GetByIdStatus GetByIdStatus::computeFromLLInt(CodeBlock* profiledBlock, unsigned bytecodeIndex, UniquedStringImpl* uid)
{
UNUSED_PARAM(profiledBlock);
UNUSED_PARAM(bytecodeIndex);
UNUSED_PARAM(uid);
VM& vm = *profiledBlock->vm();
Instruction* instruction = profiledBlock->instructions().begin() + bytecodeIndex;
if (instruction[0].u.opcode == LLInt::getOpcode(op_get_array_length))
return GetByIdStatus(NoInformation, false);
StructureID structureID = instruction[4].u.structureID;
if (!structureID)
return GetByIdStatus(NoInformation, false);
Structure* structure = vm.heap.structureIDTable().get(structureID);
if (structure->takesSlowPathInDFGForImpureProperty())
return GetByIdStatus(NoInformation, false);
unsigned attributesIgnored;
PropertyOffset offset = structure->getConcurrently(uid, attributesIgnored);
if (!isValidOffset(offset))
return GetByIdStatus(NoInformation, false);
return GetByIdStatus(Simple, false, GetByIdVariant(StructureSet(structure), offset));
}
GetByIdStatus GetByIdStatus::computeFor(const StructureSet& set, StringImpl* uid)
{
// For now we only handle the super simple self access case. We could handle the
// prototype case in the future.
if (set.isEmpty())
return GetByIdStatus();
if (toUInt32FromStringImpl(uid) != PropertyName::NotAnIndex)
return GetByIdStatus(TakesSlowPath);
GetByIdStatus result;
result.m_state = Simple;
result.m_wasSeenInJIT = false;
for (unsigned i = 0; i < set.size(); ++i) {
Structure* structure = set[i];
if (structure->typeInfo().overridesGetOwnPropertySlot() && structure->typeInfo().type() != GlobalObjectType)
return GetByIdStatus(TakesSlowPath);
if (!structure->propertyAccessesAreCacheable())
return GetByIdStatus(TakesSlowPath);
unsigned attributes;
PropertyOffset offset = structure->getConcurrently(uid, attributes);
if (!isValidOffset(offset))
return GetByIdStatus(TakesSlowPath); // It's probably a prototype lookup. Give up on life for now, even though we could totally be way smarter about it.
if (attributes & Accessor)
return GetByIdStatus(MakesCalls); // We could be smarter here, like strenght-reducing this to a Call.
if (!result.appendVariant(GetByIdVariant(structure, offset)))
return GetByIdStatus(TakesSlowPath);
}
return result;
}
GetByIdStatus GetByIdStatus::computeFromLLInt(CodeBlock* profiledBlock, unsigned bytecodeIndex, StringImpl* uid)
{
UNUSED_PARAM(profiledBlock);
UNUSED_PARAM(bytecodeIndex);
UNUSED_PARAM(uid);
#if ENABLE(LLINT)
Instruction* instruction = profiledBlock->instructions().begin() + bytecodeIndex;
if (instruction[0].u.opcode == LLInt::getOpcode(llint_op_get_array_length))
return GetByIdStatus(NoInformation, false);
Structure* structure = instruction[4].u.structure.get();
if (!structure)
return GetByIdStatus(NoInformation, false);
if (structure->takesSlowPathInDFGForImpureProperty())
return GetByIdStatus(NoInformation, false);
unsigned attributesIgnored;
JSCell* specificValue;
PropertyOffset offset = structure->getConcurrently(
*profiledBlock->vm(), uid, attributesIgnored, specificValue);
if (structure->isDictionary())
specificValue = 0;
if (!isValidOffset(offset))
return GetByIdStatus(NoInformation, false);
return GetByIdStatus(Simple, false, StructureSet(structure), offset, specificValue);
#else
return GetByIdStatus(NoInformation, false);
#endif
}
PutByIdStatus PutByIdStatus::computeFromLLInt(CodeBlock* profiledBlock, unsigned bytecodeIndex, UniquedStringImpl* uid)
{
UNUSED_PARAM(profiledBlock);
UNUSED_PARAM(bytecodeIndex);
UNUSED_PARAM(uid);
VM& vm = *profiledBlock->vm();
Instruction* instruction = profiledBlock->instructions().begin() + bytecodeIndex;
StructureID structureID = instruction[4].u.structureID;
if (!structureID)
return PutByIdStatus(NoInformation);
Structure* structure = vm.heap.structureIDTable().get(structureID);
StructureID newStructureID = instruction[6].u.structureID;
if (!newStructureID) {
PropertyOffset offset = structure->getConcurrently(uid);
if (!isValidOffset(offset))
return PutByIdStatus(NoInformation);
return PutByIdVariant::replace(structure, offset, structure->inferredTypeDescriptorFor(uid));
}
Structure* newStructure = vm.heap.structureIDTable().get(newStructureID);
ASSERT(structure->transitionWatchpointSetHasBeenInvalidated());
PropertyOffset offset = newStructure->getConcurrently(uid);
if (!isValidOffset(offset))
return PutByIdStatus(NoInformation);
ObjectPropertyConditionSet conditionSet;
if (!(instruction[8].u.putByIdFlags & PutByIdIsDirect)) {
conditionSet =
generateConditionsForPropertySetterMissConcurrently(
*profiledBlock->vm(), profiledBlock->globalObject(), structure, uid);
if (!conditionSet.isValid())
return PutByIdStatus(NoInformation);
}
return PutByIdVariant::transition(
structure, newStructure, conditionSet, offset, newStructure->inferredTypeDescriptorFor(uid));
}
PutByIdStatus PutByIdStatus::computeFromLLInt(CodeBlock* profiledBlock, unsigned bytecodeIndex, StringImpl* uid)
{
UNUSED_PARAM(profiledBlock);
UNUSED_PARAM(bytecodeIndex);
UNUSED_PARAM(uid);
Instruction* instruction = profiledBlock->instructions().begin() + bytecodeIndex;
Structure* structure = instruction[4].u.structure.get();
if (!structure)
return PutByIdStatus(NoInformation);
if (instruction[0].u.opcode == LLInt::getOpcode(op_put_by_id)
|| instruction[0].u.opcode == LLInt::getOpcode(op_put_by_id_out_of_line)) {
PropertyOffset offset = structure->getConcurrently(uid);
if (!isValidOffset(offset))
return PutByIdStatus(NoInformation);
return PutByIdVariant::replace(structure, offset);
}
ASSERT(structure->transitionWatchpointSetHasBeenInvalidated());
ASSERT(instruction[0].u.opcode == LLInt::getOpcode(op_put_by_id_transition_direct)
|| instruction[0].u.opcode == LLInt::getOpcode(op_put_by_id_transition_normal)
|| instruction[0].u.opcode == LLInt::getOpcode(op_put_by_id_transition_direct_out_of_line)
|| instruction[0].u.opcode == LLInt::getOpcode(op_put_by_id_transition_normal_out_of_line));
Structure* newStructure = instruction[6].u.structure.get();
StructureChain* chain = instruction[7].u.structureChain.get();
ASSERT(newStructure);
ASSERT(chain);
PropertyOffset offset = newStructure->getConcurrently(uid);
if (!isValidOffset(offset))
return PutByIdStatus(NoInformation);
RefPtr<IntendedStructureChain> intendedChain;
if (chain)
intendedChain = adoptRef(new IntendedStructureChain(profiledBlock, structure, chain));
return PutByIdVariant::transition(structure, newStructure, intendedChain.get(), offset);
}
bool GetByIdStatus::computeForChain(CodeBlock* profiledBlock, StringImpl* uid, PassRefPtr<IntendedStructureChain> passedChain)
{
#if ENABLE(JIT)
RefPtr<IntendedStructureChain> chain = passedChain;
// Validate the chain. If the chain is invalid, then currently the best thing
// we can do is to assume that TakesSlow is true. In the future, it might be
// worth exploring reifying the structure chain from the structure we've got
// instead of using the one from the cache, since that will do the right things
// if the structure chain has changed. But that may be harder, because we may
// then end up having a different type of access altogether. And it currently
// does not appear to be worth it to do so -- effectively, the heuristic we
// have now is that if the structure chain has changed between when it was
// cached on in the baseline JIT and when the DFG tried to inline the access,
// then we fall back on a polymorphic access.
if (!chain->isStillValid())
return false;
if (chain->head()->takesSlowPathInDFGForImpureProperty())
return false;
size_t chainSize = chain->size();
for (size_t i = 0; i < chainSize; i++) {
if (chain->at(i)->takesSlowPathInDFGForImpureProperty())
return false;
}
JSObject* currentObject = chain->terminalPrototype();
Structure* currentStructure = chain->last();
ASSERT_UNUSED(currentObject, currentObject);
unsigned attributesIgnored;
JSCell* specificValue;
PropertyOffset offset = currentStructure->getConcurrently(
*profiledBlock->vm(), uid, attributesIgnored, specificValue);
if (currentStructure->isDictionary())
specificValue = 0;
if (!isValidOffset(offset))
return false;
m_variants.append(
GetByIdVariant(StructureSet(chain->head()), offset, specificValue, chain));
return true;
#else // ENABLE(JIT)
UNUSED_PARAM(profiledBlock);
UNUSED_PARAM(uid);
UNUSED_PARAM(passedChain);
UNREACHABLE_FOR_PLATFORM();
return false;
#endif // ENABLE(JIT)
}
ComplexGetStatus ComplexGetStatus::computeFor(
CodeBlock* profiledBlock, Structure* headStructure, StructureChain* chain,
unsigned chainCount, AtomicStringImpl* uid)
{
// FIXME: We should assert that we never see a structure that
// hasImpureGetOwnPropertySlot() but for which we don't
// newImpurePropertyFiresWatchpoints(). We're not at a point where we can do
// that, yet.
// https://bugs.webkit.org/show_bug.cgi?id=131810
if (headStructure->takesSlowPathInDFGForImpureProperty())
return takesSlowPath();
ComplexGetStatus result;
result.m_kind = Inlineable;
if (chain && chainCount) {
result.m_chain = adoptRef(new IntendedStructureChain(
profiledBlock, headStructure, chain, chainCount));
if (!result.m_chain->isStillValid())
return skip();
if (headStructure->takesSlowPathInDFGForImpureProperty()
|| result.m_chain->takesSlowPathInDFGForImpureProperty())
return takesSlowPath();
JSObject* currentObject = result.m_chain->terminalPrototype();
Structure* currentStructure = result.m_chain->last();
ASSERT_UNUSED(currentObject, currentObject);
result.m_offset = currentStructure->getConcurrently(uid, result.m_attributes);
} else {
result.m_offset = headStructure->getConcurrently(uid, result.m_attributes);
}
if (!isValidOffset(result.m_offset))
return takesSlowPath();
return result;
}
GetByIdStatus GetByIdStatus::computeForStubInfo(
const ConcurrentJITLocker& locker, CodeBlock* profiledBlock, StructureStubInfo* stubInfo, StringImpl* uid,
CallLinkStatus::ExitSiteData callExitSiteData)
{
if (!stubInfo || !stubInfo->seen)
return GetByIdStatus(NoInformation);
PolymorphicGetByIdList* list = 0;
State slowPathState = TakesSlowPath;
if (stubInfo->accessType == access_get_by_id_list) {
list = stubInfo->u.getByIdList.list;
for (unsigned i = 0; i < list->size(); ++i) {
const GetByIdAccess& access = list->at(i);
if (access.doesCalls())
slowPathState = MakesCalls;
}
}
// Finally figure out if we can derive an access strategy.
GetByIdStatus result;
result.m_state = Simple;
result.m_wasSeenInJIT = true; // This is interesting for bytecode dumping only.
switch (stubInfo->accessType) {
case access_unset:
return GetByIdStatus(NoInformation);
case access_get_by_id_self: {
Structure* structure = stubInfo->u.getByIdSelf.baseObjectStructure.get();
if (structure->takesSlowPathInDFGForImpureProperty())
return GetByIdStatus(slowPathState, true);
unsigned attributesIgnored;
GetByIdVariant variant;
variant.m_offset = structure->getConcurrently(uid, attributesIgnored);
if (!isValidOffset(variant.m_offset))
return GetByIdStatus(slowPathState, true);
variant.m_structureSet.add(structure);
bool didAppend = result.appendVariant(variant);
ASSERT_UNUSED(didAppend, didAppend);
return result;
}
case access_get_by_id_list: {
for (unsigned listIndex = 0; listIndex < list->size(); ++listIndex) {
Structure* structure = list->at(listIndex).structure();
ComplexGetStatus complexGetStatus = ComplexGetStatus::computeFor(
profiledBlock, structure, list->at(listIndex).chain(),
list->at(listIndex).chainCount(), uid);
switch (complexGetStatus.kind()) {
case ComplexGetStatus::ShouldSkip:
continue;
case ComplexGetStatus::TakesSlowPath:
return GetByIdStatus(slowPathState, true);
case ComplexGetStatus::Inlineable: {
std::unique_ptr<CallLinkStatus> callLinkStatus;
switch (list->at(listIndex).type()) {
case GetByIdAccess::SimpleInline:
case GetByIdAccess::SimpleStub: {
break;
}
case GetByIdAccess::Getter: {
AccessorCallJITStubRoutine* stub = static_cast<AccessorCallJITStubRoutine*>(
list->at(listIndex).stubRoutine());
callLinkStatus = std::make_unique<CallLinkStatus>(
CallLinkStatus::computeFor(
locker, profiledBlock, *stub->m_callLinkInfo, callExitSiteData));
break;
}
case GetByIdAccess::CustomGetter:
case GetByIdAccess::WatchedStub:{
// FIXME: It would be totally sweet to support this at some point in the future.
// https://bugs.webkit.org/show_bug.cgi?id=133052
return GetByIdStatus(slowPathState, true);
}
default:
RELEASE_ASSERT_NOT_REACHED();
}
GetByIdVariant variant(
StructureSet(structure), complexGetStatus.offset(), complexGetStatus.chain(),
std::move(callLinkStatus));
if (!result.appendVariant(variant))
return GetByIdStatus(slowPathState, true);
break;
} }
}
return result;
}
default:
return GetByIdStatus(slowPathState, true);
}
RELEASE_ASSERT_NOT_REACHED();
return GetByIdStatus();
}
GetByIdStatus GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback(
const ConcurrentJITLocker& locker, CodeBlock* profiledBlock, StructureStubInfo* stubInfo, UniquedStringImpl* uid,
CallLinkStatus::ExitSiteData callExitSiteData)
{
if (!stubInfo || !stubInfo->everConsidered)
return GetByIdStatus(NoInformation);
PolymorphicAccess* list = 0;
State slowPathState = TakesSlowPath;
if (stubInfo->cacheType == CacheType::Stub) {
list = stubInfo->u.stub;
for (unsigned i = 0; i < list->size(); ++i) {
const AccessCase& access = list->at(i);
if (access.doesCalls())
slowPathState = MakesCalls;
}
}
if (stubInfo->tookSlowPath)
return GetByIdStatus(slowPathState);
// Finally figure out if we can derive an access strategy.
GetByIdStatus result;
result.m_state = Simple;
result.m_wasSeenInJIT = true; // This is interesting for bytecode dumping only.
switch (stubInfo->cacheType) {
case CacheType::Unset:
return GetByIdStatus(NoInformation);
case CacheType::GetByIdSelf: {
Structure* structure = stubInfo->u.byIdSelf.baseObjectStructure.get();
if (structure->takesSlowPathInDFGForImpureProperty())
return GetByIdStatus(slowPathState, true);
unsigned attributesIgnored;
GetByIdVariant variant;
variant.m_offset = structure->getConcurrently(uid, attributesIgnored);
if (!isValidOffset(variant.m_offset))
return GetByIdStatus(slowPathState, true);
variant.m_structureSet.add(structure);
bool didAppend = result.appendVariant(variant);
ASSERT_UNUSED(didAppend, didAppend);
return result;
}
case CacheType::Stub: {
for (unsigned listIndex = 0; listIndex < list->size(); ++listIndex) {
const AccessCase& access = list->at(listIndex);
if (access.viaProxy())
return GetByIdStatus(slowPathState, true);
Structure* structure = access.structure();
if (!structure) {
// The null structure cases arise due to array.length and string.length. We have no way
// of creating a GetByIdVariant for those, and we don't really have to since the DFG
// handles those cases in FixupPhase using value profiling. That's a bit awkward - we
// shouldn't have to use value profiling to discover something that the AccessCase
// could have told us. But, it works well enough. So, our only concern here is to not
// crash on null structure.
return GetByIdStatus(slowPathState, true);
}
ComplexGetStatus complexGetStatus = ComplexGetStatus::computeFor(
structure, access.conditionSet(), uid);
switch (complexGetStatus.kind()) {
case ComplexGetStatus::ShouldSkip:
continue;
case ComplexGetStatus::TakesSlowPath:
return GetByIdStatus(slowPathState, true);
case ComplexGetStatus::Inlineable: {
std::unique_ptr<CallLinkStatus> callLinkStatus;
JSFunction* intrinsicFunction = nullptr;
switch (access.type()) {
case AccessCase::Load: {
break;
}
case AccessCase::IntrinsicGetter: {
intrinsicFunction = access.intrinsicFunction();
break;
}
case AccessCase::Getter: {
CallLinkInfo* callLinkInfo = access.callLinkInfo();
ASSERT(callLinkInfo);
callLinkStatus = std::make_unique<CallLinkStatus>(
CallLinkStatus::computeFor(
locker, profiledBlock, *callLinkInfo, callExitSiteData));
break;
}
default: {
// FIXME: It would be totally sweet to support more of these at some point in the
// future. https://bugs.webkit.org/show_bug.cgi?id=133052
return GetByIdStatus(slowPathState, true);
} }
GetByIdVariant variant(
StructureSet(structure), complexGetStatus.offset(),
complexGetStatus.conditionSet(), WTFMove(callLinkStatus),
intrinsicFunction);
if (!result.appendVariant(variant))
return GetByIdStatus(slowPathState, true);
break;
} }
}
return result;
}
default:
return GetByIdStatus(slowPathState, true);
}
RELEASE_ASSERT_NOT_REACHED();
return GetByIdStatus();
}
GetByIdStatus GetByIdStatus::computeFor(CodeBlock* profiledBlock, StubInfoMap& map, unsigned bytecodeIndex, StringImpl* uid)
{
ConcurrentJITLocker locker(profiledBlock->m_lock);
UNUSED_PARAM(profiledBlock);
UNUSED_PARAM(bytecodeIndex);
UNUSED_PARAM(uid);
#if ENABLE(JIT)
StructureStubInfo* stubInfo = map.get(CodeOrigin(bytecodeIndex));
if (!stubInfo || !stubInfo->seen)
return computeFromLLInt(profiledBlock, bytecodeIndex, uid);
if (stubInfo->resetByGC)
return GetByIdStatus(TakesSlowPath, true);
PolymorphicAccessStructureList* list;
int listSize;
switch (stubInfo->accessType) {
case access_get_by_id_self_list:
list = stubInfo->u.getByIdSelfList.structureList;
listSize = stubInfo->u.getByIdSelfList.listSize;
break;
case access_get_by_id_proto_list:
list = stubInfo->u.getByIdProtoList.structureList;
listSize = stubInfo->u.getByIdProtoList.listSize;
break;
default:
list = 0;
listSize = 0;
break;
}
for (int i = 0; i < listSize; ++i) {
if (!list->list[i].isDirect)
return GetByIdStatus(MakesCalls, true);
}
// Next check if it takes slow case, in which case we want to be kind of careful.
if (profiledBlock->likelyToTakeSlowCase(bytecodeIndex))
return GetByIdStatus(TakesSlowPath, true);
// Finally figure out if we can derive an access strategy.
GetByIdStatus result;
result.m_wasSeenInJIT = true; // This is interesting for bytecode dumping only.
switch (stubInfo->accessType) {
case access_unset:
return computeFromLLInt(profiledBlock, bytecodeIndex, uid);
case access_get_by_id_self: {
Structure* structure = stubInfo->u.getByIdSelf.baseObjectStructure.get();
if (structure->takesSlowPathInDFGForImpureProperty())
return GetByIdStatus(TakesSlowPath, true);
unsigned attributesIgnored;
JSCell* specificValue;
result.m_offset = structure->getConcurrently(
*profiledBlock->vm(), uid, attributesIgnored, specificValue);
if (structure->isDictionary())
specificValue = 0;
if (isValidOffset(result.m_offset)) {
result.m_structureSet.add(structure);
result.m_specificValue = JSValue(specificValue);
}
if (isValidOffset(result.m_offset))
ASSERT(result.m_structureSet.size());
break;
}
case access_get_by_id_self_list: {
for (int i = 0; i < listSize; ++i) {
ASSERT(list->list[i].isDirect);
Structure* structure = list->list[i].base.get();
if (structure->takesSlowPathInDFGForImpureProperty())
return GetByIdStatus(TakesSlowPath, true);
if (result.m_structureSet.contains(structure))
continue;
unsigned attributesIgnored;
JSCell* specificValue;
PropertyOffset myOffset = structure->getConcurrently(
*profiledBlock->vm(), uid, attributesIgnored, specificValue);
if (structure->isDictionary())
specificValue = 0;
if (!isValidOffset(myOffset)) {
result.m_offset = invalidOffset;
break;
}
if (!i) {
result.m_offset = myOffset;
result.m_specificValue = JSValue(specificValue);
} else if (result.m_offset != myOffset) {
result.m_offset = invalidOffset;
break;
} else if (result.m_specificValue != JSValue(specificValue))
result.m_specificValue = JSValue();
result.m_structureSet.add(structure);
}
if (isValidOffset(result.m_offset))
ASSERT(result.m_structureSet.size());
break;
}
case access_get_by_id_proto: {
if (!stubInfo->u.getByIdProto.isDirect)
return GetByIdStatus(MakesCalls, true);
result.m_chain = adoptRef(new IntendedStructureChain(
profiledBlock,
stubInfo->u.getByIdProto.baseObjectStructure.get(),
stubInfo->u.getByIdProto.prototypeStructure.get()));
computeForChain(result, profiledBlock, uid);
break;
}
case access_get_by_id_chain: {
if (!stubInfo->u.getByIdChain.isDirect)
return GetByIdStatus(MakesCalls, true);
result.m_chain = adoptRef(new IntendedStructureChain(
profiledBlock,
stubInfo->u.getByIdChain.baseObjectStructure.get(),
stubInfo->u.getByIdChain.chain.get(),
stubInfo->u.getByIdChain.count));
computeForChain(result, profiledBlock, uid);
break;
}
default:
ASSERT(!isValidOffset(result.m_offset));
break;
}
if (!isValidOffset(result.m_offset)) {
result.m_state = TakesSlowPath;
result.m_structureSet.clear();
result.m_chain.clear();
result.m_specificValue = JSValue();
} else
result.m_state = Simple;
return result;
#else // ENABLE(JIT)
UNUSED_PARAM(map);
return GetByIdStatus(NoInformation, false);
#endif // ENABLE(JIT)
}
GetByIdStatus GetByIdStatus::computeForStubInfo(
const ConcurrentJITLocker&, CodeBlock* profiledBlock, StructureStubInfo* stubInfo,
StringImpl* uid)
{
if (!stubInfo || !stubInfo->seen)
return GetByIdStatus(NoInformation);
if (stubInfo->resetByGC)
return GetByIdStatus(TakesSlowPath, true);
PolymorphicGetByIdList* list = 0;
if (stubInfo->accessType == access_get_by_id_list) {
list = stubInfo->u.getByIdList.list;
for (unsigned i = 0; i < list->size(); ++i) {
if (list->at(i).doesCalls())
return GetByIdStatus(MakesCalls, true);
}
}
// Finally figure out if we can derive an access strategy.
GetByIdStatus result;
result.m_state = Simple;
result.m_wasSeenInJIT = true; // This is interesting for bytecode dumping only.
switch (stubInfo->accessType) {
case access_unset:
return GetByIdStatus(NoInformation);
case access_get_by_id_self: {
Structure* structure = stubInfo->u.getByIdSelf.baseObjectStructure.get();
if (structure->takesSlowPathInDFGForImpureProperty())
return GetByIdStatus(TakesSlowPath, true);
unsigned attributesIgnored;
JSCell* specificValue;
GetByIdVariant variant;
variant.m_offset = structure->getConcurrently(
*profiledBlock->vm(), uid, attributesIgnored, specificValue);
if (!isValidOffset(variant.m_offset))
return GetByIdStatus(TakesSlowPath, true);
if (structure->isDictionary())
specificValue = 0;
variant.m_structureSet.add(structure);
variant.m_specificValue = JSValue(specificValue);
result.appendVariant(variant);
return result;
}
case access_get_by_id_list: {
for (unsigned listIndex = 0; listIndex < list->size(); ++listIndex) {
ASSERT(!list->at(listIndex).doesCalls());
Structure* structure = list->at(listIndex).structure();
if (structure->takesSlowPathInDFGForImpureProperty())
return GetByIdStatus(TakesSlowPath, true);
if (list->at(listIndex).chain()) {
RefPtr<IntendedStructureChain> chain = adoptRef(new IntendedStructureChain(
profiledBlock, structure, list->at(listIndex).chain(),
list->at(listIndex).chainCount()));
if (!result.computeForChain(profiledBlock, uid, chain))
return GetByIdStatus(TakesSlowPath, true);
continue;
}
unsigned attributesIgnored;
JSCell* specificValue;
PropertyOffset myOffset = structure->getConcurrently(
*profiledBlock->vm(), uid, attributesIgnored, specificValue);
if (structure->isDictionary())
specificValue = 0;
if (!isValidOffset(myOffset))
return GetByIdStatus(TakesSlowPath, true);
bool found = false;
for (unsigned variantIndex = 0; variantIndex < result.m_variants.size(); ++variantIndex) {
GetByIdVariant& variant = result.m_variants[variantIndex];
if (variant.m_chain)
continue;
if (variant.m_offset != myOffset)
continue;
found = true;
if (variant.m_structureSet.contains(structure))
break;
if (variant.m_specificValue != JSValue(specificValue))
variant.m_specificValue = JSValue();
variant.m_structureSet.add(structure);
break;
}
if (found)
continue;
if (!result.appendVariant(GetByIdVariant(StructureSet(structure), myOffset, specificValue)))
return GetByIdStatus(TakesSlowPath, true);
}
return result;
}
case access_get_by_id_chain: {
if (!stubInfo->u.getByIdChain.isDirect)
return GetByIdStatus(MakesCalls, true);
RefPtr<IntendedStructureChain> chain = adoptRef(new IntendedStructureChain(
profiledBlock,
stubInfo->u.getByIdChain.baseObjectStructure.get(),
stubInfo->u.getByIdChain.chain.get(),
stubInfo->u.getByIdChain.count));
if (result.computeForChain(profiledBlock, uid, chain))
return result;
return GetByIdStatus(TakesSlowPath, true);
}
default:
return GetByIdStatus(TakesSlowPath, true);
}
RELEASE_ASSERT_NOT_REACHED();
return GetByIdStatus();
}
PutByIdStatus PutByIdStatus::computeFor(JSGlobalObject* globalObject, const StructureSet& set, StringImpl* uid, bool isDirect)
{
if (toUInt32FromStringImpl(uid) != PropertyName::NotAnIndex)
return PutByIdStatus(TakesSlowPath);
if (set.isEmpty())
return PutByIdStatus();
PutByIdStatus result;
result.m_state = Simple;
for (unsigned i = 0; i < set.size(); ++i) {
Structure* structure = set[i];
if (structure->typeInfo().overridesGetOwnPropertySlot() && structure->typeInfo().type() != GlobalObjectType)
return PutByIdStatus(TakesSlowPath);
if (!structure->propertyAccessesAreCacheable())
return PutByIdStatus(TakesSlowPath);
unsigned attributes;
PropertyOffset offset = structure->getConcurrently(uid, attributes);
if (isValidOffset(offset)) {
if (attributes & CustomAccessor)
return PutByIdStatus(MakesCalls);
if (attributes & (Accessor | ReadOnly))
return PutByIdStatus(TakesSlowPath);
WatchpointSet* replaceSet = structure->propertyReplacementWatchpointSet(offset);
if (!replaceSet || replaceSet->isStillValid()) {
// When this executes, it'll create, and fire, this replacement watchpoint set.
// That means that this has probably never executed or that something fishy is
// going on. Also, we cannot create or fire the watchpoint set from the concurrent
// JIT thread, so even if we wanted to do this, we'd need to have a lazy thingy.
// So, better leave this alone and take slow path.
return PutByIdStatus(TakesSlowPath);
}
if (!result.appendVariant(PutByIdVariant::replace(structure, offset)))
return PutByIdStatus(TakesSlowPath);
continue;
}
// Our hypothesis is that we're doing a transition. Before we prove that this is really
// true, we want to do some sanity checks.
// Don't cache put transitions on dictionaries.
if (structure->isDictionary())
return PutByIdStatus(TakesSlowPath);
// If the structure corresponds to something that isn't an object, then give up, since
// we don't want to be adding properties to strings.
if (structure->typeInfo().type() == StringType)
return PutByIdStatus(TakesSlowPath);
RefPtr<IntendedStructureChain> chain;
if (!isDirect) {
chain = adoptRef(new IntendedStructureChain(globalObject, structure));
// If the prototype chain has setters or read-only properties, then give up.
if (chain->mayInterceptStoreTo(uid))
return PutByIdStatus(TakesSlowPath);
// If the prototype chain hasn't been normalized (i.e. there are proxies or dictionaries)
// then give up. The dictionary case would only happen if this structure has not been
// used in an optimized put_by_id transition. And really the only reason why we would
// bail here is that I don't really feel like having the optimizing JIT go and flatten
// dictionaries if we have evidence to suggest that those objects were never used as
// prototypes in a cacheable prototype access - i.e. there's a good chance that some of
// the other checks below will fail.
if (structure->isProxy() || !chain->isNormalized())
return PutByIdStatus(TakesSlowPath);
}
// We only optimize if there is already a structure that the transition is cached to.
Structure* transition = Structure::addPropertyTransitionToExistingStructureConcurrently(structure, uid, 0, offset);
if (!transition)
return PutByIdStatus(TakesSlowPath);
ASSERT(isValidOffset(offset));
bool didAppend = result.appendVariant(
PutByIdVariant::transition(structure, transition, chain.get(), offset));
if (!didAppend)
return PutByIdStatus(TakesSlowPath);
}
return result;
}
PutByIdStatus PutByIdStatus::computeForStubInfo(
const ConcurrentJITLocker& locker, CodeBlock* profiledBlock, StructureStubInfo* stubInfo,
StringImpl* uid, CallLinkStatus::ExitSiteData callExitSiteData)
{
if (!stubInfo || !stubInfo->seen)
return PutByIdStatus();
switch (stubInfo->accessType) {
case access_unset:
// If the JIT saw it but didn't optimize it, then assume that this takes slow path.
return PutByIdStatus(TakesSlowPath);
case access_put_by_id_replace: {
PropertyOffset offset =
stubInfo->u.putByIdReplace.baseObjectStructure->getConcurrently(uid);
if (isValidOffset(offset)) {
return PutByIdVariant::replace(
stubInfo->u.putByIdReplace.baseObjectStructure.get(), offset);
}
return PutByIdStatus(TakesSlowPath);
}
case access_put_by_id_transition_normal:
case access_put_by_id_transition_direct: {
ASSERT(stubInfo->u.putByIdTransition.previousStructure->transitionWatchpointSetHasBeenInvalidated());
PropertyOffset offset =
stubInfo->u.putByIdTransition.structure->getConcurrently(uid);
if (isValidOffset(offset)) {
RefPtr<IntendedStructureChain> chain;
if (stubInfo->u.putByIdTransition.chain) {
chain = adoptRef(new IntendedStructureChain(
profiledBlock, stubInfo->u.putByIdTransition.previousStructure.get(),
stubInfo->u.putByIdTransition.chain.get()));
}
return PutByIdVariant::transition(
stubInfo->u.putByIdTransition.previousStructure.get(),
stubInfo->u.putByIdTransition.structure.get(),
chain.get(), offset);
}
return PutByIdStatus(TakesSlowPath);
}
case access_put_by_id_list: {
PolymorphicPutByIdList* list = stubInfo->u.putByIdList.list;
PutByIdStatus result;
result.m_state = Simple;
State slowPathState = TakesSlowPath;
for (unsigned i = 0; i < list->size(); ++i) {
const PutByIdAccess& access = list->at(i);
switch (access.type()) {
case PutByIdAccess::Setter:
case PutByIdAccess::CustomSetter:
slowPathState = MakesCalls;
break;
default:
break;
}
}
for (unsigned i = 0; i < list->size(); ++i) {
const PutByIdAccess& access = list->at(i);
PutByIdVariant variant;
switch (access.type()) {
case PutByIdAccess::Replace: {
Structure* structure = access.structure();
PropertyOffset offset = structure->getConcurrently(uid);
if (!isValidOffset(offset))
return PutByIdStatus(slowPathState);
variant = PutByIdVariant::replace(structure, offset);
break;
}
case PutByIdAccess::Transition: {
PropertyOffset offset =
access.newStructure()->getConcurrently(uid);
if (!isValidOffset(offset))
return PutByIdStatus(slowPathState);
RefPtr<IntendedStructureChain> chain;
if (access.chain()) {
chain = adoptRef(new IntendedStructureChain(
profiledBlock, access.oldStructure(), access.chain()));
if (!chain->isStillValid())
continue;
}
variant = PutByIdVariant::transition(
access.oldStructure(), access.newStructure(), chain.get(), offset);
break;
}
case PutByIdAccess::Setter: {
Structure* structure = access.structure();
ComplexGetStatus complexGetStatus = ComplexGetStatus::computeFor(
profiledBlock, structure, access.chain(), access.chainCount(), uid);
switch (complexGetStatus.kind()) {
case ComplexGetStatus::ShouldSkip:
continue;
case ComplexGetStatus::TakesSlowPath:
return PutByIdStatus(slowPathState);
case ComplexGetStatus::Inlineable: {
AccessorCallJITStubRoutine* stub = static_cast<AccessorCallJITStubRoutine*>(
access.stubRoutine());
std::unique_ptr<CallLinkStatus> callLinkStatus =
std::make_unique<CallLinkStatus>(
CallLinkStatus::computeFor(
locker, profiledBlock, *stub->m_callLinkInfo, callExitSiteData));
variant = PutByIdVariant::setter(
structure, complexGetStatus.offset(), complexGetStatus.chain(),
std::move(callLinkStatus));
} }
break;
}
case PutByIdAccess::CustomSetter:
return PutByIdStatus(MakesCalls);
default:
return PutByIdStatus(slowPathState);
}
if (!result.appendVariant(variant))
return PutByIdStatus(slowPathState);
}
return result;
}
default:
return PutByIdStatus(TakesSlowPath);
}
}
PutByIdStatus PutByIdStatus::computeFor(JSGlobalObject* globalObject, const StructureSet& set, UniquedStringImpl* uid, bool isDirect)
{
if (parseIndex(*uid))
return PutByIdStatus(TakesSlowPath);
if (set.isEmpty())
return PutByIdStatus();
PutByIdStatus result;
result.m_state = Simple;
for (unsigned i = 0; i < set.size(); ++i) {
Structure* structure = set[i];
if (structure->typeInfo().overridesGetOwnPropertySlot() && structure->typeInfo().type() != GlobalObjectType)
return PutByIdStatus(TakesSlowPath);
if (!structure->propertyAccessesAreCacheable())
return PutByIdStatus(TakesSlowPath);
unsigned attributes;
PropertyOffset offset = structure->getConcurrently(uid, attributes);
if (isValidOffset(offset)) {
if (attributes & CustomAccessor)
return PutByIdStatus(MakesCalls);
if (attributes & (Accessor | ReadOnly))
return PutByIdStatus(TakesSlowPath);
WatchpointSet* replaceSet = structure->propertyReplacementWatchpointSet(offset);
if (!replaceSet || replaceSet->isStillValid()) {
// When this executes, it'll create, and fire, this replacement watchpoint set.
// That means that this has probably never executed or that something fishy is
// going on. Also, we cannot create or fire the watchpoint set from the concurrent
// JIT thread, so even if we wanted to do this, we'd need to have a lazy thingy.
// So, better leave this alone and take slow path.
return PutByIdStatus(TakesSlowPath);
}
PutByIdVariant variant =
PutByIdVariant::replace(structure, offset, structure->inferredTypeDescriptorFor(uid));
if (!result.appendVariant(variant))
return PutByIdStatus(TakesSlowPath);
continue;
}
// Our hypothesis is that we're doing a transition. Before we prove that this is really
// true, we want to do some sanity checks.
// Don't cache put transitions on dictionaries.
if (structure->isDictionary())
return PutByIdStatus(TakesSlowPath);
// If the structure corresponds to something that isn't an object, then give up, since
// we don't want to be adding properties to strings.
if (!structure->typeInfo().isObject())
return PutByIdStatus(TakesSlowPath);
ObjectPropertyConditionSet conditionSet;
if (!isDirect) {
conditionSet = generateConditionsForPropertySetterMissConcurrently(
globalObject->vm(), globalObject, structure, uid);
if (!conditionSet.isValid())
return PutByIdStatus(TakesSlowPath);
}
// We only optimize if there is already a structure that the transition is cached to.
Structure* transition =
Structure::addPropertyTransitionToExistingStructureConcurrently(structure, uid, 0, offset);
if (!transition)
return PutByIdStatus(TakesSlowPath);
ASSERT(isValidOffset(offset));
bool didAppend = result.appendVariant(
PutByIdVariant::transition(
structure, transition, conditionSet, offset,
transition->inferredTypeDescriptorFor(uid)));
if (!didAppend)
return PutByIdStatus(TakesSlowPath);
}
return result;
}
PutByIdStatus PutByIdStatus::computeForStubInfo(
const ConcurrentJITLocker& locker, CodeBlock* profiledBlock, StructureStubInfo* stubInfo,
UniquedStringImpl* uid, CallLinkStatus::ExitSiteData callExitSiteData)
{
if (!stubInfo || !stubInfo->everConsidered)
return PutByIdStatus();
if (stubInfo->tookSlowPath)
return PutByIdStatus(TakesSlowPath);
switch (stubInfo->cacheType) {
case CacheType::Unset:
// This means that we attempted to cache but failed for some reason.
return PutByIdStatus(TakesSlowPath);
case CacheType::PutByIdReplace: {
PropertyOffset offset =
stubInfo->u.byIdSelf.baseObjectStructure->getConcurrently(uid);
if (isValidOffset(offset)) {
return PutByIdVariant::replace(
stubInfo->u.byIdSelf.baseObjectStructure.get(), offset, InferredType::Top);
}
return PutByIdStatus(TakesSlowPath);
}
case CacheType::Stub: {
PolymorphicAccess* list = stubInfo->u.stub;
PutByIdStatus result;
result.m_state = Simple;
State slowPathState = TakesSlowPath;
for (unsigned i = 0; i < list->size(); ++i) {
const AccessCase& access = list->at(i);
if (access.doesCalls())
slowPathState = MakesCalls;
}
for (unsigned i = 0; i < list->size(); ++i) {
const AccessCase& access = list->at(i);
if (access.viaProxy())
return PutByIdStatus(slowPathState);
PutByIdVariant variant;
switch (access.type()) {
case AccessCase::Replace: {
Structure* structure = access.structure();
PropertyOffset offset = structure->getConcurrently(uid);
if (!isValidOffset(offset))
return PutByIdStatus(slowPathState);
variant = PutByIdVariant::replace(
structure, offset, structure->inferredTypeDescriptorFor(uid));
break;
}
case AccessCase::Transition: {
PropertyOffset offset =
access.newStructure()->getConcurrently(uid);
if (!isValidOffset(offset))
return PutByIdStatus(slowPathState);
ObjectPropertyConditionSet conditionSet = access.conditionSet();
if (!conditionSet.structuresEnsureValidity())
return PutByIdStatus(slowPathState);
variant = PutByIdVariant::transition(
access.structure(), access.newStructure(), conditionSet, offset,
access.newStructure()->inferredTypeDescriptorFor(uid));
break;
}
case AccessCase::Setter: {
Structure* structure = access.structure();
ComplexGetStatus complexGetStatus = ComplexGetStatus::computeFor(
structure, access.conditionSet(), uid);
switch (complexGetStatus.kind()) {
case ComplexGetStatus::ShouldSkip:
continue;
case ComplexGetStatus::TakesSlowPath:
return PutByIdStatus(slowPathState);
case ComplexGetStatus::Inlineable: {
CallLinkInfo* callLinkInfo = access.callLinkInfo();
ASSERT(callLinkInfo);
std::unique_ptr<CallLinkStatus> callLinkStatus =
std::make_unique<CallLinkStatus>(
CallLinkStatus::computeFor(
locker, profiledBlock, *callLinkInfo, callExitSiteData));
variant = PutByIdVariant::setter(
structure, complexGetStatus.offset(), complexGetStatus.conditionSet(),
WTFMove(callLinkStatus));
} }
break;
}
case AccessCase::CustomSetter:
return PutByIdStatus(MakesCalls);
default:
return PutByIdStatus(slowPathState);
}
if (!result.appendVariant(variant))
return PutByIdStatus(slowPathState);
}
return result;
}
default:
return PutByIdStatus(TakesSlowPath);
}
}