Inline caches should handle out-of-line offsets out-of-line
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 7 Oct 2015 17:28:38 +0000 (17:28 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 7 Oct 2015 17:28:38 +0000 (17:28 +0000)
commite3557b137e2ecc7a1dcc72f46c59b4e64a1109c7
tree0071b04725777756a0fcd0bfc29cb2ce6a701963
parent292766ee87f94c7cb2c540d742eaf4595ac2fac1
Inline caches should handle out-of-line offsets out-of-line
https://bugs.webkit.org/show_bug.cgi?id=149869

Reviewed by Saam Barati.

If we want to have a concurrent copying GC, then we need a read barrier on copied space
pointers. That makes the convertible load portion of the get_by_id/put_by_id inline caches
rather challenging. Currently we have a load instruction that we can turn into an add
instruction - the add case is when we have an inline offset, and the load case is when we
have an out-of-line offset and we need to load a copied space pointer. But if the load from
copied space requires a barrier, then there is no easy way to convert that back to the inline
case.

This patch removes the convertible load. The inline path of get_by_id/put_by_id only handles
the inline offsets. Out-of-line offsets are now handled using out-of-line stubs.

* bytecode/StructureStubInfo.h:
* ftl/FTLInlineCacheSize.cpp:
(JSC::FTL::sizeOfGetById):
(JSC::FTL::sizeOfPutById):
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITByIdGenerator::finalize):
(JSC::JITByIdGenerator::generateFastPathChecks):
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
(JSC::JITGetByIdGenerator::generateFastPath):
(JSC::JITPutByIdGenerator::JITPutByIdGenerator):
(JSC::JITPutByIdGenerator::generateFastPath):
* jit/JITInlineCacheGenerator.h:
* jit/Repatch.cpp:
(JSC::repatchByIdSelfAccess):
(JSC::tryCacheGetByID):
(JSC::tryCachePutByID):
* runtime/JSObject.h:
(JSC::JSObject::butterflyTotalSize):
(JSC::indexRelativeToBase):
(JSC::offsetRelativeToBase):
(JSC::maxOffsetRelativeToBase):
(JSC::makeIdentifier):
(JSC::offsetRelativeToPatchedStorage): Deleted.
(JSC::maxOffsetRelativeToPatchedStorage): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190672 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/StructureStubInfo.h
Source/JavaScriptCore/ftl/FTLInlineCacheSize.cpp
Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp
Source/JavaScriptCore/jit/JITInlineCacheGenerator.h
Source/JavaScriptCore/jit/Repatch.cpp
Source/JavaScriptCore/runtime/JSObject.h