86b50dd37f2d21460a9ed9d6516d09b7b5633900
[WebKit-https.git] / Source / JavaScriptCore / dfg / DFGStructureRegistrationPhase.cpp
1 /*
2  * Copyright (C) 2014-2016 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #include "config.h"
27 #include "DFGStructureRegistrationPhase.h"
28
29 #if ENABLE(DFG_JIT)
30
31 #include "DFGBasicBlockInlines.h"
32 #include "DFGGraph.h"
33 #include "DFGPhase.h"
34 #include "JSCInlines.h"
35
36 namespace JSC { namespace DFG {
37
38 class StructureRegistrationPhase : public Phase {
39 public:
40     StructureRegistrationPhase(Graph& graph)
41         : Phase(graph, "structure registration")
42     {
43     }
44     
45     bool run()
46     {
47         // FIXME: This phase shouldn't exist. We should have registered all structures by now, since
48         // we may already have done optimizations that rely on structures having been registered.
49         // Currently, we still have places where we don't register structures prior to this phase,
50         // but structures don't end up being used for optimization prior to this phase. That's a
51         // pretty fragile situation and we should fix it eventually.
52         // https://bugs.webkit.org/show_bug.cgi?id=147889
53         
54         // We need to set this before this phase finishes. This phase doesn't do anything
55         // conditioned on this field, except for assertIsRegistered() below. We intend for that
56         // method to behave as if the phase was already finished. So, we set this up here.
57         m_graph.m_structureRegistrationState = AllStructuresAreRegistered;
58         
59         // These are pretty dumb, but needed to placate subsequent assertions. We don't actually
60         // have to watch these because there is no way to transition away from it, but they are
61         // watchable and so we will assert if they aren't watched.
62         registerStructure(m_graph.m_vm.structureStructure.get());
63         registerStructure(m_graph.m_vm.stringStructure.get());
64         registerStructure(m_graph.m_vm.symbolStructure.get());
65         
66         for (FrozenValue* value : m_graph.m_frozenValues)
67             assertIsRegistered(value->structure());
68         
69         for (BlockIndex blockIndex = m_graph.numBlocks(); blockIndex--;) {
70             BasicBlock* block = m_graph.block(blockIndex);
71             if (!block)
72                 continue;
73         
74             for (unsigned nodeIndex = 0; nodeIndex < block->size(); ++nodeIndex) {
75                 Node* node = block->at(nodeIndex);
76             
77                 switch (node->op()) {
78                 case CheckStructure:
79                     assertAreRegistered(node->structureSet());
80                     break;
81                 
82                 case NewObject:
83                 case ArrayifyToStructure:
84                 case NewStringObject:
85                     registerStructure(node->structure());
86                     break;
87                 
88                 case PutStructure:
89                 case AllocatePropertyStorage:
90                 case ReallocatePropertyStorage:
91                     registerStructure(node->transition()->previous);
92                     registerStructure(node->transition()->next);
93                     break;
94
95                 case GetGetterSetterByOffset:
96                     registerStructure(m_graph.globalObjectFor(node->origin.semantic)->getterSetterStructure());
97                     break;
98
99                 case MultiGetByOffset:
100                     for (const MultiGetByOffsetCase& getCase : node->multiGetByOffsetData().cases)
101                         registerStructures(getCase.set());
102                     break;
103                     
104                 case MultiPutByOffset:
105                     for (unsigned i = node->multiPutByOffsetData().variants.size(); i--;) {
106                         PutByIdVariant& variant = node->multiPutByOffsetData().variants[i];
107                         registerStructures(variant.oldStructure());
108                         if (variant.kind() == PutByIdVariant::Transition)
109                             registerStructure(variant.newStructure());
110                     }
111                     break;
112                     
113                 case NewArray:
114                 case NewArrayBuffer:
115                 case NewArrayWithSize: {
116                     JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic);
117                     registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()));
118                     registerStructure(globalObject->originalArrayStructureForIndexingType(ArrayWithSlowPutArrayStorage));
119                     break;
120                 }
121
122                 case CreateRest: {
123                     if (m_graph.isWatchingHavingABadTimeWatchpoint(node)) {
124                         JSGlobalObject* globalObject = m_graph.globalObjectFor(node->origin.semantic);
125                         registerStructure(globalObject->restParameterStructure());
126                     }
127                     break;
128                 }
129                     
130                 case NewTypedArray:
131                     registerStructure(m_graph.globalObjectFor(node->origin.semantic)->typedArrayStructureConcurrently(node->typedArrayType()));
132                     break;
133                     
134                 case ToString:
135                 case CallStringConstructor:
136                     registerStructure(m_graph.globalObjectFor(node->origin.semantic)->stringObjectStructure());
137                     break;
138                     
139                 case CreateActivation:
140                     registerStructure(m_graph.globalObjectFor(node->origin.semantic)->activationStructure());
141                     break;
142                     
143                 case CreateDirectArguments:
144                     registerStructure(m_graph.globalObjectFor(node->origin.semantic)->directArgumentsStructure());
145                     break;
146                     
147                 case CreateScopedArguments:
148                     registerStructure(m_graph.globalObjectFor(node->origin.semantic)->scopedArgumentsStructure());
149                     break;
150
151                 case CreateClonedArguments:
152                     registerStructure(m_graph.globalObjectFor(node->origin.semantic)->clonedArgumentsStructure());
153                     break;
154
155                 case NewRegexp:
156                     registerStructure(m_graph.globalObjectFor(node->origin.semantic)->regExpStructure());
157                     break;
158                 case NewFunction:
159                     registerStructure(m_graph.globalObjectFor(node->origin.semantic)->functionStructure());
160                     break;
161                 case NewGeneratorFunction:
162                     registerStructure(m_graph.globalObjectFor(node->origin.semantic)->generatorFunctionStructure());
163                     break;
164
165                 default:
166                     break;
167                 }
168             }
169         }
170         
171         return true;
172     }
173
174 private:
175     void registerStructures(const StructureSet& set)
176     {
177         for (Structure* structure : set)
178             registerStructure(structure);
179     }
180     
181     void registerStructure(Structure* structure)
182     {
183         if (structure)
184             m_graph.registerStructure(structure);
185     }
186
187     void assertAreRegistered(const StructureSet& set)
188     {
189         for (Structure* structure : set)
190             assertIsRegistered(structure);
191     }
192
193     void assertIsRegistered(Structure* structure)
194     {
195         if (structure)
196             m_graph.assertIsRegistered(structure);
197     }
198 };
199
200 bool performStructureRegistration(Graph& graph)
201 {
202     return runPhase<StructureRegistrationPhase>(graph);
203 }
204
205 } } // namespace JSC::DFG
206
207 #endif // ENABLE(DFG_JIT)
208