Ignore:
Timestamp:
Jun 15, 2012, 3:14:53 PM (13 years ago)
Author:
[email protected]
Message:

DFG should be able to set watchpoints on structure transitions in the
method check prototype chain
https://bugs.webkit.org/show_bug.cgi?id=89058

Source/JavaScriptCore:

Reviewed by Gavin Barraclough.

This adds the ability to set watchpoints on Structures, and then does
the most modest thing we can do with this ability: the DFG now sets
watchpoints on structure transitions in the prototype chain of method
checks.

This appears to be a >1% speed-up on V8.

  • bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::computeFromLLInt):
(JSC::PutByIdStatus::computeFor):

  • bytecode/StructureSet.h:

(JSC::StructureSet::containsOnly):
(StructureSet):

  • bytecode/Watchpoint.cpp:

(JSC::WatchpointSet::WatchpointSet):
(JSC::InlineWatchpointSet::add):
(JSC):
(JSC::InlineWatchpointSet::inflateSlow):
(JSC::InlineWatchpointSet::freeFat):

  • bytecode/Watchpoint.h:

(WatchpointSet):
(JSC):
(InlineWatchpointSet):
(JSC::InlineWatchpointSet::InlineWatchpointSet):
(JSC::InlineWatchpointSet::~InlineWatchpointSet):
(JSC::InlineWatchpointSet::hasBeenInvalidated):
(JSC::InlineWatchpointSet::isStillValid):
(JSC::InlineWatchpointSet::startWatching):
(JSC::InlineWatchpointSet::notifyWrite):
(JSC::InlineWatchpointSet::isFat):
(JSC::InlineWatchpointSet::fat):
(JSC::InlineWatchpointSet::inflate):

  • dfg/DFGAbstractState.cpp:

(JSC::DFG::AbstractState::execute):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
(ByteCodeParser):
(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCSEPhase.cpp:

(JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
(CSEPhase):
(JSC::DFG::CSEPhase::performNodeCSE):

  • dfg/DFGCommon.h:
  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::dump):

  • dfg/DFGGraph.h:

(JSC::DFG::Graph::isCellConstant):

  • dfg/DFGJITCompiler.h:

(JSC::DFG::JITCompiler::addWeakReferences):
(JITCompiler):

  • dfg/DFGNode.h:

(JSC::DFG::Node::hasStructure):
(Node):
(JSC::DFG::Node::structure):

  • dfg/DFGNodeType.h:

(DFG):

  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGRepatch.cpp:

(JSC::DFG::emitPutTransitionStub):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • jit/JITStubs.cpp:

(JSC::JITThunks::tryCachePutByID):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • runtime/Structure.cpp:

(JSC::Structure::Structure):

  • runtime/Structure.h:

(JSC::Structure::transitionWatchpointSetHasBeenInvalidated):
(Structure):
(JSC::Structure::transitionWatchpointSetIsStillValid):
(JSC::Structure::addTransitionWatchpoint):
(JSC::Structure::notifyTransitionFromThisStructure):
(JSC::JSCell::setStructure):

  • runtime/SymbolTable.cpp:

(JSC::SymbolTableEntry::attemptToWatch):

LayoutTests:

Rubber stamped by Gavin Barraclough.

  • fast/js/dfg-call-method-hit-watchpoint-expected.txt: Added.
  • fast/js/dfg-call-method-hit-watchpoint.html: Added.
  • fast/js/script-tests/dfg-call-method-hit-watchpoint.js: Added.

(Thingy):
(Thingy.prototype.foo):
(callFoo):
(.Thingy.prototype.foo):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

    r120244 r120499  
    34713471    }
    34723472       
     3473    case StructureTransitionWatchpoint: {
     3474        m_jit.addWeakReference(node.structure());
     3475        node.structure()->addTransitionWatchpoint(speculationWatchpoint());
     3476
     3477#if !ASSERT_DISABLED
     3478        SpeculateCellOperand op1(this, node.child1());
     3479        JITCompiler::Jump isOK = m_jit.branchPtr(JITCompiler::Equal, JITCompiler::Address(op1.gpr(), JSCell::structureOffset()), TrustedImmPtr(node.structure()));
     3480        m_jit.breakpoint();
     3481        isOK.link(&m_jit);
     3482#endif
     3483       
     3484        noResult(m_compileIndex);
     3485        break;
     3486    }
     3487       
    34733488    case PhantomPutStructure: {
     3489        ASSERT(node.structureTransitionData().previousStructure->transitionWatchpointSetHasBeenInvalidated());
    34743490        m_jit.addWeakReferenceTransition(
    34753491            node.codeOrigin.codeOriginOwner(),
     
    34813497       
    34823498    case PutStructure: {
     3499        ASSERT(node.structureTransitionData().previousStructure->transitionWatchpointSetHasBeenInvalidated());
     3500
    34833501        SpeculateCellOperand base(this, node.child1());
    34843502        GPRReg baseGPR = base.gpr();
Note: See TracChangeset for help on using the changeset viewer.