Unreviewed, rolling out r213019.
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 27 Feb 2017 21:08:38 +0000 (21:08 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 27 Feb 2017 21:08:38 +0000 (21:08 +0000)
https://bugs.webkit.org/show_bug.cgi?id=168925

"It broke 32-bit jsc tests in debug builds" (Requested by
saamyjoon on #webkit).

Reverted changeset:

"op_get_by_id_with_this should use inline caching"
https://bugs.webkit.org/show_bug.cgi?id=162124
http://trac.webkit.org/changeset/213019

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@213088 268f45cc-cd09-0410-ab3c-d52691b4dbfc

33 files changed:
JSTests/ChangeLog
JSTests/microbenchmarks/super-getter.js [deleted file]
JSTests/stress/super-force-ic-fail.js [deleted file]
JSTests/stress/super-get-by-id.js [deleted file]
JSTests/stress/super-getter-reset-ic.js [deleted file]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/AccessCase.cpp
Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp
Source/JavaScriptCore/bytecode/PolymorphicAccess.h
Source/JavaScriptCore/bytecode/StructureStubInfo.cpp
Source/JavaScriptCore/bytecode/StructureStubInfo.h
Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
Source/JavaScriptCore/dfg/DFGJITCompiler.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Source/JavaScriptCore/jit/CCallHelpers.h
Source/JavaScriptCore/jit/ICStats.h
Source/JavaScriptCore/jit/JIT.cpp
Source/JavaScriptCore/jit/JIT.h
Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp
Source/JavaScriptCore/jit/JITInlineCacheGenerator.h
Source/JavaScriptCore/jit/JITInlines.h
Source/JavaScriptCore/jit/JITOperations.cpp
Source/JavaScriptCore/jit/JITOperations.h
Source/JavaScriptCore/jit/JITPropertyAccess.cpp
Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
Source/JavaScriptCore/jit/Repatch.cpp
Source/JavaScriptCore/jit/Repatch.h
Source/JavaScriptCore/jsc.cpp

index ca37d68..6421532 100644 (file)
@@ -1,3 +1,17 @@
+2017-02-27  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r213019.
+        https://bugs.webkit.org/show_bug.cgi?id=168925
+
+        "It broke 32-bit jsc tests in debug builds" (Requested by
+        saamyjoon on #webkit).
+
+        Reverted changeset:
+
+        "op_get_by_id_with_this should use inline caching"
+        https://bugs.webkit.org/show_bug.cgi?id=162124
+        http://trac.webkit.org/changeset/213019
+
 2017-02-27  JF Bastien  <jfbastien@apple.com>
 
         WebAssembly: miscellaneous spec fixes part deux
diff --git a/JSTests/microbenchmarks/super-getter.js b/JSTests/microbenchmarks/super-getter.js
deleted file mode 100644 (file)
index f882177..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-class A {
-    get f() {
-        return this._f;
-    }
-}
-
-class B extends A {
-    get f() {
-        return super.f;
-    }
-}
-
-(function() {
-    var o = new B();
-
-    o._f = 42;
-    var result = 0;
-    var n = 2000000;
-    for (var i = 0; i < n; ++i)
-        result += o.f;
-    if (result != n * 42)
-        throw "Error: bad result: " + result;
-})();
-
diff --git a/JSTests/stress/super-force-ic-fail.js b/JSTests/stress/super-force-ic-fail.js
deleted file mode 100644 (file)
index dbff88d..0000000
+++ /dev/null
@@ -1,56 +0,0 @@
-let assert = (a) => {
-    if (!a)
-        throw Error("Bad Assertion");
-}
-
-let aObj =  {
-    get foo() { return this.a; }
-};
-
-let obj = {
-    jaz() {
-        return super.foo;
-    }
-};
-obj.a = "foo";
-
-Object.setPrototypeOf(obj, aObj);
-
-noInline(obj.jaz);
-
-for (let i = 0; i < 10000; i++) {
-    if (i == 9999) {
-        delete aObj.foo;
-        assert(obj.jaz() === undefined);
-    } else {
-        assert(obj.jaz() == "foo");
-    }
-
-}
-
-let bObj =  {
-    get foo() { return this.a; }
-};
-
-let obj2 = {
-    foo() {
-        return super.foo;
-    }
-};
-obj2.a = "foo";
-
-Object.setPrototypeOf(obj2, bObj);
-
-noInline(obj.jaz);
-
-for (let i = 0; i < 10000; i++) {
-    if (i == 9999) {
-        Object.defineProperty(bObj, "foo", {
-            get: () => {return "boo"; }
-        });
-        assert(obj2.foo() == "boo");
-    } else {
-        assert(obj2.foo() == "foo");
-    }
-}
-
diff --git a/JSTests/stress/super-get-by-id.js b/JSTests/stress/super-get-by-id.js
deleted file mode 100644 (file)
index b4ea2cc..0000000
+++ /dev/null
@@ -1,203 +0,0 @@
-"use strict";
-
-function assert(a) {
-    if (!a)
-        throw new Error("Bad!");
-}
-
-var Base = class Base {
-    constructor() { this._name = "Name"; }
-    get name() { return this._name; } // If this instead returns a static: return "Foo" things somewhat work.
-    set name(x) { this._name = x; }
-};
-
-var Subclass = class Subclass extends Base {
-    get name() { return super.name; }
-};
-
-function getterName(instance) {
-    return instance.name;
-}
-
-noInline(getterName);
-
-function getterValue(instance) {
-    return instance.value;
-}
-
-noInline(getterValue);
-
-// Base case
-var instance = new Subclass;
-for (let i = 0; i < 10000;i++)
-  assert(getterName(instance) == "Name");
-
-// Polymorphic case
-
-class PolymorphicSubclass {
-    get value() { return super.value; }
-};
-
-let numPolymorphicClasses = 4;
-let subclasses = new Array(numPolymorphicClasses);
-for (let i = 0; i < numPolymorphicClasses; i++) {
-    let BaseCode = `
-       class Base${i} {
-            get value() { return this._value; }
-        };
-    `;
-
-    let Base = eval(BaseCode);
-    subclasses[i] = new PolymorphicSubclass();
-    subclasses[i]._value = i;
-
-    Object.setPrototypeOf(subclasses[i], Base.prototype);
-}
-
-for (let i = 0; i < 1000000; i++) {
-    let index = i % numPolymorphicClasses;
-    let value = getterValue(subclasses[index]);
-    assert(value == index);
-}
-
-// Megamorphic case
-
-let nClasses = 1000;
-class MegamorphicSubclass {
-    get value() { return super.value; }
-};
-
-subclasses = new Array(nClasses);
-for (let i = 0; i < nClasses; i++) {
-    let BaseCode = `
-       class Base${i + 4} {
-            get value() { return this._value; }
-        };
-    `;
-
-    let Base = eval(BaseCode);
-    subclasses[i] = new MegamorphicSubclass();
-    subclasses[i]._value = i;
-
-    Object.setPrototypeOf(subclasses[i], Base.prototype);
-}
-
-for (let i = 0; i < 1000000; i++) {
-    let index = i % nClasses;
-    let value = getterValue(subclasses[index]);
-    assert(value == index);
-}
-
-// CustomGetter case
-
-let customGetter = createCustomGetterObject();
-Object.setPrototypeOf(customGetter, Object.prototype);
-
-let subObj = {
-    __proto__: customGetter,
-    get value () {
-        return super.customGetterAccessor;
-    }
-}
-
-for (let i = 0; i < 1000000; i++) {
-    let value = getterValue(subObj);
-    assert(value == 100);
-}
-
-subObj.shouldThrow = true;
-for (let i = 0; i < 1000000; i++) {
-    try {
-        getterValue(subObj);
-        assert(false);
-    } catch(e) {
-        assert(e instanceof TypeError);
-    };
-}
-
-// CustomValue case
-
-customGetter = createCustomGetterObject();
-Object.setPrototypeOf(customGetter, Object.prototype);
-
-subObj = {
-    __proto__: customGetter,
-    get value () {
-        return super.customGetter;
-    }
-}
-
-for (let i = 0; i < 1000000; i++) {
-    let value = getterValue(subObj);
-    assert(value == 100);
-}
-
-subObj.shouldThrow = true;
-for (let i = 0; i < 1000000; i++) {
-    let value = getterValue(subObj);
-    assert(value == 100);
-}
-
-// Exception handling case
-
-class BaseException {
-    constructor() { this._name = "Name"; }
-    get name() {
-        if (this.shouldThrow)
-            throw new Error("Forced Exception");
-        return this._name;
-    }
-};
-
-class SubclassException extends BaseException {
-    get name() { return super.name; }
-};
-
-let eObj = new SubclassException;
-for (let i = 0; i < 10000;i++)
-  assert(getterName(eObj) == "Name");
-
-eObj.shouldThrow = true;
-for (let i = 0; i < 1000000; i++) {
-    try {
-        getterValue(eObj);
-        assert(false);
-    } catch(e) {
-        eObj.shouldThrow = false;
-        assert(getterName(eObj) == "Name");
-    };
-}
-
-// In getter exception handling
-
-class BaseExceptionComplex {
-    constructor() { this._name = "Name"; }
-    foo () {
-        if (this.shouldThrow)
-            throw new Error("Forced Exception");
-    }
-    get name() {
-        this.foo();
-        return this._name;
-    }
-};
-
-class SubclassExceptionComplex extends BaseExceptionComplex {
-    get name() {
-        try {
-            return super.name;
-        } catch(e) {
-            this.shouldThrow = false;
-            return super.name;
-        }
-    }
-};
-
-eObj = new SubclassExceptionComplex;
-for (let i = 0; i < 10000;i++)
-  assert(getterName(eObj) == "Name");
-
-eObj.shouldThrow = true;
-for (let i = 0; i < 1000000; i++)
-    assert(getterName(eObj) == "Name");
-
diff --git a/JSTests/stress/super-getter-reset-ic.js b/JSTests/stress/super-getter-reset-ic.js
deleted file mode 100644 (file)
index 35c335b..0000000
+++ /dev/null
@@ -1,33 +0,0 @@
-let assert = (a) => {
-    if (!a)
-        throw "Bad!";
-}
-
-let n = 200;
-
-let A =  {
-    c: 42
-}
-
-let C = {
-    __proto__: A
-}
-
-let B = {
-    __proto__: C,
-    f(i) {
-        return super.c;
-    }
-}
-
-var result = 0;
-for (var i = 0; i < n; ++i) {
-    if (i == n / 2 ) {
-        // This operation is going to force op_get_by_id_with_this to be regenerated 
-        Object.defineProperty(A, "c", {get: () => 12});
-    }
-    result += B.f(i);
-}
-
-assert(result, 5400);
-
index 0e1c565..3c2aa83 100644 (file)
@@ -1,3 +1,17 @@
+2017-02-27  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r213019.
+        https://bugs.webkit.org/show_bug.cgi?id=168925
+
+        "It broke 32-bit jsc tests in debug builds" (Requested by
+        saamyjoon on #webkit).
+
+        Reverted changeset:
+
+        "op_get_by_id_with_this should use inline caching"
+        https://bugs.webkit.org/show_bug.cgi?id=162124
+        http://trac.webkit.org/changeset/213019
+
 2017-02-27  JF Bastien  <jfbastien@apple.com>
 
         WebAssembly: miscellaneous spec fixes part deux
index 7c5617a..658ea0f 100644 (file)
@@ -418,7 +418,6 @@ void AccessCase::generateImpl(AccessGenerationState& state)
     const Identifier& ident = *state.ident;
     JSValueRegs valueRegs = state.valueRegs;
     GPRReg baseGPR = state.baseGPR;
-    GPRReg thisGPR = state.thisGPR != InvalidGPRReg ? state.thisGPR : baseGPR;
     GPRReg scratchGPR = state.scratchGPR;
 
     ASSERT(m_conditionSet.structuresEnsureValidityAssumingImpurePropertyWatchpoint());
@@ -666,7 +665,7 @@ void AccessCase::generateImpl(AccessGenerationState& state)
                 loadedValueGPR, calleeFrame.withOffset(CallFrameSlot::callee * sizeof(Register)));
 
             jit.storeCell(
-                thisGPR,
+                baseGPR,
                 calleeFrame.withOffset(virtualRegisterForArgument(0).offset() * sizeof(Register)));
 
             if (m_type == Setter) {
@@ -726,31 +725,28 @@ void AccessCase::generateImpl(AccessGenerationState& state)
             // to make some space here.
             jit.makeSpaceOnStackForCCall();
 
-            // Check if it is a super access
-            GPRReg baseForCustomGetGPR = baseGPR != thisGPR ? thisGPR : baseForGetGPR;
-
             // getter: EncodedJSValue (*GetValueFunc)(ExecState*, EncodedJSValue thisValue, PropertyName);
             // setter: void (*PutValueFunc)(ExecState*, EncodedJSValue thisObject, EncodedJSValue value);
             // Custom values are passed the slotBase (the property holder), custom accessors are passed the thisVaule (reciever).
             // FIXME: Remove this differences in custom values and custom accessors.
             // https://bugs.webkit.org/show_bug.cgi?id=158014
-            GPRReg baseForCustom = m_type == CustomValueGetter || m_type == CustomValueSetter ? baseForAccessGPR : baseForCustomGetGPR; 
+            GPRReg baseForCustomValue = m_type == CustomValueGetter || m_type == CustomValueSetter ? baseForAccessGPR : baseForGetGPR;
 #if USE(JSVALUE64)
             if (m_type == CustomValueGetter || m_type == CustomAccessorGetter) {
                 jit.setupArgumentsWithExecState(
-                    baseForCustom,
+                    baseForCustomValue,
                     CCallHelpers::TrustedImmPtr(ident.impl()));
             } else
-                jit.setupArgumentsWithExecState(baseForCustom, valueRegs.gpr());
+                jit.setupArgumentsWithExecState(baseForCustomValue, valueRegs.gpr());
 #else
             if (m_type == CustomValueGetter || m_type == CustomAccessorGetter) {
                 jit.setupArgumentsWithExecState(
-                    EABI_32BIT_DUMMY_ARG baseForCustom,
+                    EABI_32BIT_DUMMY_ARG baseForCustomValue,
                     CCallHelpers::TrustedImm32(JSValue::CellTag),
                     CCallHelpers::TrustedImmPtr(ident.impl()));
             } else {
                 jit.setupArgumentsWithExecState(
-                    EABI_32BIT_DUMMY_ARG baseForCustom,
+                    EABI_32BIT_DUMMY_ARG baseForCustomValue,
                     CCallHelpers::TrustedImm32(JSValue::CellTag),
                     valueRegs.payloadGPR(), valueRegs.tagGPR());
             }
index 0ca9cf1..4a7c309 100644 (file)
@@ -343,14 +343,11 @@ AccessGenerationResult PolymorphicAccess::regenerate(
     state.ident = &ident;
     
     state.baseGPR = static_cast<GPRReg>(stubInfo.patch.baseGPR);
-    state.thisGPR = static_cast<GPRReg>(stubInfo.patch.thisGPR);
     state.valueRegs = stubInfo.valueRegs();
 
     ScratchRegisterAllocator allocator(stubInfo.patch.usedRegisters);
     state.allocator = &allocator;
     allocator.lock(state.baseGPR);
-    if (state.thisGPR != InvalidGPRReg)
-        allocator.lock(state.thisGPR);
     allocator.lock(state.valueRegs);
 #if USE(JSVALUE32_64)
     allocator.lock(static_cast<GPRReg>(stubInfo.patch.baseTagGPR));
index b25cdd4..d1852c7 100644 (file)
@@ -192,7 +192,6 @@ struct AccessGenerationState {
     MacroAssembler::JumpList failAndRepatch;
     MacroAssembler::JumpList failAndIgnore;
     GPRReg baseGPR { InvalidGPRReg };
-    GPRReg thisGPR { InvalidGPRReg };
     JSValueRegs valueRegs;
     GPRReg scratchGPR { InvalidGPRReg };
     const Identifier* ident;
index 1db13ac..70b767c 100644 (file)
@@ -222,9 +222,6 @@ void StructureStubInfo::reset(CodeBlock* codeBlock)
     case AccessType::Get:
         resetGetByID(codeBlock, *this, GetByIDKind::Normal);
         break;
-    case AccessType::GetWithThis:
-        resetGetByID(codeBlock, *this, GetByIDKind::WithThis);
-        break;
     case AccessType::Put:
         resetPutByID(codeBlock, *this);
         break;
index 9a5121d..b091e21 100644 (file)
@@ -47,7 +47,6 @@ class PolymorphicAccess;
 
 enum class AccessType : int8_t {
     Get,
-    GetWithThis,
     TryGet,
     Put,
     In
@@ -178,11 +177,9 @@ public:
 
         int8_t baseGPR;
         int8_t valueGPR;
-        int8_t thisGPR;
 #if USE(JSVALUE32_64)
         int8_t valueTagGPR;
         int8_t baseTagGPR;
-        int8_t thisTagGPR;
 #endif
     } patch;
 
index 438d6c1..3ce6494 100644 (file)
@@ -1250,14 +1250,6 @@ private:
                 fixEdge<CellUse>(node->child1());
             break;
         }
-        
-        case GetByIdWithThis: {
-            if (node->child1()->shouldSpeculateCell() && node->child2()->shouldSpeculateCell()) {
-                fixEdge<CellUse>(node->child1());
-                fixEdge<CellUse>(node->child2());
-            }
-            break;
-        }
 
         case PutById:
         case PutByIdFlush:
@@ -1885,6 +1877,7 @@ private:
         case ExitOK:
         case BottomValue:
         case TypeOf:
+        case GetByIdWithThis:
         case PutByIdWithThis:
         case PutByValWithThis:
         case GetByValWithThis:
index 15f9006..db5e525 100644 (file)
@@ -253,8 +253,6 @@ void JITCompiler::link(LinkBuffer& linkBuffer)
 
     for (unsigned i = m_getByIds.size(); i--;)
         m_getByIds[i].finalize(linkBuffer);
-    for (unsigned i = m_getByIdsWithThis.size(); i--;)
-        m_getByIdsWithThis[i].finalize(linkBuffer);
     for (unsigned i = m_putByIds.size(); i--;)
         m_putByIds[i].finalize(linkBuffer);
 
index 425dfcd..d868012 100644 (file)
@@ -197,11 +197,6 @@ public:
         m_getByIds.append(InlineCacheWrapper<JITGetByIdGenerator>(gen, slowPath));
     }
     
-    void addGetByIdWithThis(const JITGetByIdWithThisGenerator& gen, SlowPathGenerator* slowPath)
-    {
-        m_getByIdsWithThis.append(InlineCacheWrapper<JITGetByIdWithThisGenerator>(gen, slowPath));
-    }
-    
     void addPutById(const JITPutByIdGenerator& gen, SlowPathGenerator* slowPath)
     {
         m_putByIds.append(InlineCacheWrapper<JITPutByIdGenerator>(gen, slowPath));
@@ -344,7 +339,6 @@ private:
     };
     
     Vector<InlineCacheWrapper<JITGetByIdGenerator>, 4> m_getByIds;
-    Vector<InlineCacheWrapper<JITGetByIdWithThisGenerator>, 4> m_getByIdsWithThis;
     Vector<InlineCacheWrapper<JITPutByIdGenerator>, 4> m_putByIds;
     Vector<InRecord, 4> m_ins;
     Vector<JSCallRecord, 4> m_jsCalls;
index f5837d6..1954cf4 100644 (file)
@@ -1063,11 +1063,9 @@ void SpeculativeJIT::compileIn(Node* node)
             stubInfo->codeOrigin = node->origin.semantic;
             stubInfo->patch.baseGPR = static_cast<int8_t>(baseGPR);
             stubInfo->patch.valueGPR = static_cast<int8_t>(resultGPR);
-            stubInfo->patch.thisGPR = static_cast<int8_t>(InvalidGPRReg);
 #if USE(JSVALUE32_64)
             stubInfo->patch.valueTagGPR = static_cast<int8_t>(InvalidGPRReg);
             stubInfo->patch.baseTagGPR = static_cast<int8_t>(InvalidGPRReg);
-            stubInfo->patch.thisTagGPR = static_cast<int8_t>(InvalidGPRReg);
 #endif
             stubInfo->patch.usedRegisters = usedRegisters();
 
index 1ca7ec2..226ee31 100644 (file)
@@ -770,11 +770,9 @@ public:
 #if USE(JSVALUE64)
     void cachedGetById(CodeOrigin, GPRReg baseGPR, GPRReg resultGPR, unsigned identifierNumber, JITCompiler::Jump slowPathTarget = JITCompiler::Jump(), SpillRegistersMode = NeedToSpill, AccessType = AccessType::Get);
     void cachedPutById(CodeOrigin, GPRReg base, GPRReg value, GPRReg scratchGPR, unsigned identifierNumber, PutKind, JITCompiler::Jump slowPathTarget = JITCompiler::Jump(), SpillRegistersMode = NeedToSpill);
-    void cachedGetByIdWithThis(CodeOrigin, GPRReg baseGPR, GPRReg thisGPR, GPRReg resultGPR, unsigned identifierNumber, JITCompiler::JumpList slowPathTarget = JITCompiler::JumpList());
 #elif USE(JSVALUE32_64)
     void cachedGetById(CodeOrigin, GPRReg baseTagGPROrNone, GPRReg basePayloadGPR, GPRReg resultTagGPR, GPRReg resultPayloadGPR, unsigned identifierNumber, JITCompiler::Jump slowPathTarget = JITCompiler::Jump(), SpillRegistersMode = NeedToSpill, AccessType = AccessType::Get);
     void cachedPutById(CodeOrigin, GPRReg basePayloadGPR, GPRReg valueTagGPR, GPRReg valuePayloadGPR, GPRReg scratchGPR, unsigned identifierNumber, PutKind, JITCompiler::Jump slowPathTarget = JITCompiler::Jump(), SpillRegistersMode = NeedToSpill);
-    void cachedGetByIdWithThis(CodeOrigin, GPRReg baseTagGPROrNone, GPRReg basePayloadGPR, GPRReg thisTagGPROrNone, GPRReg thisPayloadGPR, GPRReg resultTagGPR, GPRReg resultPayloadGPR, unsigned identifierNumber, JITCompiler::JumpList slowPathTarget = JITCompiler::JumpList());
 #endif
 
     void compileDeleteById(Node*);
@@ -1563,11 +1561,6 @@ public:
         m_jit.setupArgumentsWithExecState(TrustedImmPtr(stubInfo), arg1, TrustedImmPtr(uid));
         return appendCallSetResult(operation, result);
     }
-    JITCompiler::Call callOperation(J_JITOperation_ESsiJJI operation, GPRReg result, StructureStubInfo* stubInfo, GPRReg arg1, GPRReg arg2, UniquedStringImpl* uid)
-    {
-        m_jit.setupArgumentsWithExecState(TrustedImmPtr(stubInfo), arg1, arg2, TrustedImmPtr(uid));
-        return appendCallSetResult(operation, result);
-    }
     JITCompiler::Call callOperation(J_JITOperation_EDA operation, GPRReg result, FPRReg arg1, GPRReg arg2)
     {
         m_jit.setupArgumentsWithExecState(arg1, arg2);
@@ -2133,26 +2126,11 @@ public:
         m_jit.setupArgumentsWithExecState(TrustedImmPtr(stubInfo), arg1.payloadGPR(), arg1.tagGPR(), TrustedImmPtr(uid));
         return appendCallSetResult(operation, result.payloadGPR(), result.tagGPR());
     }
-    JITCompiler::Call callOperation(J_JITOperation_ESsiJJI operation, JSValueRegs result, StructureStubInfo* stubInfo, JSValueRegs arg1, JSValueRegs arg2, UniquedStringImpl* uid)
-    {
-        m_jit.setupArgumentsWithExecState(TrustedImmPtr(stubInfo), arg1.payloadGPR(), arg1.tagGPR(), arg2.payloadGPR(), arg2.tagGPR(), TrustedImmPtr(uid));
-        return appendCallSetResult(operation, result.payloadGPR(), result.tagGPR());
-    }
-    JITCompiler::Call callOperation(J_JITOperation_ESsiJJI operation, JSValueRegs result, StructureStubInfo* stubInfo, int32_t arg1Tag, GPRReg arg1Payload, GPRReg arg2Tag, GPRReg arg2Payload, UniquedStringImpl* uid)
-    {
-        m_jit.setupArgumentsWithExecState(TrustedImmPtr(stubInfo), arg1Payload, TrustedImm32(arg1Tag), arg2Payload, arg2Tag, TrustedImmPtr(uid));
-        return appendCallSetResult(operation, result.payloadGPR(), result.tagGPR());
-    }
     JITCompiler::Call callOperation(J_JITOperation_ESsiJI operation, JSValueRegs result, StructureStubInfo* stubInfo, int32_t arg1Tag, GPRReg arg1Payload, UniquedStringImpl* uid)
     {
         m_jit.setupArgumentsWithExecState(TrustedImmPtr(stubInfo), arg1Payload, TrustedImm32(arg1Tag), TrustedImmPtr(uid));
         return appendCallSetResult(operation, result.payloadGPR(), result.tagGPR());
     }
-    JITCompiler::Call callOperation(J_JITOperation_ESsiJJI operation, JSValueRegs result, StructureStubInfo* stubInfo, int32_t arg1Tag, GPRReg arg1Payload, int32_t arg2Tag, GPRReg arg2Payload, UniquedStringImpl* uid)
-    {
-        m_jit.setupArgumentsWithExecState(TrustedImmPtr(stubInfo), arg1Payload, TrustedImm32(arg1Tag), arg2Payload, TrustedImm32(arg2Tag), TrustedImmPtr(uid));
-        return appendCallSetResult(operation, result.payloadGPR(), result.tagGPR());
-    }
     JITCompiler::Call callOperation(J_JITOperation_ESsiJI operation, JSValueRegs result, StructureStubInfo* stubInfo, GPRReg arg1Tag, GPRReg arg1Payload, UniquedStringImpl* uid)
     {
         m_jit.setupArgumentsWithExecState(TrustedImmPtr(stubInfo), arg1Payload, arg1Tag, TrustedImmPtr(uid));
index 4a6dcb1..d91ddd4 100644 (file)
@@ -230,45 +230,6 @@ void SpeculativeJIT::cachedGetById(
     addSlowPathGenerator(WTFMove(slowPath));
 }
 
-void SpeculativeJIT::cachedGetByIdWithThis(
-    CodeOrigin codeOrigin, GPRReg baseTagGPROrNone, GPRReg basePayloadGPR, GPRReg thisTagGPR, GPRReg thisPayloadGPR, GPRReg resultTagGPR, GPRReg resultPayloadGPR,
-    unsigned identifierNumber, JITCompiler::JumpList slowPathTarget)
-{
-    RegisterSet usedRegisters = this->usedRegisters();
-    
-    CallSiteIndex callSite = m_jit.recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded(codeOrigin, m_stream->size());
-    JITGetByIdWithThisGenerator gen(
-        m_jit.codeBlock(), codeOrigin, callSite, usedRegisters, identifierUID(identifierNumber),
-        JSValueRegs(resultTagGPR, resultPayloadGPR), JSValueRegs(baseTagGPROrNone, basePayloadGPR), JSValueRegs(thisTagGPR, thisPayloadGPR), AccessType::GetWithThis);
-    
-    gen.generateFastPath(m_jit);
-    
-    JITCompiler::JumpList slowCases;
-    if (!slowPathTarget.empty())
-        slowCases.append(slowPathTarget);
-    slowCases.append(gen.slowPathJump());
-
-    std::unique_ptr<SlowPathGenerator> slowPath;
-    if (baseTagGPROrNone == InvalidGPRReg && thisTagGPR == InvalidGPRReg) {
-        slowPath = slowPathCall(
-            slowCases, this, operationGetByIdWithThisOptimize,
-            JSValueRegs(resultTagGPR, resultPayloadGPR), gen.stubInfo(),
-            static_cast<int32_t>(JSValue::CellTag), basePayloadGPR,
-            static_cast<int32_t>(JSValue::CellTag), thisPayloadGPR,
-            identifierUID(identifierNumber));
-    } else {
-        ASSERT(baseTagGPROrNone != InvalidGPRReg);
-        ASSERT(thisTagGPR != InvalidGPRReg);
-        
-        slowPath = slowPathCall(
-            slowCases, this, operationGetByIdWithThisOptimize,
-            JSValueRegs(resultTagGPR, resultPayloadGPR), gen.stubInfo(), JSValueRegs(baseTagGPROrNone, basePayloadGPR), JSValueRegs(thisTagGPR, thisPayloadGPR), identifierUID(identifierNumber));
-    }
-
-    m_jit.addGetByIdWithThis(gen, slowPath.get());
-    addSlowPathGenerator(WTFMove(slowPath));
-}
-
 void SpeculativeJIT::cachedPutById(CodeOrigin codeOrigin, GPRReg basePayloadGPR, GPRReg valueTagGPR, GPRReg valuePayloadGPR, GPRReg scratchGPR, unsigned identifierNumber, PutKind putKind, JITCompiler::Jump slowPathTarget, SpillRegistersMode spillMode)
 {
     RegisterSet usedRegisters = this->usedRegisters();
@@ -4330,42 +4291,21 @@ void SpeculativeJIT::compile(Node* node)
     }
 
     case GetByIdWithThis: {
-        if (node->child1().useKind() == CellUse && node->child2().useKind() == CellUse) {
-            SpeculateCellOperand base(this, node->child1());
-            SpeculateCellOperand thisValue(this, node->child2());
-            GPRTemporary resultTag(this);
-            GPRTemporary resultPayload(this);
-            
-            GPRReg baseGPR = base.gpr();
-            GPRReg thisGPR = thisValue.gpr();
-            GPRReg resultTagGPR = resultTag.gpr();
-            GPRReg resultPayloadGPR = resultPayload.gpr();
-            
-            cachedGetByIdWithThis(node->origin.semantic, InvalidGPRReg, baseGPR, InvalidGPRReg, thisGPR, resultTagGPR, resultPayloadGPR, node->identifierNumber());
-            
-            jsValueResult(resultTagGPR, resultPayloadGPR, node, UseChildrenCalledExplicitly);
-        } else {
-            JSValueOperand base(this, node->child1());
-            JSValueOperand thisValue(this, node->child2());
-            GPRTemporary resultTag(this);
-            GPRTemporary resultPayload(this);
-            
-            GPRReg baseTagGPR = base.tagGPR();
-            GPRReg basePayloadGPR = base.payloadGPR();
-            GPRReg thisTagGPR = thisValue.tagGPR();
-            GPRReg thisPayloadGPR = thisValue.payloadGPR();
-            GPRReg resultTagGPR = resultTag.gpr();
-            GPRReg resultPayloadGPR = resultPayload.gpr();
-            
-            JITCompiler::JumpList notCellList;
-            notCellList.append(m_jit.branchIfNotCell(base.jsValueRegs()));
-            notCellList.append(m_jit.branchIfNotCell(thisValue.jsValueRegs()));
-            
-            cachedGetByIdWithThis(node->origin.semantic, baseTagGPR, basePayloadGPR, thisTagGPR, thisPayloadGPR, resultTagGPR, resultPayloadGPR, node->identifierNumber(), notCellList);
-            
-            jsValueResult(resultTagGPR, resultPayloadGPR, node, UseChildrenCalledExplicitly);
-        }
-        
+        JSValueOperand base(this, node->child1());
+        JSValueRegs baseRegs = base.jsValueRegs();
+        JSValueOperand thisValue(this, node->child2());
+        JSValueRegs thisRegs = thisValue.jsValueRegs();
+
+        GPRFlushedCallResult resultPayload(this);
+        GPRFlushedCallResult2 resultTag(this);
+        GPRReg resultPayloadGPR = resultPayload.gpr();
+        GPRReg resultTagGPR = resultTag.gpr();
+
+        flushRegisters();
+        callOperation(operationGetByIdWithThis, JSValueRegs(resultTagGPR, resultPayloadGPR), baseRegs, thisRegs, identifierUID(node->identifierNumber()));
+        m_jit.exceptionCheck();
+
+        jsValueResult(resultTagGPR, resultPayloadGPR, node);
         break;
     }
 
index 236c8c8..848fa4a 100644 (file)
@@ -188,34 +188,6 @@ void SpeculativeJIT::cachedGetById(CodeOrigin codeOrigin, GPRReg baseGPR, GPRReg
     addSlowPathGenerator(WTFMove(slowPath));
 }
 
-void SpeculativeJIT::cachedGetByIdWithThis(CodeOrigin codeOrigin, GPRReg baseGPR, GPRReg thisGPR, GPRReg resultGPR, unsigned identifierNumber, JITCompiler::JumpList slowPathTarget)
-{
-    CallSiteIndex callSite = m_jit.recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded(codeOrigin, m_stream->size());
-    RegisterSet usedRegisters = this->usedRegisters();
-    // We've already flushed registers to the stack, we don't need to spill these.
-    usedRegisters.set(baseGPR, false);
-    usedRegisters.set(thisGPR, false);
-    usedRegisters.set(resultGPR, false);
-    
-    JITGetByIdWithThisGenerator gen(
-        m_jit.codeBlock(), codeOrigin, callSite, usedRegisters, identifierUID(identifierNumber),
-        JSValueRegs(resultGPR), JSValueRegs(baseGPR), JSValueRegs(thisGPR), AccessType::GetWithThis);
-    gen.generateFastPath(m_jit);
-    
-    JITCompiler::JumpList slowCases;
-    if (!slowPathTarget.empty())
-        slowCases.append(slowPathTarget);
-    slowCases.append(gen.slowPathJump());
-    
-    auto slowPath = slowPathCall(
-        slowCases, this, operationGetByIdWithThisOptimize,
-        DontSpill, ExceptionCheckRequirement::CheckNeeded,
-        resultGPR, gen.stubInfo(), baseGPR, thisGPR, identifierUID(identifierNumber));
-    
-    m_jit.addGetByIdWithThis(gen, slowPath.get());
-    addSlowPathGenerator(WTFMove(slowPath));
-}
-
 void SpeculativeJIT::cachedPutById(CodeOrigin codeOrigin, GPRReg baseGPR, GPRReg valueGPR, GPRReg scratchGPR, unsigned identifierNumber, PutKind putKind, JITCompiler::Jump slowPathTarget, SpillRegistersMode spillMode)
 {
     CallSiteIndex callSite = m_jit.recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded(codeOrigin, m_stream->size());
@@ -4338,41 +4310,19 @@ void SpeculativeJIT::compile(Node* node)
     }
 
     case GetByIdWithThis: {
-        if (node->child1().useKind() == CellUse && node->child2().useKind() == CellUse) {
-            SpeculateCellOperand base(this, node->child1());
-            GPRReg baseGPR = base.gpr();
-            SpeculateCellOperand thisValue(this, node->child2());
-            GPRReg thisValueGPR = thisValue.gpr();
-            
-            GPRFlushedCallResult result(this);
-            GPRReg resultGPR = result.gpr();
-            
-            flushRegisters();
-            
-            cachedGetByIdWithThis(node->origin.semantic, baseGPR, thisValueGPR, resultGPR, node->identifierNumber(), JITCompiler::JumpList());
-            
-            jsValueResult(resultGPR, node);
-            
-        } else {
-            JSValueOperand base(this, node->child1());
-            GPRReg baseGPR = base.gpr();
-            JSValueOperand thisValue(this, node->child2());
-            GPRReg thisValueGPR = thisValue.gpr();
-            
-            GPRFlushedCallResult result(this);
-            GPRReg resultGPR = result.gpr();
-            
-            flushRegisters();
-            
-            JITCompiler::JumpList notCellList;
-            notCellList.append(m_jit.branchIfNotCell(JSValueRegs(baseGPR)));
-            notCellList.append(m_jit.branchIfNotCell(JSValueRegs(thisValueGPR)));
-            
-            cachedGetByIdWithThis(node->origin.semantic, baseGPR, thisValueGPR, resultGPR, node->identifierNumber(), notCellList);
-            
-            jsValueResult(resultGPR, node);
-        }
-        
+        JSValueOperand base(this, node->child1());
+        GPRReg baseGPR = base.gpr();
+        JSValueOperand thisValue(this, node->child2());
+        GPRReg thisValueGPR = thisValue.gpr();
+
+        GPRFlushedCallResult result(this);
+        GPRReg resultGPR = result.gpr();
+
+        flushRegisters();
+        callOperation(operationGetByIdWithThis, resultGPR, baseGPR, thisValueGPR, identifierUID(node->identifierNumber()));
+        m_jit.exceptionCheck();
+
+        jsValueResult(resultGPR, node);
         break;
     }
 
index 5aa8e5d..2e733e0 100644 (file)
@@ -2867,40 +2867,10 @@ private:
 
     void compileGetByIdWithThis()
     {
-        if (m_node->child1().useKind() == CellUse && m_node->child2().useKind() == CellUse)
-            setJSValue(getByIdWithThis(lowCell(m_node->child1()), lowCell(m_node->child2())));
-        else {
-            LValue base = lowJSValue(m_node->child1());
-            LValue thisValue = lowJSValue(m_node->child2());
-            
-            LBasicBlock baseCellCase = m_out.newBlock();
-            LBasicBlock notCellCase = m_out.newBlock();
-            LBasicBlock thisValueCellCase = m_out.newBlock();
-            LBasicBlock continuation = m_out.newBlock();
-            
-            m_out.branch(
-                isCell(base, provenType(m_node->child1())), unsure(baseCellCase), unsure(notCellCase));
-            
-            LBasicBlock lastNext = m_out.appendTo(baseCellCase, thisValueCellCase);
-            
-            m_out.branch(
-                isCell(thisValue, provenType(m_node->child2())), unsure(thisValueCellCase), unsure(notCellCase));
-            
-            m_out.appendTo(thisValueCellCase, notCellCase);
-            ValueFromBlock cellResult = m_out.anchor(getByIdWithThis(base, thisValue));
-            m_out.jump(continuation);
-
-            m_out.appendTo(notCellCase, continuation);
-            ValueFromBlock notCellResult = m_out.anchor(vmCall(
-                Int64, m_out.operation(operationGetByIdWithThis),
-                m_callFrame, base, thisValue,
-                m_out.constIntPtr(m_graph.identifiers()[m_node->identifierNumber()])));
-            m_out.jump(continuation);
-            
-            m_out.appendTo(continuation, lastNext);
-            setJSValue(m_out.phi(Int64, cellResult, notCellResult));
-        }
-        
+        LValue base = lowJSValue(m_node->child1());
+        LValue thisValue = lowJSValue(m_node->child2());
+        LValue result = vmCall(Int64, m_out.operation(operationGetByIdWithThis), m_callFrame, base, thisValue, m_out.constIntPtr(m_graph.identifiers()[m_node->identifierNumber()]));
+        setJSValue(result);
     }
 
     void compileGetByValWithThis()
@@ -8107,7 +8077,6 @@ private:
                         stubInfo->codeOrigin = node->origin.semantic;
                         stubInfo->patch.baseGPR = static_cast<int8_t>(baseGPR);
                         stubInfo->patch.valueGPR = static_cast<int8_t>(resultGPR);
-                        stubInfo->patch.thisGPR = static_cast<int8_t>(InvalidGPRReg);
                         stubInfo->patch.usedRegisters = params.unavailableRegisters();
 
                         CCallHelpers::PatchableJump jump = jit.patchableJump();
@@ -9791,74 +9760,6 @@ private:
 
         return patchpoint;
     }
-    
-    LValue getByIdWithThis(LValue base, LValue thisValue)
-    {
-        Node* node = m_node;
-        UniquedStringImpl* uid = m_graph.identifiers()[node->identifierNumber()];
-
-        B3::PatchpointValue* patchpoint = m_out.patchpoint(Int64);
-        patchpoint->appendSomeRegister(base);
-        patchpoint->appendSomeRegister(thisValue);
-        patchpoint->append(m_tagMask, ValueRep::lateReg(GPRInfo::tagMaskRegister));
-        patchpoint->append(m_tagTypeNumber, ValueRep::lateReg(GPRInfo::tagTypeNumberRegister));
-
-        patchpoint->clobber(RegisterSet::macroScratchRegisters());
-
-        RefPtr<PatchpointExceptionHandle> exceptionHandle =
-            preparePatchpointForExceptions(patchpoint);
-
-        State* state = &m_ftlState;
-        patchpoint->setGenerator(
-            [=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
-                AllowMacroScratchRegisterUsage allowScratch(jit);
-
-                CallSiteIndex callSiteIndex =
-                    state->jitCode->common.addUniqueCallSiteIndex(node->origin.semantic);
-
-                // This is the direct exit target for operation calls.
-                Box<CCallHelpers::JumpList> exceptions =
-                    exceptionHandle->scheduleExitCreation(params)->jumps(jit);
-
-                // This is the exit for call IC's created by the getById for getters. We don't have
-                // to do anything weird other than call this, since it will associate the exit with
-                // the callsite index.
-                exceptionHandle->scheduleExitCreationForUnwind(params, callSiteIndex);
-
-                auto generator = Box<JITGetByIdWithThisGenerator>::create(
-                    jit.codeBlock(), node->origin.semantic, callSiteIndex,
-                    params.unavailableRegisters(), uid, JSValueRegs(params[0].gpr()),
-                    JSValueRegs(params[1].gpr()), JSValueRegs(params[2].gpr()), AccessType::GetWithThis);
-
-                generator->generateFastPath(jit);
-                CCallHelpers::Label done = jit.label();
-
-                params.addLatePath(
-                    [=] (CCallHelpers& jit) {
-                        AllowMacroScratchRegisterUsage allowScratch(jit);
-
-                        J_JITOperation_ESsiJJI optimizationFunction = operationGetByIdWithThisOptimize;
-
-                        generator->slowPathJump().link(&jit);
-                        CCallHelpers::Label slowPathBegin = jit.label();
-                        CCallHelpers::Call slowPathCall = callOperation(
-                            *state, params.unavailableRegisters(), jit, node->origin.semantic,
-                            exceptions.get(), optimizationFunction, params[0].gpr(),
-                            CCallHelpers::TrustedImmPtr(generator->stubInfo()), params[1].gpr(),
-                            params[2].gpr(), CCallHelpers::TrustedImmPtr(uid)).call();
-                        jit.jump().linkTo(done, &jit);
-
-                        generator->reportSlowPathCall(slowPathBegin, slowPathCall);
-
-                        jit.addLinkTask(
-                            [=] (LinkBuffer& linkBuffer) {
-                                generator->finalize(linkBuffer);
-                            });
-                    });
-            });
-
-        return patchpoint;
-    }
 
     LValue isFastTypedArray(LValue object)
     {
index 6288f9e..7ee29b0 100644 (file)
@@ -724,18 +724,6 @@ public:
         addCallArgument(arg3);
         addCallArgument(arg4);
     }
-    
-    ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImmPtr arg1, GPRReg arg2, TrustedImm32 arg3, GPRReg arg4, TrustedImm32 arg5, TrustedImmPtr arg6)
-    {
-        resetCallArguments();
-        addCallArgument(GPRInfo::callFrameRegister);
-        addCallArgument(arg1);
-        addCallArgument(arg2);
-        addCallArgument(arg3);
-        addCallArgument(arg4);
-        addCallArgument(arg5);
-        addCallArgument(arg6);
-    }
 
     ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImm32 arg2, TrustedImmPtr arg3, GPRReg arg4)
     {
@@ -747,18 +735,6 @@ public:
         addCallArgument(arg4);
     }
 
-    ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImmPtr arg1, GPRReg arg2, TrustedImm32 arg3, GPRReg arg4, GPRReg arg5, TrustedImmPtr arg6)
-    {
-        resetCallArguments();
-        addCallArgument(GPRInfo::callFrameRegister);
-        addCallArgument(arg1);
-        addCallArgument(arg2);
-        addCallArgument(arg3);
-        addCallArgument(arg4);
-        addCallArgument(arg5);
-        addCallArgument(arg6);
-    }
-
     ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImmPtr arg2, GPRReg arg3, GPRReg arg4)
     {
         resetCallArguments();
@@ -1717,22 +1693,6 @@ public:
         poke(arg4, POKE_ARGUMENT_OFFSET);
         setupArgumentsWithExecState(arg1, arg2, arg3);
     }
-    
-    ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImmPtr arg1, GPRReg arg2, TrustedImm32 arg3, GPRReg arg4, GPRReg arg5, TrustedImmPtr arg6)
-    {
-        poke(arg6, POKE_ARGUMENT_OFFSET + 2);
-        poke(arg5, POKE_ARGUMENT_OFFSET + 1);
-        poke(arg4, POKE_ARGUMENT_OFFSET);
-        setupArgumentsWithExecState(arg1, arg2, arg3);
-    }
-    
-    ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImmPtr arg1, GPRReg arg2, TrustedImm32 arg3, GPRReg arg4, TrustedImm32 arg5, TrustedImmPtr arg6)
-    {
-        poke(arg6, POKE_ARGUMENT_OFFSET + 2);
-        poke(arg5, POKE_ARGUMENT_OFFSET + 1);
-        poke(arg4, POKE_ARGUMENT_OFFSET);
-        setupArgumentsWithExecState(arg1, arg2, arg3);
-    }
 
     ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImmPtr arg2, TrustedImm32 arg3, GPRReg arg4, GPRReg arg5)
     {
index e75cfdf..9499c91 100644 (file)
@@ -48,7 +48,6 @@ namespace JSC {
     macro(OperationGetByIdGeneric) \
     macro(OperationGetByIdBuildList) \
     macro(OperationGetByIdOptimize) \
-    macro(OperationGetByIdWithThisOptimize) \
     macro(OperationInOptimize) \
     macro(OperationIn) \
     macro(OperationGenericIn) \
index 0047de3..e74219b 100644 (file)
@@ -83,7 +83,6 @@ JIT::JIT(VM* vm, CodeBlock* codeBlock, unsigned loopOSREntryBytecodeOffset)
     , m_labels(codeBlock ? codeBlock->numberOfInstructions() : 0)
     , m_bytecodeOffset(std::numeric_limits<unsigned>::max())
     , m_getByIdIndex(UINT_MAX)
-    , m_getByIdWithThisIndex(UINT_MAX)
     , m_putByIdIndex(UINT_MAX)
     , m_byValInstructionIndex(UINT_MAX)
     , m_callLinkInfoIndex(UINT_MAX)
@@ -438,7 +437,6 @@ void JIT::privateCompileSlowCases()
     Instruction* instructionsBegin = m_codeBlock->instructions().begin();
 
     m_getByIdIndex = 0;
-    m_getByIdWithThisIndex = 0;
     m_putByIdIndex = 0;
     m_byValInstructionIndex = 0;
     m_callLinkInfoIndex = 0;
@@ -494,7 +492,6 @@ void JIT::privateCompileSlowCases()
         case op_get_by_id_proto_load:
         case op_get_by_id_unset:
         DEFINE_SLOWCASE_OP(op_get_by_id)
-        DEFINE_SLOWCASE_OP(op_get_by_id_with_this)
         DEFINE_SLOWCASE_OP(op_get_by_val)
         DEFINE_SLOWCASE_OP(op_instanceof)
         DEFINE_SLOWCASE_OP(op_instanceof_custom)
@@ -554,7 +551,6 @@ void JIT::privateCompileSlowCases()
     }
 
     RELEASE_ASSERT(m_getByIdIndex == m_getByIds.size());
-    RELEASE_ASSERT(m_getByIdWithThisIndex == m_getByIdsWithThis.size());
     RELEASE_ASSERT(m_putByIdIndex == m_putByIds.size());
     RELEASE_ASSERT(m_callLinkInfoIndex == m_callCompilationInfo.size());
     RELEASE_ASSERT(numberOfValueProfiles == m_codeBlock->numberOfValueProfiles());
@@ -777,8 +773,6 @@ CompilationResult JIT::link()
 
     for (unsigned i = m_getByIds.size(); i--;)
         m_getByIds[i].finalize(patchBuffer);
-    for (unsigned i = m_getByIdsWithThis.size(); i--;)
-        m_getByIdsWithThis[i].finalize(patchBuffer);
     for (unsigned i = m_putByIds.size(); i--;)
         m_putByIds[i].finalize(patchBuffer);
 
index aeb7f75..d8e74d4 100644 (file)
@@ -623,7 +623,6 @@ namespace JSC {
         void emitSlow_op_get_callee(Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_try_get_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_get_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_get_by_id_with_this(Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_get_arguments_length(Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_get_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_get_argument_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&);
@@ -760,11 +759,9 @@ namespace JSC {
 #if USE(JSVALUE64)
         MacroAssembler::Call callOperation(J_JITOperation_ESsiJI, int, StructureStubInfo*, GPRReg, UniquedStringImpl*);
         MacroAssembler::Call callOperation(WithProfileTag, J_JITOperation_ESsiJI, int, StructureStubInfo*, GPRReg, UniquedStringImpl*);
-        MacroAssembler::Call callOperation(WithProfileTag, J_JITOperation_ESsiJJI, int, StructureStubInfo*, GPRReg, GPRReg, UniquedStringImpl*);
 #else
         MacroAssembler::Call callOperation(J_JITOperation_ESsiJI, int, StructureStubInfo*, GPRReg, GPRReg, UniquedStringImpl*);
         MacroAssembler::Call callOperation(WithProfileTag, J_JITOperation_ESsiJI, int, StructureStubInfo*, GPRReg, GPRReg, UniquedStringImpl*);
-        MacroAssembler::Call callOperation(WithProfileTag, J_JITOperation_ESsiJJI, int, StructureStubInfo*, GPRReg, GPRReg, GPRReg, GPRReg, UniquedStringImpl*);
 #endif
         MacroAssembler::Call callOperation(J_JITOperation_EJI, int, GPRReg, UniquedStringImpl*);
         MacroAssembler::Call callOperation(J_JITOperation_EJJ, int, GPRReg, GPRReg);
@@ -935,7 +932,6 @@ namespace JSC {
         Vector<CallRecord> m_calls;
         Vector<Label> m_labels;
         Vector<JITGetByIdGenerator> m_getByIds;
-        Vector<JITGetByIdWithThisGenerator> m_getByIdsWithThis;
         Vector<JITPutByIdGenerator> m_putByIds;
         Vector<ByValCompilationInfo> m_byValCompilationInfo;
         Vector<CallCompilationInfo> m_callCompilationInfo;
@@ -950,7 +946,6 @@ namespace JSC {
         Label m_exceptionHandler;
 
         unsigned m_getByIdIndex;
-        unsigned m_getByIdWithThisIndex;
         unsigned m_putByIdIndex;
         unsigned m_byValInstructionIndex;
         unsigned m_callLinkInfoIndex;
index 9dd824d..0417939 100644 (file)
@@ -62,11 +62,9 @@ JITByIdGenerator::JITByIdGenerator(
     
     m_stubInfo->patch.baseGPR = static_cast<int8_t>(base.payloadGPR());
     m_stubInfo->patch.valueGPR = static_cast<int8_t>(value.payloadGPR());
-    m_stubInfo->patch.thisGPR = static_cast<int8_t>(InvalidGPRReg);
 #if USE(JSVALUE32_64)
     m_stubInfo->patch.baseTagGPR = static_cast<int8_t>(base.tagGPR());
     m_stubInfo->patch.valueTagGPR = static_cast<int8_t>(value.tagGPR());
-    m_stubInfo->patch.thisTagGPR = static_cast<int8_t>(InvalidGPRReg);
 #endif
 }
 
@@ -118,24 +116,6 @@ void JITGetByIdGenerator::generateFastPath(MacroAssembler& jit)
     generateFastCommon(jit, m_isLengthAccess ? InlineAccess::sizeForLengthAccess() : InlineAccess::sizeForPropertyAccess());
 }
 
-JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator(
-    CodeBlock* codeBlock, CodeOrigin codeOrigin, CallSiteIndex callSite, const RegisterSet& usedRegisters,
-    UniquedStringImpl*, JSValueRegs value, JSValueRegs base, JSValueRegs thisRegs, AccessType accessType)
-    : JITByIdGenerator(codeBlock, codeOrigin, callSite, accessType, usedRegisters, base, value)
-{
-    RELEASE_ASSERT(thisRegs.payloadGPR() != thisRegs.tagGPR());
-
-    m_stubInfo->patch.thisGPR = static_cast<int8_t>(thisRegs.payloadGPR());
-#if USE(JSVALUE32_64)
-    m_stubInfo->patch.thisTagGPR = static_cast<int8_t>(thisRegs.tagGPR());
-#endif
-}
-
-void JITGetByIdWithThisGenerator::generateFastPath(MacroAssembler& jit)
-{
-    generateFastCommon(jit, InlineAccess::sizeForPropertyAccess());
-}
-
 JITPutByIdGenerator::JITPutByIdGenerator(
     CodeBlock* codeBlock, CodeOrigin codeOrigin, CallSiteIndex callSite, const RegisterSet& usedRegisters,
     JSValueRegs base, JSValueRegs value, GPRReg scratch, 
index 6408ea0..469290d 100644 (file)
@@ -107,17 +107,6 @@ private:
     bool m_isLengthAccess;
 };
 
-class JITGetByIdWithThisGenerator : public JITByIdGenerator {
-public:
-    JITGetByIdWithThisGenerator() { }
-
-    JITGetByIdWithThisGenerator(
-        CodeBlock*, CodeOrigin, CallSiteIndex, const RegisterSet& usedRegisters, UniquedStringImpl* propertyName,
-        JSValueRegs value, JSValueRegs base, JSValueRegs thisRegs, AccessType);
-
-    void generateFastPath(MacroAssembler&);
-};
-
 class JITPutByIdGenerator : public JITByIdGenerator {
 public:
     JITPutByIdGenerator() { }
index 29c2360..5d2d688 100644 (file)
@@ -518,12 +518,6 @@ ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(JIT::WithProfileTag, J_JIT
     return appendCallWithExceptionCheckSetJSValueResultWithProfile(operation, dst);
 }
 
-ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(JIT::WithProfileTag, J_JITOperation_ESsiJJI operation, int dst, StructureStubInfo* stubInfo, GPRReg arg1, GPRReg arg2, UniquedStringImpl* uid)
-{
-    setupArgumentsWithExecState(TrustedImmPtr(stubInfo), arg1, arg2, TrustedImmPtr(uid));
-    return appendCallWithExceptionCheckSetJSValueResultWithProfile(operation, dst);
-}
-
 ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(JIT::WithProfileTag, J_JITOperation_EJJ operation, int dst, GPRReg arg1, GPRReg arg2)
 {
     setupArgumentsWithExecState(arg1, arg2);
@@ -710,12 +704,6 @@ ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EJI operati
     return appendCallWithExceptionCheckSetJSValueResult(operation, dst);
 }
 
-ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(JIT::WithProfileTag, J_JITOperation_ESsiJJI operation, int dst, StructureStubInfo* stubInfo, GPRReg arg1Tag, GPRReg arg1Payload, GPRReg arg2Tag, GPRReg arg2Payload, UniquedStringImpl* uid)
-{
-    setupArgumentsWithExecState(TrustedImmPtr(stubInfo), arg1Payload, arg1Tag, arg2Payload, arg2Tag, TrustedImmPtr(uid));
-    return appendCallWithExceptionCheckSetJSValueResultWithProfile(operation, dst);
-}
-
 ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EJJ operation, int dst, GPRReg arg1Tag, GPRReg arg1Payload, GPRReg arg2Tag, GPRReg arg2Payload)
 {
     setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag, arg2Payload, arg2Tag);
index d29a1c6..a1d4e73 100644 (file)
@@ -265,43 +265,6 @@ EncodedJSValue JIT_OPERATION operationGetByIdOptimize(ExecState* exec, Structure
     }));
 }
 
-EncodedJSValue JIT_OPERATION operationGetByIdWithThisGeneric(ExecState* exec, StructureStubInfo* stubInfo, EncodedJSValue base, EncodedJSValue thisEncoded, UniquedStringImpl* uid)
-{
-    SuperSamplerScope superSamplerScope(false);
-
-    VM* vm = &exec->vm();
-    NativeCallFrameTracer tracer(vm, exec);
-    Identifier ident = Identifier::fromUid(vm, uid);
-
-    stubInfo->tookSlowPath = true;
-
-    JSValue baseValue = JSValue::decode(base);
-    JSValue thisValue = JSValue::decode(thisEncoded);
-    PropertySlot slot(thisValue, PropertySlot::InternalMethodType::Get);
-
-    return JSValue::encode(baseValue.get(exec, ident, slot));
-}
-
-EncodedJSValue JIT_OPERATION operationGetByIdWithThisOptimize(ExecState* exec, StructureStubInfo* stubInfo, EncodedJSValue base, EncodedJSValue thisEncoded, UniquedStringImpl* uid)
-{
-    SuperSamplerScope superSamplerScope(false);
-    
-    VM* vm = &exec->vm();
-    NativeCallFrameTracer tracer(vm, exec);
-    Identifier ident = Identifier::fromUid(vm, uid);
-
-    JSValue baseValue = JSValue::decode(base);
-    JSValue thisValue = JSValue::decode(thisEncoded);
-    LOG_IC((ICEvent::OperationGetByIdWithThisOptimize, baseValue.classInfoOrNull(*vm), ident));
-
-    PropertySlot slot(thisValue, PropertySlot::InternalMethodType::Get);
-    return JSValue::encode(baseValue.getPropertySlot(exec, ident, slot, [&] (bool found, PropertySlot& slot) -> JSValue {
-        if (stubInfo->considerCaching(exec->codeBlock(), baseValue.structureOrNull()))
-            repatchGetByID(exec, baseValue, ident, slot, *stubInfo, GetByIDKind::WithThis);
-        return found ? slot.getValue(exec, ident) : jsUndefined();
-    }));
-}
-
 EncodedJSValue JIT_OPERATION operationInOptimize(ExecState* exec, StructureStubInfo* stubInfo, JSCell* base, UniquedStringImpl* key)
 {
     SuperSamplerScope superSamplerScope(false);
index 14e3d8d..d72ffbe 100644 (file)
@@ -170,7 +170,6 @@ typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EReoJss)(ExecState*, RegEx
 typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_ESS)(ExecState*, size_t, size_t);
 typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_ESsiCI)(ExecState*, StructureStubInfo*, JSCell*, UniquedStringImpl*);
 typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_ESsiJI)(ExecState*, StructureStubInfo*, EncodedJSValue, UniquedStringImpl*);
-typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_ESsiJJI)(ExecState*, StructureStubInfo*, EncodedJSValue, EncodedJSValue, UniquedStringImpl*);
 typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EZ)(ExecState*, int32_t);
 typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EZIcfZ)(ExecState*, int32_t, InlineCallFrame*, int32_t);
 typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EZZ)(ExecState*, int32_t, int32_t);
@@ -338,8 +337,6 @@ EncodedJSValue JIT_OPERATION operationTryGetByIdOptimize(ExecState*, StructureSt
 EncodedJSValue JIT_OPERATION operationGetById(ExecState*, StructureStubInfo*, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL;
 EncodedJSValue JIT_OPERATION operationGetByIdGeneric(ExecState*, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL;
 EncodedJSValue JIT_OPERATION operationGetByIdOptimize(ExecState*, StructureStubInfo*, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL;
-EncodedJSValue JIT_OPERATION operationGetByIdWithThisGeneric(ExecState*, StructureStubInfo*, EncodedJSValue, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL;
-EncodedJSValue JIT_OPERATION operationGetByIdWithThisOptimize(ExecState*, StructureStubInfo*, EncodedJSValue, EncodedJSValue, UniquedStringImpl*) WTF_INTERNAL;
 EncodedJSValue JIT_OPERATION operationInOptimize(ExecState*, StructureStubInfo*, JSCell*, UniquedStringImpl*) WTF_INTERNAL;
 EncodedJSValue JIT_OPERATION operationIn(ExecState*, StructureStubInfo*, JSCell*, UniquedStringImpl*) WTF_INTERNAL;
 EncodedJSValue JIT_OPERATION operationGenericIn(ExecState*, JSCell*, EncodedJSValue) WTF_INTERNAL;
index f5b8a40..bff5360 100644 (file)
@@ -632,25 +632,8 @@ void JIT::emit_op_get_by_id(Instruction* currentInstruction)
 
 void JIT::emit_op_get_by_id_with_this(Instruction* currentInstruction)
 {
-    int resultVReg = currentInstruction[1].u.operand;
-    int baseVReg = currentInstruction[2].u.operand;
-    int thisVReg = currentInstruction[3].u.operand;
-    const Identifier* ident = &(m_codeBlock->identifier(currentInstruction[4].u.operand));
-
-    emitGetVirtualRegister(baseVReg, regT0);
-    emitGetVirtualRegister(thisVReg, regT1);
-    emitJumpSlowCaseIfNotJSCell(regT0, baseVReg);
-    emitJumpSlowCaseIfNotJSCell(regT1, thisVReg);
-
-    JITGetByIdWithThisGenerator gen(
-        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(m_bytecodeOffset), RegisterSet::stubUnavailableRegisters(),
-        ident->impl(), JSValueRegs(regT0), JSValueRegs(regT0), JSValueRegs(regT1), AccessType::GetWithThis);
-    gen.generateFastPath(*this);
-    addSlowCase(gen.slowPathJump());
-    m_getByIdsWithThis.append(gen);
-
-    emitValueProfilingSite();
-    emitPutVirtualRegister(resultVReg);
+    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_get_by_id_with_this);
+    slowPathCall.call();
 }
 
 void JIT::emit_op_get_by_val_with_this(Instruction* currentInstruction)
@@ -677,26 +660,6 @@ void JIT::emitSlow_op_get_by_id(Instruction* currentInstruction, Vector<SlowCase
     gen.reportSlowPathCall(coldPathBegin, call);
 }
 
-void JIT::emitSlow_op_get_by_id_with_this(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
-    int resultVReg = currentInstruction[1].u.operand;
-    int baseVReg = currentInstruction[2].u.operand;
-    int thisVReg = currentInstruction[3].u.operand;
-    const Identifier* ident = &(m_codeBlock->identifier(currentInstruction[4].u.operand));
-
-    linkSlowCaseIfNotJSCell(iter, baseVReg);
-    linkSlowCaseIfNotJSCell(iter, thisVReg);
-    linkSlowCase(iter);
-
-    JITGetByIdWithThisGenerator& gen = m_getByIdsWithThis[m_getByIdWithThisIndex++];
-    
-    Label coldPathBegin = label();
-    
-    Call call = callOperation(WithProfile, operationGetByIdWithThisOptimize, resultVReg, gen.stubInfo(), regT0, regT1, ident->impl());
-
-    gen.reportSlowPathCall(coldPathBegin, call);
-}
-
 void JIT::emit_op_put_by_id(Instruction* currentInstruction)
 {
     int baseVReg = currentInstruction[1].u.operand;
index c632a95..bc34b30 100644 (file)
@@ -663,49 +663,6 @@ void JIT::emitSlow_op_get_by_id(Instruction* currentInstruction, Vector<SlowCase
     gen.reportSlowPathCall(coldPathBegin, call);
 }
 
-void JIT::emit_op_get_by_id_with_this(Instruction* currentInstruction)
-{
-    int dst = currentInstruction[1].u.operand;
-    int base = currentInstruction[2].u.operand;
-    int thisVReg = currentInstruction[3].u.operand;
-    const Identifier* ident = &(m_codeBlock->identifier(currentInstruction[4].u.operand));
-    
-    emitLoad(base, regT1, regT0);
-    emitLoad(thisVReg, regT4, regT3);
-    emitJumpSlowCaseIfNotJSCell(base, regT1);
-    emitJumpSlowCaseIfNotJSCell(thisVReg, regT4);
-
-    JITGetByIdWithThisGenerator gen(
-        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(currentInstruction), RegisterSet::stubUnavailableRegisters(),
-        ident->impl(), JSValueRegs(regT1, regT0), JSValueRegs::payloadOnly(regT0), JSValueRegs(regT4, regT3), AccessType::GetWithThis);
-    gen.generateFastPath(*this);
-    addSlowCase(gen.slowPathJump());
-    m_getByIdsWithThis.append(gen);
-
-    emitValueProfilingSite();
-    emitStore(dst, regT1, regT0);
-}
-
-void JIT::emitSlow_op_get_by_id_with_this(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
-    int resultVReg = currentInstruction[1].u.operand;
-    int baseVReg = currentInstruction[2].u.operand;
-    int thisVReg = currentInstruction[3].u.operand;
-    const Identifier* ident = &(m_codeBlock->identifier(currentInstruction[4].u.operand));
-
-    linkSlowCaseIfNotJSCell(iter, baseVReg);
-    linkSlowCaseIfNotJSCell(iter, thisVReg);
-    linkSlowCase(iter);
-
-    JITGetByIdWithThisGenerator& gen = m_getByIdsWithThis[m_getByIdWithThisIndex++];
-    
-    Label coldPathBegin = label();
-    
-    Call call = callOperation(WithProfile, operationGetByIdWithThisOptimize, resultVReg, gen.stubInfo(), regT1, regT0, regT4, regT3, ident->impl());
-    
-    gen.reportSlowPathCall(coldPathBegin, call);
-}
-
 void JIT::emit_op_put_by_id(Instruction* currentInstruction)
 {
     // In order to be able to patch both the Structure, and the object offset, we store one pointer,
@@ -1209,6 +1166,12 @@ void JIT::emit_op_put_to_arguments(Instruction* currentInstruction)
     store32(regT2, Address(regT0, DirectArguments::storageOffset() + index * sizeof(WriteBarrier<Unknown>) + PayloadOffset));
 }
 
+void JIT::emit_op_get_by_id_with_this(Instruction* currentInstruction)
+{
+    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_get_by_id_with_this);
+    slowPathCall.call();
+}
+
 void JIT::emit_op_get_by_val_with_this(Instruction* currentInstruction)
 {
     JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_get_by_val_with_this);
index 5601b65..ef85963 100644 (file)
@@ -139,21 +139,17 @@ static bool forceICFailure(ExecState*)
 #endif
 }
 
-inline FunctionPtr appropriateOptimizingGetByIdFunction(GetByIDKind kind)
+inline J_JITOperation_ESsiJI appropriateOptimizingGetByIdFunction(GetByIDKind kind)
 {
     if (kind == GetByIDKind::Normal)
         return operationGetByIdOptimize;
-    else if (kind == GetByIDKind::WithThis)
-        return operationGetByIdWithThisOptimize;
     return operationTryGetByIdOptimize;
 }
 
-inline FunctionPtr appropriateGenericGetByIdFunction(GetByIDKind kind)
+inline J_JITOperation_ESsiJI appropriateGenericGetByIdFunction(GetByIDKind kind)
 {
     if (kind == GetByIDKind::Normal)
         return operationGetById;
-    else if (kind == GetByIDKind::WithThis)
-        return operationGetByIdWithThisGeneric;
     return operationTryGetById;
 }
 
@@ -308,10 +304,6 @@ static InlineCacheAction tryCacheGetByID(ExecState* exec, JSValue baseValue, con
                 else
                     type = AccessCase::CustomValueGetter;
 
-                // we don't emit IC for DOMJIT when op is get_by_id_with_this
-                if (Options::useDOMJIT() && kind == GetByIDKind::WithThis && type == AccessCase::CustomAccessorGetter && domJIT)
-                    return GiveUpOnCache;
-
                 newCase = GetterSetterAccessCase::create(
                     vm, codeBlock, type, offset, structure, conditionSet, loadTargetFromProxy,
                     slot.watchpointSet(), slot.isCacheableCustom() ? slot.customGetter() : nullptr,
index c61b658..52a060c 100644 (file)
@@ -36,8 +36,7 @@ namespace JSC {
 
 enum class GetByIDKind {
     Normal,
-    Try,
-    WithThis
+    Try
 };
 
 void repatchGetByID(ExecState*, JSValue, const Identifier&, const PropertySlot&, StructureStubInfo&, GetByIDKind);
index 0ad7224..aedf42e 100644 (file)
@@ -369,12 +369,6 @@ public:
             slot.setCacheableCustom(thisObject, DontDelete | ReadOnly | DontEnum, thisObject->customGetter);
             return true;
         }
-        
-        if (propertyName == PropertyName(Identifier::fromString(exec, "customGetterAccessor"))) {
-            slot.setCacheableCustom(thisObject, DontDelete | ReadOnly | DontEnum | CustomAccessor, thisObject->customGetterAcessor);
-            return true;
-        }
-        
         return JSObject::getOwnPropertySlot(thisObject, exec, propertyName, slot);
     }
 
@@ -392,20 +386,6 @@ private:
             return throwVMTypeError(exec, scope);
         return JSValue::encode(jsNumber(100));
     }
-    
-    static EncodedJSValue customGetterAcessor(ExecState* exec, EncodedJSValue thisValue, PropertyName)
-    {
-        VM& vm = exec->vm();
-        auto scope = DECLARE_THROW_SCOPE(vm);
-        
-        JSObject* thisObject = jsDynamicCast<JSObject*>(vm, JSValue::decode(thisValue));
-        if (!thisObject)
-            return throwVMTypeError(exec, scope);
-        bool shouldThrow = thisObject->get(exec, PropertyName(Identifier::fromString(exec, "shouldThrow"))).toBoolean(exec);
-        if (shouldThrow)
-            return throwVMTypeError(exec, scope);
-        return JSValue::encode(jsNumber(100));
-    }
 };
 
 class RuntimeArray : public JSArray {