]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright (C) 2011, 2013-2015 Apple Inc. All rights reserved. | |
3 | * | |
4 | * Redistribution and use in source and binary forms, with or without | |
5 | * modification, are permitted provided that the following conditions | |
6 | * are met: | |
7 | * 1. Redistributions of source code must retain the above copyright | |
8 | * notice, this list of conditions and the following disclaimer. | |
9 | * 2. Redistributions in binary form must reproduce the above copyright | |
10 | * notice, this list of conditions and the following disclaimer in the | |
11 | * documentation and/or other materials provided with the distribution. | |
12 | * | |
13 | * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY | |
14 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
15 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
16 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR | |
17 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | |
18 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | |
19 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
20 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | |
21 | * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
23 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
24 | */ | |
25 | ||
26 | #include "config.h" | |
27 | #include "DFGGraph.h" | |
28 | ||
29 | #if ENABLE(DFG_JIT) | |
30 | ||
31 | #include "BytecodeKills.h" | |
32 | #include "BytecodeLivenessAnalysisInlines.h" | |
33 | #include "CodeBlock.h" | |
34 | #include "CodeBlockWithJITType.h" | |
35 | #include "DFGBlockWorklist.h" | |
36 | #include "DFGClobberSet.h" | |
37 | #include "DFGJITCode.h" | |
38 | #include "DFGVariableAccessDataDump.h" | |
39 | #include "FullBytecodeLiveness.h" | |
40 | #include "FunctionExecutableDump.h" | |
41 | #include "JIT.h" | |
42 | #include "JSLexicalEnvironment.h" | |
43 | #include "MaxFrameExtentForSlowPathCall.h" | |
44 | #include "OperandsInlines.h" | |
45 | #include "JSCInlines.h" | |
46 | #include "StackAlignment.h" | |
47 | #include <wtf/CommaPrinter.h> | |
48 | #include <wtf/ListDump.h> | |
49 | ||
50 | namespace JSC { namespace DFG { | |
51 | ||
52 | // Creates an array of stringized names. | |
53 | static const char* dfgOpNames[] = { | |
54 | #define STRINGIZE_DFG_OP_ENUM(opcode, flags) #opcode , | |
55 | FOR_EACH_DFG_OP(STRINGIZE_DFG_OP_ENUM) | |
56 | #undef STRINGIZE_DFG_OP_ENUM | |
57 | }; | |
58 | ||
59 | Graph::Graph(VM& vm, Plan& plan, LongLivedState& longLivedState) | |
60 | : m_vm(vm) | |
61 | , m_plan(plan) | |
62 | , m_codeBlock(m_plan.codeBlock.get()) | |
63 | , m_profiledBlock(m_codeBlock->alternative()) | |
64 | , m_allocator(longLivedState.m_allocator) | |
65 | , m_nextMachineLocal(0) | |
66 | , m_fixpointState(BeforeFixpoint) | |
67 | , m_structureRegistrationState(HaveNotStartedRegistering) | |
68 | , m_form(LoadStore) | |
69 | , m_unificationState(LocallyUnified) | |
70 | , m_refCountState(EverythingIsLive) | |
71 | { | |
72 | ASSERT(m_profiledBlock); | |
73 | ||
74 | m_hasDebuggerEnabled = m_profiledBlock->globalObject()->hasDebugger() | |
75 | || Options::forceDebuggerBytecodeGeneration(); | |
76 | } | |
77 | ||
78 | Graph::~Graph() | |
79 | { | |
80 | for (BlockIndex blockIndex = numBlocks(); blockIndex--;) { | |
81 | BasicBlock* block = this->block(blockIndex); | |
82 | if (!block) | |
83 | continue; | |
84 | ||
85 | for (unsigned phiIndex = block->phis.size(); phiIndex--;) | |
86 | m_allocator.free(block->phis[phiIndex]); | |
87 | for (unsigned nodeIndex = block->size(); nodeIndex--;) | |
88 | m_allocator.free(block->at(nodeIndex)); | |
89 | } | |
90 | m_allocator.freeAll(); | |
91 | } | |
92 | ||
93 | const char *Graph::opName(NodeType op) | |
94 | { | |
95 | return dfgOpNames[op]; | |
96 | } | |
97 | ||
98 | static void printWhiteSpace(PrintStream& out, unsigned amount) | |
99 | { | |
100 | while (amount-- > 0) | |
101 | out.print(" "); | |
102 | } | |
103 | ||
104 | bool Graph::dumpCodeOrigin(PrintStream& out, const char* prefix, Node* previousNode, Node* currentNode, DumpContext* context) | |
105 | { | |
106 | if (!previousNode) | |
107 | return false; | |
108 | ||
109 | if (previousNode->origin.semantic.inlineCallFrame == currentNode->origin.semantic.inlineCallFrame) | |
110 | return false; | |
111 | ||
112 | Vector<CodeOrigin> previousInlineStack = previousNode->origin.semantic.inlineStack(); | |
113 | Vector<CodeOrigin> currentInlineStack = currentNode->origin.semantic.inlineStack(); | |
114 | unsigned commonSize = std::min(previousInlineStack.size(), currentInlineStack.size()); | |
115 | unsigned indexOfDivergence = commonSize; | |
116 | for (unsigned i = 0; i < commonSize; ++i) { | |
117 | if (previousInlineStack[i].inlineCallFrame != currentInlineStack[i].inlineCallFrame) { | |
118 | indexOfDivergence = i; | |
119 | break; | |
120 | } | |
121 | } | |
122 | ||
123 | bool hasPrinted = false; | |
124 | ||
125 | // Print the pops. | |
126 | for (unsigned i = previousInlineStack.size(); i-- > indexOfDivergence;) { | |
127 | out.print(prefix); | |
128 | printWhiteSpace(out, i * 2); | |
129 | out.print("<-- ", inContext(*previousInlineStack[i].inlineCallFrame, context), "\n"); | |
130 | hasPrinted = true; | |
131 | } | |
132 | ||
133 | // Print the pushes. | |
134 | for (unsigned i = indexOfDivergence; i < currentInlineStack.size(); ++i) { | |
135 | out.print(prefix); | |
136 | printWhiteSpace(out, i * 2); | |
137 | out.print("--> ", inContext(*currentInlineStack[i].inlineCallFrame, context), "\n"); | |
138 | hasPrinted = true; | |
139 | } | |
140 | ||
141 | return hasPrinted; | |
142 | } | |
143 | ||
144 | int Graph::amountOfNodeWhiteSpace(Node* node) | |
145 | { | |
146 | return (node->origin.semantic.inlineDepth() - 1) * 2; | |
147 | } | |
148 | ||
149 | void Graph::printNodeWhiteSpace(PrintStream& out, Node* node) | |
150 | { | |
151 | printWhiteSpace(out, amountOfNodeWhiteSpace(node)); | |
152 | } | |
153 | ||
154 | void Graph::dump(PrintStream& out, const char* prefix, Node* node, DumpContext* context) | |
155 | { | |
156 | NodeType op = node->op(); | |
157 | ||
158 | unsigned refCount = node->refCount(); | |
159 | bool mustGenerate = node->mustGenerate(); | |
160 | if (mustGenerate) | |
161 | --refCount; | |
162 | ||
163 | out.print(prefix); | |
164 | printNodeWhiteSpace(out, node); | |
165 | ||
166 | // Example/explanation of dataflow dump output | |
167 | // | |
168 | // 14: <!2:7> GetByVal(@3, @13) | |
169 | // ^1 ^2 ^3 ^4 ^5 | |
170 | // | |
171 | // (1) The nodeIndex of this operation. | |
172 | // (2) The reference count. The number printed is the 'real' count, | |
173 | // not including the 'mustGenerate' ref. If the node is | |
174 | // 'mustGenerate' then the count it prefixed with '!'. | |
175 | // (3) The virtual register slot assigned to this node. | |
176 | // (4) The name of the operation. | |
177 | // (5) The arguments to the operation. The may be of the form: | |
178 | // @# - a NodeIndex referencing a prior node in the graph. | |
179 | // arg# - an argument number. | |
180 | // id# - the index in the CodeBlock of an identifier { if codeBlock is passed to dump(), the string representation is displayed }. | |
181 | // var# - the index of a var on the global object, used by GetGlobalVar/PutGlobalVar operations. | |
182 | out.printf("% 4d:<%c%u:", (int)node->index(), mustGenerate ? '!' : ' ', refCount); | |
183 | if (node->hasResult() && node->hasVirtualRegister() && node->virtualRegister().isValid()) | |
184 | out.print(node->virtualRegister()); | |
185 | else | |
186 | out.print("-"); | |
187 | out.print(">\t", opName(op), "("); | |
188 | CommaPrinter comma; | |
189 | if (node->flags() & NodeHasVarArgs) { | |
190 | for (unsigned childIdx = node->firstChild(); childIdx < node->firstChild() + node->numChildren(); childIdx++) { | |
191 | if (!m_varArgChildren[childIdx]) | |
192 | continue; | |
193 | out.print(comma, m_varArgChildren[childIdx]); | |
194 | } | |
195 | } else { | |
196 | if (!!node->child1() || !!node->child2() || !!node->child3()) | |
197 | out.print(comma, node->child1()); | |
198 | if (!!node->child2() || !!node->child3()) | |
199 | out.print(comma, node->child2()); | |
200 | if (!!node->child3()) | |
201 | out.print(comma, node->child3()); | |
202 | } | |
203 | ||
204 | if (toCString(NodeFlagsDump(node->flags())) != "<empty>") | |
205 | out.print(comma, NodeFlagsDump(node->flags())); | |
206 | if (node->prediction()) | |
207 | out.print(comma, SpeculationDump(node->prediction())); | |
208 | if (node->hasArrayMode()) | |
209 | out.print(comma, node->arrayMode()); | |
210 | if (node->hasArithMode()) | |
211 | out.print(comma, node->arithMode()); | |
212 | if (node->hasScopeOffset()) | |
213 | out.print(comma, node->scopeOffset()); | |
214 | if (node->hasDirectArgumentsOffset()) | |
215 | out.print(comma, node->capturedArgumentsOffset()); | |
216 | if (node->hasRegisterPointer()) | |
217 | out.print(comma, "global", globalObjectFor(node->origin.semantic)->findVariableIndex(node->variablePointer()), "(", RawPointer(node->variablePointer()), ")"); | |
218 | if (node->hasIdentifier()) | |
219 | out.print(comma, "id", node->identifierNumber(), "{", identifiers()[node->identifierNumber()], "}"); | |
220 | if (node->hasPromotedLocationDescriptor()) | |
221 | out.print(comma, node->promotedLocationDescriptor()); | |
222 | if (node->hasStructureSet()) | |
223 | out.print(comma, inContext(node->structureSet(), context)); | |
224 | if (node->hasStructure()) | |
225 | out.print(comma, inContext(*node->structure(), context)); | |
226 | if (node->hasTransition()) { | |
227 | out.print(comma, pointerDumpInContext(node->transition(), context)); | |
228 | #if USE(JSVALUE64) | |
229 | out.print(", ID:", node->transition()->next->id()); | |
230 | #else | |
231 | out.print(", ID:", RawPointer(node->transition()->next)); | |
232 | #endif | |
233 | } | |
234 | if (node->hasCellOperand()) { | |
235 | if (!node->cellOperand()->value() || !node->cellOperand()->value().isCell()) | |
236 | out.print(comma, "invalid cell operand: ", node->cellOperand()->value()); | |
237 | else { | |
238 | out.print(comma, pointerDump(node->cellOperand()->value().asCell())); | |
239 | if (node->cellOperand()->value().isCell()) { | |
240 | CallVariant variant(node->cellOperand()->value().asCell()); | |
241 | if (ExecutableBase* executable = variant.executable()) { | |
242 | if (executable->isHostFunction()) | |
243 | out.print(comma, "<host function>"); | |
244 | else if (FunctionExecutable* functionExecutable = jsDynamicCast<FunctionExecutable*>(executable)) | |
245 | out.print(comma, FunctionExecutableDump(functionExecutable)); | |
246 | else | |
247 | out.print(comma, "<non-function executable>"); | |
248 | } | |
249 | } | |
250 | } | |
251 | } | |
252 | if (node->hasStorageAccessData()) { | |
253 | StorageAccessData& storageAccessData = node->storageAccessData(); | |
254 | out.print(comma, "id", storageAccessData.identifierNumber, "{", identifiers()[storageAccessData.identifierNumber], "}"); | |
255 | out.print(", ", static_cast<ptrdiff_t>(storageAccessData.offset)); | |
256 | } | |
257 | if (node->hasMultiGetByOffsetData()) { | |
258 | MultiGetByOffsetData& data = node->multiGetByOffsetData(); | |
259 | out.print(comma, "id", data.identifierNumber, "{", identifiers()[data.identifierNumber], "}"); | |
260 | for (unsigned i = 0; i < data.variants.size(); ++i) | |
261 | out.print(comma, inContext(data.variants[i], context)); | |
262 | } | |
263 | if (node->hasMultiPutByOffsetData()) { | |
264 | MultiPutByOffsetData& data = node->multiPutByOffsetData(); | |
265 | out.print(comma, "id", data.identifierNumber, "{", identifiers()[data.identifierNumber], "}"); | |
266 | for (unsigned i = 0; i < data.variants.size(); ++i) | |
267 | out.print(comma, inContext(data.variants[i], context)); | |
268 | } | |
269 | ASSERT(node->hasVariableAccessData(*this) == node->hasLocal(*this)); | |
270 | if (node->hasVariableAccessData(*this)) { | |
271 | VariableAccessData* variableAccessData = node->tryGetVariableAccessData(); | |
272 | if (variableAccessData) { | |
273 | VirtualRegister operand = variableAccessData->local(); | |
274 | out.print(comma, variableAccessData->local(), "(", VariableAccessDataDump(*this, variableAccessData), ")"); | |
275 | operand = variableAccessData->machineLocal(); | |
276 | if (operand.isValid()) | |
277 | out.print(comma, "machine:", operand); | |
278 | } | |
279 | } | |
280 | if (node->hasStackAccessData()) { | |
281 | StackAccessData* data = node->stackAccessData(); | |
282 | out.print(comma, data->local); | |
283 | if (data->machineLocal.isValid()) | |
284 | out.print(comma, "machine:", data->machineLocal); | |
285 | out.print(comma, data->format); | |
286 | } | |
287 | if (node->hasUnlinkedLocal()) | |
288 | out.print(comma, node->unlinkedLocal()); | |
289 | if (node->hasUnlinkedMachineLocal()) { | |
290 | VirtualRegister operand = node->unlinkedMachineLocal(); | |
291 | if (operand.isValid()) | |
292 | out.print(comma, "machine:", operand); | |
293 | } | |
294 | if (node->hasConstantBuffer()) { | |
295 | out.print(comma); | |
296 | out.print(node->startConstant(), ":["); | |
297 | CommaPrinter anotherComma; | |
298 | for (unsigned i = 0; i < node->numConstants(); ++i) | |
299 | out.print(anotherComma, pointerDumpInContext(freeze(m_codeBlock->constantBuffer(node->startConstant())[i]), context)); | |
300 | out.print("]"); | |
301 | } | |
302 | if (node->hasIndexingType()) | |
303 | out.print(comma, IndexingTypeDump(node->indexingType())); | |
304 | if (node->hasTypedArrayType()) | |
305 | out.print(comma, node->typedArrayType()); | |
306 | if (node->hasPhi()) | |
307 | out.print(comma, "^", node->phi()->index()); | |
308 | if (node->hasExecutionCounter()) | |
309 | out.print(comma, RawPointer(node->executionCounter())); | |
310 | if (node->hasWatchpointSet()) | |
311 | out.print(comma, RawPointer(node->watchpointSet())); | |
312 | if (node->hasStoragePointer()) | |
313 | out.print(comma, RawPointer(node->storagePointer())); | |
314 | if (node->hasObjectMaterializationData()) | |
315 | out.print(comma, node->objectMaterializationData()); | |
316 | if (node->hasCallVarargsData()) | |
317 | out.print(comma, "firstVarArgOffset = ", node->callVarargsData()->firstVarArgOffset); | |
318 | if (node->hasLoadVarargsData()) { | |
319 | LoadVarargsData* data = node->loadVarargsData(); | |
320 | out.print(comma, "start = ", data->start, ", count = ", data->count); | |
321 | if (data->machineStart.isValid()) | |
322 | out.print(", machineStart = ", data->machineStart); | |
323 | if (data->machineCount.isValid()) | |
324 | out.print(", machineCount = ", data->machineCount); | |
325 | out.print(", offset = ", data->offset, ", mandatoryMinimum = ", data->mandatoryMinimum); | |
326 | out.print(", limit = ", data->limit); | |
327 | } | |
328 | if (node->isConstant()) | |
329 | out.print(comma, pointerDumpInContext(node->constant(), context)); | |
330 | if (node->isJump()) | |
331 | out.print(comma, "T:", *node->targetBlock()); | |
332 | if (node->isBranch()) | |
333 | out.print(comma, "T:", node->branchData()->taken, ", F:", node->branchData()->notTaken); | |
334 | if (node->isSwitch()) { | |
335 | SwitchData* data = node->switchData(); | |
336 | out.print(comma, data->kind); | |
337 | for (unsigned i = 0; i < data->cases.size(); ++i) | |
338 | out.print(comma, inContext(data->cases[i].value, context), ":", data->cases[i].target); | |
339 | out.print(comma, "default:", data->fallThrough); | |
340 | } | |
341 | ClobberSet reads; | |
342 | ClobberSet writes; | |
343 | addReadsAndWrites(*this, node, reads, writes); | |
344 | if (!reads.isEmpty()) | |
345 | out.print(comma, "R:", sortedListDump(reads.direct(), ",")); | |
346 | if (!writes.isEmpty()) | |
347 | out.print(comma, "W:", sortedListDump(writes.direct(), ",")); | |
348 | if (node->origin.isSet()) { | |
349 | out.print(comma, "bc#", node->origin.semantic.bytecodeIndex); | |
350 | if (node->origin.semantic != node->origin.forExit) | |
351 | out.print(comma, "exit: ", node->origin.forExit); | |
352 | } | |
353 | ||
354 | out.print(")"); | |
355 | ||
356 | if (node->hasVariableAccessData(*this) && node->tryGetVariableAccessData()) | |
357 | out.print(" predicting ", SpeculationDump(node->tryGetVariableAccessData()->prediction())); | |
358 | else if (node->hasHeapPrediction()) | |
359 | out.print(" predicting ", SpeculationDump(node->getHeapPrediction())); | |
360 | ||
361 | out.print("\n"); | |
362 | } | |
363 | ||
364 | bool Graph::terminalsAreValid() | |
365 | { | |
366 | for (BasicBlock* block : blocksInNaturalOrder()) { | |
367 | if (!block->terminal()) | |
368 | return false; | |
369 | } | |
370 | return true; | |
371 | } | |
372 | ||
373 | void Graph::dumpBlockHeader(PrintStream& out, const char* prefix, BasicBlock* block, PhiNodeDumpMode phiNodeDumpMode, DumpContext* context) | |
374 | { | |
375 | out.print(prefix, "Block ", *block, " (", inContext(block->at(0)->origin.semantic, context), "):", block->isReachable ? "" : " (skipped)", block->isOSRTarget ? " (OSR target)" : "", "\n"); | |
376 | if (block->executionCount == block->executionCount) | |
377 | out.print(prefix, " Execution count: ", block->executionCount, "\n"); | |
378 | out.print(prefix, " Predecessors:"); | |
379 | for (size_t i = 0; i < block->predecessors.size(); ++i) | |
380 | out.print(" ", *block->predecessors[i]); | |
381 | out.print("\n"); | |
382 | out.print(prefix, " Successors:"); | |
383 | if (block->terminal()) { | |
384 | for (BasicBlock* successor : block->successors()) { | |
385 | out.print(" ", *successor); | |
386 | if (m_prePostNumbering.isValid()) | |
387 | out.print(" (", m_prePostNumbering.edgeKind(block, successor), ")"); | |
388 | } | |
389 | } else | |
390 | out.print(" <invalid>"); | |
391 | out.print("\n"); | |
392 | if (m_dominators.isValid() && terminalsAreValid()) { | |
393 | out.print(prefix, " Dominated by: ", m_dominators.dominatorsOf(block), "\n"); | |
394 | out.print(prefix, " Dominates: ", m_dominators.blocksDominatedBy(block), "\n"); | |
395 | out.print(prefix, " Dominance Frontier: ", m_dominators.dominanceFrontierOf(block), "\n"); | |
396 | out.print(prefix, " Iterated Dominance Frontier: ", m_dominators.iteratedDominanceFrontierOf(BlockList(1, block)), "\n"); | |
397 | } | |
398 | if (m_prePostNumbering.isValid()) | |
399 | out.print(prefix, " Pre/Post Numbering: ", m_prePostNumbering.preNumber(block), "/", m_prePostNumbering.postNumber(block), "\n"); | |
400 | if (m_naturalLoops.isValid()) { | |
401 | if (const NaturalLoop* loop = m_naturalLoops.headerOf(block)) { | |
402 | out.print(prefix, " Loop header, contains:"); | |
403 | Vector<BlockIndex> sortedBlockList; | |
404 | for (unsigned i = 0; i < loop->size(); ++i) | |
405 | sortedBlockList.append(loop->at(i)->index); | |
406 | std::sort(sortedBlockList.begin(), sortedBlockList.end()); | |
407 | for (unsigned i = 0; i < sortedBlockList.size(); ++i) | |
408 | out.print(" #", sortedBlockList[i]); | |
409 | out.print("\n"); | |
410 | } | |
411 | ||
412 | Vector<const NaturalLoop*> containingLoops = | |
413 | m_naturalLoops.loopsOf(block); | |
414 | if (!containingLoops.isEmpty()) { | |
415 | out.print(prefix, " Containing loop headers:"); | |
416 | for (unsigned i = 0; i < containingLoops.size(); ++i) | |
417 | out.print(" ", *containingLoops[i]->header()); | |
418 | out.print("\n"); | |
419 | } | |
420 | } | |
421 | if (!block->phis.isEmpty()) { | |
422 | out.print(prefix, " Phi Nodes:"); | |
423 | for (size_t i = 0; i < block->phis.size(); ++i) { | |
424 | Node* phiNode = block->phis[i]; | |
425 | if (!phiNode->shouldGenerate() && phiNodeDumpMode == DumpLivePhisOnly) | |
426 | continue; | |
427 | out.print(" @", phiNode->index(), "<", phiNode->local(), ",", phiNode->refCount(), ">->("); | |
428 | if (phiNode->child1()) { | |
429 | out.print("@", phiNode->child1()->index()); | |
430 | if (phiNode->child2()) { | |
431 | out.print(", @", phiNode->child2()->index()); | |
432 | if (phiNode->child3()) | |
433 | out.print(", @", phiNode->child3()->index()); | |
434 | } | |
435 | } | |
436 | out.print(")", i + 1 < block->phis.size() ? "," : ""); | |
437 | } | |
438 | out.print("\n"); | |
439 | } | |
440 | } | |
441 | ||
442 | void Graph::dump(PrintStream& out, DumpContext* context) | |
443 | { | |
444 | DumpContext myContext; | |
445 | myContext.graph = this; | |
446 | if (!context) | |
447 | context = &myContext; | |
448 | ||
449 | out.print("\n"); | |
450 | out.print("DFG for ", CodeBlockWithJITType(m_codeBlock, JITCode::DFGJIT), ":\n"); | |
451 | out.print(" Fixpoint state: ", m_fixpointState, "; Form: ", m_form, "; Unification state: ", m_unificationState, "; Ref count state: ", m_refCountState, "\n"); | |
452 | if (m_form == SSA) | |
453 | out.print(" Argument formats: ", listDump(m_argumentFormats), "\n"); | |
454 | else | |
455 | out.print(" Arguments: ", listDump(m_arguments), "\n"); | |
456 | out.print("\n"); | |
457 | ||
458 | Node* lastNode = 0; | |
459 | for (size_t b = 0; b < m_blocks.size(); ++b) { | |
460 | BasicBlock* block = m_blocks[b].get(); | |
461 | if (!block) | |
462 | continue; | |
463 | dumpBlockHeader(out, "", block, DumpAllPhis, context); | |
464 | out.print(" States: ", block->cfaStructureClobberStateAtHead); | |
465 | if (!block->cfaHasVisited) | |
466 | out.print(", CurrentlyCFAUnreachable"); | |
467 | if (!block->intersectionOfCFAHasVisited) | |
468 | out.print(", CFAUnreachable"); | |
469 | out.print("\n"); | |
470 | switch (m_form) { | |
471 | case LoadStore: | |
472 | case ThreadedCPS: { | |
473 | out.print(" Vars Before: "); | |
474 | if (block->cfaHasVisited) | |
475 | out.print(inContext(block->valuesAtHead, context)); | |
476 | else | |
477 | out.print("<empty>"); | |
478 | out.print("\n"); | |
479 | out.print(" Intersected Vars Before: "); | |
480 | if (block->intersectionOfCFAHasVisited) | |
481 | out.print(inContext(block->intersectionOfPastValuesAtHead, context)); | |
482 | else | |
483 | out.print("<empty>"); | |
484 | out.print("\n"); | |
485 | out.print(" Var Links: ", block->variablesAtHead, "\n"); | |
486 | break; | |
487 | } | |
488 | ||
489 | case SSA: { | |
490 | RELEASE_ASSERT(block->ssa); | |
491 | out.print(" Availability: ", block->ssa->availabilityAtHead, "\n"); | |
492 | out.print(" Live: ", nodeListDump(block->ssa->liveAtHead), "\n"); | |
493 | out.print(" Values: ", nodeMapDump(block->ssa->valuesAtHead, context), "\n"); | |
494 | break; | |
495 | } } | |
496 | for (size_t i = 0; i < block->size(); ++i) { | |
497 | dumpCodeOrigin(out, "", lastNode, block->at(i), context); | |
498 | dump(out, "", block->at(i), context); | |
499 | lastNode = block->at(i); | |
500 | } | |
501 | out.print(" States: ", block->cfaBranchDirection, ", ", block->cfaStructureClobberStateAtTail); | |
502 | if (!block->cfaDidFinish) | |
503 | out.print(", CFAInvalidated"); | |
504 | out.print("\n"); | |
505 | switch (m_form) { | |
506 | case LoadStore: | |
507 | case ThreadedCPS: { | |
508 | out.print(" Vars After: "); | |
509 | if (block->cfaHasVisited) | |
510 | out.print(inContext(block->valuesAtTail, context)); | |
511 | else | |
512 | out.print("<empty>"); | |
513 | out.print("\n"); | |
514 | out.print(" Var Links: ", block->variablesAtTail, "\n"); | |
515 | break; | |
516 | } | |
517 | ||
518 | case SSA: { | |
519 | RELEASE_ASSERT(block->ssa); | |
520 | out.print(" Availability: ", block->ssa->availabilityAtTail, "\n"); | |
521 | out.print(" Live: ", nodeListDump(block->ssa->liveAtTail), "\n"); | |
522 | out.print(" Values: ", nodeMapDump(block->ssa->valuesAtTail, context), "\n"); | |
523 | break; | |
524 | } } | |
525 | out.print("\n"); | |
526 | } | |
527 | ||
528 | out.print("GC Values:\n"); | |
529 | for (FrozenValue* value : m_frozenValues) { | |
530 | if (value->pointsToHeap()) | |
531 | out.print(" ", inContext(*value, &myContext), "\n"); | |
532 | } | |
533 | ||
534 | if (!myContext.isEmpty()) { | |
535 | myContext.dump(out); | |
536 | out.print("\n"); | |
537 | } | |
538 | } | |
539 | ||
540 | void Graph::dethread() | |
541 | { | |
542 | if (m_form == LoadStore || m_form == SSA) | |
543 | return; | |
544 | ||
545 | if (logCompilationChanges()) | |
546 | dataLog("Dethreading DFG graph.\n"); | |
547 | ||
548 | SamplingRegion samplingRegion("DFG Dethreading"); | |
549 | ||
550 | for (BlockIndex blockIndex = m_blocks.size(); blockIndex--;) { | |
551 | BasicBlock* block = m_blocks[blockIndex].get(); | |
552 | if (!block) | |
553 | continue; | |
554 | for (unsigned phiIndex = block->phis.size(); phiIndex--;) { | |
555 | Node* phi = block->phis[phiIndex]; | |
556 | phi->children.reset(); | |
557 | } | |
558 | } | |
559 | ||
560 | m_form = LoadStore; | |
561 | } | |
562 | ||
563 | void Graph::handleSuccessor(Vector<BasicBlock*, 16>& worklist, BasicBlock* block, BasicBlock* successor) | |
564 | { | |
565 | if (!successor->isReachable) { | |
566 | successor->isReachable = true; | |
567 | worklist.append(successor); | |
568 | } | |
569 | ||
570 | successor->predecessors.append(block); | |
571 | } | |
572 | ||
573 | void Graph::determineReachability() | |
574 | { | |
575 | Vector<BasicBlock*, 16> worklist; | |
576 | worklist.append(block(0)); | |
577 | block(0)->isReachable = true; | |
578 | while (!worklist.isEmpty()) { | |
579 | BasicBlock* block = worklist.takeLast(); | |
580 | for (unsigned i = block->numSuccessors(); i--;) | |
581 | handleSuccessor(worklist, block, block->successor(i)); | |
582 | } | |
583 | } | |
584 | ||
585 | void Graph::resetReachability() | |
586 | { | |
587 | for (BlockIndex blockIndex = m_blocks.size(); blockIndex--;) { | |
588 | BasicBlock* block = m_blocks[blockIndex].get(); | |
589 | if (!block) | |
590 | continue; | |
591 | block->isReachable = false; | |
592 | block->predecessors.clear(); | |
593 | } | |
594 | ||
595 | determineReachability(); | |
596 | } | |
597 | ||
598 | namespace { | |
599 | ||
600 | class RefCountCalculator { | |
601 | public: | |
602 | RefCountCalculator(Graph& graph) | |
603 | : m_graph(graph) | |
604 | { | |
605 | } | |
606 | ||
607 | void calculate() | |
608 | { | |
609 | // First reset the counts to 0 for all nodes. | |
610 | for (BlockIndex blockIndex = 0; blockIndex < m_graph.numBlocks(); ++blockIndex) { | |
611 | BasicBlock* block = m_graph.block(blockIndex); | |
612 | if (!block) | |
613 | continue; | |
614 | for (unsigned indexInBlock = block->size(); indexInBlock--;) | |
615 | block->at(indexInBlock)->setRefCount(0); | |
616 | for (unsigned phiIndex = block->phis.size(); phiIndex--;) | |
617 | block->phis[phiIndex]->setRefCount(0); | |
618 | } | |
619 | ||
620 | // Now find the roots: | |
621 | // - Nodes that are must-generate. | |
622 | // - Nodes that are reachable from type checks. | |
623 | // Set their ref counts to 1 and put them on the worklist. | |
624 | for (BlockIndex blockIndex = 0; blockIndex < m_graph.numBlocks(); ++blockIndex) { | |
625 | BasicBlock* block = m_graph.block(blockIndex); | |
626 | if (!block) | |
627 | continue; | |
628 | for (unsigned indexInBlock = block->size(); indexInBlock--;) { | |
629 | Node* node = block->at(indexInBlock); | |
630 | DFG_NODE_DO_TO_CHILDREN(m_graph, node, findTypeCheckRoot); | |
631 | if (!(node->flags() & NodeMustGenerate)) | |
632 | continue; | |
633 | if (!node->postfixRef()) | |
634 | m_worklist.append(node); | |
635 | } | |
636 | } | |
637 | ||
638 | while (!m_worklist.isEmpty()) { | |
639 | while (!m_worklist.isEmpty()) { | |
640 | Node* node = m_worklist.last(); | |
641 | m_worklist.removeLast(); | |
642 | ASSERT(node->shouldGenerate()); // It should not be on the worklist unless it's ref'ed. | |
643 | DFG_NODE_DO_TO_CHILDREN(m_graph, node, countEdge); | |
644 | } | |
645 | ||
646 | if (m_graph.m_form == SSA) { | |
647 | // Find Phi->Upsilon edges, which are represented as meta-data in the | |
648 | // Upsilon. | |
649 | for (BlockIndex blockIndex = m_graph.numBlocks(); blockIndex--;) { | |
650 | BasicBlock* block = m_graph.block(blockIndex); | |
651 | if (!block) | |
652 | continue; | |
653 | for (unsigned nodeIndex = block->size(); nodeIndex--;) { | |
654 | Node* node = block->at(nodeIndex); | |
655 | if (node->op() != Upsilon) | |
656 | continue; | |
657 | if (node->shouldGenerate()) | |
658 | continue; | |
659 | if (node->phi()->shouldGenerate()) | |
660 | countNode(node); | |
661 | } | |
662 | } | |
663 | } | |
664 | } | |
665 | } | |
666 | ||
667 | private: | |
668 | void findTypeCheckRoot(Node*, Edge edge) | |
669 | { | |
670 | // We may have an "unproved" untyped use for code that is unreachable. The CFA | |
671 | // will just not have gotten around to it. | |
672 | if (edge.isProved() || edge.willNotHaveCheck()) | |
673 | return; | |
674 | if (!edge->postfixRef()) | |
675 | m_worklist.append(edge.node()); | |
676 | } | |
677 | ||
678 | void countNode(Node* node) | |
679 | { | |
680 | if (node->postfixRef()) | |
681 | return; | |
682 | m_worklist.append(node); | |
683 | } | |
684 | ||
685 | void countEdge(Node*, Edge edge) | |
686 | { | |
687 | // Don't count edges that are already counted for their type checks. | |
688 | if (!(edge.isProved() || edge.willNotHaveCheck())) | |
689 | return; | |
690 | countNode(edge.node()); | |
691 | } | |
692 | ||
693 | Graph& m_graph; | |
694 | Vector<Node*, 128> m_worklist; | |
695 | }; | |
696 | ||
697 | } // anonymous namespace | |
698 | ||
699 | void Graph::computeRefCounts() | |
700 | { | |
701 | RefCountCalculator calculator(*this); | |
702 | calculator.calculate(); | |
703 | } | |
704 | ||
705 | void Graph::killBlockAndItsContents(BasicBlock* block) | |
706 | { | |
707 | for (unsigned phiIndex = block->phis.size(); phiIndex--;) | |
708 | m_allocator.free(block->phis[phiIndex]); | |
709 | for (unsigned nodeIndex = block->size(); nodeIndex--;) | |
710 | m_allocator.free(block->at(nodeIndex)); | |
711 | ||
712 | killBlock(block); | |
713 | } | |
714 | ||
715 | void Graph::killUnreachableBlocks() | |
716 | { | |
717 | for (BlockIndex blockIndex = 0; blockIndex < numBlocks(); ++blockIndex) { | |
718 | BasicBlock* block = this->block(blockIndex); | |
719 | if (!block) | |
720 | continue; | |
721 | if (block->isReachable) | |
722 | continue; | |
723 | ||
724 | killBlockAndItsContents(block); | |
725 | } | |
726 | } | |
727 | ||
728 | void Graph::invalidateCFG() | |
729 | { | |
730 | m_dominators.invalidate(); | |
731 | m_naturalLoops.invalidate(); | |
732 | m_prePostNumbering.invalidate(); | |
733 | } | |
734 | ||
735 | void Graph::substituteGetLocal(BasicBlock& block, unsigned startIndexInBlock, VariableAccessData* variableAccessData, Node* newGetLocal) | |
736 | { | |
737 | for (unsigned indexInBlock = startIndexInBlock; indexInBlock < block.size(); ++indexInBlock) { | |
738 | Node* node = block[indexInBlock]; | |
739 | bool shouldContinue = true; | |
740 | switch (node->op()) { | |
741 | case SetLocal: { | |
742 | if (node->local() == variableAccessData->local()) | |
743 | shouldContinue = false; | |
744 | break; | |
745 | } | |
746 | ||
747 | case GetLocal: { | |
748 | if (node->variableAccessData() != variableAccessData) | |
749 | continue; | |
750 | substitute(block, indexInBlock, node, newGetLocal); | |
751 | Node* oldTailNode = block.variablesAtTail.operand(variableAccessData->local()); | |
752 | if (oldTailNode == node) | |
753 | block.variablesAtTail.operand(variableAccessData->local()) = newGetLocal; | |
754 | shouldContinue = false; | |
755 | break; | |
756 | } | |
757 | ||
758 | default: | |
759 | break; | |
760 | } | |
761 | if (!shouldContinue) | |
762 | break; | |
763 | } | |
764 | } | |
765 | ||
766 | BlockList Graph::blocksInPreOrder() | |
767 | { | |
768 | BlockList result; | |
769 | BlockWorklist worklist; | |
770 | worklist.push(block(0)); | |
771 | while (BasicBlock* block = worklist.pop()) { | |
772 | result.append(block); | |
773 | for (unsigned i = block->numSuccessors(); i--;) | |
774 | worklist.push(block->successor(i)); | |
775 | } | |
776 | return result; | |
777 | } | |
778 | ||
779 | BlockList Graph::blocksInPostOrder() | |
780 | { | |
781 | BlockList result; | |
782 | PostOrderBlockWorklist worklist; | |
783 | worklist.push(block(0)); | |
784 | while (BlockWithOrder item = worklist.pop()) { | |
785 | switch (item.order) { | |
786 | case PreOrder: | |
787 | worklist.pushPost(item.block); | |
788 | for (unsigned i = item.block->numSuccessors(); i--;) | |
789 | worklist.push(item.block->successor(i)); | |
790 | break; | |
791 | case PostOrder: | |
792 | result.append(item.block); | |
793 | break; | |
794 | } | |
795 | } | |
796 | return result; | |
797 | } | |
798 | ||
799 | void Graph::clearReplacements() | |
800 | { | |
801 | for (BlockIndex blockIndex = numBlocks(); blockIndex--;) { | |
802 | BasicBlock* block = m_blocks[blockIndex].get(); | |
803 | if (!block) | |
804 | continue; | |
805 | for (unsigned phiIndex = block->phis.size(); phiIndex--;) | |
806 | block->phis[phiIndex]->setReplacement(nullptr); | |
807 | for (unsigned nodeIndex = block->size(); nodeIndex--;) | |
808 | block->at(nodeIndex)->setReplacement(nullptr); | |
809 | } | |
810 | } | |
811 | ||
812 | void Graph::clearEpochs() | |
813 | { | |
814 | for (BlockIndex blockIndex = numBlocks(); blockIndex--;) { | |
815 | BasicBlock* block = m_blocks[blockIndex].get(); | |
816 | if (!block) | |
817 | continue; | |
818 | for (unsigned phiIndex = block->phis.size(); phiIndex--;) | |
819 | block->phis[phiIndex]->setEpoch(Epoch()); | |
820 | for (unsigned nodeIndex = block->size(); nodeIndex--;) | |
821 | block->at(nodeIndex)->setEpoch(Epoch()); | |
822 | } | |
823 | } | |
824 | ||
825 | void Graph::initializeNodeOwners() | |
826 | { | |
827 | for (BlockIndex blockIndex = numBlocks(); blockIndex--;) { | |
828 | BasicBlock* block = m_blocks[blockIndex].get(); | |
829 | if (!block) | |
830 | continue; | |
831 | for (unsigned phiIndex = block->phis.size(); phiIndex--;) | |
832 | block->phis[phiIndex]->owner = block; | |
833 | for (unsigned nodeIndex = block->size(); nodeIndex--;) | |
834 | block->at(nodeIndex)->owner = block; | |
835 | } | |
836 | } | |
837 | ||
838 | void Graph::clearFlagsOnAllNodes(NodeFlags flags) | |
839 | { | |
840 | for (BlockIndex blockIndex = numBlocks(); blockIndex--;) { | |
841 | BasicBlock* block = m_blocks[blockIndex].get(); | |
842 | if (!block) | |
843 | continue; | |
844 | for (unsigned phiIndex = block->phis.size(); phiIndex--;) | |
845 | block->phis[phiIndex]->clearFlags(flags); | |
846 | for (unsigned nodeIndex = block->size(); nodeIndex--;) | |
847 | block->at(nodeIndex)->clearFlags(flags); | |
848 | } | |
849 | } | |
850 | ||
851 | FullBytecodeLiveness& Graph::livenessFor(CodeBlock* codeBlock) | |
852 | { | |
853 | HashMap<CodeBlock*, std::unique_ptr<FullBytecodeLiveness>>::iterator iter = m_bytecodeLiveness.find(codeBlock); | |
854 | if (iter != m_bytecodeLiveness.end()) | |
855 | return *iter->value; | |
856 | ||
857 | std::unique_ptr<FullBytecodeLiveness> liveness = std::make_unique<FullBytecodeLiveness>(); | |
858 | codeBlock->livenessAnalysis().computeFullLiveness(*liveness); | |
859 | FullBytecodeLiveness& result = *liveness; | |
860 | m_bytecodeLiveness.add(codeBlock, WTF::move(liveness)); | |
861 | return result; | |
862 | } | |
863 | ||
864 | FullBytecodeLiveness& Graph::livenessFor(InlineCallFrame* inlineCallFrame) | |
865 | { | |
866 | return livenessFor(baselineCodeBlockFor(inlineCallFrame)); | |
867 | } | |
868 | ||
869 | BytecodeKills& Graph::killsFor(CodeBlock* codeBlock) | |
870 | { | |
871 | HashMap<CodeBlock*, std::unique_ptr<BytecodeKills>>::iterator iter = m_bytecodeKills.find(codeBlock); | |
872 | if (iter != m_bytecodeKills.end()) | |
873 | return *iter->value; | |
874 | ||
875 | std::unique_ptr<BytecodeKills> kills = std::make_unique<BytecodeKills>(); | |
876 | codeBlock->livenessAnalysis().computeKills(*kills); | |
877 | BytecodeKills& result = *kills; | |
878 | m_bytecodeKills.add(codeBlock, WTF::move(kills)); | |
879 | return result; | |
880 | } | |
881 | ||
882 | BytecodeKills& Graph::killsFor(InlineCallFrame* inlineCallFrame) | |
883 | { | |
884 | return killsFor(baselineCodeBlockFor(inlineCallFrame)); | |
885 | } | |
886 | ||
887 | bool Graph::isLiveInBytecode(VirtualRegister operand, CodeOrigin codeOrigin) | |
888 | { | |
889 | for (;;) { | |
890 | VirtualRegister reg = VirtualRegister( | |
891 | operand.offset() - codeOrigin.stackOffset()); | |
892 | ||
893 | if (operand.offset() < codeOrigin.stackOffset() + JSStack::CallFrameHeaderSize) { | |
894 | if (reg.isArgument()) { | |
895 | RELEASE_ASSERT(reg.offset() < JSStack::CallFrameHeaderSize); | |
896 | ||
897 | if (codeOrigin.inlineCallFrame->isClosureCall | |
898 | && reg.offset() == JSStack::Callee) | |
899 | return true; | |
900 | ||
901 | if (codeOrigin.inlineCallFrame->isVarargs() | |
902 | && reg.offset() == JSStack::ArgumentCount) | |
903 | return true; | |
904 | ||
905 | return false; | |
906 | } | |
907 | ||
908 | return livenessFor(codeOrigin.inlineCallFrame).operandIsLive( | |
909 | reg.offset(), codeOrigin.bytecodeIndex); | |
910 | } | |
911 | ||
912 | InlineCallFrame* inlineCallFrame = codeOrigin.inlineCallFrame; | |
913 | if (!inlineCallFrame) | |
914 | break; | |
915 | ||
916 | // Arguments are always live. This would be redundant if it wasn't for our | |
917 | // op_call_varargs inlining. | |
918 | if (reg.isArgument() | |
919 | && static_cast<size_t>(reg.toArgument()) < inlineCallFrame->arguments.size()) | |
920 | return true; | |
921 | ||
922 | codeOrigin = inlineCallFrame->caller; | |
923 | } | |
924 | ||
925 | return true; | |
926 | } | |
927 | ||
928 | BitVector Graph::localsLiveInBytecode(CodeOrigin codeOrigin) | |
929 | { | |
930 | BitVector result; | |
931 | result.ensureSize(block(0)->variablesAtHead.numberOfLocals()); | |
932 | forAllLocalsLiveInBytecode( | |
933 | codeOrigin, | |
934 | [&] (VirtualRegister reg) { | |
935 | ASSERT(reg.isLocal()); | |
936 | result.quickSet(reg.toLocal()); | |
937 | }); | |
938 | return result; | |
939 | } | |
940 | ||
941 | unsigned Graph::frameRegisterCount() | |
942 | { | |
943 | unsigned result = m_nextMachineLocal + std::max(m_parameterSlots, static_cast<unsigned>(maxFrameExtentForSlowPathCallInRegisters)); | |
944 | return roundLocalRegisterCountForFramePointerOffset(result); | |
945 | } | |
946 | ||
947 | unsigned Graph::stackPointerOffset() | |
948 | { | |
949 | return virtualRegisterForLocal(frameRegisterCount() - 1).offset(); | |
950 | } | |
951 | ||
952 | unsigned Graph::requiredRegisterCountForExit() | |
953 | { | |
954 | unsigned count = JIT::frameRegisterCountFor(m_profiledBlock); | |
955 | for (InlineCallFrameSet::iterator iter = m_plan.inlineCallFrames->begin(); !!iter; ++iter) { | |
956 | InlineCallFrame* inlineCallFrame = *iter; | |
957 | CodeBlock* codeBlock = baselineCodeBlockForInlineCallFrame(inlineCallFrame); | |
958 | unsigned requiredCount = VirtualRegister(inlineCallFrame->stackOffset).toLocal() + 1 + JIT::frameRegisterCountFor(codeBlock); | |
959 | count = std::max(count, requiredCount); | |
960 | } | |
961 | return count; | |
962 | } | |
963 | ||
964 | unsigned Graph::requiredRegisterCountForExecutionAndExit() | |
965 | { | |
966 | return std::max(frameRegisterCount(), requiredRegisterCountForExit()); | |
967 | } | |
968 | ||
969 | JSValue Graph::tryGetConstantProperty( | |
970 | JSValue base, const StructureSet& structureSet, PropertyOffset offset) | |
971 | { | |
972 | if (!base || !base.isObject()) | |
973 | return JSValue(); | |
974 | ||
975 | JSObject* object = asObject(base); | |
976 | ||
977 | for (unsigned i = structureSet.size(); i--;) { | |
978 | Structure* structure = structureSet[i]; | |
979 | WatchpointSet* set = structure->propertyReplacementWatchpointSet(offset); | |
980 | if (!set || !set->isStillValid()) | |
981 | return JSValue(); | |
982 | ||
983 | ASSERT(structure->isValidOffset(offset)); | |
984 | ASSERT(!structure->isUncacheableDictionary()); | |
985 | ||
986 | watchpoints().addLazily(set); | |
987 | } | |
988 | ||
989 | // What follows may require some extra thought. We need this load to load a valid JSValue. If | |
990 | // our profiling makes sense and we're still on track to generate code that won't be | |
991 | // invalidated, then we have nothing to worry about. We do, however, have to worry about | |
992 | // loading - and then using - an invalid JSValue in the case that unbeknownst to us our code | |
993 | // is doomed. | |
994 | // | |
995 | // One argument in favor of this code is that it should definitely work because the butterfly | |
996 | // is always set before the structure. However, we don't currently have a fence between those | |
997 | // stores. It's not clear if this matters, however. We don't ever shrink the property storage. | |
998 | // So, for this to fail, you'd need an access on a constant object pointer such that the inline | |
999 | // caches told us that the object had a structure that it did not *yet* have, and then later, | |
1000 | // the object transitioned to that structure that the inline caches had alraedy seen. And then | |
1001 | // the processor reordered the stores. Seems unlikely and difficult to test. I believe that | |
1002 | // this is worth revisiting but it isn't worth losing sleep over. Filed: | |
1003 | // https://bugs.webkit.org/show_bug.cgi?id=134641 | |
1004 | // | |
1005 | // For now, we just do the minimal thing: defend against the structure right now being | |
1006 | // incompatible with the getDirect we're trying to do. The easiest way to do that is to | |
1007 | // determine if the structure belongs to the proven set. | |
1008 | ||
1009 | if (!structureSet.contains(object->structure())) | |
1010 | return JSValue(); | |
1011 | ||
1012 | return object->getDirect(offset); | |
1013 | } | |
1014 | ||
1015 | JSValue Graph::tryGetConstantProperty(JSValue base, Structure* structure, PropertyOffset offset) | |
1016 | { | |
1017 | return tryGetConstantProperty(base, StructureSet(structure), offset); | |
1018 | } | |
1019 | ||
1020 | JSValue Graph::tryGetConstantProperty( | |
1021 | JSValue base, const StructureAbstractValue& structure, PropertyOffset offset) | |
1022 | { | |
1023 | if (structure.isTop() || structure.isClobbered()) | |
1024 | return JSValue(); | |
1025 | ||
1026 | return tryGetConstantProperty(base, structure.set(), offset); | |
1027 | } | |
1028 | ||
1029 | JSValue Graph::tryGetConstantProperty(const AbstractValue& base, PropertyOffset offset) | |
1030 | { | |
1031 | return tryGetConstantProperty(base.m_value, base.m_structure, offset); | |
1032 | } | |
1033 | ||
1034 | JSValue Graph::tryGetConstantClosureVar(JSValue base, ScopeOffset offset) | |
1035 | { | |
1036 | // This has an awesome concurrency story. See comment for GetGlobalVar in ByteCodeParser. | |
1037 | ||
1038 | if (!base) | |
1039 | return JSValue(); | |
1040 | ||
1041 | JSLexicalEnvironment* activation = jsDynamicCast<JSLexicalEnvironment*>(base); | |
1042 | if (!activation) | |
1043 | return JSValue(); | |
1044 | ||
1045 | SymbolTable* symbolTable = activation->symbolTable(); | |
1046 | JSValue value; | |
1047 | WatchpointSet* set; | |
1048 | { | |
1049 | ConcurrentJITLocker locker(symbolTable->m_lock); | |
1050 | ||
1051 | SymbolTableEntry* entry = symbolTable->entryFor(locker, offset); | |
1052 | if (!entry) | |
1053 | return JSValue(); | |
1054 | ||
1055 | set = entry->watchpointSet(); | |
1056 | if (!set) | |
1057 | return JSValue(); | |
1058 | ||
1059 | if (set->state() != IsWatched) | |
1060 | return JSValue(); | |
1061 | ||
1062 | ASSERT(entry->scopeOffset() == offset); | |
1063 | value = activation->variableAt(offset).get(); | |
1064 | if (!value) | |
1065 | return JSValue(); | |
1066 | } | |
1067 | ||
1068 | watchpoints().addLazily(set); | |
1069 | ||
1070 | return value; | |
1071 | } | |
1072 | ||
1073 | JSValue Graph::tryGetConstantClosureVar(const AbstractValue& value, ScopeOffset offset) | |
1074 | { | |
1075 | return tryGetConstantClosureVar(value.m_value, offset); | |
1076 | } | |
1077 | ||
1078 | JSValue Graph::tryGetConstantClosureVar(Node* node, ScopeOffset offset) | |
1079 | { | |
1080 | if (!node->hasConstant()) | |
1081 | return JSValue(); | |
1082 | return tryGetConstantClosureVar(node->asJSValue(), offset); | |
1083 | } | |
1084 | ||
1085 | JSArrayBufferView* Graph::tryGetFoldableView(JSValue value) | |
1086 | { | |
1087 | if (!value) | |
1088 | return nullptr; | |
1089 | JSArrayBufferView* view = jsDynamicCast<JSArrayBufferView*>(value); | |
1090 | if (!value) | |
1091 | return nullptr; | |
1092 | if (!view->length()) | |
1093 | return nullptr; | |
1094 | WTF::loadLoadFence(); | |
1095 | watchpoints().addLazily(view); | |
1096 | return view; | |
1097 | } | |
1098 | ||
1099 | JSArrayBufferView* Graph::tryGetFoldableView(JSValue value, ArrayMode arrayMode) | |
1100 | { | |
1101 | if (arrayMode.typedArrayType() == NotTypedArray) | |
1102 | return nullptr; | |
1103 | return tryGetFoldableView(value); | |
1104 | } | |
1105 | ||
1106 | void Graph::registerFrozenValues() | |
1107 | { | |
1108 | m_codeBlock->constants().resize(0); | |
1109 | m_codeBlock->constantsSourceCodeRepresentation().resize(0); | |
1110 | for (FrozenValue* value : m_frozenValues) { | |
1111 | if (!value->pointsToHeap()) | |
1112 | continue; | |
1113 | ||
1114 | ASSERT(value->structure()); | |
1115 | ASSERT(m_plan.weakReferences.contains(value->structure())); | |
1116 | ||
1117 | switch (value->strength()) { | |
1118 | case WeakValue: { | |
1119 | m_plan.weakReferences.addLazily(value->value().asCell()); | |
1120 | break; | |
1121 | } | |
1122 | case StrongValue: { | |
1123 | unsigned constantIndex = m_codeBlock->addConstantLazily(); | |
1124 | initializeLazyWriteBarrierForConstant( | |
1125 | m_plan.writeBarriers, | |
1126 | m_codeBlock->constants()[constantIndex], | |
1127 | m_codeBlock, | |
1128 | constantIndex, | |
1129 | m_codeBlock->ownerExecutable(), | |
1130 | value->value()); | |
1131 | break; | |
1132 | } } | |
1133 | } | |
1134 | m_codeBlock->constants().shrinkToFit(); | |
1135 | m_codeBlock->constantsSourceCodeRepresentation().shrinkToFit(); | |
1136 | } | |
1137 | ||
1138 | void Graph::visitChildren(SlotVisitor& visitor) | |
1139 | { | |
1140 | for (FrozenValue* value : m_frozenValues) { | |
1141 | visitor.appendUnbarrieredReadOnlyValue(value->value()); | |
1142 | visitor.appendUnbarrieredReadOnlyPointer(value->structure()); | |
1143 | } | |
1144 | ||
1145 | for (BlockIndex blockIndex = numBlocks(); blockIndex--;) { | |
1146 | BasicBlock* block = this->block(blockIndex); | |
1147 | if (!block) | |
1148 | continue; | |
1149 | ||
1150 | for (unsigned nodeIndex = 0; nodeIndex < block->size(); ++nodeIndex) { | |
1151 | Node* node = block->at(nodeIndex); | |
1152 | ||
1153 | switch (node->op()) { | |
1154 | case CheckStructure: | |
1155 | for (unsigned i = node->structureSet().size(); i--;) | |
1156 | visitor.appendUnbarrieredReadOnlyPointer(node->structureSet()[i]); | |
1157 | break; | |
1158 | ||
1159 | case NewObject: | |
1160 | case ArrayifyToStructure: | |
1161 | case NewStringObject: | |
1162 | visitor.appendUnbarrieredReadOnlyPointer(node->structure()); | |
1163 | break; | |
1164 | ||
1165 | case PutStructure: | |
1166 | case AllocatePropertyStorage: | |
1167 | case ReallocatePropertyStorage: | |
1168 | visitor.appendUnbarrieredReadOnlyPointer( | |
1169 | node->transition()->previous); | |
1170 | visitor.appendUnbarrieredReadOnlyPointer( | |
1171 | node->transition()->next); | |
1172 | break; | |
1173 | ||
1174 | case MultiGetByOffset: | |
1175 | for (unsigned i = node->multiGetByOffsetData().variants.size(); i--;) { | |
1176 | GetByIdVariant& variant = node->multiGetByOffsetData().variants[i]; | |
1177 | const StructureSet& set = variant.structureSet(); | |
1178 | for (unsigned j = set.size(); j--;) | |
1179 | visitor.appendUnbarrieredReadOnlyPointer(set[j]); | |
1180 | ||
1181 | // Don't need to mark anything in the structure chain because that would | |
1182 | // have been decomposed into CheckStructure's. Don't need to mark the | |
1183 | // callLinkStatus because we wouldn't use MultiGetByOffset if any of the | |
1184 | // variants did that. | |
1185 | ASSERT(!variant.callLinkStatus()); | |
1186 | } | |
1187 | break; | |
1188 | ||
1189 | case MultiPutByOffset: | |
1190 | for (unsigned i = node->multiPutByOffsetData().variants.size(); i--;) { | |
1191 | PutByIdVariant& variant = node->multiPutByOffsetData().variants[i]; | |
1192 | const StructureSet& set = variant.oldStructure(); | |
1193 | for (unsigned j = set.size(); j--;) | |
1194 | visitor.appendUnbarrieredReadOnlyPointer(set[j]); | |
1195 | if (variant.kind() == PutByIdVariant::Transition) | |
1196 | visitor.appendUnbarrieredReadOnlyPointer(variant.newStructure()); | |
1197 | } | |
1198 | break; | |
1199 | ||
1200 | default: | |
1201 | break; | |
1202 | } | |
1203 | } | |
1204 | } | |
1205 | } | |
1206 | ||
1207 | FrozenValue* Graph::freeze(JSValue value) | |
1208 | { | |
1209 | if (UNLIKELY(!value)) | |
1210 | return FrozenValue::emptySingleton(); | |
1211 | ||
1212 | auto result = m_frozenValueMap.add(JSValue::encode(value), nullptr); | |
1213 | if (LIKELY(!result.isNewEntry)) | |
1214 | return result.iterator->value; | |
1215 | ||
1216 | if (value.isUInt32()) | |
1217 | m_uint32ValuesInUse.append(value.asUInt32()); | |
1218 | ||
1219 | FrozenValue frozenValue = FrozenValue::freeze(value); | |
1220 | if (Structure* structure = frozenValue.structure()) | |
1221 | registerStructure(structure); | |
1222 | ||
1223 | return result.iterator->value = m_frozenValues.add(frozenValue); | |
1224 | } | |
1225 | ||
1226 | FrozenValue* Graph::freezeStrong(JSValue value) | |
1227 | { | |
1228 | FrozenValue* result = freeze(value); | |
1229 | result->strengthenTo(StrongValue); | |
1230 | return result; | |
1231 | } | |
1232 | ||
1233 | void Graph::convertToConstant(Node* node, FrozenValue* value) | |
1234 | { | |
1235 | if (value->structure()) | |
1236 | assertIsRegistered(value->structure()); | |
1237 | node->convertToConstant(value); | |
1238 | } | |
1239 | ||
1240 | void Graph::convertToConstant(Node* node, JSValue value) | |
1241 | { | |
1242 | convertToConstant(node, freeze(value)); | |
1243 | } | |
1244 | ||
1245 | void Graph::convertToStrongConstant(Node* node, JSValue value) | |
1246 | { | |
1247 | convertToConstant(node, freezeStrong(value)); | |
1248 | } | |
1249 | ||
1250 | StructureRegistrationResult Graph::registerStructure(Structure* structure) | |
1251 | { | |
1252 | m_plan.weakReferences.addLazily(structure); | |
1253 | if (m_plan.watchpoints.consider(structure)) | |
1254 | return StructureRegisteredAndWatched; | |
1255 | return StructureRegisteredNormally; | |
1256 | } | |
1257 | ||
1258 | void Graph::assertIsRegistered(Structure* structure) | |
1259 | { | |
1260 | // It's convenient to be able to call this with a maybe-null structure. | |
1261 | if (!structure) | |
1262 | return; | |
1263 | ||
1264 | if (m_structureRegistrationState == HaveNotStartedRegistering) | |
1265 | return; | |
1266 | ||
1267 | DFG_ASSERT(*this, nullptr, m_plan.weakReferences.contains(structure)); | |
1268 | ||
1269 | if (!structure->dfgShouldWatch()) | |
1270 | return; | |
1271 | if (watchpoints().isWatched(structure->transitionWatchpointSet())) | |
1272 | return; | |
1273 | ||
1274 | DFG_CRASH(*this, nullptr, toCString("Structure ", pointerDump(structure), " is watchable but isn't being watched.").data()); | |
1275 | } | |
1276 | ||
1277 | NO_RETURN_DUE_TO_CRASH static void crash( | |
1278 | Graph& graph, const CString& whileText, const char* file, int line, const char* function, | |
1279 | const char* assertion) | |
1280 | { | |
1281 | startCrashing(); | |
1282 | dataLog("DFG ASSERTION FAILED: ", assertion, "\n"); | |
1283 | dataLog(file, "(", line, ") : ", function, "\n"); | |
1284 | dataLog("\n"); | |
1285 | dataLog(whileText); | |
1286 | dataLog("Graph at time of failure:\n"); | |
1287 | graph.dump(); | |
1288 | dataLog("\n"); | |
1289 | dataLog("DFG ASSERTION FAILED: ", assertion, "\n"); | |
1290 | dataLog(file, "(", line, ") : ", function, "\n"); | |
1291 | CRASH_WITH_SECURITY_IMPLICATION(); | |
1292 | } | |
1293 | ||
1294 | void Graph::handleAssertionFailure( | |
1295 | std::nullptr_t, const char* file, int line, const char* function, const char* assertion) | |
1296 | { | |
1297 | crash(*this, "", file, line, function, assertion); | |
1298 | } | |
1299 | ||
1300 | void Graph::handleAssertionFailure( | |
1301 | Node* node, const char* file, int line, const char* function, const char* assertion) | |
1302 | { | |
1303 | crash(*this, toCString("While handling node ", node, "\n\n"), file, line, function, assertion); | |
1304 | } | |
1305 | ||
1306 | void Graph::handleAssertionFailure( | |
1307 | BasicBlock* block, const char* file, int line, const char* function, const char* assertion) | |
1308 | { | |
1309 | crash(*this, toCString("While handling block ", pointerDump(block), "\n\n"), file, line, function, assertion); | |
1310 | } | |
1311 | ||
1312 | ValueProfile* Graph::valueProfileFor(Node* node) | |
1313 | { | |
1314 | if (!node) | |
1315 | return nullptr; | |
1316 | ||
1317 | CodeBlock* profiledBlock = baselineCodeBlockFor(node->origin.semantic); | |
1318 | ||
1319 | if (node->hasLocal(*this)) { | |
1320 | if (!node->local().isArgument()) | |
1321 | return nullptr; | |
1322 | int argument = node->local().toArgument(); | |
1323 | Node* argumentNode = m_arguments[argument]; | |
1324 | if (!argumentNode) | |
1325 | return nullptr; | |
1326 | if (node->variableAccessData() != argumentNode->variableAccessData()) | |
1327 | return nullptr; | |
1328 | return profiledBlock->valueProfileForArgument(argument); | |
1329 | } | |
1330 | ||
1331 | if (node->hasHeapPrediction()) | |
1332 | return profiledBlock->valueProfileForBytecodeOffset(node->origin.semantic.bytecodeIndex); | |
1333 | ||
1334 | return nullptr; | |
1335 | } | |
1336 | ||
1337 | MethodOfGettingAValueProfile Graph::methodOfGettingAValueProfileFor(Node* node) | |
1338 | { | |
1339 | if (!node) | |
1340 | return MethodOfGettingAValueProfile(); | |
1341 | ||
1342 | if (ValueProfile* valueProfile = valueProfileFor(node)) | |
1343 | return MethodOfGettingAValueProfile(valueProfile); | |
1344 | ||
1345 | if (node->op() == GetLocal) { | |
1346 | CodeBlock* profiledBlock = baselineCodeBlockFor(node->origin.semantic); | |
1347 | ||
1348 | return MethodOfGettingAValueProfile::fromLazyOperand( | |
1349 | profiledBlock, | |
1350 | LazyOperandValueProfileKey( | |
1351 | node->origin.semantic.bytecodeIndex, node->local())); | |
1352 | } | |
1353 | ||
1354 | return MethodOfGettingAValueProfile(); | |
1355 | } | |
1356 | ||
1357 | } } // namespace JSC::DFG | |
1358 | ||
1359 | #endif // ENABLE(DFG_JIT) |