Introduce UniquedStringImpl and SymbolImpl to separate symbolic strings from AtomicSt...
[WebKit-https.git] / Source / JavaScriptCore / ftl / FTLOperations.cpp
1 /*
2  * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #include "config.h"
27 #include "FTLOperations.h"
28
29 #if ENABLE(FTL_JIT)
30
31 #include "ClonedArguments.h"
32 #include "DirectArguments.h"
33 #include "JSCInlines.h"
34 #include "JSLexicalEnvironment.h"
35
36 namespace JSC { namespace FTL {
37
38 using namespace JSC::DFG;
39
40 extern "C" JSCell* JIT_OPERATION operationNewObjectWithButterfly(ExecState* exec, Structure* structure)
41 {
42     VM& vm = exec->vm();
43     NativeCallFrameTracer tracer(&vm, exec);
44     
45     Butterfly* butterfly = Butterfly::create(
46         vm, nullptr, 0, structure->outOfLineCapacity(), false, IndexingHeader(), 0);
47     
48     return JSFinalObject::create(exec, structure, butterfly);
49 }
50
51 extern "C" JSCell* JIT_OPERATION operationMaterializeObjectInOSR(
52     ExecState* exec, ExitTimeObjectMaterialization* materialization, EncodedJSValue* values)
53 {
54     VM& vm = exec->vm();
55     CodeBlock* codeBlock = exec->codeBlock();
56
57     // We cannot GC. We've got pointers in evil places.
58     DeferGCForAWhile deferGC(vm.heap);
59     
60     switch (materialization->type()) {
61     case PhantomNewObject: {
62         // First figure out what the structure is.
63         Structure* structure = nullptr;
64         for (unsigned i = materialization->properties().size(); i--;) {
65             const ExitPropertyValue& property = materialization->properties()[i];
66             if (property.location() != PromotedLocationDescriptor(StructurePLoc))
67                 continue;
68         
69             structure = jsCast<Structure*>(JSValue::decode(values[i]));
70             break;
71         }
72         RELEASE_ASSERT(structure);
73     
74         // Let's create that object!
75         JSFinalObject* result = JSFinalObject::create(vm, structure);
76     
77         // Now figure out what the heck to populate the object with. Use getPropertiesConcurrently()
78         // because that happens to be lower-level and more convenient. It doesn't change the
79         // materialization of the property table. We want to have minimal visible effects on the
80         // system. Also, don't mind that this is O(n^2). It doesn't matter. We only get here from OSR
81         // exit.
82         for (PropertyMapEntry entry : structure->getPropertiesConcurrently()) {
83             for (unsigned i = materialization->properties().size(); i--;) {
84                 const ExitPropertyValue& property = materialization->properties()[i];
85                 if (property.location().kind() != NamedPropertyPLoc)
86                     continue;
87                 if (codeBlock->identifier(property.location().info()).impl() != entry.key)
88                     continue;
89             
90                 result->putDirect(vm, entry.offset, JSValue::decode(values[i]));
91             }
92         }
93     
94         return result;
95     }
96
97     case PhantomNewFunction: {
98         // Figure out what the executable and activation are
99         FunctionExecutable* executable = nullptr;
100         JSScope* activation = nullptr;
101         for (unsigned i = materialization->properties().size(); i--;) {
102             const ExitPropertyValue& property = materialization->properties()[i];
103             if (property.location() == PromotedLocationDescriptor(FunctionExecutablePLoc))
104                 executable = jsCast<FunctionExecutable*>(JSValue::decode(values[i]));
105             if (property.location() == PromotedLocationDescriptor(FunctionActivationPLoc))
106                 activation = jsCast<JSScope*>(JSValue::decode(values[i]));
107         }
108         RELEASE_ASSERT(executable && activation);
109
110         JSFunction* result = JSFunction::createWithInvalidatedReallocationWatchpoint(vm, executable, activation);
111
112         return result;
113     }
114
115     case PhantomCreateActivation: {
116         // Figure out where the scope is
117         JSScope* scope = nullptr;
118         SymbolTable* table = nullptr;
119         for (unsigned i = materialization->properties().size(); i--;) {
120             const ExitPropertyValue& property = materialization->properties()[i];
121             if (property.location() == PromotedLocationDescriptor(ActivationScopePLoc))
122                 scope = jsCast<JSScope*>(JSValue::decode(values[i]));
123             else if (property.location() == PromotedLocationDescriptor(ActivationSymbolTablePLoc))
124                 table = jsCast<SymbolTable*>(JSValue::decode(values[i]));
125         }
126         RELEASE_ASSERT(scope);
127         RELEASE_ASSERT(table);
128
129         CodeBlock* codeBlock = baselineCodeBlockForOriginAndBaselineCodeBlock(
130             materialization->origin(), exec->codeBlock());
131         Structure* structure = codeBlock->globalObject()->activationStructure();
132
133         JSLexicalEnvironment* result = JSLexicalEnvironment::create(vm, structure, scope, table);
134
135         RELEASE_ASSERT(materialization->properties().size() - 2 == table->scopeSize());
136         // Figure out what to populate the activation with
137         for (unsigned i = materialization->properties().size(); i--;) {
138             const ExitPropertyValue& property = materialization->properties()[i];
139             if (property.location().kind() != ClosureVarPLoc)
140                 continue;
141
142             result->variableAt(ScopeOffset(property.location().info())).set(exec->vm(), result, JSValue::decode(values[i]));
143         }
144
145         if (validationEnabled()) {
146             // Validate to make sure every slot in the scope has one value.
147             ConcurrentJITLocker locker(table->m_lock);
148             for (auto iter = table->begin(locker), end = table->end(locker); iter != end; ++iter) {
149                 bool found = false;
150                 for (unsigned i = materialization->properties().size(); i--;) {
151                     const ExitPropertyValue& property = materialization->properties()[i];
152                     if (property.location().kind() != ClosureVarPLoc)
153                         continue;
154                     if (ScopeOffset(property.location().info()) == iter->value.scopeOffset()) {
155                         found = true;
156                         break;
157                     }
158                 }
159                 ASSERT_UNUSED(found, found);
160             }
161             unsigned numberOfClosureVarPloc = 0;
162             for (unsigned i = materialization->properties().size(); i--;) {
163                 const ExitPropertyValue& property = materialization->properties()[i];
164                 if (property.location().kind() == ClosureVarPLoc)
165                     numberOfClosureVarPloc++;
166             }
167             ASSERT(numberOfClosureVarPloc == table->scopeSize());
168         }
169
170         return result;
171     }
172
173     case PhantomDirectArguments:
174     case PhantomClonedArguments: {
175         if (!materialization->origin().inlineCallFrame) {
176             switch (materialization->type()) {
177             case PhantomDirectArguments:
178                 return DirectArguments::createByCopying(exec);
179             case PhantomClonedArguments:
180                 return ClonedArguments::createWithMachineFrame(exec, exec, ArgumentsMode::Cloned);
181             default:
182                 RELEASE_ASSERT_NOT_REACHED();
183                 return nullptr;
184             }
185         }
186
187         // First figure out the argument count. If there isn't one then we represent the machine frame.
188         unsigned argumentCount = 0;
189         if (materialization->origin().inlineCallFrame->isVarargs()) {
190             for (unsigned i = materialization->properties().size(); i--;) {
191                 const ExitPropertyValue& property = materialization->properties()[i];
192                 if (property.location() != PromotedLocationDescriptor(ArgumentCountPLoc))
193                     continue;
194                 
195                 argumentCount = JSValue::decode(values[i]).asUInt32();
196                 RELEASE_ASSERT(argumentCount);
197                 break;
198             }
199             RELEASE_ASSERT(argumentCount);
200         } else
201             argumentCount = materialization->origin().inlineCallFrame->arguments.size();
202         
203         JSFunction* callee = nullptr;
204         if (materialization->origin().inlineCallFrame->isClosureCall) {
205             for (unsigned i = materialization->properties().size(); i--;) {
206                 const ExitPropertyValue& property = materialization->properties()[i];
207                 if (property.location() != PromotedLocationDescriptor(ArgumentsCalleePLoc))
208                     continue;
209                 
210                 callee = jsCast<JSFunction*>(JSValue::decode(values[i]));
211                 break;
212             }
213         } else
214             callee = materialization->origin().inlineCallFrame->calleeConstant();
215         RELEASE_ASSERT(callee);
216         
217         CodeBlock* codeBlock = baselineCodeBlockForOriginAndBaselineCodeBlock(
218             materialization->origin(), exec->codeBlock());
219         
220         // We have an inline frame and we have all of the data we need to recreate it.
221         switch (materialization->type()) {
222         case PhantomDirectArguments: {
223             unsigned length = argumentCount - 1;
224             unsigned capacity = std::max(length, static_cast<unsigned>(codeBlock->numParameters() - 1));
225             DirectArguments* result = DirectArguments::create(
226                 vm, codeBlock->globalObject()->directArgumentsStructure(), length, capacity);
227             result->callee().set(vm, result, callee);
228             for (unsigned i = materialization->properties().size(); i--;) {
229                 const ExitPropertyValue& property = materialization->properties()[i];
230                 if (property.location().kind() != ArgumentPLoc)
231                     continue;
232                 
233                 unsigned index = property.location().info();
234                 if (index >= capacity)
235                     continue;
236                 
237                 // We don't want to use setIndexQuickly(), since that's only for the passed-in
238                 // arguments but sometimes the number of named arguments is greater. For
239                 // example:
240                 //
241                 // function foo(a, b, c) { ... }
242                 // foo();
243                 //
244                 // setIndexQuickly() would fail for indices 0, 1, 2 - but we need to recover
245                 // those here.
246                 result->argument(DirectArgumentsOffset(index)).set(
247                     vm, result, JSValue::decode(values[i]));
248             }
249             return result;
250         }
251         case PhantomClonedArguments: {
252             unsigned length = argumentCount - 1;
253             ClonedArguments* result = ClonedArguments::createEmpty(
254                 vm, codeBlock->globalObject()->outOfBandArgumentsStructure(), callee);
255             
256             for (unsigned i = materialization->properties().size(); i--;) {
257                 const ExitPropertyValue& property = materialization->properties()[i];
258                 if (property.location().kind() != ArgumentPLoc)
259                     continue;
260                 
261                 unsigned index = property.location().info();
262                 if (index >= length)
263                     continue;
264                 result->putDirectIndex(exec, index, JSValue::decode(values[i]));
265             }
266             
267             result->putDirect(vm, vm.propertyNames->length, jsNumber(length));
268             return result;
269         }
270         default:
271             RELEASE_ASSERT_NOT_REACHED();
272             return nullptr;
273         }
274     }
275         
276     default:
277         RELEASE_ASSERT_NOT_REACHED();
278         return nullptr;
279     }
280 }
281
282 } } // namespace JSC::FTL
283
284 #endif // ENABLE(FTL_JIT)
285