Ignore:
Timestamp:
Oct 3, 2012, 9:03:14 PM (13 years ago)
Author:
[email protected]
Message:

Removed the assumption that "final" objects have a fixed number of inline slots
https://bugs.webkit.org/show_bug.cgi?id=98332

Reviewed by Filip Pizlo.

This is a step toward object size inference.

I replaced the inline storage capacity constant with a data member per
structure, set the the maximum supported value for the constant to 100,
then fixed what broke. (Note that even though this patch increases the
theoretical maximum inline capacity, it doesn't change any actual inline
capacity.)

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::compileGetDirectOffset): These functions just get a rename:
the constant they need is the first out of line offset along the offset
number line, which is not necessarily the same thing (and is, in this
patch, never the same thing) as the inline capacity of any given object.

(JSC::JIT::emit_op_get_by_pname):

  • jit/JITPropertyAccess32_64.cpp: This function changes functionality,

since it needs to convert from the abstract offset number line to an
actual offset in memory, and it can't assume that inline and out-of-line
offsets are contiguous on the number line.

(JSC::JIT::compileGetDirectOffset): Updated for rename.

(JSC::JIT::emit_op_get_by_pname): Same as emit_op_get_by_pname above.

  • llint/LowLevelInterpreter.asm: Updated to mirror changes in PropertyOffset.h,

since we duplicate values from there.

  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm: Just like the JIT, most things are just

renames, and get_by_pname changes to do more math. I also standardized
offset calculations to use a hard-coded "-2", to match the JIT. This
isn't really better, but it makes global search and replace easier,
should we choose to refactor this code not to hard-code constants.

I also renamed loadPropertyAtVariableOffsetKnownNotFinal to
loadPropertyAtVariableOffsetKnownNotInline in order to sever the assumption
that inline capacity is tied to object type, and I changed the 64bit LLInt
to use this -- not using this previously seems to have been an oversight.

  • runtime/JSObject.cpp:

(JSC::JSObject::visitChildren):
(JSC::JSFinalObject::visitChildren):

  • runtime/JSObject.h:

(JSC::JSObject::offsetForLocation):
(JSNonFinalObject):
(JSC::JSFinalObject::createStructure):
(JSFinalObject):
(JSC::JSFinalObject::finishCreation): Updated for above changes.

  • runtime/JSPropertyNameIterator.h:

(JSPropertyNameIterator):
(JSC::JSPropertyNameIterator::finishCreation): Store the inline capacity
of our object, since it's not a constant.

(JSC::JSPropertyNameIterator::getOffset): Removed. This function was
wrong. Luckily, it was also unused, since the C++ interpreter is gone.

  • runtime/PropertyMapHashTable.h:

(PropertyTable): Use a helper function instead of hard-coding assumptions
about object types.

(JSC::PropertyTable::nextOffset):

  • runtime/PropertyOffset.h:

(JSC):
(JSC::checkOffset):
(JSC::validateOffset):
(JSC::isInlineOffset):
(JSC::numberOfSlotsForLastOffset):
(JSC::propertyOffsetFor): Refactored these functions to take inline capacity
as an argument, since it's not fixed at compile time anymore.

  • runtime/Structure.cpp:

(JSC::Structure::Structure):
(JSC::Structure::flattenDictionaryStructure):
(JSC::Structure::putSpecificValue):

  • runtime/Structure.h:

(Structure):
(JSC::Structure::outOfLineCapacity):
(JSC::Structure::hasInlineStorage):
(JSC::Structure::inlineCapacity):
(JSC::Structure::inlineSize):
(JSC::Structure::firstValidOffset):
(JSC::Structure::lastValidOffset):
(JSC::Structure::create): Removed some hard-coded assumptions about inline
capacity and object type, and replaced with more liberal use of helper functions.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

    r129713 r130359  
    797797
    798798
    799 macro loadPropertyAtVariableOffsetKnownNotFinal(propertyOffsetAsPointer, objectAndStorage, value)
    800     assert(macro (ok) bigteq propertyOffsetAsPointer, InlineStorageCapacity, ok end)
     799macro loadPropertyAtVariableOffsetKnownNotInline(propertyOffsetAsPointer, objectAndStorage, value)
     800    assert(macro (ok) bigteq propertyOffsetAsPointer, firstOutOfLineOffset, ok end)
    801801    negp propertyOffsetAsPointer
    802802    loadp JSObject::m_butterfly[objectAndStorage], objectAndStorage
    803     loadp (InlineStorageCapacity - 1) * 8 - sizeof IndexingHeader[objectAndStorage, propertyOffsetAsPointer, 8], value
     803    loadp (firstOutOfLineOffset - 2) * 8[objectAndStorage, propertyOffsetAsPointer, 8], value
    804804end
    805805
    806806macro loadPropertyAtVariableOffset(propertyOffsetAsInt, objectAndStorage, value)
    807     bilt propertyOffsetAsInt, InlineStorageCapacity, .isInline
     807    bilt propertyOffsetAsInt, firstOutOfLineOffset, .isInline
    808808    loadp JSObject::m_butterfly[objectAndStorage], objectAndStorage
    809809    negi propertyOffsetAsInt
     
    811811    jmp .ready
    812812.isInline:
    813     addp JSFinalObject::m_inlineStorage - (InlineStorageCapacity - 1) * 8 + sizeof IndexingHeader, objectAndStorage
     813    addp JSFinalObject::m_inlineStorage - (firstOutOfLineOffset - 2) * 8, objectAndStorage
    814814.ready:
    815     loadp (InlineStorageCapacity - 1) * 8 - sizeof IndexingHeader[objectAndStorage, propertyOffsetAsInt, 8], value
     815    loadp (firstOutOfLineOffset - 2) * 8[objectAndStorage, propertyOffsetAsInt, 8], value
    816816end
    817817
     
    827827    bpneq t1, 24[PB, PC, 8], slow
    828828    loadis 32[PB, PC, 8], t1
    829     loadPropertyAtVariableOffset(t1, t0, t2)
     829    loadPropertyAtVariableOffsetKnownNotInline(t1, t0, t2)
    830830    loadis 8[PB, PC, 8], t0
    831831    storep t2, [cfr, t0, 8]
     
    12091209    subi 1, t3
    12101210    biaeq t3, JSPropertyNameIterator::m_numCacheableSlots[t1], .opGetByPnameSlow
    1211     addi JSPropertyNameIterator::m_offsetBase[t1], t3
     1211    bilt t3, JSPropertyNameIterator::m_cachedStructureInlineCapacity[t1], .opGetByPnameInlineProperty
     1212    addi firstOutOfLineOffset, t3
     1213    subi JSPropertyNameIterator::m_cachedStructureInlineCapacity[t1], t3
     1214.opGetByPnameInlineProperty:
    12121215    loadPropertyAtVariableOffset(t3, t0, t0)
    12131216    loadis 8[PB, PC, 8], t1
Note: See TracChangeset for help on using the changeset viewer.