[webkit-changes] [159462] trunk/Source/JavaScriptCore

Mon, 18 Nov 2013 15:17:45 -0800

Title: [159462] trunk/Source/_javascript_Core
Revision
159462
Author
[email protected]
Date
2013-11-18 15:19:53 -0800 (Mon, 18 Nov 2013)

Log Message

put_to_scope[5] should not point to the structure if it's a variable access, but it should point to the WatchpointSet
https://bugs.webkit.org/show_bug.cgi?id=124539

Reviewed by Mark Hahnenberg.
        
This is in preparation for getting put_to_scope to directly invalidate the watchpoint set
on stores, which will allow us to run constant inference on all globals.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finalizeUnconditionally):
* bytecode/Instruction.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* runtime/JSScope.cpp:
(JSC::abstractAccess):
(JSC::JSScope::abstractResolve):
* runtime/JSScope.h:
(JSC::ResolveOp::ResolveOp):
* runtime/SymbolTable.h:
(JSC::SymbolTableEntry::watchpointSet):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (159461 => 159462)


--- trunk/Source/_javascript_Core/ChangeLog	2013-11-18 23:16:16 UTC (rev 159461)
+++ trunk/Source/_javascript_Core/ChangeLog	2013-11-18 23:19:53 UTC (rev 159462)
@@ -1,3 +1,27 @@
+2013-11-18  Filip Pizlo  <[email protected]>
+
+        put_to_scope[5] should not point to the structure if it's a variable access, but it should point to the WatchpointSet
+        https://bugs.webkit.org/show_bug.cgi?id=124539
+
+        Reviewed by Mark Hahnenberg.
+        
+        This is in preparation for getting put_to_scope to directly invalidate the watchpoint set
+        on stores, which will allow us to run constant inference on all globals.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::CodeBlock):
+        (JSC::CodeBlock::finalizeUnconditionally):
+        * bytecode/Instruction.h:
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::parseBlock):
+        * runtime/JSScope.cpp:
+        (JSC::abstractAccess):
+        (JSC::JSScope::abstractResolve):
+        * runtime/JSScope.h:
+        (JSC::ResolveOp::ResolveOp):
+        * runtime/SymbolTable.h:
+        (JSC::SymbolTableEntry::watchpointSet):
+
 2013-11-18  Mark Hahnenberg  <[email protected]>
 
         APIEntryShims need some love

Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (159461 => 159462)


--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp	2013-11-18 23:16:16 UTC (rev 159461)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp	2013-11-18 23:19:53 UTC (rev 159462)
@@ -1882,7 +1882,10 @@
             ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), scope, ident, Put, modeAndType.type());
 
             instructions[i + 4].u.operand = ResolveModeAndType(modeAndType.mode(), op.type).operand();
-            if (op.structure)
+            if (op.type == GlobalVar || op.type == GlobalVarWithVarInjectionChecks) {
+                ASSERT(!op.structure);
+                instructions[i + 5].u.watchpointSet = op.watchpointSet;
+            } else if (op.structure)
                 instructions[i + 5].u.structure.set(*vm(), ownerExecutable, op.structure);
             instructions[i + 6].u.pointer = reinterpret_cast<void*>(op.operand);
             break;
@@ -2274,6 +2277,10 @@
                 break;
             case op_get_from_scope:
             case op_put_to_scope: {
+                ResolveModeAndType modeAndType =
+                    ResolveModeAndType(curInstruction[4].u.operand);
+                if (modeAndType.type() == GlobalVar || modeAndType.type() == GlobalVarWithVarInjectionChecks)
+                    continue;
                 WriteBarrierBase<Structure>& structure = curInstruction[5].u.structure;
                 if (!structure || Heap::isMarked(structure.get()))
                     break;

Modified: trunk/Source/_javascript_Core/bytecode/Instruction.h (159461 => 159462)


--- trunk/Source/_javascript_Core/bytecode/Instruction.h	2013-11-18 23:16:16 UTC (rev 159461)
+++ trunk/Source/_javascript_Core/bytecode/Instruction.h	2013-11-18 23:19:53 UTC (rev 159462)
@@ -115,6 +115,7 @@
         ArrayProfile* arrayProfile;
         ArrayAllocationProfile* arrayAllocationProfile;
         ObjectAllocationProfile* objectAllocationProfile;
+        WatchpointSet* watchpointSet;
         void* pointer;
         bool* predicatePointer;
     } u;

Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (159461 => 159462)


--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2013-11-18 23:16:16 UTC (rev 159461)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2013-11-18 23:19:53 UTC (rev 159462)
@@ -3127,7 +3127,10 @@
             uintptr_t operand;
             {
                 ConcurrentJITLocker locker(m_inlineStackTop->m_profiledBlock->m_lock);
-                structure = currentInstruction[5].u.structure.get();
+                if (resolveType == GlobalVar || resolveType == GlobalVarWithVarInjectionChecks)
+                    structure = 0;
+                else
+                    structure = currentInstruction[5].u.structure.get();
                 operand = reinterpret_cast<uintptr_t>(currentInstruction[6].u.pointer);
             }

Modified: trunk/Source/_javascript_Core/runtime/JSScope.cpp (159461 => 159462)


--- trunk/Source/_javascript_Core/runtime/JSScope.cpp	2013-11-18 23:16:16 UTC (rev 159461)
+++ trunk/Source/_javascript_Core/runtime/JSScope.cpp	2013-11-18 23:19:53 UTC (rev 159462)
@@ -53,19 +53,19 @@
     if (JSActivation* activation = jsDynamicCast<JSActivation*>(scope)) {
         if (ident == exec->propertyNames().arguments) {
             // We know the property will be at this activation scope, but we don't know how to cache it.
-            op = ResolveOp(Dynamic, 0, 0, 0);
+            op = ResolveOp(Dynamic, 0, 0, 0, 0);
             return true;
         }
 
         SymbolTableEntry entry = activation->symbolTable()->get(ident.impl());
         if (entry.isReadOnly() && getOrPut == Put) {
             // We know the property will be at this activation scope, but we don't know how to cache it.
-            op = ResolveOp(Dynamic, 0, 0, 0);
+            op = ResolveOp(Dynamic, 0, 0, 0, 0);
             return true;
         }
 
         if (!entry.isNull()) {
-            op = ResolveOp(makeType(ClosureVar, needsVarInjectionChecks), depth, activation->structure(), entry.getIndex());
+            op = ResolveOp(makeType(ClosureVar, needsVarInjectionChecks), depth, activation->structure(), 0, entry.getIndex());
             return true;
         }
 
@@ -80,7 +80,7 @@
             if (getOrPut == Put) {
                 if (entry.isReadOnly()) {
                     // We know the property will be at global scope, but we don't know how to cache it.
-                    op = ResolveOp(Dynamic, 0, 0, 0);
+                    op = ResolveOp(Dynamic, 0, 0, 0, 0);
                     return true;
                 }
 
@@ -88,7 +88,8 @@
                 entry.notifyWrite();
             }
 
-            op = ResolveOp(makeType(GlobalVar, needsVarInjectionChecks), depth, globalObject->structure(), 
+            op = ResolveOp(
+                makeType(GlobalVar, needsVarInjectionChecks), depth, 0, entry.watchpointSet(),
                 reinterpret_cast<uintptr_t>(globalObject->registerAt(entry.getIndex()).slot()));
             return true;
         }
@@ -100,15 +101,15 @@
             || (globalObject->structure()->hasReadOnlyOrGetterSetterPropertiesExcludingProto() && getOrPut == Put)) {
             // We know the property will be at global scope, but we don't know how to cache it.
             ASSERT(!scope->next());
-            op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, 0, 0);
+            op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, 0, 0, 0);
             return true;
         }
 
-        op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, globalObject->structure(), slot.cachedOffset());
+        op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, globalObject->structure(), 0, slot.cachedOffset());
         return true;
     }
 
-    op = ResolveOp(Dynamic, 0, 0, 0);
+    op = ResolveOp(Dynamic, 0, 0, 0, 0);
     return true;
 }
 
@@ -146,7 +147,7 @@
 
 ResolveOp JSScope::abstractResolve(ExecState* exec, JSScope* scope, const Identifier& ident, GetOrPut getOrPut, ResolveType unlinkedType)
 {
-    ResolveOp op(Dynamic, 0, 0, 0);
+    ResolveOp op(Dynamic, 0, 0, 0, 0);
     if (unlinkedType == Dynamic)
         return op;

Modified: trunk/Source/_javascript_Core/runtime/JSScope.h (159461 => 159462)


--- trunk/Source/_javascript_Core/runtime/JSScope.h	2013-11-18 23:16:16 UTC (rev 159461)
+++ trunk/Source/_javascript_Core/runtime/JSScope.h	2013-11-18 23:19:53 UTC (rev 159462)
@@ -31,6 +31,7 @@
 namespace JSC {
 
 class ScopeChainIterator;
+class WatchpointSet;
 
 enum ResolveMode {
     ThrowIfNotFound,
@@ -95,10 +96,11 @@
 }
 
 struct ResolveOp {
-    ResolveOp(ResolveType type, size_t depth, Structure* structure, uintptr_t operand)
+    ResolveOp(ResolveType type, size_t depth, Structure* structure, WatchpointSet* watchpointSet, uintptr_t operand)
         : type(type)
         , depth(depth)
         , structure(structure)
+        , watchpointSet(watchpointSet)
         , operand(operand)
     {
     }
@@ -106,6 +108,7 @@
     ResolveType type;
     size_t depth;
     Structure* structure;
+    WatchpointSet* watchpointSet;
     uintptr_t operand;
 };

Modified: trunk/Source/_javascript_Core/runtime/SymbolTable.h (159461 => 159462)


--- trunk/Source/_javascript_Core/runtime/SymbolTable.h	2013-11-18 23:16:16 UTC (rev 159461)
+++ trunk/Source/_javascript_Core/runtime/SymbolTable.h	2013-11-18 23:19:53 UTC (rev 159462)
@@ -234,6 +234,8 @@
     
     WatchpointSet* watchpointSet()
     {
+        if (!isFat())
+            return 0;
         return fatEntry()->m_watchpoints.get();
     }
     

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to