<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[281903] branches/safari-612-branch</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/281903">281903</a></dd>
<dt>Author</dt> <dd>repstein@apple.com</dd>
<dt>Date</dt> <dd>2021-09-01 18:05:29 -0700 (Wed, 01 Sep 2021)</dd>
</dl>
<h3>Log Message</h3>
<pre>Cherry-pick <a href="http://trac.webkit.org/projects/webkit/changeset/281684">r281684</a>. rdar://problem/82651474
[JSC] op_put_private_name should use modern IC and remove ByValInfo
https://bugs.webkit.org/show_bug.cgi?id=229544
Reviewed by Saam Barati.
JSTests:
Move class-fields-private benchmarks into microbenchmarks.
Added several microbenchmarks and stress tests.
* microbenchmarks/class-private-field-polymorphic.js: Added.
(shouldBe):
(test.A.prototype.put):
* microbenchmarks/get-private-name.js: Renamed from JSTests/microbenchmarks/class-fields-private/get-private-name.js.
* microbenchmarks/monomorphic-get-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/monomorphic-get-private-field.js.
* microbenchmarks/polymorphic-get-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/polymorphic-get-private-field.js.
* microbenchmarks/polymorphic-put-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/polymorphic-put-private-field.js.
* microbenchmarks/put-by-val-polymorphic-properties.js: Added.
(shouldBe):
(test):
* microbenchmarks/put-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/put-private-field.js.
* stress/class-private-field-megamorphic.js: Added.
(shouldBe):
* stress/class-private-field-polymorphic.js: Added.
(shouldBe):
(test.A.prototype.put):
* stress/put-by-val-polymorphic-properties.js: Added.
(shouldBe):
(test):
Source/JavaScriptCore:
This patch makes op_put_private_name use new PutByVal IC. This allows op_put_private_name to support
polymorphic properties, and we can finally remove Baseline's adhoc IC and ByValInfo completely.
Added microbenchmark showed 3x improvement due to polymorphic PutPrivateName IC.
ToT Patched
class-private-field-polymorphic 9.3666+-0.0332 ^ 3.1199+-0.0182 ^ definitely 3.0022x faster
* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* bytecode/ByValInfo.cpp: Removed.
* bytecode/ByValInfo.h: Removed.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::getICStatusMap):
(JSC::CodeBlock::stronglyVisitStrongReferences):
(JSC::CodeBlock::findByValInfo): Deleted.
(JSC::CodeBlock::addByValInfo): Deleted.
* bytecode/CodeBlock.h:
* bytecode/ICStatusMap.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetPrivateName):
(JSC::DFG::SpeculativeJIT::compilePutPrivateName):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStoreBarrierInsertionPhase.cpp:
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compilePutPrivateName):
* jit/JIT.cpp:
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::link):
(JSC::JIT::privateCompileExceptionHandlers):
* jit/JIT.h:
(JSC::ByValCompilationInfo::ByValCompilationInfo): Deleted.
* jit/JITInlines.h:
(JSC::JIT::emitArrayProfileStoreToHoleSpecialCase): Deleted.
(JSC::JIT::emitArrayProfileOutOfBoundsSpecialCase): Deleted.
* jit/JITOperations.cpp:
(JSC::putPrivateNameOptimize):
(JSC::putPrivateName):
(JSC::JSC_DEFINE_JIT_OPERATION):
* jit/JITOperations.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_put_private_name):
(JSC::JIT::emitSlow_op_put_private_name):
(JSC::JIT::slow_op_put_private_name_prepareCallGenerator):
(JSC::JIT::emitPutByValWithCachedId): Deleted.
(JSC::JIT::emitPutPrivateNameWithCachedId): Deleted.
(JSC::JIT::emitByValIdentifierCheck): Deleted.
(JSC::JIT::privateCompilePutPrivateNameWithCachedId): Deleted.
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_put_private_name):
(JSC::JIT::emitSlow_op_put_private_name):
* jit/Repatch.cpp:
(JSC::appropriateGenericPutByFunction):
(JSC::appropriateOptimizingPutByFunction):
(JSC::resetPutBy):
Tools:
* Scripts/run-jsc-benchmarks:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281684 268f45cc-cd09-0410-ab3c-d52691b4dbfc</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari612branchJSTestsChangeLog">branches/safari-612-branch/JSTests/ChangeLog</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCoreChangeLog">branches/safari-612-branch/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">branches/safari-612-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCoreSourcestxt">branches/safari-612-branch/Source/JavaScriptCore/Sources.txt</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCorebytecodeCodeBlockcpp">branches/safari-612-branch/Source/JavaScriptCore/bytecode/CodeBlock.cpp</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCorebytecodeCodeBlockh">branches/safari-612-branch/Source/JavaScriptCore/bytecode/CodeBlock.h</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCorebytecodeICStatusMaph">branches/safari-612-branch/Source/JavaScriptCore/bytecode/ICStatusMap.h</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCoredfgDFGByteCodeParsercpp">branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCoredfgDFGFixupPhasecpp">branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCoredfgDFGSpeculativeJITcpp">branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCoredfgDFGStoreBarrierInsertionPhasecpp">branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCoreftlFTLLowerDFGToB3cpp">branches/safari-612-branch/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCorejitJITcpp">branches/safari-612-branch/Source/JavaScriptCore/jit/JIT.cpp</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCorejitJITh">branches/safari-612-branch/Source/JavaScriptCore/jit/JIT.h</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCorejitJITInlinesh">branches/safari-612-branch/Source/JavaScriptCore/jit/JITInlines.h</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCorejitJITOperationscpp">branches/safari-612-branch/Source/JavaScriptCore/jit/JITOperations.cpp</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCorejitJITOperationsh">branches/safari-612-branch/Source/JavaScriptCore/jit/JITOperations.h</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCorejitJITPropertyAccesscpp">branches/safari-612-branch/Source/JavaScriptCore/jit/JITPropertyAccess.cpp</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCorejitJITPropertyAccess32_64cpp">branches/safari-612-branch/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCorejitRepatchcpp">branches/safari-612-branch/Source/JavaScriptCore/jit/Repatch.cpp</a></li>
<li><a href="#branchessafari612branchToolsChangeLog">branches/safari-612-branch/Tools/ChangeLog</a></li>
<li><a href="#branchessafari612branchToolsScriptsrunjscbenchmarks">branches/safari-612-branch/Tools/Scripts/run-jsc-benchmarks</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#branchessafari612branchJSTestsmicrobenchmarksclassprivatefieldpolymorphicjs">branches/safari-612-branch/JSTests/microbenchmarks/class-private-field-polymorphic.js</a></li>
<li><a href="#branchessafari612branchJSTestsmicrobenchmarksgetprivatenamejs">branches/safari-612-branch/JSTests/microbenchmarks/get-private-name.js</a></li>
<li><a href="#branchessafari612branchJSTestsmicrobenchmarksmonomorphicgetprivatefieldjs">branches/safari-612-branch/JSTests/microbenchmarks/monomorphic-get-private-field.js</a></li>
<li><a href="#branchessafari612branchJSTestsmicrobenchmarkspolymorphicgetprivatefieldjs">branches/safari-612-branch/JSTests/microbenchmarks/polymorphic-get-private-field.js</a></li>
<li><a href="#branchessafari612branchJSTestsmicrobenchmarkspolymorphicputprivatefieldjs">branches/safari-612-branch/JSTests/microbenchmarks/polymorphic-put-private-field.js</a></li>
<li><a href="#branchessafari612branchJSTestsmicrobenchmarksputbyvalpolymorphicpropertiesjs">branches/safari-612-branch/JSTests/microbenchmarks/put-by-val-polymorphic-properties.js</a></li>
<li><a href="#branchessafari612branchJSTestsmicrobenchmarksputprivatefieldjs">branches/safari-612-branch/JSTests/microbenchmarks/put-private-field.js</a></li>
<li><a href="#branchessafari612branchJSTestsstressclassprivatefieldmegamorphicjs">branches/safari-612-branch/JSTests/stress/class-private-field-megamorphic.js</a></li>
<li><a href="#branchessafari612branchJSTestsstressclassprivatefieldpolymorphicjs">branches/safari-612-branch/JSTests/stress/class-private-field-polymorphic.js</a></li>
<li><a href="#branchessafari612branchJSTestsstressputbyvalpolymorphicpropertiesjs">branches/safari-612-branch/JSTests/stress/put-by-val-polymorphic-properties.js</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#branchessafari612branchJSTestsmicrobenchmarksclassfieldsprivategetprivatenamejs">branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/get-private-name.js</a></li>
<li><a href="#branchessafari612branchJSTestsmicrobenchmarksclassfieldsprivatemonomorphicgetprivatefieldjs">branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/monomorphic-get-private-field.js</a></li>
<li><a href="#branchessafari612branchJSTestsmicrobenchmarksclassfieldsprivatepolymorphicgetprivatefieldjs">branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/polymorphic-get-private-field.js</a></li>
<li><a href="#branchessafari612branchJSTestsmicrobenchmarksclassfieldsprivatepolymorphicputprivatefieldjs">branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/polymorphic-put-private-field.js</a></li>
<li><a href="#branchessafari612branchJSTestsmicrobenchmarksclassfieldsprivateputprivatefieldjs">branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/put-private-field.js</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCorebytecodeByValInfocpp">branches/safari-612-branch/Source/JavaScriptCore/bytecode/ByValInfo.cpp</a></li>
<li><a href="#branchessafari612branchSourceJavaScriptCorebytecodeByValInfoh">branches/safari-612-branch/Source/JavaScriptCore/bytecode/ByValInfo.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari612branchJSTestsChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/JSTests/ChangeLog (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/ChangeLog 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/JSTests/ChangeLog 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -1,3 +1,139 @@
</span><ins>+2021-09-01 Russell Epstein <repstein@apple.com>
+
+ Cherry-pick r281684. rdar://problem/82651474
+
+ [JSC] op_put_private_name should use modern IC and remove ByValInfo
+ https://bugs.webkit.org/show_bug.cgi?id=229544
+
+ Reviewed by Saam Barati.
+
+ JSTests:
+
+ Move class-fields-private benchmarks into microbenchmarks.
+ Added several microbenchmarks and stress tests.
+
+ * microbenchmarks/class-private-field-polymorphic.js: Added.
+ (shouldBe):
+ (test.A.prototype.put):
+ * microbenchmarks/get-private-name.js: Renamed from JSTests/microbenchmarks/class-fields-private/get-private-name.js.
+ * microbenchmarks/monomorphic-get-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/monomorphic-get-private-field.js.
+ * microbenchmarks/polymorphic-get-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/polymorphic-get-private-field.js.
+ * microbenchmarks/polymorphic-put-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/polymorphic-put-private-field.js.
+ * microbenchmarks/put-by-val-polymorphic-properties.js: Added.
+ (shouldBe):
+ (test):
+ * microbenchmarks/put-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/put-private-field.js.
+ * stress/class-private-field-megamorphic.js: Added.
+ (shouldBe):
+ * stress/class-private-field-polymorphic.js: Added.
+ (shouldBe):
+ (test.A.prototype.put):
+ * stress/put-by-val-polymorphic-properties.js: Added.
+ (shouldBe):
+ (test):
+
+ Source/JavaScriptCore:
+
+ This patch makes op_put_private_name use new PutByVal IC. This allows op_put_private_name to support
+ polymorphic properties, and we can finally remove Baseline's adhoc IC and ByValInfo completely.
+
+ Added microbenchmark showed 3x improvement due to polymorphic PutPrivateName IC.
+
+ ToT Patched
+
+ class-private-field-polymorphic 9.3666+-0.0332 ^ 3.1199+-0.0182 ^ definitely 3.0022x faster
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Sources.txt:
+ * bytecode/ByValInfo.cpp: Removed.
+ * bytecode/ByValInfo.h: Removed.
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::getICStatusMap):
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ (JSC::CodeBlock::findByValInfo): Deleted.
+ (JSC::CodeBlock::addByValInfo): Deleted.
+ * bytecode/CodeBlock.h:
+ * bytecode/ICStatusMap.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetPrivateName):
+ (JSC::DFG::SpeculativeJIT::compilePutPrivateName):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGStoreBarrierInsertionPhase.cpp:
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compilePutPrivateName):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::link):
+ (JSC::JIT::privateCompileExceptionHandlers):
+ * jit/JIT.h:
+ (JSC::ByValCompilationInfo::ByValCompilationInfo): Deleted.
+ * jit/JITInlines.h:
+ (JSC::JIT::emitArrayProfileStoreToHoleSpecialCase): Deleted.
+ (JSC::JIT::emitArrayProfileOutOfBoundsSpecialCase): Deleted.
+ * jit/JITOperations.cpp:
+ (JSC::putPrivateNameOptimize):
+ (JSC::putPrivateName):
+ (JSC::JSC_DEFINE_JIT_OPERATION):
+ * jit/JITOperations.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_put_private_name):
+ (JSC::JIT::emitSlow_op_put_private_name):
+ (JSC::JIT::slow_op_put_private_name_prepareCallGenerator):
+ (JSC::JIT::emitPutByValWithCachedId): Deleted.
+ (JSC::JIT::emitPutPrivateNameWithCachedId): Deleted.
+ (JSC::JIT::emitByValIdentifierCheck): Deleted.
+ (JSC::JIT::privateCompilePutPrivateNameWithCachedId): Deleted.
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_private_name):
+ (JSC::JIT::emitSlow_op_put_private_name):
+ * jit/Repatch.cpp:
+ (JSC::appropriateGenericPutByFunction):
+ (JSC::appropriateOptimizingPutByFunction):
+ (JSC::resetPutBy):
+
+ Tools:
+
+ * Scripts/run-jsc-benchmarks:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281684 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-08-26 Yusuke Suzuki <ysuzuki@apple.com>
+
+ [JSC] op_put_private_name should use modern IC and remove ByValInfo
+ https://bugs.webkit.org/show_bug.cgi?id=229544
+
+ Reviewed by Saam Barati.
+
+ Move class-fields-private benchmarks into microbenchmarks.
+ Added several microbenchmarks and stress tests.
+
+ * microbenchmarks/class-private-field-polymorphic.js: Added.
+ (shouldBe):
+ (test.A.prototype.put):
+ * microbenchmarks/get-private-name.js: Renamed from JSTests/microbenchmarks/class-fields-private/get-private-name.js.
+ * microbenchmarks/monomorphic-get-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/monomorphic-get-private-field.js.
+ * microbenchmarks/polymorphic-get-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/polymorphic-get-private-field.js.
+ * microbenchmarks/polymorphic-put-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/polymorphic-put-private-field.js.
+ * microbenchmarks/put-by-val-polymorphic-properties.js: Added.
+ (shouldBe):
+ (test):
+ * microbenchmarks/put-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/put-private-field.js.
+ * stress/class-private-field-megamorphic.js: Added.
+ (shouldBe):
+ * stress/class-private-field-polymorphic.js: Added.
+ (shouldBe):
+ (test.A.prototype.put):
+ * stress/put-by-val-polymorphic-properties.js: Added.
+ (shouldBe):
+ (test):
+
</ins><span class="cx"> 2021-08-30 Russell Epstein <repstein@apple.com>
</span><span class="cx">
</span><span class="cx"> Cherry-pick r281665. rdar://problem/82528295
</span></span></pre></div>
<a id="branchessafari612branchJSTestsmicrobenchmarksclassfieldsprivategetprivatenamejs"></a>
<div class="delfile"><h4>Deleted: branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/get-private-name.js (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/get-private-name.js 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/get-private-name.js 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -1,29 +0,0 @@
</span><del>-//@ requireOptions("--usePrivateClassFields=true")
-
-function assert(b, m = "Assertion failed") {
- if (!b)
- throw new Error(m);
-}
-
-function test1() {
- function factory(i) {
- return new class {
- #x = i;
- get() { return this.#x; }
- };
- }
-
- function foo(o, i) {
- return o.get();
- }
- noInline(foo);
-
- let a = factory(42);
- let b = factory(43);
- let start = Date.now();
- for (let i = 0; i < 10000000; ++i) {
- assert(foo(a, "a") === 42);
- assert(foo(b, "b") === 43);
- }
-}
-test1();
</del></span></pre></div>
<a id="branchessafari612branchJSTestsmicrobenchmarksclassfieldsprivatemonomorphicgetprivatefieldjs"></a>
<div class="delfile"><h4>Deleted: branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/monomorphic-get-private-field.js (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/monomorphic-get-private-field.js 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/monomorphic-get-private-field.js 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -1,20 +0,0 @@
</span><del>-//@ requireOptions("--usePrivateClassFields=true")
-
-class C {
- #field;
-
- constructor(i) {
- this.#field = i;
- }
-
- getField() {
- return this.#field;
- }
-}
-noInline(C.prototype.getField);
-
-let c = new C("test");
-for (let i = 0; i < 5000000; i++) {
- if (c.getField() !== "test")
- throw new Error("unexpected field value");
-}
</del></span></pre></div>
<a id="branchessafari612branchJSTestsmicrobenchmarksclassfieldsprivatepolymorphicgetprivatefieldjs"></a>
<div class="delfile"><h4>Deleted: branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/polymorphic-get-private-field.js (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/polymorphic-get-private-field.js 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/polymorphic-get-private-field.js 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -1,34 +0,0 @@
</span><del>-//@ requireOptions("--usePrivateClassFields=true")
-
-class C {
- #field;
-
- setField(value) {
- this.#field = value;
- }
-
- getField() {
- return this.#field;
- }
-}
-noInline(C.prototype.getField);
-
-let c1 = new C();
-c1.foo = 0;
-c1.setField("a");
-
-let c2 = new C();
-c2.bar = 0;
-c2.setField("b");
-
-let c3 = new C();
-c3.baz = 0;
-c3.setField("c");
-
-let arr = [c1, c2, c3];
-let values = ["a", "b", "c"];
-for (let i = 0; i < 5000000; i++) {
- if (arr[i % arr.length].getField() !== values[i % values.length])
- throw new Error("unexpected field value");
-}
-
</del></span></pre></div>
<a id="branchessafari612branchJSTestsmicrobenchmarksclassfieldsprivatepolymorphicputprivatefieldjs"></a>
<div class="delfile"><h4>Deleted: branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/polymorphic-put-private-field.js (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/polymorphic-put-private-field.js 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/polymorphic-put-private-field.js 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -1,26 +0,0 @@
</span><del>-//@ requireOptions("--allowUnsupportedTiers=true", "--usePrivateClassFields=true")
-
-class C {
- #field;
-
- setField(value) {
- this.#field = value;
- }
-}
-noInline(C.prototype.setField);
-
-let c1 = new C();
-c1.foo = 0;
-
-let c2 = new C();
-c2.bar = 0;
-
-let c3 = new C();
-c3.baz = 0;
-
-let arr = [c1, c2, c3];
-
-for (let i = 0; i < 5000000; i++) {
- arr[i % arr.length].setField(i);
-}
-
</del></span></pre></div>
<a id="branchessafari612branchJSTestsmicrobenchmarksclassfieldsprivateputprivatefieldjs"></a>
<div class="delfile"><h4>Deleted: branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/put-private-field.js (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/put-private-field.js 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/put-private-field.js 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -1,16 +0,0 @@
</span><del>-//@ requireOptions("--allowUnsupportedTiers=true", "--usePrivateClassFields=true")
-
-class C {
- #field;
-
- setField(value) {
- this.#field = value;
- }
-}
-noInline(C.prototype.setField);
-
-let c = new C();
-for (let i = 0; i < 5000000; i++) {
- c.setField(i);
-}
-
</del></span></pre></div>
<a id="branchessafari612branchJSTestsmicrobenchmarksclassprivatefieldpolymorphicjs"></a>
<div class="addfile"><h4>Added: branches/safari-612-branch/JSTests/microbenchmarks/class-private-field-polymorphic.js (0 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/microbenchmarks/class-private-field-polymorphic.js (rev 0)
+++ branches/safari-612-branch/JSTests/microbenchmarks/class-private-field-polymorphic.js 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -0,0 +1,36 @@
</span><ins>+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+function test(i)
+{
+ class A {
+ #field = 0;
+ put(i)
+ {
+ this.#field = i;
+ }
+ get()
+ {
+ return this.#field;
+ }
+ }
+ noInline(A.prototype.get);
+ noInline(A.prototype.put);
+ return new A;
+}
+
+let test0 = test(0);
+let test1 = test(1);
+let test2 = test(2);
+let test3 = test(3);
+let test4 = test(4);
+
+for (var i = 0; i < 1e5; ++i) {
+ test0.put(i + 0);
+ test1.put(i + 1);
+ test2.put(i + 2);
+ test3.put(i + 3);
+ test4.put(i + 4);
+}
</ins></span></pre></div>
<a id="branchessafari612branchJSTestsmicrobenchmarksgetprivatenamejsfromrev281902branchessafari612branchJSTestsmicrobenchmarksclassfieldsprivategetprivatenamejs"></a>
<div class="copfile"><h4>Copied: branches/safari-612-branch/JSTests/microbenchmarks/get-private-name.js (from rev 281902, branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/get-private-name.js) (0 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/microbenchmarks/get-private-name.js (rev 0)
+++ branches/safari-612-branch/JSTests/microbenchmarks/get-private-name.js 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -0,0 +1,29 @@
</span><ins>+//@ requireOptions("--usePrivateClassFields=true")
+
+function assert(b, m = "Assertion failed") {
+ if (!b)
+ throw new Error(m);
+}
+
+function test1() {
+ function factory(i) {
+ return new class {
+ #x = i;
+ get() { return this.#x; }
+ };
+ }
+
+ function foo(o, i) {
+ return o.get();
+ }
+ noInline(foo);
+
+ let a = factory(42);
+ let b = factory(43);
+ let start = Date.now();
+ for (let i = 0; i < 10000000; ++i) {
+ assert(foo(a, "a") === 42);
+ assert(foo(b, "b") === 43);
+ }
+}
+test1();
</ins></span></pre></div>
<a id="branchessafari612branchJSTestsmicrobenchmarksmonomorphicgetprivatefieldjsfromrev281902branchessafari612branchJSTestsmicrobenchmarksclassfieldsprivatemonomorphicgetprivatefieldjs"></a>
<div class="copfile"><h4>Copied: branches/safari-612-branch/JSTests/microbenchmarks/monomorphic-get-private-field.js (from rev 281902, branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/monomorphic-get-private-field.js) (0 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/microbenchmarks/monomorphic-get-private-field.js (rev 0)
+++ branches/safari-612-branch/JSTests/microbenchmarks/monomorphic-get-private-field.js 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -0,0 +1,20 @@
</span><ins>+//@ requireOptions("--usePrivateClassFields=true")
+
+class C {
+ #field;
+
+ constructor(i) {
+ this.#field = i;
+ }
+
+ getField() {
+ return this.#field;
+ }
+}
+noInline(C.prototype.getField);
+
+let c = new C("test");
+for (let i = 0; i < 5000000; i++) {
+ if (c.getField() !== "test")
+ throw new Error("unexpected field value");
+}
</ins></span></pre></div>
<a id="branchessafari612branchJSTestsmicrobenchmarkspolymorphicgetprivatefieldjsfromrev281902branchessafari612branchJSTestsmicrobenchmarksclassfieldsprivatepolymorphicgetprivatefieldjs"></a>
<div class="copfile"><h4>Copied: branches/safari-612-branch/JSTests/microbenchmarks/polymorphic-get-private-field.js (from rev 281902, branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/polymorphic-get-private-field.js) (0 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/microbenchmarks/polymorphic-get-private-field.js (rev 0)
+++ branches/safari-612-branch/JSTests/microbenchmarks/polymorphic-get-private-field.js 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -0,0 +1,34 @@
</span><ins>+//@ requireOptions("--usePrivateClassFields=true")
+
+class C {
+ #field;
+
+ setField(value) {
+ this.#field = value;
+ }
+
+ getField() {
+ return this.#field;
+ }
+}
+noInline(C.prototype.getField);
+
+let c1 = new C();
+c1.foo = 0;
+c1.setField("a");
+
+let c2 = new C();
+c2.bar = 0;
+c2.setField("b");
+
+let c3 = new C();
+c3.baz = 0;
+c3.setField("c");
+
+let arr = [c1, c2, c3];
+let values = ["a", "b", "c"];
+for (let i = 0; i < 5000000; i++) {
+ if (arr[i % arr.length].getField() !== values[i % values.length])
+ throw new Error("unexpected field value");
+}
+
</ins></span></pre></div>
<a id="branchessafari612branchJSTestsmicrobenchmarkspolymorphicputprivatefieldjsfromrev281902branchessafari612branchJSTestsmicrobenchmarksclassfieldsprivatepolymorphicputprivatefieldjs"></a>
<div class="copfile"><h4>Copied: branches/safari-612-branch/JSTests/microbenchmarks/polymorphic-put-private-field.js (from rev 281902, branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/polymorphic-put-private-field.js) (0 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/microbenchmarks/polymorphic-put-private-field.js (rev 0)
+++ branches/safari-612-branch/JSTests/microbenchmarks/polymorphic-put-private-field.js 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -0,0 +1,26 @@
</span><ins>+//@ requireOptions("--allowUnsupportedTiers=true", "--usePrivateClassFields=true")
+
+class C {
+ #field;
+
+ setField(value) {
+ this.#field = value;
+ }
+}
+noInline(C.prototype.setField);
+
+let c1 = new C();
+c1.foo = 0;
+
+let c2 = new C();
+c2.bar = 0;
+
+let c3 = new C();
+c3.baz = 0;
+
+let arr = [c1, c2, c3];
+
+for (let i = 0; i < 5000000; i++) {
+ arr[i % arr.length].setField(i);
+}
+
</ins></span></pre></div>
<a id="branchessafari612branchJSTestsmicrobenchmarksputbyvalpolymorphicpropertiesjs"></a>
<div class="addfile"><h4>Added: branches/safari-612-branch/JSTests/microbenchmarks/put-by-val-polymorphic-properties.js (0 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/microbenchmarks/put-by-val-polymorphic-properties.js (rev 0)
+++ branches/safari-612-branch/JSTests/microbenchmarks/put-by-val-polymorphic-properties.js 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -0,0 +1,20 @@
</span><ins>+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+function test(object, name, value)
+{
+ object[name] = value;
+}
+noInline(test);
+
+var array = [ 0, 1, 2 ];
+array.hello = 42;
+array.world = 44;
+
+for (var i = 0; i < 1e6; ++i) {
+ test(array, "hello", i);
+ test(array, "world", i);
+ test(array, 0, i);
+}
</ins></span></pre></div>
<a id="branchessafari612branchJSTestsmicrobenchmarksputprivatefieldjsfromrev281902branchessafari612branchJSTestsmicrobenchmarksclassfieldsprivateputprivatefieldjs"></a>
<div class="copfile"><h4>Copied: branches/safari-612-branch/JSTests/microbenchmarks/put-private-field.js (from rev 281902, branches/safari-612-branch/JSTests/microbenchmarks/class-fields-private/put-private-field.js) (0 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/microbenchmarks/put-private-field.js (rev 0)
+++ branches/safari-612-branch/JSTests/microbenchmarks/put-private-field.js 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+//@ requireOptions("--allowUnsupportedTiers=true", "--usePrivateClassFields=true")
+
+class C {
+ #field;
+
+ setField(value) {
+ this.#field = value;
+ }
+}
+noInline(C.prototype.setField);
+
+let c = new C();
+for (let i = 0; i < 5000000; i++) {
+ c.setField(i);
+}
+
</ins></span></pre></div>
<a id="branchessafari612branchJSTestsstressclassprivatefieldmegamorphicjs"></a>
<div class="addfile"><h4>Added: branches/safari-612-branch/JSTests/stress/class-private-field-megamorphic.js (0 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/stress/class-private-field-megamorphic.js (rev 0)
+++ branches/safari-612-branch/JSTests/stress/class-private-field-megamorphic.js 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -0,0 +1,26 @@
</span><ins>+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+function test(i)
+{
+ class A {
+ #field = 0;
+ get()
+ {
+ return this.#field;
+ }
+ put(i)
+ {
+ this.#field = i;
+ }
+ }
+
+ let instance = new A;
+ instance.put(i);
+ return instance.get();
+}
+
+for (var i = 0; i < 1e5; ++i)
+ shouldBe(test(i), i);
</ins></span></pre></div>
<a id="branchessafari612branchJSTestsstressclassprivatefieldpolymorphicjs"></a>
<div class="addfile"><h4>Added: branches/safari-612-branch/JSTests/stress/class-private-field-polymorphic.js (0 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/stress/class-private-field-polymorphic.js (rev 0)
+++ branches/safari-612-branch/JSTests/stress/class-private-field-polymorphic.js 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -0,0 +1,41 @@
</span><ins>+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+function test(i)
+{
+ class A {
+ #field = 0;
+ put(i)
+ {
+ this.#field = i;
+ }
+ get()
+ {
+ return this.#field;
+ }
+ }
+ noInline(A.prototype.get);
+ noInline(A.prototype.put);
+ return new A;
+}
+
+let test0 = test(0);
+let test1 = test(1);
+let test2 = test(2);
+let test3 = test(3);
+let test4 = test(4);
+
+for (var i = 0; i < 1e5; ++i) {
+ test0.put(i + 0);
+ shouldBe(test0.get(), i + 0);
+ test1.put(i + 1);
+ shouldBe(test1.get(), i + 1);
+ test2.put(i + 2);
+ shouldBe(test2.get(), i + 2);
+ test3.put(i + 3);
+ shouldBe(test3.get(), i + 3);
+ test4.put(i + 4);
+ shouldBe(test4.get(), i + 4);
+}
</ins></span></pre></div>
<a id="branchessafari612branchJSTestsstressputbyvalpolymorphicpropertiesjs"></a>
<div class="addfile"><h4>Added: branches/safari-612-branch/JSTests/stress/put-by-val-polymorphic-properties.js (0 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/JSTests/stress/put-by-val-polymorphic-properties.js (rev 0)
+++ branches/safari-612-branch/JSTests/stress/put-by-val-polymorphic-properties.js 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -0,0 +1,23 @@
</span><ins>+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+function test(object, name, value)
+{
+ object[name] = value;
+}
+noInline(test);
+
+var array = [ 0, 1, 2 ];
+array.hello = 42;
+array.world = 44;
+
+for (var i = 0; i < 1e6; ++i) {
+ test(array, "hello", i);
+ shouldBe(array.hello, i);
+ test(array, "world", i);
+ shouldBe(array.world, i);
+ test(array, 0, i);
+ shouldBe(array[0], i);
+}
</ins></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/ChangeLog (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/ChangeLog 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/ChangeLog 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -1,5 +1,183 @@
</span><span class="cx"> 2021-09-01 Russell Epstein <repstein@apple.com>
</span><span class="cx">
</span><ins>+ Cherry-pick r281684. rdar://problem/82651474
+
+ [JSC] op_put_private_name should use modern IC and remove ByValInfo
+ https://bugs.webkit.org/show_bug.cgi?id=229544
+
+ Reviewed by Saam Barati.
+
+ JSTests:
+
+ Move class-fields-private benchmarks into microbenchmarks.
+ Added several microbenchmarks and stress tests.
+
+ * microbenchmarks/class-private-field-polymorphic.js: Added.
+ (shouldBe):
+ (test.A.prototype.put):
+ * microbenchmarks/get-private-name.js: Renamed from JSTests/microbenchmarks/class-fields-private/get-private-name.js.
+ * microbenchmarks/monomorphic-get-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/monomorphic-get-private-field.js.
+ * microbenchmarks/polymorphic-get-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/polymorphic-get-private-field.js.
+ * microbenchmarks/polymorphic-put-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/polymorphic-put-private-field.js.
+ * microbenchmarks/put-by-val-polymorphic-properties.js: Added.
+ (shouldBe):
+ (test):
+ * microbenchmarks/put-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/put-private-field.js.
+ * stress/class-private-field-megamorphic.js: Added.
+ (shouldBe):
+ * stress/class-private-field-polymorphic.js: Added.
+ (shouldBe):
+ (test.A.prototype.put):
+ * stress/put-by-val-polymorphic-properties.js: Added.
+ (shouldBe):
+ (test):
+
+ Source/JavaScriptCore:
+
+ This patch makes op_put_private_name use new PutByVal IC. This allows op_put_private_name to support
+ polymorphic properties, and we can finally remove Baseline's adhoc IC and ByValInfo completely.
+
+ Added microbenchmark showed 3x improvement due to polymorphic PutPrivateName IC.
+
+ ToT Patched
+
+ class-private-field-polymorphic 9.3666+-0.0332 ^ 3.1199+-0.0182 ^ definitely 3.0022x faster
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Sources.txt:
+ * bytecode/ByValInfo.cpp: Removed.
+ * bytecode/ByValInfo.h: Removed.
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::getICStatusMap):
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ (JSC::CodeBlock::findByValInfo): Deleted.
+ (JSC::CodeBlock::addByValInfo): Deleted.
+ * bytecode/CodeBlock.h:
+ * bytecode/ICStatusMap.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetPrivateName):
+ (JSC::DFG::SpeculativeJIT::compilePutPrivateName):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGStoreBarrierInsertionPhase.cpp:
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compilePutPrivateName):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::link):
+ (JSC::JIT::privateCompileExceptionHandlers):
+ * jit/JIT.h:
+ (JSC::ByValCompilationInfo::ByValCompilationInfo): Deleted.
+ * jit/JITInlines.h:
+ (JSC::JIT::emitArrayProfileStoreToHoleSpecialCase): Deleted.
+ (JSC::JIT::emitArrayProfileOutOfBoundsSpecialCase): Deleted.
+ * jit/JITOperations.cpp:
+ (JSC::putPrivateNameOptimize):
+ (JSC::putPrivateName):
+ (JSC::JSC_DEFINE_JIT_OPERATION):
+ * jit/JITOperations.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_put_private_name):
+ (JSC::JIT::emitSlow_op_put_private_name):
+ (JSC::JIT::slow_op_put_private_name_prepareCallGenerator):
+ (JSC::JIT::emitPutByValWithCachedId): Deleted.
+ (JSC::JIT::emitPutPrivateNameWithCachedId): Deleted.
+ (JSC::JIT::emitByValIdentifierCheck): Deleted.
+ (JSC::JIT::privateCompilePutPrivateNameWithCachedId): Deleted.
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_private_name):
+ (JSC::JIT::emitSlow_op_put_private_name):
+ * jit/Repatch.cpp:
+ (JSC::appropriateGenericPutByFunction):
+ (JSC::appropriateOptimizingPutByFunction):
+ (JSC::resetPutBy):
+
+ Tools:
+
+ * Scripts/run-jsc-benchmarks:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281684 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-08-26 Yusuke Suzuki <ysuzuki@apple.com>
+
+ [JSC] op_put_private_name should use modern IC and remove ByValInfo
+ https://bugs.webkit.org/show_bug.cgi?id=229544
+
+ Reviewed by Saam Barati.
+
+ This patch makes op_put_private_name use new PutByVal IC. This allows op_put_private_name to support
+ polymorphic properties, and we can finally remove Baseline's adhoc IC and ByValInfo completely.
+
+ Added microbenchmark showed 3x improvement due to polymorphic PutPrivateName IC.
+
+ ToT Patched
+
+ class-private-field-polymorphic 9.3666+-0.0332 ^ 3.1199+-0.0182 ^ definitely 3.0022x faster
+
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Sources.txt:
+ * bytecode/ByValInfo.cpp: Removed.
+ * bytecode/ByValInfo.h: Removed.
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::getICStatusMap):
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ (JSC::CodeBlock::findByValInfo): Deleted.
+ (JSC::CodeBlock::addByValInfo): Deleted.
+ * bytecode/CodeBlock.h:
+ * bytecode/ICStatusMap.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetPrivateName):
+ (JSC::DFG::SpeculativeJIT::compilePutPrivateName):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGStoreBarrierInsertionPhase.cpp:
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compilePutPrivateName):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::link):
+ (JSC::JIT::privateCompileExceptionHandlers):
+ * jit/JIT.h:
+ (JSC::ByValCompilationInfo::ByValCompilationInfo): Deleted.
+ * jit/JITInlines.h:
+ (JSC::JIT::emitArrayProfileStoreToHoleSpecialCase): Deleted.
+ (JSC::JIT::emitArrayProfileOutOfBoundsSpecialCase): Deleted.
+ * jit/JITOperations.cpp:
+ (JSC::putPrivateNameOptimize):
+ (JSC::putPrivateName):
+ (JSC::JSC_DEFINE_JIT_OPERATION):
+ * jit/JITOperations.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_put_private_name):
+ (JSC::JIT::emitSlow_op_put_private_name):
+ (JSC::JIT::slow_op_put_private_name_prepareCallGenerator):
+ (JSC::JIT::emitPutByValWithCachedId): Deleted.
+ (JSC::JIT::emitPutPrivateNameWithCachedId): Deleted.
+ (JSC::JIT::emitByValIdentifierCheck): Deleted.
+ (JSC::JIT::privateCompilePutPrivateNameWithCachedId): Deleted.
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_private_name):
+ (JSC::JIT::emitSlow_op_put_private_name):
+ * jit/Repatch.cpp:
+ (JSC::appropriateGenericPutByFunction):
+ (JSC::appropriateOptimizingPutByFunction):
+ (JSC::resetPutBy):
+
+2021-09-01 Russell Epstein <repstein@apple.com>
+
</ins><span class="cx"> Cherry-pick r281638. rdar://problem/82651129
</span><span class="cx">
</span><span class="cx"> [JSC] Segfault in stress/typedarray-every.js (32bit)
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -444,7 +444,6 @@
</span><span class="cx"> 0F7DF13C1E2971130095951B /* JSDestructibleObjectHeapCellType.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F7DF13A1E29710E0095951B /* JSDestructibleObjectHeapCellType.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F7DF1461E2BEF6A0095951B /* BlockDirectoryInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F7DF1451E2BEF680095951B /* BlockDirectoryInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F7F988C1D9596C800F4F12E /* DFGStoreBarrierClusteringPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F7F988A1D9596C300F4F12E /* DFGStoreBarrierClusteringPhase.h */; };
</span><del>- 0F8023EA1613832B00A0BA45 /* ByValInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F8023E91613832300A0BA45 /* ByValInfo.h */; };
</del><span class="cx"> 0F8335B81639C1EA001443B5 /* ArrayAllocationProfile.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F8335B51639C1E3001443B5 /* ArrayAllocationProfile.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F8364B7164B0C110053329A /* DFGBranchDirection.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F8364B5164B0C0E0053329A /* DFGBranchDirection.h */; };
</span><span class="cx"> 0F86A26F1D6F7B3300CB0C92 /* GCTypeMap.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F86A26E1D6F7B3100CB0C92 /* GCTypeMap.h */; };
</span><span class="lines">@@ -2829,7 +2828,6 @@
</span><span class="cx"> 0F7DF1451E2BEF680095951B /* BlockDirectoryInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BlockDirectoryInlines.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F7F98891D9596C300F4F12E /* DFGStoreBarrierClusteringPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGStoreBarrierClusteringPhase.cpp; path = dfg/DFGStoreBarrierClusteringPhase.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F7F988A1D9596C300F4F12E /* DFGStoreBarrierClusteringPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGStoreBarrierClusteringPhase.h; path = dfg/DFGStoreBarrierClusteringPhase.h; sourceTree = "<group>"; };
</span><del>- 0F8023E91613832300A0BA45 /* ByValInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ByValInfo.h; sourceTree = "<group>"; };
</del><span class="cx"> 0F8335B41639C1E3001443B5 /* ArrayAllocationProfile.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ArrayAllocationProfile.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F8335B51639C1E3001443B5 /* ArrayAllocationProfile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArrayAllocationProfile.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F8364B5164B0C0E0053329A /* DFGBranchDirection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGBranchDirection.h; path = dfg/DFGBranchDirection.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -5137,7 +5135,6 @@
</span><span class="cx"> E355D38E2244686C008F1AD6 /* GlobalExecutable.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = GlobalExecutable.cpp; sourceTree = "<group>"; };
</span><span class="cx"> E356987122841183008CDCCB /* PackedCellPtr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = PackedCellPtr.h; sourceTree = "<group>"; };
</span><span class="cx"> E35A0B9C220AD87A00AC4474 /* ExecutableBaseInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ExecutableBaseInlines.h; sourceTree = "<group>"; };
</span><del>- E35BA2C0241A0E8C00B67086 /* ByValInfo.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = ByValInfo.cpp; sourceTree = "<group>"; };
</del><span class="cx"> E35CA14F1DBC3A5600F83516 /* DOMJITAbstractHeap.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DOMJITAbstractHeap.cpp; sourceTree = "<group>"; };
</span><span class="cx"> E35CA1501DBC3A5600F83516 /* DOMJITAbstractHeap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMJITAbstractHeap.h; sourceTree = "<group>"; };
</span><span class="cx"> E35CA1511DBC3A5600F83516 /* DOMJITHeapRange.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DOMJITHeapRange.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -8557,8 +8554,6 @@
</span><span class="cx"> E3D2642A1D38C042000BE174 /* BytecodeRewriter.h */,
</span><span class="cx"> 53D35498240D88AD008950DD /* BytecodeUseDef.cpp */,
</span><span class="cx"> 0F885E101849A3BE00F1E3FA /* BytecodeUseDef.h */,
</span><del>- E35BA2C0241A0E8C00B67086 /* ByValInfo.cpp */,
- 0F8023E91613832300A0BA45 /* ByValInfo.h */,
</del><span class="cx"> 0F64B2771A7957B2006E4E66 /* CallEdge.cpp */,
</span><span class="cx"> 0F64B2781A7957B2006E4E66 /* CallEdge.h */,
</span><span class="cx"> 0F0B83AE14BCF71400885B4F /* CallLinkInfo.cpp */,
</span><span class="lines">@@ -9476,7 +9471,6 @@
</span><span class="cx"> E328DAEB1D38D005001A2529 /* BytecodeRewriter.h in Headers */,
</span><span class="cx"> 6514F21918B3E1670098FF8B /* Bytecodes.h in Headers */,
</span><span class="cx"> 0F885E111849A3BE00F1E3FA /* BytecodeUseDef.h in Headers */,
</span><del>- 0F8023EA1613832B00A0BA45 /* ByValInfo.h in Headers */,
</del><span class="cx"> FE8DE54B23AC1DAD005C9142 /* CacheableIdentifier.h in Headers */,
</span><span class="cx"> FE8DE54D23AC1E86005C9142 /* CacheableIdentifierInlines.h in Headers */,
</span><span class="cx"> 144CA3502224180100817789 /* CachedBytecode.h in Headers */,
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCoreSourcestxt"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/Sources.txt (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/Sources.txt 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/Sources.txt 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -197,7 +197,6 @@
</span><span class="cx"> bytecode/ArithProfile.cpp
</span><span class="cx"> bytecode/ArrayAllocationProfile.cpp
</span><span class="cx"> bytecode/ArrayProfile.cpp
</span><del>-bytecode/ByValInfo.cpp
</del><span class="cx"> bytecode/BytecodeBasicBlock.cpp
</span><span class="cx"> bytecode/BytecodeDumper.cpp
</span><span class="cx"> bytecode/BytecodeGeneratorification.cpp
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCorebytecodeByValInfocpp"></a>
<div class="delfile"><h4>Deleted: branches/safari-612-branch/Source/JavaScriptCore/bytecode/ByValInfo.cpp (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/bytecode/ByValInfo.cpp 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/bytecode/ByValInfo.cpp 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -1,45 +0,0 @@
</span><del>-/*
- * Copyright (C) 2020-2021 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "ByValInfo.h"
-
-#include "CacheableIdentifierInlines.h"
-
-namespace JSC {
-
-#if ENABLE(JIT)
-
-template<typename Visitor>
-void ByValInfo::visitAggregateImpl(Visitor& visitor)
-{
- cachedId.visitAggregate(visitor);
-}
-
-DEFINE_VISIT_AGGREGATE(ByValInfo);
-
-#endif // ENABLE(JIT)
-
-} // namespace JSC
</del></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCorebytecodeByValInfoh"></a>
<div class="delfile"><h4>Deleted: branches/safari-612-branch/Source/JavaScriptCore/bytecode/ByValInfo.h (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/bytecode/ByValInfo.h 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/bytecode/ByValInfo.h 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -1,300 +0,0 @@
</span><del>-/*
- * Copyright (C) 2012-2021 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#pragma once
-
-#include "CacheableIdentifier.h"
-#include "ClassInfo.h"
-#include "CodeLocation.h"
-#include "IndexingType.h"
-#include "JITStubRoutine.h"
-#include "Structure.h"
-
-namespace JSC {
-
-class Symbol;
-
-#if ENABLE(JIT)
-
-class ArrayProfile;
-class StructureStubInfo;
-
-enum JITArrayMode : uint8_t {
- JITInt32,
- JITDouble,
- JITContiguous,
- JITArrayStorage,
- JITDirectArguments,
- JITScopedArguments,
- JITInt8Array,
- JITInt16Array,
- JITInt32Array,
- JITUint8Array,
- JITUint8ClampedArray,
- JITUint16Array,
- JITUint32Array,
- JITFloat32Array,
- JITFloat64Array,
- JITBigInt64Array,
- JITBigUint64Array,
-};
-
-inline bool isOptimizableIndexingType(IndexingType indexingType)
-{
- switch (indexingType) {
- case ALL_INT32_INDEXING_TYPES:
- case ALL_DOUBLE_INDEXING_TYPES:
- case ALL_CONTIGUOUS_INDEXING_TYPES:
- case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES:
- return true;
- default:
- return false;
- }
-}
-
-inline bool hasOptimizableIndexingForJSType(JSType type)
-{
- switch (type) {
- case DirectArgumentsType:
- case ScopedArgumentsType:
- return true;
- default:
- return false;
- }
-}
-
-inline bool hasOptimizableIndexingForClassInfo(const ClassInfo* classInfo)
-{
- return isTypedView(classInfo->typedArrayStorageType);
-}
-
-inline bool hasOptimizableIndexing(Structure* structure)
-{
- return isOptimizableIndexingType(structure->indexingType())
- || hasOptimizableIndexingForJSType(structure->typeInfo().type())
- || hasOptimizableIndexingForClassInfo(structure->classInfo());
-}
-
-inline JITArrayMode jitArrayModeForIndexingType(IndexingType indexingType)
-{
- switch (indexingType) {
- case ALL_INT32_INDEXING_TYPES:
- return JITInt32;
- case ALL_DOUBLE_INDEXING_TYPES:
- return JITDouble;
- case ALL_CONTIGUOUS_INDEXING_TYPES:
- return JITContiguous;
- case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES:
- return JITArrayStorage;
- default:
- CRASH();
- return JITContiguous;
- }
-}
-
-inline JITArrayMode jitArrayModeForJSType(JSType type)
-{
- switch (type) {
- case DirectArgumentsType:
- return JITDirectArguments;
- case ScopedArgumentsType:
- return JITScopedArguments;
- default:
- RELEASE_ASSERT_NOT_REACHED();
- return JITContiguous;
- }
-}
-
-inline JITArrayMode jitArrayModeForClassInfo(const ClassInfo* classInfo)
-{
- switch (classInfo->typedArrayStorageType) {
- case TypeInt8:
- return JITInt8Array;
- case TypeInt16:
- return JITInt16Array;
- case TypeInt32:
- return JITInt32Array;
- case TypeUint8:
- return JITUint8Array;
- case TypeUint8Clamped:
- return JITUint8ClampedArray;
- case TypeUint16:
- return JITUint16Array;
- case TypeUint32:
- return JITUint32Array;
- case TypeFloat32:
- return JITFloat32Array;
- case TypeFloat64:
- return JITFloat64Array;
- case TypeBigInt64:
- return JITBigInt64Array;
- case TypeBigUint64:
- return JITBigUint64Array;
- default:
- CRASH();
- return JITContiguous;
- }
-}
-
-inline bool jitArrayModePermitsPut(JITArrayMode mode)
-{
- switch (mode) {
- case JITDirectArguments:
- case JITScopedArguments:
- // FIXME: Optimize BigInt64Array / BigUint64Array in IC
- // https://bugs.webkit.org/show_bug.cgi?id=221183
- case JITBigInt64Array:
- case JITBigUint64Array:
- // We could support put_by_val on these at some point, but it's just not that profitable
- // at the moment.
- return false;
- default:
- return true;
- }
-}
-
-inline bool jitArrayModePermitsPutDirect(JITArrayMode mode)
-{
- // We don't allow typed array putDirect here since putDirect has
- // defineOwnProperty({configurable: true, writable:true, enumerable:true})
- // semantics. Typed array indexed properties are non-configurable by
- // default, so we can't simply store to a typed array for putDirect.
- //
- // We could model putDirect on ScopedArguments and DirectArguments, but we
- // haven't found any performance incentive to do it yet.
- switch (mode) {
- case JITInt32:
- case JITDouble:
- case JITContiguous:
- case JITArrayStorage:
- return true;
- default:
- return false;
- }
-}
-
-inline TypedArrayType typedArrayTypeForJITArrayMode(JITArrayMode mode)
-{
- switch (mode) {
- case JITInt8Array:
- return TypeInt8;
- case JITInt16Array:
- return TypeInt16;
- case JITInt32Array:
- return TypeInt32;
- case JITUint8Array:
- return TypeUint8;
- case JITUint8ClampedArray:
- return TypeUint8Clamped;
- case JITUint16Array:
- return TypeUint16;
- case JITUint32Array:
- return TypeUint32;
- case JITFloat32Array:
- return TypeFloat32;
- case JITFloat64Array:
- return TypeFloat64;
- case JITBigInt64Array:
- return TypeBigInt64;
- case JITBigUint64Array:
- return TypeBigUint64;
- default:
- CRASH();
- return NotTypedArray;
- }
-}
-
-inline JITArrayMode jitArrayModeForStructure(Structure* structure)
-{
- if (isOptimizableIndexingType(structure->indexingType()))
- return jitArrayModeForIndexingType(structure->indexingType());
-
- if (hasOptimizableIndexingForJSType(structure->typeInfo().type()))
- return jitArrayModeForJSType(structure->typeInfo().type());
-
- ASSERT(hasOptimizableIndexingForClassInfo(structure->classInfo()));
- return jitArrayModeForClassInfo(structure->classInfo());
-}
-
-struct ByValInfo {
- ByValInfo(BytecodeIndex bytecodeIndex)
- : bytecodeIndex(bytecodeIndex)
- {
- }
-
- void setUp(CodeLocationLabel<ExceptionHandlerPtrTag> exceptionHandler, JITArrayMode arrayMode, ArrayProfile* arrayProfile, CodeLocationLabel<JSInternalPtrTag> doneTarget, CodeLocationLabel<JSInternalPtrTag> badTypeNextHotPathTarget, CodeLocationLabel<JSInternalPtrTag> slowPathTarget)
- {
- this->exceptionHandler = exceptionHandler;
- this->doneTarget = doneTarget;
- this->badTypeNextHotPathTarget = badTypeNextHotPathTarget;
- this->slowPathTarget = slowPathTarget;
- this->arrayProfile = arrayProfile;
- this->slowPathCount = 0;
- this->stubInfo = nullptr;
- this->arrayMode = arrayMode;
- this->tookSlowPath = false;
- this->seen = false;
- }
-
- DECLARE_VISIT_AGGREGATE;
-
- static ptrdiff_t offsetOfSlowOperation() { return OBJECT_OFFSETOF(ByValInfo, m_slowOperation); }
- static ptrdiff_t offsetOfNotIndexJumpTarget() { return OBJECT_OFFSETOF(ByValInfo, m_notIndexJumpTarget); }
- static ptrdiff_t offsetOfBadTypeJumpTarget() { return OBJECT_OFFSETOF(ByValInfo, m_badTypeJumpTarget); }
-
- FunctionPtr<OperationPtrTag> m_slowOperation;
-
- union {
- CodeLocationLabel<JITStubRoutinePtrTag> m_notIndexJumpTarget;
- CodeLocationJump<JSInternalPtrTag> m_notIndexJump;
- };
- union {
- CodeLocationLabel<JITStubRoutinePtrTag> m_badTypeJumpTarget;
- CodeLocationJump<JSInternalPtrTag> m_badTypeJump;
- };
-
- CodeLocationLabel<ExceptionHandlerPtrTag> exceptionHandler;
- CodeLocationLabel<JSInternalPtrTag> doneTarget;
- CodeLocationLabel<JSInternalPtrTag> badTypeNextHotPathTarget;
- CodeLocationLabel<JSInternalPtrTag> slowPathTarget;
- ArrayProfile* arrayProfile;
- BytecodeIndex bytecodeIndex;
- unsigned slowPathCount;
- RefPtr<JITStubRoutine> stubRoutine;
- CacheableIdentifier cachedId; // Once we set cachedId, we must not change the value. JIT code relies on that configured cachedId is marked and retained by CodeBlock through ByValInfo.
- StructureStubInfo* stubInfo;
- JITArrayMode arrayMode; // The array mode that was baked into the inline JIT code.
- bool tookSlowPath : 1;
- bool seen : 1;
-};
-
-inline BytecodeIndex getByValInfoBytecodeIndex(ByValInfo* info)
-{
- return info->bytecodeIndex;
-}
-
-#endif // ENABLE(JIT)
-
-} // namespace JSC
</del></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCorebytecodeCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/bytecode/CodeBlock.cpp (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/bytecode/CodeBlock.cpp 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/bytecode/CodeBlock.cpp 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -32,7 +32,6 @@
</span><span class="cx">
</span><span class="cx"> #include "ArithProfile.h"
</span><span class="cx"> #include "BasicBlockLocation.h"
</span><del>-#include "ByValInfo.h"
</del><span class="cx"> #include "BytecodeDumper.h"
</span><span class="cx"> #include "BytecodeLivenessAnalysisInlines.h"
</span><span class="cx"> #include "BytecodeOperandsForCheckpoint.h"
</span><span class="lines">@@ -1626,8 +1625,6 @@
</span><span class="cx"> result.add(stubInfo->codeOrigin, ICStatus()).iterator->value.stubInfo = stubInfo;
</span><span class="cx"> for (CallLinkInfo* callLinkInfo : jitData->m_callLinkInfos)
</span><span class="cx"> result.add(callLinkInfo->codeOrigin(), ICStatus()).iterator->value.callLinkInfo = callLinkInfo;
</span><del>- for (ByValInfo* byValInfo : jitData->m_byValInfos)
- result.add(CodeOrigin(byValInfo->bytecodeIndex), ICStatus()).iterator->value.byValInfo = byValInfo;
</del><span class="cx"> }
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="cx"> if (JITCode::isOptimizingJIT(jitType())) {
</span><span class="lines">@@ -1699,24 +1696,6 @@
</span><span class="cx"> return nullptr;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-ByValInfo* CodeBlock::findByValInfo(CodeOrigin codeOrigin)
-{
- ConcurrentJSLocker locker(m_lock);
- if (auto* jitData = m_jitData.get()) {
- for (ByValInfo* byValInfo : jitData->m_byValInfos) {
- if (byValInfo->bytecodeIndex == codeOrigin.bytecodeIndex())
- return byValInfo;
- }
- }
- return nullptr;
-}
-
-ByValInfo* CodeBlock::addByValInfo(BytecodeIndex bytecodeIndex)
-{
- ConcurrentJSLocker locker(m_lock);
- return ensureJITData(locker).m_byValInfos.add(bytecodeIndex);
-}
-
</del><span class="cx"> CallLinkInfo* CodeBlock::addCallLinkInfo(CodeOrigin codeOrigin)
</span><span class="cx"> {
</span><span class="cx"> ConcurrentJSLocker locker(m_lock);
</span><span class="lines">@@ -1828,8 +1807,6 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx"> if (auto* jitData = m_jitData.get()) {
</span><del>- for (ByValInfo* byValInfo : jitData->m_byValInfos)
- byValInfo->visitAggregate(visitor);
</del><span class="cx"> for (StructureStubInfo* stubInfo : jitData->m_stubInfos)
</span><span class="cx"> stubInfo->visitAggregate(visitor);
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCorebytecodeCodeBlockh"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/bytecode/CodeBlock.h (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/bytecode/CodeBlock.h 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/bytecode/CodeBlock.h 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -97,7 +97,6 @@
</span><span class="cx"> class PCToCodeOriginMap;
</span><span class="cx"> class RegisterAtOffsetList;
</span><span class="cx"> class StructureStubInfo;
</span><del>-struct ByValInfo;
</del><span class="cx">
</span><span class="cx"> DECLARE_ALLOCATOR_WITH_HEAP_IDENTIFIER(CodeBlockRareData);
</span><span class="cx">
</span><span class="lines">@@ -275,7 +274,6 @@
</span><span class="cx"> Bag<JITMulIC> m_mulICs;
</span><span class="cx"> Bag<JITNegIC> m_negICs;
</span><span class="cx"> Bag<JITSubIC> m_subICs;
</span><del>- Bag<ByValInfo> m_byValInfos;
</del><span class="cx"> Bag<CallLinkInfo> m_callLinkInfos;
</span><span class="cx"> SentinelLinkedList<CallLinkInfo, PackedRawSentinelNode<CallLinkInfo>> m_incomingCalls;
</span><span class="cx"> SentinelLinkedList<PolymorphicCallNode, PackedRawSentinelNode<PolymorphicCallNode>> m_incomingPolymorphicCalls;
</span><span class="lines">@@ -316,11 +314,7 @@
</span><span class="cx">
</span><span class="cx"> // O(n) operation. Use getICStatusMap() unless you really only intend to get one stub info.
</span><span class="cx"> StructureStubInfo* findStubInfo(CodeOrigin);
</span><del>- // O(n) operation. Use getICStatusMap() unless you really only intend to get one by-val-info.
- ByValInfo* findByValInfo(CodeOrigin);
</del><span class="cx">
</span><del>- ByValInfo* addByValInfo(BytecodeIndex);
-
</del><span class="cx"> CallLinkInfo* addCallLinkInfo(CodeOrigin);
</span><span class="cx">
</span><span class="cx"> // This is a slow function call used primarily for compiling OSR exits in the case
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCorebytecodeICStatusMaph"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/bytecode/ICStatusMap.h (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/bytecode/ICStatusMap.h 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/bytecode/ICStatusMap.h 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -39,12 +39,10 @@
</span><span class="cx"> class PutByStatus;
</span><span class="cx"> class DeleteByStatus;
</span><span class="cx"> class StructureStubInfo;
</span><del>-struct ByValInfo;
</del><span class="cx">
</span><span class="cx"> struct ICStatus {
</span><span class="cx"> StructureStubInfo* stubInfo { nullptr };
</span><span class="cx"> CallLinkInfo* callLinkInfo { nullptr };
</span><del>- ByValInfo* byValInfo { nullptr };
</del><span class="cx"> CallLinkStatus* callStatus { nullptr };
</span><span class="cx"> GetByStatus* getStatus { nullptr };
</span><span class="cx"> InByStatus* inStatus { nullptr };
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCoredfgDFGByteCodeParsercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -6453,12 +6453,11 @@
</span><span class="cx"> Node* value = get(bytecode.m_value);
</span><span class="cx"> bool compiledAsPutPrivateNameById = false;
</span><span class="cx">
</span><ins>+ PutByStatus status = PutByStatus::computeFor(m_inlineStackTop->m_profiledBlock, m_inlineStackTop->m_baselineMap, m_icContextStack, currentCodeOrigin());
+
</ins><span class="cx"> if (!m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadIdent)
</span><span class="cx"> && !m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadType)
</span><span class="cx"> && !m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadConstantValue)) {
</span><del>-
- PutByStatus status = PutByStatus::computeFor(m_inlineStackTop->m_profiledBlock, m_inlineStackTop->m_baselineMap, m_icContextStack, currentCodeOrigin());
-
</del><span class="cx"> if (CacheableIdentifier identifier = status.singleIdentifier()) {
</span><span class="cx"> UniquedStringImpl* uid = identifier.uid();
</span><span class="cx"> unsigned identifierNumber = m_graph.identifiers().ensure(uid);
</span><span class="lines">@@ -6473,11 +6472,37 @@
</span><span class="cx">
</span><span class="cx"> handlePutPrivateNameById(base, identifier, identifierNumber, value, status, bytecode.m_putKind);
</span><span class="cx"> compiledAsPutPrivateNameById = true;
</span><ins>+ } else if (status.takesSlowPath()) {
+ // Even though status is taking a slow path, it is possible that this node still has constant identifier and using PutById is always better in that case.
+ UniquedStringImpl* uid = nullptr;
+ JSCell* propertyCell = nullptr;
+ if (auto* symbol = property->dynamicCastConstant<Symbol*>(*m_vm)) {
+ uid = &symbol->uid();
+ propertyCell = symbol;
+ FrozenValue* frozen = m_graph.freezeStrong(symbol);
+ addToGraph(CheckIsConstant, OpInfo(frozen), property);
+ } else if (auto* string = property->dynamicCastConstant<JSString*>(*m_vm)) {
+ if (auto* impl = string->tryGetValueImpl(); impl->isAtom() && !parseIndex(*const_cast<StringImpl*>(impl))) {
+ uid = bitwise_cast<UniquedStringImpl*>(impl);
+ propertyCell = string;
+ m_graph.freezeStrong(string);
+ addToGraph(CheckIdent, OpInfo(uid), property);
+ }
+ }
+
+ if (uid) {
+ unsigned identifierNumber = m_graph.identifiers().ensure(uid);
+ handlePutPrivateNameById(base, CacheableIdentifier::createFromCell(propertyCell), identifierNumber, value, status, bytecode.m_putKind);
+ compiledAsPutPrivateNameById = true;
+ }
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (!compiledAsPutPrivateNameById)
- addToGraph(PutPrivateName, OpInfo(), OpInfo(bytecode.m_putKind), base, property, value);
</del><ins>+ if (!compiledAsPutPrivateNameById) {
+ Node* putPrivateName = addToGraph(PutPrivateName, OpInfo(), OpInfo(bytecode.m_putKind), base, property, value);
+ if (status.observedStructureStubInfoSlowPath())
+ m_graph.m_slowPutByVal.add(putPrivateName);
+ }
</ins><span class="cx">
</span><span class="cx"> NEXT_OPCODE(op_put_private_name);
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCoredfgDFGFixupPhasecpp"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -1952,8 +1952,16 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case CheckPrivateBrand:
</del><ins>+ case CheckPrivateBrand: {
+ fixEdge<SymbolUse>(node->child2());
+ break;
+ }
+
</ins><span class="cx"> case PutPrivateName: {
</span><ins>+ if (!m_graph.m_slowPutByVal.contains(node)) {
+ if (node->child1()->shouldSpeculateCell())
+ fixEdge<CellUse>(node->child1());
+ }
</ins><span class="cx"> fixEdge<SymbolUse>(node->child2());
</span><span class="cx"> break;
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -3746,9 +3746,6 @@
</span><span class="cx">
</span><span class="cx"> void SpeculativeJIT::compileGetPrivateName(Node* node)
</span><span class="cx"> {
</span><del>- if (node->hasCacheableIdentifier())
- return compileGetPrivateNameById(node);
-
</del><span class="cx"> switch (m_graph.child(node, 0).useKind()) {
</span><span class="cx"> case CellUse: {
</span><span class="cx"> SpeculateCellOperand base(this, m_graph.child(node, 0));
</span><span class="lines">@@ -3941,22 +3938,78 @@
</span><span class="cx">
</span><span class="cx"> void SpeculativeJIT::compilePutPrivateName(Node* node)
</span><span class="cx"> {
</span><del>- ASSERT(node->child1().useKind() == UntypedUse);
- JSValueOperand base(this, node->child1());
- SpeculateCellOperand propertyValue(this, node->child2());
- JSValueOperand value(this, node->child3());
</del><ins>+ Edge& child1 = node->child1();
+ Edge& child2 = node->child2();
+ Edge& child3 = node->child3();
+ if (m_graph.m_slowPutByVal.contains(node) || (child1.useKind() != CellUse && child1.useKind() != KnownCellUse)) {
+ ASSERT(child1.useKind() == UntypedUse);
+ JSValueOperand base(this, child1);
+ SpeculateCellOperand propertyValue(this, child2);
+ JSValueOperand value(this, child3);
</ins><span class="cx">
</span><del>- JSValueRegs valueRegs = value.jsValueRegs();
- JSValueRegs baseRegs = base.jsValueRegs();
</del><ins>+ JSValueRegs valueRegs = value.jsValueRegs();
+ JSValueRegs baseRegs = base.jsValueRegs();
</ins><span class="cx">
</span><ins>+ GPRReg propertyGPR = propertyValue.gpr();
+
+ speculateSymbol(child2, propertyGPR);
+
+ flushRegisters();
+ auto operation = node->privateFieldPutKind().isDefine() ? operationPutByValDefinePrivateFieldGeneric : operationPutByValSetPrivateFieldGeneric;
+ callOperation(operation, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), baseRegs, CCallHelpers::CellValue(propertyGPR), valueRegs, TrustedImmPtr(nullptr), TrustedImmPtr(nullptr));
+ m_jit.exceptionCheck();
+
+ noResult(node);
+ return;
+ }
+
+ SpeculateCellOperand base(this, child1);
+ SpeculateCellOperand propertyValue(this, child2);
+ JSValueOperand value(this, child3);
+
+ GPRReg baseGPR = base.gpr();
</ins><span class="cx"> GPRReg propertyGPR = propertyValue.gpr();
</span><ins>+ JSValueRegs valueRegs = value.jsValueRegs();
</ins><span class="cx">
</span><del>- speculateSymbol(node->child2(), propertyGPR);
</del><ins>+ GPRTemporary stubInfo;
+ GPRReg stubInfoGPR = InvalidGPRReg;
+ if (JITCode::useDataIC(JITType::DFGJIT)) {
+ stubInfo = GPRTemporary(this);
+ stubInfoGPR = stubInfo.gpr();
+ }
</ins><span class="cx">
</span><del>- flushRegisters();
- callOperation(operationPutPrivateNameGeneric, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), baseRegs, CCallHelpers::CellValue(propertyGPR), valueRegs, TrustedImmPtr(nullptr), TrustedImm32(node->privateFieldPutKind().value()));
- m_jit.exceptionCheck();
</del><ins>+ speculateSymbol(child2, propertyGPR);
</ins><span class="cx">
</span><ins>+ CodeOrigin codeOrigin = node->origin.semantic;
+ CallSiteIndex callSite = m_jit.recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded(codeOrigin, m_stream->size());
+ RegisterSet usedRegisters = this->usedRegisters();
+
+ JITPutByValGenerator gen(
+ m_jit.codeBlock(), JITType::DFGJIT, codeOrigin, callSite, AccessType::PutByVal, usedRegisters,
+ JSValueRegs::payloadOnly(baseGPR), JSValueRegs::payloadOnly(propertyGPR), valueRegs, InvalidGPRReg, stubInfoGPR);
+ gen.stubInfo()->propertyIsSymbol = true;
+
+ gen.generateFastPath(m_jit);
+
+ JITCompiler::JumpList slowCases;
+ if (!JITCode::useDataIC(JITType::DFGJIT))
+ slowCases.append(gen.slowPathJump());
+
+ std::unique_ptr<SlowPathGenerator> slowPath;
+ auto operation = node->privateFieldPutKind().isDefine() ? operationPutByValDefinePrivateFieldOptimize : operationPutByValSetPrivateFieldOptimize;
+ if (JITCode::useDataIC(JITType::DFGJIT)) {
+ slowPath = slowPathICCall(
+ slowCases, this, gen.stubInfo(), stubInfoGPR, CCallHelpers::Address(stubInfoGPR, StructureStubInfo::offsetOfSlowOperation()), operation,
+ NoResult, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), CCallHelpers::CellValue(baseGPR), CCallHelpers::CellValue(propertyGPR), valueRegs, stubInfoGPR, nullptr);
+ } else {
+ slowPath = slowPathCall(
+ slowCases, this, operation,
+ NoResult, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), CCallHelpers::CellValue(baseGPR), CCallHelpers::CellValue(propertyGPR), valueRegs, gen.stubInfo(), nullptr);
+ }
+
+ m_jit.addPutByVal(gen, slowPath.get());
+ addSlowPathGenerator(WTFMove(slowPath));
+
</ins><span class="cx"> noResult(node);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -2592,12 +2592,16 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetPrivateName:
- case GetPrivateNameById: {
</del><ins>+ case GetPrivateName: {
</ins><span class="cx"> compileGetPrivateName(node);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case GetPrivateNameById: {
+ compileGetPrivateNameById(node);
+ break;
+ }
+
</ins><span class="cx"> case GetByVal: {
</span><span class="cx"> JSValueRegsTemporary jsValueResult;
</span><span class="cx"> GPRTemporary oneRegResult;
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -3108,12 +3108,16 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetPrivateName:
- case GetPrivateNameById: {
</del><ins>+ case GetPrivateName: {
</ins><span class="cx"> compileGetPrivateName(node);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case GetPrivateNameById: {
+ compileGetPrivateNameById(node);
+ break;
+ }
+
</ins><span class="cx"> case GetByVal: {
</span><span class="cx"> JSValueRegsTemporary result;
</span><span class="cx"> compileGetByVal(node, scopedLambda<std::tuple<JSValueRegs, DataFormat>(DataFormat preferredFormat)>([&] (DataFormat preferredFormat) {
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCoredfgDFGStoreBarrierInsertionPhasecpp"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -275,6 +275,12 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case PutPrivateName: {
+ if (!m_graph.m_slowPutByVal.contains(m_node) && (m_node->child1().useKind() == CellUse || m_node->child1().useKind() == KnownCellUse))
+ considerBarrier(m_node->child1(), m_node->child3());
+ break;
+ }
+
</ins><span class="cx"> case PutPrivateNameById: {
</span><span class="cx"> // We emit IC code when we have a non-null cacheableIdentifier and we need to introduce a
</span><span class="cx"> // barrier for it. On PutPrivateName, we perform store barrier during slow path execution.
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCoreftlFTLLowerDFGToB3cpp"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -4262,15 +4262,100 @@
</span><span class="cx">
</span><span class="cx"> void compilePutPrivateName()
</span><span class="cx"> {
</span><del>- DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse, m_node->child1().useKind());
</del><span class="cx"> JSGlobalObject* globalObject = m_graph.globalObjectFor(m_node->origin.semantic);
</span><ins>+ Edge& child1 = m_node->child1();
+ Edge& child2 = m_node->child2();
+ Edge& child3 = m_node->child3();
+ if (m_graph.m_slowPutByVal.contains(m_node) || (child1.useKind() != CellUse && child1.useKind() != KnownCellUse)) {
+ DFG_ASSERT(m_graph, m_node, child1.useKind() == UntypedUse, child1.useKind());
</ins><span class="cx">
</span><del>- LValue base = lowJSValue(m_node->child1());
- LValue property = lowSymbol(m_node->child2());
- LValue value = lowJSValue(m_node->child3());
</del><ins>+ LValue base = lowJSValue(child1);
+ LValue property = lowSymbol(child2);
+ LValue value = lowJSValue(child3);
</ins><span class="cx">
</span><del>- vmCall(Void, operationPutPrivateNameGeneric,
- weakPointer(globalObject), base, property, value, m_out.constIntPtr(0), m_out.constInt32(m_node->privateFieldPutKind().value()));
</del><ins>+ auto operation = m_node->privateFieldPutKind().isDefine() ? operationPutByValDefinePrivateFieldGeneric : operationPutByValSetPrivateFieldGeneric;
+ vmCall(Void, operation, weakPointer(globalObject), base, property, value, m_out.constIntPtr(0), m_out.constIntPtr(0));
+ return;
+ }
+
+ Node* node = m_node;
+
+ LValue base = lowCell(child1);
+ LValue property = lowSymbol(child2);
+ LValue value = lowJSValue(child3);
+
+ PatchpointValue* patchpoint = m_out.patchpoint(Void);
+ patchpoint->appendSomeRegister(base);
+ patchpoint->appendSomeRegister(property);
+ patchpoint->appendSomeRegister(value);
+ patchpoint->append(m_notCellMask, ValueRep::lateReg(GPRInfo::notCellMaskRegister));
+ patchpoint->append(m_numberTag, ValueRep::lateReg(GPRInfo::numberTagRegister));
+ patchpoint->clobber(RegisterSet::macroScratchRegisters());
+ patchpoint->numGPScratchRegisters = JITCode::useDataIC(JITType::FTLJIT) ? 1 : 0;
+
+ RefPtr<PatchpointExceptionHandle> exceptionHandle = preparePatchpointForExceptions(patchpoint);
+
+ State* state = &m_ftlState;
+ CodeOrigin nodeSemanticOrigin = node->origin.semantic;
+ auto operation = node->privateFieldPutKind().isDefine() ? operationPutByValDefinePrivateFieldOptimize : operationPutByValSetPrivateFieldOptimize;
+ patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
+ AllowMacroScratchRegisterUsage allowScratch(jit);
+
+ CallSiteIndex callSiteIndex = state->jitCode->common.codeOrigins->addUniqueCallSiteIndex(nodeSemanticOrigin);
+
+ // This is the direct exit target for operation calls.
+ Box<CCallHelpers::JumpList> exceptions = exceptionHandle->scheduleExitCreation(params)->jumps(jit);
+
+ // This is the exit for call IC's created by the IC for getters. We don't have
+ // to do anything weird other than call this, since it will associate the exit with
+ // the callsite index.
+ exceptionHandle->scheduleExitCreationForUnwind(params, callSiteIndex);
+
+ GPRReg baseGPR = params[0].gpr();
+ GPRReg propertyGPR = params[1].gpr();
+ GPRReg valueGPR = params[2].gpr();
+ GPRReg stubInfoGPR = JITCode::useDataIC(JITType::FTLJIT) ? params.gpScratch(0) : InvalidGPRReg;
+
+ auto generator = Box<JITPutByValGenerator>::create(
+ jit.codeBlock(), JITType::FTLJIT, nodeSemanticOrigin, callSiteIndex, AccessType::PutByVal,
+ params.unavailableRegisters(), JSValueRegs(baseGPR), JSValueRegs(propertyGPR), JSValueRegs(valueGPR), InvalidGPRReg, stubInfoGPR);
+
+ generator->stubInfo()->propertyIsSymbol = true;
+
+ generator->generateFastPath(jit);
+ CCallHelpers::Label done = jit.label();
+
+ params.addLatePath([=] (CCallHelpers& jit) {
+ AllowMacroScratchRegisterUsage allowScratch(jit);
+
+ if (!JITCode::useDataIC(JITType::FTLJIT))
+ generator->slowPathJump().link(&jit);
+ CCallHelpers::Label slowPathBegin = jit.label();
+ CCallHelpers::Call slowPathCall;
+ if (JITCode::useDataIC(JITType::FTLJIT)) {
+ jit.move(CCallHelpers::TrustedImmPtr(generator->stubInfo()), stubInfoGPR);
+ generator->stubInfo()->m_slowOperation = operation;
+ slowPathCall = callOperation(
+ *state, params.unavailableRegisters(), jit, nodeSemanticOrigin,
+ exceptions.get(), CCallHelpers::Address(stubInfoGPR, StructureStubInfo::offsetOfSlowOperation()), InvalidGPRReg,
+ jit.codeBlock()->globalObjectFor(nodeSemanticOrigin),
+ baseGPR, propertyGPR, valueGPR, stubInfoGPR, CCallHelpers::TrustedImmPtr(nullptr)).call();
+ } else {
+ slowPathCall = callOperation(
+ *state, params.unavailableRegisters(), jit, nodeSemanticOrigin,
+ exceptions.get(), operation, InvalidGPRReg,
+ jit.codeBlock()->globalObjectFor(nodeSemanticOrigin),
+ baseGPR, propertyGPR, valueGPR, CCallHelpers::TrustedImmPtr(generator->stubInfo()), CCallHelpers::TrustedImmPtr(nullptr)).call();
+ }
+ jit.jump().linkTo(done, &jit);
+
+ generator->reportSlowPathCall(slowPathBegin, slowPathCall);
+
+ jit.addLinkTask([=] (LinkBuffer& linkBuffer) {
+ generator->finalize(linkBuffer, linkBuffer);
+ });
+ });
+ });
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void compileAtomicsReadModifyWrite()
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCorejitJITcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/jit/JIT.cpp (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/jit/JIT.cpp 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/jit/JIT.cpp 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -517,7 +517,6 @@
</span><span class="cx"> m_delByValIndex = 0;
</span><span class="cx"> m_instanceOfIndex = 0;
</span><span class="cx"> m_privateBrandAccessIndex = 0;
</span><del>- m_byValInstructionIndex = 0;
</del><span class="cx"> m_callLinkInfoIndex = 0;
</span><span class="cx">
</span><span class="cx"> unsigned bytecodeCountHavingSlowCase = 0;
</span><span class="lines">@@ -919,45 +918,6 @@
</span><span class="cx"> finalizeInlineCaches(m_instanceOfs, patchBuffer);
</span><span class="cx"> finalizeInlineCaches(m_privateBrandAccesses, patchBuffer);
</span><span class="cx">
</span><del>- if (m_byValCompilationInfo.size()) {
-#if ENABLE(EXTRA_CTI_THUNKS)
- CodeLocationLabel exceptionHandler(vm().getCTIStub(handleExceptionGenerator).retaggedCode<ExceptionHandlerPtrTag>());
-#else
- CodeLocationLabel<ExceptionHandlerPtrTag> exceptionHandler = patchBuffer.locationOf<ExceptionHandlerPtrTag>(m_exceptionHandler);
-#endif
-
- for (const auto& byValCompilationInfo : m_byValCompilationInfo) {
- PatchableJump patchableNotIndexJump = byValCompilationInfo.notIndexJump;
- CodeLocationJump<JSInternalPtrTag> notIndexJump;
- if (Jump(patchableNotIndexJump).isSet())
- notIndexJump = CodeLocationJump<JSInternalPtrTag>(patchBuffer.locationOf<JSInternalPtrTag>(patchableNotIndexJump));
-
- PatchableJump patchableBadTypeJump = byValCompilationInfo.badTypeJump;
- CodeLocationJump<JSInternalPtrTag> badTypeJump;
- if (Jump(patchableBadTypeJump).isSet())
- badTypeJump = CodeLocationJump<JSInternalPtrTag>(patchBuffer.locationOf<JSInternalPtrTag>(byValCompilationInfo.badTypeJump));
-
- auto doneTarget = CodeLocationLabel<JSInternalPtrTag>(patchBuffer.locationOf<JSInternalPtrTag>(byValCompilationInfo.doneTarget));
- auto nextHotPathTarget = CodeLocationLabel<JSInternalPtrTag>(patchBuffer.locationOf<JSInternalPtrTag>(byValCompilationInfo.nextHotPathTarget));
- auto slowPathTarget = CodeLocationLabel<JSInternalPtrTag>(patchBuffer.locationOf<JSInternalPtrTag>(byValCompilationInfo.slowPathTarget));
-
- byValCompilationInfo.byValInfo->setUp(
- exceptionHandler,
- byValCompilationInfo.arrayMode,
- byValCompilationInfo.arrayProfile,
- doneTarget,
- nextHotPathTarget,
- slowPathTarget);
- if (JITCode::useDataIC(JITType::BaselineJIT)) {
- byValCompilationInfo.byValInfo->m_notIndexJumpTarget = slowPathTarget.retagged<JITStubRoutinePtrTag>();
- byValCompilationInfo.byValInfo->m_badTypeJumpTarget = slowPathTarget.retagged<JITStubRoutinePtrTag>();
- } else {
- byValCompilationInfo.byValInfo->m_notIndexJump = notIndexJump;
- byValCompilationInfo.byValInfo->m_badTypeJump = badTypeJump;
- }
- }
- }
-
</del><span class="cx"> for (auto& compilationInfo : m_callCompilationInfo) {
</span><span class="cx"> CallLinkInfo& info = *compilationInfo.callLinkInfo;
</span><span class="cx"> info.setCodeLocations(
</span><span class="lines">@@ -1060,7 +1020,7 @@
</span><span class="cx"> jumpToExceptionHandler(vm());
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (!m_exceptionChecks.empty() || m_byValCompilationInfo.size()) {
</del><ins>+ if (!m_exceptionChecks.empty()) {
</ins><span class="cx"> m_exceptionHandler = label();
</span><span class="cx"> m_exceptionChecks.link(this);
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCorejitJITh"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/jit/JIT.h (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/jit/JIT.h 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/jit/JIT.h 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -37,7 +37,6 @@
</span><span class="cx">
</span><span class="cx"> #define ASSERT_JIT_OFFSET(actual, expected) ASSERT_WITH_MESSAGE(actual == expected, "JIT Offset \"%s\" should be %d, not %d.\n", #expected, static_cast<int>(expected), static_cast<int>(actual));
</span><span class="cx">
</span><del>-#include "ByValInfo.h"
</del><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "CommonSlowPaths.h"
</span><span class="cx"> #include "JITDisassembler.h"
</span><span class="lines">@@ -149,42 +148,6 @@
</span><span class="cx"> }
</span><span class="cx"> };
</span><span class="cx">
</span><del>- struct ByValCompilationInfo {
- ByValCompilationInfo() { }
-
- ByValCompilationInfo(ByValInfo* byValInfo, BytecodeIndex bytecodeIndex, MacroAssembler::PatchableJump notIndexJump, MacroAssembler::PatchableJump badTypeJump, JITArrayMode arrayMode, ArrayProfile* arrayProfile, MacroAssembler::Label doneTarget, MacroAssembler::Label nextHotPathTarget)
- : byValInfo(byValInfo)
- , bytecodeIndex(bytecodeIndex)
- , notIndexJump(notIndexJump)
- , badTypeJump(badTypeJump)
- , arrayMode(arrayMode)
- , arrayProfile(arrayProfile)
- , doneTarget(doneTarget)
- , nextHotPathTarget(nextHotPathTarget)
- {
- }
-
- ByValCompilationInfo(ByValInfo* byValInfo, BytecodeIndex bytecodeIndex, MacroAssembler::PatchableJump notIndexJump, MacroAssembler::Label doneTarget, MacroAssembler::Label nextHotPathTarget)
- : byValInfo(byValInfo)
- , bytecodeIndex(bytecodeIndex)
- , notIndexJump(notIndexJump)
- , doneTarget(doneTarget)
- , nextHotPathTarget(nextHotPathTarget)
- {
- }
-
- ByValInfo* byValInfo;
- BytecodeIndex bytecodeIndex;
- MacroAssembler::PatchableJump notIndexJump;
- MacroAssembler::PatchableJump badTypeJump;
- JITArrayMode arrayMode;
- ArrayProfile* arrayProfile;
- MacroAssembler::Label doneTarget;
- MacroAssembler::Label nextHotPathTarget;
- MacroAssembler::Label slowPathTarget;
- MacroAssembler::Call returnAddress;
- };
-
</del><span class="cx"> struct CallCompilationInfo {
</span><span class="cx"> MacroAssembler::Label slowPathStart;
</span><span class="cx"> MacroAssembler::Label doneLocation;
</span><span class="lines">@@ -224,13 +187,6 @@
</span><span class="cx"> {
</span><span class="cx"> return JIT(vm, codeBlock, bytecodeOffset).privateCompile(effort);
</span><span class="cx"> }
</span><del>-
- static void compilePutPrivateNameWithCachedId(VM& vm, CodeBlock* codeBlock, ByValInfo* byValInfo, ReturnAddressPtr returnAddress, CacheableIdentifier propertyName)
- {
- JIT jit(vm, codeBlock);
- jit.m_bytecodeIndex = byValInfo->bytecodeIndex;
- jit.privateCompilePutPrivateNameWithCachedId(byValInfo, returnAddress, propertyName);
- }
</del><span class="cx">
</span><span class="cx"> static unsigned frameRegisterCountFor(CodeBlock*);
</span><span class="cx"> static int stackPointerOffsetFor(CodeBlock*);
</span><span class="lines">@@ -244,8 +200,6 @@
</span><span class="cx"> void privateCompileSlowCases();
</span><span class="cx"> void link();
</span><span class="cx"> CompilationResult privateCompile(JITCompilationEffort);
</span><del>-
- void privateCompilePutPrivateNameWithCachedId(ByValInfo*, ReturnAddressPtr, CacheableIdentifier);
</del><span class="cx">
</span><span class="cx"> // Add a call out from JIT code, without an exception check.
</span><span class="cx"> Call appendCall(const FunctionPtr<CFunctionPtrTag> function)
</span><span class="lines">@@ -353,8 +307,6 @@
</span><span class="cx">
</span><span class="cx"> void emitArrayProfilingSiteWithCell(RegisterID cellGPR, ArrayProfile*, RegisterID scratchGPR);
</span><span class="cx"> void emitArrayProfilingSiteWithCell(RegisterID cellGPR, RegisterID arrayProfileGPR, RegisterID scratchGPR);
</span><del>- void emitArrayProfileStoreToHoleSpecialCase(ArrayProfile*);
- void emitArrayProfileOutOfBoundsSpecialCase(ArrayProfile*);
</del><span class="cx">
</span><span class="cx"> template<typename Op>
</span><span class="cx"> ECMAMode ecmaMode(Op);
</span><span class="lines">@@ -363,14 +315,6 @@
</span><span class="cx"> template<typename Op>
</span><span class="cx"> PrivateFieldPutKind privateFieldPutKind(Op);
</span><span class="cx">
</span><del>- // Identifier check helper for GetByVal and PutByVal.
- void emitByValIdentifierCheck(RegisterID cell, RegisterID scratch, CacheableIdentifier, JumpList& slowCases);
-
- JITPutByIdGenerator emitPutPrivateNameWithCachedId(OpPutPrivateName, CacheableIdentifier, JumpList& doneCases, JumpList& slowCases);
-
- template<typename Op>
- JITPutByIdGenerator emitPutByValWithCachedId(Op, PutKind, CacheableIdentifier, JumpList& doneCases, JumpList& slowCases);
-
</del><span class="cx"> enum FinalObjectMode { MayBeFinal, KnownNotFinal };
</span><span class="cx">
</span><span class="cx"> void emitGetVirtualRegister(VirtualRegister src, JSValueRegs dst);
</span><span class="lines">@@ -1012,7 +956,6 @@
</span><span class="cx"> Vector<JITDelByValGenerator> m_delByVals;
</span><span class="cx"> Vector<JITInstanceOfGenerator> m_instanceOfs;
</span><span class="cx"> Vector<JITPrivateBrandAccessGenerator> m_privateBrandAccesses;
</span><del>- Vector<ByValCompilationInfo> m_byValCompilationInfo;
</del><span class="cx"> Vector<CallCompilationInfo> m_callCompilationInfo;
</span><span class="cx"> Vector<JumpTable> m_jmpTable;
</span><span class="cx">
</span><span class="lines">@@ -1040,7 +983,6 @@
</span><span class="cx"> unsigned m_delByIdIndex { UINT_MAX };
</span><span class="cx"> unsigned m_instanceOfIndex { UINT_MAX };
</span><span class="cx"> unsigned m_privateBrandAccessIndex { UINT_MAX };
</span><del>- unsigned m_byValInstructionIndex { UINT_MAX };
</del><span class="cx"> unsigned m_callLinkInfoIndex { UINT_MAX };
</span><span class="cx"> unsigned m_bytecodeCountHavingSlowCase { 0 };
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCorejitJITInlinesh"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/jit/JITInlines.h (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/jit/JITInlines.h 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/jit/JITInlines.h 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -360,16 +360,6 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline void JIT::emitArrayProfileStoreToHoleSpecialCase(ArrayProfile* arrayProfile)
-{
- store8(TrustedImm32(1), arrayProfile->addressOfMayStoreToHole());
-}
-
-inline void JIT::emitArrayProfileOutOfBoundsSpecialCase(ArrayProfile* arrayProfile)
-{
- store8(TrustedImm32(1), arrayProfile->addressOfOutOfBounds());
-}
-
</del><span class="cx"> ALWAYS_INLINE int32_t JIT::getOperandConstantInt(VirtualRegister src)
</span><span class="cx"> {
</span><span class="cx"> return getConstantOperand(src).asInt32();
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCorejitJITOperationscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/jit/JITOperations.cpp (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/jit/JITOperations.cpp 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/jit/JITOperations.cpp 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -1315,19 +1315,12 @@
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, void());
</span><span class="cx"> }
</span><span class="cx">
</span><del>-JSC_DEFINE_JIT_OPERATION(operationPutPrivateNameOptimize, void, (JSGlobalObject* globalObject, EncodedJSValue encodedBaseValue, EncodedJSValue encodedSubscript, EncodedJSValue encodedValue, ByValInfo* byValInfo, PrivateFieldPutKind putKind))
</del><ins>+template<bool define>
+static ALWAYS_INLINE void putPrivateNameOptimize(JSGlobalObject* globalObject, CodeBlock* codeBlock, JSValue baseValue, JSValue subscript, JSValue value, StructureStubInfo* stubInfo)
</ins><span class="cx"> {
</span><span class="cx"> VM& vm = globalObject->vm();
</span><del>- CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
- JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
</del><span class="cx"> auto scope = DECLARE_THROW_SCOPE(vm);
</span><span class="cx">
</span><del>- CodeBlock* codeBlock = callFrame->codeBlock();
-
- JSValue baseValue = JSValue::decode(encodedBaseValue);
- JSValue subscript = JSValue::decode(encodedSubscript);
- JSValue value = JSValue::decode(encodedValue);
-
</del><span class="cx"> auto baseObject = baseValue.toObject(globalObject);
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, void());
</span><span class="cx">
</span><span class="lines">@@ -1334,93 +1327,108 @@
</span><span class="cx"> auto propertyName = subscript.toPropertyKey(globalObject);
</span><span class="cx"> EXCEPTION_ASSERT(!scope.exception());
</span><span class="cx">
</span><del>- OptimizationResult optimizationResult = OptimizationResult::NotOptimized;
</del><ins>+ // Private fields can only be accessed within class lexical scope
+ // and class methods are always in strict mode
+ AccessType accessType = static_cast<AccessType>(stubInfo->accessType);
+ Structure* structure = CommonSlowPaths::originalStructureBeforePut(vm, baseValue);
+ constexpr bool isStrictMode = true;
+ PutPropertySlot slot(baseObject, isStrictMode);
+ if constexpr (define)
+ baseObject->definePrivateField(globalObject, propertyName, value, slot);
+ else
+ baseObject->setPrivateField(globalObject, propertyName, value, slot);
+ RETURN_IF_EXCEPTION(scope, void());
</ins><span class="cx">
</span><ins>+ if (accessType != static_cast<AccessType>(stubInfo->accessType))
+ return;
+
</ins><span class="cx"> if (baseValue.isObject() && CacheableIdentifier::isCacheableIdentifierCell(subscript)) {
</span><del>- ASSERT(subscript.isSymbol());
- ASSERT(callFrame->bytecodeIndex() != BytecodeIndex(0));
- ASSERT(!byValInfo->stubRoutine);
- if (byValInfo->seen) {
- if (byValInfo->cachedId.uid() == propertyName) {
- JIT::compilePutPrivateNameWithCachedId(vm, codeBlock, byValInfo, ReturnAddressPtr(OUR_RETURN_ADDRESS), byValInfo->cachedId);
- optimizationResult = OptimizationResult::Optimized;
- } else {
- // Seem like a generic property access site.
- optimizationResult = OptimizationResult::GiveUp;
- }
- } else {
- {
- ConcurrentJSLocker locker(codeBlock->m_lock);
- byValInfo->seen = true;
- byValInfo->cachedId = CacheableIdentifier::createFromCell(subscript.asCell());
- optimizationResult = OptimizationResult::SeenOnce;
- }
- vm.heap.writeBarrier(codeBlock, subscript.asCell());
- }
</del><ins>+ CacheableIdentifier identifier = CacheableIdentifier::createFromCell(subscript.asCell());
+ if (stubInfo->considerCachingBy(vm, codeBlock, structure, identifier))
+ repatchPutBy(globalObject, codeBlock, baseValue, structure, identifier, slot, *stubInfo, PutByKind::ByVal, define ? PutKind::DirectPrivateFieldDefine : PutKind::DirectPrivateFieldSet);
</ins><span class="cx"> }
</span><ins>+}
</ins><span class="cx">
</span><del>- if (optimizationResult != OptimizationResult::Optimized && optimizationResult != OptimizationResult::SeenOnce) {
- // If we take slow path more than 10 times without patching then make sure we
- // never make that mistake again. This gives 10 iterations worth of opportunity
- // for us to observe that the put_private_name may be polymorphic.
- // We count up slowPathCount even if the result is GiveUp.
- if (++byValInfo->slowPathCount >= 10)
- optimizationResult = OptimizationResult::GiveUp;
- }
</del><ins>+template<bool define>
+static ALWAYS_INLINE void putPrivateName(JSGlobalObject* globalObject, JSValue baseValue, JSValue subscript, JSValue value)
+{
+ VM& vm = globalObject->vm();
+ auto scope = DECLARE_THROW_SCOPE(vm);
</ins><span class="cx">
</span><del>- if (optimizationResult == OptimizationResult::GiveUp) {
- // Don't ever try to optimize.
- byValInfo->tookSlowPath = true;
- if (codeBlock->useDataIC())
- byValInfo->m_slowOperation = operationPutPrivateNameGeneric;
- else
- ctiPatchCallByReturnAddress(ReturnAddressPtr(OUR_RETURN_ADDRESS), operationPutPrivateNameGeneric);
- }
</del><ins>+ auto baseObject = baseValue.toObject(globalObject);
+ RETURN_IF_EXCEPTION(scope, void());
</ins><span class="cx">
</span><ins>+ auto propertyName = subscript.toPropertyKey(globalObject);
+ EXCEPTION_ASSERT(!scope.exception());
+
</ins><span class="cx"> scope.release();
</span><del>-
</del><ins>+
</ins><span class="cx"> // Private fields can only be accessed within class lexical scope
</span><span class="cx"> // and class methods are always in strict mode
</span><del>- const bool isStrictMode = true;
</del><ins>+ constexpr bool isStrictMode = true;
</ins><span class="cx"> PutPropertySlot slot(baseObject, isStrictMode);
</span><del>- if (putKind.isDefine())
</del><ins>+ if constexpr (define)
</ins><span class="cx"> baseObject->definePrivateField(globalObject, propertyName, value, slot);
</span><span class="cx"> else
</span><span class="cx"> baseObject->setPrivateField(globalObject, propertyName, value, slot);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-// We need to match the signature of operationPutPrivateNameOptimize
-JSC_DEFINE_JIT_OPERATION(operationPutPrivateNameGeneric, void, (JSGlobalObject* globalObject, EncodedJSValue encodedBaseValue, EncodedJSValue encodedSubscript, EncodedJSValue encodedValue, ByValInfo* byValInfo, PrivateFieldPutKind privateFieldPutKind))
</del><ins>+JSC_DEFINE_JIT_OPERATION(operationPutByValDefinePrivateFieldOptimize, void, (JSGlobalObject* globalObject, EncodedJSValue encodedBaseValue, EncodedJSValue encodedSubscript, EncodedJSValue encodedValue, StructureStubInfo* stubInfo, ArrayProfile*))
</ins><span class="cx"> {
</span><span class="cx"> VM& vm = globalObject->vm();
</span><span class="cx"> CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
</span><span class="cx"> JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
</span><span class="cx">
</span><del>- auto scope = DECLARE_THROW_SCOPE(vm);
</del><ins>+ CodeBlock* codeBlock = callFrame->codeBlock();
+ JSValue baseValue = JSValue::decode(encodedBaseValue);
+ JSValue subscript = JSValue::decode(encodedSubscript);
+ JSValue value = JSValue::decode(encodedValue);
+ putPrivateNameOptimize<true>(globalObject, codeBlock, baseValue, subscript, value, stubInfo);
+}
</ins><span class="cx">
</span><ins>+JSC_DEFINE_JIT_OPERATION(operationPutByValSetPrivateFieldOptimize, void, (JSGlobalObject* globalObject, EncodedJSValue encodedBaseValue, EncodedJSValue encodedSubscript, EncodedJSValue encodedValue, StructureStubInfo* stubInfo, ArrayProfile*))
+{
+ VM& vm = globalObject->vm();
+ CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+ JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+
+ CodeBlock* codeBlock = callFrame->codeBlock();
</ins><span class="cx"> JSValue baseValue = JSValue::decode(encodedBaseValue);
</span><span class="cx"> JSValue subscript = JSValue::decode(encodedSubscript);
</span><span class="cx"> JSValue value = JSValue::decode(encodedValue);
</span><ins>+ putPrivateNameOptimize<false>(globalObject, codeBlock, baseValue, subscript, value, stubInfo);
+}
</ins><span class="cx">
</span><del>- auto baseObject = baseValue.toObject(globalObject);
- RETURN_IF_EXCEPTION(scope, void());
</del><ins>+JSC_DEFINE_JIT_OPERATION(operationPutByValDefinePrivateFieldGeneric, void, (JSGlobalObject* globalObject, EncodedJSValue encodedBaseValue, EncodedJSValue encodedSubscript, EncodedJSValue encodedValue, StructureStubInfo* stubInfo, ArrayProfile*))
+{
+ VM& vm = globalObject->vm();
+ CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+ JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
</ins><span class="cx">
</span><del>- auto propertyName = subscript.toPropertyKey(globalObject);
- EXCEPTION_ASSERT(!scope.exception());
</del><ins>+ JSValue baseValue = JSValue::decode(encodedBaseValue);
+ JSValue subscript = JSValue::decode(encodedSubscript);
+ JSValue value = JSValue::decode(encodedValue);
</ins><span class="cx">
</span><del>- scope.release();
</del><ins>+ if (stubInfo)
+ stubInfo->tookSlowPath = true;
</ins><span class="cx">
</span><del>- // Private fields can only be accessed within class lexical scope
- // and class methods are always in strict mode
- const bool isStrictMode = true;
- PutPropertySlot slot(baseObject, isStrictMode);
- if (privateFieldPutKind.isDefine())
- baseObject->definePrivateField(globalObject, propertyName, value, slot);
- else
- baseObject->setPrivateField(globalObject, propertyName, value, slot);
</del><ins>+ putPrivateName<true>(globalObject, baseValue, subscript, value);
+}
</ins><span class="cx">
</span><del>- if (byValInfo)
- byValInfo->tookSlowPath = true;
</del><ins>+JSC_DEFINE_JIT_OPERATION(operationPutByValSetPrivateFieldGeneric, void, (JSGlobalObject* globalObject, EncodedJSValue encodedBaseValue, EncodedJSValue encodedSubscript, EncodedJSValue encodedValue, StructureStubInfo* stubInfo, ArrayProfile*))
+{
+ VM& vm = globalObject->vm();
+ CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+ JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+
+ JSValue baseValue = JSValue::decode(encodedBaseValue);
+ JSValue subscript = JSValue::decode(encodedSubscript);
+ JSValue value = JSValue::decode(encodedValue);
+
+ if (stubInfo)
+ stubInfo->tookSlowPath = true;
+
+ putPrivateName<false>(globalObject, baseValue, subscript, value);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSC_DEFINE_JIT_OPERATION(operationCallEval, EncodedJSValue, (JSGlobalObject* globalObject, CallFrame* calleeFrame, ECMAMode ecmaMode))
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCorejitJITOperationsh"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/jit/JITOperations.h (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/jit/JITOperations.h 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/jit/JITOperations.h 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -64,7 +64,6 @@
</span><span class="cx"> class VM;
</span><span class="cx"> class WatchpointSet;
</span><span class="cx">
</span><del>-struct ByValInfo;
</del><span class="cx"> struct ECMAMode;
</span><span class="cx"> struct InlineCallFrame;
</span><span class="cx"> struct Instruction;
</span><span class="lines">@@ -80,7 +79,6 @@
</span><span class="cx"> Ap: ArrayProfile*
</span><span class="cx"> Arp: BinaryArithProfile*
</span><span class="cx"> B: Butterfly*
</span><del>- By: ByValInfo*
</del><span class="cx"> C: JSCell*
</span><span class="cx"> Cb: CodeBlock*
</span><span class="cx"> Cli: CallLinkInfo*
</span><span class="lines">@@ -201,9 +199,6 @@
</span><span class="cx"> JSC_DECLARE_JIT_OPERATION(operationSetPrivateBrandGeneric, void, (JSGlobalObject*, StructureStubInfo*, EncodedJSValue, EncodedJSValue));
</span><span class="cx"> JSC_DECLARE_JIT_OPERATION(operationCheckPrivateBrandGeneric, void, (JSGlobalObject*, StructureStubInfo*, EncodedJSValue, EncodedJSValue));
</span><span class="cx">
</span><del>-JSC_DECLARE_JIT_OPERATION(operationPutPrivateNameOptimize, void, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ByValInfo*, PrivateFieldPutKind));
-JSC_DECLARE_JIT_OPERATION(operationPutPrivateNameGeneric, void, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ByValInfo*, PrivateFieldPutKind));
-
</del><span class="cx"> JSC_DECLARE_JIT_OPERATION(operationPutByValNonStrictOptimize, void, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, EncodedJSValue, StructureStubInfo*, ArrayProfile*));
</span><span class="cx"> JSC_DECLARE_JIT_OPERATION(operationPutByValStrictOptimize, void, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, EncodedJSValue, StructureStubInfo*, ArrayProfile*));
</span><span class="cx"> JSC_DECLARE_JIT_OPERATION(operationDirectPutByValNonStrictOptimize, void, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, EncodedJSValue, StructureStubInfo*, ArrayProfile*));
</span><span class="lines">@@ -212,6 +207,10 @@
</span><span class="cx"> JSC_DECLARE_JIT_OPERATION(operationPutByValStrictGeneric, void, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, EncodedJSValue, StructureStubInfo*, ArrayProfile*));
</span><span class="cx"> JSC_DECLARE_JIT_OPERATION(operationDirectPutByValStrictGeneric, void, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, EncodedJSValue, StructureStubInfo*, ArrayProfile*));
</span><span class="cx"> JSC_DECLARE_JIT_OPERATION(operationDirectPutByValNonStrictGeneric, void, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, EncodedJSValue, StructureStubInfo*, ArrayProfile*));
</span><ins>+JSC_DECLARE_JIT_OPERATION(operationPutByValDefinePrivateFieldOptimize, void, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, EncodedJSValue, StructureStubInfo*, ArrayProfile*));
+JSC_DECLARE_JIT_OPERATION(operationPutByValDefinePrivateFieldGeneric, void, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, EncodedJSValue, StructureStubInfo*, ArrayProfile*));
+JSC_DECLARE_JIT_OPERATION(operationPutByValSetPrivateFieldOptimize, void, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, EncodedJSValue, StructureStubInfo*, ArrayProfile*));
+JSC_DECLARE_JIT_OPERATION(operationPutByValSetPrivateFieldGeneric, void, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, EncodedJSValue, StructureStubInfo*, ArrayProfile*));
</ins><span class="cx">
</span><span class="cx"> JSC_DECLARE_JIT_OPERATION(operationCallEval, EncodedJSValue, (JSGlobalObject*, CallFrame*, ECMAMode));
</span><span class="cx"> JSC_DECLARE_JIT_OPERATION(operationLinkCall, SlowPathReturnType, (CallFrame*, JSGlobalObject*, CallLinkInfo*));
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCorejitJITPropertyAccesscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/jit/JITPropertyAccess.cpp (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/jit/JITPropertyAccess.cpp 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/jit/JITPropertyAccess.cpp 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -467,49 +467,6 @@
</span><span class="cx"> emitWriteBarrier(base, ShouldFilterBase);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-template<typename Op>
-JITPutByIdGenerator JIT::emitPutByValWithCachedId(Op bytecode, PutKind putKind, CacheableIdentifier propertyName, JumpList& doneCases, JumpList& slowCases)
-{
- // base: regT0
- // property: regT1
- // scratch: regT2
-
- VirtualRegister base = bytecode.m_base;
- VirtualRegister value = bytecode.m_value;
-
- slowCases.append(branchIfNotCell(regT1));
- emitByValIdentifierCheck(regT1, regT1, propertyName, slowCases);
-
- // Write barrier breaks the registers. So after issuing the write barrier,
- // reload the registers.
- emitGetVirtualRegisters(base, regT0, value, regT1);
-
- JITPutByIdGenerator gen(
- m_codeBlock, JITType::BaselineJIT, CodeOrigin(m_bytecodeIndex), CallSiteIndex(m_bytecodeIndex), RegisterSet::stubUnavailableRegisters(), propertyName,
- JSValueRegs(regT0), JSValueRegs(regT1), regT3, regT2, ecmaMode(bytecode), putKind);
- gen.generateFastPath(*this);
- // IC can write new Structure without write-barrier if a base is cell.
- // FIXME: Use UnconditionalWriteBarrier in Baseline effectively to reduce code size.
- // https://bugs.webkit.org/show_bug.cgi?id=209395
- emitWriteBarrier(base, ShouldFilterBase);
- doneCases.append(jump());
-
- Label coldPathBegin = label();
- gen.slowPathJump().link(this);
-
- Call call;
- if (JITCode::useDataIC(JITType::BaselineJIT)) {
- gen.stubInfo()->m_slowOperation = gen.slowPathFunction();
- move(TrustedImmPtr(gen.stubInfo()), GPRInfo::nonArgGPR0);
- callOperation<decltype(gen.slowPathFunction())>(Address(GPRInfo::nonArgGPR0, StructureStubInfo::offsetOfSlowOperation()), TrustedImmPtr(m_codeBlock->globalObject()), GPRInfo::nonArgGPR0, regT1, regT0, propertyName.rawBits());
- } else
- call = callOperation(gen.slowPathFunction(), TrustedImmPtr(m_codeBlock->globalObject()), gen.stubInfo(), regT1, regT0, propertyName.rawBits());
- gen.reportSlowPathCall(coldPathBegin, call);
- doneCases.append(jump());
-
- return gen;
-}
-
</del><span class="cx"> void JIT::emitSlow_op_put_by_val(const Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
</span><span class="cx"> {
</span><span class="cx"> bool isDirect = currentInstruction->opcodeID() == op_put_by_val_direct;
</span><span class="lines">@@ -611,76 +568,72 @@
</span><span class="cx"> auto bytecode = currentInstruction->as<OpPutPrivateName>();
</span><span class="cx"> VirtualRegister base = bytecode.m_base;
</span><span class="cx"> VirtualRegister property = bytecode.m_property;
</span><del>- ByValInfo* byValInfo = m_codeBlock->addByValInfo(m_bytecodeIndex);
</del><ins>+ VirtualRegister value = bytecode.m_value;
</ins><span class="cx">
</span><span class="cx"> emitGetVirtualRegister(base, regT0);
</span><span class="cx"> emitGetVirtualRegister(property, regT1);
</span><ins>+ emitGetVirtualRegister(value, regT2);
</ins><span class="cx">
</span><span class="cx"> emitJumpSlowCaseIfNotJSCell(regT0, base);
</span><span class="cx">
</span><del>- PatchableJump fastPathJmp;
- if (JITCode::useDataIC(JITType::BaselineJIT))
- farJump(AbsoluteAddress(&byValInfo->m_notIndexJumpTarget), JITStubRoutinePtrTag);
- else {
- fastPathJmp = patchableJump();
- addSlowCase(fastPathJmp);
- }
-
- Label done = label();
-
- m_byValCompilationInfo.append(ByValCompilationInfo(byValInfo, m_bytecodeIndex, fastPathJmp, done, done));
</del><ins>+ JITPutByValGenerator gen(
+ m_codeBlock, JITType::BaselineJIT, CodeOrigin(m_bytecodeIndex), CallSiteIndex(m_bytecodeIndex), AccessType::PutByVal, RegisterSet::stubUnavailableRegisters(),
+ JSValueRegs(regT0), JSValueRegs(regT1), JSValueRegs(regT2), InvalidGPRReg, regT4);
+ gen.generateFastPath(*this);
+ if (!JITCode::useDataIC(JITType::BaselineJIT))
+ addSlowCase(gen.slowPathJump());
+ else
+ addSlowCase();
+ m_putByVals.append(gen);
+
+ // IC can write new Structure without write-barrier if a base is cell.
+ // FIXME: Use UnconditionalWriteBarrier in Baseline effectively to reduce code size.
+ // https://bugs.webkit.org/show_bug.cgi?id=209395
+ emitWriteBarrier(base, ShouldFilterBase);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JIT::emitSlow_op_put_private_name(const Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
</span><span class="cx"> {
</span><span class="cx"> auto bytecode = currentInstruction->as<OpPutPrivateName>();
</span><del>- ByValInfo* byValInfo = m_byValCompilationInfo[m_byValInstructionIndex].byValInfo;
</del><span class="cx"> PrivateFieldPutKind putKind = bytecode.m_putKind;
</span><span class="cx">
</span><ins>+ JITPutByValGenerator& gen = m_putByVals[m_putByValIndex++];
+
</ins><span class="cx"> linkAllSlowCases(iter);
</span><del>- Label slowPath = label();
</del><span class="cx">
</span><ins>+ Label coldPathBegin = label();
+
+ auto operation = putKind.isDefine() ? operationPutByValDefinePrivateFieldOptimize : operationPutByValSetPrivateFieldOptimize;
</ins><span class="cx"> #if !ENABLE(EXTRA_CTI_THUNKS)
</span><ins>+ // They are configured in the fast path and not clobbered.
</ins><span class="cx"> constexpr GPRReg baseGPR = regT0;
</span><span class="cx"> constexpr GPRReg propertyGPR = regT1;
</span><span class="cx"> constexpr GPRReg valueGPR = regT2;
</span><del>-
- emitGetVirtualRegister(bytecode.m_base, baseGPR);
- emitGetVirtualRegister(bytecode.m_property, propertyGPR);
- emitGetVirtualRegister(bytecode.m_value, valueGPR);
- Call call = callOperation(operationPutPrivateNameOptimize, TrustedImmPtr(m_codeBlock->globalObject()), baseGPR, propertyGPR, valueGPR, byValInfo, TrustedImm32(putKind.value()));
</del><ins>+ Call call = callOperation(operation, TrustedImmPtr(m_codeBlock->globalObject()), baseGPR, propertyGPR, valueGPR, gen.stubInfo(), TrustedImmPtr(nullptr));
</ins><span class="cx"> #else
</span><span class="cx"> VM& vm = this->vm();
</span><span class="cx"> uint32_t bytecodeOffset = m_bytecodeIndex.offset();
</span><span class="cx"> ASSERT(BytecodeIndex(bytecodeOffset) == m_bytecodeIndex);
</span><span class="cx">
</span><del>- constexpr GPRReg bytecodeOffsetGPR = argumentGPR0;
</del><ins>+ // constexpr GPRReg baseGPR = regT0;
+ // constexpr GPRReg propertyGPR = regT1;
+ // constexpr GPRReg valueGPR = regT2;
+ constexpr GPRReg stubInfoGPR = regT3;
+ constexpr GPRReg bytecodeOffsetGPR = regT4;
+
</ins><span class="cx"> move(TrustedImm32(bytecodeOffset), bytecodeOffsetGPR);
</span><del>-
- constexpr GPRReg baseGPR = argumentGPR1;
- constexpr GPRReg propertyGPR = argumentGPR2;
- constexpr GPRReg valueGPR = argumentGPR3;
- constexpr GPRReg byValInfoGPR = argumentGPR4;
- constexpr GPRReg putKindGPR = argumentGPR5;
-
- emitGetVirtualRegister(bytecode.m_base, baseGPR);
- emitGetVirtualRegister(bytecode.m_property, propertyGPR);
- emitGetVirtualRegister(bytecode.m_value, valueGPR);
- move(TrustedImmPtr(byValInfo), byValInfoGPR);
- move(TrustedImm32(putKind.value()), putKindGPR);
</del><ins>+ move(TrustedImmPtr(gen.stubInfo()), stubInfoGPR);
</ins><span class="cx"> emitNakedNearCall(vm.getCTIStub(slow_op_put_private_name_prepareCallGenerator).retaggedCode<NoPtrTag>());
</span><span class="cx">
</span><span class="cx"> Call call;
</span><span class="cx"> if (JITCode::useDataIC(JITType::BaselineJIT))
</span><del>- byValInfo->m_slowOperation = operationPutPrivateNameOptimize;
</del><ins>+ gen.stubInfo()->m_slowOperation = operation;
</ins><span class="cx"> else
</span><del>- call = appendCall(operationPutPrivateNameOptimize);
</del><ins>+ call = appendCall(operation);
</ins><span class="cx"> emitNakedNearCall(vm.getCTIStub(checkExceptionGenerator).retaggedCode<NoPtrTag>());
</span><span class="cx"> #endif // ENABLE(EXTRA_CTI_THUNKS)
</span><span class="cx">
</span><del>- m_byValCompilationInfo[m_byValInstructionIndex].slowPathTarget = slowPath;
- m_byValCompilationInfo[m_byValInstructionIndex].returnAddress = call;
- m_byValInstructionIndex++;
</del><ins>+ gen.reportSlowPathCall(coldPathBegin, call);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> #if ENABLE(EXTRA_CTI_THUNKS)
</span><span class="lines">@@ -695,24 +648,24 @@
</span><span class="cx"> if (!JITCode::useDataIC(JITType::BaselineJIT))
</span><span class="cx"> jit.tagReturnAddress();
</span><span class="cx">
</span><del>- constexpr GPRReg bytecodeOffsetGPR = argumentGPR0;
</del><ins>+ constexpr GPRReg baseGPR = regT0;
+ constexpr GPRReg propertyGPR = regT1;
+ constexpr GPRReg valueGPR = regT2;
+ constexpr GPRReg stubInfoGPR = regT3;
+ constexpr GPRReg bytecodeOffsetGPR = regT4;
+
</ins><span class="cx"> jit.store32(bytecodeOffsetGPR, tagFor(CallFrameSlot::argumentCountIncludingThis));
</span><span class="cx">
</span><del>- constexpr GPRReg globalObjectGPR = argumentGPR0;
- constexpr GPRReg baseGPR = argumentGPR1;
- constexpr GPRReg propertyGPR = argumentGPR2;
- constexpr GPRReg valueGPR = argumentGPR3;
- constexpr GPRReg byValInfoGPR = argumentGPR4;
- constexpr GPRReg putKindGPR = argumentGPR5;
</del><ins>+ constexpr GPRReg globalObjectGPR = regT4;
</ins><span class="cx">
</span><span class="cx"> jit.loadPtr(addressFor(CallFrameSlot::codeBlock), globalObjectGPR);
</span><span class="cx"> jit.loadPtr(Address(globalObjectGPR, CodeBlock::offsetOfGlobalObject()), globalObjectGPR);
</span><span class="cx">
</span><del>- jit.setupArguments<decltype(operationPutPrivateNameOptimize)>(globalObjectGPR, baseGPR, propertyGPR, valueGPR, byValInfoGPR, putKindGPR);
</del><ins>+ jit.setupArguments<decltype(operationPutByValDefinePrivateFieldOptimize)>(globalObjectGPR, baseGPR, propertyGPR, valueGPR, stubInfoGPR, TrustedImmPtr(nullptr));
</ins><span class="cx"> jit.prepareCallOperation(vm);
</span><span class="cx">
</span><span class="cx"> if (JITCode::useDataIC(JITType::BaselineJIT))
</span><del>- jit.farJump(Address(argumentGPR4, ByValInfo::offsetOfSlowOperation()), OperationPtrTag);
</del><ins>+ jit.farJump(Address(argumentGPR4, StructureStubInfo::offsetOfSlowOperation()), OperationPtrTag);
</ins><span class="cx"> else
</span><span class="cx"> jit.ret();
</span><span class="cx">
</span><span class="lines">@@ -3060,62 +3013,8 @@
</span><span class="cx"> valueNotCell.link(this);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-template <typename Op>
-JITPutByIdGenerator JIT::emitPutByValWithCachedId(Op bytecode, PutKind putKind, CacheableIdentifier propertyName, JumpList& doneCases, JumpList& slowCases)
-{
- // base: tag(regT1), payload(regT0)
- // property: tag(regT3), payload(regT2)
-
- VirtualRegister base = bytecode.m_base;
- VirtualRegister value = bytecode.m_value;
-
- slowCases.append(branchIfNotCell(regT3));
- emitByValIdentifierCheck(regT2, regT2, propertyName, slowCases);
-
- // Write barrier breaks the registers. So after issuing the write barrier,
- // reload the registers.
- //
- // IC can write new Structure without write-barrier if a base is cell.
- // We are emitting write-barrier before writing here but this is OK since 32bit JSC does not have concurrent GC.
- // FIXME: Use UnconditionalWriteBarrier in Baseline effectively to reduce code size.
- // https://bugs.webkit.org/show_bug.cgi?id=209395
- emitWriteBarrier(base, ShouldFilterBase);
- emitLoadPayload(base, regT0);
- emitLoad(value, regT3, regT2);
-
- JITPutByIdGenerator gen(
- m_codeBlock, JITType::BaselineJIT, CodeOrigin(m_bytecodeIndex), CallSiteIndex(m_bytecodeIndex), RegisterSet::stubUnavailableRegisters(), propertyName,
- JSValueRegs::payloadOnly(regT0), JSValueRegs(regT3, regT2), InvalidGPRReg, regT1, ecmaMode(bytecode), putKind);
- gen.generateFastPath(*this);
- doneCases.append(jump());
-
- Label coldPathBegin = label();
- gen.slowPathJump().link(this);
-
- // JITPutByIdGenerator only preserve the value and the base's payload, we have to reload the tag.
- emitLoadTag(base, regT1);
-
- Call call;
- if (JITCode::useDataIC(JITType::BaselineJIT)) {
- gen.stubInfo()->m_slowOperation = gen.slowPathFunction();
- move(TrustedImmPtr(gen.stubInfo()), GPRInfo::nonArgGPR0);
- callOperation<decltype(gen.slowPathFunction())>(Address(GPRInfo::nonArgGPR0, StructureStubInfo::offsetOfSlowOperation()), m_codeBlock->globalObject(), GPRInfo::nonArgGPR0, JSValueRegs(regT3, regT2), JSValueRegs(regT1, regT0), propertyName.rawBits());
- } else
- call = callOperation(gen.slowPathFunction(), m_codeBlock->globalObject(), gen.stubInfo(), JSValueRegs(regT3, regT2), JSValueRegs(regT1, regT0), propertyName.rawBits());
- gen.reportSlowPathCall(coldPathBegin, call);
- doneCases.append(jump());
-
- return gen;
-}
-
</del><span class="cx"> #endif // USE(JSVALUE64)
</span><span class="cx">
</span><del>-JITPutByIdGenerator JIT::emitPutPrivateNameWithCachedId(OpPutPrivateName bytecode, CacheableIdentifier propertyName, JumpList& doneCases, JumpList& slowCases)
-{
- auto putKind = bytecode.m_putKind.isDefine() ? PutKind::DirectPrivateFieldDefine : PutKind::DirectPrivateFieldSet;
- return emitPutByValWithCachedId(bytecode, putKind, propertyName, doneCases, slowCases);
-}
-
</del><span class="cx"> void JIT::emitWriteBarrier(VirtualRegister owner, WriteBarrierMode mode)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(mode == UnconditionalWriteBarrier || mode == ShouldFilterBase);
</span><span class="lines">@@ -3129,58 +3028,6 @@
</span><span class="cx"> ownerIsRememberedOrInEden.link(this);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JIT::emitByValIdentifierCheck(RegisterID cell, RegisterID scratch, CacheableIdentifier propertyName, JumpList& slowCases)
-{
- if (propertyName.isSymbolCell())
- slowCases.append(branchPtr(NotEqual, cell, TrustedImmPtr(propertyName.cell())));
- else {
- slowCases.append(branchIfNotString(cell));
- loadPtr(Address(cell, JSString::offsetOfValue()), scratch);
- slowCases.append(branchPtr(NotEqual, scratch, TrustedImmPtr(propertyName.uid())));
- }
-}
-
-void JIT::privateCompilePutPrivateNameWithCachedId(ByValInfo* byValInfo, ReturnAddressPtr returnAddress, CacheableIdentifier propertyName)
-{
- const Instruction* currentInstruction = m_codeBlock->instructions().at(byValInfo->bytecodeIndex).ptr();
- auto bytecode = currentInstruction->as<OpPutPrivateName>();
-
- JumpList doneCases;
- JumpList slowCases;
-
- JITPutByIdGenerator gen = emitPutPrivateNameWithCachedId(bytecode, propertyName, doneCases, slowCases);
-
- ConcurrentJSLocker locker(m_codeBlock->m_lock);
- LinkBuffer patchBuffer(*this, m_codeBlock, LinkBuffer::Profile::InlineCache);
- patchBuffer.link(slowCases, byValInfo->slowPathTarget);
- patchBuffer.link(doneCases, byValInfo->doneTarget);
- if (!m_exceptionChecks.empty())
- patchBuffer.link(m_exceptionChecks, byValInfo->exceptionHandler);
-
- for (const auto& callSite : m_nearCalls) {
- if (callSite.callee)
- patchBuffer.link(callSite.from, callSite.callee);
- }
- for (const auto& callSite : m_farCalls) {
- if (callSite.callee)
- patchBuffer.link(callSite.from, callSite.callee);
- }
- gen.finalize(patchBuffer, patchBuffer);
-
- byValInfo->stubRoutine = FINALIZE_CODE_FOR_STUB(
- m_codeBlock, patchBuffer, JITStubRoutinePtrTag,
- "Baseline put_private_name with cached property name '%s' stub for %s, return point %p", propertyName.uid()->utf8().data(), toCString(*m_codeBlock).data(), returnAddress.untaggedValue());
- byValInfo->stubInfo = gen.stubInfo();
-
- if (JITCode::useDataIC(JITType::BaselineJIT)) {
- byValInfo->m_notIndexJumpTarget = CodeLocationLabel<JITStubRoutinePtrTag>(byValInfo->stubRoutine->code().code());
- byValInfo->m_slowOperation = operationPutPrivateNameGeneric;
- } else {
- MacroAssembler::repatchJump(byValInfo->m_notIndexJump, CodeLocationLabel<JITStubRoutinePtrTag>(byValInfo->stubRoutine->code().code()));
- MacroAssembler::repatchCall(CodeLocationCall<ReturnAddressPtrTag>(MacroAssemblerCodePtr<ReturnAddressPtrTag>(returnAddress)), FunctionPtr<OperationPtrTag>(operationPutPrivateNameGeneric));
- }
-}
-
</del><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> #endif // ENABLE(JIT)
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCorejitJITPropertyAccess32_64cpp"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -340,44 +340,46 @@
</span><span class="cx"> auto bytecode = currentInstruction->as<OpPutPrivateName>();
</span><span class="cx"> VirtualRegister base = bytecode.m_base;
</span><span class="cx"> VirtualRegister property = bytecode.m_property;
</span><del>- ByValInfo* byValInfo = m_codeBlock->addByValInfo(m_bytecodeIndex);
</del><ins>+ VirtualRegister value = bytecode.m_value;
</ins><span class="cx">
</span><span class="cx"> emitLoad2(base, regT1, regT0, property, regT3, regT2);
</span><ins>+ emitLoad(value, regT5, regT4);
</ins><span class="cx">
</span><span class="cx"> emitJumpSlowCaseIfNotJSCell(base, regT1);
</span><del>- PatchableJump fastPathJmp = patchableJump();
- addSlowCase(fastPathJmp);
</del><span class="cx">
</span><del>- Label done = label();
-
- m_byValCompilationInfo.append(ByValCompilationInfo(byValInfo, m_bytecodeIndex, fastPathJmp, done, done));
</del><ins>+ JITPutByValGenerator gen(
+ m_codeBlock, JITType::BaselineJIT, CodeOrigin(m_bytecodeIndex), CallSiteIndex(m_bytecodeIndex), AccessType::PutByVal, RegisterSet::stubUnavailableRegisters(),
+ JSValueRegs(regT1, regT0), JSValueRegs(regT3, regT2), JSValueRegs(regT5, regT4), InvalidGPRReg, InvalidGPRReg);
+ gen.stubInfo()->propertyIsSymbol = true;
+ gen.generateFastPath(*this);
+ addSlowCase(gen.slowPathJump());
+ m_putByVals.append(gen);
+
+ // IC can write new Structure without write-barrier if a base is cell.
+ // FIXME: Use UnconditionalWriteBarrier in Baseline effectively to reduce code size.
+ // https://bugs.webkit.org/show_bug.cgi?id=209395
+ emitWriteBarrier(base, ShouldFilterBase);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JIT::emitSlow_op_put_private_name(const Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
</span><span class="cx"> {
</span><span class="cx"> auto bytecode = currentInstruction->as<OpPutPrivateName>();
</span><del>- VirtualRegister base = bytecode.m_base;
- VirtualRegister property = bytecode.m_property;
- VirtualRegister value = bytecode.m_value;
-
- ByValInfo* byValInfo = m_byValCompilationInfo[m_byValInstructionIndex].byValInfo;
</del><span class="cx"> PrivateFieldPutKind putKind = bytecode.m_putKind;
</span><span class="cx">
</span><ins>+ JITPutByValGenerator& gen = m_putByVals[m_putByValIndex++];
+
</ins><span class="cx"> linkAllSlowCases(iter);
</span><del>- Label slowPath = label();
</del><span class="cx">
</span><ins>+ Label coldPathBegin = label();
+
</ins><span class="cx"> JSValueRegs baseRegs(regT1, regT0);
</span><span class="cx"> JSValueRegs propertyRegs(regT3, regT2);
</span><span class="cx"> JSValueRegs valueRegs(regT5, regT4);
</span><span class="cx">
</span><del>- emitLoad(base, baseRegs.tagGPR(), baseRegs.payloadGPR());
- emitLoad(property, propertyRegs.tagGPR(), propertyRegs.payloadGPR());
- emitLoad(value, valueRegs.tagGPR(), valueRegs.payloadGPR());
- Call call = callOperation(operationPutPrivateNameOptimize, TrustedImmPtr(m_codeBlock->globalObject()), baseRegs, propertyRegs, valueRegs, byValInfo, TrustedImm32(putKind.value()));
</del><ins>+ auto operation = putKind.isDefine() ? operationPutByValDefinePrivateFieldOptimize : operationPutByValSetPrivateFieldOptimize;
+ Call call = callOperation(operation, TrustedImmPtr(m_codeBlock->globalObject()), baseRegs, propertyRegs, valueRegs, gen.stubInfo(), TrustedImmPtr(nullptr));
</ins><span class="cx">
</span><del>- m_byValCompilationInfo[m_byValInstructionIndex].slowPathTarget = slowPath;
- m_byValCompilationInfo[m_byValInstructionIndex].returnAddress = call;
- m_byValInstructionIndex++;
</del><ins>+ gen.reportSlowPathCall(coldPathBegin, call);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JIT::emit_op_set_private_brand(const Instruction* currentInstruction)
</span></span></pre></div>
<a id="branchessafari612branchSourceJavaScriptCorejitRepatchcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Source/JavaScriptCore/jit/Repatch.cpp (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Source/JavaScriptCore/jit/Repatch.cpp 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Source/JavaScriptCore/jit/Repatch.cpp 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -600,9 +600,12 @@
</span><span class="cx"> if (slot.isStrictMode())
</span><span class="cx"> return operationDirectPutByValStrictGeneric;
</span><span class="cx"> return operationDirectPutByValNonStrictGeneric;
</span><del>- default:
- RELEASE_ASSERT_NOT_REACHED();
- break;
</del><ins>+ case PutKind::DirectPrivateFieldDefine:
+ ASSERT(slot.isStrictMode());
+ return operationPutByValDefinePrivateFieldGeneric;
+ case PutKind::DirectPrivateFieldSet:
+ ASSERT(slot.isStrictMode());
+ return operationPutByValSetPrivateFieldGeneric;
</ins><span class="cx"> }
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="lines">@@ -633,7 +636,7 @@
</span><span class="cx"> return operationPutByIdSetPrivateFieldStrictOptimize;
</span><span class="cx"> }
</span><span class="cx"> break;
</span><del>- case PutByKind::ByVal: {
</del><ins>+ case PutByKind::ByVal:
</ins><span class="cx"> switch (putKind) {
</span><span class="cx"> case PutKind::NotDirect:
</span><span class="cx"> if (slot.isStrictMode())
</span><span class="lines">@@ -643,13 +646,15 @@
</span><span class="cx"> if (slot.isStrictMode())
</span><span class="cx"> return operationDirectPutByValStrictOptimize;
</span><span class="cx"> return operationDirectPutByValNonStrictOptimize;
</span><del>- default:
- RELEASE_ASSERT_NOT_REACHED();
- break;
</del><ins>+ case PutKind::DirectPrivateFieldDefine:
+ ASSERT(slot.isStrictMode());
+ return operationPutByValDefinePrivateFieldOptimize;
+ case PutKind::DirectPrivateFieldSet:
+ ASSERT(slot.isStrictMode());
+ return operationPutByValSetPrivateFieldOptimize;
</ins><span class="cx"> }
</span><span class="cx"> break;
</span><span class="cx"> }
</span><del>- }
</del><span class="cx"> // Make win port compiler happy
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> return nullptr;
</span><span class="lines">@@ -1922,6 +1927,10 @@
</span><span class="cx"> optimizedFunction = operationPutByValNonStrictOptimize;
</span><span class="cx"> else if (unoptimizedFunction == operationDirectPutByValStrictGeneric || unoptimizedFunction == operationDirectPutByValStrictOptimize)
</span><span class="cx"> optimizedFunction = operationDirectPutByValStrictOptimize;
</span><ins>+ else if (unoptimizedFunction == operationPutByValDefinePrivateFieldGeneric || unoptimizedFunction == operationPutByValDefinePrivateFieldOptimize)
+ optimizedFunction = operationPutByValDefinePrivateFieldOptimize;
+ else if (unoptimizedFunction == operationPutByValSetPrivateFieldGeneric || unoptimizedFunction == operationPutByValSetPrivateFieldOptimize)
+ optimizedFunction = operationPutByValSetPrivateFieldOptimize;
</ins><span class="cx"> else {
</span><span class="cx"> ASSERT(unoptimizedFunction == operationDirectPutByValNonStrictGeneric || unoptimizedFunction == operationDirectPutByValNonStrictOptimize);
</span><span class="cx"> optimizedFunction = operationDirectPutByValNonStrictOptimize;
</span></span></pre></div>
<a id="branchessafari612branchToolsChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Tools/ChangeLog (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Tools/ChangeLog 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Tools/ChangeLog 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -1,3 +1,118 @@
</span><ins>+2021-09-01 Russell Epstein <repstein@apple.com>
+
+ Cherry-pick r281684. rdar://problem/82651474
+
+ [JSC] op_put_private_name should use modern IC and remove ByValInfo
+ https://bugs.webkit.org/show_bug.cgi?id=229544
+
+ Reviewed by Saam Barati.
+
+ JSTests:
+
+ Move class-fields-private benchmarks into microbenchmarks.
+ Added several microbenchmarks and stress tests.
+
+ * microbenchmarks/class-private-field-polymorphic.js: Added.
+ (shouldBe):
+ (test.A.prototype.put):
+ * microbenchmarks/get-private-name.js: Renamed from JSTests/microbenchmarks/class-fields-private/get-private-name.js.
+ * microbenchmarks/monomorphic-get-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/monomorphic-get-private-field.js.
+ * microbenchmarks/polymorphic-get-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/polymorphic-get-private-field.js.
+ * microbenchmarks/polymorphic-put-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/polymorphic-put-private-field.js.
+ * microbenchmarks/put-by-val-polymorphic-properties.js: Added.
+ (shouldBe):
+ (test):
+ * microbenchmarks/put-private-field.js: Renamed from JSTests/microbenchmarks/class-fields-private/put-private-field.js.
+ * stress/class-private-field-megamorphic.js: Added.
+ (shouldBe):
+ * stress/class-private-field-polymorphic.js: Added.
+ (shouldBe):
+ (test.A.prototype.put):
+ * stress/put-by-val-polymorphic-properties.js: Added.
+ (shouldBe):
+ (test):
+
+ Source/JavaScriptCore:
+
+ This patch makes op_put_private_name use new PutByVal IC. This allows op_put_private_name to support
+ polymorphic properties, and we can finally remove Baseline's adhoc IC and ByValInfo completely.
+
+ Added microbenchmark showed 3x improvement due to polymorphic PutPrivateName IC.
+
+ ToT Patched
+
+ class-private-field-polymorphic 9.3666+-0.0332 ^ 3.1199+-0.0182 ^ definitely 3.0022x faster
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Sources.txt:
+ * bytecode/ByValInfo.cpp: Removed.
+ * bytecode/ByValInfo.h: Removed.
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::getICStatusMap):
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ (JSC::CodeBlock::findByValInfo): Deleted.
+ (JSC::CodeBlock::addByValInfo): Deleted.
+ * bytecode/CodeBlock.h:
+ * bytecode/ICStatusMap.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetPrivateName):
+ (JSC::DFG::SpeculativeJIT::compilePutPrivateName):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGStoreBarrierInsertionPhase.cpp:
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compilePutPrivateName):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::link):
+ (JSC::JIT::privateCompileExceptionHandlers):
+ * jit/JIT.h:
+ (JSC::ByValCompilationInfo::ByValCompilationInfo): Deleted.
+ * jit/JITInlines.h:
+ (JSC::JIT::emitArrayProfileStoreToHoleSpecialCase): Deleted.
+ (JSC::JIT::emitArrayProfileOutOfBoundsSpecialCase): Deleted.
+ * jit/JITOperations.cpp:
+ (JSC::putPrivateNameOptimize):
+ (JSC::putPrivateName):
+ (JSC::JSC_DEFINE_JIT_OPERATION):
+ * jit/JITOperations.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_put_private_name):
+ (JSC::JIT::emitSlow_op_put_private_name):
+ (JSC::JIT::slow_op_put_private_name_prepareCallGenerator):
+ (JSC::JIT::emitPutByValWithCachedId): Deleted.
+ (JSC::JIT::emitPutPrivateNameWithCachedId): Deleted.
+ (JSC::JIT::emitByValIdentifierCheck): Deleted.
+ (JSC::JIT::privateCompilePutPrivateNameWithCachedId): Deleted.
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_private_name):
+ (JSC::JIT::emitSlow_op_put_private_name):
+ * jit/Repatch.cpp:
+ (JSC::appropriateGenericPutByFunction):
+ (JSC::appropriateOptimizingPutByFunction):
+ (JSC::resetPutBy):
+
+ Tools:
+
+ * Scripts/run-jsc-benchmarks:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281684 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-08-26 Yusuke Suzuki <ysuzuki@apple.com>
+
+ [JSC] op_put_private_name should use modern IC and remove ByValInfo
+ https://bugs.webkit.org/show_bug.cgi?id=229544
+
+ Reviewed by Saam Barati.
+
+ * Scripts/run-jsc-benchmarks:
+
</ins><span class="cx"> 2021-08-19 Carlos Garcia Campos <cgarcia@igalia.com>
</span><span class="cx">
</span><span class="cx"> document.hasFocus() returns true for unfocused pages
</span></span></pre></div>
<a id="branchessafari612branchToolsScriptsrunjscbenchmarks"></a>
<div class="modfile"><h4>Modified: branches/safari-612-branch/Tools/Scripts/run-jsc-benchmarks (281902 => 281903)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-612-branch/Tools/Scripts/run-jsc-benchmarks 2021-09-02 01:05:20 UTC (rev 281902)
+++ branches/safari-612-branch/Tools/Scripts/run-jsc-benchmarks 2021-09-02 01:05:29 UTC (rev 281903)
</span><span class="lines">@@ -51,7 +51,6 @@
</span><span class="cx"> TAILBENCH_PATH = PERFORMANCETESTS_PATH + "TailBench9000"
</span><span class="cx"> BIGINTBENCH_PATH = PERFORMANCETESTS_PATH + "BigIntBench"
</span><span class="cx"> MICROBENCHMARKS_PATH = OPENSOURCE_PATH + "JSTests" + "microbenchmarks"
</span><del>-PRIVATEFIELDSBENCH_PATH = MICROBENCHMARKS_PATH + "class-fields-private"
</del><span class="cx"> SLOW_MICROBENCHMARKS_PATH = OPENSOURCE_PATH + "JSTests" + "slowMicrobenchmarks"
</span><span class="cx"> OPENSOURCE_OCTANE_PATH = PERFORMANCETESTS_PATH + "Octane"
</span><span class="cx"> OCTANE_WRAPPER_PATH = OPENSOURCE_OCTANE_PATH + "wrappers"
</span><span class="lines">@@ -236,7 +235,6 @@
</span><span class="cx"> $includeSixSpeed = false
</span><span class="cx"> $includeTailBench = true
</span><span class="cx"> $includeBigIntBench = false
</span><del>-$includePrivateFieldsBench = false
</del><span class="cx"> $ldd=nil
</span><span class="cx"> $measureGC=false
</span><span class="cx"> $benchmarkPattern=nil
</span><span class="lines">@@ -1786,22 +1784,6 @@
</span><span class="cx"> end
</span><span class="cx"> end
</span><span class="cx">
</span><del>-class PrivateFieldsBenchmark
- include Benchmark
-
- def initialize(name)
- @name = name
- end
-
- def emitRunCode(plan)
- emitBenchRunCode(fullname, plan, SingleFileTimedBenchmarkParameters.new(ensureFile("PrivateFieldsBench-#{@name}", "#{PRIVATEFIELDSBENCH_PATH}/#{@name}.js")))
- end
-
- def environment
- {"JSC_usePrivateClassFields" => "true"}
- end
-end
-
</del><span class="cx"> class MicrobenchmarksBenchmark
</span><span class="cx"> include Benchmark
</span><span class="cx">
</span><span class="lines">@@ -2910,7 +2892,6 @@
</span><span class="cx"> ['--six-speed', GetoptLong::NO_ARGUMENT],
</span><span class="cx"> ['--tail-bench', GetoptLong::NO_ARGUMENT],
</span><span class="cx"> ['--big-int-bench', GetoptLong::NO_ARGUMENT],
</span><del>- ['--private-fields-bench', GetoptLong::NO_ARGUMENT],
</del><span class="cx"> ['--benchmarks', GetoptLong::REQUIRED_ARGUMENT],
</span><span class="cx"> ['--measure-gc', GetoptLong::OPTIONAL_ARGUMENT],
</span><span class="cx"> ['--force-vm-kind', GetoptLong::REQUIRED_ARGUMENT],
</span><span class="lines">@@ -3028,9 +3009,6 @@
</span><span class="cx"> when '--big-int-bench'
</span><span class="cx"> resetBenchOptionsIfNecessary
</span><span class="cx"> $includeBigIntBench = true
</span><del>- when '--private-fields-bench'
- resetBenchOptionsIfNecessary
- $includePrivateFieldsBench = true
</del><span class="cx"> when '--benchmarks'
</span><span class="cx"> $benchmarkPattern = Regexp.new(arg)
</span><span class="cx"> when '--measure-gc'
</span><span class="lines">@@ -3270,15 +3248,6 @@
</span><span class="cx"> end
</span><span class="cx"> }
</span><span class="cx">
</span><del>- PRIVATEFIELDSBENCH = BenchmarkSuite.new("PrivateFieldsBench", :geometricMean, 0)
- Dir.foreach(PRIVATEFIELDSBENCH_PATH) {
- | filename |
- if filename =~ /\.js$/
- name = $~.pre_match
- PRIVATEFIELDSBENCH.add PrivateFieldsBenchmark.new(name)
- end
- }
-
</del><span class="cx"> MICROBENCHMARKS = BenchmarkSuite.new("Microbenchmarks", :geometricMean, 0)
</span><span class="cx"> Dir.foreach(MICROBENCHMARKS_PATH) {
</span><span class="cx"> | filename |
</span><span class="lines">@@ -3450,10 +3419,6 @@
</span><span class="cx"> $suites << BIGINTBENCH
</span><span class="cx"> end
</span><span class="cx">
</span><del>- if $includePrivateFieldsBench and not PRIVATEFIELDSBENCH.empty?
- $suites << PRIVATEFIELDSBENCH
- end
-
</del><span class="cx"> if $includeAsmBench and not ASMBENCH.empty?
</span><span class="cx"> if ASMBENCH_PATH
</span><span class="cx"> $suites << ASMBENCH
</span></span></pre>
</div>
</div>
</body>
</html>