mirror of
https://github.com/darlinghq/darling-JavaScriptCore.git
synced 2024-11-23 04:09:40 +00:00
481 lines
17 KiB
C++
481 lines
17 KiB
C++
/*
|
|
* Copyright (C) 2012-2019 Apple Inc. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
|
|
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
|
|
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
|
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
|
|
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include "config.h"
|
|
#include "PutByIdStatus.h"
|
|
|
|
#include "BytecodeStructs.h"
|
|
#include "CodeBlock.h"
|
|
#include "ComplexGetStatus.h"
|
|
#include "GetterSetterAccessCase.h"
|
|
#include "ICStatusUtils.h"
|
|
#include "PolymorphicAccess.h"
|
|
#include "StructureInlines.h"
|
|
#include "StructureStubInfo.h"
|
|
#include <wtf/ListDump.h>
|
|
|
|
namespace JSC {
|
|
|
|
bool PutByIdStatus::appendVariant(const PutByIdVariant& variant)
|
|
{
|
|
return appendICStatusVariant(m_variants, variant);
|
|
}
|
|
|
|
PutByIdStatus PutByIdStatus::computeFromLLInt(CodeBlock* profiledBlock, BytecodeIndex bytecodeIndex, UniquedStringImpl* uid)
|
|
{
|
|
VM& vm = profiledBlock->vm();
|
|
|
|
auto instruction = profiledBlock->instructions().at(bytecodeIndex.offset());
|
|
|
|
// We are not yet using `computeFromLLInt` in any place for `put_private_name`.
|
|
// We can add support for it if this is required in future changes, since we have
|
|
// IC implemented for this operation on LLInt.
|
|
ASSERT(!instruction->is<OpPutPrivateName>());
|
|
|
|
auto bytecode = instruction->as<OpPutById>();
|
|
auto& metadata = bytecode.metadata(profiledBlock);
|
|
|
|
StructureID structureID = metadata.m_oldStructureID;
|
|
if (!structureID)
|
|
return PutByIdStatus(NoInformation);
|
|
|
|
Structure* structure = vm.heap.structureIDTable().get(structureID);
|
|
|
|
StructureID newStructureID = metadata.m_newStructureID;
|
|
if (!newStructureID) {
|
|
PropertyOffset offset = structure->getConcurrently(uid);
|
|
if (!isValidOffset(offset))
|
|
return PutByIdStatus(NoInformation);
|
|
|
|
return PutByIdVariant::replace(structure, offset);
|
|
}
|
|
|
|
Structure* newStructure = vm.heap.structureIDTable().get(newStructureID);
|
|
|
|
ASSERT(structure->transitionWatchpointSetHasBeenInvalidated());
|
|
|
|
PropertyOffset offset = newStructure->getConcurrently(uid);
|
|
if (!isValidOffset(offset))
|
|
return PutByIdStatus(NoInformation);
|
|
|
|
ObjectPropertyConditionSet conditionSet;
|
|
if (!(bytecode.m_flags.isDirect())) {
|
|
conditionSet =
|
|
generateConditionsForPropertySetterMissConcurrently(
|
|
vm, profiledBlock->globalObject(), structure, uid);
|
|
if (!conditionSet.isValid())
|
|
return PutByIdStatus(NoInformation);
|
|
}
|
|
|
|
return PutByIdVariant::transition(
|
|
structure, newStructure, conditionSet, offset);
|
|
}
|
|
|
|
#if ENABLE(JIT)
|
|
PutByIdStatus PutByIdStatus::computeFor(CodeBlock* profiledBlock, ICStatusMap& map, BytecodeIndex bytecodeIndex, UniquedStringImpl* uid, ExitFlag didExit, CallLinkStatus::ExitSiteData callExitSiteData)
|
|
{
|
|
ConcurrentJSLocker locker(profiledBlock->m_lock);
|
|
|
|
UNUSED_PARAM(profiledBlock);
|
|
UNUSED_PARAM(bytecodeIndex);
|
|
UNUSED_PARAM(uid);
|
|
#if ENABLE(DFG_JIT)
|
|
if (didExit)
|
|
return PutByIdStatus(TakesSlowPath);
|
|
|
|
StructureStubInfo* stubInfo = map.get(CodeOrigin(bytecodeIndex)).stubInfo;
|
|
PutByIdStatus result = computeForStubInfo(
|
|
locker, profiledBlock, stubInfo, uid, callExitSiteData);
|
|
if (!result)
|
|
return computeFromLLInt(profiledBlock, bytecodeIndex, uid);
|
|
|
|
return result;
|
|
#else // ENABLE(JIT)
|
|
UNUSED_PARAM(map);
|
|
UNUSED_PARAM(didExit);
|
|
UNUSED_PARAM(callExitSiteData);
|
|
return PutByIdStatus(NoInformation);
|
|
#endif // ENABLE(JIT)
|
|
}
|
|
|
|
PutByIdStatus PutByIdStatus::computeForStubInfo(const ConcurrentJSLocker& locker, CodeBlock* baselineBlock, StructureStubInfo* stubInfo, CodeOrigin codeOrigin, UniquedStringImpl* uid)
|
|
{
|
|
return computeForStubInfo(
|
|
locker, baselineBlock, stubInfo, uid,
|
|
CallLinkStatus::computeExitSiteData(baselineBlock, codeOrigin.bytecodeIndex()));
|
|
}
|
|
|
|
PutByIdStatus PutByIdStatus::computeForStubInfo(
|
|
const ConcurrentJSLocker& locker, CodeBlock* profiledBlock, StructureStubInfo* stubInfo,
|
|
UniquedStringImpl* uid, CallLinkStatus::ExitSiteData callExitSiteData)
|
|
{
|
|
StubInfoSummary summary = StructureStubInfo::summary(profiledBlock->vm(), stubInfo);
|
|
if (!isInlineable(summary))
|
|
return PutByIdStatus(summary);
|
|
|
|
switch (stubInfo->cacheType()) {
|
|
case CacheType::Unset:
|
|
// This means that we attempted to cache but failed for some reason.
|
|
return PutByIdStatus(JSC::slowVersion(summary));
|
|
|
|
case CacheType::PutByIdReplace: {
|
|
PropertyOffset offset =
|
|
stubInfo->u.byIdSelf.baseObjectStructure->getConcurrently(uid);
|
|
if (isValidOffset(offset)) {
|
|
return PutByIdVariant::replace(
|
|
stubInfo->u.byIdSelf.baseObjectStructure.get(), offset);
|
|
}
|
|
return PutByIdStatus(JSC::slowVersion(summary));
|
|
}
|
|
|
|
case CacheType::Stub: {
|
|
PolymorphicAccess* list = stubInfo->u.stub;
|
|
|
|
PutByIdStatus result;
|
|
result.m_state = Simple;
|
|
|
|
for (unsigned i = 0; i < list->size(); ++i) {
|
|
const AccessCase& access = list->at(i);
|
|
if (access.viaProxy())
|
|
return PutByIdStatus(JSC::slowVersion(summary));
|
|
if (access.usesPolyProto())
|
|
return PutByIdStatus(JSC::slowVersion(summary));
|
|
|
|
PutByIdVariant variant;
|
|
|
|
switch (access.type()) {
|
|
case AccessCase::Replace: {
|
|
Structure* structure = access.structure();
|
|
PropertyOffset offset = structure->getConcurrently(uid);
|
|
if (!isValidOffset(offset))
|
|
return PutByIdStatus(JSC::slowVersion(summary));
|
|
variant = PutByIdVariant::replace(
|
|
structure, offset);
|
|
break;
|
|
}
|
|
|
|
case AccessCase::Transition: {
|
|
PropertyOffset offset =
|
|
access.newStructure()->getConcurrently(uid);
|
|
if (!isValidOffset(offset))
|
|
return PutByIdStatus(JSC::slowVersion(summary));
|
|
ObjectPropertyConditionSet conditionSet = access.conditionSet();
|
|
if (!conditionSet.structuresEnsureValidity())
|
|
return PutByIdStatus(JSC::slowVersion(summary));
|
|
variant = PutByIdVariant::transition(
|
|
access.structure(), access.newStructure(), conditionSet, offset);
|
|
break;
|
|
}
|
|
|
|
case AccessCase::Setter: {
|
|
Structure* structure = access.structure();
|
|
|
|
ComplexGetStatus complexGetStatus = ComplexGetStatus::computeFor(
|
|
structure, access.conditionSet(), uid);
|
|
|
|
switch (complexGetStatus.kind()) {
|
|
case ComplexGetStatus::ShouldSkip:
|
|
continue;
|
|
|
|
case ComplexGetStatus::TakesSlowPath:
|
|
return PutByIdStatus(JSC::slowVersion(summary));
|
|
|
|
case ComplexGetStatus::Inlineable: {
|
|
std::unique_ptr<CallLinkStatus> callLinkStatus =
|
|
makeUnique<CallLinkStatus>();
|
|
if (CallLinkInfo* callLinkInfo = access.as<GetterSetterAccessCase>().callLinkInfo()) {
|
|
*callLinkStatus = CallLinkStatus::computeFor(
|
|
locker, profiledBlock, *callLinkInfo, callExitSiteData);
|
|
}
|
|
|
|
variant = PutByIdVariant::setter(
|
|
structure, complexGetStatus.offset(), complexGetStatus.conditionSet(),
|
|
WTFMove(callLinkStatus));
|
|
} }
|
|
break;
|
|
}
|
|
|
|
case AccessCase::CustomValueSetter:
|
|
case AccessCase::CustomAccessorSetter:
|
|
return PutByIdStatus(MakesCalls);
|
|
|
|
default:
|
|
return PutByIdStatus(JSC::slowVersion(summary));
|
|
}
|
|
|
|
if (!result.appendVariant(variant))
|
|
return PutByIdStatus(JSC::slowVersion(summary));
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
default:
|
|
return PutByIdStatus(JSC::slowVersion(summary));
|
|
}
|
|
}
|
|
|
|
PutByIdStatus PutByIdStatus::computeFor(CodeBlock* baselineBlock, ICStatusMap& baselineMap, ICStatusContextStack& contextStack, CodeOrigin codeOrigin, UniquedStringImpl* uid)
|
|
{
|
|
BytecodeIndex bytecodeIndex = codeOrigin.bytecodeIndex();
|
|
CallLinkStatus::ExitSiteData callExitSiteData = CallLinkStatus::computeExitSiteData(baselineBlock, bytecodeIndex);
|
|
ExitFlag didExit = hasBadCacheExitSite(baselineBlock, bytecodeIndex);
|
|
|
|
for (ICStatusContext* context : contextStack) {
|
|
ICStatus status = context->get(codeOrigin);
|
|
|
|
auto bless = [&] (const PutByIdStatus& result) -> PutByIdStatus {
|
|
if (!context->isInlined(codeOrigin)) {
|
|
PutByIdStatus baselineResult = computeFor(
|
|
baselineBlock, baselineMap, bytecodeIndex, uid, didExit,
|
|
callExitSiteData);
|
|
baselineResult.merge(result);
|
|
return baselineResult;
|
|
}
|
|
if (didExit.isSet(ExitFromInlined))
|
|
return result.slowVersion();
|
|
return result;
|
|
};
|
|
|
|
if (status.stubInfo) {
|
|
PutByIdStatus result;
|
|
{
|
|
ConcurrentJSLocker locker(context->optimizedCodeBlock->m_lock);
|
|
result = computeForStubInfo(
|
|
locker, context->optimizedCodeBlock, status.stubInfo, uid, callExitSiteData);
|
|
}
|
|
if (result.isSet())
|
|
return bless(result);
|
|
}
|
|
|
|
if (status.putStatus)
|
|
return bless(*status.putStatus);
|
|
}
|
|
|
|
return computeFor(baselineBlock, baselineMap, bytecodeIndex, uid, didExit, callExitSiteData);
|
|
}
|
|
|
|
PutByIdStatus PutByIdStatus::computeFor(JSGlobalObject* globalObject, const StructureSet& set, UniquedStringImpl* uid, bool isDirect, PrivateFieldPutKind privateFieldPutKind)
|
|
{
|
|
if (parseIndex(*uid))
|
|
return PutByIdStatus(TakesSlowPath);
|
|
|
|
if (set.isEmpty())
|
|
return PutByIdStatus();
|
|
|
|
VM& vm = globalObject->vm();
|
|
PutByIdStatus result;
|
|
result.m_state = Simple;
|
|
for (unsigned i = 0; i < set.size(); ++i) {
|
|
Structure* structure = set[i];
|
|
|
|
if (structure->typeInfo().overridesGetOwnPropertySlot() && structure->typeInfo().type() != GlobalObjectType)
|
|
return PutByIdStatus(TakesSlowPath);
|
|
|
|
if (!structure->propertyAccessesAreCacheable())
|
|
return PutByIdStatus(TakesSlowPath);
|
|
|
|
unsigned attributes;
|
|
PropertyOffset offset = structure->getConcurrently(uid, attributes);
|
|
if (isValidOffset(offset)) {
|
|
// We can't have a valid offset for structures on `PutPrivateNameById` define mode
|
|
// since it means we are redefining a private field. In such case, we need to take
|
|
// slow path to throw exception.
|
|
if (privateFieldPutKind.isDefine())
|
|
return PutByIdStatus(TakesSlowPath);
|
|
|
|
if (attributes & PropertyAttribute::CustomAccessorOrValue)
|
|
return PutByIdStatus(MakesCalls);
|
|
|
|
if (attributes & (PropertyAttribute::Accessor | PropertyAttribute::ReadOnly))
|
|
return PutByIdStatus(TakesSlowPath);
|
|
|
|
WatchpointSet* replaceSet = structure->propertyReplacementWatchpointSet(offset);
|
|
if (!replaceSet || replaceSet->isStillValid()) {
|
|
// When this executes, it'll create, and fire, this replacement watchpoint set.
|
|
// That means that this has probably never executed or that something fishy is
|
|
// going on. Also, we cannot create or fire the watchpoint set from the concurrent
|
|
// JIT thread, so even if we wanted to do this, we'd need to have a lazy thingy.
|
|
// So, better leave this alone and take slow path.
|
|
return PutByIdStatus(TakesSlowPath);
|
|
}
|
|
|
|
PutByIdVariant variant =
|
|
PutByIdVariant::replace(structure, offset);
|
|
if (!result.appendVariant(variant))
|
|
return PutByIdStatus(TakesSlowPath);
|
|
continue;
|
|
}
|
|
|
|
// We can have a case with PutPrivateNameById in set mode and it
|
|
// should never cause a structure transition because it means we are
|
|
// trying to store in a not installed private field. We need to take
|
|
// slow path to throw excpetion if it ever gets executed.
|
|
if (privateFieldPutKind.isSet())
|
|
return PutByIdStatus(TakesSlowPath);
|
|
|
|
// Our hypothesis is that we're doing a transition. Before we prove that this is really
|
|
// true, we want to do some sanity checks.
|
|
|
|
// Don't cache put transitions on dictionaries.
|
|
if (structure->isDictionary())
|
|
return PutByIdStatus(TakesSlowPath);
|
|
|
|
// If the structure corresponds to something that isn't an object, then give up, since
|
|
// we don't want to be adding properties to strings.
|
|
if (!structure->typeInfo().isObject())
|
|
return PutByIdStatus(TakesSlowPath);
|
|
|
|
ObjectPropertyConditionSet conditionSet;
|
|
if (!isDirect) {
|
|
ASSERT(privateFieldPutKind.isNone());
|
|
conditionSet = generateConditionsForPropertySetterMissConcurrently(
|
|
vm, globalObject, structure, uid);
|
|
if (!conditionSet.isValid())
|
|
return PutByIdStatus(TakesSlowPath);
|
|
}
|
|
|
|
// We only optimize if there is already a structure that the transition is cached to.
|
|
Structure* transition =
|
|
Structure::addPropertyTransitionToExistingStructureConcurrently(structure, uid, 0, offset);
|
|
if (!transition)
|
|
return PutByIdStatus(TakesSlowPath);
|
|
ASSERT(isValidOffset(offset));
|
|
|
|
bool didAppend = result.appendVariant(
|
|
PutByIdVariant::transition(
|
|
structure, transition, conditionSet, offset));
|
|
if (!didAppend)
|
|
return PutByIdStatus(TakesSlowPath);
|
|
}
|
|
|
|
return result;
|
|
}
|
|
#endif
|
|
|
|
bool PutByIdStatus::makesCalls() const
|
|
{
|
|
if (m_state == MakesCalls)
|
|
return true;
|
|
|
|
if (m_state != Simple)
|
|
return false;
|
|
|
|
for (unsigned i = m_variants.size(); i--;) {
|
|
if (m_variants[i].makesCalls())
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
PutByIdStatus PutByIdStatus::slowVersion() const
|
|
{
|
|
return PutByIdStatus(makesCalls() ? MakesCalls : TakesSlowPath);
|
|
}
|
|
|
|
void PutByIdStatus::markIfCheap(SlotVisitor& visitor)
|
|
{
|
|
for (PutByIdVariant& variant : m_variants)
|
|
variant.markIfCheap(visitor);
|
|
}
|
|
|
|
bool PutByIdStatus::finalize(VM& vm)
|
|
{
|
|
for (PutByIdVariant& variant : m_variants) {
|
|
if (!variant.finalize(vm))
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
void PutByIdStatus::merge(const PutByIdStatus& other)
|
|
{
|
|
if (other.m_state == NoInformation)
|
|
return;
|
|
|
|
auto mergeSlow = [&] () {
|
|
*this = PutByIdStatus((makesCalls() || other.makesCalls()) ? MakesCalls : TakesSlowPath);
|
|
};
|
|
|
|
switch (m_state) {
|
|
case NoInformation:
|
|
*this = other;
|
|
return;
|
|
|
|
case Simple:
|
|
if (other.m_state != Simple)
|
|
return mergeSlow();
|
|
|
|
for (const PutByIdVariant& other : other.m_variants) {
|
|
if (!appendVariant(other))
|
|
return mergeSlow();
|
|
}
|
|
return;
|
|
|
|
case TakesSlowPath:
|
|
case MakesCalls:
|
|
return mergeSlow();
|
|
}
|
|
|
|
RELEASE_ASSERT_NOT_REACHED();
|
|
}
|
|
|
|
void PutByIdStatus::filter(const StructureSet& set)
|
|
{
|
|
if (m_state != Simple)
|
|
return;
|
|
filterICStatusVariants(m_variants, set);
|
|
for (PutByIdVariant& variant : m_variants)
|
|
variant.fixTransitionToReplaceIfNecessary();
|
|
if (m_variants.isEmpty())
|
|
m_state = NoInformation;
|
|
}
|
|
|
|
void PutByIdStatus::dump(PrintStream& out) const
|
|
{
|
|
switch (m_state) {
|
|
case NoInformation:
|
|
out.print("(NoInformation)");
|
|
return;
|
|
|
|
case Simple:
|
|
out.print("(", listDump(m_variants), ")");
|
|
return;
|
|
|
|
case TakesSlowPath:
|
|
out.print("(TakesSlowPath)");
|
|
return;
|
|
case MakesCalls:
|
|
out.print("(MakesCalls)");
|
|
return;
|
|
}
|
|
|
|
RELEASE_ASSERT_NOT_REACHED();
|
|
}
|
|
|
|
} // namespace JSC
|
|
|