[JSC] Introduce unlinked version of invalidation
https://bugs.webkit.org/show_bug.cgi?id=239887
Reviewed by Saam Barati.
This patch makes invalidation mechanism unlinked for unlinked DFG.
- We always use CheckTraps instead of InvalidationPoint with VMTraps so that we do not need
to repatch existing code.
- We introduce load-and-branch based InvalidationPoint for unlinked DFG so that we do not need
to repatch it to jump to OSR exit when watchpoint fires. We store this condition in DFG::JITData
so that code can quickly access to that.
- We make isStillValid conditions in DFG::CommonData always true for unlinked DFG code. Instead,
we check isJettisoned() condition of CodeBlock since it will become eventually per CodeBlock
information (while this CodeBlock gets invalidated, unlinked DFG code itself can be used for
the other CodeBlock).
After this change, now, jumpReplacements for unlinked DFG becomes empty. We no longer repatch these invalidation points.
- Source/JavaScriptCore/bytecode/CodeBlock.cpp:
(JSC::CodeBlock::jettison):
(JSC::CodeBlock::hasInstalledVMTrapsBreakpoints const):
(JSC::CodeBlock::canInstallVMTrapBreakpoints const):
(JSC::CodeBlock::installVMTrapBreakpoints):
(JSC::CodeBlock::hasInstalledVMTrapBreakpoints const): Deleted.
- Source/JavaScriptCore/bytecode/CodeBlock.h:
- Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
- Source/JavaScriptCore/dfg/DFGCommonData.cpp:
(JSC::DFG::CommonData::invalidate):
(JSC::DFG::CommonData::~CommonData):
(JSC::DFG::CommonData::installVMTrapBreakpoints):
(JSC::DFG::CommonData::isVMTrapBreakpoint):
- Source/JavaScriptCore/dfg/DFGCommonData.h:
(JSC::DFG::CommonData::CommonData):
(JSC::DFG::CommonData::hasInstalledVMTrapsBreakpoints const):
(JSC::DFG::CommonData::isStillValid const):
- Source/JavaScriptCore/dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
- Source/JavaScriptCore/dfg/DFGJITCode.cpp:
(JSC::DFG::JITCode::JITCode):
- Source/JavaScriptCore/dfg/DFGJITCode.h:
- Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
- Source/JavaScriptCore/dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
(JSC::DFG::prepareCatchOSREntry):
- Source/JavaScriptCore/dfg/DFGPlan.cpp:
(JSC::DFG::Plan::finalize):
- Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileInvalidationPoint):
(JSC::DFG::SpeculativeJIT::compileCheckTraps):
(JSC::DFG::SpeculativeJIT::emitInvalidationPoint): Deleted.
- Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
- Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- Source/JavaScriptCore/ftl/FTLJITCode.cpp:
(JSC::FTL::JITCode::JITCode):
- Source/JavaScriptCore/ftl/FTLJITCode.h:
(JSC::FTL::JITCode::isUnlinked const):
- Source/JavaScriptCore/ftl/FTLOSREntry.cpp:
(JSC::FTL::prepareOSREntry):
- Source/JavaScriptCore/jit/JITCode.cpp:
(JSC::JITCode::isUnlinked const):
- Source/JavaScriptCore/jit/JITCode.h:
- Source/JavaScriptCore/runtime/VMTraps.cpp:
(JSC::VMTraps::tryInstallTrapBreakpoints):
(JSC::VMTraps::handleTraps):
Canonical link: https://commits.webkit.org/250203@main
