7ec0ba430e66f7418339d9834f5f62ab1c6e9f90
[WebKit-https.git] / Source / JavaScriptCore / bytecode / PutByIdStatus.cpp
1 /*
2  * Copyright (C) 2012, 2013, 2014 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #include "config.h"
27 #include "PutByIdStatus.h"
28
29 #include "AccessorCallJITStubRoutine.h"
30 #include "CodeBlock.h"
31 #include "ComplexGetStatus.h"
32 #include "LLIntData.h"
33 #include "LowLevelInterpreter.h"
34 #include "JSCInlines.h"
35 #include "PolymorphicPutByIdList.h"
36 #include "Structure.h"
37 #include "StructureChain.h"
38 #include <wtf/ListDump.h>
39
40 namespace JSC {
41
42 bool PutByIdStatus::appendVariant(const PutByIdVariant& variant)
43 {
44     for (unsigned i = 0; i < m_variants.size(); ++i) {
45         if (m_variants[i].attemptToMerge(variant))
46             return true;
47     }
48     for (unsigned i = 0; i < m_variants.size(); ++i) {
49         if (m_variants[i].oldStructure().overlaps(variant.oldStructure()))
50             return false;
51     }
52     m_variants.append(variant);
53     return true;
54 }
55
56 #if ENABLE(DFG_JIT)
57 bool PutByIdStatus::hasExitSite(const ConcurrentJITLocker& locker, CodeBlock* profiledBlock, unsigned bytecodeIndex, ExitingJITType exitType)
58 {
59     return profiledBlock->hasExitSite(locker, DFG::FrequentExitSite(bytecodeIndex, BadCache, exitType))
60         || profiledBlock->hasExitSite(locker, DFG::FrequentExitSite(bytecodeIndex, BadConstantCache, exitType));
61     
62 }
63 #endif
64
65 PutByIdStatus PutByIdStatus::computeFromLLInt(CodeBlock* profiledBlock, unsigned bytecodeIndex, AtomicStringImpl* uid)
66 {
67     UNUSED_PARAM(profiledBlock);
68     UNUSED_PARAM(bytecodeIndex);
69     UNUSED_PARAM(uid);
70     Instruction* instruction = profiledBlock->instructions().begin() + bytecodeIndex;
71
72     Structure* structure = instruction[4].u.structure.get();
73     if (!structure)
74         return PutByIdStatus(NoInformation);
75     
76     if (instruction[0].u.opcode == LLInt::getOpcode(op_put_by_id)
77         || instruction[0].u.opcode == LLInt::getOpcode(op_put_by_id_out_of_line)) {
78         PropertyOffset offset = structure->getConcurrently(uid);
79         if (!isValidOffset(offset))
80             return PutByIdStatus(NoInformation);
81         
82         return PutByIdVariant::replace(structure, offset);
83     }
84     
85     ASSERT(structure->transitionWatchpointSetHasBeenInvalidated());
86     
87     ASSERT(instruction[0].u.opcode == LLInt::getOpcode(op_put_by_id_transition_direct)
88         || instruction[0].u.opcode == LLInt::getOpcode(op_put_by_id_transition_normal)
89         || instruction[0].u.opcode == LLInt::getOpcode(op_put_by_id_transition_direct_out_of_line)
90         || instruction[0].u.opcode == LLInt::getOpcode(op_put_by_id_transition_normal_out_of_line));
91     
92     Structure* newStructure = instruction[6].u.structure.get();
93     StructureChain* chain = instruction[7].u.structureChain.get();
94     ASSERT(newStructure);
95     ASSERT(chain);
96     
97     PropertyOffset offset = newStructure->getConcurrently(uid);
98     if (!isValidOffset(offset))
99         return PutByIdStatus(NoInformation);
100     
101     RefPtr<IntendedStructureChain> intendedChain;
102     if (chain)
103         intendedChain = adoptRef(new IntendedStructureChain(profiledBlock, structure, chain));
104     
105     return PutByIdVariant::transition(structure, newStructure, intendedChain.get(), offset);
106 }
107
108 PutByIdStatus PutByIdStatus::computeFor(CodeBlock* profiledBlock, StubInfoMap& map, unsigned bytecodeIndex, AtomicStringImpl* uid)
109 {
110     ConcurrentJITLocker locker(profiledBlock->m_lock);
111     
112     UNUSED_PARAM(profiledBlock);
113     UNUSED_PARAM(bytecodeIndex);
114     UNUSED_PARAM(uid);
115 #if ENABLE(DFG_JIT)
116     if (profiledBlock->likelyToTakeSlowCase(bytecodeIndex)
117         || hasExitSite(locker, profiledBlock, bytecodeIndex))
118         return PutByIdStatus(TakesSlowPath);
119     
120     StructureStubInfo* stubInfo = map.get(CodeOrigin(bytecodeIndex));
121     PutByIdStatus result = computeForStubInfo(
122         locker, profiledBlock, stubInfo, uid,
123         CallLinkStatus::computeExitSiteData(locker, profiledBlock, bytecodeIndex));
124     if (!result)
125         return computeFromLLInt(profiledBlock, bytecodeIndex, uid);
126     
127     return result;
128 #else // ENABLE(JIT)
129     UNUSED_PARAM(map);
130     return PutByIdStatus(NoInformation);
131 #endif // ENABLE(JIT)
132 }
133
134 #if ENABLE(JIT)
135 PutByIdStatus PutByIdStatus::computeForStubInfo(
136     const ConcurrentJITLocker& locker, CodeBlock* profiledBlock, StructureStubInfo* stubInfo,
137     AtomicStringImpl* uid, CallLinkStatus::ExitSiteData callExitSiteData)
138 {
139     if (!stubInfo || !stubInfo->seen)
140         return PutByIdStatus();
141     
142     switch (stubInfo->accessType) {
143     case access_unset:
144         // If the JIT saw it but didn't optimize it, then assume that this takes slow path.
145         return PutByIdStatus(TakesSlowPath);
146         
147     case access_put_by_id_replace: {
148         PropertyOffset offset =
149             stubInfo->u.putByIdReplace.baseObjectStructure->getConcurrently(uid);
150         if (isValidOffset(offset)) {
151             return PutByIdVariant::replace(
152                 stubInfo->u.putByIdReplace.baseObjectStructure.get(), offset);
153         }
154         return PutByIdStatus(TakesSlowPath);
155     }
156         
157     case access_put_by_id_transition_normal:
158     case access_put_by_id_transition_direct: {
159         ASSERT(stubInfo->u.putByIdTransition.previousStructure->transitionWatchpointSetHasBeenInvalidated());
160         PropertyOffset offset = 
161             stubInfo->u.putByIdTransition.structure->getConcurrently(uid);
162         if (isValidOffset(offset)) {
163             RefPtr<IntendedStructureChain> chain;
164             if (stubInfo->u.putByIdTransition.chain) {
165                 chain = adoptRef(new IntendedStructureChain(
166                     profiledBlock, stubInfo->u.putByIdTransition.previousStructure.get(),
167                     stubInfo->u.putByIdTransition.chain.get()));
168             }
169             return PutByIdVariant::transition(
170                 stubInfo->u.putByIdTransition.previousStructure.get(),
171                 stubInfo->u.putByIdTransition.structure.get(),
172                 chain.get(), offset);
173         }
174         return PutByIdStatus(TakesSlowPath);
175     }
176         
177     case access_put_by_id_list: {
178         PolymorphicPutByIdList* list = stubInfo->u.putByIdList.list;
179         
180         PutByIdStatus result;
181         result.m_state = Simple;
182         
183         State slowPathState = TakesSlowPath;
184         for (unsigned i = 0; i < list->size(); ++i) {
185             const PutByIdAccess& access = list->at(i);
186             
187             switch (access.type()) {
188             case PutByIdAccess::Setter:
189             case PutByIdAccess::CustomSetter:
190                 slowPathState = MakesCalls;
191                 break;
192             default:
193                 break;
194             }
195         }
196         
197         for (unsigned i = 0; i < list->size(); ++i) {
198             const PutByIdAccess& access = list->at(i);
199             
200             PutByIdVariant variant;
201             
202             switch (access.type()) {
203             case PutByIdAccess::Replace: {
204                 Structure* structure = access.structure();
205                 PropertyOffset offset = structure->getConcurrently(uid);
206                 if (!isValidOffset(offset))
207                     return PutByIdStatus(slowPathState);
208                 variant = PutByIdVariant::replace(structure, offset);
209                 break;
210             }
211                 
212             case PutByIdAccess::Transition: {
213                 PropertyOffset offset =
214                     access.newStructure()->getConcurrently(uid);
215                 if (!isValidOffset(offset))
216                     return PutByIdStatus(slowPathState);
217                 RefPtr<IntendedStructureChain> chain;
218                 if (access.chain()) {
219                     chain = adoptRef(new IntendedStructureChain(
220                         profiledBlock, access.oldStructure(), access.chain()));
221                     if (!chain->isStillValid())
222                         continue;
223                 }
224                 variant = PutByIdVariant::transition(
225                     access.oldStructure(), access.newStructure(), chain.get(), offset);
226                 break;
227             }
228                 
229             case PutByIdAccess::Setter: {
230                 Structure* structure = access.structure();
231                 
232                 ComplexGetStatus complexGetStatus = ComplexGetStatus::computeFor(
233                     profiledBlock, structure, access.chain(), access.chainCount(), uid);
234                 
235                 switch (complexGetStatus.kind()) {
236                 case ComplexGetStatus::ShouldSkip:
237                     continue;
238                     
239                 case ComplexGetStatus::TakesSlowPath:
240                     return PutByIdStatus(slowPathState);
241                     
242                 case ComplexGetStatus::Inlineable: {
243                     AccessorCallJITStubRoutine* stub = static_cast<AccessorCallJITStubRoutine*>(
244                         access.stubRoutine());
245                     std::unique_ptr<CallLinkStatus> callLinkStatus =
246                         std::make_unique<CallLinkStatus>(
247                             CallLinkStatus::computeFor(
248                                 locker, profiledBlock, *stub->m_callLinkInfo, callExitSiteData));
249                     
250                     variant = PutByIdVariant::setter(
251                         structure, complexGetStatus.offset(), complexGetStatus.chain(),
252                         WTF::move(callLinkStatus));
253                 } }
254                 break;
255             }
256                 
257             case PutByIdAccess::CustomSetter:
258                 return PutByIdStatus(MakesCalls);
259
260             default:
261                 return PutByIdStatus(slowPathState);
262             }
263             
264             if (!result.appendVariant(variant))
265                 return PutByIdStatus(slowPathState);
266         }
267         
268         return result;
269     }
270         
271     default:
272         return PutByIdStatus(TakesSlowPath);
273     }
274 }
275 #endif
276
277 PutByIdStatus PutByIdStatus::computeFor(CodeBlock* baselineBlock, CodeBlock* dfgBlock, StubInfoMap& baselineMap, StubInfoMap& dfgMap, CodeOrigin codeOrigin, AtomicStringImpl* uid)
278 {
279 #if ENABLE(DFG_JIT)
280     if (dfgBlock) {
281         CallLinkStatus::ExitSiteData exitSiteData;
282         {
283             ConcurrentJITLocker locker(baselineBlock->m_lock);
284             if (hasExitSite(locker, baselineBlock, codeOrigin.bytecodeIndex, ExitFromFTL))
285                 return PutByIdStatus(TakesSlowPath);
286             exitSiteData = CallLinkStatus::computeExitSiteData(
287                 locker, baselineBlock, codeOrigin.bytecodeIndex, ExitFromFTL);
288         }
289             
290         PutByIdStatus result;
291         {
292             ConcurrentJITLocker locker(dfgBlock->m_lock);
293             result = computeForStubInfo(
294                 locker, dfgBlock, dfgMap.get(codeOrigin), uid, exitSiteData);
295         }
296         
297         // We use TakesSlowPath in some cases where the stub was unset. That's weird and
298         // it would be better not to do that. But it means that we have to defend
299         // ourselves here.
300         if (result.isSimple())
301             return result;
302     }
303 #else
304     UNUSED_PARAM(dfgBlock);
305     UNUSED_PARAM(dfgMap);
306 #endif
307
308     return computeFor(baselineBlock, baselineMap, codeOrigin.bytecodeIndex, uid);
309 }
310
311 PutByIdStatus PutByIdStatus::computeFor(JSGlobalObject* globalObject, const StructureSet& set, AtomicStringImpl* uid, bool isDirect)
312 {
313     if (parseIndex(*uid))
314         return PutByIdStatus(TakesSlowPath);
315
316     if (set.isEmpty())
317         return PutByIdStatus();
318     
319     PutByIdStatus result;
320     result.m_state = Simple;
321     for (unsigned i = 0; i < set.size(); ++i) {
322         Structure* structure = set[i];
323         
324         if (structure->typeInfo().overridesGetOwnPropertySlot() && structure->typeInfo().type() != GlobalObjectType)
325             return PutByIdStatus(TakesSlowPath);
326
327         if (!structure->propertyAccessesAreCacheable())
328             return PutByIdStatus(TakesSlowPath);
329     
330         unsigned attributes;
331         PropertyOffset offset = structure->getConcurrently(uid, attributes);
332         if (isValidOffset(offset)) {
333             if (attributes & CustomAccessor)
334                 return PutByIdStatus(MakesCalls);
335
336             if (attributes & (Accessor | ReadOnly))
337                 return PutByIdStatus(TakesSlowPath);
338             
339             WatchpointSet* replaceSet = structure->propertyReplacementWatchpointSet(offset);
340             if (!replaceSet || replaceSet->isStillValid()) {
341                 // When this executes, it'll create, and fire, this replacement watchpoint set.
342                 // That means that  this has probably never executed or that something fishy is
343                 // going on. Also, we cannot create or fire the watchpoint set from the concurrent
344                 // JIT thread, so even if we wanted to do this, we'd need to have a lazy thingy.
345                 // So, better leave this alone and take slow path.
346                 return PutByIdStatus(TakesSlowPath);
347             }
348             
349             if (!result.appendVariant(PutByIdVariant::replace(structure, offset)))
350                 return PutByIdStatus(TakesSlowPath);
351             continue;
352         }
353     
354         // Our hypothesis is that we're doing a transition. Before we prove that this is really
355         // true, we want to do some sanity checks.
356     
357         // Don't cache put transitions on dictionaries.
358         if (structure->isDictionary())
359             return PutByIdStatus(TakesSlowPath);
360
361         // If the structure corresponds to something that isn't an object, then give up, since
362         // we don't want to be adding properties to strings.
363         if (!structure->typeInfo().isObject())
364             return PutByIdStatus(TakesSlowPath);
365     
366         RefPtr<IntendedStructureChain> chain;
367         if (!isDirect) {
368             chain = adoptRef(new IntendedStructureChain(globalObject, structure));
369         
370             // If the prototype chain has setters or read-only properties, then give up.
371             if (chain->mayInterceptStoreTo(uid))
372                 return PutByIdStatus(TakesSlowPath);
373         
374             // If the prototype chain hasn't been normalized (i.e. there are proxies or dictionaries)
375             // then give up. The dictionary case would only happen if this structure has not been
376             // used in an optimized put_by_id transition. And really the only reason why we would
377             // bail here is that I don't really feel like having the optimizing JIT go and flatten
378             // dictionaries if we have evidence to suggest that those objects were never used as
379             // prototypes in a cacheable prototype access - i.e. there's a good chance that some of
380             // the other checks below will fail.
381             if (structure->isProxy() || !chain->isNormalized())
382                 return PutByIdStatus(TakesSlowPath);
383         }
384     
385         // We only optimize if there is already a structure that the transition is cached to.
386         Structure* transition = Structure::addPropertyTransitionToExistingStructureConcurrently(structure, uid, 0, offset);
387         if (!transition)
388             return PutByIdStatus(TakesSlowPath);
389         ASSERT(isValidOffset(offset));
390     
391         bool didAppend = result.appendVariant(
392             PutByIdVariant::transition(structure, transition, chain.get(), offset));
393         if (!didAppend)
394             return PutByIdStatus(TakesSlowPath);
395     }
396     
397     return result;
398 }
399
400 bool PutByIdStatus::makesCalls() const
401 {
402     if (m_state == MakesCalls)
403         return true;
404     
405     if (m_state != Simple)
406         return false;
407     
408     for (unsigned i = m_variants.size(); i--;) {
409         if (m_variants[i].makesCalls())
410             return true;
411     }
412     
413     return false;
414 }
415
416 void PutByIdStatus::dump(PrintStream& out) const
417 {
418     switch (m_state) {
419     case NoInformation:
420         out.print("(NoInformation)");
421         return;
422         
423     case Simple:
424         out.print("(", listDump(m_variants), ")");
425         return;
426         
427     case TakesSlowPath:
428         out.print("(TakesSlowPath)");
429         return;
430     case MakesCalls:
431         out.print("(MakesCalls)");
432         return;
433     }
434     
435     RELEASE_ASSERT_NOT_REACHED();
436 }
437
438 } // namespace JSC
439