[apple/javascriptcore.git] / ftl / FTLOperations.cpp

/*
 * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
 */

#include "config.h"
#include "FTLOperations.h"

#if ENABLE(FTL_JIT)

#include "ClonedArguments.h"
#include "DirectArguments.h"
#include "JSCInlines.h"
#include "JSLexicalEnvironment.h"

namespace JSC { namespace FTL {

using namespace JSC::DFG;

extern "C" JSCell* JIT_OPERATION operationNewObjectWithButterfly(ExecState* exec, Structure* structure)
{
    VM& vm = exec->vm();
    NativeCallFrameTracer tracer(&vm, exec);
    
    Butterfly* butterfly = Butterfly::create(
        vm, nullptr, 0, structure->outOfLineCapacity(), false, IndexingHeader(), 0);
    
    return JSFinalObject::create(exec, structure, butterfly);
}

extern "C" JSCell* JIT_OPERATION operationMaterializeObjectInOSR(
    ExecState* exec, ExitTimeObjectMaterialization* materialization, EncodedJSValue* values)
{
    VM& vm = exec->vm();
    CodeBlock* codeBlock = exec->codeBlock();

    // We cannot GC. We've got pointers in evil places.
    DeferGCForAWhile deferGC(vm.heap);
    
    switch (materialization->type()) {
    case PhantomNewObject: {
        // First figure out what the structure is.
        Structure* structure = nullptr;
        for (unsigned i = materialization->properties().size(); i--;) {
            const ExitPropertyValue& property = materialization->properties()[i];
            if (property.location() != PromotedLocationDescriptor(StructurePLoc))
                continue;
        
            structure = jsCast<Structure*>(JSValue::decode(values[i]));
            break;
        }
        RELEASE_ASSERT(structure);
    
        // Let's create that object!
        JSFinalObject* result = JSFinalObject::create(vm, structure);
    
        // Now figure out what the heck to populate the object with. Use getPropertiesConcurrently()
        // because that happens to be lower-level and more convenient. It doesn't change the
        // materialization of the property table. We want to have minimal visible effects on the
        // system. Also, don't mind that this is O(n^2). It doesn't matter. We only get here from OSR
        // exit.
        for (PropertyMapEntry entry : structure->getPropertiesConcurrently()) {
            for (unsigned i = materialization->properties().size(); i--;) {
                const ExitPropertyValue& property = materialization->properties()[i];
                if (property.location().kind() != NamedPropertyPLoc)
                    continue;
                if (codeBlock->identifier(property.location().info()).impl() != entry.key)
                    continue;
            
                result->putDirect(vm, entry.offset, JSValue::decode(values[i]));
            }
        }
    
        return result;
    }

    case PhantomNewFunction: {
        // Figure out what the executable and activation are
        FunctionExecutable* executable = nullptr;
        JSScope* activation = nullptr;
        for (unsigned i = materialization->properties().size(); i--;) {
            const ExitPropertyValue& property = materialization->properties()[i];
            if (property.location() == PromotedLocationDescriptor(FunctionExecutablePLoc))
                executable = jsCast<FunctionExecutable*>(JSValue::decode(values[i]));
            if (property.location() == PromotedLocationDescriptor(FunctionActivationPLoc))
                activation = jsCast<JSScope*>(JSValue::decode(values[i]));
        }
        RELEASE_ASSERT(executable && activation);

        JSFunction* result = JSFunction::createWithInvalidatedReallocationWatchpoint(vm, executable, activation);

        return result;
    }

    case PhantomCreateActivation: {
        // Figure out where the scope is
        JSScope* scope = nullptr;
        SymbolTable* table = nullptr;
        for (unsigned i = materialization->properties().size(); i--;) {
            const ExitPropertyValue& property = materialization->properties()[i];
            if (property.location() == PromotedLocationDescriptor(ActivationScopePLoc))
                scope = jsCast<JSScope*>(JSValue::decode(values[i]));
            else if (property.location() == PromotedLocationDescriptor(ActivationSymbolTablePLoc))
                table = jsCast<SymbolTable*>(JSValue::decode(values[i]));
        }
        RELEASE_ASSERT(scope);
        RELEASE_ASSERT(table);

        CodeBlock* codeBlock = baselineCodeBlockForOriginAndBaselineCodeBlock(
            materialization->origin(), exec->codeBlock());
        Structure* structure = codeBlock->globalObject()->activationStructure();

        JSLexicalEnvironment* result = JSLexicalEnvironment::create(vm, structure, scope, table);

        RELEASE_ASSERT(materialization->properties().size() - 2 == table->scopeSize());
        // Figure out what to populate the activation with
        for (unsigned i = materialization->properties().size(); i--;) {
            const ExitPropertyValue& property = materialization->properties()[i];
            if (property.location().kind() != ClosureVarPLoc)
                continue;

            result->variableAt(ScopeOffset(property.location().info())).set(exec->vm(), result, JSValue::decode(values[i]));
        }

        if (validationEnabled()) {
            // Validate to make sure every slot in the scope has one value.
            ConcurrentJITLocker locker(table->m_lock);
            for (auto iter = table->begin(locker), end = table->end(locker); iter != end; ++iter) {
                bool found = false;
                for (unsigned i = materialization->properties().size(); i--;) {
                    const ExitPropertyValue& property = materialization->properties()[i];
                    if (property.location().kind() != ClosureVarPLoc)
                        continue;
                    if (ScopeOffset(property.location().info()) == iter->value.scopeOffset()) {
                        found = true;
                        break;
                    }
                }
                ASSERT_UNUSED(found, found);
            }
            unsigned numberOfClosureVarPloc = 0;
            for (unsigned i = materialization->properties().size(); i--;) {
                const ExitPropertyValue& property = materialization->properties()[i];
                if (property.location().kind() == ClosureVarPLoc)
                    numberOfClosureVarPloc++;
            }
            ASSERT(numberOfClosureVarPloc == table->scopeSize());
        }

        return result;
    }

    case PhantomDirectArguments:
    case PhantomClonedArguments: {
        if (!materialization->origin().inlineCallFrame) {
            switch (materialization->type()) {
            case PhantomDirectArguments:
                return DirectArguments::createByCopying(exec);
            case PhantomClonedArguments:
                return ClonedArguments::createWithMachineFrame(exec, exec, ArgumentsMode::Cloned);
            default:
                RELEASE_ASSERT_NOT_REACHED();
                return nullptr;
            }
        }

        // First figure out the argument count. If there isn't one then we represent the machine frame.
        unsigned argumentCount = 0;
        if (materialization->origin().inlineCallFrame->isVarargs()) {
            for (unsigned i = materialization->properties().size(); i--;) {
                const ExitPropertyValue& property = materialization->properties()[i];
                if (property.location() != PromotedLocationDescriptor(ArgumentCountPLoc))
                    continue;
                
                argumentCount = JSValue::decode(values[i]).asUInt32();
                RELEASE_ASSERT(argumentCount);
                break;
            }
            RELEASE_ASSERT(argumentCount);
        } else
            argumentCount = materialization->origin().inlineCallFrame->arguments.size();
        
        JSFunction* callee = nullptr;
        if (materialization->origin().inlineCallFrame->isClosureCall) {
            for (unsigned i = materialization->properties().size(); i--;) {
                const ExitPropertyValue& property = materialization->properties()[i];
                if (property.location() != PromotedLocationDescriptor(ArgumentsCalleePLoc))
                    continue;
                
                callee = jsCast<JSFunction*>(JSValue::decode(values[i]));
                break;
            }
        } else
            callee = materialization->origin().inlineCallFrame->calleeConstant();
        RELEASE_ASSERT(callee);
        
        CodeBlock* codeBlock = baselineCodeBlockForOriginAndBaselineCodeBlock(
            materialization->origin(), exec->codeBlock());
        
        // We have an inline frame and we have all of the data we need to recreate it.
        switch (materialization->type()) {
        case PhantomDirectArguments: {
            unsigned length = argumentCount - 1;
            unsigned capacity = std::max(length, static_cast<unsigned>(codeBlock->numParameters() - 1));
            DirectArguments* result = DirectArguments::create(
                vm, codeBlock->globalObject()->directArgumentsStructure(), length, capacity);
            result->callee().set(vm, result, callee);
            for (unsigned i = materialization->properties().size(); i--;) {
                const ExitPropertyValue& property = materialization->properties()[i];
                if (property.location().kind() != ArgumentPLoc)
                    continue;
                
                unsigned index = property.location().info();
                if (index >= capacity)
                    continue;
                
                // We don't want to use setIndexQuickly(), since that's only for the passed-in
                // arguments but sometimes the number of named arguments is greater. For
                // example:
                //
                // function foo(a, b, c) { ... }
                // foo();
                //
                // setIndexQuickly() would fail for indices 0, 1, 2 - but we need to recover
                // those here.
                result->argument(DirectArgumentsOffset(index)).set(
                    vm, result, JSValue::decode(values[i]));
            }
            return result;
        }
        case PhantomClonedArguments: {
            unsigned length = argumentCount - 1;
            ClonedArguments* result = ClonedArguments::createEmpty(
                vm, codeBlock->globalObject()->outOfBandArgumentsStructure(), callee);
            
            for (unsigned i = materialization->properties().size(); i--;) {
                const ExitPropertyValue& property = materialization->properties()[i];
                if (property.location().kind() != ArgumentPLoc)
                    continue;
                
                unsigned index = property.location().info();
                if (index >= length)
                    continue;
                result->putDirectIndex(exec, index, JSValue::decode(values[i]));
            }
            
            result->putDirect(vm, vm.propertyNames->length, jsNumber(length));
            return result;
        }
        default:
            RELEASE_ASSERT_NOT_REACHED();
            return nullptr;
        }
    }
        
    default:
        RELEASE_ASSERT_NOT_REACHED();
        return nullptr;
    }
}

} } // namespace JSC::FTL

#endif // ENABLE(FTL_JIT)
Commit	Line	Data
ed1e77d3 A	1	/*
	2	* Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	*
	13	* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
	14	* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	15	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	16	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
	17	* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
	18	* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
	19	* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
	20	* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	21	* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	22	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
	23	* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	24	*/
	25
	26	#include "config.h"
	27	#include "FTLOperations.h"
	28
	29	#if ENABLE(FTL_JIT)
	30
	31	#include "ClonedArguments.h"
	32	#include "DirectArguments.h"
	33	#include "JSCInlines.h"
	34	#include "JSLexicalEnvironment.h"
	35
	36	namespace JSC { namespace FTL {
	37
	38	using namespace JSC::DFG;
	39
	40	extern "C" JSCell* JIT_OPERATION operationNewObjectWithButterfly(ExecState* exec, Structure* structure)
	41	{
	42	VM& vm = exec->vm();
	43	NativeCallFrameTracer tracer(&vm, exec);
	44
	45	Butterfly* butterfly = Butterfly::create(
	46	vm, nullptr, 0, structure->outOfLineCapacity(), false, IndexingHeader(), 0);
	47
	48	return JSFinalObject::create(exec, structure, butterfly);
	49	}
	50
	51	extern "C" JSCell* JIT_OPERATION operationMaterializeObjectInOSR(
	52	ExecState* exec, ExitTimeObjectMaterialization* materialization, EncodedJSValue* values)
	53	{
	54	VM& vm = exec->vm();
	55	CodeBlock* codeBlock = exec->codeBlock();
	56
	57	// We cannot GC. We've got pointers in evil places.
	58	DeferGCForAWhile deferGC(vm.heap);
	59
	60	switch (materialization->type()) {
	61	case PhantomNewObject: {
	62	// First figure out what the structure is.
	63	Structure* structure = nullptr;
	64	for (unsigned i = materialization->properties().size(); i--;) {
65	const ExitPropertyValue& property = materialization->properties()[i];
66	if (property.location() != PromotedLocationDescriptor(StructurePLoc))
67	continue;
68
69	structure = jsCast<Structure*>(JSValue::decode(values[i]));
70	break;
71	}
72	RELEASE_ASSERT(structure);
73
74	// Let's create that object!
75	JSFinalObject* result = JSFinalObject::create(vm, structure);
76
77	// Now figure out what the heck to populate the object with. Use getPropertiesConcurrently()
78	// because that happens to be lower-level and more convenient. It doesn't change the
79	// materialization of the property table. We want to have minimal visible effects on the
80	// system. Also, don't mind that this is O(n^2). It doesn't matter. We only get here from OSR
81	// exit.
82	for (PropertyMapEntry entry : structure->getPropertiesConcurrently()) {
83	for (unsigned i = materialization->properties().size(); i--;) {
84	const ExitPropertyValue& property = materialization->properties()[i];
85	if (property.location().kind() != NamedPropertyPLoc)
86	continue;
87	if (codeBlock->identifier(property.location().info()).impl() != entry.key)
88	continue;
89
90	result->putDirect(vm, entry.offset, JSValue::decode(values[i]));
91	}
92	}
93
94	return result;
95	}
96
97	case PhantomNewFunction: {
98	// Figure out what the executable and activation are
99	FunctionExecutable* executable = nullptr;
100	JSScope* activation = nullptr;
101	for (unsigned i = materialization->properties().size(); i--;) {
102	const ExitPropertyValue& property = materialization->properties()[i];
103	if (property.location() == PromotedLocationDescriptor(FunctionExecutablePLoc))
104	executable = jsCast<FunctionExecutable*>(JSValue::decode(values[i]));
105	if (property.location() == PromotedLocationDescriptor(FunctionActivationPLoc))
106	activation = jsCast<JSScope*>(JSValue::decode(values[i]));
107	}
108	RELEASE_ASSERT(executable && activation);
109
110	JSFunction* result = JSFunction::createWithInvalidatedReallocationWatchpoint(vm, executable, activation);
111
112	return result;
113	}
114
115	case PhantomCreateActivation: {
116	// Figure out where the scope is
117	JSScope* scope = nullptr;
118	SymbolTable* table = nullptr;
119	for (unsigned i = materialization->properties().size(); i--;) {
120	const ExitPropertyValue& property = materialization->properties()[i];
121	if (property.location() == PromotedLocationDescriptor(ActivationScopePLoc))
122	scope = jsCast<JSScope*>(JSValue::decode(values[i]));
123	else if (property.location() == PromotedLocationDescriptor(ActivationSymbolTablePLoc))
124	table = jsCast<SymbolTable*>(JSValue::decode(values[i]));
125	}
126	RELEASE_ASSERT(scope);
127	RELEASE_ASSERT(table);
128
129	CodeBlock* codeBlock = baselineCodeBlockForOriginAndBaselineCodeBlock(
130	materialization->origin(), exec->codeBlock());
131	Structure* structure = codeBlock->globalObject()->activationStructure();
132
133	JSLexicalEnvironment* result = JSLexicalEnvironment::create(vm, structure, scope, table);
134
135	RELEASE_ASSERT(materialization->properties().size() - 2 == table->scopeSize());
136	// Figure out what to populate the activation with
137	for (unsigned i = materialization->properties().size(); i--;) {
138	const ExitPropertyValue& property = materialization->properties()[i];
139	if (property.location().kind() != ClosureVarPLoc)
140	continue;
141
142	result->variableAt(ScopeOffset(property.location().info())).set(exec->vm(), result, JSValue::decode(values[i]));
143	}
144
145	if (validationEnabled()) {
146	// Validate to make sure every slot in the scope has one value.
147	ConcurrentJITLocker locker(table->m_lock);
148	for (auto iter = table->begin(locker), end = table->end(locker); iter != end; ++iter) {
149	bool found = false;
150	for (unsigned i = materialization->properties().size(); i--;) {
151	const ExitPropertyValue& property = materialization->properties()[i];
152	if (property.location().kind() != ClosureVarPLoc)
153	continue;
154	if (ScopeOffset(property.location().info()) == iter->value.scopeOffset()) {
155	found = true;
156	break;
157	}
158	}
159	ASSERT_UNUSED(found, found);
160	}
161	unsigned numberOfClosureVarPloc = 0;
162	for (unsigned i = materialization->properties().size(); i--;) {
163	const ExitPropertyValue& property = materialization->properties()[i];
164	if (property.location().kind() == ClosureVarPLoc)
165	numberOfClosureVarPloc++;
166	}
167	ASSERT(numberOfClosureVarPloc == table->scopeSize());
168	}
169
170	return result;
171	}
172
173	case PhantomDirectArguments:
174	case PhantomClonedArguments: {
175	if (!materialization->origin().inlineCallFrame) {
176	switch (materialization->type()) {
177	case PhantomDirectArguments:
178	return DirectArguments::createByCopying(exec);
179	case PhantomClonedArguments:
180	return ClonedArguments::createWithMachineFrame(exec, exec, ArgumentsMode::Cloned);
181	default:
182	RELEASE_ASSERT_NOT_REACHED();
183	return nullptr;
184	}
185	}
186
187	// First figure out the argument count. If there isn't one then we represent the machine frame.
188	unsigned argumentCount = 0;
189	if (materialization->origin().inlineCallFrame->isVarargs()) {
190	for (unsigned i = materialization->properties().size(); i--;) {
191	const ExitPropertyValue& property = materialization->properties()[i];
192	if (property.location() != PromotedLocationDescriptor(ArgumentCountPLoc))
193	continue;
194
195	argumentCount = JSValue::decode(values[i]).asUInt32();
196	RELEASE_ASSERT(argumentCount);
197	break;
198	}
199	RELEASE_ASSERT(argumentCount);
200	} else
201	argumentCount = materialization->origin().inlineCallFrame->arguments.size();
202
203	JSFunction* callee = nullptr;
204	if (materialization->origin().inlineCallFrame->isClosureCall) {
205	for (unsigned i = materialization->properties().size(); i--;) {
206	const ExitPropertyValue& property = materialization->properties()[i];
207	if (property.location() != PromotedLocationDescriptor(ArgumentsCalleePLoc))
208	continue;
209
210	callee = jsCast<JSFunction*>(JSValue::decode(values[i]));
211	break;
212	}
213	} else
214	callee = materialization->origin().inlineCallFrame->calleeConstant();
215	RELEASE_ASSERT(callee);
216
217	CodeBlock* codeBlock = baselineCodeBlockForOriginAndBaselineCodeBlock(
218	materialization->origin(), exec->codeBlock());
219
220	// We have an inline frame and we have all of the data we need to recreate it.
221	switch (materialization->type()) {
222	case PhantomDirectArguments: {
223	unsigned length = argumentCount - 1;
224	unsigned capacity = std::max(length, static_cast<unsigned>(codeBlock->numParameters() - 1));
225	DirectArguments* result = DirectArguments::create(
226	vm, codeBlock->globalObject()->directArgumentsStructure(), length, capacity);
227	result->callee().set(vm, result, callee);
228	for (unsigned i = materialization->properties().size(); i--;) {
229	const ExitPropertyValue& property = materialization->properties()[i];
230	if (property.location().kind() != ArgumentPLoc)
231	continue;
232
233	unsigned index = property.location().info();
234	if (index >= capacity)
235	continue;
236
237	// We don't want to use setIndexQuickly(), since that's only for the passed-in
238	// arguments but sometimes the number of named arguments is greater. For
239	// example:
240	//
241	// function foo(a, b, c) { ... }
242	// foo();
243	//
244	// setIndexQuickly() would fail for indices 0, 1, 2 - but we need to recover
245	// those here.
246	result->argument(DirectArgumentsOffset(index)).set(
247	vm, result, JSValue::decode(values[i]));
248	}
249	return result;
250	}
251	case PhantomClonedArguments: {
252	unsigned length = argumentCount - 1;
253	ClonedArguments* result = ClonedArguments::createEmpty(
254	vm, codeBlock->globalObject()->outOfBandArgumentsStructure(), callee);
255
256	for (unsigned i = materialization->properties().size(); i--;) {
257	const ExitPropertyValue& property = materialization->properties()[i];
258	if (property.location().kind() != ArgumentPLoc)
259	continue;
260
261	unsigned index = property.location().info();
262	if (index >= length)
263	continue;
264	result->putDirectIndex(exec, index, JSValue::decode(values[i]));
265	}
266
267	result->putDirect(vm, vm.propertyNames->length, jsNumber(length));
268	return result;
269	}
270	default:
271	RELEASE_ASSERT_NOT_REACHED();
272	return nullptr;
273	}
274	}
275
276	default:
277	RELEASE_ASSERT_NOT_REACHED();
278	return nullptr;
279	}
280	}
281
282	} } // namespace JSC::FTL
283
284	#endif // ENABLE(FTL_JIT)
285