Changeset 58986 in webkit for trunk/JavaScriptCore/interpreter

Timestamp:

May 7, 2010, 5:05:00 PM (15 years ago)

Author:

[email protected]

Message:

2010-05-07 Oliver Hunt <​[email protected]>

Reviewed by Geoffrey Garen.

Optimize access to the global object from a function that uses eval
​https://bugs.webkit.org/show_bug.cgi?id=38644

Add op_resolve_global_dynamic, a variant of op_resolve_global that
checks each node in the scope chain for dynamically inserted properties
and falls back to the normal resolve logic in that case.

• JavaScriptCore.exp:
• bytecode/CodeBlock.cpp: (JSC::isGlobalResolve): (JSC::CodeBlock::printStructures): (JSC::CodeBlock::dump): (JSC::CodeBlock::derefStructures):
• bytecode/Opcode.h:
• bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::findScopedProperty):

Now take an additional reference parameter to used to indicate that
there were nodes that may gain dynamic properties

(JSC::BytecodeGenerator::emitResolve):
(JSC::BytecodeGenerator::emitResolveBase):
(JSC::BytecodeGenerator::emitResolveWithBase):

deal with additional argument to findScopedProperty

• bytecompiler/BytecodeGenerator.h:
• bytecompiler/NodesCodegen.cpp: (JSC::FunctionCallResolveNode::emitBytecode): (JSC::PostfixResolveNode::emitBytecode): (JSC::PrefixResolveNode::emitBytecode): (JSC::ReadModifyResolveNode::emitBytecode): (JSC::AssignResolveNode::emitBytecode):

These functions use findScopedProperty directly in order to
optimise lookup. They cannot trivially handle any degree of
dynamism in the lookup so we just give up in such case.

• interpreter/Interpreter.cpp: (JSC::Interpreter::resolveGlobalDynamic): (JSC::Interpreter::execute): (JSC::Interpreter::privateExecute):
• interpreter/Interpreter.h:
• jit/JIT.cpp: (JSC::JIT::privateCompileMainPass): (JSC::JIT::privateCompileSlowCases):
• jit/JIT.h:
• jit/JITOpcodes.cpp: (JSC::JIT::emit_op_resolve_global): (JSC::JIT::emit_op_resolve_global_dynamic): (JSC::JIT::emitSlow_op_resolve_global): (JSC::JIT::emitSlow_op_resolve_global_dynamic):

Happily resolve_global_dynamic can share the slow case!

• jit/JITStubs.h: (JSC::):
• runtime/JSActivation.cpp: (JSC::JSActivation::isDynamicScope):
• runtime/JSActivation.h:
• runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::isDynamicScope):
• runtime/JSGlobalObject.h:
• runtime/JSStaticScopeObject.cpp: (JSC::JSStaticScopeObject::isDynamicScope):
• runtime/JSStaticScopeObject.h:
• runtime/JSVariableObject.h:

Location:

trunk/JavaScriptCore/interpreter

Files:

• Interpreter.cpp (modified) (7 diffs)
• Interpreter.h (modified) (1 diff)

trunk/JavaScriptCore/interpreter/Interpreter.cpp

@@ -192 +192 @@
 }
 
+NEVER_INLINE bool Interpreter::resolveGlobalDynamic(CallFrame* callFrame, Instruction* vPC, JSValue& exceptionValue)
+{
+    int dst = vPC[1].u.operand;
+    JSGlobalObject* globalObject = static_cast<JSGlobalObject*>(vPC[2].u.jsCell);
+    ASSERT(globalObject->isGlobalObject());
+    int property = vPC[3].u.operand;
+    Structure* structure = vPC[4].u.structure;
+    int offset = vPC[5].u.operand;
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    int skip = vPC[6].u.operand + codeBlock->needsFullScopeChain();
+    
+    ScopeChainNode* scopeChain = callFrame->scopeChain();
+    ScopeChainIterator iter = scopeChain->begin();
+    ScopeChainIterator end = scopeChain->end();
+    ASSERT(iter != end);
+    while (skip--) {
+        JSObject* o = *iter;
+        if (o->hasCustomProperties()) {
+            Identifier& ident = codeBlock->identifier(property);
+            do {
+                PropertySlot slot(o);
+                if (o->getPropertySlot(callFrame, ident, slot)) {
+                    JSValue result = slot.getValue(callFrame, ident);
+                    exceptionValue = callFrame->globalData().exception;
+                    if (exceptionValue)
+                        return false;
+                    callFrame->r(dst) = JSValue(result);
+                    return true;
+                }
+                if (iter == end)
+                    break;
+                o = *iter;
+                ++iter;
+            } while (true);
+            exceptionValue = createUndefinedVariableError(callFrame, ident, vPC - codeBlock->instructions().begin(), codeBlock);
+            return false;
+        }
+        ++iter;
+    }
+    
+    if (structure == globalObject->structure()) {
+        callFrame->r(dst) = JSValue(globalObject->getDirectOffset(offset));
+        return true;
+    }
+
+    Identifier& ident = codeBlock->identifier(property);
+    PropertySlot slot(globalObject);
+    if (globalObject->getPropertySlot(callFrame, ident, slot)) {
+        JSValue result = slot.getValue(callFrame, ident);
+        if (slot.isCacheableValue() && !globalObject->structure()->isUncacheableDictionary() && slot.slotBase() == globalObject) {
+            if (vPC[4].u.structure)
+                vPC[4].u.structure->deref();
+            globalObject->structure()->ref();
+            vPC[4] = globalObject->structure();
+            vPC[5] = slot.cachedOffset();
+            callFrame->r(dst) = JSValue(result);
+            return true;
+        }
+        
+        exceptionValue = callFrame->globalData().exception;
+        if (exceptionValue)
+            return false;
+        callFrame->r(dst) = JSValue(result);
+        return true;
+    }
+    
+    exceptionValue = createUndefinedVariableError(callFrame, ident, vPC - codeBlock->instructions().begin(), codeBlock);
+    return false;
+}
+
 NEVER_INLINE void Interpreter::resolveBase(CallFrame* callFrame, Instruction* vPC)
 {
@@ -800 +870 @@
     }
 
-    { // Scope for BatchedTransitionOptimizer
-
+    unsigned numVariables = codeBlock->numVariables();
+    int numFunctions = codeBlock->numberOfFunctionDecls();
+    if (numVariables || numFunctions) {
+        // Scope for BatchedTransitionOptimizer
         BatchedTransitionOptimizer optimizer(variableObject);
 
-        unsigned numVariables = codeBlock->numVariables();
         for (unsigned i = 0; i < numVariables; ++i) {
             const Identifier& ident = codeBlock->variable(i);
@@ -813 +884 @@
         }
 
-        int numFunctions = codeBlock->numberOfFunctionDecls();
         for (int i = 0; i < numFunctions; ++i) {
             FunctionExecutable* function = codeBlock->functionDecl(i);
@@ -819 +889 @@
             variableObject->put(callFrame, function->name(), function->make(callFrame, scopeChain), slot);
         }
-
     }
 
@@ -1990 +2059 @@
         NEXT_INSTRUCTION();
     }
+    DEFINE_OPCODE(op_resolve_global_dynamic) {
+        /* resolve_skip dst(r) globalObject(c) property(id) structure(sID) offset(n), depth(n)
+         
+         Performs a dynamic property lookup for the given property, on the provided
+         global object.  If structure matches the Structure of the global then perform
+         a fast lookup using the case offset, otherwise fall back to a full resolve and
+         cache the new structure and offset.
+         
+         This walks through n levels of the scope chain to verify that none of those levels
+         in the scope chain include dynamically added properties.
+         */
+        if (UNLIKELY(!resolveGlobalDynamic(callFrame, vPC, exceptionValue)))
+            goto vm_throw;
+        
+        vPC += OPCODE_LENGTH(op_resolve_global_dynamic);
+        
+        NEXT_INSTRUCTION();
+    }
     DEFINE_OPCODE(op_get_global_var) {
         /* get_global_var dst(r) globalObject(c) index(n)
@@ -2017 +2104 @@
         vPC += OPCODE_LENGTH(op_put_global_var);
         NEXT_INSTRUCTION();
-    }            
+    }
     DEFINE_OPCODE(op_get_scoped_var) {
         /* get_scoped_var dst(r) index(n) skip(n)
@@ -2036 +2123 @@
             ASSERT(iter != end);
         }
-
         ASSERT((*iter)->isVariableObject());
         JSVariableObject* scope = static_cast<JSVariableObject*>(*iter);

trunk/JavaScriptCore/interpreter/Interpreter.h

@@ -128 +128 @@
         NEVER_INLINE bool resolveSkip(CallFrame*, Instruction*, JSValue& exceptionValue);
         NEVER_INLINE bool resolveGlobal(CallFrame*, Instruction*, JSValue& exceptionValue);
+        NEVER_INLINE bool resolveGlobalDynamic(CallFrame*, Instruction*, JSValue& exceptionValue);
         NEVER_INLINE void resolveBase(CallFrame*, Instruction* vPC);
         NEVER_INLINE bool resolveBaseAndProperty(CallFrame*, Instruction*, JSValue& exceptionValue);