Changeset 292445 in webkit for trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
- Timestamp:
- Apr 5, 2022, 5:54:05 PM (3 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
r292372 r292445 80 80 , m_lastGeneratedNode(LastNodeType) 81 81 , m_indexInBlock(0) 82 , m_generationInfo(m_ jit.graph().frameRegisterCount())82 , m_generationInfo(m_graph.frameRegisterCount()) 83 83 , m_compileOkay(true) 84 , m_state(m_ jit.graph())85 , m_interpreter(m_ jit.graph(), m_state)84 , m_state(m_graph) 85 , m_interpreter(m_graph, m_state) 86 86 , m_stream(&jit.jitCode()->variableEventStream) 87 87 , m_minifiedGraph(&jit.jitCode()->minifiedDFG) … … 208 208 } else { 209 209 m_jit.move( 210 TrustedImmPtr::weakPointer(m_ jit.graph(), inlineCallFrame->calleeRecovery.constant().asCell()),210 TrustedImmPtr::weakPointer(m_graph, inlineCallFrame->calleeRecovery.constant().asCell()), 211 211 calleeGPR); 212 212 } … … 226 226 { 227 227 if (!Options::useOSRExitFuzz() 228 || !canUseOSRExitFuzzing(m_ jit.graph().baselineCodeBlockFor(m_origin.semantic))228 || !canUseOSRExitFuzzing(m_graph.baselineCodeBlockFor(m_origin.semantic)) 229 229 || !doOSRExitFuzzing()) 230 230 return MacroAssembler::Jump(); … … 271 271 } else 272 272 m_jit.appendExitInfo(jumpToFail); 273 m_jit.appendOSRExit(OSRExit(kind, jsValueSource, m_ jit.graph().methodOfGettingAValueProfileFor(m_currentNode, node), this, m_stream->size()));273 m_jit.appendOSRExit(OSRExit(kind, jsValueSource, m_graph.methodOfGettingAValueProfileFor(m_currentNode, node), this, m_stream->size())); 274 274 } 275 275 … … 286 286 } else 287 287 m_jit.appendExitInfo(jumpsToFail); 288 m_jit.appendOSRExit(OSRExit(kind, jsValueSource, m_ jit.graph().methodOfGettingAValueProfileFor(m_currentNode, node), this, m_stream->size()));288 m_jit.appendOSRExit(OSRExit(kind, jsValueSource, m_graph.methodOfGettingAValueProfileFor(m_currentNode, node), this, m_stream->size())); 289 289 } 290 290 … … 295 295 unsigned index = m_jit.m_osrExit.size(); 296 296 m_jit.appendExitInfo(); 297 m_jit.appendOSRExit(OSRExit(kind, jsValueSource, m_ jit.graph().methodOfGettingAValueProfileFor(m_currentNode, node), this, m_stream->size()));297 m_jit.appendOSRExit(OSRExit(kind, jsValueSource, m_graph.methodOfGettingAValueProfileFor(m_currentNode, node), this, m_stream->size())); 298 298 return OSRExitJumpPlaceholder(index); 299 299 } … … 320 320 unsigned recoveryIndex = m_jit.appendSpeculationRecovery(recovery); 321 321 m_jit.appendExitInfo(jumpToFail); 322 m_jit.appendOSRExit(OSRExit(kind, jsValueSource, m_ jit.graph().methodOfGettingAValueProfileFor(m_currentNode, node), this, m_stream->size(), recoveryIndex));322 m_jit.appendOSRExit(OSRExit(kind, jsValueSource, m_graph.methodOfGettingAValueProfileFor(m_currentNode, node), this, m_stream->size(), recoveryIndex)); 323 323 } 324 324 … … 513 513 ASSERT(info.gpr() == source); 514 514 if (node->hasConstant()) { 515 DFG_ASSERT(m_ jit.graph(), m_currentNode, node->isCellConstant());515 DFG_ASSERT(m_graph, m_currentNode, node->isCellConstant()); 516 516 node->asCell(); // To get the assertion. 517 517 fillAction = SetCellConstant; … … 857 857 GPRReg baseReg = base.gpr(); 858 858 859 if (arrayMode.alreadyChecked(m_ jit.graph(), node, m_state.forNode(node->child1()))) {859 if (arrayMode.alreadyChecked(m_graph, node, m_state.forNode(node->child1()))) { 860 860 // We can purge Empty check completely in this case of CheckArrayOrEmpty since CellUse only accepts SpecCell | SpecEmpty. 861 861 #if USE(JSVALUE64) … … 1018 1018 if (node->flags() & NodeHasVarArgs) { 1019 1019 for (unsigned childIdx = node->firstChild(); childIdx < node->firstChild() + node->numChildren(); childIdx++) { 1020 if (!!m_ jit.graph().m_varArgChildren[childIdx])1021 use(m_ jit.graph().m_varArgChildren[childIdx]);1020 if (!!m_graph.m_varArgChildren[childIdx]) 1021 use(m_graph.m_varArgChildren[childIdx]); 1022 1022 } 1023 1023 } else { … … 1101 1101 1102 1102 default: 1103 DFG_CRASH(m_ jit.graph(), node, "Bad use kind");1103 DFG_CRASH(m_graph, node, "Bad use kind"); 1104 1104 break; 1105 1105 } … … 1166 1166 1167 1167 default: 1168 DFG_CRASH(m_ jit.graph(), node, "Bad use kind");1168 DFG_CRASH(m_graph, node, "Bad use kind"); 1169 1169 break; 1170 1170 } … … 1212 1212 slowPath = slowPathCall( 1213 1213 slowCases, this, operationDeleteByIdOptimize, 1214 resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), gen.stubInfo(), JSValueRegs(baseGPR), node->cacheableIdentifier().rawBits(), TrustedImm32(node->ecmaMode().value()));1214 resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), TrustedImmPtr(gen.stubInfo()), JSValueRegs(baseGPR), node->cacheableIdentifier().rawBits(), TrustedImm32(node->ecmaMode().value())); 1215 1215 } 1216 1216 #else … … 1223 1223 slowPath = slowPathCall( 1224 1224 slowCases, this, operationDeleteByIdOptimize, 1225 resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), gen.stubInfo(), CCallHelpers::CellValue(baseGPR), node->cacheableIdentifier().rawBits(), TrustedImm32(node->ecmaMode().value()));1225 resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), TrustedImmPtr(gen.stubInfo()), CCallHelpers::CellValue(baseGPR), node->cacheableIdentifier().rawBits(), TrustedImm32(node->ecmaMode().value())); 1226 1226 } 1227 1227 #endif … … 1298 1298 slowPath = slowPathCall( 1299 1299 slowCases, this, operationDeleteByValOptimize, 1300 resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), gen.stubInfo(), JSValueRegs(baseGPR), keyRegs, TrustedImm32(node->ecmaMode().value()));1300 resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), TrustedImmPtr(gen.stubInfo()), JSValueRegs(baseGPR), keyRegs, TrustedImm32(node->ecmaMode().value())); 1301 1301 } 1302 1302 #else … … 1309 1309 slowPath = slowPathCall( 1310 1310 slowCases, this, operationDeleteByValOptimize, 1311 resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), gen.stubInfo(), CCallHelpers::CellValue(baseGPR), keyRegs, TrustedImm32(node->ecmaMode().value()));1311 resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), TrustedImmPtr(gen.stubInfo()), CCallHelpers::CellValue(baseGPR), keyRegs, TrustedImm32(node->ecmaMode().value())); 1312 1312 } 1313 1313 #endif … … 1379 1379 slowCases, this, operationInByIdOptimize, 1380 1380 NeedToSpill, ExceptionCheckRequirement::CheckNeeded, 1381 resultRegs, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), gen.stubInfo(), CCallHelpers::CellValue(baseGPR), node->cacheableIdentifier().rawBits());1381 resultRegs, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), TrustedImmPtr(gen.stubInfo()), CCallHelpers::CellValue(baseGPR), node->cacheableIdentifier().rawBits()); 1382 1382 } 1383 1383 … … 1429 1429 slowCases, this, operationInByValOptimize, 1430 1430 NeedToSpill, ExceptionCheckRequirement::CheckNeeded, 1431 resultRegs, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), gen.stubInfo(), nullptr, CCallHelpers::CellValue(baseGPR), keyRegs);1431 resultRegs, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), TrustedImmPtr(gen.stubInfo()), nullptr, CCallHelpers::CellValue(baseGPR), keyRegs); 1432 1432 } 1433 1433 … … 1483 1483 slowCases, this, type == AccessType::HasPrivateName ? operationHasPrivateNameOptimize : operationHasPrivateBrandOptimize, 1484 1484 NeedToSpill, ExceptionCheckRequirement::CheckNeeded, 1485 resultRegs, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), gen.stubInfo(), CCallHelpers::CellValue(baseGPR), CCallHelpers::CellValue(propertyOrBrandGPR));1485 resultRegs, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), TrustedImmPtr(gen.stubInfo()), CCallHelpers::CellValue(baseGPR), CCallHelpers::CellValue(propertyOrBrandGPR)); 1486 1486 } 1487 1487 … … 1912 1912 VM& vm = this->vm(); 1913 1913 auto nonEmptyCase = m_jit.branch32(MacroAssembler::Below, startIndexGPR, tempGPR); 1914 m_jit.move(TrustedImmPtr::weakPointer(m_ jit.graph(), jsEmptyString(vm)), tempGPR);1914 m_jit.move(TrustedImmPtr::weakPointer(m_graph, jsEmptyString(vm)), tempGPR); 1915 1915 doneCases.append(m_jit.jump()); 1916 1916 … … 1942 1942 m_jit.loadPtr(CCallHelpers::Address(tempGPR), tempGPR); 1943 1943 1944 addSlowPathGenerator(slowPathCall(bigCharacter, this, operationSingleCharacterString, tempGPR, &vm, tempGPR));1944 addSlowPathGenerator(slowPathCall(bigCharacter, this, operationSingleCharacterString, tempGPR, TrustedImmPtr(&vm), tempGPR)); 1945 1945 1946 1946 addSlowPathGenerator(slowPathCall(slowCases, this, operationStringSubstr, tempGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), stringGPR, startIndexGPR, tempGPR)); … … 2115 2115 bool emitEarlyReturn = true; 2116 2116 node->origin.semantic.walkUpInlineStack([&](CodeOrigin origin) { 2117 CodeBlock* baselineCodeBlock = m_ jit.graph().baselineCodeBlockFor(origin);2117 CodeBlock* baselineCodeBlock = m_graph.baselineCodeBlockFor(origin); 2118 2118 if (!baselineCodeBlock->loopHintsAreEligibleForFuzzingEarlyReturn()) 2119 2119 emitEarlyReturn = false; 2120 2120 }); 2121 2121 if (emitEarlyReturn) { 2122 CodeBlock* baselineCodeBlock = m_ jit.graph().baselineCodeBlockFor(node->origin.semantic);2122 CodeBlock* baselineCodeBlock = m_graph.baselineCodeBlockFor(node->origin.semantic); 2123 2123 BytecodeIndex bytecodeIndex = node->origin.semantic.bytecodeIndex(); 2124 2124 const auto* instruction = baselineCodeBlock->instructions().at(bytecodeIndex.offset()).ptr(); … … 2127 2127 m_jit.pushToSave(GPRInfo::regT0); 2128 2128 m_jit.loadPtr(ptr, GPRInfo::regT0); 2129 auto skipEarlyReturn = m_jit.branchPtr(CCallHelpers::Below, GPRInfo::regT0, CCallHelpers::TrustedImmPtr(Options::earlyReturnFromInfiniteLoopsLimit()));2129 auto skipEarlyReturn = m_jit.branchPtr(CCallHelpers::Below, GPRInfo::regT0, TrustedImmPtr(Options::earlyReturnFromInfiniteLoopsLimit())); 2130 2130 2131 2131 if constexpr (validateDFGDoesGC) { … … 2215 2215 2216 2216 if (m_block->isCatchEntrypoint) { 2217 m_jit.addPtr(CCallHelpers::TrustedImm32(-(m_ jit.graph().frameRegisterCount() * sizeof(Register))), GPRInfo::callFrameRegister, CCallHelpers::stackPointerRegister);2217 m_jit.addPtr(CCallHelpers::TrustedImm32(-(m_graph.frameRegisterCount() * sizeof(Register))), GPRInfo::callFrameRegister, CCallHelpers::stackPointerRegister); 2218 2218 m_jit.emitSaveCalleeSaves(); 2219 2219 m_jit.emitMaterializeTagCheckRegisters(); … … 2241 2241 continue; // No need to record dead SetLocal's. 2242 2242 format = dataFormatFor(variable->flushFormat()); 2243 DFG_ASSERT(m_ jit.graph(), node, !operand.isArgument() || operand.virtualRegister().toArgument() >= 0);2243 DFG_ASSERT(m_graph, node, !operand.isArgument() || operand.virtualRegister().toArgument() >= 0); 2244 2244 m_stream->appendAndLog(VariableEvent::setLocal(operand, variable->machineLocal(), format)); 2245 2245 } … … 2290 2290 dataLogLn("SpeculativeJIT generating Node @", (int)m_currentNode->index(), " (", m_currentNode->origin.semantic.bytecodeIndex().offset(), ") at JIT offset 0x", m_jit.debugOffset()); 2291 2291 2292 if (Options::validateDFGExceptionHandling() && (mayExit(m_ jit.graph(), m_currentNode) != DoesNotExit || m_currentNode->isTerminal()))2293 m_jit.jitReleaseAssertNoException( m_jit.vm());2292 if (Options::validateDFGExceptionHandling() && (mayExit(m_graph, m_currentNode) != DoesNotExit || m_currentNode->isTerminal())) 2293 m_jit.jitReleaseAssertNoException(vm()); 2294 2294 2295 2295 m_jit.pcToCodeOriginMapBuilder().appendItem(m_jit.labelIgnoringWatchpoints(), m_origin.semantic); … … 2351 2351 m_origin = NodeOrigin(CodeOrigin(BytecodeIndex(0)), CodeOrigin(BytecodeIndex(0)), true); 2352 2352 2353 auto& arguments = m_ jit.graph().m_rootToArguments.find(m_jit.graph().block(0))->value;2353 auto& arguments = m_graph.m_rootToArguments.find(m_graph.block(0))->value; 2354 2354 for (unsigned i = 0; i < m_jit.codeBlock()->numParameters(); ++i) { 2355 2355 Node* node = arguments[i]; … … 2423 2423 2424 2424 ASSERT(!m_currentNode); 2425 for (BlockIndex blockIndex = 0; blockIndex < m_ jit.graph().numBlocks(); ++blockIndex) {2425 for (BlockIndex blockIndex = 0; blockIndex < m_graph.numBlocks(); ++blockIndex) { 2426 2426 m_jit.setForBlockIndex(blockIndex); 2427 m_block = m_ jit.graph().block(blockIndex);2427 m_block = m_graph.block(blockIndex); 2428 2428 compileCurrentBlock(); 2429 2429 } … … 2434 2434 void SpeculativeJIT::createOSREntries() 2435 2435 { 2436 for (BlockIndex blockIndex = 0; blockIndex < m_ jit.graph().numBlocks(); ++blockIndex) {2437 BasicBlock* block = m_ jit.graph().block(blockIndex);2436 for (BlockIndex blockIndex = 0; blockIndex < m_graph.numBlocks(); ++blockIndex) { 2437 BasicBlock* block = m_graph.block(blockIndex); 2438 2438 if (!block) 2439 2439 continue; … … 2449 2449 { 2450 2450 unsigned osrEntryIndex = 0; 2451 for (BlockIndex blockIndex = 0; blockIndex < m_ jit.graph().numBlocks(); ++blockIndex) {2452 BasicBlock* block = m_ jit.graph().block(blockIndex);2451 for (BlockIndex blockIndex = 0; blockIndex < m_graph.numBlocks(); ++blockIndex) { 2452 BasicBlock* block = m_graph.block(blockIndex); 2453 2453 if (!block) 2454 2454 continue; … … 2456 2456 continue; 2457 2457 if (block->isCatchEntrypoint) { 2458 auto& argumentsVector = m_ jit.graph().m_rootToArguments.find(block)->value;2458 auto& argumentsVector = m_graph.m_rootToArguments.find(block)->value; 2459 2459 Vector<FlushFormat> argumentFormats; 2460 2460 argumentFormats.reserveInitialCapacity(argumentsVector.size()); … … 2475 2475 2476 2476 m_jit.jitCode()->finalizeOSREntrypoints(WTFMove(m_jit.m_osrEntry)); 2477 m_jit.jitCode()->common.finalizeCatchEntrypoints(WTFMove(m_ jit.graph().m_catchEntrypoints));2477 m_jit.jitCode()->common.finalizeCatchEntrypoints(WTFMove(m_graph.m_catchEntrypoints)); 2478 2478 2479 2479 ASSERT(osrEntryIndex == m_osrEntryHeads.size()); … … 2496 2496 2497 2497 JITCompiler::Jump needTrapHandling = m_jit.branchTest32(JITCompiler::NonZero, 2498 JITCompiler::AbsoluteAddress( m_jit.vm().traps().trapBitsAddress()),2498 JITCompiler::AbsoluteAddress(vm().traps().trapBitsAddress()), 2499 2499 TrustedImm32(VMTraps::AsyncEvents)); 2500 2500 … … 2505 2505 void SpeculativeJIT::compileContiguousPutByVal(Node* node) 2506 2506 { 2507 SpeculateCellOperand base(this, m_ jit.graph().varArgChild(node, 0));2508 SpeculateStrictInt32Operand property(this, m_ jit.graph().varArgChild(node, 1));2509 JSValueOperand value(this, m_ jit.graph().varArgChild(node, 2), ManualOperandSpeculation);2507 SpeculateCellOperand base(this, m_graph.varArgChild(node, 0)); 2508 SpeculateStrictInt32Operand property(this, m_graph.varArgChild(node, 1)); 2509 JSValueOperand value(this, m_graph.varArgChild(node, 2), ManualOperandSpeculation); 2510 2510 2511 2511 GPRReg baseReg = base.gpr(); … … 2516 2516 return; 2517 2517 2518 StorageOperand storage(this, m_ jit.graph().varArgChild(node, 3));2518 StorageOperand storage(this, m_graph.varArgChild(node, 3)); 2519 2519 GPRReg storageReg = storage.gpr(); 2520 2520 … … 2574 2574 ArrayMode arrayMode = node->arrayMode(); 2575 2575 2576 SpeculateCellOperand base(this, m_ jit.graph().varArgChild(node, 0));2577 SpeculateStrictInt32Operand property(this, m_ jit.graph().varArgChild(node, 1));2578 SpeculateDoubleOperand value(this, m_ jit.graph().varArgChild(node, 2));2576 SpeculateCellOperand base(this, m_graph.varArgChild(node, 0)); 2577 SpeculateStrictInt32Operand property(this, m_graph.varArgChild(node, 1)); 2578 SpeculateDoubleOperand value(this, m_graph.varArgChild(node, 2)); 2579 2579 2580 2580 GPRReg baseReg = base.gpr(); … … 2583 2583 2584 2584 DFG_TYPE_CHECK( 2585 JSValueRegs(), m_ jit.graph().varArgChild(node, 2), SpecFullRealNumber,2585 JSValueRegs(), m_graph.varArgChild(node, 2), SpecFullRealNumber, 2586 2586 m_jit.branchIfNaN(valueReg)); 2587 2587 … … 2589 2589 return; 2590 2590 2591 StorageOperand storage(this, m_ jit.graph().varArgChild(node, 3));2591 StorageOperand storage(this, m_graph.varArgChild(node, 3)); 2592 2592 GPRReg storageReg = storage.gpr(); 2593 2593 … … 2648 2648 { 2649 2649 ArrayMode arrayMode = node->arrayMode().modeForPut(); 2650 Edge child1 = m_ jit.graph().varArgChild(node, 0);2651 Edge child2 = m_ jit.graph().varArgChild(node, 1);2652 Edge child3 = m_ jit.graph().varArgChild(node, 2);2653 Edge child4 = m_ jit.graph().varArgChild(node, 3);2650 Edge child1 = m_graph.varArgChild(node, 0); 2651 Edge child2 = m_graph.varArgChild(node, 1); 2652 Edge child3 = m_graph.varArgChild(node, 2); 2653 Edge child4 = m_graph.varArgChild(node, 3); 2654 2654 2655 2655 switch (arrayMode.type()) { … … 2667 2667 case Array::BigUint64Array: 2668 2668 #endif 2669 DFG_CRASH(m_ jit.graph(), node, "Bad array mode type");2669 DFG_CRASH(m_graph, node, "Bad array mode type"); 2670 2670 break; 2671 2671 #if USE(JSVALUE64) … … 2674 2674 #endif 2675 2675 case Array::Generic: { 2676 DFG_ASSERT(m_ jit.graph(), node, node->op() == PutByVal || node->op() == PutByValDirect, node->op());2676 DFG_ASSERT(m_graph, node, node->op() == PutByVal || node->op() == PutByValDirect, node->op()); 2677 2677 if (m_graph.m_slowPutByVal.contains(node) || (child1.useKind() != CellUse && child1.useKind() != KnownCellUse)) { 2678 2678 if (child1.useKind() == CellUse || child1.useKind() == KnownCellUse) { … … 2756 2756 slowPath = slowPathCall( 2757 2757 slowCases, this, operation, 2758 NoResult, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), baseRegs, propertyRegs, valueRegs, gen.stubInfo(), nullptr);2758 NoResult, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), baseRegs, propertyRegs, valueRegs, TrustedImmPtr(gen.stubInfo()), nullptr); 2759 2759 } 2760 2760 … … 2950 2950 addSlowPathGenerator( 2951 2951 slowPathCall( 2952 bigCharacter, this, operationSingleCharacterString, scratchReg, &vm, scratchReg));2952 bigCharacter, this, operationSingleCharacterString, scratchReg, TrustedImmPtr(&vm), scratchReg)); 2953 2953 2954 2954 if (node->arrayMode().isOutOfBounds()) { … … 2970 2970 // indexed properties either. 2971 2971 // https://bugs.webkit.org/show_bug.cgi?id=144668 2972 m_ jit.graph().registerAndWatchStructureTransition(stringPrototypeStructure);2973 m_ jit.graph().registerAndWatchStructureTransition(objectPrototypeStructure);2972 m_graph.registerAndWatchStructureTransition(stringPrototypeStructure); 2973 m_graph.registerAndWatchStructureTransition(objectPrototypeStructure); 2974 2974 2975 2975 addSlowPathGenerator(makeUnique<SaneStringGetByValSlowPathGenerator>( … … 3526 3526 static constexpr double byteMax = 255; 3527 3527 static constexpr double half = 0.5; 3528 jit.loadDouble( JITCompiler::TrustedImmPtr(&zero), scratch);3528 jit.loadDouble(SpeculativeJIT::TrustedImmPtr(&zero), scratch); 3529 3529 MacroAssembler::Jump tooSmall = jit.branchDouble(MacroAssembler::DoubleLessThanOrEqualOrUnordered, source, scratch); 3530 jit.loadDouble( JITCompiler::TrustedImmPtr(&byteMax), scratch);3530 jit.loadDouble(SpeculativeJIT::TrustedImmPtr(&byteMax), scratch); 3531 3531 MacroAssembler::Jump tooBig = jit.branchDouble(MacroAssembler::DoubleGreaterThanAndOrdered, source, scratch); 3532 3532 3533 jit.loadDouble( JITCompiler::TrustedImmPtr(&half), scratch);3533 jit.loadDouble(SpeculativeJIT::TrustedImmPtr(&half), scratch); 3534 3534 // FIXME: This should probably just use a floating point round! 3535 3535 // https://bugs.webkit.org/show_bug.cgi?id=72054 … … 3554 3554 if (node->op() == PutByValAlias) 3555 3555 return JITCompiler::Jump(); 3556 JSArrayBufferView* view = m_ jit.graph().tryGetFoldableView(3557 m_state.forNode(m_ jit.graph().child(node, 0)).m_value, node->arrayMode());3556 JSArrayBufferView* view = m_graph.tryGetFoldableView( 3557 m_state.forNode(m_graph.child(node, 0)).m_value, node->arrayMode()); 3558 3558 if (view) { 3559 3559 size_t length = view->length(); 3560 Node* indexNode = m_ jit.graph().child(node, 1).node();3560 Node* indexNode = m_graph.child(node, 1).node(); 3561 3561 if (indexNode->isAnyIntConstant() && static_cast<uint64_t>(indexNode->asAnyInt()) < length) 3562 3562 return JITCompiler::Jump(); … … 3883 3883 ASSERT(isInt(type)); 3884 3884 3885 SpeculateCellOperand base(this, m_ jit.graph().varArgChild(node, 0));3886 SpeculateStrictInt32Operand property(this, m_ jit.graph().varArgChild(node, 1));3887 StorageOperand storage(this, m_ jit.graph().varArgChild(node, 3));3885 SpeculateCellOperand base(this, m_graph.varArgChild(node, 0)); 3886 SpeculateStrictInt32Operand property(this, m_graph.varArgChild(node, 1)); 3887 StorageOperand storage(this, m_graph.varArgChild(node, 3)); 3888 3888 3889 3889 GPRTemporary scratch(this); … … 3905 3905 propertyTag, valueTag, 3906 3906 #endif 3907 m_ jit.graph().varArgChild(node, 2), slowPathCases, isClamped(type));3907 m_graph.varArgChild(node, 2), slowPathCases, isClamped(type)); 3908 3908 if (!result) { 3909 3909 noResult(node); … … 4003 4003 ASSERT(isFloat(type)); 4004 4004 4005 SpeculateCellOperand base(this, m_ jit.graph().varArgChild(node, 0));4006 SpeculateStrictInt32Operand property(this, m_ jit.graph().varArgChild(node, 1));4007 SpeculateDoubleOperand valueOp(this, m_ jit.graph().varArgChild(node, 2));4008 StorageOperand storage(this, m_ jit.graph().varArgChild(node, 3));4005 SpeculateCellOperand base(this, m_graph.varArgChild(node, 0)); 4006 SpeculateStrictInt32Operand property(this, m_graph.varArgChild(node, 1)); 4007 SpeculateDoubleOperand valueOp(this, m_graph.varArgChild(node, 2)); 4008 StorageOperand storage(this, m_graph.varArgChild(node, 3)); 4009 4009 4010 4010 FPRTemporary scratch(this); … … 4110 4110 } 4111 4111 default: 4112 DFG_CRASH(m_ jit.graph(), node, "Bad use kind");4112 DFG_CRASH(m_graph, node, "Bad use kind"); 4113 4113 } 4114 4114 } … … 4116 4116 void SpeculativeJIT::compileGetPrivateNameByVal(Node* node, JSValueRegs base, JSValueRegs property) 4117 4117 { 4118 DFG_ASSERT(m_ jit.graph(), node, node->op() == GetPrivateName);4119 DFG_ASSERT(m_ jit.graph(), node, m_graph.child(node, 1).useKind() == SymbolUse);4118 DFG_ASSERT(m_graph, node, node->op() == GetPrivateName); 4119 DFG_ASSERT(m_graph, node, m_graph.child(node, 1).useKind() == SymbolUse); 4120 4120 4121 4121 std::optional<GPRTemporary> stubInfo; … … 4157 4157 return slowPathCall( 4158 4158 slowCases, this, operationGetPrivateNameOptimize, 4159 result.regs(), TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), gen.stubInfo(),4159 result.regs(), TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), TrustedImmPtr(gen.stubInfo()), 4160 4160 base, CCallHelpers::CellValue(property.payloadGPR())); 4161 4161 }; … … 4223 4223 4224 4224 default: 4225 DFG_CRASH(m_ jit.graph(), node, "Bad use kind");4225 DFG_CRASH(m_graph, node, "Bad use kind"); 4226 4226 break; 4227 4227 } … … 4230 4230 void SpeculativeJIT::compilePutByValForCellWithString(Node* node) 4231 4231 { 4232 SpeculateCellOperand arg1(this, m_ jit.graph().varArgChild(node, 0));4233 SpeculateCellOperand arg2(this, m_ jit.graph().varArgChild(node, 1));4234 JSValueOperand arg3(this, m_ jit.graph().varArgChild(node, 2));4232 SpeculateCellOperand arg1(this, m_graph.varArgChild(node, 0)); 4233 SpeculateCellOperand arg2(this, m_graph.varArgChild(node, 1)); 4234 JSValueOperand arg3(this, m_graph.varArgChild(node, 2)); 4235 4235 4236 4236 GPRReg arg1GPR = arg1.gpr(); … … 4238 4238 JSValueRegs arg3Regs = arg3.jsValueRegs(); 4239 4239 4240 speculateString(m_ jit.graph().varArgChild(node, 1), arg2GPR);4240 speculateString(m_graph.varArgChild(node, 1), arg2GPR); 4241 4241 4242 4242 flushRegisters(); … … 4253 4253 void SpeculativeJIT::compilePutByValForCellWithSymbol(Node* node) 4254 4254 { 4255 SpeculateCellOperand arg1(this, m_ jit.graph().varArgChild(node, 0));4256 SpeculateCellOperand arg2(this, m_ jit.graph().varArgChild(node, 1));4257 JSValueOperand arg3(this, m_ jit.graph().varArgChild(node, 2));4255 SpeculateCellOperand arg1(this, m_graph.varArgChild(node, 0)); 4256 SpeculateCellOperand arg2(this, m_graph.varArgChild(node, 1)); 4257 JSValueOperand arg3(this, m_graph.varArgChild(node, 2)); 4258 4258 4259 4259 GPRReg arg1GPR = arg1.gpr(); … … 4261 4261 JSValueRegs arg3Regs = arg3.jsValueRegs(); 4262 4262 4263 speculateSymbol(m_ jit.graph().varArgChild(node, 1), arg2GPR);4263 speculateSymbol(m_graph.varArgChild(node, 1), arg2GPR); 4264 4264 4265 4265 flushRegisters(); … … 4360 4360 slowPath = slowPathCall( 4361 4361 slowCases, this, operation, 4362 NoResult, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), CCallHelpers::CellValue(baseGPR), CCallHelpers::CellValue(propertyGPR), valueRegs, gen.stubInfo(), nullptr);4362 NoResult, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), CCallHelpers::CellValue(baseGPR), CCallHelpers::CellValue(propertyGPR), valueRegs, TrustedImmPtr(gen.stubInfo()), nullptr); 4363 4363 } 4364 4364 … … 4438 4438 slowPath = slowPathCall( 4439 4439 slowCases, this, operationCheckPrivateBrandOptimize, NoResult, 4440 TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), gen.stubInfo(), baseRegs, CCallHelpers::CellValue(brandGPR));4440 TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), TrustedImmPtr(gen.stubInfo()), baseRegs, CCallHelpers::CellValue(brandGPR)); 4441 4441 } 4442 4442 … … 4486 4486 slowPath = slowPathCall( 4487 4487 slowCases, this, operationSetPrivateBrandOptimize, NoResult, 4488 TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), gen.stubInfo(), CCallHelpers::CellValue(baseGPR), CCallHelpers::CellValue(brandGPR));4488 TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), TrustedImmPtr(gen.stubInfo()), CCallHelpers::CellValue(baseGPR), CCallHelpers::CellValue(brandGPR)); 4489 4489 } 4490 4490 … … 4625 4625 } else { 4626 4626 slowPath = slowPathCall( 4627 slowCases, this, operationInstanceOfOptimize, resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), gen.stubInfo(), valueRegs, prototypeRegs);4627 slowCases, this, operationInstanceOfOptimize, resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), TrustedImmPtr(gen.stubInfo()), valueRegs, prototypeRegs); 4628 4628 } 4629 4629 … … 4663 4663 #endif 4664 4664 4665 DFG_ASSERT(m_ jit.graph(), node, node->child1().useKind() == UntypedUse);4666 DFG_ASSERT(m_ jit.graph(), node, node->child2().useKind() == UntypedUse);4665 DFG_ASSERT(m_graph, node, node->child1().useKind() == UntypedUse); 4666 DFG_ASSERT(m_graph, node, node->child2().useKind() == UntypedUse); 4667 4667 4668 4668 std::optional<GPRTemporary> stubInfo; … … 4777 4777 Edge& rightChild = node->child2(); 4778 4778 4779 DFG_ASSERT(m_ jit.graph(), node, node->isBinaryUseKind(UntypedUse) || node->isBinaryUseKind(AnyBigIntUse) || node->isBinaryUseKind(HeapBigIntUse) || node->isBinaryUseKind(BigInt32Use));4779 DFG_ASSERT(m_graph, node, node->isBinaryUseKind(UntypedUse) || node->isBinaryUseKind(AnyBigIntUse) || node->isBinaryUseKind(HeapBigIntUse) || node->isBinaryUseKind(BigInt32Use)); 4780 4780 4781 4781 if (isKnownNotNumber(leftChild.node()) || isKnownNotNumber(rightChild.node())) { … … 5262 5262 } 5263 5263 5264 CodeBlock* baselineCodeBlock = m_ jit.graph().baselineCodeBlockFor(node->origin.semantic);5264 CodeBlock* baselineCodeBlock = m_graph.baselineCodeBlockFor(node->origin.semantic); 5265 5265 BytecodeIndex bytecodeIndex = node->origin.semantic.bytecodeIndex(); 5266 5266 BinaryArithProfile* arithProfile = baselineCodeBlock->binaryArithProfileForBytecodeIndex(bytecodeIndex); … … 5346 5346 } 5347 5347 5348 CodeBlock* baselineCodeBlock = m_ jit.graph().baselineCodeBlockFor(node->origin.semantic);5348 CodeBlock* baselineCodeBlock = m_graph.baselineCodeBlockFor(node->origin.semantic); 5349 5349 BytecodeIndex bytecodeIndex = node->origin.semantic.bytecodeIndex(); 5350 5350 BinaryArithProfile* arithProfile = baselineCodeBlock->binaryArithProfileForBytecodeIndex(bytecodeIndex); … … 5609 5609 if (node->identifierNumber() != UINT32_MAX) 5610 5610 errorMessage = identifierUID(node->identifierNumber()); 5611 addSlowPathGenerator(slowPathCall(slowCases, this, operationToObject, resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), valueRegs, errorMessage));5611 addSlowPathGenerator(slowPathCall(slowCases, this, operationToObject, resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), valueRegs, TrustedImmPtr(errorMessage))); 5612 5612 } else 5613 5613 addSlowPathGenerator(slowPathCall(slowCases, this, operationCallObjectConstructor, resultGPR, TrustedImmPtr(node->cellOperand()), valueRegs)); … … 5750 5750 5751 5751 default: { 5752 DFG_ASSERT(m_ jit.graph(), node, node->child1().useKind() == UntypedUse, node->child1().useKind());5752 DFG_ASSERT(m_graph, node, node->child1().useKind() == UntypedUse, node->child1().useKind()); 5753 5753 JSValueOperand op1(this, node->child1()); 5754 5754 JSValueRegs op1Regs = op1.jsValueRegs(); … … 5928 5928 { 5929 5929 // FIXME: add a fast path, at least for BigInt32, but probably also for HeapBigInt here. 5930 CodeBlock* baselineCodeBlock = m_ jit.graph().baselineCodeBlockFor(node->origin.semantic);5930 CodeBlock* baselineCodeBlock = m_graph.baselineCodeBlockFor(node->origin.semantic); 5931 5931 BytecodeIndex bytecodeIndex = node->origin.semantic.bytecodeIndex(); 5932 5932 UnaryArithProfile* arithProfile = baselineCodeBlock->unaryArithProfileForBytecodeIndex(bytecodeIndex); … … 6172 6172 } 6173 6173 6174 CodeBlock* baselineCodeBlock = m_ jit.graph().baselineCodeBlockFor(node->origin.semantic);6174 CodeBlock* baselineCodeBlock = m_graph.baselineCodeBlockFor(node->origin.semantic); 6175 6175 BytecodeIndex bytecodeIndex = node->origin.semantic.bytecodeIndex(); 6176 6176 BinaryArithProfile* arithProfile = baselineCodeBlock->binaryArithProfileForBytecodeIndex(bytecodeIndex); … … 6645 6645 } 6646 6646 6647 DFG_ASSERT(m_ jit.graph(), node, node->binaryUseKind() == UntypedUse || node->binaryUseKind() == AnyBigIntUse || node->binaryUseKind() == BigInt32Use, node->binaryUseKind());6647 DFG_ASSERT(m_graph, node, node->binaryUseKind() == UntypedUse || node->binaryUseKind() == AnyBigIntUse || node->binaryUseKind() == BigInt32Use, node->binaryUseKind()); 6648 6648 JSValueOperand op1(this, leftChild, ManualOperandSpeculation); 6649 6649 JSValueOperand op2(this, rightChild, ManualOperandSpeculation); … … 7033 7033 } 7034 7034 7035 DFG_ASSERT(m_ jit.graph(), node, node->child1().useKind() == UntypedUse, node->child1().useKind());7035 DFG_ASSERT(m_graph, node, node->child1().useKind() == UntypedUse, node->child1().useKind()); 7036 7036 7037 7037 JSValueOperand argument(this, node->child1()); … … 7165 7165 7166 7166 default: 7167 DFG_CRASH(m_ jit.graph(), node, "Bad use kind");7167 DFG_CRASH(m_graph, node, "Bad use kind"); 7168 7168 break; 7169 7169 } … … 7178 7178 7179 7179 static constexpr double oneConstant = 1.0; 7180 assembler.loadDouble( MacroAssembler::TrustedImmPtr(&oneConstant), result);7180 assembler.loadDouble(SpeculativeJIT::TrustedImmPtr(&oneConstant), result); 7181 7181 7182 7182 MacroAssembler::Label startLoop(assembler.label()); … … 7220 7220 } 7221 7221 7222 DFG_ASSERT(m_ jit.graph(), node, node->binaryUseKind() == UntypedUse || node->binaryUseKind() == AnyBigIntUse || node->binaryUseKind() == BigInt32Use, node->binaryUseKind());7222 DFG_ASSERT(m_graph, node, node->binaryUseKind() == UntypedUse || node->binaryUseKind() == AnyBigIntUse || node->binaryUseKind() == BigInt32Use, node->binaryUseKind()); 7223 7223 7224 7224 JSValueOperand left(this, leftChild, ManualOperandSpeculation); … … 8237 8237 GPRReg eqGPR = eq.gpr(); 8238 8238 8239 m_jit.move(TrustedImmPtr::weakPointer(m_ jit.graph(), jsEmptyString(vm())), eqGPR);8239 m_jit.move(TrustedImmPtr::weakPointer(m_graph, jsEmptyString(vm())), eqGPR); 8240 8240 m_jit.comparePtr(invert ? CCallHelpers::Equal : CCallHelpers::NotEqual, strGPR, eqGPR, eqGPR); 8241 8241 unblessedBooleanResult(eqGPR, node); … … 8254 8254 valueRegs, node->child1(), (~SpecCellCheck) | SpecString, m_jit.branchIfNotString(cellGPR)); 8255 8255 8256 m_jit.move(TrustedImmPtr::weakPointer(m_ jit.graph(), jsEmptyString(vm())), tempGPR);8256 m_jit.move(TrustedImmPtr::weakPointer(m_graph, jsEmptyString(vm())), tempGPR); 8257 8257 m_jit.comparePtr(invert ? CCallHelpers::Equal : CCallHelpers::NotEqual, cellGPR, tempGPR, tempGPR); 8258 8258 auto done = m_jit.jump(); … … 8275 8275 speculateString(nodeUse, strGPR); 8276 8276 8277 branchPtr(CCallHelpers::Equal, strGPR, TrustedImmPtr::weakPointer(m_ jit.graph(), jsEmptyString(vm())), notTaken);8277 branchPtr(CCallHelpers::Equal, strGPR, TrustedImmPtr::weakPointer(m_graph, jsEmptyString(vm())), notTaken); 8278 8278 jump(taken); 8279 8279 … … 8292 8292 DFG_TYPE_CHECK(valueRegs, nodeUse, (~SpecCellCheck) | SpecString, m_jit.branchIfNotString(cellGPR)); 8293 8293 8294 branchPtr(CCallHelpers::Equal, cellGPR, TrustedImmPtr::weakPointer(m_ jit.graph(), jsEmptyString(vm())), notTaken);8294 branchPtr(CCallHelpers::Equal, cellGPR, TrustedImmPtr::weakPointer(m_graph, jsEmptyString(vm())), notTaken); 8295 8295 jump(taken, ForceJump); 8296 8296 … … 8332 8332 VM& vm = this->vm(); 8333 8333 if (vm.primitiveGigacageEnabled().isStillValid()) 8334 m_ jit.graph().watchpoints().addLazily(vm.primitiveGigacageEnabled());8334 m_graph.watchpoints().addLazily(vm.primitiveGigacageEnabled()); 8335 8335 else { 8336 8336 untagArrayPtr(); … … 8576 8576 GPRTemporary result(this); 8577 8577 GPRReg resultGPR = result.gpr(); 8578 auto* globalObject = m_ jit.graph().globalObjectFor(node->origin.semantic);8578 auto* globalObject = m_graph.globalObjectFor(node->origin.semantic); 8579 8579 m_jit.loadPtr(globalObject->addressOfGlobalThis(), resultGPR); 8580 8580 cellResult(resultGPR, node); … … 8739 8739 8740 8740 m_jit.storePtr(scopeGPR, JITCompiler::Address(resultGPR, JSFunction::offsetOfScopeChain())); 8741 m_jit.storePtr(TrustedImmPtr::weakPointer(m_ jit.graph(), executable), JITCompiler::Address(resultGPR, JSFunction::offsetOfExecutableOrRareData()));8741 m_jit.storePtr(TrustedImmPtr::weakPointer(m_graph, executable), JITCompiler::Address(resultGPR, JSFunction::offsetOfExecutableOrRareData())); 8742 8742 m_jit.mutatorFence(vm()); 8743 8743 } … … 8760 8760 8761 8761 if (nodeType == NewGeneratorFunction) 8762 callOperation(operationNewGeneratorFunction, resultGPR, &vm(), scopeGPR, executable);8762 callOperation(operationNewGeneratorFunction, resultGPR, TrustedImmPtr(&vm()), scopeGPR, TrustedImmPtr::weakPointer(m_graph, executable)); 8763 8763 else if (nodeType == NewAsyncFunction) 8764 callOperation(operationNewAsyncFunction, resultGPR, &vm(), scopeGPR, executable);8764 callOperation(operationNewAsyncFunction, resultGPR, TrustedImmPtr(&vm()), scopeGPR, TrustedImmPtr::weakPointer(m_graph, executable)); 8765 8765 else if (nodeType == NewAsyncGeneratorFunction) 8766 callOperation(operationNewAsyncGeneratorFunction, resultGPR, &vm(), scopeGPR, executable);8766 callOperation(operationNewAsyncGeneratorFunction, resultGPR, TrustedImmPtr(&vm()), scopeGPR, TrustedImmPtr::weakPointer(m_graph, executable)); 8767 8767 else 8768 callOperation(operationNewFunction, resultGPR, &vm(), scopeGPR, executable);8768 callOperation(operationNewFunction, resultGPR, TrustedImmPtr(&vm()), scopeGPR, TrustedImmPtr::weakPointer(m_graph, executable)); 8769 8769 m_jit.exceptionCheck(); 8770 8770 cellResult(resultGPR, node); … … 8772 8772 } 8773 8773 8774 RegisteredStructure structure = m_ jit.graph().registerStructure(8774 RegisteredStructure structure = m_graph.registerStructure( 8775 8775 [&] () { 8776 JSGlobalObject* globalObject = m_ jit.graph().globalObjectFor(node->origin.semantic);8776 JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic); 8777 8777 switch (nodeType) { 8778 8778 case NewGeneratorFunction: … … 8802 8802 compileNewFunctionCommon<JSFunction>(resultGPR, structure, scratch1GPR, scratch2GPR, scopeGPR, slowPath, JSFunction::allocationSize(0), executable); 8803 8803 8804 addSlowPathGenerator(slowPathCall(slowPath, this, operationNewFunctionWithInvalidatedReallocationWatchpoint, resultGPR, &vm(), scopeGPR, executable));8804 addSlowPathGenerator(slowPathCall(slowPath, this, operationNewFunctionWithInvalidatedReallocationWatchpoint, resultGPR, TrustedImmPtr(&vm()), scopeGPR, TrustedImmPtr::weakPointer(m_graph, executable))); 8805 8805 } 8806 8806 … … 8808 8808 compileNewFunctionCommon<JSGeneratorFunction>(resultGPR, structure, scratch1GPR, scratch2GPR, scopeGPR, slowPath, JSGeneratorFunction::allocationSize(0), executable); 8809 8809 8810 addSlowPathGenerator(slowPathCall(slowPath, this, operationNewGeneratorFunctionWithInvalidatedReallocationWatchpoint, resultGPR, &vm(), scopeGPR, executable));8810 addSlowPathGenerator(slowPathCall(slowPath, this, operationNewGeneratorFunctionWithInvalidatedReallocationWatchpoint, resultGPR, TrustedImmPtr(&vm()), scopeGPR, TrustedImmPtr::weakPointer(m_graph, executable))); 8811 8811 } 8812 8812 … … 8814 8814 compileNewFunctionCommon<JSAsyncFunction>(resultGPR, structure, scratch1GPR, scratch2GPR, scopeGPR, slowPath, JSAsyncFunction::allocationSize(0), executable); 8815 8815 8816 addSlowPathGenerator(slowPathCall(slowPath, this, operationNewAsyncFunctionWithInvalidatedReallocationWatchpoint, resultGPR, &vm(), scopeGPR, executable));8816 addSlowPathGenerator(slowPathCall(slowPath, this, operationNewAsyncFunctionWithInvalidatedReallocationWatchpoint, resultGPR, TrustedImmPtr(&vm()), scopeGPR, TrustedImmPtr::weakPointer(m_graph, executable))); 8817 8817 } 8818 8818 … … 8820 8820 compileNewFunctionCommon<JSAsyncGeneratorFunction>(resultGPR, structure, scratch1GPR, scratch2GPR, scopeGPR, slowPath, JSAsyncGeneratorFunction::allocationSize(0), executable); 8821 8821 8822 addSlowPathGenerator(slowPathCall(slowPath, this, operationNewAsyncGeneratorFunctionWithInvalidatedReallocationWatchpoint, resultGPR, &vm(), scopeGPR, executable));8822 addSlowPathGenerator(slowPathCall(slowPath, this, operationNewAsyncGeneratorFunctionWithInvalidatedReallocationWatchpoint, resultGPR, TrustedImmPtr(&vm()), scopeGPR, TrustedImmPtr::weakPointer(m_graph, executable))); 8823 8823 } 8824 8824 … … 8965 8965 { 8966 8966 SymbolTable* table = node->castOperand<SymbolTable*>(); 8967 RegisteredStructure structure = m_ jit.graph().registerStructure(m_jit.graph().globalObjectFor(8967 RegisteredStructure structure = m_graph.registerStructure(m_graph.globalObjectFor( 8968 8968 node->origin.semantic)->activationStructure()); 8969 8969 … … 8987 8987 #if USE(JSVALUE64) 8988 8988 callOperation(operationCreateActivationDirect, 8989 resultGPR, &vm(), structure, scopeGPR, table, TrustedImm64(JSValue::encode(initializationValue)));8989 resultGPR, TrustedImmPtr(&vm()), structure, scopeGPR, TrustedImmPtr::weakPointer(m_graph, table), TrustedImm64(JSValue::encode(initializationValue))); 8990 8990 #else 8991 8991 callOperation(operationCreateActivationDirect, 8992 resultGPR, &vm(), structure, scopeGPR, table, initializationRegs);8992 resultGPR, TrustedImmPtr(&vm()), structure, scopeGPR, TrustedImmPtr::weakPointer(m_graph, table), initializationRegs); 8993 8993 #endif 8994 8994 m_jit.exceptionCheck(); … … 9036 9036 addSlowPathGenerator( 9037 9037 slowPathCall( 9038 slowPath, this, operationCreateActivationDirect, resultGPR, &vm(), structure, scopeGPR, table, TrustedImm64(JSValue::encode(initializationValue))));9038 slowPath, this, operationCreateActivationDirect, resultGPR, TrustedImmPtr(&vm()), structure, scopeGPR, TrustedImmPtr::weakPointer(m_graph, table), TrustedImm64(JSValue::encode(initializationValue)))); 9039 9039 #else 9040 9040 addSlowPathGenerator( 9041 9041 slowPathCall( 9042 slowPath, this, operationCreateActivationDirect, resultGPR, &vm(), structure, scopeGPR, table, initializationRegs));9042 slowPath, this, operationCreateActivationDirect, resultGPR, TrustedImmPtr(&vm()), structure, scopeGPR, TrustedImmPtr::weakPointer(m_graph, table), initializationRegs)); 9043 9043 #endif 9044 9044 … … 9062 9062 JSValueRegs valueRegs = JSValueRegs::withTwoAvailableRegs(scratch1GPR, scratch2GPR); 9063 9063 9064 unsigned minCapacity = m_ jit.graph().baselineCodeBlockFor(node->origin.semantic)->numParameters() - 1;9064 unsigned minCapacity = m_graph.baselineCodeBlockFor(node->origin.semantic)->numParameters() - 1; 9065 9065 9066 9066 unsigned knownLength; … … 9085 9085 9086 9086 RegisteredStructure structure = 9087 m_ jit.graph().registerStructure(m_jit.graph().globalObjectFor(node->origin.semantic)->directArgumentsStructure());9087 m_graph.registerStructure(m_graph.globalObjectFor(node->origin.semantic)->directArgumentsStructure()); 9088 9088 9089 9089 // Use a different strategy for allocating the object depending on whether we know its … … 9135 9135 addSlowPathGenerator( 9136 9136 slowPathCall( 9137 slowPath, this, operationCreateDirectArguments, resultGPR, &vm(), structure,9137 slowPath, this, operationCreateDirectArguments, resultGPR, TrustedImmPtr(&vm()), structure, 9138 9138 knownLength, minCapacity)); 9139 9139 } else { … … 9152 9152 m_jit.move( 9153 9153 TrustedImmPtr::weakPointer( 9154 m_ jit.graph(), inlineCallFrame->calleeRecovery.constant().asCell()),9154 m_graph, inlineCallFrame->calleeRecovery.constant().asCell()), 9155 9155 scratch1GPR); 9156 9156 } … … 9270 9270 1, [&] (GPRReg destGPR) { 9271 9271 m_jit.move( 9272 TrustedImmPtr::weakPointer(m_ jit.graph(), globalObject->scopedArgumentsStructure()),9272 TrustedImmPtr::weakPointer(m_graph, globalObject->scopedArgumentsStructure()), 9273 9273 destGPR); 9274 9274 }); … … 9300 9300 m_jit.move( 9301 9301 TrustedImmPtr::weakPointer( 9302 m_ jit.graph(), globalObject->clonedArgumentsStructure()),9302 m_graph, globalObject->clonedArgumentsStructure()), 9303 9303 destGPR); 9304 9304 }); … … 9337 9337 ASSERT(node->op() == CreateRest); 9338 9338 9339 if (m_ jit.graph().isWatchingHavingABadTimeWatchpoint(node)) {9339 if (m_graph.isWatchingHavingABadTimeWatchpoint(node)) { 9340 9340 SpeculateStrictInt32Operand arrayLength(this, node->child1()); 9341 9341 GPRTemporary arrayResult(this); … … 9349 9349 // arguments to have arrayLength exceed MIN_ARRAY_STORAGE_CONSTRUCTION_LENGTH. 9350 9350 bool shouldAllowForArrayStorageStructureForLargeArrays = false; 9351 compileAllocateNewArrayWithSize(m_ jit.graph().globalObjectFor(node->origin.semantic), arrayResultGPR, arrayLengthGPR, ArrayWithContiguous, shouldAllowForArrayStorageStructureForLargeArrays);9351 compileAllocateNewArrayWithSize(m_graph.globalObjectFor(node->origin.semantic), arrayResultGPR, arrayLengthGPR, ArrayWithContiguous, shouldAllowForArrayStorageStructureForLargeArrays); 9352 9352 9353 9353 GPRTemporary argumentsStart(this); … … 9410 9410 speculateArray(node->child1(), argument); 9411 9411 9412 if (m_ jit.graph().canDoFastSpread(node, m_state.forNode(node->child1()))) {9412 if (m_graph.canDoFastSpread(node, m_state.forNode(node->child1()))) { 9413 9413 #if USE(JSVALUE64) 9414 9414 GPRTemporary result(this); … … 9448 9448 m_jit.add32(TrustedImm32(JSImmutableButterfly::offsetOfData()), scratch1GPR); 9449 9449 9450 m_jit.emitAllocateVariableSizedCell<JSImmutableButterfly>(vm(), resultGPR, TrustedImmPtr(m_ jit.graph().registerStructure(m_jit.graph().m_vm.immutableButterflyStructures[arrayIndexFromIndexingType(CopyOnWriteArrayWithContiguous) - NumberOfIndexingShapes].get())), scratch1GPR, scratch1GPR, scratch2GPR, slowPath);9450 m_jit.emitAllocateVariableSizedCell<JSImmutableButterfly>(vm(), resultGPR, TrustedImmPtr(m_graph.registerStructure(m_graph.m_vm.immutableButterflyStructures[arrayIndexFromIndexingType(CopyOnWriteArrayWithContiguous) - NumberOfIndexingShapes].get())), scratch1GPR, scratch1GPR, scratch2GPR, slowPath); 9451 9451 m_jit.store32(lengthGPR, MacroAssembler::Address(resultGPR, JSImmutableButterfly::offsetOfPublicLength())); 9452 9452 m_jit.store32(lengthGPR, MacroAssembler::Address(resultGPR, JSImmutableButterfly::offsetOfVectorLength())); … … 9515 9515 void SpeculativeJIT::compileNewArray(Node* node) 9516 9516 { 9517 JSGlobalObject* globalObject = m_ jit.graph().globalObjectFor(node->origin.semantic);9518 RegisteredStructure structure = m_ jit.graph().registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()));9517 JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic); 9518 RegisteredStructure structure = m_graph.registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType())); 9519 9519 if (!globalObject->isHavingABadTime() && !hasAnyArrayStorage(node->indexingType())) { 9520 9520 unsigned numElements = node->numChildren(); … … 9525 9525 // uninitialized contiguous JSArray, which ensures that we will never produce a half-baked JSArray. 9526 9526 for (unsigned operandIndex = 0; operandIndex < node->numChildren(); ++operandIndex) 9527 speculate(node, m_ jit.graph().varArgChild(node, operandIndex));9527 speculate(node, m_graph.varArgChild(node, operandIndex)); 9528 9528 9529 9529 GPRTemporary result(this); … … 9541 9541 9542 9542 for (unsigned operandIndex = 0; operandIndex < node->numChildren(); ++operandIndex) { 9543 Edge use = m_ jit.graph().varArgChild(node, operandIndex);9543 Edge use = m_graph.varArgChild(node, operandIndex); 9544 9544 switch (node->indexingType()) { 9545 9545 case ALL_BLANK_INDEXING_TYPES: … … 9580 9580 flushRegisters(); 9581 9581 GPRFlushedCallResult result(this); 9582 callOperation(operationNewEmptyArray, result.gpr(), &vm(), structure);9582 callOperation(operationNewEmptyArray, result.gpr(), TrustedImmPtr(&vm()), structure); 9583 9583 m_jit.exceptionCheck(); 9584 9584 cellResult(result.gpr(), node); … … 9595 9595 // probably something hilarious going on and we're already failing at all the 9596 9596 // things, but at least we're going to be sound. 9597 Edge use = m_ jit.graph().m_varArgChildren[node->firstChild() + operandIdx];9597 Edge use = m_graph.m_varArgChildren[node->firstChild() + operandIdx]; 9598 9598 switch (node->indexingType()) { 9599 9599 case ALL_BLANK_INDEXING_TYPES: … … 9644 9644 9645 9645 callOperation( 9646 operationNewArray, resultGPR, TrustedImmPtr::weakPointer(m_graph, globalObject), m_ jit.graph().registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType())),9647 static_cast<void*>(buffer), size_t(node->numChildren()));9646 operationNewArray, resultGPR, TrustedImmPtr::weakPointer(m_graph, globalObject), m_graph.registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType())), 9647 TrustedImmPtr(buffer), size_t(node->numChildren())); 9648 9648 m_jit.exceptionCheck(); 9649 9649 … … 9654 9654 { 9655 9655 ASSERT(node->op() == NewArrayWithSpread); 9656 JSGlobalObject* globalObject = m_ jit.graph().globalObjectFor(node->origin.semantic);9656 JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic); 9657 9657 9658 9658 #if USE(JSVALUE64) 9659 if (m_ jit.graph().isWatchingHavingABadTimeWatchpoint(node)) {9659 if (m_graph.isWatchingHavingABadTimeWatchpoint(node)) { 9660 9660 GPRTemporary result(this); 9661 9661 GPRReg resultGPR = result.gpr(); … … 9664 9664 9665 9665 if (node->numChildren() == 1 && bitVector->get(0)) { 9666 Edge use = m_ jit.graph().varArgChild(node, 0);9666 Edge use = m_graph.varArgChild(node, 0); 9667 9667 SpeculateCellOperand immutableButterfly(this, use); 9668 9668 GPRTemporary result(this); … … 9677 9677 GPRReg scratch2GPR = scratch2.gpr(); 9678 9678 9679 RegisteredStructure structure = m_ jit.graph().registerStructure(globalObject->originalArrayStructureForIndexingType(CopyOnWriteArrayWithContiguous));9679 RegisteredStructure structure = m_graph.registerStructure(globalObject->originalArrayStructureForIndexingType(CopyOnWriteArrayWithContiguous)); 9680 9680 9681 9681 MacroAssembler::JumpList slowCases; … … 9686 9686 emitAllocateJSObject<JSArray>(resultGPR, TrustedImmPtr(structure), butterflyGPR, scratch1GPR, scratch2GPR, slowCases); 9687 9687 9688 addSlowPathGenerator(slowPathCall(slowCases, this, operationNewArrayBuffer, resultGPR, &vm(), structure, immutableButterflyGPR));9688 addSlowPathGenerator(slowPathCall(slowCases, this, operationNewArrayBuffer, resultGPR, TrustedImmPtr(&vm()), structure, immutableButterflyGPR)); 9689 9689 9690 9690 cellResult(resultGPR, node); … … 9705 9705 for (unsigned i = 0; i < node->numChildren(); ++i) { 9706 9706 if (bitVector->get(i)) { 9707 Edge use = m_ jit.graph().varArgChild(node, i);9707 Edge use = m_graph.varArgChild(node, i); 9708 9708 SpeculateCellOperand immutableButterfly(this, use); 9709 9709 GPRReg immutableButterflyGPR = immutableButterfly.gpr(); … … 9732 9732 9733 9733 for (unsigned i = 0; i < node->numChildren(); ++i) { 9734 Edge use = m_ jit.graph().varArgChild(node, i);9734 Edge use = m_graph.varArgChild(node, i); 9735 9735 if (bitVector->get(i)) { 9736 9736 SpeculateCellOperand immutableButterfly(this, use); … … 9780 9780 BitVector* bitVector = node->bitVector(); 9781 9781 for (unsigned i = 0; i < node->numChildren(); ++i) { 9782 Edge use = m_ jit.graph().m_varArgChildren[node->firstChild() + i];9782 Edge use = m_graph.m_varArgChildren[node->firstChild() + i]; 9783 9783 if (bitVector->get(i)) { 9784 9784 SpeculateCellOperand immutableButterfly(this, use); … … 9803 9803 GPRReg resultGPR = result.gpr(); 9804 9804 9805 callOperation(operationNewArrayWithSpreadSlow, resultGPR, TrustedImmPtr::weakPointer(m_graph, globalObject), buffer, node->numChildren());9805 callOperation(operationNewArrayWithSpreadSlow, resultGPR, TrustedImmPtr::weakPointer(m_graph, globalObject), TrustedImmPtr(buffer), node->numChildren()); 9806 9806 m_jit.exceptionCheck(); 9807 9807 … … 9876 9876 ASSERT(node->op() == ArraySlice); 9877 9877 9878 JSGlobalObject* globalObject = m_ jit.graph().globalObjectFor(node->origin.semantic);9878 JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic); 9879 9879 9880 9880 GPRTemporary temp(this); 9881 StorageOperand storage(this, m_ jit.graph().varArgChild(node, node->numChildren() - 1));9881 StorageOperand storage(this, m_graph.varArgChild(node, node->numChildren() - 1)); 9882 9882 GPRTemporary result(this); 9883 9883 … … 9895 9895 9896 9896 if (node->numChildren() == 4) 9897 emitPopulateSliceIndex(m_ jit.graph().varArgChild(node, 2), std::nullopt, lengthGPR, tempGPR);9897 emitPopulateSliceIndex(m_graph.varArgChild(node, 2), std::nullopt, lengthGPR, tempGPR); 9898 9898 else 9899 9899 m_jit.move(lengthGPR, tempGPR); 9900 9900 9901 if (m_ jit.graph().varArgChild(node, 1)->isInt32Constant() && m_jit.graph().varArgChild(node, 1)->asInt32() == 0) {9901 if (m_graph.varArgChild(node, 1)->isInt32Constant() && m_graph.varArgChild(node, 1)->asInt32() == 0) { 9902 9902 // Do nothing for array.slice(0, end) or array.slice(0) cases. 9903 9903 // `tempGPR` already points to the size of a newly created array. … … 9905 9905 GPRTemporary tempStartIndex(this); 9906 9906 GPRReg startGPR = tempStartIndex.gpr(); 9907 emitPopulateSliceIndex(m_ jit.graph().varArgChild(node, 1), std::nullopt, lengthGPR, startGPR);9907 emitPopulateSliceIndex(m_graph.varArgChild(node, 1), std::nullopt, lengthGPR, startGPR); 9908 9908 9909 9909 auto tooBig = m_jit.branch32(MacroAssembler::Above, startGPR, tempGPR); … … 9923 9923 // We need to keep the source array alive at least until after we're done 9924 9924 // with anything that can GC (e.g. allocating the result array below). 9925 SpeculateCellOperand cell(this, m_ jit.graph().varArgChild(node, 0));9925 SpeculateCellOperand cell(this, m_graph.varArgChild(node, 0)); 9926 9926 9927 9927 m_jit.load8(MacroAssembler::Address(cell.gpr(), JSCell::indexingTypeAndMiscOffset()), tempValue); … … 9949 9949 // with one of the following indexing shapes: Int32, Contiguous, Double. Therefore, 9950 9950 // we're a double array here. 9951 m_jit.move(TrustedImmPtr(m_ jit.graph().registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithDouble))), tempValue);9951 m_jit.move(TrustedImmPtr(m_graph.registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithDouble))), tempValue); 9952 9952 emitMoveEmptyValue(jsNaN()); 9953 9953 done.append(m_jit.jump()); 9954 9954 9955 9955 isContiguous.link(&m_jit); 9956 m_jit.move(TrustedImmPtr(m_ jit.graph().registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithContiguous))), tempValue);9956 m_jit.move(TrustedImmPtr(m_graph.registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithContiguous))), tempValue); 9957 9957 emitMoveEmptyValue(JSValue()); 9958 9958 done.append(m_jit.jump()); 9959 9959 9960 9960 isInt32.link(&m_jit); 9961 m_jit.move(TrustedImmPtr(m_ jit.graph().registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithInt32))), tempValue);9961 m_jit.move(TrustedImmPtr(m_graph.registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithInt32))), tempValue); 9962 9962 emitMoveEmptyValue(JSValue()); 9963 9963 … … 9995 9995 m_jit.load32(MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()), tempValue); 9996 9996 if (node->numChildren() == 4) 9997 emitPopulateSliceIndex(m_ jit.graph().varArgChild(node, 2), std::nullopt, tempValue, tempGPR);9997 emitPopulateSliceIndex(m_graph.varArgChild(node, 2), std::nullopt, tempValue, tempGPR); 9998 9998 else 9999 9999 m_jit.move(tempValue, tempGPR); 10000 emitPopulateSliceIndex(m_ jit.graph().varArgChild(node, 1), std::nullopt, tempValue, loadIndex);10000 emitPopulateSliceIndex(m_graph.varArgChild(node, 1), std::nullopt, tempValue, loadIndex); 10001 10001 } 10002 10002 … … 10041 10041 ASSERT(node->op() == ArrayIndexOf); 10042 10042 10043 StorageOperand storage(this, m_ jit.graph().varArgChild(node, node->numChildren() == 3 ? 2 : 3));10043 StorageOperand storage(this, m_graph.varArgChild(node, node->numChildren() == 3 ? 2 : 3)); 10044 10044 GPRTemporary index(this); 10045 10045 GPRTemporary tempLength(this); … … 10052 10052 10053 10053 if (node->numChildren() == 4) 10054 emitPopulateSliceIndex(m_ jit.graph().varArgChild(node, 2), std::nullopt, lengthGPR, indexGPR);10054 emitPopulateSliceIndex(m_graph.varArgChild(node, 2), std::nullopt, lengthGPR, indexGPR); 10055 10055 else 10056 10056 m_jit.move(TrustedImm32(0), indexGPR); 10057 10057 10058 Edge& searchElementEdge = m_ jit.graph().varArgChild(node, 1);10058 Edge& searchElementEdge = m_graph.varArgChild(node, 1); 10059 10059 switch (searchElementEdge.useKind()) { 10060 10060 case Int32Use: … … 10243 10243 ASSERT(node->arrayMode().isJSArray()); 10244 10244 10245 Edge& storageEdge = m_ jit.graph().varArgChild(node, 0);10246 Edge& arrayEdge = m_ jit.graph().varArgChild(node, 1);10245 Edge& storageEdge = m_graph.varArgChild(node, 0); 10246 Edge& arrayEdge = m_graph.varArgChild(node, 1); 10247 10247 10248 10248 SpeculateCellOperand base(this, arrayEdge); … … 10274 10274 case Array::Contiguous: { 10275 10275 if (elementCount == 1) { 10276 Edge& element = m_ jit.graph().varArgChild(node, elementOffset);10276 Edge& element = m_graph.varArgChild(node, elementOffset); 10277 10277 if (node->arrayMode().type() == Array::Int32) { 10278 10278 ASSERT(element.useKind() == Int32Use); … … 10298 10298 if (node->arrayMode().type() == Array::Int32) { 10299 10299 for (unsigned elementIndex = 0; elementIndex < elementCount; ++elementIndex) { 10300 Edge element = m_ jit.graph().varArgChild(node, elementIndex + elementOffset);10300 Edge element = m_graph.varArgChild(node, elementIndex + elementOffset); 10301 10301 ASSERT(element.useKind() == Int32Use); 10302 10302 speculateInt32(element); … … 10326 10326 storageDone.link(&m_jit); 10327 10327 for (unsigned elementIndex = 0; elementIndex < elementCount; ++elementIndex) { 10328 Edge& element = m_ jit.graph().varArgChild(node, elementIndex + elementOffset);10328 Edge& element = m_graph.varArgChild(node, elementIndex + elementOffset); 10329 10329 JSValueOperand value(this, element, ManualOperandSpeculation); // We did type checks above. 10330 10330 JSValueRegs valueRegs = value.jsValueRegs(); … … 10348 10348 case Array::Double: { 10349 10349 if (elementCount == 1) { 10350 Edge& element = m_ jit.graph().varArgChild(node, elementOffset);10350 Edge& element = m_graph.varArgChild(node, elementOffset); 10351 10351 speculate(node, element); 10352 10352 SpeculateDoubleOperand value(this, element); … … 10368 10368 10369 10369 for (unsigned elementIndex = 0; elementIndex < elementCount; ++elementIndex) { 10370 Edge element = m_ jit.graph().varArgChild(node, elementIndex + elementOffset);10370 Edge element = m_graph.varArgChild(node, elementIndex + elementOffset); 10371 10371 ASSERT(element.useKind() == DoubleRepRealUse); 10372 10372 speculate(node, element); … … 10395 10395 storageDone.link(&m_jit); 10396 10396 for (unsigned elementIndex = 0; elementIndex < elementCount; ++elementIndex) { 10397 Edge& element = m_ jit.graph().varArgChild(node, elementIndex + elementOffset);10397 Edge& element = m_graph.varArgChild(node, elementIndex + elementOffset); 10398 10398 SpeculateDoubleOperand value(this, element); 10399 10399 FPRReg valueFPR = value.fpr(); … … 10419 10419 int32_t largestPositiveInt32Length = 0x7fffffff - elementCount; 10420 10420 if (elementCount == 1) { 10421 Edge& element = m_ jit.graph().varArgChild(node, elementOffset);10421 Edge& element = m_graph.varArgChild(node, elementOffset); 10422 10422 JSValueOperand value(this, element); 10423 10423 JSValueRegs valueRegs = value.jsValueRegs(); … … 10471 10471 storageDone.link(&m_jit); 10472 10472 for (unsigned elementIndex = 0; elementIndex < elementCount; ++elementIndex) { 10473 Edge& element = m_ jit.graph().varArgChild(node, elementIndex + elementOffset);10473 Edge& element = m_graph.varArgChild(node, elementIndex + elementOffset); 10474 10474 JSValueOperand value(this, element); 10475 10475 JSValueRegs valueRegs = value.jsValueRegs(); … … 10507 10507 10508 10508 addSlowPathGenerator( 10509 slowPathCall(slowCase, this, operationNotifyWrite, NeedToSpill, ExceptionCheckRequirement::CheckNotNeeded, NoResult, &vm(), set));10509 slowPathCall(slowCase, this, operationNotifyWrite, NeedToSpill, ExceptionCheckRequirement::CheckNotNeeded, NoResult, TrustedImmPtr(&vm()), TrustedImmPtr(set))); 10510 10510 10511 10511 noResult(node); … … 10537 10537 void SpeculativeJIT::compileTypeOfIsObject(Node* node) 10538 10538 { 10539 JSGlobalObject* globalObject = m_ jit.graph().globalObjectFor(node->origin.semantic);10539 JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic); 10540 10540 10541 10541 JSValueOperand value(this, node->child1()); … … 10570 10570 addSlowPathGenerator( 10571 10571 slowPathCall( 10572 slowPath, this, operationTypeOfIsObject, resultGPR, globalObject,10572 slowPath, this, operationTypeOfIsObject, resultGPR, TrustedImmPtr::weakPointer(m_graph, globalObject), 10573 10573 valueRegs.payloadGPR())); 10574 10574 … … 10580 10580 void SpeculativeJIT::compileIsCallable(Node* node, S_JITOperation_GC slowPathOperation) 10581 10581 { 10582 JSGlobalObject* globalObject = m_ jit.graph().globalObjectFor(node->origin.semantic);10582 JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic); 10583 10583 10584 10584 JSValueOperand value(this, node->child1()); … … 10607 10607 addSlowPathGenerator( 10608 10608 slowPathCall( 10609 slowPath, this, slowPathOperation, resultGPR, globalObject,10609 slowPath, this, slowPathOperation, resultGPR, TrustedImmPtr::weakPointer(m_graph, globalObject), 10610 10610 valueRegs.payloadGPR())); 10611 10611 … … 10629 10629 void SpeculativeJIT::compileTypeOf(Node* node) 10630 10630 { 10631 JSGlobalObject* globalObject = m_ jit.graph().globalObjectFor(node->origin.semantic);10631 JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic); 10632 10632 10633 10633 JSValueOperand value(this, node->child1()); … … 10642 10642 valueRegs, resultGPR, 10643 10643 [&] (TypeofType type, bool fallsThrough) { 10644 m_jit.move(TrustedImmPtr::weakPointer(m_ jit.graph(), vm().smallStrings.typeString(type)), resultGPR);10644 m_jit.move(TrustedImmPtr::weakPointer(m_graph, vm().smallStrings.typeString(type)), resultGPR); 10645 10645 if (!fallsThrough) 10646 10646 done.append(m_jit.jump()); … … 10653 10653 addSlowPathGenerator( 10654 10654 slowPathCall( 10655 slowPath, this, operationTypeOfObject, resultGPR, globalObject,10655 slowPath, this, operationTypeOfObject, resultGPR, TrustedImmPtr::weakPointer(m_graph, globalObject), 10656 10656 valueRegs.payloadGPR())); 10657 10657 … … 10759 10759 10760 10760 default: 10761 DFG_CRASH(m_ jit.graph(), node, "Bad use kind");10761 DFG_CRASH(m_graph, node, "Bad use kind"); 10762 10762 return; 10763 10763 } … … 10781 10781 10782 10782 GPRFlushedCallResult result(this); 10783 callOperation(operationAllocateComplexPropertyStorageWithInitialCapacity, result.gpr(), &vm(), baseGPR);10783 callOperation(operationAllocateComplexPropertyStorageWithInitialCapacity, result.gpr(), TrustedImmPtr(&vm()), baseGPR); 10784 10784 m_jit.exceptionCheck(); 10785 10785 … … 10801 10801 10802 10802 addSlowPathGenerator( 10803 slowPathCall(slowPath, this, operationAllocateSimplePropertyStorageWithInitialCapacity, scratchGPR1, &vm()));10803 slowPathCall(slowPath, this, operationAllocateSimplePropertyStorageWithInitialCapacity, scratchGPR1, TrustedImmPtr(&vm()))); 10804 10804 10805 10805 for (ptrdiff_t offset = 0; offset < static_cast<ptrdiff_t>(size); offset += sizeof(void*)) … … 10825 10825 10826 10826 GPRFlushedCallResult result(this); 10827 callOperation(operationAllocateComplexPropertyStorage, result.gpr(), &vm(), baseGPR, newSize / sizeof(JSValue));10827 callOperation(operationAllocateComplexPropertyStorage, result.gpr(), TrustedImmPtr(&vm()), baseGPR, newSize / sizeof(JSValue)); 10828 10828 m_jit.exceptionCheck(); 10829 10829 … … 10848 10848 10849 10849 addSlowPathGenerator( 10850 slowPathCall(slowPath, this, operationAllocateSimplePropertyStorage, scratchGPR1, &vm(), newSize / sizeof(JSValue)));10850 slowPathCall(slowPath, this, operationAllocateSimplePropertyStorage, scratchGPR1, TrustedImmPtr(&vm()), newSize / sizeof(JSValue))); 10851 10851 10852 10852 for (ptrdiff_t offset = oldSize; offset < static_cast<ptrdiff_t>(newSize); offset += sizeof(void*)) … … 10940 10940 10941 10941 unsigned index = 0; 10942 m_ jit.graph().doToChildren(node, [&](Edge edge) {10942 m_graph.doToChildren(node, [&](Edge edge) { 10943 10943 if (!index) 10944 10944 appendCell(edge); … … 11003 11003 flushRegisters(); 11004 11004 if (Options::useJITCage()) 11005 m_jit.setupArguments<J_JITOperation_GJIP>(TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), CCallHelpers::CellValue(baseGPR), identifierUID(node->callDOMGetterData()->identifierNumber), getter.executableAddress());11005 m_jit.setupArguments<J_JITOperation_GJIP>(TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), CCallHelpers::CellValue(baseGPR), TrustedImmPtr(identifierUID(node->callDOMGetterData()->identifierNumber)), TrustedImmPtr(getter.executableAddress())); 11006 11006 else 11007 m_jit.setupArguments<J_JITOperation_GJI>(TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), CCallHelpers::CellValue(baseGPR), identifierUID(node->callDOMGetterData()->identifierNumber));11007 m_jit.setupArguments<J_JITOperation_GJI>(TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), CCallHelpers::CellValue(baseGPR), TrustedImmPtr(identifierUID(node->callDOMGetterData()->identifierNumber))); 11008 11008 11009 11009 m_jit.storePtr(GPRInfo::callFrameRegister, &vm().topCallFrame); … … 11050 11050 void SpeculativeJIT::compileCheckJSCast(Node* node) 11051 11051 { 11052 DFG_ASSERT(m_ jit.graph(), node, node->op() == CheckJSCast || node->op() == CheckNotJSCast);11052 DFG_ASSERT(m_graph, node, node->op() == CheckJSCast || node->op() == CheckNotJSCast); 11053 11053 const ClassInfo* classInfo = node->classInfo(); 11054 11054 if (classInfo->inheritsJSTypeRange) { … … 11077 11077 m_jit.emitLoadStructure(vm(), baseGPR, otherGPR); 11078 11078 m_jit.loadPtr(CCallHelpers::Address(otherGPR, Structure::classInfoOffset()), otherGPR); 11079 m_jit.move( CCallHelpers::TrustedImmPtr(node->classInfo()), specifiedGPR);11079 m_jit.move(TrustedImmPtr(node->classInfo()), specifiedGPR); 11080 11080 11081 11081 CCallHelpers::Label loop = m_jit.label(); … … 11439 11439 11440 11440 addSlowPathGenerator(slowPathCall( 11441 slowPath, this, operationNewStringObject, resultGPR, &vm(), operandGPR, node->structure()));11441 slowPath, this, operationNewStringObject, resultGPR, TrustedImmPtr(&vm()), operandGPR, node->structure())); 11442 11442 11443 11443 cellResult(resultGPR, node); … … 11450 11450 GPRFlushedCallResult result(this); 11451 11451 GPRReg resultGPR = result.gpr(); 11452 callOperation(operationNewSymbol, resultGPR, &vm());11452 callOperation(operationNewSymbol, resultGPR, TrustedImmPtr(&vm())); 11453 11453 m_jit.exceptionCheck(); 11454 11454 cellResult(resultGPR, node); … … 11483 11483 void SpeculativeJIT::compileNewTypedArrayWithSize(Node* node) 11484 11484 { 11485 JSGlobalObject* globalObject = m_ jit.graph().globalObjectFor(node->origin.semantic);11485 JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic); 11486 11486 auto typedArrayType = node->typedArrayType(); 11487 RegisteredStructure structure = m_ jit.graph().registerStructure(globalObject->typedArrayStructureConcurrently(typedArrayType));11487 RegisteredStructure structure = m_graph.registerStructure(globalObject->typedArrayStructureConcurrently(typedArrayType)); 11488 11488 RELEASE_ASSERT(structure.get()); 11489 11489 … … 11620 11620 JITCompiler::JumpList slowPath; 11621 11621 11622 auto structure = m_ jit.graph().registerStructure(m_jit.graph().globalObjectFor(node->origin.semantic)->regExpStructure());11622 auto structure = m_graph.registerStructure(m_graph.globalObjectFor(node->origin.semantic)->regExpStructure()); 11623 11623 auto butterfly = TrustedImmPtr(nullptr); 11624 11624 emitAllocateJSObject<RegExpObject>(resultGPR, TrustedImmPtr(structure), butterfly, scratch1GPR, scratch2GPR, slowPath); … … 11630 11630 m_jit.mutatorFence(vm()); 11631 11631 11632 addSlowPathGenerator(slowPathCall(slowPath, this, operationNewRegexpWithLastIndex, resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), regexp, lastIndexRegs));11632 addSlowPathGenerator(slowPathCall(slowPath, this, operationNewRegexpWithLastIndex, resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), TrustedImmPtr::weakPointer(m_graph, regexp), lastIndexRegs)); 11633 11633 11634 11634 cellResult(resultGPR, node); … … 12493 12493 SwitchData* data, GPRReg value, GPRReg scratch) 12494 12494 { 12495 const UnlinkedSimpleJumpTable& unlinkedTable = m_ jit.graph().unlinkedSwitchJumpTable(data->switchTableIndex);12496 SimpleJumpTable& linkedTable = m_ jit.graph().switchJumpTable(data->switchTableIndex);12495 const UnlinkedSimpleJumpTable& unlinkedTable = m_graph.unlinkedSwitchJumpTable(data->switchTableIndex); 12496 SimpleJumpTable& linkedTable = m_graph.switchJumpTable(data->switchTableIndex); 12497 12497 linkedTable.ensureCTITable(unlinkedTable); 12498 12498 m_jit.sub32(Imm32(unlinkedTable.m_min), value); … … 12535 12535 addBranch(m_jit.branchIfNotNumber(valueRegs, scratch), data->fallThrough.block); 12536 12536 12537 const UnlinkedSimpleJumpTable& unlinkedTable = m_ jit.graph().unlinkedSwitchJumpTable(data->switchTableIndex);12537 const UnlinkedSimpleJumpTable& unlinkedTable = m_graph.unlinkedSwitchJumpTable(data->switchTableIndex); 12538 12538 silentSpillAllRegisters(scratch); 12539 callOperation(operationFindSwitchImmTargetForDouble, scratch, &vm(), valueRegs, data->switchTableIndex, unlinkedTable.m_min);12539 callOperation(operationFindSwitchImmTargetForDouble, scratch, TrustedImmPtr(&vm()), valueRegs, data->switchTableIndex, unlinkedTable.m_min); 12540 12540 silentFillAllRegisters(); 12541 12541 … … 12777 12777 12778 12778 const UnlinkedStringJumpTable& unlinkedTable = m_graph.unlinkedStringSwitchJumpTable(data->switchTableIndex); 12779 StringJumpTable& linkedTable = m_ jit.graph().stringSwitchJumpTable(data->switchTableIndex);12779 StringJumpTable& linkedTable = m_graph.stringSwitchJumpTable(data->switchTableIndex); 12780 12780 linkedTable.ensureCTITable(unlinkedTable); 12781 12781 … … 12798 12798 if (!canDoBinarySwitch || totalLength > Options::maximumBinaryStringSwitchTotalLength()) { 12799 12799 flushRegisters(); 12800 callOperation(operationSwitchString, string, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), static_cast<size_t>(data->switchTableIndex), &unlinkedTable, string);12800 callOperation(operationSwitchString, string, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), static_cast<size_t>(data->switchTableIndex), TrustedImmPtr(&unlinkedTable), string); 12801 12801 m_jit.exceptionCheck(); 12802 12802 m_jit.farJump(string, JSSwitchPtrTag); … … 12835 12835 slowCases.link(&m_jit); 12836 12836 silentSpillAllRegisters(string); 12837 callOperation(operationSwitchString, string, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), static_cast<size_t>(data->switchTableIndex), &unlinkedTable, string);12837 callOperation(operationSwitchString, string, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), static_cast<size_t>(data->switchTableIndex), TrustedImmPtr(&unlinkedTable), string); 12838 12838 silentFillAllRegisters(); 12839 12839 m_jit.exceptionCheck(); … … 12922 12922 } 12923 12923 case SwitchCell: { 12924 DFG_CRASH(m_ jit.graph(), node, "Bad switch kind");12924 DFG_CRASH(m_graph, node, "Bad switch kind"); 12925 12925 return; 12926 12926 } } … … 12965 12965 12966 12966 silentSpillAllRegisters(InvalidGPRReg); 12967 callOperation(operationWriteBarrierSlowPath, &vm(), baseGPR);12967 callOperation(operationWriteBarrierSlowPath, TrustedImmPtr(&vm()), baseGPR); 12968 12968 silentFillAllRegisters(); 12969 12969 … … 12982 12982 12983 12983 flushRegisters(); 12984 callOperation(node->op() == PutGetterById ? operationPutGetterById : operationPutSetterById, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), baseGPR, identifierUID(node->identifierNumber()), node->accessorAttributes(), accessorGPR);12984 callOperation(node->op() == PutGetterById ? operationPutGetterById : operationPutSetterById, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), baseGPR, TrustedImmPtr(identifierUID(node->identifierNumber())), node->accessorAttributes(), accessorGPR); 12985 12985 m_jit.exceptionCheck(); 12986 12986 … … 13000 13000 13001 13001 flushRegisters(); 13002 callOperation(operationPutGetterSetter, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), baseGPR, identifierUID(node->identifierNumber()), node->accessorAttributes(), getterGPR, setterGPR);13002 callOperation(operationPutGetterSetter, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), baseGPR, TrustedImmPtr(identifierUID(node->identifierNumber())), node->accessorAttributes(), getterGPR, setterGPR); 13003 13003 #else 13004 13004 // These JSValues may be JSUndefined OR JSFunction*. … … 13012 13012 13013 13013 flushRegisters(); 13014 callOperation(operationPutGetterSetter, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), baseGPR, identifierUID(node->identifierNumber()), node->accessorAttributes(), getterRegs.payloadGPR(), setterRegs.payloadGPR());13014 callOperation(operationPutGetterSetter, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), baseGPR, TrustedImmPtr(identifierUID(node->identifierNumber())), node->accessorAttributes(), getterRegs.payloadGPR(), setterRegs.payloadGPR()); 13015 13015 #endif 13016 13016 m_jit.exceptionCheck(); … … 13026 13026 GPRReg resultGPR = result.gpr(); 13027 13027 flushRegisters(); 13028 callOperation(operationResolveScope, resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), scopeGPR, identifierUID(node->identifierNumber()));13028 callOperation(operationResolveScope, resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), scopeGPR, TrustedImmPtr(identifierUID(node->identifierNumber()))); 13029 13029 m_jit.exceptionCheck(); 13030 13030 cellResult(resultGPR, node); … … 13038 13038 JSValueRegsFlushedCallResult result(this); 13039 13039 JSValueRegs resultRegs = result.regs(); 13040 callOperation(operationResolveScopeForHoistingFuncDeclInEval, resultRegs, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), scopeGPR, identifierUID(node->identifierNumber()));13040 callOperation(operationResolveScopeForHoistingFuncDeclInEval, resultRegs, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), scopeGPR, TrustedImmPtr(identifierUID(node->identifierNumber()))); 13041 13041 m_jit.exceptionCheck(); 13042 13042 jsValueResult(resultRegs, node); … … 13066 13066 JSValueRegsFlushedCallResult result(this); 13067 13067 JSValueRegs resultRegs = result.regs(); 13068 callOperation(operationGetDynamicVar, resultRegs, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), scopeGPR, identifierUID(node->identifierNumber()), node->getPutInfo());13068 callOperation(operationGetDynamicVar, resultRegs, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), scopeGPR, TrustedImmPtr(identifierUID(node->identifierNumber())), node->getPutInfo()); 13069 13069 m_jit.exceptionCheck(); 13070 13070 jsValueResult(resultRegs, node); … … 13080 13080 13081 13081 flushRegisters(); 13082 callOperation(node->ecmaMode().isStrict() ? operationPutDynamicVarStrict : operationPutDynamicVarNonStrict, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), scopeGPR, valueRegs, identifierUID(node->identifierNumber()), node->getPutInfo());13082 callOperation(node->ecmaMode().isStrict() ? operationPutDynamicVarStrict : operationPutDynamicVarNonStrict, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), scopeGPR, valueRegs, TrustedImmPtr(identifierUID(node->identifierNumber())), node->getPutInfo()); 13083 13083 m_jit.exceptionCheck(); 13084 13084 noResult(node); … … 13446 13446 { 13447 13447 RegisteredStructure structure = node->structureSet().at(0); 13448 ASSERT(m_ jit.graph().varArgChild(node, 0)->dynamicCastConstant<Structure*>(vm()) == structure.get());13448 ASSERT(m_graph.varArgChild(node, 0)->dynamicCastConstant<Structure*>(vm()) == structure.get()); 13449 13449 13450 13450 ObjectMaterializationData& data = node->objectMaterializationData(); … … 13457 13457 if (hasIndexingHeader) { 13458 13458 for (unsigned i = data.m_properties.size(); i--;) { 13459 Edge edge = m_ jit.graph().varArgChild(node, 1 + i);13459 Edge edge = m_graph.varArgChild(node, 1 + i); 13460 13460 switch (data.m_properties[i].kind()) { 13461 13461 case PublicLengthPLoc: … … 13485 13485 13486 13486 for (unsigned i = data.m_properties.size(); i--;) { 13487 Edge edge = m_ jit.graph().varArgChild(node, 1 + i);13487 Edge edge = m_graph.varArgChild(node, 1 + i); 13488 13488 PromotedLocationDescriptor descriptor = data.m_properties[i]; 13489 13489 switch (descriptor.kind()) { … … 13497 13497 13498 13498 case NamedPropertyPLoc: { 13499 StringImpl* uid = m_ jit.graph().identifiers()[descriptor.info()];13499 StringImpl* uid = m_graph.identifiers()[descriptor.info()]; 13500 13500 for (PropertyMapEntry entry : structure->getPropertiesConcurrently()) { 13501 13501 if (uid != entry.key) … … 13521 13521 void SpeculativeJIT::compileRecordRegExpCachedResult(Node* node) 13522 13522 { 13523 Edge globalObjectEdge = m_ jit.graph().varArgChild(node, 0);13524 Edge regExpEdge = m_ jit.graph().varArgChild(node, 1);13525 Edge stringEdge = m_ jit.graph().varArgChild(node, 2);13526 Edge startEdge = m_ jit.graph().varArgChild(node, 3);13527 Edge endEdge = m_ jit.graph().varArgChild(node, 4);13523 Edge globalObjectEdge = m_graph.varArgChild(node, 0); 13524 Edge regExpEdge = m_graph.varArgChild(node, 1); 13525 Edge stringEdge = m_graph.varArgChild(node, 2); 13526 Edge startEdge = m_graph.varArgChild(node, 3); 13527 Edge endEdge = m_graph.varArgChild(node, 4); 13528 13528 13529 13529 SpeculateCellOperand globalObject(this, globalObjectEdge); … … 13572 13572 #endif 13573 13573 13574 SpeculateCellOperand base(this, m_ jit.graph().varArgChild(node, 0));13574 SpeculateCellOperand base(this, m_graph.varArgChild(node, 0)); 13575 13575 GPRReg baseGPR = base.gpr(); 13576 13576 13577 JSValueOperand value(this, m_ jit.graph().varArgChild(node, 2));13577 JSValueOperand value(this, m_graph.varArgChild(node, 2)); 13578 13578 JSValueRegs valueRegs = value.jsValueRegs(); 13579 13579 13580 SpeculateInt32Operand attributes(this, m_ jit.graph().varArgChild(node, 3));13580 SpeculateInt32Operand attributes(this, m_graph.varArgChild(node, 3)); 13581 13581 GPRReg attributesGPR = attributes.gpr(); 13582 13582 13583 Edge& propertyEdge = m_ jit.graph().varArgChild(node, 1);13583 Edge& propertyEdge = m_graph.varArgChild(node, 1); 13584 13584 switch (propertyEdge.useKind()) { 13585 13585 case StringUse: { … … 13650 13650 #endif 13651 13651 13652 SpeculateCellOperand base(this, m_ jit.graph().varArgChild(node, 0));13652 SpeculateCellOperand base(this, m_graph.varArgChild(node, 0)); 13653 13653 GPRReg baseGPR = base.gpr(); 13654 13654 13655 SpeculateCellOperand getter(this, m_ jit.graph().varArgChild(node, 2));13655 SpeculateCellOperand getter(this, m_graph.varArgChild(node, 2)); 13656 13656 GPRReg getterGPR = getter.gpr(); 13657 13657 13658 SpeculateCellOperand setter(this, m_ jit.graph().varArgChild(node, 3));13658 SpeculateCellOperand setter(this, m_graph.varArgChild(node, 3)); 13659 13659 GPRReg setterGPR = setter.gpr(); 13660 13660 13661 SpeculateInt32Operand attributes(this, m_ jit.graph().varArgChild(node, 4));13661 SpeculateInt32Operand attributes(this, m_graph.varArgChild(node, 4)); 13662 13662 GPRReg attributesGPR = attributes.gpr(); 13663 13663 13664 Edge& propertyEdge = m_ jit.graph().varArgChild(node, 1);13664 Edge& propertyEdge = m_graph.varArgChild(node, 1); 13665 13665 switch (propertyEdge.useKind()) { 13666 13666 case StringUse: { … … 13788 13788 passThroughCases.link(&m_jit); 13789 13789 m_jit.moveValueRegs(keyRegs, resultRegs); 13790 addSlowPathGenerator(slowPathCall(slowPath, this, operationNormalizeMapKeyHeapBigInt, NeedToSpill, ExceptionCheckRequirement::CheckNotNeeded, resultRegs, &vm(), keyRegs.payloadGPR()));13790 addSlowPathGenerator(slowPathCall(slowPath, this, operationNormalizeMapKeyHeapBigInt, NeedToSpill, ExceptionCheckRequirement::CheckNotNeeded, resultRegs, TrustedImmPtr(&vm()), keyRegs.payloadGPR())); 13791 13791 13792 13792 doneCases.link(&m_jit); … … 13844 13844 sentinel = vm().sentinelSetBucket(); 13845 13845 } 13846 m_jit.move(TrustedImmPtr::weakPointer(m_ jit.graph(), sentinel), resultGPR);13846 m_jit.move(TrustedImmPtr::weakPointer(m_graph, sentinel), resultGPR); 13847 13847 done.link(&m_jit); 13848 13848 … … 14499 14499 void SpeculativeJIT::compileNewArrayBuffer(Node* node) 14500 14500 { 14501 JSGlobalObject* globalObject = m_ jit.graph().globalObjectFor(node->origin.semantic);14501 JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic); 14502 14502 auto* array = node->castOperand<JSImmutableButterfly*>(); 14503 14503 14504 14504 IndexingType indexingMode = node->indexingMode(); 14505 RegisteredStructure structure = m_ jit.graph().registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(indexingMode));14505 RegisteredStructure structure = m_graph.registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(indexingMode)); 14506 14506 14507 14507 if (!globalObject->isHavingABadTime() && !hasAnyArrayStorage(indexingMode)) { … … 14518 14518 emitAllocateJSObject<JSArray>(resultGPR, TrustedImmPtr(structure), TrustedImmPtr(array->toButterfly()), scratch1GPR, scratch2GPR, slowCases); 14519 14519 14520 addSlowPathGenerator(slowPathCall(slowCases, this, operationNewArrayBuffer, result.gpr(), &vm(), structure, array));14521 14522 DFG_ASSERT(m_ jit.graph(), node, indexingMode & IsArray, indexingMode);14520 addSlowPathGenerator(slowPathCall(slowCases, this, operationNewArrayBuffer, result.gpr(), TrustedImmPtr(&vm()), structure, TrustedImmPtr::weakPointer(m_graph, array))); 14521 14522 DFG_ASSERT(m_graph, node, indexingMode & IsArray, indexingMode); 14523 14523 cellResult(resultGPR, node); 14524 14524 return; … … 14528 14528 GPRFlushedCallResult result(this); 14529 14529 14530 callOperation(operationNewArrayBuffer, result.gpr(), &vm(), structure, TrustedImmPtr(node->cellOperand()));14530 callOperation(operationNewArrayBuffer, result.gpr(), TrustedImmPtr(&vm()), structure, TrustedImmPtr(node->cellOperand())); 14531 14531 m_jit.exceptionCheck(); 14532 14532 … … 14536 14536 void SpeculativeJIT::compileNewArrayWithSize(Node* node) 14537 14537 { 14538 JSGlobalObject* globalObject = m_ jit.graph().globalObjectFor(node->origin.semantic);14538 JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic); 14539 14539 if (!globalObject->isHavingABadTime() && !hasAnyArrayStorage(node->indexingType())) { 14540 14540 SpeculateStrictInt32Operand size(this, node->child1()); … … 14556 14556 GPRReg structureGPR = AssemblyHelpers::selectScratchGPR(sizeGPR); 14557 14557 MacroAssembler::Jump bigLength = m_jit.branch32(MacroAssembler::AboveOrEqual, sizeGPR, TrustedImm32(MIN_ARRAY_STORAGE_CONSTRUCTION_LENGTH)); 14558 m_jit.move(TrustedImmPtr(m_ jit.graph().registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()))), structureGPR);14558 m_jit.move(TrustedImmPtr(m_graph.registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()))), structureGPR); 14559 14559 MacroAssembler::Jump done = m_jit.jump(); 14560 14560 bigLength.link(&m_jit); 14561 m_jit.move(TrustedImmPtr(m_ jit.graph().registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage))), structureGPR);14561 m_jit.move(TrustedImmPtr(m_graph.registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage))), structureGPR); 14562 14562 done.link(&m_jit); 14563 14563 callOperation(operationNewArrayWithSize, resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), structureGPR, sizeGPR, nullptr); … … 14586 14586 GPRReg resultGPR = result.gpr(); 14587 14587 14588 JSGlobalObject* globalObject = m_ jit.graph().globalObjectFor(node->origin.semantic);14588 JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic); 14589 14589 callOperation( 14590 14590 operationNewTypedArrayWithOneArgumentForType(node->typedArrayType()), 14591 resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), m_ jit.graph().registerStructure(globalObject->typedArrayStructureConcurrently(node->typedArrayType())), argumentRegs);14591 resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), m_graph.registerStructure(globalObject->typedArrayStructureConcurrently(node->typedArrayType())), argumentRegs); 14592 14592 m_jit.exceptionCheck(); 14593 14593 … … 14664 14664 MacroAssembler::JumpList slowButArrayBufferCases; 14665 14665 14666 JSGlobalObject* globalObject = m_ jit.graph().globalObjectFor(node->origin.semantic);14667 RegisteredStructure arrayStructure = m_ jit.graph().registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(CopyOnWriteArrayWithContiguous));14666 JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic); 14667 RegisteredStructure arrayStructure = m_graph.registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(CopyOnWriteArrayWithContiguous)); 14668 14668 14669 14669 m_jit.move(scratchGPR, scratch3GPR); … … 14672 14672 emitAllocateJSObject<JSArray>(resultGPR, TrustedImmPtr(arrayStructure), scratchGPR, structureGPR, scratch2GPR, slowButArrayBufferCases); 14673 14673 14674 addSlowPathGenerator(slowPathCall(slowButArrayBufferCases, this, operationNewArrayBuffer, resultGPR, &vm(), arrayStructure, scratch3GPR));14674 addSlowPathGenerator(slowPathCall(slowButArrayBufferCases, this, operationNewArrayBuffer, resultGPR, TrustedImmPtr(&vm()), arrayStructure, scratch3GPR)); 14675 14675 14676 14676 addSlowPathGenerator(slowPathCall(slowCases, this, node->op() == ObjectKeys ? operationObjectKeysObject : operationObjectGetOwnPropertyNamesObject, resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), objectGPR)); … … 14751 14751 } 14752 14752 default: 14753 DFG_CRASH(m_ jit.graph(), node, "Bad use kind");14753 DFG_CRASH(m_graph, node, "Bad use kind"); 14754 14754 return; 14755 14755 } … … 14860 14860 GPRReg rareDataGPR = structureGPR; 14861 14861 14862 m_jit.move(TrustedImmPtr(m_ jit.graph().registerStructure(node->isInternalPromise() ? globalObject->internalPromiseStructure() : globalObject->promiseStructure())), structureGPR);14863 auto fastPromisePath = m_jit.branchPtr(CCallHelpers::Equal, calleeGPR, TrustedImmPtr::weakPointer(m_ jit.graph(), node->isInternalPromise() ? globalObject->internalPromiseConstructor() : globalObject->promiseConstructor()));14862 m_jit.move(TrustedImmPtr(m_graph.registerStructure(node->isInternalPromise() ? globalObject->internalPromiseStructure() : globalObject->promiseStructure())), structureGPR); 14863 auto fastPromisePath = m_jit.branchPtr(CCallHelpers::Equal, calleeGPR, TrustedImmPtr::weakPointer(m_graph, node->isInternalPromise() ? globalObject->internalPromiseConstructor() : globalObject->promiseConstructor())); 14864 14864 14865 14865 MacroAssembler::JumpList slowCases; … … 14873 14873 m_jit.move(TrustedImmPtr(node->isInternalPromise() ? JSInternalPromise::info() : JSPromise::info()), scratch1GPR); 14874 14874 slowCases.append(m_jit.branchPtr(CCallHelpers::NotEqual, scratch1GPR, CCallHelpers::Address(structureGPR, Structure::classInfoOffset()))); 14875 m_jit.move(TrustedImmPtr::weakPointer(m_ jit.graph(), globalObject), scratch1GPR);14875 m_jit.move(TrustedImmPtr::weakPointer(m_graph, globalObject), scratch1GPR); 14876 14876 slowCases.append(m_jit.branchPtr(CCallHelpers::NotEqual, scratch1GPR, CCallHelpers::Address(structureGPR, Structure::globalObjectOffset()))); 14877 14877 … … 14884 14884 m_jit.storeTrustedValue(jsNumber(static_cast<unsigned>(JSPromise::Status::Pending)), CCallHelpers::Address(resultGPR, JSInternalFieldObjectImpl<>::offsetOfInternalField(static_cast<unsigned>(JSPromise::Field::Flags)))); 14885 14885 m_jit.storeTrustedValue(jsUndefined(), CCallHelpers::Address(resultGPR, JSInternalFieldObjectImpl<>::offsetOfInternalField(static_cast<unsigned>(JSPromise::Field::ReactionsOrResult)))); 14886 m_jit.mutatorFence( m_jit.vm());14887 14888 addSlowPathGenerator(slowPathCall(slowCases, this, node->isInternalPromise() ? operationCreateInternalPromise : operationCreatePromise, resultGPR, TrustedImmPtr::weakPointer(m_ jit.graph(), globalObject), calleeGPR));14886 m_jit.mutatorFence(vm()); 14887 14888 addSlowPathGenerator(slowPathCall(slowCases, this, node->isInternalPromise() ? operationCreateInternalPromise : operationCreatePromise, resultGPR, TrustedImmPtr::weakPointer(m_graph, globalObject), calleeGPR)); 14889 14889 14890 14890 cellResult(resultGPR, node); … … 14922 14922 m_jit.move(TrustedImmPtr(JSClass::info()), scratch1GPR); 14923 14923 slowCases.append(m_jit.branchPtr(CCallHelpers::NotEqual, scratch1GPR, CCallHelpers::Address(structureGPR, Structure::classInfoOffset()))); 14924 m_jit.move(TrustedImmPtr::weakPointer(m_ jit.graph(), globalObject), scratch1GPR);14924 m_jit.move(TrustedImmPtr::weakPointer(m_graph, globalObject), scratch1GPR); 14925 14925 slowCases.append(m_jit.branchPtr(CCallHelpers::NotEqual, scratch1GPR, CCallHelpers::Address(structureGPR, Structure::globalObjectOffset()))); 14926 14926 … … 14931 14931 for (unsigned index = 0; index < initialValues.size(); ++index) 14932 14932 m_jit.storeTrustedValue(initialValues[index], CCallHelpers::Address(resultGPR, JSInternalFieldObjectImpl<>::offsetOfInternalField(index))); 14933 m_jit.mutatorFence( m_jit.vm());14934 14935 addSlowPathGenerator(slowPathCall(slowCases, this, operation, resultGPR, TrustedImmPtr::weakPointer(m_ jit.graph(), globalObject), calleeGPR));14933 m_jit.mutatorFence(vm()); 14934 14935 addSlowPathGenerator(slowPathCall(slowCases, this, operation, resultGPR, TrustedImmPtr::weakPointer(m_graph, globalObject), calleeGPR)); 14936 14936 14937 14937 cellResult(resultGPR, node); … … 14972 14972 } 14973 14973 14974 addSlowPathGenerator(slowPathCall(slowPath, this, operationNewObject, resultGPR, &vm(), structure));14974 addSlowPathGenerator(slowPathCall(slowPath, this, operationNewObject, resultGPR, TrustedImmPtr(&vm()), structure)); 14975 14975 14976 14976 cellResult(resultGPR, node); … … 14997 14997 for (unsigned index = 0; index < initialValues.size(); ++index) 14998 14998 m_jit.storeTrustedValue(initialValues[index], CCallHelpers::Address(resultGPR, JSInternalFieldObjectImpl<>::offsetOfInternalField(index))); 14999 m_jit.mutatorFence( m_jit.vm());15000 15001 addSlowPathGenerator(slowPathCall(slowCases, this, operation, resultGPR, &vm(), TrustedImmPtr(structure)));14999 m_jit.mutatorFence(vm()); 15000 15001 addSlowPathGenerator(slowPathCall(slowCases, this, operation, resultGPR, TrustedImmPtr(&vm()), TrustedImmPtr(structure))); 15002 15002 15003 15003 cellResult(resultGPR, node); … … 15042 15042 void SpeculativeJIT::compileToPrimitive(Node* node) 15043 15043 { 15044 DFG_ASSERT(m_ jit.graph(), node, node->child1().useKind() == UntypedUse, node->child1().useKind());15044 DFG_ASSERT(m_graph, node, node->child1().useKind() == UntypedUse, node->child1().useKind()); 15045 15045 JSValueOperand argument(this, node->child1()); 15046 15046 JSValueRegsTemporary result(this, Reuse, argument); … … 15064 15064 void SpeculativeJIT::compileToPropertyKey(Node* node) 15065 15065 { 15066 DFG_ASSERT(m_ jit.graph(), node, node->child1().useKind() == UntypedUse, node->child1().useKind());15066 DFG_ASSERT(m_graph, node, node->child1().useKind() == UntypedUse, node->child1().useKind()); 15067 15067 JSValueOperand argument(this, node->child1()); 15068 15068 JSValueRegsTemporary result(this, Reuse, argument); … … 15088 15088 void SpeculativeJIT::compileToNumeric(Node* node) 15089 15089 { 15090 DFG_ASSERT(m_ jit.graph(), node, node->child1().useKind() == UntypedUse, node->child1().useKind());15090 DFG_ASSERT(m_graph, node, node->child1().useKind() == UntypedUse, node->child1().useKind()); 15091 15091 JSValueOperand argument(this, node->child1()); 15092 15092 JSValueRegsTemporary result(this); … … 15132 15132 #endif 15133 15133 15134 DFG_ASSERT(m_ jit.graph(), node, node->child1().useKind() == UntypedUse, node->child1().useKind());15134 DFG_ASSERT(m_graph, node, node->child1().useKind() == UntypedUse, node->child1().useKind()); 15135 15135 JSValueOperand argument(this, node->child1()); 15136 15136 JSValueRegsTemporary result(this); … … 15193 15193 GPRReg scopeReg = scope.gpr(); 15194 15194 15195 m_jit.logShadowChickenTailPacket(shadowPacketReg, thisRegs, scopeReg, CCallHelpers::TrustedImmPtr(m_jit.codeBlock()), callSiteIndex); 15195 m_jit.emitGetFromCallFrameHeaderPtr(CallFrameSlot::codeBlock, scratch1Reg); 15196 m_jit.logShadowChickenTailPacket(shadowPacketReg, thisRegs, scopeReg, scratch1Reg, callSiteIndex); 15196 15197 noResult(node); 15197 15198 } … … 15219 15220 void SpeculativeJIT::compileMapSet(Node* node) 15220 15221 { 15221 SpeculateCellOperand map(this, m_ jit.graph().varArgChild(node, 0));15222 JSValueOperand key(this, m_ jit.graph().varArgChild(node, 1));15223 JSValueOperand value(this, m_ jit.graph().varArgChild(node, 2));15224 SpeculateInt32Operand hash(this, m_ jit.graph().varArgChild(node, 3));15222 SpeculateCellOperand map(this, m_graph.varArgChild(node, 0)); 15223 JSValueOperand key(this, m_graph.varArgChild(node, 1)); 15224 JSValueOperand value(this, m_graph.varArgChild(node, 2)); 15225 SpeculateInt32Operand hash(this, m_graph.varArgChild(node, 3)); 15225 15226 15226 15227 GPRReg mapGPR = map.gpr(); … … 15229 15230 GPRReg hashGPR = hash.gpr(); 15230 15231 15231 speculateMapObject(m_ jit.graph().varArgChild(node, 0), mapGPR);15232 speculateMapObject(m_graph.varArgChild(node, 0), mapGPR); 15232 15233 15233 15234 flushRegisters(); … … 15351 15352 15352 15353 flushRegisters(); 15353 callOperation(operationWeakSetAdd, &vm(), setGPR, keyGPR, hashGPR);15354 callOperation(operationWeakSetAdd, TrustedImmPtr(&vm()), setGPR, keyGPR, hashGPR); 15354 15355 m_jit.exceptionCheck(); 15355 15356 noResult(node); … … 15358 15359 void SpeculativeJIT::compileWeakMapSet(Node* node) 15359 15360 { 15360 SpeculateCellOperand map(this, m_ jit.graph().varArgChild(node, 0));15361 SpeculateCellOperand key(this, m_ jit.graph().varArgChild(node, 1));15362 JSValueOperand value(this, m_ jit.graph().varArgChild(node, 2));15363 SpeculateInt32Operand hash(this, m_ jit.graph().varArgChild(node, 3));15361 SpeculateCellOperand map(this, m_graph.varArgChild(node, 0)); 15362 SpeculateCellOperand key(this, m_graph.varArgChild(node, 1)); 15363 JSValueOperand value(this, m_graph.varArgChild(node, 2)); 15364 SpeculateInt32Operand hash(this, m_graph.varArgChild(node, 3)); 15364 15365 15365 15366 GPRReg mapGPR = map.gpr(); … … 15368 15369 GPRReg hashGPR = hash.gpr(); 15369 15370 15370 speculateWeakMapObject(m_ jit.graph().varArgChild(node, 0), mapGPR);15371 speculateObject(m_ jit.graph().varArgChild(node, 1), keyGPR);15371 speculateWeakMapObject(m_graph.varArgChild(node, 0), mapGPR); 15372 speculateObject(m_graph.varArgChild(node, 1), keyGPR); 15372 15373 15373 15374 flushRegisters(); 15374 callOperation(operationWeakMapSet, &vm(), mapGPR, keyGPR, valueRegs, hashGPR);15375 callOperation(operationWeakMapSet, TrustedImmPtr(&vm()), mapGPR, keyGPR, valueRegs, hashGPR); 15375 15376 m_jit.exceptionCheck(); 15376 15377 noResult(node); … … 15589 15590 emitInitializeButterfly(storageGPR, sizeGPR, emptyValueRegs, resultGPR); 15590 15591 15591 RegisteredStructure structure = m_ jit.graph().registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(indexingType));15592 RegisteredStructure structure = m_graph.registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(indexingType)); 15592 15593 15593 15594 emitAllocateJSObject<JSArray>(resultGPR, TrustedImmPtr(structure), storageGPR, scratchGPR, scratch2GPR, slowCases); … … 15599 15600 TrustedImmPtr::weakPointer(m_graph, globalObject), 15600 15601 structure, 15601 shouldConvertLargeSizeToArrayStorage ? m_ jit.graph().registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage)) : structure,15602 shouldConvertLargeSizeToArrayStorage ? m_graph.registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage)) : structure, 15602 15603 sizeGPR, storageGPR)); 15603 15604 } … … 15859 15860 } else { 15860 15861 slowPath = slowPathCall( 15861 slowCases, this, gen.slowPathFunction(), NoResult, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), gen.stubInfo(), valueRegs,15862 slowCases, this, gen.slowPathFunction(), NoResult, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), TrustedImmPtr(gen.stubInfo()), valueRegs, 15862 15863 CCallHelpers::CellValue(baseGPR), identifier.rawBits()); 15863 15864 } … … 16060 16061 CCallHelpers::JumpList slowPath; 16061 16062 Allocator allocatorValue = allocatorForConcurrently<JSRopeString>(vm(), sizeof(JSRopeString), AllocatorForMode::AllocatorIfExists); 16062 emitAllocateJSCell(resultGPR, JITAllocator::constant(allocatorValue), allocatorGPR, TrustedImmPtr(m_ jit.graph().registerStructure(vm().stringStructure.get())), scratchGPR, slowPath);16063 emitAllocateJSCell(resultGPR, JITAllocator::constant(allocatorValue), allocatorGPR, TrustedImmPtr(m_graph.registerStructure(vm().stringStructure.get())), scratchGPR, slowPath); 16063 16064 16064 16065 // This puts nullptr for the first fiber. It makes visitChildren safe even if this JSRopeString is discarded due to the speculation failure in the following path. … … 16166 16167 auto isNonEmptyString = m_jit.branchTest32(CCallHelpers::NonZero, allocatorGPR); 16167 16168 16168 m_jit.move(TrustedImmPtr::weakPointer(m_ jit.graph(), jsEmptyString(m_jit.graph().m_vm)), resultGPR);16169 m_jit.move(TrustedImmPtr::weakPointer(m_graph, jsEmptyString(m_graph.m_vm)), resultGPR); 16169 16170 16170 16171 isNonEmptyString.link(&m_jit);
Note:
See TracChangeset
for help on using the changeset viewer.
