PutByIdStatus PutByIdStatus::computeFor(CodeBlock* profiledBlock, StubInfoMap& map, unsigned bytecodeIndex, UniquedStringImpl* uid)
{
ConcurrentJITLocker locker(profiledBlock->m_lock);
UNUSED_PARAM(profiledBlock);
UNUSED_PARAM(bytecodeIndex);
UNUSED_PARAM(uid);
#if ENABLE(DFG_JIT)
if (hasExitSite(locker, profiledBlock, bytecodeIndex))
return PutByIdStatus(TakesSlowPath);
StructureStubInfo* stubInfo = map.get(CodeOrigin(bytecodeIndex));
PutByIdStatus result = computeForStubInfo(
locker, profiledBlock, stubInfo, uid,
CallLinkStatus::computeExitSiteData(locker, profiledBlock, bytecodeIndex));
if (!result)
return computeFromLLInt(profiledBlock, bytecodeIndex, uid);
return result;
#else // ENABLE(JIT)
UNUSED_PARAM(map);
return PutByIdStatus(NoInformation);
#endif // ENABLE(JIT)
}
PutByIdStatus PutByIdStatus::computeFromLLInt(CodeBlock* profiledBlock, unsigned bytecodeIndex, Identifier& ident)
{
UNUSED_PARAM(profiledBlock);
UNUSED_PARAM(bytecodeIndex);
UNUSED_PARAM(ident);
#if ENABLE(LLINT)
Instruction* instruction = profiledBlock->instructions().begin() + bytecodeIndex;
Structure* structure = instruction[4].u.structure.get();
if (!structure)
return PutByIdStatus(NoInformation, 0, 0, 0, invalidOffset);
if (instruction[0].u.opcode == LLInt::getOpcode(llint_op_put_by_id)
|| instruction[0].u.opcode == LLInt::getOpcode(llint_op_put_by_id_out_of_line)) {
PropertyOffset offset = structure->get(*profiledBlock->vm(), ident);
if (!isValidOffset(offset))
return PutByIdStatus(NoInformation, 0, 0, 0, invalidOffset);
return PutByIdStatus(SimpleReplace, structure, 0, 0, offset);
}
ASSERT(structure->transitionWatchpointSetHasBeenInvalidated());
ASSERT(instruction[0].u.opcode == LLInt::getOpcode(llint_op_put_by_id_transition_direct)
|| instruction[0].u.opcode == LLInt::getOpcode(llint_op_put_by_id_transition_normal)
|| instruction[0].u.opcode == LLInt::getOpcode(llint_op_put_by_id_transition_direct_out_of_line)
|| instruction[0].u.opcode == LLInt::getOpcode(llint_op_put_by_id_transition_normal_out_of_line));
Structure* newStructure = instruction[6].u.structure.get();
StructureChain* chain = instruction[7].u.structureChain.get();
ASSERT(newStructure);
ASSERT(chain);
PropertyOffset offset = newStructure->get(*profiledBlock->vm(), ident);
if (!isValidOffset(offset))
return PutByIdStatus(NoInformation, 0, 0, 0, invalidOffset);
return PutByIdStatus(SimpleTransition, structure, newStructure, chain, offset);
#else
return PutByIdStatus(NoInformation, 0, 0, 0, invalidOffset);
#endif
}
PutByIdStatus PutByIdStatus::computeFor(VM& vm, JSGlobalObject* globalObject, Structure* structure, Identifier& ident, bool isDirect)
{
if (PropertyName(ident).asIndex() != PropertyName::NotAnIndex)
return PutByIdStatus(TakesSlowPath);
if (structure->typeInfo().overridesGetOwnPropertySlot())
return PutByIdStatus(TakesSlowPath);
if (!structure->propertyAccessesAreCacheable())
return PutByIdStatus(TakesSlowPath);
unsigned attributes;
JSCell* specificValue;
PropertyOffset offset = structure->get(vm, ident, attributes, specificValue);
if (isValidOffset(offset)) {
if (attributes & (Accessor | ReadOnly))
return PutByIdStatus(TakesSlowPath);
if (specificValue) {
// We need the PutById slow path to verify that we're storing the right value into
// the specialized slot.
return PutByIdStatus(TakesSlowPath);
}
return PutByIdStatus(SimpleReplace, structure, 0, 0, offset);
}
// Our hypothesis is that we're doing a transition. Before we prove that this is really
// true, we want to do some sanity checks.
// Don't cache put transitions on dictionaries.
if (structure->isDictionary())
return PutByIdStatus(TakesSlowPath);
// If the structure corresponds to something that isn't an object, then give up, since
// we don't want to be adding properties to strings.
if (structure->typeInfo().type() == StringType)
return PutByIdStatus(TakesSlowPath);
if (!isDirect) {
// If the prototype chain has setters or read-only properties, then give up.
if (structure->prototypeChainMayInterceptStoreTo(vm, ident))
return PutByIdStatus(TakesSlowPath);
// If the prototype chain hasn't been normalized (i.e. there are proxies or dictionaries)
// then give up. The dictionary case would only happen if this structure has not been
// used in an optimized put_by_id transition. And really the only reason why we would
// bail here is that I don't really feel like having the optimizing JIT go and flatten
// dictionaries if we have evidence to suggest that those objects were never used as
// prototypes in a cacheable prototype access - i.e. there's a good chance that some of
// the other checks below will fail.
if (!isPrototypeChainNormalized(globalObject, structure))
return PutByIdStatus(TakesSlowPath);
}
// We only optimize if there is already a structure that the transition is cached to.
// Among other things, this allows us to guard against a transition with a specific
// value.
//
// - If we're storing a value that could be specific: this would only be a problem if
// the existing transition did have a specific value already, since if it didn't,
// then we would behave "as if" we were not storing a specific value. If it did
// have a specific value, then we'll know - the fact that we pass 0 for
// specificValue will tell us.
//
// - If we're not storing a value that could be specific: again, this would only be a
// problem if the existing transition did have a specific value, which we check for
// by passing 0 for the specificValue.
Structure* transition = Structure::addPropertyTransitionToExistingStructure(structure, ident, 0, 0, offset);
if (!transition)
return PutByIdStatus(TakesSlowPath); // This occurs in bizarre cases only. See above.
ASSERT(!transition->transitionDidInvolveSpecificValue());
ASSERT(isValidOffset(offset));
return PutByIdStatus(
SimpleTransition, structure, transition,
structure->prototypeChain(vm, globalObject), offset);
}
PutByIdStatus PutByIdStatus::computeFor(JSGlobalObject* globalObject, const StructureSet& set, StringImpl* uid, bool isDirect)
{
if (toUInt32FromStringImpl(uid) != PropertyName::NotAnIndex)
return PutByIdStatus(TakesSlowPath);
if (set.isEmpty())
return PutByIdStatus();
PutByIdStatus result;
result.m_state = Simple;
for (unsigned i = 0; i < set.size(); ++i) {
Structure* structure = set[i];
if (structure->typeInfo().overridesGetOwnPropertySlot() && structure->typeInfo().type() != GlobalObjectType)
return PutByIdStatus(TakesSlowPath);
if (!structure->propertyAccessesAreCacheable())
return PutByIdStatus(TakesSlowPath);
unsigned attributes;
PropertyOffset offset = structure->getConcurrently(uid, attributes);
if (isValidOffset(offset)) {
if (attributes & CustomAccessor)
return PutByIdStatus(MakesCalls);
if (attributes & (Accessor | ReadOnly))
return PutByIdStatus(TakesSlowPath);
WatchpointSet* replaceSet = structure->propertyReplacementWatchpointSet(offset);
if (!replaceSet || replaceSet->isStillValid()) {
// When this executes, it'll create, and fire, this replacement watchpoint set.
// That means that this has probably never executed or that something fishy is
// going on. Also, we cannot create or fire the watchpoint set from the concurrent
// JIT thread, so even if we wanted to do this, we'd need to have a lazy thingy.
// So, better leave this alone and take slow path.
return PutByIdStatus(TakesSlowPath);
}
if (!result.appendVariant(PutByIdVariant::replace(structure, offset)))
return PutByIdStatus(TakesSlowPath);
continue;
}
// Our hypothesis is that we're doing a transition. Before we prove that this is really
// true, we want to do some sanity checks.
// Don't cache put transitions on dictionaries.
if (structure->isDictionary())
return PutByIdStatus(TakesSlowPath);
// If the structure corresponds to something that isn't an object, then give up, since
// we don't want to be adding properties to strings.
if (structure->typeInfo().type() == StringType)
return PutByIdStatus(TakesSlowPath);
RefPtr<IntendedStructureChain> chain;
if (!isDirect) {
chain = adoptRef(new IntendedStructureChain(globalObject, structure));
// If the prototype chain has setters or read-only properties, then give up.
if (chain->mayInterceptStoreTo(uid))
return PutByIdStatus(TakesSlowPath);
// If the prototype chain hasn't been normalized (i.e. there are proxies or dictionaries)
// then give up. The dictionary case would only happen if this structure has not been
// used in an optimized put_by_id transition. And really the only reason why we would
// bail here is that I don't really feel like having the optimizing JIT go and flatten
// dictionaries if we have evidence to suggest that those objects were never used as
// prototypes in a cacheable prototype access - i.e. there's a good chance that some of
// the other checks below will fail.
if (structure->isProxy() || !chain->isNormalized())
return PutByIdStatus(TakesSlowPath);
}
// We only optimize if there is already a structure that the transition is cached to.
Structure* transition = Structure::addPropertyTransitionToExistingStructureConcurrently(structure, uid, 0, offset);
if (!transition)
return PutByIdStatus(TakesSlowPath);
ASSERT(isValidOffset(offset));
bool didAppend = result.appendVariant(
PutByIdVariant::transition(structure, transition, chain.get(), offset));
if (!didAppend)
return PutByIdStatus(TakesSlowPath);
}
return result;
}
PutByIdStatus PutByIdStatus::computeForStubInfo(
const ConcurrentJITLocker& locker, CodeBlock* profiledBlock, StructureStubInfo* stubInfo,
StringImpl* uid, CallLinkStatus::ExitSiteData callExitSiteData)
{
if (!stubInfo || !stubInfo->seen)
return PutByIdStatus();
switch (stubInfo->accessType) {
case access_unset:
// If the JIT saw it but didn't optimize it, then assume that this takes slow path.
return PutByIdStatus(TakesSlowPath);
case access_put_by_id_replace: {
PropertyOffset offset =
stubInfo->u.putByIdReplace.baseObjectStructure->getConcurrently(uid);
if (isValidOffset(offset)) {
return PutByIdVariant::replace(
stubInfo->u.putByIdReplace.baseObjectStructure.get(), offset);
}
return PutByIdStatus(TakesSlowPath);
}
case access_put_by_id_transition_normal:
case access_put_by_id_transition_direct: {
ASSERT(stubInfo->u.putByIdTransition.previousStructure->transitionWatchpointSetHasBeenInvalidated());
PropertyOffset offset =
stubInfo->u.putByIdTransition.structure->getConcurrently(uid);
if (isValidOffset(offset)) {
RefPtr<IntendedStructureChain> chain;
if (stubInfo->u.putByIdTransition.chain) {
chain = adoptRef(new IntendedStructureChain(
profiledBlock, stubInfo->u.putByIdTransition.previousStructure.get(),
stubInfo->u.putByIdTransition.chain.get()));
}
return PutByIdVariant::transition(
stubInfo->u.putByIdTransition.previousStructure.get(),
stubInfo->u.putByIdTransition.structure.get(),
chain.get(), offset);
}
return PutByIdStatus(TakesSlowPath);
}
case access_put_by_id_list: {
PolymorphicPutByIdList* list = stubInfo->u.putByIdList.list;
PutByIdStatus result;
result.m_state = Simple;
State slowPathState = TakesSlowPath;
for (unsigned i = 0; i < list->size(); ++i) {
const PutByIdAccess& access = list->at(i);
switch (access.type()) {
case PutByIdAccess::Setter:
case PutByIdAccess::CustomSetter:
slowPathState = MakesCalls;
break;
default:
break;
}
}
for (unsigned i = 0; i < list->size(); ++i) {
const PutByIdAccess& access = list->at(i);
PutByIdVariant variant;
switch (access.type()) {
case PutByIdAccess::Replace: {
Structure* structure = access.structure();
PropertyOffset offset = structure->getConcurrently(uid);
if (!isValidOffset(offset))
return PutByIdStatus(slowPathState);
variant = PutByIdVariant::replace(structure, offset);
break;
}
case PutByIdAccess::Transition: {
PropertyOffset offset =
access.newStructure()->getConcurrently(uid);
if (!isValidOffset(offset))
return PutByIdStatus(slowPathState);
RefPtr<IntendedStructureChain> chain;
if (access.chain()) {
chain = adoptRef(new IntendedStructureChain(
profiledBlock, access.oldStructure(), access.chain()));
if (!chain->isStillValid())
continue;
}
variant = PutByIdVariant::transition(
access.oldStructure(), access.newStructure(), chain.get(), offset);
break;
}
case PutByIdAccess::Setter: {
Structure* structure = access.structure();
ComplexGetStatus complexGetStatus = ComplexGetStatus::computeFor(
profiledBlock, structure, access.chain(), access.chainCount(), uid);
switch (complexGetStatus.kind()) {
case ComplexGetStatus::ShouldSkip:
continue;
case ComplexGetStatus::TakesSlowPath:
return PutByIdStatus(slowPathState);
case ComplexGetStatus::Inlineable: {
AccessorCallJITStubRoutine* stub = static_cast<AccessorCallJITStubRoutine*>(
access.stubRoutine());
std::unique_ptr<CallLinkStatus> callLinkStatus =
std::make_unique<CallLinkStatus>(
CallLinkStatus::computeFor(
locker, profiledBlock, *stub->m_callLinkInfo, callExitSiteData));
variant = PutByIdVariant::setter(
structure, complexGetStatus.offset(), complexGetStatus.chain(),
std::move(callLinkStatus));
} }
break;
}
case PutByIdAccess::CustomSetter:
return PutByIdStatus(MakesCalls);
default:
return PutByIdStatus(slowPathState);
}
if (!result.appendVariant(variant))
return PutByIdStatus(slowPathState);
}
return result;
}
default:
return PutByIdStatus(TakesSlowPath);
}
}
PutByIdStatus PutByIdStatus::computeFor(JSGlobalObject* globalObject, const StructureSet& set, UniquedStringImpl* uid, bool isDirect)
{
if (parseIndex(*uid))
return PutByIdStatus(TakesSlowPath);
if (set.isEmpty())
return PutByIdStatus();
PutByIdStatus result;
result.m_state = Simple;
for (unsigned i = 0; i < set.size(); ++i) {
Structure* structure = set[i];
if (structure->typeInfo().overridesGetOwnPropertySlot() && structure->typeInfo().type() != GlobalObjectType)
return PutByIdStatus(TakesSlowPath);
if (!structure->propertyAccessesAreCacheable())
return PutByIdStatus(TakesSlowPath);
unsigned attributes;
PropertyOffset offset = structure->getConcurrently(uid, attributes);
if (isValidOffset(offset)) {
if (attributes & CustomAccessor)
return PutByIdStatus(MakesCalls);
if (attributes & (Accessor | ReadOnly))
return PutByIdStatus(TakesSlowPath);
WatchpointSet* replaceSet = structure->propertyReplacementWatchpointSet(offset);
if (!replaceSet || replaceSet->isStillValid()) {
// When this executes, it'll create, and fire, this replacement watchpoint set.
// That means that this has probably never executed or that something fishy is
// going on. Also, we cannot create or fire the watchpoint set from the concurrent
// JIT thread, so even if we wanted to do this, we'd need to have a lazy thingy.
// So, better leave this alone and take slow path.
return PutByIdStatus(TakesSlowPath);
}
PutByIdVariant variant =
PutByIdVariant::replace(structure, offset, structure->inferredTypeDescriptorFor(uid));
if (!result.appendVariant(variant))
return PutByIdStatus(TakesSlowPath);
continue;
}
// Our hypothesis is that we're doing a transition. Before we prove that this is really
// true, we want to do some sanity checks.
// Don't cache put transitions on dictionaries.
if (structure->isDictionary())
return PutByIdStatus(TakesSlowPath);
// If the structure corresponds to something that isn't an object, then give up, since
// we don't want to be adding properties to strings.
if (!structure->typeInfo().isObject())
return PutByIdStatus(TakesSlowPath);
ObjectPropertyConditionSet conditionSet;
if (!isDirect) {
conditionSet = generateConditionsForPropertySetterMissConcurrently(
globalObject->vm(), globalObject, structure, uid);
if (!conditionSet.isValid())
return PutByIdStatus(TakesSlowPath);
}
// We only optimize if there is already a structure that the transition is cached to.
Structure* transition =
Structure::addPropertyTransitionToExistingStructureConcurrently(structure, uid, 0, offset);
if (!transition)
return PutByIdStatus(TakesSlowPath);
ASSERT(isValidOffset(offset));
bool didAppend = result.appendVariant(
PutByIdVariant::transition(
structure, transition, conditionSet, offset,
transition->inferredTypeDescriptorFor(uid)));
if (!didAppend)
return PutByIdStatus(TakesSlowPath);
}
return result;
}
PutByIdStatus PutByIdStatus::computeForStubInfo(
const ConcurrentJITLocker& locker, CodeBlock* profiledBlock, StructureStubInfo* stubInfo,
UniquedStringImpl* uid, CallLinkStatus::ExitSiteData callExitSiteData)
{
if (!stubInfo || !stubInfo->everConsidered)
return PutByIdStatus();
if (stubInfo->tookSlowPath)
return PutByIdStatus(TakesSlowPath);
switch (stubInfo->cacheType) {
case CacheType::Unset:
// This means that we attempted to cache but failed for some reason.
return PutByIdStatus(TakesSlowPath);
case CacheType::PutByIdReplace: {
PropertyOffset offset =
stubInfo->u.byIdSelf.baseObjectStructure->getConcurrently(uid);
if (isValidOffset(offset)) {
return PutByIdVariant::replace(
stubInfo->u.byIdSelf.baseObjectStructure.get(), offset, InferredType::Top);
}
return PutByIdStatus(TakesSlowPath);
}
case CacheType::Stub: {
PolymorphicAccess* list = stubInfo->u.stub;
PutByIdStatus result;
result.m_state = Simple;
State slowPathState = TakesSlowPath;
for (unsigned i = 0; i < list->size(); ++i) {
const AccessCase& access = list->at(i);
if (access.doesCalls())
slowPathState = MakesCalls;
}
for (unsigned i = 0; i < list->size(); ++i) {
const AccessCase& access = list->at(i);
if (access.viaProxy())
return PutByIdStatus(slowPathState);
PutByIdVariant variant;
switch (access.type()) {
case AccessCase::Replace: {
Structure* structure = access.structure();
PropertyOffset offset = structure->getConcurrently(uid);
if (!isValidOffset(offset))
return PutByIdStatus(slowPathState);
variant = PutByIdVariant::replace(
structure, offset, structure->inferredTypeDescriptorFor(uid));
break;
}
case AccessCase::Transition: {
PropertyOffset offset =
access.newStructure()->getConcurrently(uid);
if (!isValidOffset(offset))
return PutByIdStatus(slowPathState);
ObjectPropertyConditionSet conditionSet = access.conditionSet();
if (!conditionSet.structuresEnsureValidity())
return PutByIdStatus(slowPathState);
variant = PutByIdVariant::transition(
access.structure(), access.newStructure(), conditionSet, offset,
access.newStructure()->inferredTypeDescriptorFor(uid));
break;
}
case AccessCase::Setter: {
Structure* structure = access.structure();
ComplexGetStatus complexGetStatus = ComplexGetStatus::computeFor(
structure, access.conditionSet(), uid);
switch (complexGetStatus.kind()) {
case ComplexGetStatus::ShouldSkip:
continue;
case ComplexGetStatus::TakesSlowPath:
return PutByIdStatus(slowPathState);
case ComplexGetStatus::Inlineable: {
CallLinkInfo* callLinkInfo = access.callLinkInfo();
ASSERT(callLinkInfo);
std::unique_ptr<CallLinkStatus> callLinkStatus =
std::make_unique<CallLinkStatus>(
CallLinkStatus::computeFor(
locker, profiledBlock, *callLinkInfo, callExitSiteData));
variant = PutByIdVariant::setter(
structure, complexGetStatus.offset(), complexGetStatus.conditionSet(),
WTFMove(callLinkStatus));
} }
break;
}
case AccessCase::CustomSetter:
return PutByIdStatus(MakesCalls);
default:
return PutByIdStatus(slowPathState);
}
if (!result.appendVariant(variant))
return PutByIdStatus(slowPathState);
}
return result;
}
default:
return PutByIdStatus(TakesSlowPath);
}
}
