3991faf410eda28b28c2c7407ced336246549209
[WebKit-https.git] / Source / JavaScriptCore / dfg / DFGGraph.cpp
1 /*
2  * Copyright (C) 2011, 2013-2015 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #include "config.h"
27 #include "DFGGraph.h"
28
29 #if ENABLE(DFG_JIT)
30
31 #include "BytecodeKills.h"
32 #include "BytecodeLivenessAnalysisInlines.h"
33 #include "CodeBlock.h"
34 #include "CodeBlockWithJITType.h"
35 #include "DFGBlockWorklist.h"
36 #include "DFGClobberSet.h"
37 #include "DFGJITCode.h"
38 #include "DFGVariableAccessDataDump.h"
39 #include "FullBytecodeLiveness.h"
40 #include "FunctionExecutableDump.h"
41 #include "JIT.h"
42 #include "JSLexicalEnvironment.h"
43 #include "MaxFrameExtentForSlowPathCall.h"
44 #include "OperandsInlines.h"
45 #include "JSCInlines.h"
46 #include "StackAlignment.h"
47 #include <wtf/CommaPrinter.h>
48 #include <wtf/ListDump.h>
49
50 namespace JSC { namespace DFG {
51
52 // Creates an array of stringized names.
53 static const char* dfgOpNames[] = {
54 #define STRINGIZE_DFG_OP_ENUM(opcode, flags) #opcode ,
55     FOR_EACH_DFG_OP(STRINGIZE_DFG_OP_ENUM)
56 #undef STRINGIZE_DFG_OP_ENUM
57 };
58
59 Graph::Graph(VM& vm, Plan& plan, LongLivedState& longLivedState)
60     : m_vm(vm)
61     , m_plan(plan)
62     , m_codeBlock(m_plan.codeBlock.get())
63     , m_profiledBlock(m_codeBlock->alternative())
64     , m_allocator(longLivedState.m_allocator)
65     , m_nextMachineLocal(0)
66     , m_fixpointState(BeforeFixpoint)
67     , m_structureRegistrationState(HaveNotStartedRegistering)
68     , m_form(LoadStore)
69     , m_unificationState(LocallyUnified)
70     , m_refCountState(EverythingIsLive)
71 {
72     ASSERT(m_profiledBlock);
73     
74     m_hasDebuggerEnabled = m_profiledBlock->globalObject()->hasDebugger()
75         || Options::forceDebuggerBytecodeGeneration();
76 }
77
78 Graph::~Graph()
79 {
80     for (BlockIndex blockIndex = numBlocks(); blockIndex--;) {
81         BasicBlock* block = this->block(blockIndex);
82         if (!block)
83             continue;
84
85         for (unsigned phiIndex = block->phis.size(); phiIndex--;)
86             m_allocator.free(block->phis[phiIndex]);
87         for (unsigned nodeIndex = block->size(); nodeIndex--;)
88             m_allocator.free(block->at(nodeIndex));
89     }
90     m_allocator.freeAll();
91 }
92
93 const char *Graph::opName(NodeType op)
94 {
95     return dfgOpNames[op];
96 }
97
98 static void printWhiteSpace(PrintStream& out, unsigned amount)
99 {
100     while (amount-- > 0)
101         out.print(" ");
102 }
103
104 bool Graph::dumpCodeOrigin(PrintStream& out, const char* prefix, Node* previousNode, Node* currentNode, DumpContext* context)
105 {
106     if (!previousNode)
107         return false;
108     
109     if (previousNode->origin.semantic.inlineCallFrame == currentNode->origin.semantic.inlineCallFrame)
110         return false;
111     
112     Vector<CodeOrigin> previousInlineStack = previousNode->origin.semantic.inlineStack();
113     Vector<CodeOrigin> currentInlineStack = currentNode->origin.semantic.inlineStack();
114     unsigned commonSize = std::min(previousInlineStack.size(), currentInlineStack.size());
115     unsigned indexOfDivergence = commonSize;
116     for (unsigned i = 0; i < commonSize; ++i) {
117         if (previousInlineStack[i].inlineCallFrame != currentInlineStack[i].inlineCallFrame) {
118             indexOfDivergence = i;
119             break;
120         }
121     }
122     
123     bool hasPrinted = false;
124     
125     // Print the pops.
126     for (unsigned i = previousInlineStack.size(); i-- > indexOfDivergence;) {
127         out.print(prefix);
128         printWhiteSpace(out, i * 2);
129         out.print("<-- ", inContext(*previousInlineStack[i].inlineCallFrame, context), "\n");
130         hasPrinted = true;
131     }
132     
133     // Print the pushes.
134     for (unsigned i = indexOfDivergence; i < currentInlineStack.size(); ++i) {
135         out.print(prefix);
136         printWhiteSpace(out, i * 2);
137         out.print("--> ", inContext(*currentInlineStack[i].inlineCallFrame, context), "\n");
138         hasPrinted = true;
139     }
140     
141     return hasPrinted;
142 }
143
144 int Graph::amountOfNodeWhiteSpace(Node* node)
145 {
146     return (node->origin.semantic.inlineDepth() - 1) * 2;
147 }
148
149 void Graph::printNodeWhiteSpace(PrintStream& out, Node* node)
150 {
151     printWhiteSpace(out, amountOfNodeWhiteSpace(node));
152 }
153
154 void Graph::dump(PrintStream& out, const char* prefix, Node* node, DumpContext* context)
155 {
156     NodeType op = node->op();
157
158     unsigned refCount = node->refCount();
159     bool mustGenerate = node->mustGenerate();
160     if (mustGenerate)
161         --refCount;
162
163     out.print(prefix);
164     printNodeWhiteSpace(out, node);
165
166     // Example/explanation of dataflow dump output
167     //
168     //   14:   <!2:7>  GetByVal(@3, @13)
169     //   ^1     ^2 ^3     ^4       ^5
170     //
171     // (1) The nodeIndex of this operation.
172     // (2) The reference count. The number printed is the 'real' count,
173     //     not including the 'mustGenerate' ref. If the node is
174     //     'mustGenerate' then the count it prefixed with '!'.
175     // (3) The virtual register slot assigned to this node.
176     // (4) The name of the operation.
177     // (5) The arguments to the operation. The may be of the form:
178     //         @#   - a NodeIndex referencing a prior node in the graph.
179     //         arg# - an argument number.
180     //         id#  - the index in the CodeBlock of an identifier { if codeBlock is passed to dump(), the string representation is displayed }.
181     //         var# - the index of a var on the global object, used by GetGlobalVar/PutGlobalVar operations.
182     out.printf("% 4d:<%c%u:", (int)node->index(), mustGenerate ? '!' : ' ', refCount);
183     if (node->hasResult() && node->hasVirtualRegister() && node->virtualRegister().isValid())
184         out.print(node->virtualRegister());
185     else
186         out.print("-");
187     out.print(">\t", opName(op), "(");
188     CommaPrinter comma;
189     if (node->flags() & NodeHasVarArgs) {
190         for (unsigned childIdx = node->firstChild(); childIdx < node->firstChild() + node->numChildren(); childIdx++) {
191             if (!m_varArgChildren[childIdx])
192                 continue;
193             out.print(comma, m_varArgChildren[childIdx]);
194         }
195     } else {
196         if (!!node->child1() || !!node->child2() || !!node->child3())
197             out.print(comma, node->child1());
198         if (!!node->child2() || !!node->child3())
199             out.print(comma, node->child2());
200         if (!!node->child3())
201             out.print(comma, node->child3());
202     }
203
204     if (toCString(NodeFlagsDump(node->flags())) != "<empty>")
205         out.print(comma, NodeFlagsDump(node->flags()));
206     if (node->prediction())
207         out.print(comma, SpeculationDump(node->prediction()));
208     if (node->hasArrayMode())
209         out.print(comma, node->arrayMode());
210     if (node->hasArithMode())
211         out.print(comma, node->arithMode());
212     if (node->hasScopeOffset())
213         out.print(comma, node->scopeOffset());
214     if (node->hasDirectArgumentsOffset())
215         out.print(comma, node->capturedArgumentsOffset());
216     if (node->hasRegisterPointer())
217         out.print(comma, "global", globalObjectFor(node->origin.semantic)->findVariableIndex(node->variablePointer()), "(", RawPointer(node->variablePointer()), ")");
218     if (node->hasIdentifier())
219         out.print(comma, "id", node->identifierNumber(), "{", identifiers()[node->identifierNumber()], "}");
220     if (node->hasPromotedLocationDescriptor())
221         out.print(comma, node->promotedLocationDescriptor());
222     if (node->hasStructureSet())
223         out.print(comma, inContext(node->structureSet(), context));
224     if (node->hasStructure())
225         out.print(comma, inContext(*node->structure(), context));
226     if (node->hasTransition()) {
227         out.print(comma, pointerDumpInContext(node->transition(), context));
228 #if USE(JSVALUE64)
229         out.print(", ID:", node->transition()->next->id());
230 #else
231         out.print(", ID:", RawPointer(node->transition()->next));
232 #endif
233     }
234     if (node->hasCellOperand()) {
235         if (!node->cellOperand()->value() || !node->cellOperand()->value().isCell())
236             out.print(comma, "invalid cell operand: ", node->cellOperand()->value());
237         else {
238             out.print(comma, pointerDump(node->cellOperand()->value().asCell()));
239             if (node->cellOperand()->value().isCell()) {
240                 CallVariant variant(node->cellOperand()->value().asCell());
241                 if (ExecutableBase* executable = variant.executable()) {
242                     if (executable->isHostFunction())
243                         out.print(comma, "<host function>");
244                     else if (FunctionExecutable* functionExecutable = jsDynamicCast<FunctionExecutable*>(executable))
245                         out.print(comma, FunctionExecutableDump(functionExecutable));
246                     else
247                         out.print(comma, "<non-function executable>");
248                 }
249             }
250         }
251     }
252     if (node->hasStorageAccessData()) {
253         StorageAccessData& storageAccessData = node->storageAccessData();
254         out.print(comma, "id", storageAccessData.identifierNumber, "{", identifiers()[storageAccessData.identifierNumber], "}");
255         out.print(", ", static_cast<ptrdiff_t>(storageAccessData.offset));
256     }
257     if (node->hasMultiGetByOffsetData()) {
258         MultiGetByOffsetData& data = node->multiGetByOffsetData();
259         out.print(comma, "id", data.identifierNumber, "{", identifiers()[data.identifierNumber], "}");
260         for (unsigned i = 0; i < data.variants.size(); ++i)
261             out.print(comma, inContext(data.variants[i], context));
262     }
263     if (node->hasMultiPutByOffsetData()) {
264         MultiPutByOffsetData& data = node->multiPutByOffsetData();
265         out.print(comma, "id", data.identifierNumber, "{", identifiers()[data.identifierNumber], "}");
266         for (unsigned i = 0; i < data.variants.size(); ++i)
267             out.print(comma, inContext(data.variants[i], context));
268     }
269     ASSERT(node->hasVariableAccessData(*this) == node->hasLocal(*this));
270     if (node->hasVariableAccessData(*this)) {
271         VariableAccessData* variableAccessData = node->tryGetVariableAccessData();
272         if (variableAccessData) {
273             VirtualRegister operand = variableAccessData->local();
274             out.print(comma, variableAccessData->local(), "(", VariableAccessDataDump(*this, variableAccessData), ")");
275             operand = variableAccessData->machineLocal();
276             if (operand.isValid())
277                 out.print(comma, "machine:", operand);
278         }
279     }
280     if (node->hasStackAccessData()) {
281         StackAccessData* data = node->stackAccessData();
282         out.print(comma, data->local);
283         if (data->machineLocal.isValid())
284             out.print(comma, "machine:", data->machineLocal);
285         out.print(comma, data->format);
286     }
287     if (node->hasUnlinkedLocal()) 
288         out.print(comma, node->unlinkedLocal());
289     if (node->hasUnlinkedMachineLocal()) {
290         VirtualRegister operand = node->unlinkedMachineLocal();
291         if (operand.isValid())
292             out.print(comma, "machine:", operand);
293     }
294     if (node->hasConstantBuffer()) {
295         out.print(comma);
296         out.print(node->startConstant(), ":[");
297         CommaPrinter anotherComma;
298         for (unsigned i = 0; i < node->numConstants(); ++i)
299             out.print(anotherComma, pointerDumpInContext(freeze(m_codeBlock->constantBuffer(node->startConstant())[i]), context));
300         out.print("]");
301     }
302     if (node->hasIndexingType())
303         out.print(comma, IndexingTypeDump(node->indexingType()));
304     if (node->hasTypedArrayType())
305         out.print(comma, node->typedArrayType());
306     if (node->hasPhi())
307         out.print(comma, "^", node->phi()->index());
308     if (node->hasExecutionCounter())
309         out.print(comma, RawPointer(node->executionCounter()));
310     if (node->hasWatchpointSet())
311         out.print(comma, RawPointer(node->watchpointSet()));
312     if (node->hasStoragePointer())
313         out.print(comma, RawPointer(node->storagePointer()));
314     if (node->hasObjectMaterializationData())
315         out.print(comma, node->objectMaterializationData());
316     if (node->hasCallVarargsData())
317         out.print(comma, "firstVarArgOffset = ", node->callVarargsData()->firstVarArgOffset);
318     if (node->hasLoadVarargsData()) {
319         LoadVarargsData* data = node->loadVarargsData();
320         out.print(comma, "start = ", data->start, ", count = ", data->count);
321         if (data->machineStart.isValid())
322             out.print(", machineStart = ", data->machineStart);
323         if (data->machineCount.isValid())
324             out.print(", machineCount = ", data->machineCount);
325         out.print(", offset = ", data->offset, ", mandatoryMinimum = ", data->mandatoryMinimum);
326         out.print(", limit = ", data->limit);
327     }
328     if (node->isConstant())
329         out.print(comma, pointerDumpInContext(node->constant(), context));
330     if (node->isJump())
331         out.print(comma, "T:", *node->targetBlock());
332     if (node->isBranch())
333         out.print(comma, "T:", node->branchData()->taken, ", F:", node->branchData()->notTaken);
334     if (node->isSwitch()) {
335         SwitchData* data = node->switchData();
336         out.print(comma, data->kind);
337         for (unsigned i = 0; i < data->cases.size(); ++i)
338             out.print(comma, inContext(data->cases[i].value, context), ":", data->cases[i].target);
339         out.print(comma, "default:", data->fallThrough);
340     }
341     ClobberSet reads;
342     ClobberSet writes;
343     addReadsAndWrites(*this, node, reads, writes);
344     if (!reads.isEmpty())
345         out.print(comma, "R:", sortedListDump(reads.direct(), ","));
346     if (!writes.isEmpty())
347         out.print(comma, "W:", sortedListDump(writes.direct(), ","));
348     if (node->origin.isSet()) {
349         out.print(comma, "bc#", node->origin.semantic.bytecodeIndex);
350         if (node->origin.semantic != node->origin.forExit)
351             out.print(comma, "exit: ", node->origin.forExit);
352     }
353     
354     out.print(")");
355
356     if (node->hasVariableAccessData(*this) && node->tryGetVariableAccessData())
357         out.print("  predicting ", SpeculationDump(node->tryGetVariableAccessData()->prediction()));
358     else if (node->hasHeapPrediction())
359         out.print("  predicting ", SpeculationDump(node->getHeapPrediction()));
360     
361     out.print("\n");
362 }
363
364 bool Graph::terminalsAreValid()
365 {
366     for (BasicBlock* block : blocksInNaturalOrder()) {
367         if (!block->terminal())
368             return false;
369     }
370     return true;
371 }
372
373 void Graph::dumpBlockHeader(PrintStream& out, const char* prefix, BasicBlock* block, PhiNodeDumpMode phiNodeDumpMode, DumpContext* context)
374 {
375     out.print(prefix, "Block ", *block, " (", inContext(block->at(0)->origin.semantic, context), "):", block->isReachable ? "" : " (skipped)", block->isOSRTarget ? " (OSR target)" : "", "\n");
376     if (block->executionCount == block->executionCount)
377         out.print(prefix, "  Execution count: ", block->executionCount, "\n");
378     out.print(prefix, "  Predecessors:");
379     for (size_t i = 0; i < block->predecessors.size(); ++i)
380         out.print(" ", *block->predecessors[i]);
381     out.print("\n");
382     out.print(prefix, "  Successors:");
383     if (block->terminal()) {
384         for (BasicBlock* successor : block->successors()) {
385             out.print(" ", *successor);
386             if (m_prePostNumbering.isValid())
387                 out.print(" (", m_prePostNumbering.edgeKind(block, successor), ")");
388         }
389     } else
390         out.print(" <invalid>");
391     out.print("\n");
392     if (m_dominators.isValid() && terminalsAreValid()) {
393         out.print(prefix, "  Dominated by: ", m_dominators.dominatorsOf(block), "\n");
394         out.print(prefix, "  Dominates: ", m_dominators.blocksDominatedBy(block), "\n");
395         out.print(prefix, "  Dominance Frontier: ", m_dominators.dominanceFrontierOf(block), "\n");
396         out.print(prefix, "  Iterated Dominance Frontier: ", m_dominators.iteratedDominanceFrontierOf(BlockList(1, block)), "\n");
397     }
398     if (m_prePostNumbering.isValid())
399         out.print(prefix, "  Pre/Post Numbering: ", m_prePostNumbering.preNumber(block), "/", m_prePostNumbering.postNumber(block), "\n");
400     if (m_naturalLoops.isValid()) {
401         if (const NaturalLoop* loop = m_naturalLoops.headerOf(block)) {
402             out.print(prefix, "  Loop header, contains:");
403             Vector<BlockIndex> sortedBlockList;
404             for (unsigned i = 0; i < loop->size(); ++i)
405                 sortedBlockList.append(loop->at(i)->index);
406             std::sort(sortedBlockList.begin(), sortedBlockList.end());
407             for (unsigned i = 0; i < sortedBlockList.size(); ++i)
408                 out.print(" #", sortedBlockList[i]);
409             out.print("\n");
410         }
411         
412         Vector<const NaturalLoop*> containingLoops =
413             m_naturalLoops.loopsOf(block);
414         if (!containingLoops.isEmpty()) {
415             out.print(prefix, "  Containing loop headers:");
416             for (unsigned i = 0; i < containingLoops.size(); ++i)
417                 out.print(" ", *containingLoops[i]->header());
418             out.print("\n");
419         }
420     }
421     if (!block->phis.isEmpty()) {
422         out.print(prefix, "  Phi Nodes:");
423         for (size_t i = 0; i < block->phis.size(); ++i) {
424             Node* phiNode = block->phis[i];
425             if (!phiNode->shouldGenerate() && phiNodeDumpMode == DumpLivePhisOnly)
426                 continue;
427             out.print(" @", phiNode->index(), "<", phiNode->local(), ",", phiNode->refCount(), ">->(");
428             if (phiNode->child1()) {
429                 out.print("@", phiNode->child1()->index());
430                 if (phiNode->child2()) {
431                     out.print(", @", phiNode->child2()->index());
432                     if (phiNode->child3())
433                         out.print(", @", phiNode->child3()->index());
434                 }
435             }
436             out.print(")", i + 1 < block->phis.size() ? "," : "");
437         }
438         out.print("\n");
439     }
440 }
441
442 void Graph::dump(PrintStream& out, DumpContext* context)
443 {
444     DumpContext myContext;
445     myContext.graph = this;
446     if (!context)
447         context = &myContext;
448     
449     out.print("\n");
450     out.print("DFG for ", CodeBlockWithJITType(m_codeBlock, JITCode::DFGJIT), ":\n");
451     out.print("  Fixpoint state: ", m_fixpointState, "; Form: ", m_form, "; Unification state: ", m_unificationState, "; Ref count state: ", m_refCountState, "\n");
452     if (m_form == SSA)
453         out.print("  Argument formats: ", listDump(m_argumentFormats), "\n");
454     else
455         out.print("  Arguments: ", listDump(m_arguments), "\n");
456     out.print("\n");
457     
458     Node* lastNode = 0;
459     for (size_t b = 0; b < m_blocks.size(); ++b) {
460         BasicBlock* block = m_blocks[b].get();
461         if (!block)
462             continue;
463         dumpBlockHeader(out, "", block, DumpAllPhis, context);
464         out.print("  States: ", block->cfaStructureClobberStateAtHead);
465         if (!block->cfaHasVisited)
466             out.print(", CurrentlyCFAUnreachable");
467         if (!block->intersectionOfCFAHasVisited)
468             out.print(", CFAUnreachable");
469         out.print("\n");
470         switch (m_form) {
471         case LoadStore:
472         case ThreadedCPS: {
473             out.print("  Vars Before: ");
474             if (block->cfaHasVisited)
475                 out.print(inContext(block->valuesAtHead, context));
476             else
477                 out.print("<empty>");
478             out.print("\n");
479             out.print("  Intersected Vars Before: ");
480             if (block->intersectionOfCFAHasVisited)
481                 out.print(inContext(block->intersectionOfPastValuesAtHead, context));
482             else
483                 out.print("<empty>");
484             out.print("\n");
485             out.print("  Var Links: ", block->variablesAtHead, "\n");
486             break;
487         }
488             
489         case SSA: {
490             RELEASE_ASSERT(block->ssa);
491             out.print("  Availability: ", block->ssa->availabilityAtHead, "\n");
492             out.print("  Live: ", nodeListDump(block->ssa->liveAtHead), "\n");
493             out.print("  Values: ", nodeMapDump(block->ssa->valuesAtHead, context), "\n");
494             break;
495         } }
496         for (size_t i = 0; i < block->size(); ++i) {
497             dumpCodeOrigin(out, "", lastNode, block->at(i), context);
498             dump(out, "", block->at(i), context);
499             lastNode = block->at(i);
500         }
501         out.print("  States: ", block->cfaBranchDirection, ", ", block->cfaStructureClobberStateAtTail);
502         if (!block->cfaDidFinish)
503             out.print(", CFAInvalidated");
504         out.print("\n");
505         switch (m_form) {
506         case LoadStore:
507         case ThreadedCPS: {
508             out.print("  Vars After: ");
509             if (block->cfaHasVisited)
510                 out.print(inContext(block->valuesAtTail, context));
511             else
512                 out.print("<empty>");
513             out.print("\n");
514             out.print("  Var Links: ", block->variablesAtTail, "\n");
515             break;
516         }
517             
518         case SSA: {
519             RELEASE_ASSERT(block->ssa);
520             out.print("  Availability: ", block->ssa->availabilityAtTail, "\n");
521             out.print("  Live: ", nodeListDump(block->ssa->liveAtTail), "\n");
522             out.print("  Values: ", nodeMapDump(block->ssa->valuesAtTail, context), "\n");
523             break;
524         } }
525         out.print("\n");
526     }
527     
528     out.print("GC Values:\n");
529     for (FrozenValue* value : m_frozenValues) {
530         if (value->pointsToHeap())
531             out.print("    ", inContext(*value, &myContext), "\n");
532     }
533     
534     if (!myContext.isEmpty()) {
535         myContext.dump(out);
536         out.print("\n");
537     }
538 }
539
540 void Graph::dethread()
541 {
542     if (m_form == LoadStore || m_form == SSA)
543         return;
544     
545     if (logCompilationChanges())
546         dataLog("Dethreading DFG graph.\n");
547     
548     SamplingRegion samplingRegion("DFG Dethreading");
549     
550     for (BlockIndex blockIndex = m_blocks.size(); blockIndex--;) {
551         BasicBlock* block = m_blocks[blockIndex].get();
552         if (!block)
553             continue;
554         for (unsigned phiIndex = block->phis.size(); phiIndex--;) {
555             Node* phi = block->phis[phiIndex];
556             phi->children.reset();
557         }
558     }
559     
560     m_form = LoadStore;
561 }
562
563 void Graph::handleSuccessor(Vector<BasicBlock*, 16>& worklist, BasicBlock* block, BasicBlock* successor)
564 {
565     if (!successor->isReachable) {
566         successor->isReachable = true;
567         worklist.append(successor);
568     }
569     
570     successor->predecessors.append(block);
571 }
572
573 void Graph::determineReachability()
574 {
575     Vector<BasicBlock*, 16> worklist;
576     worklist.append(block(0));
577     block(0)->isReachable = true;
578     while (!worklist.isEmpty()) {
579         BasicBlock* block = worklist.takeLast();
580         for (unsigned i = block->numSuccessors(); i--;)
581             handleSuccessor(worklist, block, block->successor(i));
582     }
583 }
584
585 void Graph::resetReachability()
586 {
587     for (BlockIndex blockIndex = m_blocks.size(); blockIndex--;) {
588         BasicBlock* block = m_blocks[blockIndex].get();
589         if (!block)
590             continue;
591         block->isReachable = false;
592         block->predecessors.clear();
593     }
594     
595     determineReachability();
596 }
597
598 namespace {
599
600 class RefCountCalculator {
601 public:
602     RefCountCalculator(Graph& graph)
603         : m_graph(graph)
604     {
605     }
606     
607     void calculate()
608     {
609         // First reset the counts to 0 for all nodes.
610         for (BlockIndex blockIndex = 0; blockIndex < m_graph.numBlocks(); ++blockIndex) {
611             BasicBlock* block = m_graph.block(blockIndex);
612             if (!block)
613                 continue;
614             for (unsigned indexInBlock = block->size(); indexInBlock--;)
615                 block->at(indexInBlock)->setRefCount(0);
616             for (unsigned phiIndex = block->phis.size(); phiIndex--;)
617                 block->phis[phiIndex]->setRefCount(0);
618         }
619     
620         // Now find the roots:
621         // - Nodes that are must-generate.
622         // - Nodes that are reachable from type checks.
623         // Set their ref counts to 1 and put them on the worklist.
624         for (BlockIndex blockIndex = 0; blockIndex < m_graph.numBlocks(); ++blockIndex) {
625             BasicBlock* block = m_graph.block(blockIndex);
626             if (!block)
627                 continue;
628             for (unsigned indexInBlock = block->size(); indexInBlock--;) {
629                 Node* node = block->at(indexInBlock);
630                 DFG_NODE_DO_TO_CHILDREN(m_graph, node, findTypeCheckRoot);
631                 if (!(node->flags() & NodeMustGenerate))
632                     continue;
633                 if (!node->postfixRef())
634                     m_worklist.append(node);
635             }
636         }
637         
638         while (!m_worklist.isEmpty()) {
639             while (!m_worklist.isEmpty()) {
640                 Node* node = m_worklist.last();
641                 m_worklist.removeLast();
642                 ASSERT(node->shouldGenerate()); // It should not be on the worklist unless it's ref'ed.
643                 DFG_NODE_DO_TO_CHILDREN(m_graph, node, countEdge);
644             }
645             
646             if (m_graph.m_form == SSA) {
647                 // Find Phi->Upsilon edges, which are represented as meta-data in the
648                 // Upsilon.
649                 for (BlockIndex blockIndex = m_graph.numBlocks(); blockIndex--;) {
650                     BasicBlock* block = m_graph.block(blockIndex);
651                     if (!block)
652                         continue;
653                     for (unsigned nodeIndex = block->size(); nodeIndex--;) {
654                         Node* node = block->at(nodeIndex);
655                         if (node->op() != Upsilon)
656                             continue;
657                         if (node->shouldGenerate())
658                             continue;
659                         if (node->phi()->shouldGenerate())
660                             countNode(node);
661                     }
662                 }
663             }
664         }
665     }
666     
667 private:
668     void findTypeCheckRoot(Node*, Edge edge)
669     {
670         // We may have an "unproved" untyped use for code that is unreachable. The CFA
671         // will just not have gotten around to it.
672         if (edge.isProved() || edge.willNotHaveCheck())
673             return;
674         if (!edge->postfixRef())
675             m_worklist.append(edge.node());
676     }
677     
678     void countNode(Node* node)
679     {
680         if (node->postfixRef())
681             return;
682         m_worklist.append(node);
683     }
684     
685     void countEdge(Node*, Edge edge)
686     {
687         // Don't count edges that are already counted for their type checks.
688         if (!(edge.isProved() || edge.willNotHaveCheck()))
689             return;
690         countNode(edge.node());
691     }
692     
693     Graph& m_graph;
694     Vector<Node*, 128> m_worklist;
695 };
696
697 } // anonymous namespace
698
699 void Graph::computeRefCounts()
700 {
701     RefCountCalculator calculator(*this);
702     calculator.calculate();
703 }
704
705 void Graph::killBlockAndItsContents(BasicBlock* block)
706 {
707     for (unsigned phiIndex = block->phis.size(); phiIndex--;)
708         m_allocator.free(block->phis[phiIndex]);
709     for (unsigned nodeIndex = block->size(); nodeIndex--;)
710         m_allocator.free(block->at(nodeIndex));
711     
712     killBlock(block);
713 }
714
715 void Graph::killUnreachableBlocks()
716 {
717     for (BlockIndex blockIndex = 0; blockIndex < numBlocks(); ++blockIndex) {
718         BasicBlock* block = this->block(blockIndex);
719         if (!block)
720             continue;
721         if (block->isReachable)
722             continue;
723         
724         killBlockAndItsContents(block);
725     }
726 }
727
728 void Graph::invalidateCFG()
729 {
730     m_dominators.invalidate();
731     m_naturalLoops.invalidate();
732     m_prePostNumbering.invalidate();
733 }
734
735 void Graph::substituteGetLocal(BasicBlock& block, unsigned startIndexInBlock, VariableAccessData* variableAccessData, Node* newGetLocal)
736 {
737     for (unsigned indexInBlock = startIndexInBlock; indexInBlock < block.size(); ++indexInBlock) {
738         Node* node = block[indexInBlock];
739         bool shouldContinue = true;
740         switch (node->op()) {
741         case SetLocal: {
742             if (node->local() == variableAccessData->local())
743                 shouldContinue = false;
744             break;
745         }
746                 
747         case GetLocal: {
748             if (node->variableAccessData() != variableAccessData)
749                 continue;
750             substitute(block, indexInBlock, node, newGetLocal);
751             Node* oldTailNode = block.variablesAtTail.operand(variableAccessData->local());
752             if (oldTailNode == node)
753                 block.variablesAtTail.operand(variableAccessData->local()) = newGetLocal;
754             shouldContinue = false;
755             break;
756         }
757                 
758         default:
759             break;
760         }
761         if (!shouldContinue)
762             break;
763     }
764 }
765
766 BlockList Graph::blocksInPreOrder()
767 {
768     BlockList result;
769     BlockWorklist worklist;
770     worklist.push(block(0));
771     while (BasicBlock* block = worklist.pop()) {
772         result.append(block);
773         for (unsigned i = block->numSuccessors(); i--;)
774             worklist.push(block->successor(i));
775     }
776     return result;
777 }
778
779 BlockList Graph::blocksInPostOrder()
780 {
781     BlockList result;
782     PostOrderBlockWorklist worklist;
783     worklist.push(block(0));
784     while (BlockWithOrder item = worklist.pop()) {
785         switch (item.order) {
786         case PreOrder:
787             worklist.pushPost(item.block);
788             for (unsigned i = item.block->numSuccessors(); i--;)
789                 worklist.push(item.block->successor(i));
790             break;
791         case PostOrder:
792             result.append(item.block);
793             break;
794         }
795     }
796     return result;
797 }
798
799 void Graph::clearReplacements()
800 {
801     for (BlockIndex blockIndex = numBlocks(); blockIndex--;) {
802         BasicBlock* block = m_blocks[blockIndex].get();
803         if (!block)
804             continue;
805         for (unsigned phiIndex = block->phis.size(); phiIndex--;)
806             block->phis[phiIndex]->setReplacement(nullptr);
807         for (unsigned nodeIndex = block->size(); nodeIndex--;)
808             block->at(nodeIndex)->setReplacement(nullptr);
809     }
810 }
811
812 void Graph::clearEpochs()
813 {
814     for (BlockIndex blockIndex = numBlocks(); blockIndex--;) {
815         BasicBlock* block = m_blocks[blockIndex].get();
816         if (!block)
817             continue;
818         for (unsigned phiIndex = block->phis.size(); phiIndex--;)
819             block->phis[phiIndex]->setEpoch(Epoch());
820         for (unsigned nodeIndex = block->size(); nodeIndex--;)
821             block->at(nodeIndex)->setEpoch(Epoch());
822     }
823 }
824
825 void Graph::initializeNodeOwners()
826 {
827     for (BlockIndex blockIndex = numBlocks(); blockIndex--;) {
828         BasicBlock* block = m_blocks[blockIndex].get();
829         if (!block)
830             continue;
831         for (unsigned phiIndex = block->phis.size(); phiIndex--;)
832             block->phis[phiIndex]->owner = block;
833         for (unsigned nodeIndex = block->size(); nodeIndex--;)
834             block->at(nodeIndex)->owner = block;
835     }
836 }
837
838 void Graph::clearFlagsOnAllNodes(NodeFlags flags)
839 {
840     for (BlockIndex blockIndex = numBlocks(); blockIndex--;) {
841         BasicBlock* block = m_blocks[blockIndex].get();
842         if (!block)
843             continue;
844         for (unsigned phiIndex = block->phis.size(); phiIndex--;)
845             block->phis[phiIndex]->clearFlags(flags);
846         for (unsigned nodeIndex = block->size(); nodeIndex--;)
847             block->at(nodeIndex)->clearFlags(flags);
848     }
849 }
850
851 FullBytecodeLiveness& Graph::livenessFor(CodeBlock* codeBlock)
852 {
853     HashMap<CodeBlock*, std::unique_ptr<FullBytecodeLiveness>>::iterator iter = m_bytecodeLiveness.find(codeBlock);
854     if (iter != m_bytecodeLiveness.end())
855         return *iter->value;
856     
857     std::unique_ptr<FullBytecodeLiveness> liveness = std::make_unique<FullBytecodeLiveness>();
858     codeBlock->livenessAnalysis().computeFullLiveness(*liveness);
859     FullBytecodeLiveness& result = *liveness;
860     m_bytecodeLiveness.add(codeBlock, WTF::move(liveness));
861     return result;
862 }
863
864 FullBytecodeLiveness& Graph::livenessFor(InlineCallFrame* inlineCallFrame)
865 {
866     return livenessFor(baselineCodeBlockFor(inlineCallFrame));
867 }
868
869 BytecodeKills& Graph::killsFor(CodeBlock* codeBlock)
870 {
871     HashMap<CodeBlock*, std::unique_ptr<BytecodeKills>>::iterator iter = m_bytecodeKills.find(codeBlock);
872     if (iter != m_bytecodeKills.end())
873         return *iter->value;
874     
875     std::unique_ptr<BytecodeKills> kills = std::make_unique<BytecodeKills>();
876     codeBlock->livenessAnalysis().computeKills(*kills);
877     BytecodeKills& result = *kills;
878     m_bytecodeKills.add(codeBlock, WTF::move(kills));
879     return result;
880 }
881
882 BytecodeKills& Graph::killsFor(InlineCallFrame* inlineCallFrame)
883 {
884     return killsFor(baselineCodeBlockFor(inlineCallFrame));
885 }
886
887 bool Graph::isLiveInBytecode(VirtualRegister operand, CodeOrigin codeOrigin)
888 {
889     for (;;) {
890         VirtualRegister reg = VirtualRegister(
891             operand.offset() - codeOrigin.stackOffset());
892         
893         if (operand.offset() < codeOrigin.stackOffset() + JSStack::CallFrameHeaderSize) {
894             if (reg.isArgument()) {
895                 RELEASE_ASSERT(reg.offset() < JSStack::CallFrameHeaderSize);
896                 
897                 if (codeOrigin.inlineCallFrame->isClosureCall
898                     && reg.offset() == JSStack::Callee)
899                     return true;
900                 
901                 if (codeOrigin.inlineCallFrame->isVarargs()
902                     && reg.offset() == JSStack::ArgumentCount)
903                     return true;
904                 
905                 return false;
906             }
907             
908             return livenessFor(codeOrigin.inlineCallFrame).operandIsLive(
909                 reg.offset(), codeOrigin.bytecodeIndex);
910         }
911         
912         InlineCallFrame* inlineCallFrame = codeOrigin.inlineCallFrame;
913         if (!inlineCallFrame)
914             break;
915
916         // Arguments are always live. This would be redundant if it wasn't for our
917         // op_call_varargs inlining.
918         if (reg.isArgument()
919             && static_cast<size_t>(reg.toArgument()) < inlineCallFrame->arguments.size())
920             return true;
921         
922         codeOrigin = inlineCallFrame->caller;
923     }
924     
925     return true;
926 }
927
928 BitVector Graph::localsLiveInBytecode(CodeOrigin codeOrigin)
929 {
930     BitVector result;
931     result.ensureSize(block(0)->variablesAtHead.numberOfLocals());
932     forAllLocalsLiveInBytecode(
933         codeOrigin,
934         [&] (VirtualRegister reg) {
935             ASSERT(reg.isLocal());
936             result.quickSet(reg.toLocal());
937         });
938     return result;
939 }
940
941 unsigned Graph::frameRegisterCount()
942 {
943     unsigned result = m_nextMachineLocal + std::max(m_parameterSlots, static_cast<unsigned>(maxFrameExtentForSlowPathCallInRegisters));
944     return roundLocalRegisterCountForFramePointerOffset(result);
945 }
946
947 unsigned Graph::stackPointerOffset()
948 {
949     return virtualRegisterForLocal(frameRegisterCount() - 1).offset();
950 }
951
952 unsigned Graph::requiredRegisterCountForExit()
953 {
954     unsigned count = JIT::frameRegisterCountFor(m_profiledBlock);
955     for (InlineCallFrameSet::iterator iter = m_plan.inlineCallFrames->begin(); !!iter; ++iter) {
956         InlineCallFrame* inlineCallFrame = *iter;
957         CodeBlock* codeBlock = baselineCodeBlockForInlineCallFrame(inlineCallFrame);
958         unsigned requiredCount = VirtualRegister(inlineCallFrame->stackOffset).toLocal() + 1 + JIT::frameRegisterCountFor(codeBlock);
959         count = std::max(count, requiredCount);
960     }
961     return count;
962 }
963
964 unsigned Graph::requiredRegisterCountForExecutionAndExit()
965 {
966     return std::max(frameRegisterCount(), requiredRegisterCountForExit());
967 }
968
969 JSValue Graph::tryGetConstantProperty(
970     JSValue base, const StructureSet& structureSet, PropertyOffset offset)
971 {
972     if (!base || !base.isObject())
973         return JSValue();
974     
975     JSObject* object = asObject(base);
976     
977     for (unsigned i = structureSet.size(); i--;) {
978         Structure* structure = structureSet[i];
979         WatchpointSet* set = structure->propertyReplacementWatchpointSet(offset);
980         if (!set || !set->isStillValid())
981             return JSValue();
982         
983         ASSERT(structure->isValidOffset(offset));
984         ASSERT(!structure->isUncacheableDictionary());
985         
986         watchpoints().addLazily(set);
987     }
988     
989     // What follows may require some extra thought. We need this load to load a valid JSValue. If
990     // our profiling makes sense and we're still on track to generate code that won't be
991     // invalidated, then we have nothing to worry about. We do, however, have to worry about
992     // loading - and then using - an invalid JSValue in the case that unbeknownst to us our code
993     // is doomed.
994     //
995     // One argument in favor of this code is that it should definitely work because the butterfly
996     // is always set before the structure. However, we don't currently have a fence between those
997     // stores. It's not clear if this matters, however. We don't ever shrink the property storage.
998     // So, for this to fail, you'd need an access on a constant object pointer such that the inline
999     // caches told us that the object had a structure that it did not *yet* have, and then later,
1000     // the object transitioned to that structure that the inline caches had alraedy seen. And then
1001     // the processor reordered the stores. Seems unlikely and difficult to test. I believe that
1002     // this is worth revisiting but it isn't worth losing sleep over. Filed:
1003     // https://bugs.webkit.org/show_bug.cgi?id=134641
1004     //
1005     // For now, we just do the minimal thing: defend against the structure right now being
1006     // incompatible with the getDirect we're trying to do. The easiest way to do that is to
1007     // determine if the structure belongs to the proven set.
1008     
1009     if (!structureSet.contains(object->structure()))
1010         return JSValue();
1011     
1012     return object->getDirect(offset);
1013 }
1014
1015 JSValue Graph::tryGetConstantProperty(JSValue base, Structure* structure, PropertyOffset offset)
1016 {
1017     return tryGetConstantProperty(base, StructureSet(structure), offset);
1018 }
1019
1020 JSValue Graph::tryGetConstantProperty(
1021     JSValue base, const StructureAbstractValue& structure, PropertyOffset offset)
1022 {
1023     if (structure.isTop() || structure.isClobbered())
1024         return JSValue();
1025     
1026     return tryGetConstantProperty(base, structure.set(), offset);
1027 }
1028
1029 JSValue Graph::tryGetConstantProperty(const AbstractValue& base, PropertyOffset offset)
1030 {
1031     return tryGetConstantProperty(base.m_value, base.m_structure, offset);
1032 }
1033
1034 JSValue Graph::tryGetConstantClosureVar(JSValue base, ScopeOffset offset)
1035 {
1036     // This has an awesome concurrency story. See comment for GetGlobalVar in ByteCodeParser.
1037     
1038     if (!base)
1039         return JSValue();
1040     
1041     JSLexicalEnvironment* activation = jsDynamicCast<JSLexicalEnvironment*>(base);
1042     if (!activation)
1043         return JSValue();
1044     
1045     SymbolTable* symbolTable = activation->symbolTable();
1046     JSValue value;
1047     WatchpointSet* set;
1048     {
1049         ConcurrentJITLocker locker(symbolTable->m_lock);
1050         
1051         SymbolTableEntry* entry = symbolTable->entryFor(locker, offset);
1052         if (!entry)
1053             return JSValue();
1054         
1055         set = entry->watchpointSet();
1056         if (!set)
1057             return JSValue();
1058         
1059         if (set->state() != IsWatched)
1060             return JSValue();
1061         
1062         ASSERT(entry->scopeOffset() == offset);
1063         value = activation->variableAt(offset).get();
1064         if (!value)
1065             return JSValue();
1066     }
1067     
1068     watchpoints().addLazily(set);
1069     
1070     return value;
1071 }
1072
1073 JSValue Graph::tryGetConstantClosureVar(const AbstractValue& value, ScopeOffset offset)
1074 {
1075     return tryGetConstantClosureVar(value.m_value, offset);
1076 }
1077
1078 JSValue Graph::tryGetConstantClosureVar(Node* node, ScopeOffset offset)
1079 {
1080     if (!node->hasConstant())
1081         return JSValue();
1082     return tryGetConstantClosureVar(node->asJSValue(), offset);
1083 }
1084
1085 JSArrayBufferView* Graph::tryGetFoldableView(JSValue value)
1086 {
1087     if (!value)
1088         return nullptr;
1089     JSArrayBufferView* view = jsDynamicCast<JSArrayBufferView*>(value);
1090     if (!value)
1091         return nullptr;
1092     if (!view->length())
1093         return nullptr;
1094     WTF::loadLoadFence();
1095     watchpoints().addLazily(view);
1096     return view;
1097 }
1098
1099 JSArrayBufferView* Graph::tryGetFoldableView(JSValue value, ArrayMode arrayMode)
1100 {
1101     if (arrayMode.typedArrayType() == NotTypedArray)
1102         return nullptr;
1103     return tryGetFoldableView(value);
1104 }
1105
1106 void Graph::registerFrozenValues()
1107 {
1108     m_codeBlock->constants().resize(0);
1109     m_codeBlock->constantsSourceCodeRepresentation().resize(0);
1110     for (FrozenValue* value : m_frozenValues) {
1111         if (!value->pointsToHeap())
1112             continue;
1113         
1114         ASSERT(value->structure());
1115         ASSERT(m_plan.weakReferences.contains(value->structure()));
1116         
1117         switch (value->strength()) {
1118         case WeakValue: {
1119             m_plan.weakReferences.addLazily(value->value().asCell());
1120             break;
1121         }
1122         case StrongValue: {
1123             unsigned constantIndex = m_codeBlock->addConstantLazily();
1124             // We already have a barrier on the code block.
1125             m_codeBlock->constants()[constantIndex].setWithoutWriteBarrier(value->value());
1126             break;
1127         } }
1128     }
1129     m_codeBlock->constants().shrinkToFit();
1130     m_codeBlock->constantsSourceCodeRepresentation().shrinkToFit();
1131 }
1132
1133 void Graph::visitChildren(SlotVisitor& visitor)
1134 {
1135     for (FrozenValue* value : m_frozenValues) {
1136         visitor.appendUnbarrieredReadOnlyValue(value->value());
1137         visitor.appendUnbarrieredReadOnlyPointer(value->structure());
1138     }
1139     
1140     for (BlockIndex blockIndex = numBlocks(); blockIndex--;) {
1141         BasicBlock* block = this->block(blockIndex);
1142         if (!block)
1143             continue;
1144         
1145         for (unsigned nodeIndex = 0; nodeIndex < block->size(); ++nodeIndex) {
1146             Node* node = block->at(nodeIndex);
1147             
1148             switch (node->op()) {
1149             case CheckStructure:
1150                 for (unsigned i = node->structureSet().size(); i--;)
1151                     visitor.appendUnbarrieredReadOnlyPointer(node->structureSet()[i]);
1152                 break;
1153                 
1154             case NewObject:
1155             case ArrayifyToStructure:
1156             case NewStringObject:
1157                 visitor.appendUnbarrieredReadOnlyPointer(node->structure());
1158                 break;
1159                 
1160             case PutStructure:
1161             case AllocatePropertyStorage:
1162             case ReallocatePropertyStorage:
1163                 visitor.appendUnbarrieredReadOnlyPointer(
1164                     node->transition()->previous);
1165                 visitor.appendUnbarrieredReadOnlyPointer(
1166                     node->transition()->next);
1167                 break;
1168                 
1169             case MultiGetByOffset:
1170                 for (unsigned i = node->multiGetByOffsetData().variants.size(); i--;) {
1171                     GetByIdVariant& variant = node->multiGetByOffsetData().variants[i];
1172                     const StructureSet& set = variant.structureSet();
1173                     for (unsigned j = set.size(); j--;)
1174                         visitor.appendUnbarrieredReadOnlyPointer(set[j]);
1175
1176                     // Don't need to mark anything in the structure chain because that would
1177                     // have been decomposed into CheckStructure's. Don't need to mark the
1178                     // callLinkStatus because we wouldn't use MultiGetByOffset if any of the
1179                     // variants did that.
1180                     ASSERT(!variant.callLinkStatus());
1181                 }
1182                 break;
1183                     
1184             case MultiPutByOffset:
1185                 for (unsigned i = node->multiPutByOffsetData().variants.size(); i--;) {
1186                     PutByIdVariant& variant = node->multiPutByOffsetData().variants[i];
1187                     const StructureSet& set = variant.oldStructure();
1188                     for (unsigned j = set.size(); j--;)
1189                         visitor.appendUnbarrieredReadOnlyPointer(set[j]);
1190                     if (variant.kind() == PutByIdVariant::Transition)
1191                         visitor.appendUnbarrieredReadOnlyPointer(variant.newStructure());
1192                 }
1193                 break;
1194                 
1195             default:
1196                 break;
1197             }
1198         }
1199     }
1200 }
1201
1202 FrozenValue* Graph::freeze(JSValue value)
1203 {
1204     if (UNLIKELY(!value))
1205         return FrozenValue::emptySingleton();
1206     
1207     auto result = m_frozenValueMap.add(JSValue::encode(value), nullptr);
1208     if (LIKELY(!result.isNewEntry))
1209         return result.iterator->value;
1210
1211     if (value.isUInt32())
1212         m_uint32ValuesInUse.append(value.asUInt32());
1213     
1214     FrozenValue frozenValue = FrozenValue::freeze(value);
1215     if (Structure* structure = frozenValue.structure())
1216         registerStructure(structure);
1217     
1218     return result.iterator->value = m_frozenValues.add(frozenValue);
1219 }
1220
1221 FrozenValue* Graph::freezeStrong(JSValue value)
1222 {
1223     FrozenValue* result = freeze(value);
1224     result->strengthenTo(StrongValue);
1225     return result;
1226 }
1227
1228 void Graph::convertToConstant(Node* node, FrozenValue* value)
1229 {
1230     if (value->structure())
1231         assertIsRegistered(value->structure());
1232     node->convertToConstant(value);
1233 }
1234
1235 void Graph::convertToConstant(Node* node, JSValue value)
1236 {
1237     convertToConstant(node, freeze(value));
1238 }
1239
1240 void Graph::convertToStrongConstant(Node* node, JSValue value)
1241 {
1242     convertToConstant(node, freezeStrong(value));
1243 }
1244
1245 StructureRegistrationResult Graph::registerStructure(Structure* structure)
1246 {
1247     m_plan.weakReferences.addLazily(structure);
1248     if (m_plan.watchpoints.consider(structure))
1249         return StructureRegisteredAndWatched;
1250     return StructureRegisteredNormally;
1251 }
1252
1253 void Graph::assertIsRegistered(Structure* structure)
1254 {
1255     // It's convenient to be able to call this with a maybe-null structure.
1256     if (!structure)
1257         return;
1258     
1259     if (m_structureRegistrationState == HaveNotStartedRegistering)
1260         return;
1261     
1262     DFG_ASSERT(*this, nullptr, m_plan.weakReferences.contains(structure));
1263     
1264     if (!structure->dfgShouldWatch())
1265         return;
1266     if (watchpoints().isWatched(structure->transitionWatchpointSet()))
1267         return;
1268     
1269     DFG_CRASH(*this, nullptr, toCString("Structure ", pointerDump(structure), " is watchable but isn't being watched.").data());
1270 }
1271
1272 NO_RETURN_DUE_TO_CRASH static void crash(
1273     Graph& graph, const CString& whileText, const char* file, int line, const char* function,
1274     const char* assertion)
1275 {
1276     startCrashing();
1277     dataLog("DFG ASSERTION FAILED: ", assertion, "\n");
1278     dataLog(file, "(", line, ") : ", function, "\n");
1279     dataLog("\n");
1280     dataLog(whileText);
1281     dataLog("Graph at time of failure:\n");
1282     graph.dump();
1283     dataLog("\n");
1284     dataLog("DFG ASSERTION FAILED: ", assertion, "\n");
1285     dataLog(file, "(", line, ") : ", function, "\n");
1286     CRASH_WITH_SECURITY_IMPLICATION();
1287 }
1288
1289 void Graph::handleAssertionFailure(
1290     std::nullptr_t, const char* file, int line, const char* function, const char* assertion)
1291 {
1292     crash(*this, "", file, line, function, assertion);
1293 }
1294
1295 void Graph::handleAssertionFailure(
1296     Node* node, const char* file, int line, const char* function, const char* assertion)
1297 {
1298     crash(*this, toCString("While handling node ", node, "\n\n"), file, line, function, assertion);
1299 }
1300
1301 void Graph::handleAssertionFailure(
1302     BasicBlock* block, const char* file, int line, const char* function, const char* assertion)
1303 {
1304     crash(*this, toCString("While handling block ", pointerDump(block), "\n\n"), file, line, function, assertion);
1305 }
1306
1307 ValueProfile* Graph::valueProfileFor(Node* node)
1308 {
1309     if (!node)
1310         return nullptr;
1311         
1312     CodeBlock* profiledBlock = baselineCodeBlockFor(node->origin.semantic);
1313         
1314     if (node->hasLocal(*this)) {
1315         if (!node->local().isArgument())
1316             return nullptr;
1317         int argument = node->local().toArgument();
1318         Node* argumentNode = m_arguments[argument];
1319         if (!argumentNode)
1320             return nullptr;
1321         if (node->variableAccessData() != argumentNode->variableAccessData())
1322             return nullptr;
1323         return profiledBlock->valueProfileForArgument(argument);
1324     }
1325         
1326     if (node->hasHeapPrediction())
1327         return profiledBlock->valueProfileForBytecodeOffset(node->origin.semantic.bytecodeIndex);
1328         
1329     return nullptr;
1330 }
1331
1332 MethodOfGettingAValueProfile Graph::methodOfGettingAValueProfileFor(Node* node)
1333 {
1334     if (!node)
1335         return MethodOfGettingAValueProfile();
1336     
1337     if (ValueProfile* valueProfile = valueProfileFor(node))
1338         return MethodOfGettingAValueProfile(valueProfile);
1339     
1340     if (node->op() == GetLocal) {
1341         CodeBlock* profiledBlock = baselineCodeBlockFor(node->origin.semantic);
1342         
1343         return MethodOfGettingAValueProfile::fromLazyOperand(
1344             profiledBlock,
1345             LazyOperandValueProfileKey(
1346                 node->origin.semantic.bytecodeIndex, node->local()));
1347     }
1348     
1349     return MethodOfGettingAValueProfile();
1350 }
1351
1352 } } // namespace JSC::DFG
1353
1354 #endif // ENABLE(DFG_JIT)