<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[203699] trunk/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/203699">203699</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2016-07-25 14:03:35 -0700 (Mon, 25 Jul 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>AssemblyHelpers should own all of the cell allocation methods
https://bugs.webkit.org/show_bug.cgi?id=160171
Reviewed by Saam Barati.
Prior to this change we had some code in DFGSpeculativeJIT.h and some code in JIT.h that
did cell allocation.
This change moves all of that code into AssemblyHelpers.h.
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
(JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
(JSC::DFG::SpeculativeJIT::emitAllocateJSObjectWithKnownSize):
(JSC::DFG::SpeculativeJIT::emitAllocateVariableSizedJSObject):
(JSC::DFG::SpeculativeJIT::emitAllocateDestructibleObject):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitAllocate):
(JSC::AssemblyHelpers::emitAllocateJSCell):
(JSC::AssemblyHelpers::emitAllocateJSObject):
(JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize):
(JSC::AssemblyHelpers::emitAllocateVariableSized):
(JSC::AssemblyHelpers::emitAllocateVariableSizedJSObject):
(JSC::AssemblyHelpers::emitAllocateDestructibleObject):
* jit/JIT.h:
* jit/JITInlines.h:
(JSC::JIT::isOperandConstantChar):
(JSC::JIT::emitValueProfilingSite):
(JSC::JIT::emitAllocateJSObject): Deleted.
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_new_object):
(JSC::JIT::emit_op_create_this):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_new_object):
(JSC::JIT::emit_op_create_this):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJITh">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitAssemblyHelpersh">trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITh">trunk/Source/JavaScriptCore/jit/JIT.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITInlinesh">trunk/Source/JavaScriptCore/jit/JITInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOpcodescpp">trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOpcodes32_64cpp">trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (203698 => 203699)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2016-07-25 20:51:43 UTC (rev 203698)
+++ trunk/Source/JavaScriptCore/ChangeLog 2016-07-25 21:03:35 UTC (rev 203699)
</span><span class="lines">@@ -1,3 +1,41 @@
</span><ins>+2016-07-25 Filip Pizlo <fpizlo@apple.com>
+
+ AssemblyHelpers should own all of the cell allocation methods
+ https://bugs.webkit.org/show_bug.cgi?id=160171
+
+ Reviewed by Saam Barati.
+
+ Prior to this change we had some code in DFGSpeculativeJIT.h and some code in JIT.h that
+ did cell allocation.
+
+ This change moves all of that code into AssemblyHelpers.h.
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSObjectWithKnownSize):
+ (JSC::DFG::SpeculativeJIT::emitAllocateVariableSizedJSObject):
+ (JSC::DFG::SpeculativeJIT::emitAllocateDestructibleObject):
+ * jit/AssemblyHelpers.h:
+ (JSC::AssemblyHelpers::emitAllocate):
+ (JSC::AssemblyHelpers::emitAllocateJSCell):
+ (JSC::AssemblyHelpers::emitAllocateJSObject):
+ (JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize):
+ (JSC::AssemblyHelpers::emitAllocateVariableSized):
+ (JSC::AssemblyHelpers::emitAllocateVariableSizedJSObject):
+ (JSC::AssemblyHelpers::emitAllocateDestructibleObject):
+ * jit/JIT.h:
+ * jit/JITInlines.h:
+ (JSC::JIT::isOperandConstantChar):
+ (JSC::JIT::emitValueProfilingSite):
+ (JSC::JIT::emitAllocateJSObject): Deleted.
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_object):
+ (JSC::JIT::emit_op_create_this):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_new_object):
+ (JSC::JIT::emit_op_create_this):
+
</ins><span class="cx"> 2016-07-25 Saam Barati <sbarati@apple.com>
</span><span class="cx">
</span><span class="cx"> MathICs should be able to take and dump stats about code size
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJITh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (203698 => 203699)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2016-07-25 20:51:43 UTC (rev 203698)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2016-07-25 21:03:35 UTC (rev 203699)
</span><span class="lines">@@ -2546,20 +2546,7 @@
</span><span class="cx"> void emitAllocateJSCell(GPRReg resultGPR, GPRReg allocatorGPR, StructureType structure,
</span><span class="cx"> GPRReg scratchGPR, MacroAssembler::JumpList& slowPath)
</span><span class="cx"> {
</span><del>- if (Options::forceGCSlowPaths())
- slowPath.append(m_jit.jump());
- else {
- m_jit.loadPtr(MacroAssembler::Address(allocatorGPR, MarkedAllocator::offsetOfFreeListHead()), resultGPR);
- slowPath.append(m_jit.branchTestPtr(MacroAssembler::Zero, resultGPR));
- }
-
- // The object is half-allocated: we have what we know is a fresh object, but
- // it's still on the GC's free list.
- m_jit.loadPtr(MacroAssembler::Address(resultGPR), scratchGPR);
- m_jit.storePtr(scratchGPR, MacroAssembler::Address(allocatorGPR, MarkedAllocator::offsetOfFreeListHead()));
-
- // Initialize the object's Structure.
- m_jit.emitStoreStructureWithTypeInfo(structure, resultGPR, scratchGPR);
</del><ins>+ m_jit.emitAllocateJSCell(resultGPR, allocatorGPR, structure, scratchGPR, slowPath);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Allocator for an object of a specific size.
</span><span class="lines">@@ -2567,10 +2554,7 @@
</span><span class="cx"> void emitAllocateJSObject(GPRReg resultGPR, GPRReg allocatorGPR, StructureType structure,
</span><span class="cx"> StorageType storage, GPRReg scratchGPR, MacroAssembler::JumpList& slowPath)
</span><span class="cx"> {
</span><del>- emitAllocateJSCell(resultGPR, allocatorGPR, structure, scratchGPR, slowPath);
-
- // Initialize the object's property storage pointer.
- m_jit.storePtr(storage, MacroAssembler::Address(resultGPR, JSObject::butterflyOffset()));
</del><ins>+ m_jit.emitAllocateJSObject(resultGPR, allocatorGPR, structure, storage, scratchGPR, slowPath);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template <typename ClassType, typename StructureType, typename StorageType> // StructureType and StorageType can be GPR or ImmPtr.
</span><span class="lines">@@ -2578,9 +2562,7 @@
</span><span class="cx"> GPRReg resultGPR, StructureType structure, StorageType storage, GPRReg scratchGPR1,
</span><span class="cx"> GPRReg scratchGPR2, MacroAssembler::JumpList& slowPath, size_t size)
</span><span class="cx"> {
</span><del>- MarkedAllocator* allocator = &m_jit.vm()->heap.allocatorForObjectOfType<ClassType>(size);
- m_jit.move(TrustedImmPtr(allocator), scratchGPR1);
- emitAllocateJSObject(resultGPR, scratchGPR1, structure, storage, scratchGPR2, slowPath);
</del><ins>+ m_jit.emitAllocateJSObjectWithKnownSize<ClassType>(resultGPR, structure, storage, scratchGPR1, scratchGPR2, slowPath, size);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Convenience allocator for a built-in object.
</span><span class="lines">@@ -2588,42 +2570,20 @@
</span><span class="cx"> void emitAllocateJSObject(GPRReg resultGPR, StructureType structure, StorageType storage,
</span><span class="cx"> GPRReg scratchGPR1, GPRReg scratchGPR2, MacroAssembler::JumpList& slowPath)
</span><span class="cx"> {
</span><del>- emitAllocateJSObjectWithKnownSize<ClassType>(
- resultGPR, structure, storage, scratchGPR1, scratchGPR2, slowPath,
- ClassType::allocationSize(0));
</del><ins>+ m_jit.emitAllocateJSObject<ClassType>(resultGPR, structure, storage, scratchGPR1, scratchGPR2, slowPath);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template <typename ClassType, typename StructureType> // StructureType and StorageType can be GPR or ImmPtr.
</span><span class="cx"> void emitAllocateVariableSizedJSObject(GPRReg resultGPR, StructureType structure, GPRReg allocationSize, GPRReg scratchGPR1, GPRReg scratchGPR2, MacroAssembler::JumpList& slowPath)
</span><span class="cx"> {
</span><del>- static_assert(!(MarkedSpace::preciseStep & (MarkedSpace::preciseStep - 1)), "MarkedSpace::preciseStep must be a power of two.");
- static_assert(!(MarkedSpace::impreciseStep & (MarkedSpace::impreciseStep - 1)), "MarkedSpace::impreciseStep must be a power of two.");
-
- MarkedSpace::Subspace& subspace = m_jit.vm()->heap.subspaceForObjectOfType<ClassType>();
- m_jit.add32(TrustedImm32(MarkedSpace::preciseStep - 1), allocationSize);
- MacroAssembler::Jump notSmall = m_jit.branch32(MacroAssembler::AboveOrEqual, allocationSize, TrustedImm32(MarkedSpace::preciseCutoff));
- m_jit.rshift32(allocationSize, TrustedImm32(getLSBSet(MarkedSpace::preciseStep)), scratchGPR1);
- m_jit.mul32(TrustedImm32(sizeof(MarkedAllocator)), scratchGPR1, scratchGPR1);
- m_jit.addPtr(MacroAssembler::TrustedImmPtr(&subspace.preciseAllocators[0]), scratchGPR1);
-
- MacroAssembler::Jump selectedSmallSpace = m_jit.jump();
- notSmall.link(&m_jit);
- slowPath.append(m_jit.branch32(MacroAssembler::AboveOrEqual, allocationSize, TrustedImm32(MarkedSpace::impreciseCutoff)));
- m_jit.rshift32(allocationSize, TrustedImm32(getLSBSet(MarkedSpace::impreciseStep)), scratchGPR1);
- m_jit.mul32(TrustedImm32(sizeof(MarkedAllocator)), scratchGPR1, scratchGPR1);
- m_jit.addPtr(MacroAssembler::TrustedImmPtr(&subspace.impreciseAllocators[0]), scratchGPR1);
-
- selectedSmallSpace.link(&m_jit);
-
- emitAllocateJSObject(resultGPR, scratchGPR1, structure, TrustedImmPtr(0), scratchGPR2, slowPath);
</del><ins>+ m_jit.emitAllocateVariableSizedJSObject<ClassType>(resultGPR, structure, allocationSize, scratchGPR1, scratchGPR2, slowPath);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- template <typename T>
</del><ins>+ template<typename ClassType>
</ins><span class="cx"> void emitAllocateDestructibleObject(GPRReg resultGPR, Structure* structure,
</span><span class="cx"> GPRReg scratchGPR1, GPRReg scratchGPR2, MacroAssembler::JumpList& slowPath)
</span><span class="cx"> {
</span><del>- emitAllocateJSObject<T>(resultGPR, TrustedImmPtr(structure), TrustedImmPtr(0), scratchGPR1, scratchGPR2, slowPath);
- m_jit.storePtr(TrustedImmPtr(structure->classInfo()), MacroAssembler::Address(resultGPR, JSDestructibleObject::classInfoOffset()));
</del><ins>+ m_jit.emitAllocateDestructibleObject<ClassType>(resultGPR, structure, scratchGPR1, scratchGPR2, slowPath);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void emitAllocateRawObject(GPRReg resultGPR, Structure*, GPRReg storageGPR, unsigned numElements, unsigned vectorLength);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitAssemblyHelpersh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h (203698 => 203699)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h 2016-07-25 20:51:43 UTC (rev 203698)
+++ trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h 2016-07-25 21:03:35 UTC (rev 203699)
</span><span class="lines">@@ -32,9 +32,11 @@
</span><span class="cx"> #include "CopyBarrier.h"
</span><span class="cx"> #include "FPRInfo.h"
</span><span class="cx"> #include "GPRInfo.h"
</span><ins>+#include "Heap.h"
</ins><span class="cx"> #include "InlineCallFrame.h"
</span><span class="cx"> #include "JITCode.h"
</span><span class="cx"> #include "MacroAssembler.h"
</span><ins>+#include "MarkedSpace.h"
</ins><span class="cx"> #include "MaxFrameExtentForSlowPathCall.h"
</span><span class="cx"> #include "RegisterAtOffsetList.h"
</span><span class="cx"> #include "RegisterSet.h"
</span><span class="lines">@@ -1404,6 +1406,90 @@
</span><span class="cx"> void emitRandomThunk(GPRReg scratch0, GPRReg scratch1, GPRReg scratch2, GPRReg scratch3, FPRReg result);
</span><span class="cx"> #endif
</span><span class="cx">
</span><ins>+ void emitAllocate(GPRReg resultGPR, GPRReg allocatorGPR, GPRReg scratchGPR, JumpList& slowPath)
+ {
+ if (Options::forceGCSlowPaths())
+ slowPath.append(jump());
+ else {
+ loadPtr(Address(allocatorGPR, MarkedAllocator::offsetOfFreeListHead()), resultGPR);
+ slowPath.append(branchTestPtr(Zero, resultGPR));
+ }
+
+ // The object is half-allocated: we have what we know is a fresh object, but
+ // it's still on the GC's free list.
+ loadPtr(Address(resultGPR), scratchGPR);
+ storePtr(scratchGPR, Address(allocatorGPR, MarkedAllocator::offsetOfFreeListHead()));
+ }
+
+ template<typename StructureType>
+ void emitAllocateJSCell(GPRReg resultGPR, GPRReg allocatorGPR, StructureType structure, GPRReg scratchGPR, JumpList& slowPath)
+ {
+ emitAllocate(resultGPR, allocatorGPR, scratchGPR, slowPath);
+ emitStoreStructureWithTypeInfo(structure, resultGPR, scratchGPR);
+ }
+
+ template<typename StructureType, typename StorageType>
+ void emitAllocateJSObject(GPRReg resultGPR, GPRReg allocatorGPR, StructureType structure, StorageType storage, GPRReg scratchGPR, JumpList& slowPath)
+ {
+ emitAllocateJSCell(resultGPR, allocatorGPR, structure, scratchGPR, slowPath);
+ storePtr(storage, Address(resultGPR, JSObject::butterflyOffset()));
+ }
+
+ template<typename ClassType, typename StructureType, typename StorageType>
+ void emitAllocateJSObjectWithKnownSize(
+ GPRReg resultGPR, StructureType structure, StorageType storage, GPRReg scratchGPR1,
+ GPRReg scratchGPR2, JumpList& slowPath, size_t size)
+ {
+ MarkedAllocator* allocator = &vm()->heap.allocatorForObjectOfType<ClassType>(size);
+ move(TrustedImmPtr(allocator), scratchGPR1);
+ emitAllocateJSObject(resultGPR, scratchGPR1, structure, storage, scratchGPR2, slowPath);
+ }
+
+ template<typename ClassType, typename StructureType, typename StorageType>
+ void emitAllocateJSObject(GPRReg resultGPR, StructureType structure, StorageType storage, GPRReg scratchGPR1, GPRReg scratchGPR2, JumpList& slowPath)
+ {
+ emitAllocateJSObjectWithKnownSize<ClassType>(resultGPR, structure, storage, scratchGPR1, scratchGPR2, slowPath, ClassType::allocationSize(0));
+ }
+
+ void emitAllocateVariableSized(GPRReg resultGPR, MarkedSpace::Subspace& subspace, GPRReg allocationSize, GPRReg scratchGPR1, GPRReg scratchGPR2, JumpList& slowPath)
+ {
+ static_assert(!(MarkedSpace::preciseStep & (MarkedSpace::preciseStep - 1)), "MarkedSpace::preciseStep must be a power of two.");
+ static_assert(!(MarkedSpace::impreciseStep & (MarkedSpace::impreciseStep - 1)), "MarkedSpace::impreciseStep must be a power of two.");
+
+ add32(TrustedImm32(MarkedSpace::preciseStep - 1), allocationSize);
+ Jump notSmall = branch32(AboveOrEqual, allocationSize, TrustedImm32(MarkedSpace::preciseCutoff));
+ rshift32(allocationSize, TrustedImm32(getLSBSet(MarkedSpace::preciseStep)), scratchGPR1);
+ mul32(TrustedImm32(sizeof(MarkedAllocator)), scratchGPR1, scratchGPR1);
+ addPtr(TrustedImmPtr(&subspace.preciseAllocators[0]), scratchGPR1);
+
+ Jump selectedSmallSpace = jump();
+ notSmall.link(this);
+ slowPath.append(branch32(AboveOrEqual, allocationSize, TrustedImm32(MarkedSpace::impreciseCutoff)));
+ rshift32(allocationSize, TrustedImm32(getLSBSet(MarkedSpace::impreciseStep)), scratchGPR1);
+ mul32(TrustedImm32(sizeof(MarkedAllocator)), scratchGPR1, scratchGPR1);
+ addPtr(TrustedImmPtr(&subspace.impreciseAllocators[0]), scratchGPR1);
+
+ selectedSmallSpace.link(this);
+
+ emitAllocate(resultGPR, scratchGPR1, scratchGPR2, slowPath);
+ }
+
+ template<typename ClassType, typename StructureType>
+ void emitAllocateVariableSizedJSObject(GPRReg resultGPR, StructureType structure, GPRReg allocationSize, GPRReg scratchGPR1, GPRReg scratchGPR2, JumpList& slowPath)
+ {
+ MarkedSpace::Subspace& subspace = vm()->heap.template subspaceForObjectOfType<ClassType>();
+ emitAllocateVariableSized(resultGPR, subspace, allocationSize, scratchGPR1, scratchGPR2, slowPath);
+ emitStoreStructureWithTypeInfo(structure, resultGPR, scratchGPR2);
+ storePtr(TrustedImmPtr(0), Address(resultGPR, JSObject::butterflyOffset()));
+ }
+
+ template<typename ClassType>
+ void emitAllocateDestructibleObject(GPRReg resultGPR, Structure* structure, GPRReg scratchGPR1, GPRReg scratchGPR2, JumpList& slowPath)
+ {
+ emitAllocateJSObject<ClassType>(resultGPR, TrustedImmPtr(structure), TrustedImmPtr(0), scratchGPR1, scratchGPR2, slowPath);
+ storePtr(TrustedImmPtr(structure->classInfo()), Address(resultGPR, JSDestructibleObject::classInfoOffset()));
+ }
+
</ins><span class="cx"> protected:
</span><span class="cx"> VM* m_vm;
</span><span class="cx"> CodeBlock* m_codeBlock;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JIT.h (203698 => 203699)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JIT.h 2016-07-25 20:51:43 UTC (rev 203698)
+++ trunk/Source/JavaScriptCore/jit/JIT.h 2016-07-25 21:03:35 UTC (rev 203699)
</span><span class="lines">@@ -342,9 +342,6 @@
</span><span class="cx"> void emitWriteBarrier(JSCell* owner, unsigned value, WriteBarrierMode);
</span><span class="cx"> void emitWriteBarrier(JSCell* owner);
</span><span class="cx">
</span><del>- template<typename StructureType> // StructureType can be RegisterID or ImmPtr.
- void emitAllocateJSObject(RegisterID allocator, StructureType, RegisterID result, RegisterID scratch);
-
</del><span class="cx"> // This assumes that the value to profile is in regT0 and that regT3 is available for
</span><span class="cx"> // scratch.
</span><span class="cx"> void emitValueProfilingSite(ValueProfile*);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITInlines.h (203698 => 203699)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITInlines.h 2016-07-25 20:51:43 UTC (rev 203698)
+++ trunk/Source/JavaScriptCore/jit/JITInlines.h 2016-07-25 21:03:35 UTC (rev 203699)
</span><span class="lines">@@ -941,27 +941,6 @@
</span><span class="cx"> return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isString() && asString(getConstantOperand(src).asCell())->length() == 1;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-template<typename StructureType>
-inline void JIT::emitAllocateJSObject(RegisterID allocator, StructureType structure, RegisterID result, RegisterID scratch)
-{
- if (Options::forceGCSlowPaths())
- addSlowCase(jump());
- else {
- loadPtr(Address(allocator, MarkedAllocator::offsetOfFreeListHead()), result);
- addSlowCase(branchTestPtr(Zero, result));
- }
-
- // remove the object from the free list
- loadPtr(Address(result), scratch);
- storePtr(scratch, Address(allocator, MarkedAllocator::offsetOfFreeListHead()));
-
- // initialize the object's property storage pointer
- storePtr(TrustedImmPtr(0), Address(result, JSObject::butterflyOffset()));
-
- // initialize the object's structure
- emitStoreStructureWithTypeInfo(structure, result, scratch);
-}
-
</del><span class="cx"> inline void JIT::emitValueProfilingSite(ValueProfile* valueProfile)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(shouldEmitProfiling());
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOpcodescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp (203698 => 203699)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp 2016-07-25 20:51:43 UTC (rev 203698)
+++ trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp 2016-07-25 21:03:35 UTC (rev 203699)
</span><span class="lines">@@ -91,7 +91,9 @@
</span><span class="cx"> RegisterID scratchReg = regT2;
</span><span class="cx">
</span><span class="cx"> move(TrustedImmPtr(allocator), allocatorReg);
</span><del>- emitAllocateJSObject(allocatorReg, TrustedImmPtr(structure), resultReg, scratchReg);
</del><ins>+ JumpList slowCases;
+ emitAllocateJSObject(resultReg, allocatorReg, TrustedImmPtr(structure), TrustedImmPtr(0), scratchReg, slowCases);
+ addSlowCase(slowCases);
</ins><span class="cx"> emitPutVirtualRegister(currentInstruction[1].u.operand);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -770,7 +772,9 @@
</span><span class="cx"> addSlowCase(branchPtr(NotEqual, calleeReg, cachedFunctionReg));
</span><span class="cx"> hasSeenMultipleCallees.link(this);
</span><span class="cx">
</span><del>- emitAllocateJSObject(allocatorReg, structureReg, resultReg, scratchReg);
</del><ins>+ JumpList slowCases;
+ emitAllocateJSObject(resultReg, allocatorReg, structureReg, TrustedImmPtr(0), scratchReg, slowCases);
+ addSlowCase(slowCases);
</ins><span class="cx"> emitPutVirtualRegister(currentInstruction[1].u.operand);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOpcodes32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp (203698 => 203699)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp 2016-07-25 20:51:43 UTC (rev 203698)
+++ trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp 2016-07-25 21:03:35 UTC (rev 203699)
</span><span class="lines">@@ -172,7 +172,9 @@
</span><span class="cx"> RegisterID scratchReg = regT3;
</span><span class="cx">
</span><span class="cx"> move(TrustedImmPtr(allocator), allocatorReg);
</span><del>- emitAllocateJSObject(allocatorReg, TrustedImmPtr(structure), resultReg, scratchReg);
</del><ins>+ JumpList slowCases;
+ emitAllocateJSObject(resultReg, allocatorReg, TrustedImmPtr(structure), TrustedImmPtr(0), scratchReg, slowCases);
+ addSlowCase(slowCases);
</ins><span class="cx"> emitStoreCell(currentInstruction[1].u.operand, resultReg);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1031,7 +1033,9 @@
</span><span class="cx"> addSlowCase(branchPtr(NotEqual, calleeReg, cachedFunctionReg));
</span><span class="cx"> hasSeenMultipleCallees.link(this);
</span><span class="cx">
</span><del>- emitAllocateJSObject(allocatorReg, structureReg, resultReg, scratchReg);
</del><ins>+ JumpList slowCases;
+ emitAllocateJSObject(resultReg, allocatorReg, structureReg, TrustedImmPtr(0), scratchReg, slowCases);
+ addSlowCase(slowCases);
</ins><span class="cx"> emitStoreCell(currentInstruction[1].u.operand, resultReg);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>