op_get_by_id_with_this should use inline caching
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 27 Feb 2017 00:32:10 +0000 (00:32 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 27 Feb 2017 00:32:10 +0000 (00:32 +0000)
commitade204034aa785e7729d688f1356453ec4129c4d
treea79297ca679d2353ae763c9d39634d51208a3e4a
parentacb2778a782e7b51d109c8412363be0952a3f88f
op_get_by_id_with_this should use inline caching
https://bugs.webkit.org/show_bug.cgi?id=162124

Patch by Caio Lima <ticaiolima@gmail.com> on 2017-02-26
Reviewed by Saam Barati.

JSTests:

* microbenchmarks/super-getter.js: Added.
(A.prototype.get f):
(A):
(B.prototype.get f):
(B):
* stress/super-force-ic-fail.js: Added.
(let.assert):
(let.aObj.get foo):
(let.obj.jaz):
(let.bObj.get foo):
(let.obj2.foo):
* stress/super-get-by-id.js: Added.
(assert):
(Base):
(Base.prototype.get name):
(Base.prototype.set name):
(Subclass.prototype.get name):
(Subclass):
(getterName):
(getterValue):
(PolymorphicSubclass.prototype.get value):
(PolymorphicSubclass):
(i.let.BaseCode):
(i.get value):
(MegamorphicSubclass.prototype.get value):
(MegamorphicSubclass):
(let.subObj.get value):
(i.catch):
(subObj.get value):
(BaseException):
(BaseException.prototype.get name):
(SubclassException.prototype.get name):
(SubclassException):
(prototype.foo):
(prototype.get name):
(SubclassExceptionComplex.prototype.get name):
(SubclassExceptionComplex):
* stress/super-getter-reset-ic.js: Added.
(let.assert):
(let.B.f):

Source/JavaScriptCore:

This patch is enabling inline cache for op_get_by_id_with_this in all
tiers. It means that operations using ```super.member``` are going to
be able to be optimized by PIC. To enable it, we introduced a new
member of StructureStubInfo.patch named thisGPR, created a new class
to manage the IC named JITGetByIdWithThisGenerator and changed
PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
to decide the correct this value on inline caches.
With inline cached enabled, ```super.member``` are ~4.5x faster,
according microbenchmarks.

* bytecode/AccessCase.cpp:
(JSC::AccessCase::generateImpl):
* bytecode/PolymorphicAccess.cpp:
(JSC::PolymorphicAccess::regenerate):
* bytecode/PolymorphicAccess.h:
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::reset):
* bytecode/StructureStubInfo.h:
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::addGetByIdWithThis):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileIn):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
(JSC::FTL::DFG::LowerDFGToB3::compileIn):
(JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
* jit/CCallHelpers.h:
(JSC::CCallHelpers::setupArgumentsWithExecState):
* jit/ICStats.h:
* jit/JIT.cpp:
(JSC::JIT::JIT):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::link):
* jit/JIT.h:
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITByIdGenerator::JITByIdGenerator):
(JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
(JSC::JITGetByIdWithThisGenerator::generateFastPath):
* jit/JITInlineCacheGenerator.h:
(JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
* jit/JITInlines.h:
(JSC::JIT::callOperation):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_id_with_this):
(JSC::JIT::emitSlow_op_get_by_id_with_this):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_get_by_id_with_this):
(JSC::JIT::emitSlow_op_get_by_id_with_this):
* jit/Repatch.cpp:
(JSC::appropriateOptimizingGetByIdFunction):
(JSC::appropriateGenericGetByIdFunction):
(JSC::tryCacheGetByID):
* jit/Repatch.h:
* jsc.cpp:
(WTF::CustomGetter::getOwnPropertySlot):
(WTF::CustomGetter::customGetterAcessor):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@213019 268f45cc-cd09-0410-ab3c-d52691b4dbfc
33 files changed:
JSTests/ChangeLog
JSTests/microbenchmarks/super-getter.js [new file with mode: 0644]
JSTests/stress/super-force-ic-fail.js [new file with mode: 0644]
JSTests/stress/super-get-by-id.js [new file with mode: 0644]
JSTests/stress/super-getter-reset-ic.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/AccessCase.cpp
Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp
Source/JavaScriptCore/bytecode/PolymorphicAccess.h
Source/JavaScriptCore/bytecode/StructureStubInfo.cpp
Source/JavaScriptCore/bytecode/StructureStubInfo.h
Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
Source/JavaScriptCore/dfg/DFGJITCompiler.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Source/JavaScriptCore/jit/CCallHelpers.h
Source/JavaScriptCore/jit/ICStats.h
Source/JavaScriptCore/jit/JIT.cpp
Source/JavaScriptCore/jit/JIT.h
Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp
Source/JavaScriptCore/jit/JITInlineCacheGenerator.h
Source/JavaScriptCore/jit/JITInlines.h
Source/JavaScriptCore/jit/JITOperations.cpp
Source/JavaScriptCore/jit/JITOperations.h
Source/JavaScriptCore/jit/JITPropertyAccess.cpp
Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
Source/JavaScriptCore/jit/Repatch.cpp
Source/JavaScriptCore/jit/Repatch.h
Source/JavaScriptCore/jsc.cpp