[webkit-dev] Mystery of resolve_global bytecode instruction

Filip Pizlo fpizlo at apple.com
Thu Jul 19 13:17:24 PDT 2012 

On Jul 19, 2012, at 2:28 AM, wingoog moon <wingoog91 at gmail.com> wrote:

> Hi all.
> 
> I'm trying to understand how resolve_global instruction works for several days. Let's look at the code
> 
> void JIT::emit_op_resolve_global(Instruction* currentInstruction, bool)
> {
> 
>  // Fast case
>     void* globalObject = m_codeBlock->globalObject();
>     unsigned currentIndex = m_globalResolveInfoIndex++;
>     GlobalResolveInfo* resolveInfoAddress = &(m_codeBlock->globalResolveInfo(currentIndex));
> 
>     // Check Structure of global object
> 
>     move(TrustedImmPtr(globalObject), regT0); //loads address of globalObject to eax(regT0)
>     move(TrustedImmPtr(resolveInfoAddress), regT2);// loads address of resolveInfoAddress to ecx(regT2)
>     loadPtr(Address(regT2, OBJECT_OFFSETOF(GlobalResolveInfo, structure)), regT1);
>     addSlowCase(branchPtr(NotEqual, regT1, Address(regT0, JSCell::structureOffset()))); // Structures don't match // Do some checking
> 
> 
> 
>     // Load cached property
>     // Assume that the global object always uses external storage.
>     loadPtr(Address(regT0, OBJECT_OFFSETOF(JSGlobalObject, m_propertyStorage)), regT0); // loads m_propertyStorage to eax
> 
> // Here is interesting thing happens
> // offset member of  GlobalResolveInfo class is always 0;

No, it isn't.  It may be initially zero, but the offset changes.

>   load32(Address(regT2, OBJECT_OFFSETOF(GlobalResolveInfo, offset)), regT1); //move value of GlobalResolveInfo offset member(it's always 0 ) to edx(regT1)
> 
> //So here we always mov same value to eax(regT0), regardless of whether our global Array , String or Object
>     loadPtr(BaseIndex(regT0, regT1, ScalePtr), regT0); 
>     emitValueProfilingSite();
>     emitPutVirtualRegister(currentInstruction[1].u.operand);
> 
> }
> 
> So
> 
> 1. What is mystery of this instruction, how it's really works let's say for this example???
> 
> var a=Array(5);
> var s=String;
> var o=Object;
> 
> 
> 2. What is in m_propertyStorage, and when it's sets?

In your version of the code (which is a bit old), m_propertyStorage points to an array that holds the values of all of the properties of the object.

> 
> 
> Thanks for attention!
> 
> 
> 
> 
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo/webkit-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20120719/7dc595ad/attachment.html>

More information about the webkit-dev mailing list