithSize( char* JIT_OPERATION operationNewUint32ArrayWithOneArgument( ExecState* exec, Structure* structure, EncodedJSValue encodedValue) { - return newTypedArrayWithOneArgument<JSUint32Array>(exec, structure, encodedValue); + return reinterpret_cast<char*>(constructGenericTypedArrayViewWithArguments<JSUint32Array>(exec, structure, encodedValue, 0, Nullopt)); } char* JIT_OPERATION operationNewFloat32ArrayWithSize( @@ -736,7 +850,7 @@ char* JIT_OPERATION operationNewFloat32ArrayWithSize( char* JIT_OPERATION operationNewFloat32ArrayWithOneArgument( ExecState* exec, Structure* structure, EncodedJSValue encodedValue) { - return newTypedArrayWithOneArgument<JSFloat32Array>(exec, structure, encodedValue); + return reinterpret_cast<char*>(constructGenericTypedArrayViewWithArguments<JSFloat32Array>(exec, structure, encodedValue, 0, Nullopt)); } char* JIT_OPERATION operationNewFloat64ArrayWithSize( @@ -748,82 +862,197 @@ char* JIT_OPERATION operationNewFloat64ArrayWithSize( char* JIT_OPERATION operationNewFloat64ArrayWithOneArgument( ExecState* exec, Structure* structure, EncodedJSValue encodedValue) { - return newTypedArrayWithOneArgument<JSFloat64Array>(exec, structure, encodedValue); + return reinterpret_cast<char*>(constructGenericTypedArrayViewWithArguments<JSFloat64Array>(exec, structure, encodedValue, 0, Nullopt)); } -JSCell* JIT_OPERATION operationCreateInlinedArguments( - ExecState* exec, InlineCallFrame* inlineCallFrame) +JSCell* JIT_OPERATION operationCreateActivationDirect(ExecState* exec, Structure* structure, JSScope* scope, SymbolTable* table, EncodedJSValue initialValueEncoded) { + JSValue initialValue = JSValue::decode(initialValueEncoded); + ASSERT(initialValue == jsUndefined() || initialValue == jsTDZValue()); VM& vm = exec->vm(); NativeCallFrameTracer tracer(&vm, exec); - // NB: This needs to be exceedingly careful with top call frame tracking, since it - // may be called from OSR exit, while the state of the call stack is bizarre. - Arguments* result = Arguments::create(vm, exec, inlineCallFrame); - ASSERT(!vm.exception()); + return JSLexicalEnvironment::create(vm, structure, scope, table, initialValue); +} + +JSCell* JIT_OPERATION operationCreateDirectArguments(ExecState* exec, Structure* structure, int32_t length, int32_t minCapacity) +{ + VM& vm = exec->vm(); + NativeCallFrameTracer target(&vm, exec); + DirectArguments* result = DirectArguments::create( + vm, structure, length, std::max(length, minCapacity)); + // The caller will store to this object without barriers. Most likely, at this point, this is + // still a young object and so no barriers are needed. But it's good to be careful anyway, + // since the GC should be allowed to do crazy (like pretenuring, for example). + vm.heap.writeBarrier(result); return result; } -void JIT_OPERATION operationTearOffInlinedArguments( - ExecState* exec, JSCell* argumentsCell, JSCell* activationCell, InlineCallFrame* inlineCallFrame) +JSCell* JIT_OPERATION operationCreateScopedArguments(ExecState* exec, Structure* structure, Register* argumentStart, int32_t length, JSFunction* callee, JSLexicalEnvironment* scope) { - ASSERT_UNUSED(activationCell, !activationCell); // Currently, we don't inline functions with activations. - jsCast<Arguments*>(argumentsCell)->tearOff(exec, inlineCallFrame); + VM& vm = exec->vm(); + NativeCallFrameTracer target(&vm, exec); + + // We could pass the ScopedArgumentsTable* as an argument. We currently don't because I + // didn't feel like changing the max number of arguments for a slow path call from 6 to 7. + ScopedArgumentsTable* table = scope->symbolTable()->arguments(); + + return ScopedArguments::createByCopyingFrom( + vm, structure, argumentStart, length, callee, table, scope); } -EncodedJSValue JIT_OPERATION operationGetArgumentByVal(ExecState* exec, int32_t argumentsRegister, int32_t index) +JSCell* JIT_OPERATION operationCreateClonedArguments(ExecState* exec, Structure* structure, Register* argumentStart, int32_t length, JSFunction* callee) { VM& vm = exec->vm(); - NativeCallFrameTracer tracer(&vm, exec); + NativeCallFrameTracer target(&vm, exec); + return ClonedArguments::createByCopyingFrom( + exec, structure, argumentStart, length, callee); +} + +JSCell* JIT_OPERATION operationCreateDirectArgumentsDuringExit(ExecState* exec, InlineCallFrame* inlineCallFrame, JSFunction* callee, int32_t argumentCount) +{ + VM& vm = exec->vm(); + NativeCallFrameTracer target(&vm, exec); + + DeferGCForAWhile deferGC(vm.heap); + + CodeBlock* codeBlock; + if (inlineCallFrame) + codeBlock = baselineCodeBlockForInlineCallFrame(inlineCallFrame); + else + codeBlock = exec->codeBlock(); + + unsigned length = argumentCount - 1; + unsigned capacity = std::max(length, static_cast<unsigned>(codeBlock->numParameters() - 1)); + DirectArguments* result = DirectArguments::create( + vm, codeBlock->globalObject()->directArgumentsStructure(), length, capacity); + + result->callee().set(vm, result, callee); + + Register* arguments = + exec->registers() + (inlineCallFrame ? inlineCallFrame->stackOffset : 0) + + CallFrame::argumentOffset(0); + for (unsigned i = length; i--;) + result->setIndexQuickly(vm, i, arguments[i].jsValue()); + + return result; +} - JSValue argumentsValue = exec->uncheckedR(argumentsRegister).jsValue(); +JSCell* JIT_OPERATION operationCreateClonedArgumentsDuringExit(ExecState* exec, InlineCallFrame* inlineCallFrame, JSFunction* callee, int32_t argumentCount) +{ + VM& vm = exec->vm(); + NativeCallFrameTracer target(&vm, exec); + + DeferGCForAWhile deferGC(vm.heap); + + CodeBlock* codeBlock; + if (inlineCallFrame) + codeBlock = baselineCodeBlockForInlineCallFrame(inlineCallFrame); + else + codeBlock = exec->codeBlock(); + + unsigned length = argumentCount - 1; + ClonedArguments* result = ClonedArguments::createEmpty( + vm, codeBlock->globalObject()->outOfBandArgumentsStructure(), callee); + + Register* arguments = + exec->registers() + (inlineCallFrame ? inlineCallFrame->stackOffset : 0) + + CallFrame::argumentOffset(0); + for (unsigned i = length; i--;) + result->putDirectIndex(exec, i, arguments[i].jsValue()); - // If there are no arguments, and we're accessing out of bounds, then we have to create the - // arguments in case someone has installed a getter on a numeric property. - if (!argumentsValue) - exec->uncheckedR(argumentsRegister) = argumentsValue = Arguments::create(exec->vm(), exec); + result->putDirect(vm, vm.propertyNames->length, jsNumber(length)); - return JSValue::encode(argumentsValue.get(exec, index)); + return result; +} + +void JIT_OPERATION operationCopyRest(ExecState* exec, JSCell* arrayAsCell, Register* argumentStart, unsigned numberOfParamsToSkip, unsigned arraySize) +{ + ASSERT(arraySize); + JSArray* array = jsCast<JSArray*>(arrayAsCell); + ASSERT(arraySize == array->length()); + array->setLength(exec, arraySize); + for (unsigned i = 0; i < arraySize; i++) + array->putDirectIndex(exec, i, argumentStart[i + numberOfParamsToSkip].jsValue()); } -EncodedJSValue JIT_OPERATION operationGetInlinedArgumentByVal( - ExecState* exec, int32_t argumentsRegister, InlineCallFrame* inlineCallFrame, int32_t index) +size_t JIT_OPERATION operationObjectIsObject(ExecState* exec, JSGlobalObject* globalObject, JSCell* object) { VM& vm = exec->vm(); NativeCallFrameTracer tracer(&vm, exec); - JSValue argumentsValue = exec->uncheckedR(argumentsRegister).jsValue(); + ASSERT(jsDynamicCast<JSObject*>(object)); - // If there are no arguments, and we're accessing out of bounds, then we have to create the - // arguments in case someone has installed a getter on a numeric property. - if (!argumentsValue) { - exec->uncheckedR(argumentsRegister) = argumentsValue = - Arguments::create(exec->vm(), exec, inlineCallFrame); + if (object->structure(vm)->masqueradesAsUndefined(globalObject)) + return false; + if (object->type() == JSFunctionType) + return false; + if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) { + CallData callData; + if (object->methodTable(vm)->getCallData(object, callData) != CallTypeNone) + return false; } - return JSValue::encode(argumentsValue.get(exec, index)); + return true; } -JSCell* JIT_OPERATION operationNewFunctionNoCheck(ExecState* exec, JSCell* functionExecutable) +size_t JIT_OPERATION operationObjectIsFunction(ExecState* exec, JSGlobalObject* globalObject, JSCell* object) { - ASSERT(functionExecutable->inherits(FunctionExecutable::info())); VM& vm = exec->vm(); NativeCallFrameTracer tracer(&vm, exec); - return JSFunction::create(vm, static_cast<FunctionExecutable*>(functionExecutable), exec->scope()); -} -size_t JIT_OPERATION operationIsObject(ExecState* exec, EncodedJSValue value) -{ - return jsIsObjectType(exec, JSValue::decode(value)); + ASSERT(jsDynamicCast<JSObject*>(object)); + + if (object->structure(vm)->masqueradesAsUndefined(globalObject)) + return false; + if (object->type() == JSFunctionType) + return true; + if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) { + CallData callData; + if (object->methodTable(vm)->getCallData(object, callData) != CallTypeNone) + return true; + } + + return false; } -size_t JIT_OPERATION operationIsFunction(EncodedJSValue value) +JSCell* JIT_OPERATION operationTypeOfObject(ExecState* exec, JSGlobalObject* globalObject, JSCell* object) { - return jsIsFunctionType(JSValue::decode(value)); + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); + + ASSERT(jsDynamicCast<JSObject*>(object)); + + if (object->structure(vm)->masqueradesAsUndefined(globalObject)) + return vm.smallStrings.undefinedString(); + if (object->type() == JSFunctionType) + return vm.smallStrings.functionString(); + if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) { + CallData callData; + if (object->methodTable(vm)->getCallData(object, callData) != CallTypeNone) + return vm.smallStrings.functionString(); + } + + return vm.smallStrings.objectString(); } -JSCell* JIT_OPERATION operationTypeOf(ExecState* exec, JSCell* value) +int32_t JIT_OPERATION operationTypeOfObjectAsTypeofType(ExecState* exec, JSGlobalObject* globalObject, JSCell* object) { - return jsTypeStringForValue(exec, JSValue(value)).asCell(); + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); + + ASSERT(jsDynamicCast<JSObject*>(object)); + + if (object->structure(vm)->masqueradesAsUndefined(globalObject)) + return static_cast<int32_t>(TypeofType::Undefined); + if (object->type() == JSFunctionType) + return static_cast<int32_t>(TypeofType::Function); + if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) { + CallData callData; + if (object->methodTable(vm)->getCallData(object, callData) != CallTypeNone) + return static_cast<int32_t>(TypeofType::Function); + } + + return static_cast<int32_t>(TypeofType::Object); } char* JIT_OPERATION operationAllocatePropertyStorageWithInitialCapacity(ExecState* exec) @@ -900,17 +1129,6 @@ char* JIT_OPERATION operationEnsureContiguous(ExecState* exec, JSCell* cell) return reinterpret_cast<char*>(asObject(cell)->ensureContiguous(vm).data()); } -char* JIT_OPERATION operationRageEnsureContiguous(ExecState* exec, JSCell* cell) -{ - VM& vm = exec->vm(); - NativeCallFrameTracer tracer(&vm, exec); - - if (!cell->isObject()) - return 0; - - return reinterpret_cast<char*>(asObject(cell)->rageEnsureContiguous(vm).data()); -} - char* JIT_OPERATION operationEnsureArrayStorage(ExecState* exec, JSCell* cell) { VM& vm = exec->vm(); @@ -962,6 +1180,22 @@ JSCell* JIT_OPERATION operationToString(ExecState* exec, EncodedJSValue value) return JSValue::decode(value).toString(exec); } +JSCell* JIT_OPERATION operationCallStringConstructorOnCell(ExecState* exec, JSCell* cell) +{ + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); + + return stringConstructor(exec, cell); +} + +JSCell* JIT_OPERATION operationCallStringConstructor(ExecState* exec, EncodedJSValue value) +{ + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); + + return stringConstructor(exec, JSValue::decode(value)); +} + JSCell* JIT_OPERATION operationMakeRope2(ExecState* exec, JSString* left, JSString* right) { VM& vm = exec->vm(); @@ -988,6 +1222,44 @@ JSCell* JIT_OPERATION operationMakeRope3(ExecState* exec, JSString* a, JSString* return JSRopeString::create(vm, a, b, c); } +JSCell* JIT_OPERATION operationStrCat2(ExecState* exec, EncodedJSValue a, EncodedJSValue b) +{ + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); + + JSString* str1 = JSValue::decode(a).toString(exec); + ASSERT(!vm.exception()); // Impossible, since we must have been given primitives. + JSString* str2 = JSValue::decode(b).toString(exec); + ASSERT(!vm.exception()); + + if (sumOverflows<int32_t>(str1->length(), str2->length())) { + throwOutOfMemoryError(exec); + return nullptr; + } + + return JSRopeString::create(vm, str1, str2); +} + +JSCell* JIT_OPERATION operationStrCat3(ExecState* exec, EncodedJSValue a, EncodedJSValue b, EncodedJSValue c) +{ + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); + + JSString* str1 = JSValue::decode(a).toString(exec); + ASSERT(!vm.exception()); // Impossible, since we must have been given primitives. + JSString* str2 = JSValue::decode(b).toString(exec); + ASSERT(!vm.exception()); + JSString* str3 = JSValue::decode(c).toString(exec); + ASSERT(!vm.exception()); + + if (sumOverflows<int32_t>(str1->length(), str2->length(), str3->length())) { + throwOutOfMemoryError(exec); + return nullptr; + } + + return JSRopeString::create(vm, str1, str2, str3); +} + char* JIT_OPERATION operationFindSwitchImmTargetForDouble( ExecState* exec, EncodedJSValue encodedValue, size_t tableIndex) { @@ -1010,12 +1282,64 @@ char* JIT_OPERATION operationSwitchString(ExecState* exec, size_t tableIndex, JS return static_cast<char*>(exec->codeBlock()->stringSwitchJumpTable(tableIndex).ctiForValue(string->value(exec).impl()).executableAddress()); } -void JIT_OPERATION operationInvalidate(ExecState* exec, VariableWatchpointSet* set) +int32_t JIT_OPERATION operationSwitchStringAndGetBranchOffset(ExecState* exec, size_t tableIndex, JSString* string) { VM& vm = exec->vm(); NativeCallFrameTracer tracer(&vm, exec); - set->invalidate(); + return exec->codeBlock()->stringSwitchJumpTable(tableIndex).offsetForValue(string->value(exec).impl(), std::numeric_limits<int32_t>::min()); +} + +char* JIT_OPERATION operationGetButterfly(ExecState* exec, JSCell* cell) +{ + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); + + return bitwise_cast<char*>(jsCast<JSObject*>(cell)->butterfly()); +} + +char* JIT_OPERATION operationGetArrayBufferVector(ExecState* exec, JSCell* cell) +{ + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); + + return bitwise_cast<char*>(jsCast<JSArrayBufferView*>(cell)->vector()); +} + +void JIT_OPERATION operationNotifyWrite(ExecState* exec, WatchpointSet* set) +{ + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); + + set->touch("Executed NotifyWrite"); +} + +void JIT_OPERATION operationThrowStackOverflowForVarargs(ExecState* exec) +{ + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); + throwStackOverflowError(exec); +} + +int32_t JIT_OPERATION operationSizeOfVarargs(ExecState* exec, EncodedJSValue encodedArguments, int32_t firstVarArgOffset) +{ + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); + JSValue arguments = JSValue::decode(encodedArguments); + + return sizeOfVarargs(exec, arguments, firstVarArgOffset); +} + +void JIT_OPERATION operationLoadVarargs(ExecState* exec, int32_t firstElementDest, EncodedJSValue encodedArguments, int32_t offset, int32_t length, int32_t mandatoryMinimum) +{ + VM& vm = exec->vm(); + NativeCallFrameTracer tracer(&vm, exec); + JSValue arguments = JSValue::decode(encodedArguments); + + loadVarargs(exec, VirtualRegister(firstElementDest), arguments, offset, length); + + for (int32_t i = length; i < mandatoryMinimum; ++i) + exec->r(firstElementDest + i) = jsUndefined(); } double JIT_OPERATION operationFModOnInts(int32_t a, int32_t b) @@ -1023,6 +1347,13 @@ double JIT_OPERATION operationFModOnInts(int32_t a, int32_t b) return fmod(a, b); } +#if USE(JSVALUE32_64) +double JIT_OPERATION operationRandom(JSGlobalObject* globalObject) +{ + return globalObject->weakRandomNumber(); +} +#endif + JSCell* JIT_OPERATION operationStringFromCharCode(ExecState* exec, int32_t op1) { VM* vm = &exec->vm(); @@ -1030,13 +1361,31 @@ JSCell* JIT_OPERATION operationStringFromCharCode(ExecState* exec, int32_t op1) return JSC::stringFromCharCode(exec, op1); } -size_t JIT_OPERATION dfgConvertJSValueToInt32(ExecState* exec, EncodedJSValue value) +EncodedJSValue JIT_OPERATION operationStringFromCharCodeUntyped(ExecState* exec, EncodedJSValue encodedValue) { VM* vm = &exec->vm(); NativeCallFrameTracer tracer(vm, exec); - - // toInt32/toUInt32 return the same value; we want the value zero extended to fill the register. - return JSValue::decode(value).toUInt32(exec); + JSValue charValue = JSValue::decode(encodedValue); + int32_t chInt = charValue.toUInt32(exec); + return JSValue::encode(JSC::stringFromCharCode(exec, chInt)); +} + +int64_t JIT_OPERATION operationConvertBoxedDoubleToInt52(EncodedJSValue encodedValue) +{ + JSValue value = JSValue::decode(encodedValue); + if (!value.isDouble()) + return JSValue::notInt52; + return tryConvertToInt52(value.asDouble()); +} + +int64_t JIT_OPERATION operationConvertDoubleToInt52(double value) +{ + return tryConvertToInt52(value); +} + +void JIT_OPERATION operationProcessTypeProfilerLogDFG(ExecState* exec) +{ + exec->vm().typeProfilerLog()->processLogEntries(ASCIILiteral("Log Full, called from inside DFG.")); } void JIT_OPERATION debugOperationPrintSpeculationFailure(ExecState* exec, void* debugInfoRaw, void* scratch) @@ -1047,8 +1396,8 @@ void JIT_OPERATION debugOperationPrintSpeculationFailure(ExecState* exec, void* SpeculationFailureDebugInfo* debugInfo = static_cast<SpeculationFailureDebugInfo*>(debugInfoRaw); CodeBlock* codeBlock = debugInfo->codeBlock; CodeBlock* alternative = codeBlock->alternative(); - dataLog( - "Speculation failure in ", *codeBlock, " with "); + dataLog("Speculation failure in ", *codeBlock); + dataLog(" @ exit #", vm->osrExitIndex, " (bc#", debugInfo->bytecodeOffset, ", ", exitKindToString(debugInfo->kind), ") with "); if (alternative) { dataLog( "executeCounter = ", alternative->jitExecuteCounter(), @@ -1077,7 +1426,7 @@ void JIT_OPERATION debugOperationPrintSpeculationFailure(ExecState* exec, void* dataLog("\n"); } -extern "C" void JIT_OPERATION triggerReoptimizationNow(CodeBlock* codeBlock) +extern "C" void JIT_OPERATION triggerReoptimizationNow(CodeBlock* codeBlock, OSRExitBase* exit) { // It's sort of preferable that we don't GC while in here. Anyways, doing so wouldn't // really be profitable. @@ -1101,13 +1450,21 @@ extern "C" void JIT_OPERATION triggerReoptimizationNow(CodeBlock* codeBlock) ASSERT(codeBlock->hasOptimizedReplacement()); CodeBlock* optimizedCodeBlock = codeBlock->replacement(); ASSERT(JITCode::isOptimizingJIT(optimizedCodeBlock->jitType())); + + bool didTryToEnterIntoInlinedLoops = false; + for (InlineCallFrame* inlineCallFrame = exit->m_codeOrigin.inlineCallFrame; inlineCallFrame; inlineCallFrame = inlineCallFrame->directCaller.inlineCallFrame) { + if (inlineCallFrame->baselineCodeBlock->ownerScriptExecutable()->didTryToEnterInLoop()) { + didTryToEnterIntoInlinedLoops = true; + break; + } + } // In order to trigger reoptimization, one of two things must have happened: // 1) We exited more than some number of times. // 2) We exited and got stuck in a loop, and now we're exiting again. bool didExitABunch = optimizedCodeBlock->shouldReoptimizeNow(); bool didGetStuckInLoop = - codeBlock->checkIfOptimizationThresholdReached() + (codeBlock->checkIfOptimizationThresholdReached() || didTryToEnterIntoInlinedLoops) && optimizedCodeBlock->shouldReoptimizeFromLoopNow(); if (!didExitABunch && !didGetStuckInLoop) { @@ -1117,40 +1474,32 @@ extern "C" void JIT_OPERATION triggerReoptimizationNow(CodeBlock* codeBlock) return; } - optimizedCodeBlock->jettison(CountReoptimization); + optimizedCodeBlock->jettison(Profiler::JettisonDueToOSRExit, CountReoptimization); } #if ENABLE(FTL_JIT) -void JIT_OPERATION triggerTierUpNow(ExecState* exec) +static bool shouldTriggerFTLCompile(CodeBlock* codeBlock, JITCode* jitCode) { - VM* vm = &exec->vm(); - NativeCallFrameTracer tracer(vm, exec); - DeferGC deferGC(vm->heap); - CodeBlock* codeBlock = exec->codeBlock(); - - JITCode* jitCode = codeBlock->jitCode()->dfg(); - - if (Options::verboseOSR()) { - dataLog( - *codeBlock, ": Entered triggerTierUpNow with executeCounter = ", - jitCode->tierUpCounter, "\n"); - } - if (codeBlock->baselineVersion()->m_didFailFTLCompilation) { if (Options::verboseOSR()) dataLog("Deferring FTL-optimization of ", *codeBlock, " indefinitely because there was an FTL failure.\n"); jitCode->dontOptimizeAnytimeSoon(codeBlock); - return; + return false; } - - if (!jitCode->checkIfOptimizationThresholdReached(codeBlock)) { + + if (!codeBlock->hasOptimizedReplacement() + && !jitCode->checkIfOptimizationThresholdReached(codeBlock)) { if (Options::verboseOSR()) dataLog("Choosing not to FTL-optimize ", *codeBlock, " yet.\n"); - return; + return false; } - + return true; +} + +static void triggerFTLReplacementCompile(VM* vm, CodeBlock* codeBlock, JITCode* jitCode) +{ Worklist::State worklistState; - if (Worklist* worklist = vm->worklist.get()) { + if (Worklist* worklist = existingGlobalFTLWorklistOrNull()) { worklistState = worklist->completeAllReadyPlansForVM( *vm, CompilationKey(codeBlock->baselineVersion(), FTLMode)); } else @@ -1179,18 +1528,26 @@ void JIT_OPERATION triggerTierUpNow(ExecState* exec) // We need to compile the code. compile( - *vm, codeBlock->newReplacement().get(), FTLMode, UINT_MAX, Operands<JSValue>(), - ToFTLDeferredCompilationCallback::create(codeBlock), vm->ensureWorklist()); + *vm, codeBlock->newReplacement(), codeBlock, FTLMode, UINT_MAX, + Operands<JSValue>(), ToFTLDeferredCompilationCallback::create()); + + // If we reached here, the counter has not be reset. Do that now. + jitCode->setOptimizationThresholdBasedOnCompilationResult( + codeBlock, CompilationDeferred); } -char* JIT_OPERATION triggerOSREntryNow( - ExecState* exec, int32_t bytecodeIndex, int32_t streamIndex) +static void triggerTierUpNowCommon(ExecState* exec, bool inLoop) { VM* vm = &exec->vm(); NativeCallFrameTracer tracer(vm, exec); DeferGC deferGC(vm->heap); CodeBlock* codeBlock = exec->codeBlock(); + if (codeBlock->jitType() != JITCode::DFGJIT) { + dataLog("Unexpected code block in DFG->FTL tier-up: ", *codeBlock, "\n"); + RELEASE_ASSERT_NOT_REACHED(); + } + JITCode* jitCode = codeBlock->jitCode()->dfg(); if (Options::verboseOSR()) { @@ -1198,147 +1555,138 @@ char* JIT_OPERATION triggerOSREntryNow( *codeBlock, ": Entered triggerTierUpNow with executeCounter = ", jitCode->tierUpCounter, "\n"); } + if (inLoop) + jitCode->nestedTriggerIsSet = 1; + + if (shouldTriggerFTLCompile(codeBlock, jitCode)) + triggerFTLReplacementCompile(vm, codeBlock, jitCode); +} + +void JIT_OPERATION triggerTierUpNow(ExecState* exec) +{ + triggerTierUpNowCommon(exec, false); +} + +void JIT_OPERATION triggerTierUpNowInLoop(ExecState* exec) +{ + triggerTierUpNowCommon(exec, true); +} + +char* JIT_OPERATION triggerOSREntryNow( + ExecState* exec, int32_t bytecodeIndex, int32_t streamIndex) +{ + VM* vm = &exec->vm(); + NativeCallFrameTracer tracer(vm, exec); + DeferGC deferGC(vm->heap); + CodeBlock* codeBlock = exec->codeBlock(); - if (codeBlock->baselineVersion()->m_didFailFTLCompilation) { - if (Options::verboseOSR()) - dataLog("Deferring FTL-optimization of ", *codeBlock, " indefinitely because there was an FTL failure.\n"); - jitCode->dontOptimizeAnytimeSoon(codeBlock); - return 0; + if (codeBlock->jitType() != JITCode::DFGJIT) { + dataLog("Unexpected code block in DFG->FTL tier-up: ", *codeBlock, "\n"); + RELEASE_ASSERT_NOT_REACHED(); } - if (!jitCode->checkIfOptimizationThresholdReached(codeBlock)) { - if (Options::verboseOSR()) - dataLog("Choosing not to FTL-optimize ", *codeBlock, " yet.\n"); - return 0; + JITCode* jitCode = codeBlock->jitCode()->dfg(); + jitCode->nestedTriggerIsSet = 0; + + if (Options::verboseOSR()) { + dataLog( + *codeBlock, ": Entered triggerOSREntryNow with executeCounter = ", + jitCode->tierUpCounter, "\n"); + } + + // - If we don't have an FTL code block, then try to compile one. + // - If we do have an FTL code block, then try to enter for a while. + // - If we couldn't enter for a while, then trigger OSR entry. + + if (!shouldTriggerFTLCompile(codeBlock, jitCode)) + return nullptr; + + if (!jitCode->neverExecutedEntry) { + triggerFTLReplacementCompile(vm, codeBlock, jitCode); + + if (!codeBlock->hasOptimizedReplacement()) + return nullptr; + + if (jitCode->osrEntryRetry < Options::ftlOSREntryRetryThreshold()) { + jitCode->osrEntryRetry++; + return nullptr; + } } + // It's time to try to compile code for OSR entry. Worklist::State worklistState; - if (Worklist* worklist = vm->worklist.get()) { + if (Worklist* worklist = existingGlobalFTLWorklistOrNull()) { worklistState = worklist->completeAllReadyPlansForVM( *vm, CompilationKey(codeBlock->baselineVersion(), FTLForOSREntryMode)); } else worklistState = Worklist::NotKnown; if (worklistState == Worklist::Compiling) { - ASSERT(!jitCode->osrEntryBlock); jitCode->setOptimizationThresholdBasedOnCompilationResult( codeBlock, CompilationDeferred); - return 0; + return nullptr; } - if (CodeBlock* entryBlock = jitCode->osrEntryBlock.get()) { + if (CodeBlock* entryBlock = jitCode->osrEntryBlock()) { void* address = FTL::prepareOSREntry( exec, codeBlock, entryBlock, bytecodeIndex, streamIndex); - if (address) { - jitCode->optimizeSoon(codeBlock); + if (address) return static_cast<char*>(address); + + if (jitCode->osrEntryRetry < Options::ftlOSREntryRetryThreshold()) { + jitCode->osrEntryRetry++; + return nullptr; } - + FTL::ForOSREntryJITCode* entryCode = entryBlock->jitCode()->ftlForOSREntry(); entryCode->countEntryFailure(); if (entryCode->entryFailureCount() < Options::ftlOSREntryFailureCountForReoptimization()) { - jitCode->optimizeSoon(codeBlock); - return 0; + return nullptr; } // OSR entry failed. Oh no! This implies that we need to retry. We retry // without exponential backoff and we only do this for the entry code block. - jitCode->osrEntryBlock.clear(); - - jitCode->optimizeAfterWarmUp(codeBlock); - return 0; + jitCode->clearOSREntryBlock(); + jitCode->osrEntryRetry = 0; + return nullptr; } if (worklistState == Worklist::Compiled) { // This means that compilation failed and we already set the thresholds. if (Options::verboseOSR()) dataLog("Code block ", *codeBlock, " was compiled but it doesn't have an optimized replacement.\n"); - return 0; + return nullptr; } - // The first order of business is to trigger a for-entry compile. + // We aren't compiling and haven't compiled anything for OSR entry. So, try to compile + // something. Operands<JSValue> mustHandleValues; jitCode->reconstruct( exec, codeBlock, CodeOrigin(bytecodeIndex), streamIndex, mustHandleValues); - CompilationResult forEntryResult = DFG::compile( - *vm, codeBlock->newReplacement().get(), FTLForOSREntryMode, bytecodeIndex, - mustHandleValues, ToFTLForOSREntryDeferredCompilationCallback::create(codeBlock), - vm->ensureWorklist()); - - // But we also want to trigger a replacement compile. Of course, we don't want to - // trigger it if we don't need to. Note that this is kind of weird because we might - // have just finished an FTL compile and that compile failed or was invalidated. - // But this seems uncommon enough that we sort of don't care. It's certainly sound - // to fire off another compile right now so long as we're not already compiling and - // we don't already have an optimized replacement. Note, we don't do this for - // obviously bad cases like global code, where we know that there is a slim chance - // of this code being invoked ever again. - CompilationKey keyForReplacement(codeBlock->baselineVersion(), FTLMode); - if (codeBlock->codeType() != GlobalCode - && !codeBlock->hasOptimizedReplacement() - && (!vm->worklist.get() - || vm->worklist->compilationState(keyForReplacement) == Worklist::NotKnown)) { - compile( - *vm, codeBlock->newReplacement().get(), FTLMode, UINT_MAX, Operands<JSValue>(), - ToFTLDeferredCompilationCallback::create(codeBlock), vm->ensureWorklist()); + CodeBlock* replacementCodeBlock = codeBlock->newReplacement(); + CompilationResult forEntryResult = compile( + *vm, replacementCodeBlock, codeBlock, FTLForOSREntryMode, bytecodeIndex, + mustHandleValues, ToFTLForOSREntryDeferredCompilationCallback::create()); + + if (jitCode->neverExecutedEntry) + triggerFTLReplacementCompile(vm, codeBlock, jitCode); + + if (forEntryResult != CompilationSuccessful) { + jitCode->setOptimizationThresholdBasedOnCompilationResult( + codeBlock, CompilationDeferred); + return nullptr; } - - if (forEntryResult != CompilationSuccessful) - return 0; - + // It's possible that the for-entry compile already succeeded. In that case OSR // entry will succeed unless we ran out of stack. It's not clear what we should do. // We signal to try again after a while if that happens. void* address = FTL::prepareOSREntry( - exec, codeBlock, jitCode->osrEntryBlock.get(), bytecodeIndex, streamIndex); - if (address) - jitCode->optimizeSoon(codeBlock); - else - jitCode->optimizeAfterWarmUp(codeBlock); + exec, codeBlock, jitCode->osrEntryBlock(), bytecodeIndex, streamIndex); return static_cast<char*>(address); } -// FIXME: Make calls work well. Currently they're a pure regression. -// https://bugs.webkit.org/show_bug.cgi?id=113621 -EncodedJSValue JIT_OPERATION operationFTLCall(ExecState* exec) -{ - ExecState* callerExec = exec->callerFrame(); - - VM* vm = &callerExec->vm(); - NativeCallFrameTracer tracer(vm, callerExec); - - JSValue callee = exec->calleeAsValue(); - CallData callData; - CallType callType = getCallData(callee, callData); - if (callType == CallTypeNone) { - vm->throwException(callerExec, createNotAFunctionError(callerExec, callee)); - return JSValue::encode(jsUndefined()); - } - - return JSValue::encode(call(callerExec, callee, callType, callData, exec->thisValue(), exec)); -} - -// FIXME: Make calls work well. Currently they're a pure regression. -// https://bugs.webkit.org/show_bug.cgi?id=113621 -EncodedJSValue JIT_OPERATION operationFTLConstruct(ExecState* exec) -{ - ExecState* callerExec = exec->callerFrame(); - - VM* vm = &callerExec->vm(); - NativeCallFrameTracer tracer(vm, callerExec); - - JSValue callee = exec->calleeAsValue(); - ConstructData constructData; - ConstructType constructType = getConstructData(callee, constructData); - if (constructType == ConstructTypeNone) { - vm->throwException(callerExec, createNotAFunctionError(callerExec, callee)); - return JSValue::encode(jsUndefined()); - } - - return JSValue::encode(construct(callerExec, callee, constructType, constructData, exec)); -} #endif // ENABLE(FTL_JIT) } // extern "C" |