[JSC] JSC should have consistent InById IC
https://bugs.webkit.org/show_bug.cgi?id=185682
Reviewed by Filip Pizlo.
JSTests:
- stress/in-by-id-accessors.js: Added.
(shouldBe):
(test):
(protoGetter.proto.get hello):
(protoSetter.proto.set hello):
(i.shouldBe.test.get hello):
(i.shouldBe.test.set hello):
- stress/in-by-id-ai.js: Added.
(shouldBe):
(test):
- stress/in-by-id-custom-accessors.js: Added.
(shouldBe):
(test1):
(test2):
- stress/in-by-id-custom-values.js: Added.
(shouldBe):
(test):
- stress/in-by-id-operation.js: Added.
(shouldBe):
(test):
(selfCache):
- stress/in-by-id-proxy.js: Added.
(shouldBe):
(test):
(handler.has):
Source/JavaScriptCore:
Current our op_in IC is adhoc: It is only emitted in DFG and FTL layers,
when we found that DFG::In's parameter is constant string. We should
align this IC to the other ById ICs to clean up and remove adhoc code
in DFG and FTL.
This patch cleans up our "In" IC by aligning it to the other ById ICs.
We split op_in bytecode to op_in_by_id and op_in_by_val. op_in_by_val
is the same to the original op_in. For op_in_by_id, we use JITInByIdGenerator
to emit InById IC code. In addition, our JITInByIdGenerator and op_in_by_id
has a inline access cache for own property case, which is the same to
JITGetByIdGenerator.
And we split DFG::In to DFG::InById and DFG::InByVal. InByVal is the same
to the original In DFG node. DFG AI attempts to lower InByVal to InById
if AI figured out that the property name is a constant string. And in
InById node, we use JITInByIdGenerator code.
This patch cleans up DFG and FTL's adhoc In IC code.
In a subsequent patch, we should introduce InByIdStatus to optimize
InById in DFG and FTL. We would like to have a new InByIdStatus instead of
reusing GetByIdStatus since GetByIdStatus becomes too complicated, and
AccessCase::Types are different from them (AccessCase::InHit / InMiss).
(JSC::AccessCase::fromStructureStubInfo):
(JSC::AccessCase::generateWithGuard):
- bytecode/BytecodeDumper.cpp:
(JSC::BytecodeDumper<Block>::printInByIdCacheStatus):
(JSC::BytecodeDumper<Block>::dumpBytecode):
- bytecode/BytecodeDumper.h:
- bytecode/BytecodeList.json:
- bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
(JSC::CodeBlock::finishCreation):
- bytecode/InlineAccess.cpp:
(JSC::InlineAccess::generateSelfInAccess):
- bytecode/InlineAccess.h:
- bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::initInByIdSelf):
(JSC::StructureStubInfo::deref):
(JSC::StructureStubInfo::aboutToDie):
(JSC::StructureStubInfo::reset):
(JSC::StructureStubInfo::visitWeakReferences):
(JSC::StructureStubInfo::propagateTransitions):
- bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::patchableJump):
- bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitInByVal):
(JSC::BytecodeGenerator::emitInById):
(JSC::BytecodeGenerator::emitIn): Deleted.
- bytecompiler/BytecodeGenerator.h:
- bytecompiler/NodesCodegen.cpp:
(JSC::InNode::emitBytecode):
- dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::capabilityLevel):
(JSC::DFG::clobberize):
- dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
(JSC::DFG::doesGC):
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::addInById):
(JSC::DFG::InRecord::InRecord): Deleted.
(JSC::DFG::JITCompiler::addIn): Deleted.
(JSC::DFG::Node::convertToInById):
(JSC::DFG::Node::hasIdentifier):
(JSC::DFG::Node::hasArrayMode):
- dfg/DFGNodeType.h:
- dfg/DFGPredictionPropagationPhase.cpp:
- dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileInById):
(JSC::DFG::SpeculativeJIT::compileInByVal):
(JSC::DFG::SpeculativeJIT::compileIn): Deleted.
- dfg/DFGSpeculativeJIT.h:
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::FTL::canCompile):
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileInByVal):
(JSC::FTL::DFG::LowerDFGToB3::compileInById):
(JSC::FTL::DFG::LowerDFGToB3::compileIn): Deleted.
- jit/ICStats.h:
- jit/JIT.cpp:
(JSC::JIT::JIT):
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::link):
- jit/JIT.h:
- jit/JITInlineCacheGenerator.cpp:
(JSC::JITInByIdGenerator::JITInByIdGenerator):
(JSC::JITInByIdGenerator::generateFastPath):
- jit/JITInlineCacheGenerator.h:
(JSC::JITInByIdGenerator::JITInByIdGenerator):
- jit/JITOperations.cpp:
- jit/JITOperations.h:
- jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_in_by_id):
(JSC::JIT::emitSlow_op_in_by_id):
- jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_in_by_id):
(JSC::JIT::emitSlow_op_in_by_id):
(JSC::tryCacheInByID):
(JSC::repatchInByID):
(JSC::resetInByID):
(JSC::tryCacheIn): Deleted.
(JSC::repatchIn): Deleted.
(JSC::resetIn): Deleted.
- jit/Repatch.h:
- llint/LowLevelInterpreter.asm:
- llint/LowLevelInterpreter64.asm:
- parser/NodeConstructors.h:
(JSC::InNode::InNode):
- runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
- runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::opInByVal):
(JSC::CommonSlowPaths::opIn): Deleted.
