Ignore:
Timestamp:
Feb 11, 2014, 9:42:32 PM (12 years ago)
Author:
[email protected]
Message:

Inserting a node with a codeOrigin "like" another node should copy both the codeOrigin and codeOriginForExitTarget
https://bugs.webkit.org/show_bug.cgi?id=128635

Reviewed by Michael Saboff.

Originally nodes just had a codeOrigin. But then we started doing code motion, and we
needed to separate the codeOrigin that designated where to exit from the codeOrigin
that designated everything else. The "everything else" is actually pretty important:
it includes profiling, exception handling, and the actual semantics of the node. For
example some nodes use the origin's global object in some way.

This all sort of worked except for one quirk: the facilities for creating nodes all
assumed that there really was only one origin. LICM would work around this by setting
the codeOriginForExitTarget manually. But, that means that:

  • If we did hoist a node twice, then the second time around, we would forget the node's original exit target.


  • If we did an insertNode() to insert a node before a hoisted node, the inserted node would have the wrong exit target.


Most of the time, if we copy the code origin, we actually want to copy both origins.
So, this patch introduces the notion of a NodeOrigin which has two CodeOrigins: a
forExit code origin that says where to exit, and a semantic code origin for everything
else.

This also (annoyingly?) means that we are always more explicit about which code origin
we refer to. That means that a lot of "node->codeOrigin" expressions had to change to
"node->origin.semantic". This was partly a ploy on my part to ensure that this
refactoring was complete: to get the code to compile I really had to audit all uses of
CodeOrigin. If, in the future, we find that "node->origin.semantic" is too cumbersome
then we can reintroduce the Node::codeOrigin field. For now I kinda like it though.

  • GNUmakefile.list.am:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::booleanResult):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGArgumentsSimplificationPhase.cpp:

(JSC::DFG::ArgumentsSimplificationPhase::run):
(JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
(JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
(JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):

  • dfg/DFGArrayMode.cpp:

(JSC::DFG::ArrayMode::originalArrayStructure):
(JSC::DFG::ArrayMode::alreadyChecked):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::addToGraph):

  • dfg/DFGCFGSimplificationPhase.cpp:

(JSC::DFG::CFGSimplificationPhase::run):
(JSC::DFG::CFGSimplificationPhase::convertToJump):
(JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
(JSC::DFG::CFGSimplificationPhase::jettisonBlock):
(JSC::DFG::CFGSimplificationPhase::mergeBlocks):

  • dfg/DFGCPSRethreadingPhase.cpp:

(JSC::DFG::CPSRethreadingPhase::addPhiSilently):
(JSC::DFG::CPSRethreadingPhase::addPhi):
(JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
(JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
(JSC::DFG::CPSRethreadingPhase::propagatePhis):

  • dfg/DFGCSEPhase.cpp:

(JSC::DFG::CSEPhase::setLocalStoreElimination):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGCommonData.cpp:

(JSC::DFG::CommonData::notifyCompilingStructureTransition):

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):
(JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):

  • dfg/DFGCriticalEdgeBreakingPhase.cpp:

(JSC::DFG::CriticalEdgeBreakingPhase::breakCriticalEdge):

  • dfg/DFGDCEPhase.cpp:

(JSC::DFG::DCEPhase::fixupBlock):

  • dfg/DFGDisassembler.cpp:

(JSC::DFG::Disassembler::createDumpList):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::createToString):
(JSC::DFG::FixupPhase::attemptToForceStringArrayModeByToStringConversion):
(JSC::DFG::FixupPhase::convertStringAddUse):
(JSC::DFG::FixupPhase::fixupToPrimitive):
(JSC::DFG::FixupPhase::fixupToString):
(JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
(JSC::DFG::FixupPhase::checkArray):
(JSC::DFG::FixupPhase::blessArrayOperation):
(JSC::DFG::FixupPhase::fixEdge):
(JSC::DFG::FixupPhase::insertStoreBarrier):
(JSC::DFG::FixupPhase::fixIntEdge):
(JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
(JSC::DFG::FixupPhase::truncateConstantToInt32):
(JSC::DFG::FixupPhase::attemptToMakeGetArrayLength):
(JSC::DFG::FixupPhase::attemptToMakeGetTypedArrayByteLength):
(JSC::DFG::FixupPhase::convertToGetArrayLength):
(JSC::DFG::FixupPhase::prependGetArrayLength):
(JSC::DFG::FixupPhase::attemptToMakeGetTypedArrayByteOffset):
(JSC::DFG::FixupPhase::addPhantomsIfNecessary):

  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::dumpCodeOrigin):
(JSC::DFG::Graph::amountOfNodeWhiteSpace):
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::dumpBlockHeader):

  • dfg/DFGGraph.h:

(JSC::DFG::Graph::hasExitSite):
(JSC::DFG::Graph::valueProfileFor):
(JSC::DFG::Graph::methodOfGettingAValueProfileFor):

  • dfg/DFGInvalidationPointInjectionPhase.cpp:

(JSC::DFG::InvalidationPointInjectionPhase::handle):
(JSC::DFG::InvalidationPointInjectionPhase::insertInvalidationCheck):

  • dfg/DFGLICMPhase.cpp:

(JSC::DFG::LICMPhase::attemptHoist):

  • dfg/DFGLoopPreHeaderCreationPhase.cpp:

(JSC::DFG::createPreHeader):

  • dfg/DFGNode.h:

(JSC::DFG::Node::Node):
(JSC::DFG::Node::isStronglyProvedConstantIn):

  • dfg/DFGNodeOrigin.h: Added.

(JSC::DFG::NodeOrigin::NodeOrigin):
(JSC::DFG::NodeOrigin::isSet):

  • dfg/DFGOSREntrypointCreationPhase.cpp:

(JSC::DFG::OSREntrypointCreationPhase::run):

  • dfg/DFGResurrectionForValidationPhase.cpp:

(JSC::DFG::ResurrectionForValidationPhase::run):

  • dfg/DFGSSAConversionPhase.cpp:

(JSC::DFG::SSAConversionPhase::run):

  • dfg/DFGSSALoweringPhase.cpp:

(JSC::DFG::SSALoweringPhase::handleNode):
(JSC::DFG::SSALoweringPhase::lowerBoundsCheck):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileIn):
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
(JSC::DFG::SpeculativeJIT::compileNewTypedArray):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::masqueradesAsUndefinedWatchpointIsStillValid):
(JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
(JSC::DFG::SpeculativeJIT::appendCallWithCallFrameRollbackOnException):
(JSC::DFG::SpeculativeJIT::appendCallSetResult):
(JSC::DFG::SpeculativeJIT::appendCall):
(JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGStrengthReductionPhase.cpp:

(JSC::DFG::StrengthReductionPhase::convertToIdentityOverChild):
(JSC::DFG::StrengthReductionPhase::prepareToFoldTypedArray):

  • dfg/DFGTierUpCheckInjectionPhase.cpp:

(JSC::DFG::TierUpCheckInjectionPhase::run):

  • dfg/DFGTypeCheckHoistingPhase.cpp:

(JSC::DFG::TypeCheckHoistingPhase::run):

  • dfg/DFGValidate.cpp:

(JSC::DFG::Validate::validateSSA):

  • dfg/DFGWatchpointCollectionPhase.cpp:

(JSC::DFG::WatchpointCollectionPhase::handle):
(JSC::DFG::WatchpointCollectionPhase::handleEdge):
(JSC::DFG::WatchpointCollectionPhase::handleMasqueradesAsUndefined):
(JSC::DFG::WatchpointCollectionPhase::globalObject):

  • ftl/FTLJSCall.cpp:

(JSC::FTL::JSCall::link):

  • ftl/FTLLink.cpp:

(JSC::FTL::link):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileToThis):
(JSC::FTL::LowerDFGToLLVM::compilePutById):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
(JSC::FTL::LowerDFGToLLVM::compileNewArray):
(JSC::FTL::LowerDFGToLLVM::compileNewArrayBuffer):
(JSC::FTL::LowerDFGToLLVM::compileNewArrayWithSize):
(JSC::FTL::LowerDFGToLLVM::compileStringCharAt):
(JSC::FTL::LowerDFGToLLVM::compileGetMyScope):
(JSC::FTL::LowerDFGToLLVM::compileCheckArgumentsNotCreated):
(JSC::FTL::LowerDFGToLLVM::getById):
(JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
(JSC::FTL::LowerDFGToLLVM::speculateStringObjectForStructure):
(JSC::FTL::LowerDFGToLLVM::masqueradesAsUndefinedWatchpointIsStillValid):
(JSC::FTL::LowerDFGToLLVM::callPreflight):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

    r163844 r163946  
    872872                string->tryGetValueImpl());
    873873           
    874             stubInfo->codeOrigin = node->codeOrigin;
     874            stubInfo->codeOrigin = node->origin.semantic;
    875875            stubInfo->patch.baseGPR = static_cast<int8_t>(baseGPR);
    876876            stubInfo->patch.valueGPR = static_cast<int8_t>(resultGPR);
     
    13911391        bool shouldExecuteEffects = m_interpreter.startExecuting(m_currentNode);
    13921392        m_jit.setForNode(m_currentNode);
    1393         m_codeOriginForExitTarget = m_currentNode->codeOriginForExitTarget;
    1394         m_codeOriginForExitProfile = m_currentNode->codeOrigin;
     1393        m_codeOriginForExitTarget = m_currentNode->origin.forExit;
     1394        m_codeOriginForExitProfile = m_currentNode->origin.semantic;
    13951395        if (!m_currentNode->shouldGenerate()) {
    13961396            switch (m_currentNode->op()) {
     
    14281428                    "SpeculativeJIT generating Node @%d (bc#%u) at JIT offset 0x%x",
    14291429                    (int)m_currentNode->index(),
    1430                     m_currentNode->codeOrigin.bytecodeIndex, m_jit.debugOffset());
     1430                    m_currentNode->origin.semantic.bytecodeIndex, m_jit.debugOffset());
    14311431                dataLog("\n");
    14321432            }
     
    17811781#endif
    17821782
    1783         JSGlobalObject* globalObject = m_jit.globalObjectFor(node->codeOrigin);
     1783        JSGlobalObject* globalObject = m_jit.globalObjectFor(node->origin.semantic);
    17841784        if (globalObject->stringPrototypeChainIsSane()) {
    17851785#if USE(JSVALUE64)
     
    44564456void SpeculativeJIT::compileNewTypedArray(Node* node)
    44574457{
    4458     JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node->codeOrigin);
     4458    JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node->origin.semantic);
    44594459    TypedArrayType type = node->typedArrayType();
    44604460    Structure* structure = globalObject->typedArrayStructure(type);
Note: See TracChangeset for help on using the changeset viewer.