<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[283168] trunk/Source/JavaScriptCore</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/283168">283168</a></dd>
<dt>Author</dt> <dd>sbarati@apple.com</dd>
<dt>Date</dt> <dd>2021-09-28 08:32:53 -0700 (Tue, 28 Sep 2021)</dd>
</dl>

<h3>Log Message</h3>
<pre>Make byte codes with arithmetic profiles switch to using an index instead of a pointer in metadata
https://bugs.webkit.org/show_bug.cgi?id=230798

Reviewed by Yusuke Suzuki.

This patch makes each bytecode that uses a BinaryArithProfile/UnaryArithProfile
have an index into a table instead of storing a pointer to the profile in its metadata.
Then, we can just load the profile using the index in the bytecode, which saves memory.

* bytecode/BytecodeList.rb:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::binaryArithProfileForPC):
(JSC::CodeBlock::unaryArithProfileForPC):
* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedCodeBlock::allocateSharedProfiles):
* bytecode/UnlinkedCodeBlock.h:
* bytecode/UnlinkedCodeBlockGenerator.cpp:
(JSC::UnlinkedCodeBlockGenerator::finalize):
* bytecode/UnlinkedCodeBlockGenerator.h:
(JSC::UnlinkedCodeBlockGenerator::addBinaryArithProfile):
(JSC::UnlinkedCodeBlockGenerator::addUnaryArithProfile):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitUnaryOp):
(JSC::BytecodeGenerator::emitInc):
(JSC::BytecodeGenerator::emitDec):
* bytecompiler/BytecodeGenerator.h:
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_negate):
(JSC::JIT::emit_op_add):
(JSC::JIT::emit_op_div):
(JSC::JIT::emit_op_mul):
(JSC::JIT::emit_op_sub):
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/CommonSlowPaths.cpp:
(JSC::updateArithProfileForUnaryArithOp):
(JSC::JSC_DEFINE_COMMON_SLOW_PATH):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeBytecodeListrb">trunk/Source/JavaScriptCore/bytecode/BytecodeList.rb</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockh">trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockGeneratorcpp">trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlockGenerator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockGeneratorh">trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlockGenerator.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorcpp">trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorh">trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITArithmeticcpp">trunk/Source/JavaScriptCore/jit/JITArithmetic.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLowLevelInterpreterasm">trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLowLevelInterpreter32_64asm">trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLowLevelInterpreter64asm">trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm</a></li>
<li><a href="#trunkSourceJavaScriptCoreofflineasmclooprb">trunk/Source/JavaScriptCore/offlineasm/cloop.rb</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeCommonSlowPathscpp">trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (283167 => 283168)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog    2021-09-28 13:37:17 UTC (rev 283167)
+++ trunk/Source/JavaScriptCore/ChangeLog       2021-09-28 15:32:53 UTC (rev 283168)
</span><span class="lines">@@ -1,3 +1,45 @@
</span><ins>+2021-09-28  Saam Barati  <sbarati@apple.com>
+
+        Make byte codes with arithmetic profiles switch to using an index instead of a pointer in metadata
+        https://bugs.webkit.org/show_bug.cgi?id=230798
+
+        Reviewed by Yusuke Suzuki.
+
+        This patch makes each bytecode that uses a BinaryArithProfile/UnaryArithProfile
+        have an index into a table instead of storing a pointer to the profile in its metadata.
+        Then, we can just load the profile using the index in the bytecode, which saves memory.
+
+        * bytecode/BytecodeList.rb:
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::finishCreation):
+        (JSC::CodeBlock::binaryArithProfileForPC):
+        (JSC::CodeBlock::unaryArithProfileForPC):
+        * bytecode/UnlinkedCodeBlock.cpp:
+        (JSC::UnlinkedCodeBlock::allocateSharedProfiles):
+        * bytecode/UnlinkedCodeBlock.h:
+        * bytecode/UnlinkedCodeBlockGenerator.cpp:
+        (JSC::UnlinkedCodeBlockGenerator::finalize):
+        * bytecode/UnlinkedCodeBlockGenerator.h:
+        (JSC::UnlinkedCodeBlockGenerator::addBinaryArithProfile):
+        (JSC::UnlinkedCodeBlockGenerator::addUnaryArithProfile):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitUnaryOp):
+        (JSC::BytecodeGenerator::emitInc):
+        (JSC::BytecodeGenerator::emitDec):
+        * bytecompiler/BytecodeGenerator.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_negate):
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emit_op_div):
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emit_op_sub):
+        * llint/LowLevelInterpreter.asm:
+        * llint/LowLevelInterpreter32_64.asm:
+        * llint/LowLevelInterpreter64.asm:
+        * runtime/CommonSlowPaths.cpp:
+        (JSC::updateArithProfileForUnaryArithOp):
+        (JSC::JSC_DEFINE_COMMON_SLOW_PATH):
+
</ins><span class="cx"> 2021-09-28  Alexey Shvayka  <shvaikalesh@gmail.com>
</span><span class="cx"> 
</span><span class="cx">         Speed up setting JSFunction's "prototype" property
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeBytecodeListrb"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/BytecodeList.rb (283167 => 283168)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/BytecodeList.rb     2021-09-28 13:37:17 UTC (rev 283167)
+++ trunk/Source/JavaScriptCore/bytecode/BytecodeList.rb        2021-09-28 15:32:53 UTC (rev 283168)
</span><span class="lines">@@ -64,8 +64,6 @@
</span><span class="cx"> 
</span><span class="cx">     :ValueProfile,
</span><span class="cx">     :ValueProfileAndVirtualRegisterBuffer,
</span><del>-    :UnaryArithProfile,
-    :BinaryArithProfile,
</del><span class="cx">     :ArrayProfile,
</span><span class="cx">     :ArrayAllocationProfile,
</span><span class="cx">     :ObjectAllocationProfile,
</span><span class="lines">@@ -289,10 +287,8 @@
</span><span class="cx">         dst: VirtualRegister,
</span><span class="cx">         lhs: VirtualRegister,
</span><span class="cx">         rhs: VirtualRegister,
</span><ins>+        profileIndex: unsigned,
</ins><span class="cx">         operandTypes: OperandTypes,
</span><del>-    },
-    metadata: {
-        arithProfile: BinaryArithProfile.*
</del><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx"> op_group :ValueProfiledBinaryOp,
</span><span class="lines">@@ -351,9 +347,7 @@
</span><span class="cx">     ],
</span><span class="cx">     args: {
</span><span class="cx">         srcDst: VirtualRegister,
</span><del>-    },
-    metadata: {
-        arithProfile: UnaryArithProfile.*
</del><ins>+        profileIndex: unsigned,
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx"> op :to_object,
</span><span class="lines">@@ -383,10 +377,8 @@
</span><span class="cx">     args: {
</span><span class="cx">         dst: VirtualRegister,
</span><span class="cx">         operand: VirtualRegister,
</span><ins>+        profileIndex: unsigned,
</ins><span class="cx">         resultType: ResultType,
</span><del>-    },
-    metadata: {
-        arithProfile: UnaryArithProfile.*
</del><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx"> op :not,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp (283167 => 283168)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp       2021-09-28 13:37:17 UTC (rev 283167)
+++ trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp  2021-09-28 15:32:53 UTC (rev 283168)
</span><span class="lines">@@ -471,21 +471,6 @@
</span><span class="cx">         break; \
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    unsigned binaryProfileIndex = 0;
-    unsigned unaryProfileIndex = 0;
-#define LINK_WITH_BINARY_ARITH_PROFILE(__op) \
-    CASE(__op): { \
-        INITIALIZE_METADATA(__op) \
-        metadata.m_arithProfile = &m_unlinkedCode->binaryArithProfile(binaryProfileIndex++); \
-        break; \
-    }
-#define LINK_WITH_UNARY_ARITH_PROFILE(__op) \
-    CASE(__op): { \
-        INITIALIZE_METADATA(__op) \
-        metadata.m_arithProfile = &m_unlinkedCode->unaryArithProfile(unaryProfileIndex++); \
-        break; \
-    }
-
</del><span class="cx">     const InstructionStream& instructionStream = instructions();
</span><span class="cx">     for (const auto& instruction : instructionStream) {
</span><span class="cx">         OpcodeID opcodeID = instruction->opcodeID();
</span><span class="lines">@@ -548,15 +533,6 @@
</span><span class="cx">         LINK(OpCreatePromise)
</span><span class="cx">         LINK(OpCreateGenerator)
</span><span class="cx"> 
</span><del>-        LINK_WITH_BINARY_ARITH_PROFILE(OpAdd)
-        LINK_WITH_BINARY_ARITH_PROFILE(OpMul)
-        LINK_WITH_BINARY_ARITH_PROFILE(OpDiv)
-        LINK_WITH_BINARY_ARITH_PROFILE(OpSub)
-
-        LINK_WITH_UNARY_ARITH_PROFILE(OpNegate)
-        LINK_WITH_UNARY_ARITH_PROFILE(OpInc)
-        LINK_WITH_UNARY_ARITH_PROFILE(OpDec)
-
</del><span class="cx">         LINK(OpJneqPtr)
</span><span class="cx"> 
</span><span class="cx">         LINK(OpCatch)
</span><span class="lines">@@ -3413,13 +3389,13 @@
</span><span class="cx"> {
</span><span class="cx">     switch (pc->opcodeID()) {
</span><span class="cx">     case op_add:
</span><del>-        return pc->as<OpAdd>().metadata(this).m_arithProfile;
</del><ins>+        return &unlinkedCodeBlock()->binaryArithProfile(pc->as<OpAdd>().m_profileIndex);
</ins><span class="cx">     case op_mul:
</span><del>-        return pc->as<OpMul>().metadata(this).m_arithProfile;
</del><ins>+        return &unlinkedCodeBlock()->binaryArithProfile(pc->as<OpMul>().m_profileIndex);
</ins><span class="cx">     case op_sub:
</span><del>-        return pc->as<OpSub>().metadata(this).m_arithProfile;
</del><ins>+        return &unlinkedCodeBlock()->binaryArithProfile(pc->as<OpSub>().m_profileIndex);
</ins><span class="cx">     case op_div:
</span><del>-        return pc->as<OpDiv>().metadata(this).m_arithProfile;
</del><ins>+        return &unlinkedCodeBlock()->binaryArithProfile(pc->as<OpDiv>().m_profileIndex);
</ins><span class="cx">     default:
</span><span class="cx">         break;
</span><span class="cx">     }
</span><span class="lines">@@ -3431,11 +3407,11 @@
</span><span class="cx"> {
</span><span class="cx">     switch (pc->opcodeID()) {
</span><span class="cx">     case op_negate:
</span><del>-        return pc->as<OpNegate>().metadata(this).m_arithProfile;
</del><ins>+        return &unlinkedCodeBlock()->unaryArithProfile(pc->as<OpNegate>().m_profileIndex);
</ins><span class="cx">     case op_inc:
</span><del>-        return pc->as<OpInc>().metadata(this).m_arithProfile;
</del><ins>+        return &unlinkedCodeBlock()->unaryArithProfile(pc->as<OpInc>().m_profileIndex);
</ins><span class="cx">     case op_dec:
</span><del>-        return pc->as<OpDec>().metadata(this).m_arithProfile;
</del><ins>+        return &unlinkedCodeBlock()->unaryArithProfile(pc->as<OpDec>().m_profileIndex);
</ins><span class="cx">     default:
</span><span class="cx">         break;
</span><span class="cx">     }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp (283167 => 283168)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp       2021-09-28 13:37:17 UTC (rev 283167)
+++ trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp  2021-09-28 15:32:53 UTC (rev 283168)
</span><span class="lines">@@ -361,7 +361,7 @@
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> 
</span><del>-void UnlinkedCodeBlock::allocateSharedProfiles()
</del><ins>+void UnlinkedCodeBlock::allocateSharedProfiles(unsigned numBinaryArithProfiles, unsigned numUnaryArithProfiles)
</ins><span class="cx"> {
</span><span class="cx">     RELEASE_ASSERT(!m_metadata->isFinalized());
</span><span class="cx"> 
</span><span class="lines">@@ -389,19 +389,10 @@
</span><span class="cx">         numberOfArrayProfiles += m_metadata->numEntries<OpIteratorNext>();
</span><span class="cx">         numberOfArrayProfiles += m_metadata->numEntries<OpGetById>();
</span><span class="cx">         m_arrayProfiles = FixedVector<UnlinkedArrayProfile>(numberOfArrayProfiles);
</span><ins>+    }
</ins><span class="cx"> 
</span><del>-        unsigned numberOfBinaryArithProfiles = 0;
-#define COUNT(__op) numberOfBinaryArithProfiles += m_metadata->numEntries<__op>();
-        FOR_EACH_OPCODE_WITH_BINARY_ARITH_PROFILE(COUNT)
-#undef COUNT
-        m_binaryArithProfiles = FixedVector<BinaryArithProfile>(numberOfBinaryArithProfiles);
-
-        unsigned numberOfUnaryArithProfiles = 0;
-#define COUNT(__op) numberOfUnaryArithProfiles += m_metadata->numEntries<__op>();
-        FOR_EACH_OPCODE_WITH_UNARY_ARITH_PROFILE(COUNT)
-#undef COUNT
-        m_unaryArithProfiles = FixedVector<UnaryArithProfile>(numberOfUnaryArithProfiles);
-    }
</del><ins>+    m_binaryArithProfiles = FixedVector<BinaryArithProfile>(numBinaryArithProfiles);
+    m_unaryArithProfiles = FixedVector<UnaryArithProfile>(numUnaryArithProfiles);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h (283167 => 283168)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h 2021-09-28 13:37:17 UTC (rev 283167)
+++ trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h    2021-09-28 15:32:53 UTC (rev 283168)
</span><span class="lines">@@ -352,7 +352,7 @@
</span><span class="cx">         // Some builtins are required to always complete the loops they run.
</span><span class="cx">         return !isBuiltinFunction();
</span><span class="cx">     }
</span><del>-    void allocateSharedProfiles();
</del><ins>+    void allocateSharedProfiles(unsigned numBinaryArithProfiles, unsigned numUnaryArithProfiles);
</ins><span class="cx">     UnlinkedValueProfile& unlinkedValueProfile(unsigned index) { return m_valueProfiles[index]; }
</span><span class="cx">     UnlinkedArrayProfile& unlinkedArrayProfile(unsigned index) { return m_arrayProfiles[index]; }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockGeneratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlockGenerator.cpp (283167 => 283168)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlockGenerator.cpp      2021-09-28 13:37:17 UTC (rev 283167)
+++ trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlockGenerator.cpp 2021-09-28 15:32:53 UTC (rev 283168)
</span><span class="lines">@@ -119,7 +119,7 @@
</span><span class="cx">     {
</span><span class="cx">         Locker locker { m_codeBlock->cellLock() };
</span><span class="cx">         m_codeBlock->m_instructions = WTFMove(instructions);
</span><del>-        m_codeBlock->allocateSharedProfiles();
</del><ins>+        m_codeBlock->allocateSharedProfiles(m_numBinaryArithProfiles, m_numUnaryArithProfiles);
</ins><span class="cx">         m_codeBlock->m_metadata->finalize();
</span><span class="cx"> 
</span><span class="cx">         m_codeBlock->m_jumpTargets = WTFMove(m_jumpTargets);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockGeneratorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlockGenerator.h (283167 => 283168)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlockGenerator.h        2021-09-28 13:37:17 UTC (rev 283167)
+++ trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlockGenerator.h   2021-09-28 15:32:53 UTC (rev 283168)
</span><span class="lines">@@ -200,6 +200,9 @@
</span><span class="cx"> 
</span><span class="cx">     void dump(PrintStream&) const;
</span><span class="cx"> 
</span><ins>+    unsigned addBinaryArithProfile() { return m_numBinaryArithProfiles++; }
+    unsigned addUnaryArithProfile() { return m_numUnaryArithProfiles++; }
+
</ins><span class="cx"> private:
</span><span class="cx">     VM& m_vm;
</span><span class="cx">     Strong<UnlinkedCodeBlock> m_codeBlock;
</span><span class="lines">@@ -221,6 +224,8 @@
</span><span class="cx">     Vector<InstructionStream::Offset> m_opProfileControlFlowBytecodeOffsets;
</span><span class="cx">     Vector<BitVector> m_bitVectors;
</span><span class="cx">     Vector<IdentifierSet> m_constantIdentifierSets;
</span><ins>+    unsigned m_numBinaryArithProfiles { 0 };
+    unsigned m_numUnaryArithProfiles { 0 };
</ins><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (283167 => 283168)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp   2021-09-28 13:37:17 UTC (rev 283167)
+++ trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp      2021-09-28 15:32:53 UTC (rev 283168)
</span><span class="lines">@@ -1609,7 +1609,7 @@
</span><span class="cx">         emitUnaryOp<OpNot>(dst, src);
</span><span class="cx">         break;
</span><span class="cx">     case op_negate:
</span><del>-        OpNegate::emit(this, dst, src, type);
</del><ins>+        OpNegate::emit(this, dst, src, m_codeBlock->addUnaryArithProfile(), type);
</ins><span class="cx">         break;
</span><span class="cx">     case op_bitnot:
</span><span class="cx">         emitUnaryOp<OpBitnot>(dst, src);
</span><span class="lines">@@ -1707,13 +1707,13 @@
</span><span class="cx"> 
</span><span class="cx"> RegisterID* BytecodeGenerator::emitInc(RegisterID* srcDst)
</span><span class="cx"> {
</span><del>-    OpInc::emit(this, srcDst);
</del><ins>+    OpInc::emit(this, srcDst, m_codeBlock->addUnaryArithProfile());
</ins><span class="cx">     return srcDst;
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> RegisterID* BytecodeGenerator::emitDec(RegisterID* srcDst)
</span><span class="cx"> {
</span><del>-    OpDec::emit(this, srcDst);
</del><ins>+    OpDec::emit(this, srcDst, m_codeBlock->addUnaryArithProfile());
</ins><span class="cx">     return srcDst;
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h (283167 => 283168)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h     2021-09-28 13:37:17 UTC (rev 283167)
+++ trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h        2021-09-28 15:32:53 UTC (rev 283168)
</span><span class="lines">@@ -682,7 +682,7 @@
</span><span class="cx">             RegisterID*>
</span><span class="cx">         emitBinaryOp(RegisterID* dst, RegisterID* src1, RegisterID* src2, OperandTypes types)
</span><span class="cx">         {
</span><del>-            BinaryOp::emit(this, dst, src1, src2, types);
</del><ins>+            BinaryOp::emit(this, dst, src1, src2, m_codeBlock->addBinaryArithProfile(), types);
</ins><span class="cx">             return dst;
</span><span class="cx">         }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITArithmeticcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITArithmetic.cpp (283167 => 283168)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITArithmetic.cpp        2021-09-28 13:37:17 UTC (rev 283167)
+++ trunk/Source/JavaScriptCore/jit/JITArithmetic.cpp   2021-09-28 15:32:53 UTC (rev 283168)
</span><span class="lines">@@ -722,7 +722,7 @@
</span><span class="cx"> 
</span><span class="cx"> void JIT::emit_op_negate(const Instruction* currentInstruction)
</span><span class="cx"> {
</span><del>-    UnaryArithProfile* arithProfile = currentInstruction->as<OpNegate>().metadata(m_profiledCodeBlock).m_arithProfile;
</del><ins>+    UnaryArithProfile* arithProfile = &m_unlinkedCodeBlock->unaryArithProfile(currentInstruction->as<OpNegate>().m_profileIndex);
</ins><span class="cx">     JITNegIC* negateIC = m_mathICs.addJITNegIC(arithProfile);
</span><span class="cx">     m_instructionToMathIC.add(currentInstruction, negateIC);
</span><span class="cx">     // FIXME: it would be better to call those operationValueNegate, since the operand can be a BigInt
</span><span class="lines">@@ -904,7 +904,7 @@
</span><span class="cx"> 
</span><span class="cx"> void JIT::emit_op_add(const Instruction* currentInstruction)
</span><span class="cx"> {
</span><del>-    BinaryArithProfile* arithProfile = currentInstruction->as<OpAdd>().metadata(m_profiledCodeBlock).m_arithProfile;
</del><ins>+    BinaryArithProfile* arithProfile = &m_unlinkedCodeBlock->binaryArithProfile(currentInstruction->as<OpAdd>().m_profileIndex);
</ins><span class="cx">     JITAddIC* addIC = m_mathICs.addJITAddIC(arithProfile);
</span><span class="cx">     m_instructionToMathIC.add(currentInstruction, addIC);
</span><span class="cx">     emitMathICFast<OpAdd>(addIC, currentInstruction, operationValueAddProfiled, operationValueAdd);
</span><span class="lines">@@ -1175,7 +1175,7 @@
</span><span class="cx"> 
</span><span class="cx">     BinaryArithProfile* arithProfile = nullptr;
</span><span class="cx">     if (shouldEmitProfiling())
</span><del>-        arithProfile = currentInstruction->as<OpDiv>().metadata(m_profiledCodeBlock).m_arithProfile;
</del><ins>+        arithProfile = &m_unlinkedCodeBlock->binaryArithProfile(currentInstruction->as<OpDiv>().m_profileIndex);
</ins><span class="cx"> 
</span><span class="cx">     SnippetOperand leftOperand(bytecode.m_operandTypes.first());
</span><span class="cx">     SnippetOperand rightOperand(bytecode.m_operandTypes.second());
</span><span class="lines">@@ -1220,7 +1220,7 @@
</span><span class="cx"> 
</span><span class="cx"> void JIT::emit_op_mul(const Instruction* currentInstruction)
</span><span class="cx"> {
</span><del>-    BinaryArithProfile* arithProfile = currentInstruction->as<OpMul>().metadata(m_profiledCodeBlock).m_arithProfile;
</del><ins>+    BinaryArithProfile* arithProfile = &m_unlinkedCodeBlock->binaryArithProfile(currentInstruction->as<OpMul>().m_profileIndex);
</ins><span class="cx">     JITMulIC* mulIC = m_mathICs.addJITMulIC(arithProfile);
</span><span class="cx">     m_instructionToMathIC.add(currentInstruction, mulIC);
</span><span class="cx">     emitMathICFast<OpMul>(mulIC, currentInstruction, operationValueMulProfiled, operationValueMul);
</span><span class="lines">@@ -1236,7 +1236,7 @@
</span><span class="cx"> 
</span><span class="cx"> void JIT::emit_op_sub(const Instruction* currentInstruction)
</span><span class="cx"> {
</span><del>-    BinaryArithProfile* arithProfile = currentInstruction->as<OpSub>().metadata(m_profiledCodeBlock).m_arithProfile;
</del><ins>+    BinaryArithProfile* arithProfile = &m_unlinkedCodeBlock->binaryArithProfile(currentInstruction->as<OpSub>().m_profileIndex);
</ins><span class="cx">     JITSubIC* subIC = m_mathICs.addJITSubIC(arithProfile);
</span><span class="cx">     m_instructionToMathIC.add(currentInstruction, subIC);
</span><span class="cx">     emitMathICFast<OpSub>(subIC, currentInstruction, operationValueSubProfiled, operationValueSub);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLowLevelInterpreterasm"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm (283167 => 283168)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm        2021-09-28 13:37:17 UTC (rev 283167)
+++ trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm   2021-09-28 15:32:53 UTC (rev 283168)
</span><span class="lines">@@ -2566,14 +2566,20 @@
</span><span class="cx"> end
</span><span class="cx"> 
</span><span class="cx"> 
</span><del>-macro updateUnaryArithProfile(opcodeStruct, type, metadata, temp)
-    loadp %opcodeStruct%::Metadata::m_arithProfile[metadata], temp
-    orh type, UnaryArithProfile::m_bits[temp]
</del><ins>+macro updateUnaryArithProfile(size, opcodeStruct, type, scratch1, scratch2)
+    getu(size, opcodeStruct, m_profileIndex, scratch1)
+    loadp CodeBlock[cfr], scratch2
+    loadp CodeBlock::m_unlinkedCode[scratch2], scratch2
+    loadp UnlinkedCodeBlock::m_unaryArithProfiles + FixedVector::m_storage + RefCountedArray::m_data[scratch2], scratch2
+    orh type, UnaryArithProfile::m_bits[scratch2, scratch1, 2]
</ins><span class="cx"> end
</span><span class="cx"> 
</span><del>-macro updateBinaryArithProfile(opcodeStruct, type, metadata, temp)
-    loadp %opcodeStruct%::Metadata::m_arithProfile[metadata], temp
-    orh type, BinaryArithProfile::m_bits[temp]
</del><ins>+macro updateBinaryArithProfile(size, opcodeStruct, type, scratch1, scratch2)
+    getu(size, opcodeStruct, m_profileIndex, scratch1)
+    loadp CodeBlock[cfr], scratch2
+    loadp CodeBlock::m_unlinkedCode[scratch2], scratch2
+    loadp UnlinkedCodeBlock::m_binaryArithProfiles + FixedVector::m_storage + RefCountedArray::m_data[scratch2], scratch2
+    orh type, BinaryArithProfile::m_bits[scratch2, scratch1, 2]
</ins><span class="cx"> end
</span><span class="cx"> 
</span><span class="cx"> // FIXME: We should not need the X86_64_WIN condition here, since WEBASSEMBLY should already be false on Windows
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLowLevelInterpreter32_64asm"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (283167 => 283168)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm   2021-09-28 13:37:17 UTC (rev 283167)
+++ trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm      2021-09-28 15:32:53 UTC (rev 283168)
</span><span class="lines">@@ -1012,14 +1012,13 @@
</span><span class="cx"> 
</span><span class="cx"> macro preOp(opcodeName, opcodeStruct, integerOperation)
</span><span class="cx">     llintOpWithMetadata(op_%opcodeName%, opcodeStruct, macro (size, get, dispatch, metadata, return)
</span><del>-        metadata(t1, t2)
</del><span class="cx">         get(m_srcDst, t0)
</span><span class="cx">         bineq TagOffset[cfr, t0, 8], Int32Tag, .slow
</span><span class="cx">         loadi PayloadOffset[cfr, t0, 8], t2
</span><del>-        # Metadata in t1, srcDst in t2
</del><ins>+        # srcDst in t2
</ins><span class="cx">         integerOperation(t2, .slow)
</span><span class="cx">         storei t2, PayloadOffset[cfr, t0, 8]
</span><del>-        updateUnaryArithProfile(opcodeStruct, ArithProfileInt, t1, t2)
</del><ins>+        updateUnaryArithProfile(size, opcodeStruct, ArithProfileInt, t5, t2)
</ins><span class="cx">         dispatch()
</span><span class="cx"> 
</span><span class="cx">     .slow:
</span><span class="lines">@@ -1084,19 +1083,17 @@
</span><span class="cx"> 
</span><span class="cx"> 
</span><span class="cx"> llintOpWithMetadata(op_negate, OpNegate, macro (size, get, dispatch, metadata, return)
</span><del>-
-    metadata(t5, t0)
</del><span class="cx">     get(m_operand, t0)
</span><span class="cx">     loadConstantOrVariable(size, t0, t1, t2)
</span><span class="cx">     bineq t1, Int32Tag, .opNegateSrcNotInt
</span><span class="cx">     btiz t2, 0x7fffffff, .opNegateSlow
</span><span class="cx">     negi t2
</span><del>-    updateUnaryArithProfile(OpNegate, ArithProfileInt, t5, t3)
</del><ins>+    updateUnaryArithProfile(size, OpNegate, ArithProfileInt, t0, t3)
</ins><span class="cx">     return (Int32Tag, t2)
</span><span class="cx"> .opNegateSrcNotInt:
</span><span class="cx">     bia t1, LowestTag, .opNegateSlow
</span><span class="cx">     xori 0x80000000, t1
</span><del>-    updateUnaryArithProfile(OpNegate, ArithProfileNumber, t5, t3)
</del><ins>+    updateUnaryArithProfile(size, OpNegate, ArithProfileNumber, t0, t3)
</ins><span class="cx">     return(t1, t2)
</span><span class="cx"> 
</span><span class="cx"> .opNegateSlow:
</span><span class="lines">@@ -1107,7 +1104,6 @@
</span><span class="cx"> 
</span><span class="cx"> macro binaryOpCustomStore(opcodeName, opcodeStruct, integerOperationAndStore, doubleOperation)
</span><span class="cx">     llintOpWithMetadata(op_%opcodeName%, opcodeStruct, macro (size, get, dispatch, metadata, return)
</span><del>-        metadata(t5, t2)
</del><span class="cx">         get(m_rhs, t2)
</span><span class="cx">         get(m_lhs, t0)
</span><span class="cx">         loadConstantOrVariable(size, t2, t3, t1)
</span><span class="lines">@@ -1114,7 +1110,7 @@
</span><span class="cx">         loadConstantOrVariable2Reg(size, t0, t2, t0)
</span><span class="cx">         bineq t2, Int32Tag, .op1NotInt
</span><span class="cx">         bineq t3, Int32Tag, .op2NotInt
</span><del>-        updateBinaryArithProfile(opcodeStruct, ArithProfileIntInt, t5, t2)
</del><ins>+        updateBinaryArithProfile(size, opcodeStruct, ArithProfileIntInt, t5, t2)
</ins><span class="cx">         get(m_dst, t2)
</span><span class="cx">         integerOperationAndStore(t3, t1, t0, .slow, t2)
</span><span class="cx">         dispatch()
</span><span class="lines">@@ -1124,12 +1120,12 @@
</span><span class="cx">         bia t2, LowestTag, .slow
</span><span class="cx">         bib t3, LowestTag, .op1NotIntOp2Double
</span><span class="cx">         bineq t3, Int32Tag, .slow
</span><del>-        updateBinaryArithProfile(opcodeStruct, ArithProfileNumberInt, t5, t4)
</del><ins>+        updateBinaryArithProfile(size, opcodeStruct, ArithProfileNumberInt, t5, t4)
</ins><span class="cx">         ci2ds t1, ft1
</span><span class="cx">         jmp .op1NotIntReady
</span><span class="cx">     .op1NotIntOp2Double:
</span><span class="cx">         fii2d t1, t3, ft1
</span><del>-        updateBinaryArithProfile(opcodeStruct, ArithProfileNumberNumber, t5, t4)
</del><ins>+        updateBinaryArithProfile(size, opcodeStruct, ArithProfileNumberNumber, t5, t4)
</ins><span class="cx">     .op1NotIntReady:
</span><span class="cx">         get(m_dst, t1)
</span><span class="cx">         fii2d t0, t2, ft0
</span><span class="lines">@@ -1141,7 +1137,7 @@
</span><span class="cx">         # First operand is definitely an int, the second operand is definitely not.
</span><span class="cx">         get(m_dst, t2)
</span><span class="cx">         bia t3, LowestTag, .slow
</span><del>-        updateBinaryArithProfile(opcodeStruct, ArithProfileIntNumber, t5, t4)
</del><ins>+        updateBinaryArithProfile(size, opcodeStruct, ArithProfileIntNumber, t5, t4)
</ins><span class="cx">         ci2ds t0, ft0
</span><span class="cx">         fii2d t1, t3, ft1
</span><span class="cx">         doubleOperation(ft1, ft0)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLowLevelInterpreter64asm"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (283167 => 283168)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm      2021-09-28 13:37:17 UTC (rev 283167)
+++ trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm 2021-09-28 15:32:53 UTC (rev 283168)
</span><span class="lines">@@ -1078,14 +1078,13 @@
</span><span class="cx">     llintOpWithMetadata(op_%opcodeName%, opcodeStruct, macro (size, get, dispatch, metadata, return)
</span><span class="cx">         get(m_srcDst, t0)
</span><span class="cx">         loadq [cfr, t0, 8], t1
</span><del>-        metadata(t2, t3)
-        # srcDst in t1, metadata in t2
</del><ins>+        # srcDst in t1
</ins><span class="cx">         # FIXME: the next line jumps to the slow path for BigInt32. We could instead have a dedicated path in here for them.
</span><span class="cx">         bqb t1, numberTag, .slow
</span><span class="cx">         integerOperation(t1, .slow)
</span><span class="cx">         orq numberTag, t1
</span><span class="cx">         storeq t1, [cfr, t0, 8]
</span><del>-        updateUnaryArithProfile(opcodeStruct, ArithProfileInt, t2, t3)
</del><ins>+        updateUnaryArithProfile(size, opcodeStruct, ArithProfileInt, t5, t3)
</ins><span class="cx">         dispatch()
</span><span class="cx"> 
</span><span class="cx">     .slow:
</span><span class="lines">@@ -1152,17 +1151,16 @@
</span><span class="cx"> llintOpWithMetadata(op_negate, OpNegate, macro (size, get, dispatch, metadata, return)
</span><span class="cx">     get(m_operand, t0)
</span><span class="cx">     loadConstantOrVariable(size, t0, t3)
</span><del>-    metadata(t1, t2)
</del><span class="cx">     bqb t3, numberTag, .opNegateNotInt
</span><span class="cx">     btiz t3, 0x7fffffff, .opNegateSlow
</span><span class="cx">     negi t3
</span><span class="cx">     orq numberTag, t3
</span><del>-    updateUnaryArithProfile(OpNegate, ArithProfileInt, t1, t2)
</del><ins>+    updateUnaryArithProfile(size, OpNegate, ArithProfileInt, t1, t2)
</ins><span class="cx">     return(t3)
</span><span class="cx"> .opNegateNotInt:
</span><span class="cx">     btqz t3, numberTag, .opNegateSlow
</span><span class="cx">     xorq 0x8000000000000000, t3
</span><del>-    updateUnaryArithProfile(OpNegate, ArithProfileNumber, t1, t2)
</del><ins>+    updateUnaryArithProfile(size, OpNegate, ArithProfileNumber, t1, t2)
</ins><span class="cx">     return(t3)
</span><span class="cx"> 
</span><span class="cx"> .opNegateSlow:
</span><span class="lines">@@ -1173,8 +1171,6 @@
</span><span class="cx"> 
</span><span class="cx"> macro binaryOpCustomStore(opcodeName, opcodeStruct, integerOperationAndStore, doubleOperation)
</span><span class="cx">     llintOpWithMetadata(op_%opcodeName%, opcodeStruct, macro (size, get, dispatch, metadata, return)
</span><del>-        metadata(t5, t0)
-
</del><span class="cx">         get(m_rhs, t0)
</span><span class="cx">         get(m_lhs, t2)
</span><span class="cx">         loadConstantOrVariable(size, t0, t1)
</span><span class="lines">@@ -1184,7 +1180,7 @@
</span><span class="cx">         get(m_dst, t2)
</span><span class="cx">         integerOperationAndStore(t1, t0, .slow, t2)
</span><span class="cx"> 
</span><del>-        updateBinaryArithProfile(opcodeStruct, ArithProfileIntInt, t5, t2)
</del><ins>+        updateBinaryArithProfile(size, opcodeStruct, ArithProfileIntInt, t5, t2)
</ins><span class="cx">         dispatch()
</span><span class="cx"> 
</span><span class="cx">     .op1NotInt:
</span><span class="lines">@@ -1194,10 +1190,10 @@
</span><span class="cx">         btqz t1, numberTag, .slow
</span><span class="cx">         addq numberTag, t1
</span><span class="cx">         fq2d t1, ft1
</span><del>-        updateBinaryArithProfile(opcodeStruct, ArithProfileNumberNumber, t5, t2)
</del><ins>+        updateBinaryArithProfile(size, opcodeStruct, ArithProfileNumberNumber, t5, t2)
</ins><span class="cx">         jmp .op1NotIntReady
</span><span class="cx">     .op1NotIntOp2Int:
</span><del>-        updateBinaryArithProfile(opcodeStruct, ArithProfileNumberInt, t5, t2)
</del><ins>+        updateBinaryArithProfile(size, opcodeStruct, ArithProfileNumberInt, t5, t2)
</ins><span class="cx">         ci2ds t1, ft1
</span><span class="cx">     .op1NotIntReady:
</span><span class="cx">         get(m_dst, t2)
</span><span class="lines">@@ -1212,7 +1208,7 @@
</span><span class="cx">     .op2NotInt:
</span><span class="cx">         # First operand is definitely an int, the second is definitely not.
</span><span class="cx">         btqz t1, numberTag, .slow
</span><del>-        updateBinaryArithProfile(opcodeStruct, ArithProfileIntNumber, t5, t2)
</del><ins>+        updateBinaryArithProfile(size, opcodeStruct, ArithProfileIntNumber, t5, t2)
</ins><span class="cx">         get(m_dst, t2)
</span><span class="cx">         ci2ds t0, ft0
</span><span class="cx">         addq numberTag, t1
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreofflineasmclooprb"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/offlineasm/cloop.rb (283167 => 283168)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/offlineasm/cloop.rb  2021-09-28 13:37:17 UTC (rev 283167)
+++ trunk/Source/JavaScriptCore/offlineasm/cloop.rb     2021-09-28 15:32:53 UTC (rev 283168)
</span><span class="lines">@@ -259,9 +259,11 @@
</span><span class="cx">         case type
</span><span class="cx">         when :int8;       int8MemRef
</span><span class="cx">         when :int32;      int32MemRef
</span><ins>+        when :int16;      int16MemRef
</ins><span class="cx">         when :int64;      int64MemRef
</span><span class="cx">         when :intptr;     intptrMemRef
</span><span class="cx">         when :uint8;      uint8MemRef
</span><ins>+        when :uint16;     uint16MemRef
</ins><span class="cx">         when :uint32;     uint32MemRef
</span><span class="cx">         when :uint64;     uint64MemRef
</span><span class="cx">         when :uintptr;    uintptrMemRef
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeCommonSlowPathscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp (283167 => 283168)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp  2021-09-28 13:37:17 UTC (rev 283167)
+++ trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp     2021-09-28 15:32:53 UTC (rev 283168)
</span><span class="lines">@@ -478,9 +478,8 @@
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> #if ENABLE(JIT)
</span><del>-static void updateArithProfileForUnaryArithOp(OpNegate::Metadata& metadata, JSValue result, JSValue operand)
</del><ins>+static void updateArithProfileForUnaryArithOp(UnaryArithProfile& profile, JSValue result, JSValue operand)
</ins><span class="cx"> {
</span><del>-    UnaryArithProfile& profile = *metadata.m_arithProfile;
</del><span class="cx">     profile.observeArg(operand);
</span><span class="cx">     ASSERT(result.isNumber() || result.isBigInt());
</span><span class="cx"> 
</span><span class="lines">@@ -514,7 +513,7 @@
</span><span class="cx">     }
</span><span class="cx"> }
</span><span class="cx"> #else
</span><del>-static void updateArithProfileForUnaryArithOp(OpNegate::Metadata&, JSValue, JSValue) { }
</del><ins>+static void updateArithProfileForUnaryArithOp(UnaryArithProfile&, JSValue, JSValue) { }
</ins><span class="cx"> #endif
</span><span class="cx"> 
</span><span class="cx"> JSC_DEFINE_COMMON_SLOW_PATH(slow_path_negate)
</span><span class="lines">@@ -521,17 +520,18 @@
</span><span class="cx"> {
</span><span class="cx">     BEGIN();
</span><span class="cx">     auto bytecode = pc->as<OpNegate>();
</span><del>-    auto& metadata = bytecode.metadata(codeBlock);
</del><span class="cx">     JSValue operand = GET_C(bytecode.m_operand).jsValue();
</span><span class="cx">     JSValue primValue = operand.toPrimitive(globalObject, PreferNumber);
</span><span class="cx">     CHECK_EXCEPTION();
</span><span class="cx"> 
</span><ins>+    auto& profile = codeBlock->unlinkedCodeBlock()->unaryArithProfile(bytecode.m_profileIndex);
+
</ins><span class="cx"> #if USE(BIGINT32)
</span><span class="cx">     if (primValue.isBigInt32()) {
</span><span class="cx">         JSValue result = JSBigInt::unaryMinus(globalObject, primValue.bigInt32AsInt32());
</span><span class="cx">         CHECK_EXCEPTION();
</span><span class="cx">         RETURN_WITH_PROFILING(result, {
</span><del>-            updateArithProfileForUnaryArithOp(metadata, result, operand);
</del><ins>+            updateArithProfileForUnaryArithOp(profile, result, operand);
</ins><span class="cx">         });
</span><span class="cx">     }
</span><span class="cx"> #endif
</span><span class="lines">@@ -540,7 +540,7 @@
</span><span class="cx">         JSValue result = JSBigInt::unaryMinus(globalObject, primValue.asHeapBigInt());
</span><span class="cx">         CHECK_EXCEPTION();
</span><span class="cx">         RETURN_WITH_PROFILING(result, {
</span><del>-            updateArithProfileForUnaryArithOp(metadata, result, operand);
</del><ins>+            updateArithProfileForUnaryArithOp(profile, result, operand);
</ins><span class="cx">         });
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -547,7 +547,7 @@
</span><span class="cx">     JSValue result = jsNumber(-primValue.toNumber(globalObject));
</span><span class="cx">     CHECK_EXCEPTION();
</span><span class="cx">     RETURN_WITH_PROFILING(result, {
</span><del>-        updateArithProfileForUnaryArithOp(metadata, result, operand);
</del><ins>+        updateArithProfileForUnaryArithOp(profile, result, operand);
</ins><span class="cx">     });
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre>
</div>
</div>

</body>
</html>