Changeset 222891 in webkit for trunk/Source/JavaScriptCore/bytecode/AccessCase.cpp

Timestamp:

Oct 4, 2017, 7:47:59 PM (8 years ago)

Author:

[email protected]

Message:

Make pertinent AccessCases watch the poly proto watchpoint
​https://bugs.webkit.org/show_bug.cgi?id=177765

Reviewed by Keith Miller.

JSTests:

• microbenchmarks/poly-proto-and-non-poly-proto-same-ic.js: Added.

(assert):
(foo.C):
(foo):
(validate):

• stress/poly-proto-clear-stub.js: Added.

(assert):
(foo.C):
(foo):

Source/JavaScriptCore:

This patch makes it so that stubs that encounter a structure with a
valid poly proto watchpoint will watch the poly proto watchpoint. This
ensures that if the watchpoint is fired, the stub will be cleared
and have a chance to regenerate. In an ideal world, this will lead
to the stub generating better code since it may never encounter the
non-poly proto structure again.

This patch also fixes a bug in the original poly proto code where
I accidentally had a condition inverted. The bad code caused a
stub that continually cached two structures which are structurally
equivalent but with different prototype objects to always clear itself.
The code should have been written differently. It should have only
cleared if the poly proto watchpoint *was not* fired. The code
accidentally cleared only if stub *was* fired.

• bytecode/AccessCase.cpp:

(JSC::AccessCase::commit):

• bytecode/PolymorphicAccess.cpp:

(JSC::PolymorphicAccess::addCases):
(WTF::printInternal):

• bytecode/PolymorphicAccess.h:

(JSC::AccessGenerationResult::shouldResetStubAndFireWatchpoints const):
(JSC::AccessGenerationResult::addWatchpointToFire):
(JSC::AccessGenerationResult::fireWatchpoints):
(JSC::AccessGenerationResult::shouldResetStub const): Deleted.

• bytecode/StructureStubInfo.cpp:

(JSC::StructureStubInfo::addAccessCase):
(JSC::StructureStubInfo::reset):

• bytecode/Watchpoint.h:

(JSC::InlineWatchpointSet::inflate):

• jit/Repatch.cpp:

(JSC::fireWatchpointsAndClearStubIfNeeded):
(JSC::tryCacheGetByID):
(JSC::repatchGetByID):
(JSC::tryCachePutByID):
(JSC::repatchPutByID):
(JSC::tryCacheIn):
(JSC::repatchIn):
(JSC::tryRepatchIn): Deleted.

File:

• trunk/Source/JavaScriptCore/bytecode/AccessCase.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/bytecode/AccessCase.cpp

@@ -137 +137 @@
 
     Vector<WatchpointSet*, 2> result;
-
-    if ((structure() && structure()->needImpurePropertyWatchpoint())
+    Structure* structure = this->structure();
+
+    if ((structure && structure->needImpurePropertyWatchpoint())
         || m_conditionSet.needImpurePropertyWatchpoint()
         || (m_polyProtoAccessChain && m_polyProtoAccessChain->needImpurePropertyWatchpoint()))
@@ -145 +146 @@
     if (additionalSet())
         result.append(additionalSet());
+
+    if (structure
+        && structure->hasRareData()
+        && structure->rareData()->hasSharedPolyProtoWatchpoint()
+        && structure->rareData()->sharedPolyProtoWatchpoint()->isStillValid()) {
+        WatchpointSet* set = structure->rareData()->sharedPolyProtoWatchpoint()->inflate();
+        result.append(set);
+    }
 
     m_state = Committed;