Unreviewed, rolling out r202627.
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 29 Jun 2016 18:25:40 +0000 (18:25 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 29 Jun 2016 18:25:40 +0000 (18:25 +0000)
https://bugs.webkit.org/show_bug.cgi?id=159266

patch is broken on arm (Requested by keith_miller on #webkit).

Reverted changeset:

"LLInt should support other types of prototype GetById
caching."
https://bugs.webkit.org/show_bug.cgi?id=158083
http://trac.webkit.org/changeset/202627

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@202633 268f45cc-cd09-0410-ab3c-d52691b4dbfc

17 files changed:
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/BytecodeList.json
Source/JavaScriptCore/bytecode/BytecodeUseDef.h
Source/JavaScriptCore/bytecode/CodeBlock.cpp
Source/JavaScriptCore/bytecode/GetByIdStatus.cpp
Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
Source/JavaScriptCore/dfg/DFGCapabilities.cpp
Source/JavaScriptCore/jit/JIT.cpp
Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
Source/JavaScriptCore/llint/LLIntSlowPaths.h
Source/JavaScriptCore/llint/LowLevelInterpreter.asm
Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
Source/JavaScriptCore/runtime/Identifier.h
Source/JavaScriptCore/tests/stress/llint-get-by-id-proto-accessor.js [deleted file]
Source/JavaScriptCore/tests/stress/llint-get-by-id-proto-custom.js [deleted file]

index 3a3f023..077dda4 100644 (file)
@@ -1,3 +1,17 @@
+2016-06-29  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r202627.
+        https://bugs.webkit.org/show_bug.cgi?id=159266
+
+        patch is broken on arm (Requested by keith_miller on #webkit).
+
+        Reverted changeset:
+
+        "LLInt should support other types of prototype GetById
+        caching."
+        https://bugs.webkit.org/show_bug.cgi?id=158083
+        http://trac.webkit.org/changeset/202627
+
 2016-06-29  Benjamin Poulain  <bpoulain@apple.com>
 
         [JSC] Fix small issues of TypedArray prototype
index e5022e8..345819b 100644 (file)
@@ -64,8 +64,6 @@
             { "name" : "op_get_by_id", "length" : 9  },
             { "name" : "op_get_by_id_proto_load", "length" : 9 },
             { "name" : "op_get_by_id_unset", "length" : 9 },
-            { "name" : "op_get_by_id_proto_accessor", "length" : 9 },
-            { "name" : "op_get_by_id_proto_custom", "length" : 9 },
             { "name" : "op_get_by_id_with_this", "length" : 5 },
             { "name" : "op_get_by_val_with_this", "length" : 5 },
             { "name" : "op_try_get_by_id", "length" : 4 },
index ac23458..64ea57b 100644 (file)
@@ -164,8 +164,6 @@ void computeUsesForBytecodeOffset(
     case op_get_by_id:
     case op_get_by_id_proto_load:
     case op_get_by_id_unset:
-    case op_get_by_id_proto_accessor:
-    case op_get_by_id_proto_custom:
     case op_get_array_length:
     case op_typeof:
     case op_is_empty:
@@ -405,8 +403,6 @@ void computeDefsForBytecodeOffset(CodeBlock* codeBlock, BytecodeBasicBlock* bloc
     case op_get_by_id:
     case op_get_by_id_proto_load:
     case op_get_by_id_unset:
-    case op_get_by_id_proto_accessor:
-    case op_get_by_id_proto_custom:
     case op_get_by_id_with_this:
     case op_get_by_val_with_this:
     case op_get_array_length:
index 7d4637b..6d5b546 100644 (file)
@@ -354,12 +354,6 @@ void CodeBlock::printGetByIdOp(PrintStream& out, ExecState* exec, int location,
     case op_get_by_id_unset:
         op = "get_by_id_unset";
         break;
-    case op_get_by_id_proto_accessor:
-        op = "op_get_by_id_proto_accessor";
-        break;
-    case op_get_by_id_proto_custom:
-        op = "op_get_by_id_proto_custom";
-        break;
     case op_get_array_length:
         op = "array_length";
         break;
@@ -1143,8 +1137,6 @@ void CodeBlock::dumpBytecode(
         case op_get_by_id:
         case op_get_by_id_proto_load:
         case op_get_by_id_unset:
-        case op_get_by_id_proto_accessor:
-        case op_get_by_id_proto_custom:
         case op_get_array_length: {
             printGetByIdOp(out, exec, location, it);
             printGetByIdCacheStatus(out, exec, location, stubInfos);
@@ -2804,9 +2796,7 @@ void CodeBlock::finalizeLLIntInlineCaches()
         switch (interpreter->getOpcodeID(curInstruction[0].u.opcode)) {
         case op_get_by_id:
         case op_get_by_id_proto_load:
-        case op_get_by_id_unset:
-        case op_get_by_id_proto_accessor:
-        case op_get_by_id_proto_custom: {
+        case op_get_by_id_unset: {
             StructureID oldStructureID = curInstruction[4].u.structureID;
             if (!oldStructureID || Heap::isMarked(m_vm->heap.structureIDTable().get(oldStructureID)))
                 break;
index 5f3c748..15b3c81 100644 (file)
@@ -78,7 +78,7 @@ GetByIdStatus GetByIdStatus::computeFromLLInt(CodeBlock* profiledBlock, unsigned
 
     Opcode opcode = instruction[0].u.opcode;
 
-    ASSERT(opcode == LLInt::getOpcode(op_get_array_length) || opcode == LLInt::getOpcode(op_try_get_by_id) || opcode == LLInt::getOpcode(op_get_by_id_proto_load) || opcode == LLInt::getOpcode(op_get_by_id) || opcode == LLInt::getOpcode(op_get_by_id_unset) || opcode == LLInt::getOpcode(op_get_by_id_proto_accessor) || opcode == LLInt::getOpcode(op_get_by_id_proto_custom));
+    ASSERT(opcode == LLInt::getOpcode(op_get_array_length) || opcode == LLInt::getOpcode(op_try_get_by_id) || opcode == LLInt::getOpcode(op_get_by_id_proto_load) || opcode == LLInt::getOpcode(op_get_by_id) || opcode == LLInt::getOpcode(op_get_by_id_unset));
 
     // FIXME: We should not just bail if we see a try_get_by_id or a get_by_id_proto_load.\ e
     // https://bugs.webkit.org/show_bug.cgi?id=158039
index 696812e..91fdca4 100644 (file)
@@ -107,7 +107,6 @@ struct UnlinkedInstruction {
 };
 
 class UnlinkedCodeBlock : public JSCell {
-    friend class LLIntOffsetsExtractor;
 public:
     typedef JSCell Base;
     static const unsigned StructureFlags = Base::StructureFlags;
index ec04626..bcdbfd8 100644 (file)
@@ -4145,8 +4145,6 @@ bool ByteCodeParser::parseBlock(unsigned limit)
         case op_get_by_id:
         case op_get_by_id_proto_load:
         case op_get_by_id_unset:
-        case op_get_by_id_proto_accessor:
-        case op_get_by_id_proto_custom:
         case op_get_array_length: {
             SpeculatedType prediction = getPrediction();
             
index 52cdeab..1a23482 100644 (file)
@@ -158,8 +158,6 @@ CapabilityLevel capabilityLevel(OpcodeID opcodeID, CodeBlock* codeBlock, Instruc
     case op_get_by_id:
     case op_get_by_id_proto_load:
     case op_get_by_id_unset:
-    case op_get_by_id_proto_accessor:
-    case op_get_by_id_proto_custom:
     case op_get_by_id_with_this:
     case op_get_by_val_with_this:
     case op_get_array_length:
index a80e710..546e2ae 100644 (file)
@@ -250,8 +250,6 @@ void JIT::privateCompileMainPass()
         case op_get_array_length:
         case op_get_by_id_proto_load:
         case op_get_by_id_unset:
-        case op_get_by_id_proto_accessor:
-        case op_get_by_id_proto_custom:
         DEFINE_OP(op_get_by_id)
         DEFINE_OP(op_get_by_id_with_this)
         DEFINE_OP(op_get_by_val)
@@ -437,8 +435,6 @@ void JIT::privateCompileSlowCases()
         case op_get_array_length:
         case op_get_by_id_proto_load:
         case op_get_by_id_unset:
-        case op_get_by_id_proto_accessor:
-        case op_get_by_id_proto_custom:
         DEFINE_SLOWCASE_OP(op_get_by_id)
         DEFINE_SLOWCASE_OP(op_get_by_val)
         DEFINE_SLOWCASE_OP(op_instanceof)
index dbfb8ad..130f4e8 100644 (file)
@@ -598,8 +598,6 @@ static void setupGetByIdPrototypeCache(ExecState* exec, VM& vm, Instruction* pc,
     ObjectPropertyConditionSet conditions;
     if (slot.isUnset())
         conditions = generateConditionsForPropertyMiss(vm, codeBlock, exec, structure, ident.impl());
-    else if (slot.isCustom())
-        conditions = generateConditionsForPrototypePropertyHitCustom(vm, codeBlock, exec, structure, slot.slotBase(), ident.impl());
     else
         conditions = generateConditionsForPrototypePropertyHit(vm, codeBlock, exec, structure, slot.slotBase(), ident.impl());
 
@@ -616,7 +614,7 @@ static void setupGetByIdPrototypeCache(ExecState* exec, VM& vm, Instruction* pc,
             offset = condition.condition().offset();
         result.iterator->value.add(condition, pc)->install();
     }
-    ASSERT((offset == invalidOffset) == (slot.isUnset() || slot.isCustom()));
+    ASSERT((offset == invalidOffset) == slot.isUnset());
 
     ConcurrentJITLocker locker(codeBlock->m_lock);
 
@@ -624,20 +622,10 @@ static void setupGetByIdPrototypeCache(ExecState* exec, VM& vm, Instruction* pc,
         pc[0].u.opcode = LLInt::getOpcode(op_get_by_id_unset);
         pc[4].u.structureID = structure->id();
         return;
-    } else if (slot.isCustom()) {
-        pc[0].u.opcode = LLInt::getOpcode(op_get_by_id_proto_custom);
-        pc[4].u.structureID = structure->id();
-        pc[5].u.getterFunc = slot.customGetter();
-        pc[6].u.pointer = slot.attributes() & CustomAccessor ? 0 : slot.slotBase();
-        return;
     }
-    ASSERT(slot.isValue() || slot.isAccessor());
-
-    if (slot.isAccessor())
-        pc[0].u.opcode = LLInt::getOpcode(op_get_by_id_proto_accessor);
-    else
-        pc[0].u.opcode = LLInt::getOpcode(op_get_by_id_proto_load);
+    ASSERT(slot.isValue());
 
+    pc[0].u.opcode = LLInt::getOpcode(op_get_by_id_proto_load);
     pc[4].u.structureID = structure->id();
     pc[5].u.operand = offset;
     // We know that this pointer will remain valid because it will be cleared by either a watchpoint fire or
@@ -678,12 +666,10 @@ LLINT_SLOW_PATH_DECL(slow_path_get_by_id)
                 
                 ConcurrentJITLocker locker(codeBlock->m_lock);
 
-                if (slot.isValue()) {
-                    pc[4].u.structureID = structure->id();
-                    pc[5].u.operand = slot.cachedOffset();
-                }
+                pc[4].u.structureID = structure->id();
+                pc[5].u.operand = slot.cachedOffset();
             }
-        } else if (UNLIKELY(pc[7].u.operand && (slot.isValue() || slot.isUnset() || ((slot.isAccessor() || slot.isCustom()) && (slot.slotBase() != baseValue))))) {
+        } else if (UNLIKELY(pc[7].u.operand && (slot.isValue() || slot.isUnset()))) {
             ASSERT(slot.slotBase() != baseValue);
 
             if (!(--pc[7].u.operand))
@@ -705,19 +691,6 @@ LLINT_SLOW_PATH_DECL(slow_path_get_by_id)
     LLINT_END();
 }
 
-LLINT_SLOW_PATH_DECL(slow_path_get_proto_accessor)
-{
-    LLINT_BEGIN();
-    JSValue baseValue = LLINT_OP_C(2).jsValue();
-    PropertyOffset offset = pc[5].u.operand;
-    JSObject* slotBase = jsCast<JSObject*>(pc[6].u.jsCell.get());
-    JSValue getterSetter = slotBase->getDirect(offset);
-
-    JSValue result = callGetter(exec, baseValue, getterSetter);
-
-    LLINT_RETURN_PROFILED(op_get_by_id, result);
-}
-
 LLINT_SLOW_PATH_DECL(slow_path_get_arguments_length)
 {
     LLINT_BEGIN();
index c47f4c8..eeffe17 100644 (file)
@@ -73,7 +73,6 @@ LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_instanceof);
 LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_instanceof_custom);
 LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_try_get_by_id);
 LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_get_by_id);
-LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_get_proto_accessor);
 LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_get_arguments_length);
 LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_put_by_id);
 LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_del_by_id);
index 41ee945..dfa6fd5 100644 (file)
@@ -423,16 +423,6 @@ macro assert(assertion)
     end
 end
 
-macro loadIdentifier(index, dest)
-    loadp CodeBlock[cfr], t1
-    loadp CodeBlock::m_unlinkedCode[t1], t2
-    loadp UnlinkedCodeBlock::m_identifiers[t2], t1
-    move index, t2
-    mulp sizeof Identifier, t2
-    addp t2, t1
-    loadp Identifier::m_string[t1], dest
-end
-
 macro checkStackPointerAlignment(tempReg, location)
     if ARM64 or C_LOOP or SH4
         # ARM64 will check for us!
index 51a0945..0622dc6 100644 (file)
@@ -1423,66 +1423,6 @@ _llint_op_get_by_id_unset:
     dispatch(9)
 
 
-_llint_op_get_by_id_proto_accessor:
-    traceExecution()
-    loadi 8[PC], t0
-    loadi 16[PC], t1
-    loadConstantOrVariablePayload(t0, CellTag, t3, .opGetByIdProtoAcessorSlow)
-    bineq JSCell::m_structureID[t3], t1, .opGetByIdProtoAcessorSlow
-    callSlowPath(_llint_slow_path_get_proto_accessor)
-    dispatch(9)
-
-.opGetByIdProtoAcessorSlow:
-    callSlowPath(_llint_slow_path_get_by_id)
-    dispatch(9)
-
-macro loadEncodedThisValue(baseValue, dest)
-   loadp 24[PC], dest
-   bineq 0, dest, .loadEncodedThisValueDone
-   move baseValue, dest
-   .loadEncodedThisValueDone:
-end
-
-_llint_op_get_by_id_proto_custom:
-    traceExecution()
-    loadi 8[PC], t0
-    loadi 16[PC], t1
-    loadConstantOrVariablePayload(t0, CellTag, t3, .opGetByIdProtoCustomSlow)
-    bineq JSCell::m_structureID[t3], t1, .opGetByIdProtoCustomSlow
-    # Setting the topCallFrame
-    loadp Callee[cfr], t0
-    andp MarkedBlockMask, t0, t1
-    loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t1], t1
-    storep cfr, VM::topCallFrame[t1]
-    loadi 12[PC], t0
-    loadIdentifier(t0, t2)
-    loadEncodedThisValue(t3, t1)
-    loadp 20[PC], t0
-    # Inlining the GetValueFunc call
-    push t1 # Load arg3 JSObject *
-    push t2 # Load arg2 PropertyName
-    move CellTag, t3
-    if BIG_ENDIAN
-        push t1 # Load arg1 Payload of EncodedJSValue
-        push t3 # Load arg1 Tag of EncodedJSValue
-    else
-        push t3 # Load arg1 Tag of EncodedJSValue
-        push t1 # Load arg1 Payload of EncodedJSValue
-    end
-    push cfr # Loading exec
-    call t0
-    addp 20, sp
-    loadi 4[PC], t2
-    storei r1, TagOffset[cfr, t2, 8]
-    storei r0, PayloadOffset[cfr, t2, 8]
-    valueProfile(r0, r1, 32, t2)
-    dispatch(9)
-
-.opGetByIdProtoCustomSlow:
-    callSlowPath(_llint_slow_path_get_by_id)
-    dispatch(9)
-
-
 _llint_op_get_array_length:
     traceExecution()
     loadi 8[PC], t0
index 6c3e47f..0495e27 100644 (file)
@@ -1294,63 +1294,6 @@ _llint_op_get_by_id_unset:
     dispatch(9)
 
 
-_llint_op_get_by_id_proto_accessor:
-    traceExecution()
-    loadisFromInstruction(2, t0)
-    loadConstantOrVariableCell(t0, t3, .opGetByIdProtoAcessorSlow)
-    loadi JSCell::m_structureID[t3], t1
-    loadisFromInstruction(4, t2)
-    bineq t2, t1, .opGetByIdProtoAcessorSlow
-    callSlowPath(_llint_slow_path_get_proto_accessor)
-    dispatch(9)
-
-.opGetByIdProtoAcessorSlow:
-    callSlowPath(_llint_slow_path_get_by_id)
-    dispatch(9)
-
-
-macro loadEncodedThisValue(baseValue, dest)
-   loadpFromInstruction(6, dest)
-   bineq 0, dest, .loadEncodedThisValueDone
-   move baseValue, dest
-   .loadEncodedThisValueDone:
-end
-
-_llint_op_get_by_id_proto_custom:
-    traceExecution()
-    loadisFromInstruction(2, t0)
-    loadConstantOrVariableCell(t0, t3, .opGetByIdProtoCustomSlow)
-    loadi JSCell::m_structureID[t3], t1
-    loadisFromInstruction(4, t2)
-    bineq t2, t1, .opGetByIdProtoCustomSlow
-    # Setting the topCallFrame
-    loadp Callee[cfr], t0
-    andp MarkedBlockMask, t0, t1
-    loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t1], t1
-    storep cfr, VM::topCallFrame[t1]
-    push PC
-    push PB
-    loadpFromInstruction(3, t0)
-    loadIdentifier(t0, a2)
-    loadEncodedThisValue(t3, a1)
-    loadpFromInstruction(5, t0)
-    prepareStateForCCall()
-    move cfr, a0
-    move a1, a3
-    cCall4(t0)
-    restoreStateAfterCCall()
-    pop PB
-    pop PC
-    loadisFromInstruction(1, t2)
-    storeq r0, [cfr, t2, 8]
-    valueProfile(r0, 8, t1)
-    dispatch(9)
-
-.opGetByIdProtoCustomSlow:
-    callSlowPath(_llint_slow_path_get_by_id)
-    dispatch(9)
-
-
 _llint_op_get_array_length:
     traceExecution()
     loadisFromInstruction(2, t0)
index 79c5d90..4fb1a2f 100644 (file)
@@ -87,7 +87,6 @@ ALWAYS_INLINE Optional<uint32_t> parseIndex(StringImpl& impl)
 
 class Identifier {
     friend class Structure;
-    friend class LLIntOffsetsExtractor;
 public:
     Identifier() { }
     enum EmptyIdentifierFlag { EmptyIdentifier };
diff --git a/Source/JavaScriptCore/tests/stress/llint-get-by-id-proto-accessor.js b/Source/JavaScriptCore/tests/stress/llint-get-by-id-proto-accessor.js
deleted file mode 100644 (file)
index 594c704..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
-foo = {};
-var expected = 6;
-Object.defineProperty(Object.prototype, "bar", { get: () => { return 2 * 3; } });
-
-function test() {
-    if (foo.bar != expected) {
-        throw new Error();
-    }
-}
-
-for (var i = 0; i < 10; i++) {
-    if (i == 9) {
-        foo = {bar: 7};
-        expected = 7;
-    }
-    test();
-}
-
diff --git a/Source/JavaScriptCore/tests/stress/llint-get-by-id-proto-custom.js b/Source/JavaScriptCore/tests/stress/llint-get-by-id-proto-custom.js
deleted file mode 100644 (file)
index 858924c..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-var v = Object.create(createCustomGetterObject());
-var expected = v.customGetter;
-
-for (var i = 0; i < 10; i++) {
-    if (i == 9) {
-        v = {customGetter: 10};
-        expected = 10;
-    }
-    if (v.customGetter != expected) {
-        throw Error("");
-    }
-}
-