Context Navigation

-              r223523
+              r223584
         break;
+    }
-    case GetPrototypeOf: {
-        AbstractValue& value = forNode(node->child1());
-        if ((value.m_type && !(value.m_type & ~SpecObject)) && value.m_structure.isFinite()) {
-            bool canFold = !value.m_structure.isClear();
-            JSValue prototype;
-            value.m_structure.forEach([&] (RegisteredStructure structure) {
-                auto getPrototypeMethod = structure->classInfo()->methodTable.getPrototype;
-                MethodTable::GetPrototypeFunctionPtr defaultGetPrototype = JSObject::getPrototype;
-                if (getPrototypeMethod != defaultGetPrototype) {
-                    canFold = false;
-                    return;
+                }
-                if (structure->hasPolyProto()) {
-                    canFold = false;
-                    return;
+                }
-                if (!prototype)
-                    prototype = structure->storedPrototype();
-                else if (prototype != structure->storedPrototype())
-                    canFold = false;
-            });
-            if (prototype && canFold) {
-                setConstant(node, *m_graph.freeze(prototype));
-                break;
+            }
+        }
-        switch (node->child1().useKind()) {
-        case ArrayUse:
-        case FunctionUse:
-        case FinalObjectUse:
-            break;
-        default:
-            clobberWorld(node->origin.semantic, clobberLimit);
-            break;
+        }
-        forNode(node).setType(m_graph, SpecObject | SpecOther);
-        break;
+    }
     case GetByOffset: {

trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

-              r223523
+              r223584
     bool handleDOMJITCall(Node* callee, int resultOperand, const DOMJIT::Signature*, int registerOffset, int argumentCountIncludingThis, SpeculatedType prediction, const ChecksFunctor& insertChecks);
     template<typename ChecksFunctor>
     bool handleIntrinsicGetter(int resultOperand, SpeculatedType prediction, const GetByIdVariant& intrinsicVariant, Node* thisNode, const ChecksFunctor& insertChecks);
+    bool handleIntrinsicGetter(int resultOperand, const GetByIdVariant& intrinsicVariant, Node* thisNode, const ChecksFunctor& insertChecks);
     template<typename ChecksFunctor>
     bool handleTypedArrayConstructor(int resultOperand, InternalFunction*, int registerOffset, int argumentCountIncludingThis, TypedArrayType, const ChecksFunctor& insertChecks);
 …
+    }
-    case ObjectGetPrototypeOfIntrinsic: {
-        if (argumentCountIncludingThis != 2)
-            return false;
-        insertChecks();
-        set(VirtualRegister(resultOperand), addToGraph(GetPrototypeOf, OpInfo(0), OpInfo(prediction), get(virtualRegisterForArgument(1, registerOffset))));
-        return true;
+    }
-    case ReflectGetPrototypeOfIntrinsic: {
-        if (argumentCountIncludingThis != 2)
-            return false;
-        insertChecks();
-        set(VirtualRegister(resultOperand), addToGraph(GetPrototypeOf, OpInfo(0), OpInfo(prediction), Edge(get(virtualRegisterForArgument(1, registerOffset)), ObjectUse)));
-        return true;
+    }
     case IsTypedArrayViewIntrinsic: {
         ASSERT(argumentCountIncludingThis == 2);
 …
 template<typename ChecksFunctor>
 bool ByteCodeParser::handleIntrinsicGetter(int resultOperand, SpeculatedType prediction, const GetByIdVariant& variant, Node* thisNode, const ChecksFunctor& insertChecks)
+bool ByteCodeParser::handleIntrinsicGetter(int resultOperand, const GetByIdVariant& variant, Node* thisNode, const ChecksFunctor& insertChecks)
+{
     switch (variant.intrinsic()) {
 …
         set(VirtualRegister(resultOperand), addToGraph(GetTypedArrayByteOffset, OpInfo(ArrayMode(arrayType).asWord()), thisNode));
-        return true;
+    }
-    case UnderscoreProtoIntrinsic: {
-        insertChecks();
-        bool canFold = !variant.structureSet().isEmpty();
-        JSValue prototype;
-        variant.structureSet().forEach([&] (Structure* structure) {
-            auto getPrototypeMethod = structure->classInfo()->methodTable.getPrototype;
-            MethodTable::GetPrototypeFunctionPtr defaultGetPrototype = JSObject::getPrototype;
-            if (getPrototypeMethod != defaultGetPrototype) {
-                canFold = false;
-                return;
+            }
-            if (structure->hasPolyProto()) {
-                canFold = false;
-                return;
+            }
-            if (!prototype)
-                prototype = structure->storedPrototype();
-            else if (prototype != structure->storedPrototype())
-                canFold = false;
-        });
-        // OK, only one prototype is found. We perform constant folding here.
-        // This information is important for super's constructor call to get new.target constant.
-        if (prototype && canFold) {
-            set(VirtualRegister(resultOperand), weakJSConstant(prototype));
-            return true;
+        }
-        set(VirtualRegister(resultOperand), addToGraph(GetPrototypeOf, OpInfo(0), OpInfo(prediction), thisNode));
         return true;
+    }
 …
     Node* getter = addToGraph(GetGetter, loadedValue);
     if (handleIntrinsicGetter(destinationOperand, prediction, variant, base,
+    if (handleIntrinsicGetter(destinationOperand, variant, base,
             [&] () {
                 addToGraph(CheckCell, OpInfo(m_graph.freeze(variant.intrinsicFunction())), getter);

trunk/Source/JavaScriptCore/dfg/DFGClobberize.h

-              r223523
+              r223584
         def(HeapLocation(TypedArrayByteOffsetLoc, MiscFields, node->child1()), LazyNode(node));
         return;
-    case GetPrototypeOf: {
-        switch (node->child1().useKind()) {
-        case ArrayUse:
-        case FunctionUse:
-        case FinalObjectUse:
-            read(JSCell_structureID);
-            read(JSObject_butterfly);
-            read(NamedProperties); // Poly proto could load prototype from its slot.
-            def(HeapLocation(PrototypeLoc, NamedProperties, node->child1()), LazyNode(node));
-            return;
-        default:
-            read(World);
-            write(Heap);
-            return;
+        }
+    }
     case GetByOffset:

trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp

r223523	r223584
239	239	case StringCharCodeAt:
240	240	case GetTypedArrayByteOffset:
241		~~case GetPrototypeOf:~~
242	241	case PutByValDirect:
243	242	case PutByVal:

trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp

-              r223523
+              r223584
             fixEdge<Int32Use>(node->child1());
             fixEdge<Int32Use>(node->child2());
-            break;
+        }
-        case GetPrototypeOf: {
-            fixupGetPrototypeOf(node);
             break;
+        }
 …
+    }
-    void fixupGetPrototypeOf(Node* node)
+    {
-        // Reflect.getPrototypeOf only accepts Objects. For Reflect.getPrototypeOf, ByteCodeParser attaches ObjectUse edge filter before fixup phase.
-        if (node->child1().useKind() != ObjectUse) {
-            if (node->child1()->shouldSpeculateString()) {
-                insertCheck<StringUse>(node->child1().node());
-                m_graph.convertToConstant(node, m_graph.freeze(m_graph.globalObjectFor(node->origin.semantic)->stringPrototype()));
-                return;
+            }
-            if (node->child1()->shouldSpeculateInt32()) {
-                insertCheck<Int32Use>(node->child1().node());
-                m_graph.convertToConstant(node, m_graph.freeze(m_graph.globalObjectFor(node->origin.semantic)->numberPrototype()));
-                return;
+            }
-            if (enableInt52() && node->child1()->shouldSpeculateAnyInt()) {
-                insertCheck<Int52RepUse>(node->child1().node());
-                m_graph.convertToConstant(node, m_graph.freeze(m_graph.globalObjectFor(node->origin.semantic)->numberPrototype()));
-                return;
+            }
-            if (node->child1()->shouldSpeculateNumber()) {
-                insertCheck<NumberUse>(node->child1().node());
-                m_graph.convertToConstant(node, m_graph.freeze(m_graph.globalObjectFor(node->origin.semantic)->numberPrototype()));
-                return;
+            }
-            if (node->child1()->shouldSpeculateSymbol()) {
-                insertCheck<SymbolUse>(node->child1().node());
-                m_graph.convertToConstant(node, m_graph.freeze(m_graph.globalObjectFor(node->origin.semantic)->symbolPrototype()));
-                return;
+            }
-            if (node->child1()->shouldSpeculateBoolean()) {
-                insertCheck<BooleanUse>(node->child1().node());
-                m_graph.convertToConstant(node, m_graph.freeze(m_graph.globalObjectFor(node->origin.semantic)->booleanPrototype()));
-                return;
+            }
+        }
-        if (node->child1()->shouldSpeculateFinalObject()) {
-            fixEdge<FinalObjectUse>(node->child1());
-            node->clearFlags(NodeMustGenerate);
-            return;
+        }
-        if (node->child1()->shouldSpeculateArray()) {
-            fixEdge<ArrayUse>(node->child1());
-            node->clearFlags(NodeMustGenerate);
-            return;
+        }
-        if (node->child1()->shouldSpeculateFunction()) {
-            fixEdge<FunctionUse>(node->child1());
-            node->clearFlags(NodeMustGenerate);
-            return;
+        }
+    }
     void fixupToThis(Node* node)
+    {

trunk/Source/JavaScriptCore/dfg/DFGHeapLocation.cpp

-              r223523
+              r223584
         out.print("TypedArrayByteOffsetLoc");
         return;
-    case PrototypeLoc:
-        out.print("PrototypeLoc");
-        return;
     case StructureLoc:

trunk/Source/JavaScriptCore/dfg/DFGHeapLocation.h

r223523	r223584
61	61	StructureLoc,
62	62	TypedArrayByteOffsetLoc,
63		~~PrototypeLoc,~~
64	63	StackLoc,
65	64	StackPayloadLoc,

trunk/Source/JavaScriptCore/dfg/DFGNode.h

-              r223523
+              r223584
         case GetByIdFlush:
         case GetByIdWithThis:
-        case GetPrototypeOf:
         case TryGetById:
         case GetByVal:
 …
+    }
-    bool shouldSpeculateFunction()
+    {
-        return isFunctionSpeculation(prediction());
+    }
     bool shouldSpeculateProxyObject()
+    {

trunk/Source/JavaScriptCore/dfg/DFGNodeType.h

r223523	r223584
252	252	macro(CheckSubClass, NodeMustGenerate) \
253	253	macro(ParseInt, NodeMustGenerate \| NodeResultJS) \
254		~~macro(GetPrototypeOf, NodeMustGenerate \| NodeResultJS) \~~
255	254	\
256	255	/* Atomics object functions. */\

trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

-              r223523
+              r223584
 #include "JSFixedArray.h"
 #include "JSGenericTypedArrayViewConstructorInlines.h"
-#include "JSGlobalObjectFunctions.h"
 #include "JSLexicalEnvironment.h"
 #include "JSMap.h"
 …
+}
-EncodedJSValue JIT_OPERATION operationGetPrototypeOfObject(ExecState* exec, JSObject* thisObject)
+{
-    VM& vm = exec->vm();
-    NativeCallFrameTracer tracer(&vm, exec);
-    return JSValue::encode(thisObject->getPrototype(vm, exec));
+}
-EncodedJSValue JIT_OPERATION operationGetPrototypeOf(ExecState* exec, EncodedJSValue encodedValue)
+{
-    VM& vm = exec->vm();
-    NativeCallFrameTracer tracer(&vm, exec);
-    auto scope = DECLARE_THROW_SCOPE(vm);
-    JSValue thisValue = JSValue::decode(encodedValue).toThis(exec, StrictMode);
-    if (thisValue.isUndefinedOrNull())
-        return throwVMError(exec, scope, createNotAnObjectError(exec, thisValue));
-    JSObject* thisObject = jsDynamicCast<JSObject*>(vm, thisValue);
-    if (!thisObject) {
-        JSObject* prototype = thisValue.synthesizePrototype(exec);
-        EXCEPTION_ASSERT(!!scope.exception() == !prototype);
-        if (UNLIKELY(!prototype))
-            return JSValue::encode(JSValue());
-        return JSValue::encode(prototype);
+    }
-    scope.release();
-    return JSValue::encode(thisObject->getPrototype(vm, exec));
+}
 void JIT_OPERATION operationThrowDFG(ExecState* exec, EncodedJSValue valueToThrow)
+{

trunk/Source/JavaScriptCore/dfg/DFGOperations.h

r223523	r223584
78	78	EncodedJSValue JIT_OPERATION operationGetByIdWithThis(ExecState, EncodedJSValue, EncodedJSValue, UniquedStringImpl) WTF_INTERNAL;
79	79	EncodedJSValue JIT_OPERATION operationGetByValWithThis(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue) WTF_INTERNAL;
80		~~EncodedJSValue JIT_OPERATION operationGetPrototypeOf(ExecState*, EncodedJSValue) WTF_INTERNAL;~~
81		~~EncodedJSValue JIT_OPERATION operationGetPrototypeOfObject(ExecState, JSObject) WTF_INTERNAL;~~
82	80	char* JIT_OPERATION operationNewArray(ExecState, Structure, void*, size_t) WTF_INTERNAL;
83	81	char* JIT_OPERATION operationNewArrayBuffer(ExecState, Structure, size_t, size_t) WTF_INTERNAL;

trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp

-              r223523
+              r223584
         case CallDOMGetter:
         case GetDynamicVar:
+        case WeakMapGet:
+        case GetPrototypeOf: {
+        case WeakMapGet: {
             setPrediction(m_currentNode->getHeapPrediction());
             break;

trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h

r223523	r223584
402	402	case ForwardVarargs:
403	403	case CreateRest:
404		~~case GetPrototypeOf:~~
405	404	case StringReplace:
406	405	case StringReplaceRegExp:

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

-              r223523
+              r223584
+}
-void SpeculativeJIT::speculateFunction(Edge edge, GPRReg cell)
+{
-    speculateCellType(edge, cell, SpecFunction, JSFunctionType);
+}
 void SpeculativeJIT::speculateFunction(Edge edge)
+{
 …
     SpeculateCellOperand operand(this, edge);
+    speculateFunction(edge, operand.gpr());
+}
+void SpeculativeJIT::speculateFinalObject(Edge edge, GPRReg cell)
+{
+    speculateCellType(edge, cell, SpecFinalObject, FinalObjectType);
+    speculateCellType(edge, operand.gpr(), SpecFunction, JSFunctionType);
+}
 …
     SpeculateCellOperand operand(this, edge);
     speculateFinalObject(edge, operand.gpr());
+    speculateCellType(edge, operand.gpr(), SpecFinalObject, FinalObjectType);
+}
 …
+}
-void SpeculativeJIT::compileGetPrototypeOf(Node* node)
+{
-    switch (node->child1().useKind()) {
-    case ArrayUse:
-    case FunctionUse:
-    case FinalObjectUse: {
-        SpeculateCellOperand object(this, node->child1());
-        GPRTemporary temp(this);
-        GPRTemporary temp2(this);
-        GPRReg objectGPR = object.gpr();
-        GPRReg tempGPR = temp.gpr();
-        GPRReg temp2GPR = temp2.gpr();
-        switch (node->child1().useKind()) {
-        case ArrayUse:
-            speculateArray(node->child1(), objectGPR);
-            break;
-        case FunctionUse:
-            speculateFunction(node->child1(), objectGPR);
-            break;
-        case FinalObjectUse:
-            speculateFinalObject(node->child1(), objectGPR);
-            break;
-        default:
-            RELEASE_ASSERT_NOT_REACHED();
-            break;
+        }
-        m_jit.emitLoadStructure(*m_jit.vm(), objectGPR, tempGPR, temp2GPR);
-        AbstractValue& value = m_state.forNode(node->child1());
-        if ((value.m_type && !(value.m_type & ~SpecObject)) && value.m_structure.isFinite()) {
-            bool hasPolyProto = false;
-            bool hasMonoProto = false;
-            value.m_structure.forEach([&] (RegisteredStructure structure) {
-                if (structure->hasPolyProto())
-                    hasPolyProto = true;
-                else
-                    hasMonoProto = true;
-            });
-            if (hasMonoProto && !hasPolyProto) {
-#if USE(JSVALUE64)
-                m_jit.load64(MacroAssembler::Address(tempGPR, Structure::prototypeOffset()), tempGPR);
-                jsValueResult(tempGPR, node);
-#else
-                m_jit.load32(MacroAssembler::Address(tempGPR, Structure::prototypeOffset() + TagOffset), temp2GPR);
-                m_jit.load32(MacroAssembler::Address(tempGPR, Structure::prototypeOffset() + PayloadOffset), tempGPR);
-                jsValueResult(temp2GPR, tempGPR, node);
-#endif
-                return;
+            }
-            if (hasPolyProto && !hasMonoProto) {
-#if USE(JSVALUE64)
-                m_jit.load64(MacroAssembler::Address(tempGPR, Structure::prototypeOffset()), tempGPR);
-                m_jit.zeroExtend32ToPtr(tempGPR, tempGPR);
-                m_jit.load64(JITCompiler::BaseIndex(objectGPR, tempGPR, JITCompiler::TimesEight, JSObject::offsetOfInlineStorage()), tempGPR);
-                jsValueResult(tempGPR, node);
-#else
-                m_jit.load32(MacroAssembler::Address(tempGPR, Structure::prototypeOffset() + PayloadOffset), tempGPR);
-                m_jit.load32(JITCompiler::BaseIndex(objectGPR, tempGPR, JITCompiler::TimesEight, JSObject::offsetOfInlineStorage() + TagOffset), temp2GPR);
-                m_jit.load32(JITCompiler::BaseIndex(objectGPR, tempGPR, JITCompiler::TimesEight, JSObject::offsetOfInlineStorage() + PayloadOffset), tempGPR);
-                jsValueResult(temp2GPR, tempGPR, node);
-#endif
-                return;
+            }
+        }
-#if USE(JSVALUE64)
-        m_jit.load64(MacroAssembler::Address(tempGPR, Structure::prototypeOffset()), tempGPR);
-        auto isMonoProto = m_jit.branchIfNotInt32(JSValueRegs(tempGPR));
-        m_jit.zeroExtend32ToPtr(tempGPR, tempGPR);
-        m_jit.load64(JITCompiler::BaseIndex(objectGPR, tempGPR, JITCompiler::TimesEight, JSObject::offsetOfInlineStorage()), tempGPR);
-        isMonoProto.link(&m_jit);
-        jsValueResult(tempGPR, node);
-#else
-        m_jit.load32(MacroAssembler::Address(tempGPR, Structure::prototypeOffset() + TagOffset), temp2GPR);
-        m_jit.load32(MacroAssembler::Address(tempGPR, Structure::prototypeOffset() + PayloadOffset), tempGPR);
-        auto isMonoProto = m_jit.branch32(CCallHelpers::NotEqual, temp2GPR, TrustedImm32(JSValue::Int32Tag));
-        m_jit.load32(JITCompiler::BaseIndex(objectGPR, tempGPR, JITCompiler::TimesEight, JSObject::offsetOfInlineStorage() + TagOffset), temp2GPR);
-        m_jit.load32(JITCompiler::BaseIndex(objectGPR, tempGPR, JITCompiler::TimesEight, JSObject::offsetOfInlineStorage() + PayloadOffset), tempGPR);
-        isMonoProto.link(&m_jit);
-        jsValueResult(temp2GPR, tempGPR, node);
-#endif
-        return;
+    }
-    case ObjectUse: {
-        SpeculateCellOperand value(this, node->child1());
-        JSValueRegsTemporary result(this);
-        GPRReg valueGPR = value.gpr();
-        JSValueRegs resultRegs = result.regs();
-        speculateObject(node->child1(), valueGPR);
-        flushRegisters();
-        callOperation(operationGetPrototypeOfObject, resultRegs, valueGPR);
-        m_jit.exceptionCheck();
-        jsValueResult(resultRegs, node);
-        return;
+    }
-    default: {
-        JSValueOperand value(this, node->child1());
-        JSValueRegsTemporary result(this);
-        JSValueRegs valueRegs = value.jsValueRegs();
-        JSValueRegs resultRegs = result.regs();
-        flushRegisters();
-        callOperation(operationGetPrototypeOf, resultRegs, valueRegs);
-        m_jit.exceptionCheck();
-        jsValueResult(resultRegs, node);
-        return;
+    }
+    }
+}
 } } // namespace JSC::DFG

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h

-              r223523
+              r223584
         return appendCallSetResult(operation, result);
+    }
-    JITCompiler::Call callOperation(J_JITOperation_EO operation, JSValueRegs result, GPRReg object)
+    {
-        m_jit.setupArgumentsWithExecState(object);
-        return appendCallSetResult(operation, result);
+    }
     JITCompiler::Call callOperation(P_JITOperation_EPS operation, GPRReg result, GPRReg old, size_t size)
+    {
 …
     void compileLoadKeyFromMapBucket(Node*);
     void compileLoadValueFromMapBucket(Node*);
-    void compileGetPrototypeOf(Node*);
 #if USE(JSVALUE32_64)
 …
     void speculateArray(Edge, GPRReg cell);
     void speculateArray(Edge);
-    void speculateFunction(Edge, GPRReg cell);
     void speculateFunction(Edge);
-    void speculateFinalObject(Edge, GPRReg cell);
     void speculateFinalObject(Edge);
     void speculateRegExpObject(Edge, GPRReg cell);

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

-              r223523
+              r223584
     case GetTypedArrayByteOffset: {
         compileGetTypedArrayByteOffset(node);
-        break;
+    }
-    case GetPrototypeOf: {
-        compileGetPrototypeOf(node);
         break;
+    }

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

-              r223523
+              r223584
         break;
+    }
-    case GetPrototypeOf: {
-        compileGetPrototypeOf(node);
-        break;
+    }
     case GetByOffset:

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 223584 in webkit for trunk/Source/JavaScriptCore/dfg

Legend:

Download in other formats: