[JSC] Make DFG::OSRExit data unlinked
https://bugs.webkit.org/show_bug.cgi?id=239828
Reviewed by Saam Barati.
This patch makes DFG::OSRExit unlinked. While generated OSR exit code is linked version,
we no longer put linked data to DFG::OSRExit so that unlinked DFG can use DFG::OSRExit.
Key changes are two things.
- Now, we always store compiled MacroAssemblerCodeRef in DFG::JITData regardless of whether
we have linked / unlinked DFG. While linked DFG uses repatching to jump to this code,
unlinked DFG looks into this vector in JITData and jump to that.
- MethodOfGettingAValueProfile was including CodeBlock*, ValueProfile* in CodeBlock* etc.,
so it was linked data structure which unlinked DFG cannot use. Instead, we encode how to
retrieve these pointers when generating OSR exit code actually, and just storing CodeOrigin,
type, and Operand to make MethodOfGettingAValueProfile unlinked data structure. While
CodeOrigin can include InlineCallFrame, but our first version of unlinked DFG will not perform
inlining thus we will not include it. It also makes sizeof(MethodOfGettingAValueProfile) smaller
from 32 bytes to 16 bytes (50% reduction).
- Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.h:
(JSC::MacroAssemblerCodeRef::offsetOfCodePtr):
- Source/JavaScriptCore/bytecode/CodeBlock.cpp:
(JSC::CodeBlock::updateOSRExitCounterAndCheckIfNeedToReoptimize): Deleted.
- Source/JavaScriptCore/bytecode/CodeBlock.h:
- Source/JavaScriptCore/bytecode/MethodOfGettingAValueProfile.cpp:
(JSC::MethodOfGettingAValueProfile::emitReportValue const):
(JSC::MethodOfGettingAValueProfile::fromLazyOperand): Deleted.
(JSC::MethodOfGettingAValueProfile::reportValue): Deleted.
- Source/JavaScriptCore/bytecode/MethodOfGettingAValueProfile.h:
(JSC::MethodOfGettingAValueProfile::unaryArithProfile):
(JSC::MethodOfGettingAValueProfile::binaryArithProfile):
(JSC::MethodOfGettingAValueProfile::argumentValueProfile):
(JSC::MethodOfGettingAValueProfile::bytecodeValueProfile):
(JSC::MethodOfGettingAValueProfile::lazyOperandValueProfile):
(JSC::MethodOfGettingAValueProfile::operator bool const):
(JSC::MethodOfGettingAValueProfile::MethodOfGettingAValueProfile): Deleted.
- Source/JavaScriptCore/dfg/DFGGraph.cpp:
(JSC::DFG::Graph::methodOfGettingAValueProfileFor):
- Source/JavaScriptCore/dfg/DFGJITCode.cpp:
(JSC::DFG::JITCode::JITCode):
(JSC::DFG::JITCode::findPC):
- Source/JavaScriptCore/dfg/DFGJITCode.h:
- Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::JITCompiler):
(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::link):
- Source/JavaScriptCore/dfg/DFGJITFinalizer.cpp:
(JSC::DFG::JITFinalizer::finalize):
- Source/JavaScriptCore/dfg/DFGOSRExit.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
(JSC::DFG::OSRExit::compileExit):
(JSC::DFG::OSRExit::codeLocationForRepatch const): Deleted.
- Source/JavaScriptCore/dfg/DFGOSRExit.h:
(JSC::DFG::OSRExit::codeLocationForRepatch const):
(JSC::DFG::OSRExitState::OSRExitState): Deleted.
- Source/JavaScriptCore/dfg/DFGPlan.cpp:
(JSC::DFG::Plan::finalizeJITData):
- Source/JavaScriptCore/dfg/DFGPlan.h:
- Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::lower):
- Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
- Source/WTF/wtf/FixedVector.h:
Canonical link: https://commits.webkit.org/250111@main
