From ee4c86d1990a9e26277a6948e7027ad8d525ebfa Mon Sep 17 00:00:00 2001 From: Simon Hausmann Date: Thu, 18 Oct 2012 10:55:06 +0200 Subject: Imported WebKit commit 795dcd25a9649fccaf1c9b685f6e2ffedaf7e620 (http://svn.webkit.org/repository/webkit/trunk@131718) New snapshot that includes the return of -fkeep-memory at link time to reduce memory pressure as well as modularized documentation --- Source/JavaScriptCore/ChangeLog | 628 +++++++++++++++++++++ Source/JavaScriptCore/bytecode/CodeBlock.cpp | 11 +- Source/JavaScriptCore/bytecode/Opcode.h | 1 + Source/JavaScriptCore/bytecode/ResolveOperation.h | 178 ++++++ Source/JavaScriptCore/bytecode/SpecialPointer.h | 2 + .../bytecompiler/BytecodeGenerator.cpp | 97 +++- .../bytecompiler/BytecodeGenerator.h | 20 +- .../JavaScriptCore/bytecompiler/NodesCodegen.cpp | 36 +- Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp | 6 + Source/JavaScriptCore/dfg/DFGCapabilities.h | 1 + Source/JavaScriptCore/dfg/DFGGraph.cpp | 4 +- .../JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp | 19 +- Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp | 18 +- Source/JavaScriptCore/heap/BlockAllocator.cpp | 28 +- Source/JavaScriptCore/heap/HeapStatistics.cpp | 6 - Source/JavaScriptCore/heap/HeapStatistics.h | 1 - Source/JavaScriptCore/jit/JIT.cpp | 1 + Source/JavaScriptCore/jit/JIT.h | 1 + Source/JavaScriptCore/jit/JITOpcodes.cpp | 11 + Source/JavaScriptCore/jit/JITPropertyAccess.cpp | 2 +- .../JavaScriptCore/jit/JITPropertyAccess32_64.cpp | 2 +- Source/JavaScriptCore/jit/JITStubs.cpp | 8 + Source/JavaScriptCore/jit/JITStubs.h | 1 + Source/JavaScriptCore/llint/LLIntSlowPaths.cpp | 7 + Source/JavaScriptCore/llint/LLIntSlowPaths.h | 1 + .../JavaScriptCore/llint/LowLevelInterpreter.asm | 6 + Source/JavaScriptCore/runtime/ArrayConstructor.cpp | 19 +- Source/JavaScriptCore/runtime/ArrayConstructor.h | 3 + Source/JavaScriptCore/runtime/CommonIdentifiers.h | 2 + Source/JavaScriptCore/runtime/JSGlobalObject.cpp | 6 +- Source/JavaScriptCore/runtime/StringPrototype.cpp | 20 +- Source/JavaScriptCore/yarr/YarrPattern.cpp | 4 +- 32 files changed, 1066 insertions(+), 84 deletions(-) create mode 100644 Source/JavaScriptCore/bytecode/ResolveOperation.h (limited to 'Source/JavaScriptCore') diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog index 69429a65d..3574aa0d8 100644 --- a/Source/JavaScriptCore/ChangeLog +++ b/Source/JavaScriptCore/ChangeLog @@ -1,3 +1,631 @@ +2012-10-17 Zoltan Horvath + + Remove the JSHeap memory measurement of the PageLoad performacetests since it creates bogus JSGlobalDatas + https://bugs.webkit.org/show_bug.cgi?id=99609 + + Reviewed by Ryosuke Niwa. + + Remove the implementation since it creates bogus JSGlobalDatas in the layout tests. + + * heap/HeapStatistics.cpp: + (JSC): + * heap/HeapStatistics.h: + (HeapStatistics): + +2012-10-17 Sam Weinig + + Attempt to fix the build. + + * bytecode/GlobalResolveInfo.h: Copied from bytecode/GlobalResolveInfo.h. + +2012-10-17 Oliver Hunt + + Roll out r131645 as it causes random site crashes. + + * GNUmakefile.list.am: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.cpp: + (JSC): + (JSC::isGlobalResolve): + (JSC::instructionOffsetForNth): + (JSC::printGlobalResolveInfo): + (JSC::CodeBlock::printStructures): + (JSC::CodeBlock::dump): + (JSC::CodeBlock::CodeBlock): + (JSC::CodeBlock::visitStructures): + (JSC::CodeBlock::finalizeUnconditionally): + (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset): + (JSC::CodeBlock::globalResolveInfoForBytecodeOffset): + (JSC::CodeBlock::shrinkToFit): + * bytecode/CodeBlock.h: + (CodeBlock): + (JSC::CodeBlock::addGlobalResolveInstruction): + (JSC::CodeBlock::addGlobalResolveInfo): + (JSC::CodeBlock::globalResolveInfo): + (JSC::CodeBlock::numberOfGlobalResolveInfos): + (JSC::CodeBlock::globalResolveInfoCount): + * bytecode/Opcode.h: + (JSC): + (JSC::padOpcodeName): + * bytecode/ResolveGlobalStatus.cpp: + (JSC): + (JSC::computeForStructure): + (JSC::computeForLLInt): + (JSC::ResolveGlobalStatus::computeFor): + * bytecode/ResolveGlobalStatus.h: + (JSC): + (ResolveGlobalStatus): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::ResolveResult::checkValidity): + (JSC::ResolveResult::registerPointer): + (JSC): + (JSC::BytecodeGenerator::BytecodeGenerator): + (JSC::BytecodeGenerator::resolve): + (JSC::BytecodeGenerator::resolveConstDecl): + (JSC::BytecodeGenerator::shouldAvoidResolveGlobal): + (JSC::BytecodeGenerator::emitResolve): + (JSC::BytecodeGenerator::emitResolveBase): + (JSC::BytecodeGenerator::emitResolveBaseForPut): + (JSC::BytecodeGenerator::emitResolveWithBase): + (JSC::BytecodeGenerator::emitResolveWithThis): + (JSC::BytecodeGenerator::emitGetStaticVar): + (JSC::BytecodeGenerator::emitInitGlobalConst): + (JSC::BytecodeGenerator::emitPutStaticVar): + * bytecompiler/BytecodeGenerator.h: + (JSC::ResolveResult::registerResolve): + (JSC::ResolveResult::dynamicResolve): + (JSC::ResolveResult::lexicalResolve): + (JSC::ResolveResult::indexedGlobalResolve): + (JSC::ResolveResult::dynamicIndexedGlobalResolve): + (JSC::ResolveResult::globalResolve): + (JSC::ResolveResult::dynamicGlobalResolve): + (JSC::ResolveResult::type): + (JSC::ResolveResult::index): + (JSC::ResolveResult::depth): + (JSC::ResolveResult::globalObject): + (ResolveResult): + (JSC::ResolveResult::isStatic): + (JSC::ResolveResult::isIndexed): + (JSC::ResolveResult::isScoped): + (JSC::ResolveResult::isGlobal): + (JSC::ResolveResult::ResolveResult): + (BytecodeGenerator): + * bytecompiler/NodesCodegen.cpp: + (JSC::ResolveNode::isPure): + (JSC::FunctionCallResolveNode::emitBytecode): + (JSC::PostfixNode::emitResolve): + (JSC::PrefixNode::emitResolve): + (JSC::ReadModifyResolveNode::emitBytecode): + (JSC::AssignResolveNode::emitBytecode): + (JSC::ConstDeclNode::emitCodeSingle): + (JSC::ForInNode::emitBytecode): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (ByteCodeParser): + (InlineStackEntry): + (JSC::DFG::ByteCodeParser::handleGetByOffset): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + * dfg/DFGCapabilities.h: + (DFG): + (JSC::DFG::canCompileOpcode): + (JSC::DFG::canInlineOpcode): + * dfg/DFGGraph.h: + (ResolveGlobalData): + (DFG): + (Graph): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasIdentifier): + * dfg/DFGNodeType.h: + (DFG): + * dfg/DFGOSRExit.cpp: + (JSC::DFG::OSRExit::OSRExit): + * dfg/DFGOSRExit.h: + (OSRExit): + * dfg/DFGOSRExitCompiler.cpp: + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + (JSC): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryCacheGetByID): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::callOperation): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGStructureCheckHoistingPhase.cpp: + (JSC::DFG::StructureCheckHoistingPhase::run): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompileSlowCases): + * jit/JIT.h: + (JIT): + (JSC::JIT::emit_op_get_global_var_watchable): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_resolve): + (JSC): + (JSC::JIT::emit_op_resolve_base): + (JSC::JIT::emit_op_resolve_skip): + (JSC::JIT::emit_op_resolve_global): + (JSC::JIT::emitSlow_op_resolve_global): + (JSC::JIT::emit_op_resolve_with_base): + (JSC::JIT::emit_op_resolve_with_this): + (JSC::JIT::emit_op_resolve_global_dynamic): + (JSC::JIT::emitSlow_op_resolve_global_dynamic): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_resolve): + (JSC): + (JSC::JIT::emit_op_resolve_base): + (JSC::JIT::emit_op_resolve_skip): + (JSC::JIT::emit_op_resolve_global): + (JSC::JIT::emitSlow_op_resolve_global): + (JSC::JIT::emit_op_resolve_with_base): + (JSC::JIT::emit_op_resolve_with_this): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_get_scoped_var): + (JSC): + (JSC::JIT::emit_op_put_scoped_var): + (JSC::JIT::emit_op_get_global_var): + (JSC::JIT::emit_op_put_global_var): + (JSC::JIT::emit_op_put_global_var_check): + (JSC::JIT::emitSlow_op_put_global_var_check): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_get_scoped_var): + (JSC): + (JSC::JIT::emit_op_put_scoped_var): + (JSC::JIT::emit_op_get_global_var): + (JSC::JIT::emit_op_put_global_var): + (JSC::JIT::emit_op_put_global_var_check): + (JSC::JIT::emitSlow_op_put_global_var_check): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + (JSC): + * jit/JITStubs.h: + * llint/LLIntSlowPaths.cpp: + (LLInt): + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + * llint/LLIntSlowPaths.h: + (LLInt): + * llint/LowLevelInterpreter.asm: + * llint/LowLevelInterpreter32_64.asm: + * llint/LowLevelInterpreter64.asm: + * runtime/JSScope.cpp: + (JSC::JSScope::resolve): + (JSC::JSScope::resolveSkip): + (JSC::JSScope::resolveGlobal): + (JSC::JSScope::resolveGlobalDynamic): + (JSC::JSScope::resolveBase): + (JSC::JSScope::resolveWithBase): + (JSC::JSScope::resolveWithThis): + * runtime/JSScope.h: + (JSScope): + * runtime/JSVariableObject.cpp: + * runtime/JSVariableObject.h: + * runtime/Structure.h: + +2012-10-17 Filip Pizlo + + REGRESSION (r130826 or r130828): Twitter top bar is dysfunctional + https://bugs.webkit.org/show_bug.cgi?id=99577 + + + Reviewed by Mark Hahnenberg. + + It turns out that it's a good idea to maintain the invariants of your object model, such as that + elements past publicLength should have the hole value. + + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + +2012-10-17 Anders Carlsson + + Clean up Vector.h + https://bugs.webkit.org/show_bug.cgi?id=99622 + + Reviewed by Benjamin Poulain. + + Fix fallout from removing std::max and std::min using declarations. + + * runtime/StringPrototype.cpp: + (JSC::jsSpliceSubstrings): + (JSC::jsSpliceSubstringsWithSeparators): + (JSC::stringProtoFuncIndexOf): + * yarr/YarrPattern.cpp: + (JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets): + +2012-10-17 Oliver Hunt + + Committing new files is so overrated. + + * bytecode/ResolveOperation.h: Added. + (JSC): + (JSC::ResolveOperation::getAndReturnScopedVar): + (JSC::ResolveOperation::checkForDynamicEntriesBeforeGlobalScope): + (ResolveOperation): + (JSC::ResolveOperation::getAndReturnGlobalVar): + (JSC::ResolveOperation::getAndReturnGlobalProperty): + (JSC::ResolveOperation::resolveFail): + (JSC::ResolveOperation::skipTopScopeNode): + (JSC::ResolveOperation::skipScopes): + (JSC::ResolveOperation::returnGlobalObjectAsBase): + (JSC::ResolveOperation::setBaseToGlobal): + (JSC::ResolveOperation::setBaseToUndefined): + (JSC::ResolveOperation::setBaseToScope): + (JSC::ResolveOperation::returnScopeAsBase): + (JSC::PutToBaseOperation::PutToBaseOperation): + +2012-10-17 Michael Saboff + + StringPrototype::jsSpliceSubstringsWithSeparators() doesn't optimally handle 8 bit strings + https://bugs.webkit.org/show_bug.cgi?id=99230 + + Reviewed by Geoffrey Garen. + + Added code to select characters8() or characters16() on the not all 8 bit path for both the + processing of the source and the separators. + + * runtime/StringPrototype.cpp: + (JSC::jsSpliceSubstringsWithSeparators): + +2012-10-17 Filip Pizlo + + Array and object allocations via 'new Object' or 'new Array' should be inlined in bytecode to allow allocation site profiling + https://bugs.webkit.org/show_bug.cgi?id=99557 + + Reviewed by Geoffrey Garen. + + Removed an inaccurate and misleading comment as per Geoff's review. (I forgot + to make this change as part of http://trac.webkit.org/changeset/131644). + + * bytecompiler/NodesCodegen.cpp: + (JSC::FunctionCallResolveNode::emitBytecode): + +2012-10-17 Oliver Hunt + + Bytecode should not have responsibility for determining how to perform non-local resolves + https://bugs.webkit.org/show_bug.cgi?id=99349 + + Reviewed by Gavin Barraclough. + + This patch removes lexical analysis from the bytecode generation. This allows + us to delay lookup of a non-local variables until the lookup is actually necessary, + and simplifies a lot of the resolve logic in BytecodeGenerator. + + Once a lookup is performed we cache the lookup information in a set of out-of-line + buffers in CodeBlock. This allows subsequent lookups to avoid unnecessary hashing, + etc, and allows the respective JITs to recreated optimal lookup code. + + This is currently still a performance regression in LLInt, but most of the remaining + regression is caused by a lot of indirection that I'll remove in future work, as well + as some work necessary to allow LLInt to perform in line instruction repatching. + We will also want to improve the behaviour of the baseline JIT for some of the lookup + operations, however this patch was getting quite large already so I'm landing it now + that we've reached the bar of "performance-neutral". + + * GNUmakefile.list.am: + * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::printStructures): + (JSC::CodeBlock::dump): + (JSC::CodeBlock::CodeBlock): + (JSC::CodeBlock::visitStructures): + (JSC): + (JSC::CodeBlock::finalizeUnconditionally): + (JSC::CodeBlock::shrinkToFit): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::addResolve): + (JSC::CodeBlock::addPutToBase): + (CodeBlock): + (JSC::CodeBlock::resolveOperations): + (JSC::CodeBlock::putToBaseOperation): + (JSC::CodeBlock::numberOfResolveOperations): + (JSC::CodeBlock::numberOfPutToBaseOperations): + (JSC::CodeBlock::addPropertyAccessInstruction): + (JSC::CodeBlock::globalObjectConstant): + (JSC::CodeBlock::setGlobalObjectConstant): + * bytecode/GlobalResolveInfo.h: Removed. + * bytecode/Opcode.h: + (JSC): + (JSC::padOpcodeName): + * bytecode/ResolveGlobalStatus.cpp: + (JSC::computeForStructure): + (JSC::ResolveGlobalStatus::computeFor): + * bytecode/ResolveGlobalStatus.h: + (JSC): + (ResolveGlobalStatus): + * bytecode/ResolveOperation.h: Added. + The new types and logic we use to perform the cached lookups. + (JSC): + (ResolveOperation): + (JSC::ResolveOperation::getAndReturnScopedVar): + (JSC::ResolveOperation::checkForDynamicEntriesBeforeGlobalScope): + (JSC::ResolveOperation::getAndReturnGlobalVar): + (JSC::ResolveOperation::getAndReturnGlobalProperty): + (JSC::ResolveOperation::resolveFail): + (JSC::ResolveOperation::skipTopScopeNode): + (JSC::ResolveOperation::skipScopes): + (JSC::ResolveOperation::returnGlobalObjectAsBase): + (JSC::ResolveOperation::setBaseToGlobal): + (JSC::ResolveOperation::setBaseToUndefined): + (JSC::ResolveOperation::setBaseToScope): + (JSC::ResolveOperation::returnScopeAsBase): + (JSC::PutToBaseOperation::PutToBaseOperation): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::ResolveResult::checkValidity): + (JSC): + (JSC::BytecodeGenerator::BytecodeGenerator): + (JSC::BytecodeGenerator::resolve): + (JSC::BytecodeGenerator::resolveConstDecl): + (JSC::BytecodeGenerator::shouldAvoidResolveGlobal): + (JSC::BytecodeGenerator::emitResolve): + (JSC::BytecodeGenerator::emitResolveBase): + (JSC::BytecodeGenerator::emitResolveBaseForPut): + (JSC::BytecodeGenerator::emitResolveWithBaseForPut): + (JSC::BytecodeGenerator::emitResolveWithThis): + (JSC::BytecodeGenerator::emitGetLocalVar): + (JSC::BytecodeGenerator::emitInitGlobalConst): + (JSC::BytecodeGenerator::emitPutToBase): + * bytecompiler/BytecodeGenerator.h: + (JSC::ResolveResult::registerResolve): + (JSC::ResolveResult::dynamicResolve): + (ResolveResult): + (JSC::ResolveResult::ResolveResult): + (JSC): + (NonlocalResolveInfo): + (JSC::NonlocalResolveInfo::NonlocalResolveInfo): + (JSC::NonlocalResolveInfo::~NonlocalResolveInfo): + (JSC::NonlocalResolveInfo::resolved): + (JSC::NonlocalResolveInfo::put): + (BytecodeGenerator): + (JSC::BytecodeGenerator::getResolveOperations): + (JSC::BytecodeGenerator::getResolveWithThisOperations): + (JSC::BytecodeGenerator::getResolveBaseOperations): + (JSC::BytecodeGenerator::getResolveBaseForPutOperations): + (JSC::BytecodeGenerator::getResolveWithBaseForPutOperations): + (JSC::BytecodeGenerator::getPutToBaseOperation): + * bytecompiler/NodesCodegen.cpp: + (JSC::ResolveNode::isPure): + (JSC::FunctionCallResolveNode::emitBytecode): + (JSC::PostfixNode::emitResolve): + (JSC::PrefixNode::emitResolve): + (JSC::ReadModifyResolveNode::emitBytecode): + (JSC::AssignResolveNode::emitBytecode): + (JSC::ConstDeclNode::emitCodeSingle): + (JSC::ForInNode::emitBytecode): + * dfg/DFGAbstractState.cpp: + (JSC::DFG::AbstractState::execute): + * dfg/DFGByteCodeParser.cpp: + (ByteCodeParser): + (InlineStackEntry): + (JSC::DFG::ByteCodeParser::handleGetByOffset): + (DFG): + (JSC::DFG::ByteCodeParser::parseResolveOperations): + (JSC::DFG::ByteCodeParser::parseBlock): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileResolveOperations): + (DFG): + (JSC::DFG::canCompilePutToBaseOperation): + (JSC::DFG::canCompileOpcode): + (JSC::DFG::canInlineOpcode): + * dfg/DFGGraph.h: + (ResolveGlobalData): + (ResolveOperationData): + (DFG): + (PutToBaseOperationData): + (Graph): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasIdentifier): + (JSC::DFG::Node::resolveOperationsDataIndex): + (Node): + * dfg/DFGNodeType.h: + (DFG): + * dfg/DFGOSRExit.cpp: + (JSC::DFG::OSRExit::OSRExit): + * dfg/DFGOSRExit.h: + (OSRExit): + * dfg/DFGOSRExitCompiler.cpp: + * dfg/DFGOSRExitCompiler32_64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOSRExitCompiler64.cpp: + (JSC::DFG::OSRExitCompiler::compileExit): + * dfg/DFGOperations.cpp: + * dfg/DFGOperations.h: + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGRepatch.cpp: + (JSC::DFG::tryCacheGetByID): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::resolveOperations): + (SpeculativeJIT): + (JSC::DFG::SpeculativeJIT::putToBaseOperation): + (JSC::DFG::SpeculativeJIT::callOperation): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGStructureCheckHoistingPhase.cpp: + (JSC::DFG::StructureCheckHoistingPhase::run): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + (JSC::JIT::privateCompileSlowCases): + * jit/JIT.h: + (JIT): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_put_to_base): + (JSC): + (JSC::JIT::emit_resolve_operations): + (JSC::JIT::emitSlow_link_resolve_operations): + (JSC::JIT::emit_op_resolve): + (JSC::JIT::emitSlow_op_resolve): + (JSC::JIT::emit_op_resolve_base): + (JSC::JIT::emitSlow_op_resolve_base): + (JSC::JIT::emit_op_resolve_with_base): + (JSC::JIT::emitSlow_op_resolve_with_base): + (JSC::JIT::emit_op_resolve_with_this): + (JSC::JIT::emitSlow_op_resolve_with_this): + (JSC::JIT::emitSlow_op_put_to_base): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_put_to_base): + (JSC): + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emit_op_init_global_const): + (JSC::JIT::emit_op_init_global_const_check): + (JSC::JIT::emitSlow_op_init_global_const_check): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emit_op_init_global_const): + (JSC::JIT::emit_op_init_global_const_check): + (JSC::JIT::emitSlow_op_init_global_const_check): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + (JSC): + * jit/JITStubs.h: + * llint/LLIntSlowPaths.cpp: + (LLInt): + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + * llint/LLIntSlowPaths.h: + (LLInt): + * llint/LowLevelInterpreter.asm: + * llint/LowLevelInterpreter32_64.asm: + * llint/LowLevelInterpreter64.asm: + * runtime/JSScope.cpp: + (JSC::LookupResult::base): + (JSC::LookupResult::value): + (JSC::LookupResult::setBase): + (JSC::LookupResult::setValue): + (LookupResult): + (JSC): + (JSC::setPutPropertyAccessOffset): + (JSC::executeResolveOperations): + (JSC::JSScope::resolveContainingScopeInternal): + (JSC::JSScope::resolveContainingScope): + (JSC::JSScope::resolve): + (JSC::JSScope::resolveBase): + (JSC::JSScope::resolveWithBase): + (JSC::JSScope::resolveWithThis): + (JSC::JSScope::resolvePut): + (JSC::JSScope::resolveGlobal): + * runtime/JSScope.h: + (JSScope): + * runtime/JSVariableObject.cpp: + (JSC): + * runtime/JSVariableObject.h: + (JSVariableObject): + * runtime/Structure.h: + (JSC::Structure::propertyAccessesAreCacheable): + (Structure): + +2012-10-17 Filip Pizlo + + Array and object allocations via 'new Object' or 'new Array' should be inlined in bytecode to allow allocation site profiling + https://bugs.webkit.org/show_bug.cgi?id=99557 + + Reviewed by Geoffrey Garen. + + This uses the old jneq_ptr trick to allow for the bytecode to "see" that the + operation in question is what we almost certainly know it to be. + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + * bytecode/Opcode.h: + (JSC): + (JSC::padOpcodeName): + * bytecode/SpecialPointer.h: + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitCall): + (JSC::BytecodeGenerator::emitCallEval): + (JSC::BytecodeGenerator::expectedFunctionForIdentifier): + (JSC): + (JSC::BytecodeGenerator::emitExpectedFunctionSnippet): + (JSC::BytecodeGenerator::emitConstruct): + * bytecompiler/BytecodeGenerator.h: + (BytecodeGenerator): + * bytecompiler/NodesCodegen.cpp: + (JSC::NewExprNode::emitBytecode): + (JSC::FunctionCallValueNode::emitBytecode): + (JSC::FunctionCallResolveNode::emitBytecode): + (JSC::FunctionCallBracketNode::emitBytecode): + (JSC::FunctionCallDotNode::emitBytecode): + (JSC::CallFunctionCallDotNode::emitBytecode): + (JSC::ApplyFunctionCallDotNode::emitBytecode): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGCapabilities.h: + (JSC::DFG::canCompileOpcode): + * jit/JIT.cpp: + (JSC::JIT::privateCompileMainPass): + * jit/JIT.h: + (JIT): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_new_array_with_size): + (JSC): + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + (JSC): + * jit/JITStubs.h: + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + (LLInt): + * llint/LLIntSlowPaths.h: + (LLInt): + * llint/LowLevelInterpreter.asm: + * runtime/ArrayConstructor.cpp: + (JSC::constructArrayWithSizeQuirk): + (JSC): + * runtime/ArrayConstructor.h: + (JSC): + * runtime/CommonIdentifiers.h: + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + (JSC): + +2012-10-17 Filip Pizlo + + JIT op_get_by_pname should call cti_get_by_val_generic and not cti_get_by_val + https://bugs.webkit.org/show_bug.cgi?id=99631 + + + Reviewed by Mark Hahnenberg. + + cti_get_by_val assumes that the return address has patching metadata associated with it, which won't + be true for op_get_by_pname. cti_get_by_val_generic makes no such assumptions. + + * jit/JITPropertyAccess.cpp: + (JSC::JIT::emitSlow_op_get_by_pname): + * jit/JITPropertyAccess32_64.cpp: + (JSC::JIT::emitSlow_op_get_by_pname): + +2012-10-17 Mark Hahnenberg + + Block freeing thread should sleep indefinitely when there's no work to do + https://bugs.webkit.org/show_bug.cgi?id=98084 + + Reviewed by Geoffrey Garen. + + r130212 didn't fully fix the problem. + + * heap/BlockAllocator.cpp: + (JSC::BlockAllocator::blockFreeingThreadMain): We would just continue to the next iteration if + we found that we had zero blocks to copy. We should move the indefinite wait up to where that + check is done so that we properly detect the "no more blocks to copy, wait for more" condition. + 2012-10-16 Csaba Osztrogonác Unreviewed, rolling out r131516 and r131550. diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp index 9b8260a79..d1151482e 100644 --- a/Source/JavaScriptCore/bytecode/CodeBlock.cpp +++ b/Source/JavaScriptCore/bytecode/CodeBlock.cpp @@ -704,6 +704,13 @@ void CodeBlock::dump(ExecState* exec, const Vector::const_iterator& dumpBytecodeCommentAndNewLine(location); break; } + case op_new_array_with_size: { + int dst = (++it)->u.operand; + int length = (++it)->u.operand; + dataLog("[%4d] new_array_with_size\t %s, %s", location, registerName(exec, dst).data(), registerName(exec, length).data()); + dumpBytecodeCommentAndNewLine(location); + break; + } case op_new_array_buffer: { int dst = (++it)->u.operand; int argv = (++it)->u.operand; @@ -1245,9 +1252,9 @@ void CodeBlock::dump(ExecState* exec, const Vector::const_iterator& } case op_jneq_ptr: { int r0 = (++it)->u.operand; - void* pointer = (++it)->u.pointer; + Special::Pointer pointer = (++it)->u.specialPointer; int offset = (++it)->u.operand; - dataLog("[%4d] jneq_ptr\t\t %s, %p, %d(->%d)", location, registerName(exec, r0).data(), pointer, offset, location + offset); + dataLog("[%4d] jneq_ptr\t\t %s, %d (%p), %d(->%d)", location, registerName(exec, r0).data(), pointer, m_globalObject->actualPointerFor(pointer), offset, location + offset); dumpBytecodeCommentAndNewLine(location); break; } diff --git a/Source/JavaScriptCore/bytecode/Opcode.h b/Source/JavaScriptCore/bytecode/Opcode.h index a5d466154..dd62df700 100644 --- a/Source/JavaScriptCore/bytecode/Opcode.h +++ b/Source/JavaScriptCore/bytecode/Opcode.h @@ -49,6 +49,7 @@ namespace JSC { \ macro(op_new_object, 2) \ macro(op_new_array, 4) \ + macro(op_new_array_with_size, 3) \ macro(op_new_array_buffer, 4) \ macro(op_new_regexp, 3) \ macro(op_mov, 3) \ diff --git a/Source/JavaScriptCore/bytecode/ResolveOperation.h b/Source/JavaScriptCore/bytecode/ResolveOperation.h new file mode 100644 index 000000000..1543ef209 --- /dev/null +++ b/Source/JavaScriptCore/bytecode/ResolveOperation.h @@ -0,0 +1,178 @@ +/* + * Copyright (C) 2012 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef ResolveOperation_h +#define ResolveOperation_h + +#include "PropertyOffset.h" +#include "WriteBarrier.h" + +#include + +namespace JSC { + +class Structure; + +struct ResolveOperation { + typedef enum { + Fail, + SetBaseToUndefined, + ReturnScopeAsBase, + SetBaseToScope, + SetBaseToGlobal, + GetAndReturnScopedVar, + GetAndReturnGlobalVar, + GetAndReturnGlobalVarWatchable, + SkipTopScopeNode, + SkipScopes, + ReturnGlobalObjectAsBase, + GetAndReturnGlobalProperty, + CheckForDynamicEntriesBeforeGlobalScope + } ResolveOperationType; + + ResolveOperationType m_operation; + WriteBarrier m_structure; + union { + PropertyOffset m_offset; + WriteBarrier* m_registerAddress; + int m_scopesToSkip; + int m_activationRegister; + }; + static ResolveOperation getAndReturnScopedVar(PropertyOffset offset) + { + ResolveOperation op; + op.m_operation = GetAndReturnScopedVar; + op.m_offset = offset; + return op; + } + static ResolveOperation checkForDynamicEntriesBeforeGlobalScope() + { + ResolveOperation op; + op.m_operation = CheckForDynamicEntriesBeforeGlobalScope; + return op; + } + + static ResolveOperation getAndReturnGlobalVar(WriteBarrier* registerAddress, bool couldBeWatched) + { + ResolveOperation op; + op.m_operation = couldBeWatched ? GetAndReturnGlobalVarWatchable : GetAndReturnGlobalVar; + op.m_registerAddress = registerAddress; + return op; + } + static ResolveOperation getAndReturnGlobalProperty() + { + ResolveOperation op; + op.m_operation = GetAndReturnGlobalProperty; + return op; + } + static ResolveOperation resolveFail() + { + ResolveOperation op; + op.m_operation = Fail; + return op; + } + static ResolveOperation skipTopScopeNode(int activationRegister) + { + ResolveOperation op; + op.m_operation = SkipTopScopeNode; + op.m_activationRegister = activationRegister; + return op; + } + static ResolveOperation skipScopes(int scopesToSkip) + { + ResolveOperation op; + op.m_operation = SkipScopes; + op.m_scopesToSkip = scopesToSkip; + return op; + } + static ResolveOperation returnGlobalObjectAsBase() + { + ResolveOperation op; + op.m_operation = ReturnGlobalObjectAsBase; + return op; + } + static ResolveOperation setBaseToGlobal() + { + ResolveOperation op; + op.m_operation = SetBaseToGlobal; + return op; + } + static ResolveOperation setBaseToUndefined() + { + ResolveOperation op; + op.m_operation = SetBaseToUndefined; + return op; + } + static ResolveOperation setBaseToScope() + { + ResolveOperation op; + op.m_operation = SetBaseToScope; + return op; + } + static ResolveOperation returnScopeAsBase() + { + ResolveOperation op; + op.m_operation = ReturnScopeAsBase; + return op; + } +}; + +typedef Vector ResolveOperations; + +struct PutToBaseOperation { + PutToBaseOperation(bool isStrict) + : m_kind(Uninitialised) + , m_isDynamic(false) + , m_isStrict(isStrict) + , m_predicatePointer(0) + { + + } + enum Kind { Uninitialised, Generic, Readonly, GlobalVariablePut, GlobalVariablePutChecked, GlobalPropertyPut, VariablePut }; + union { + Kind m_kind : 8; + uint8_t m_kindAsUint8; + }; + bool m_isDynamic : 8; + bool m_isStrict : 8; + union { + bool* m_predicatePointer; + unsigned m_scopeDepth; + }; + WriteBarrier m_structure; + union { + // Used for GlobalVariablePut + WriteBarrier* m_registerAddress; + + // Used for GlobalPropertyPut and VariablePut + struct { + PropertyOffset m_offset; + int32_t m_offsetInButterfly; + }; + }; +}; +} + +#endif // ResolveOperation_h diff --git a/Source/JavaScriptCore/bytecode/SpecialPointer.h b/Source/JavaScriptCore/bytecode/SpecialPointer.h index 2c624784b..c18a6e904 100644 --- a/Source/JavaScriptCore/bytecode/SpecialPointer.h +++ b/Source/JavaScriptCore/bytecode/SpecialPointer.h @@ -35,6 +35,8 @@ namespace Special { enum Pointer { CallFunction, ApplyFunction, + ObjectConstructor, + ArrayConstructor, TableSize // Not a real special pointer. Use this to determine the number of pointers. }; } // namespace Special diff --git a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp index 4308148b3..1160a1888 100644 --- a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp +++ b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp @@ -2013,9 +2013,9 @@ RegisterID* BytecodeGenerator::emitNewFunctionExpression(RegisterID* r0, FuncExp return r0; } -RegisterID* BytecodeGenerator::emitCall(RegisterID* dst, RegisterID* func, CallArguments& callArguments, unsigned divot, unsigned startOffset, unsigned endOffset) +RegisterID* BytecodeGenerator::emitCall(RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, unsigned divot, unsigned startOffset, unsigned endOffset) { - return emitCall(op_call, dst, func, callArguments, divot, startOffset, endOffset); + return emitCall(op_call, dst, func, expectedFunction, callArguments, divot, startOffset, endOffset); } void BytecodeGenerator::createArgumentsIfNecessary() @@ -2048,10 +2048,85 @@ void BytecodeGenerator::createActivationIfNecessary() RegisterID* BytecodeGenerator::emitCallEval(RegisterID* dst, RegisterID* func, CallArguments& callArguments, unsigned divot, unsigned startOffset, unsigned endOffset) { - return emitCall(op_call_eval, dst, func, callArguments, divot, startOffset, endOffset); + return emitCall(op_call_eval, dst, func, NoExpectedFunction, callArguments, divot, startOffset, endOffset); } -RegisterID* BytecodeGenerator::emitCall(OpcodeID opcodeID, RegisterID* dst, RegisterID* func, CallArguments& callArguments, unsigned divot, unsigned startOffset, unsigned endOffset) +ExpectedFunction BytecodeGenerator::expectedFunctionForIdentifier(const Identifier& identifier) +{ + if (identifier == m_globalData->propertyNames->Object) + return ExpectObjectConstructor; + if (identifier == m_globalData->propertyNames->Array) + return ExpectArrayConstructor; + return NoExpectedFunction; +} + +ExpectedFunction BytecodeGenerator::emitExpectedFunctionSnippet(RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, Label* done) +{ + RefPtr