Changeset 153282 in webkit for trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreter.h

Timestamp:

Jul 24, 2013, 9:05:03 PM (12 years ago)

Author:

[email protected]

Message:

fourthTier: Decouple the way that CFA stores its state from the way it does abstract interpretation
​https://bugs.webkit.org/show_bug.cgi?id=118835

Reviewed by Oliver Hunt.

This separates AbstractState into two things:

• InPlaceAbstractState, which can tell you the abstract state of anything you might care about, and uses the old AbstractState's algorithms and data structures for doing so.

• AbstractInterpreter<AbstractStateType>, which can execute a DFG::Node* with respect to an AbstractStateType. Currently we always use AbstractStateType = InPlaceAbstractState. But we could drop in an other class that supports basic primitives like forNode() and variables().

This is important because:

• We want to hoist things out of loops.

• We don't know what things rely on what type checks.

• We only want to hoist type checks out of loops if they aren't clobbered.

• We may want to still hoist things that depended on those type checks, if it's safe to do those things based on the CFA state at the tail of the loop pre-header.

• We don't want things to rely on their type checks by way of a token, because that's just weird.

So, we want to be able to have a special form of the CFA that can
incrementally update a basic block's state-at-tail, and we want to be able to
do this for multiple blocks simultaneously. This requires *not* storing the
per-node state in the nodes themselves, but instead using the at-tail HashMap
directly.

Hence we need to have a way of making the abstract interpreter (i.e.
AbstractState::execute) polymorphic with respect to state representation. Put
another way, we need to separate the way that abstract state is represented
from the way DFG IR is abstractly interpreted.

• JavaScriptCore.xcodeproj/project.pbxproj:
• dfg/DFGAbstractInterpreter.h: Added.

(DFG):
(AbstractInterpreter):
(JSC::DFG::AbstractInterpreter::forNode):
(JSC::DFG::AbstractInterpreter::variables):
(JSC::DFG::AbstractInterpreter::needsTypeCheck):
(JSC::DFG::AbstractInterpreter::filterEdgeByUse):
(JSC::DFG::AbstractInterpreter::filter):
(JSC::DFG::AbstractInterpreter::filterArrayModes):
(JSC::DFG::AbstractInterpreter::filterByValue):
(JSC::DFG::AbstractInterpreter::trySetConstant):
(JSC::DFG::AbstractInterpreter::filterByType):

• dfg/DFGAbstractInterpreterInlines.h: Added.

(DFG):
(JSC::DFG::::AbstractInterpreter):
(JSC::DFG::::~AbstractInterpreter):
(JSC::DFG::::booleanResult):
(JSC::DFG::::startExecuting):
(JSC::DFG::::executeEdges):
(JSC::DFG::::verifyEdge):
(JSC::DFG::::verifyEdges):
(JSC::DFG::::executeEffects):
(JSC::DFG::::execute):
(JSC::DFG::::clobberWorld):
(JSC::DFG::::clobberCapturedVars):
(JSC::DFG::::clobberStructures):
(JSC::DFG::::dump):
(JSC::DFG::::filter):
(JSC::DFG::::filterArrayModes):
(JSC::DFG::::filterByValue):

• dfg/DFGAbstractState.cpp: Removed.
• dfg/DFGAbstractState.h: Removed.
• dfg/DFGArgumentsSimplificationPhase.cpp:
• dfg/DFGCFAPhase.cpp:

(JSC::DFG::CFAPhase::CFAPhase):
(JSC::DFG::CFAPhase::performBlockCFA):
(CFAPhase):

• dfg/DFGCFGSimplificationPhase.cpp:
• dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::ConstantFoldingPhase):
(JSC::DFG::ConstantFoldingPhase::foldConstants):
(ConstantFoldingPhase):

• dfg/DFGInPlaceAbstractState.cpp: Added.

(DFG):
(JSC::DFG::InPlaceAbstractState::InPlaceAbstractState):
(JSC::DFG::InPlaceAbstractState::~InPlaceAbstractState):
(JSC::DFG::InPlaceAbstractState::beginBasicBlock):
(JSC::DFG::setLiveValues):
(JSC::DFG::InPlaceAbstractState::initialize):
(JSC::DFG::InPlaceAbstractState::endBasicBlock):
(JSC::DFG::InPlaceAbstractState::reset):
(JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
(JSC::DFG::InPlaceAbstractState::merge):
(JSC::DFG::InPlaceAbstractState::mergeToSuccessors):
(JSC::DFG::InPlaceAbstractState::mergeVariableBetweenBlocks):

• dfg/DFGInPlaceAbstractState.h: Added.

(DFG):
(InPlaceAbstractState):
(JSC::DFG::InPlaceAbstractState::forNode):
(JSC::DFG::InPlaceAbstractState::variables):
(JSC::DFG::InPlaceAbstractState::block):
(JSC::DFG::InPlaceAbstractState::didClobber):
(JSC::DFG::InPlaceAbstractState::isValid):
(JSC::DFG::InPlaceAbstractState::setDidClobber):
(JSC::DFG::InPlaceAbstractState::setIsValid):
(JSC::DFG::InPlaceAbstractState::setBranchDirection):
(JSC::DFG::InPlaceAbstractState::setFoundConstants):
(JSC::DFG::InPlaceAbstractState::haveStructures):
(JSC::DFG::InPlaceAbstractState::setHaveStructures):

• dfg/DFGMergeMode.h: Added.

(DFG):

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
(JSC::DFG::SpeculativeJIT::backwardTypeCheck):
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::compileToStringOnCell):
(JSC::DFG::SpeculativeJIT::speculateStringIdentAndLoadStorage):
(JSC::DFG::SpeculativeJIT::speculateStringObject):
(JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):

• dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::needsTypeCheck):
(SpeculativeJIT):

• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):

• ftl/FTLLowerDFGToLLVM.cpp:

(FTL):
(JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::appendTypeCheck):
(JSC::FTL::LowerDFGToLLVM::speculate):
(JSC::FTL::LowerDFGToLLVM::speculateNumber):
(JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
(LowerDFGToLLVM):

Conflicts:

Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

File:

• trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreter.h (moved) (moved from trunk/Source/JavaScriptCore/dfg/DFGAbstractState.h ) (9 diffs)

trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreter.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2011, 2012, 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -24 +24 @@
  */
 
-#ifndef DFGAbstractState_h
-#define DFGAbstractState_h
+#ifndef DFGAbstractInterpreter_h
+#define DFGAbstractInterpreter_h
 
 #include <wtf/Platform.h>
@@ -35 +35 @@
 #include "DFGGraph.h"
 #include "DFGNode.h"
-#include <wtf/Vector.h>
-
-namespace JSC {
-
-class CodeBlock;
-
-namespace DFG {
-
-struct BasicBlock;
-
-// This implements the notion of an abstract state for flow-sensitive intraprocedural
-// control flow analysis (CFA), with a focus on the elimination of redundant type checks.
-// It also implements most of the mechanisms of abstract interpretation that such an
-// analysis would use. This class should be used in two idioms:
-//
-// 1) Performing the CFA. In this case, AbstractState should be run over all basic
-//    blocks repeatedly until convergence is reached. Convergence is defined by
-//    endBasicBlock(AbstractState::MergeToSuccessors) returning false for all blocks.
-//
-// 2) Rematerializing the results of a previously executed CFA. In this case,
-//    AbstractState should be run over whatever basic block you're interested in up
-//    to the point of the node at which you'd like to interrogate the known type
-//    of all other nodes. At this point it's safe to discard the AbstractState entirely,
-//    call reset(), or to run it to the end of the basic block and call
-//    endBasicBlock(AbstractState::DontMerge). The latter option is safest because
-//    it performs some useful integrity checks.
-//
-// After the CFA is run, the inter-block state is saved at the heads and tails of all
-// basic blocks. This allows the intra-block state to be rematerialized by just
-// executing the CFA for that block. If you need to know inter-block state only, then
-// you only need to examine the BasicBlock::m_valuesAtHead or m_valuesAtTail fields.
-//
-// Running this analysis involves the following, modulo the inter-block state
-// merging and convergence fixpoint:
-//
-// AbstractState state(codeBlock, graph);
-// state.beginBasicBlock(basicBlock);
-// bool endReached = true;
-// for (unsigned i = 0; i < basicBlock->size(); ++i) {
-//     if (!state.execute(i))
-//         break;
-// }
-// bool result = state.endBasicBlock(<either Merge or DontMerge>);
-
-class AbstractState {
+
+namespace JSC { namespace DFG {
+
+template<typename AbstractStateType>
+class AbstractInterpreter {
 public:
-    enum MergeMode {
-        // Don't merge the state in AbstractState with basic blocks.
-        DontMerge,
-        
-        // Merge the state in AbstractState with the tail of the basic
-        // block being analyzed.
-        MergeToTail,
-        
-        // Merge the state in AbstractState with the tail of the basic
-        // block, and with the heads of successor blocks.
-        MergeToSuccessors
-    };
-    
-    AbstractState(Graph&);
-    
-    ~AbstractState();
+    AbstractInterpreter(Graph&, AbstractStateType& state);
+    ~AbstractInterpreter();
     
     AbstractValue& forNode(Node* node)
     {
-        return node->value;
+        return m_state.forNode(node);
     }
     
@@ -110 +56 @@
     Operands<AbstractValue>& variables()
     {
-        return m_variables;
+        return m_state.variables();
     }
     
@@ -127 +73 @@
         return needsTypeCheck(edge, typeFilterFor(edge.useKind()));
     }
-    
-    // Call this before beginning CFA to initialize the abstract values of
-    // arguments, and to indicate which blocks should be listed for CFA
-    // execution.
-    void initialize();
-
-    // Start abstractly executing the given basic block. Initializes the
-    // notion of abstract state to what we believe it to be at the head
-    // of the basic block, according to the basic block's data structures.
-    // This method also sets cfaShouldRevisit to false.
-    void beginBasicBlock(BasicBlock*);
-    
-    // Finish abstractly executing a basic block. If MergeToTail or
-    // MergeToSuccessors is passed, then this merges everything we have
-    // learned about how the state changes during this block's execution into
-    // the block's data structures. There are three return modes, depending
-    // on the value of mergeMode:
-    //
-    // DontMerge:
-    //    Always returns false.
-    //
-    // MergeToTail:
-    //    Returns true if the state of the block at the tail was changed.
-    //    This means that you must call mergeToSuccessors(), and if that
-    //    returns true, then you must revisit (at least) the successor
-    //    blocks. False will always be returned if the block is terminal
-    //    (i.e. ends in Throw or Return, or has a ForceOSRExit inside it).
-    //
-    // MergeToSuccessors:
-    //    Returns true if the state of the block at the tail was changed,
-    //    and, if the state at the heads of successors was changed.
-    //    A true return means that you must revisit (at least) the successor
-    //    blocks. This also sets cfaShouldRevisit to true for basic blocks
-    //    that must be visited next.
-    bool endBasicBlock(MergeMode);
-    
-    // Reset the AbstractState. This throws away any results, and at this point
-    // you can safely call beginBasicBlock() on any basic block.
-    void reset();
     
     // Abstractly executes the given node. The new abstract state is stored into an
@@ -210 +117 @@
     bool executeEffects(unsigned indexInBlock, Node*);
     
-    // Did the last executed node clobber the world?
-    bool didClobber() const { return m_didClobber; }
-    
-    // Is the execution state still valid? This will be false if execute() has
-    // returned false previously.
-    bool isValid() const { return m_isValid; }
-    
-    // Merge the abstract state stored at the first block's tail into the second
-    // block's head. Returns true if the second block's state changed. If so,
-    // that block must be abstractly interpreted again. This also sets
-    // to->cfaShouldRevisit to true, if it returns true, or if to has not been
-    // visited yet.
-    bool merge(BasicBlock* from, BasicBlock* to);
-    
-    // Merge the abstract state stored at the block's tail into all of its
-    // successors. Returns true if any of the successors' states changed. Note
-    // that this is automatically called in endBasicBlock() if MergeMode is
-    // MergeToSuccessors.
-    bool mergeToSuccessors(BasicBlock*);
-    
     void dump(PrintStream& out);
     
@@ -265 +152 @@
     void clobberCapturedVars(const CodeOrigin&);
     void clobberStructures(unsigned indexInBlock);
-    
-    bool mergeStateAtTail(AbstractValue& destination, AbstractValue& inVariable, Node*);
-    
-    static bool mergeVariableBetweenBlocks(AbstractValue& destination, AbstractValue& source, Node* destinationNode, Node* sourceNode);
     
     enum BooleanResult {
@@ -311 +194 @@
     CodeBlock* m_codeBlock;
     Graph& m_graph;
-    
-    Operands<AbstractValue> m_variables;
-    BasicBlock* m_block;
-    
-    bool m_haveStructures;
-    bool m_foundConstants;
-    
-    bool m_isValid;
-    bool m_didClobber;
-    
-    BranchDirection m_branchDirection; // This is only set for blocks that end in Branch and that execute to completion (i.e. m_isValid == true).
+    AbstractStateType& m_state;
 };
 
@@ -328 +201 @@
 #endif // ENABLE(DFG_JIT)
 
-#endif // DFGAbstractState_h
-
+#endif // DFGAbstractInterpreter_h
+